Kevin
PG Practice Kevin writeup
Nmap
Default page for Port 80 at: http://192.168.214.45/index.asp Takes us to a login screen for HP Power Manager. A quick Google search reveals the default credentials are admin:admin
.
After logging in moving over to the help tab reveals version information.
Searchsploit
reveals HP Power Manager is vulnerable to a remote buffer overflow given CVE-2009-3999.
Description:
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long file Name parameter.
The following MSF module was used: exploit/windows/http/hp_power_manager_filename
.
Last updated