Skip to content

BMC Bladelogic RSCD exploits including remote code execution - CVE-2016-1542, CVE-2016-1543, CVE-2016-5063

Notifications You must be signed in to change notification settings

bao7uo/bmc_bladelogic

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BMC Bladelogic RSCD remote exploits for Linux and Windows

Change passwords, List users and Remote code execution

Exploiting vulnerabilities in BMC BladeLogic RSCD agent

  • CVE-2016-1542 (BMC-2015-0010)
  • CVE-2016-1543 (BMC-2015-0011)
  • CVE-2016-5063

Published on exploit-db

BMC_rexec.py Overview

This method of remote execution was achieved by doing my own research - it is performed using XMLRPC and has only been tested against Windows. The script will hang, but the command should execute.

rexec poc

Nick Bloor has a much better execution exploit using a different technique:

BMC_winUsers.py Overview

After some research I was able to pull Windows users from the Windows BMC agent over XML RPC, so I adapted the getUsers file from ernw/insinuator to make a Windows version (see the following screenshot). I also modified the ernw/insinuator version to make it a dual platform exploit.

winUsers poc

Credits

My exploits are adapted from https://github.com/ernw/insinuator-snippets/tree/master/bmc_bladelogic

Thanks to Nick Bloor for AWS image for testing.

Vendor links

About

BMC Bladelogic RSCD exploits including remote code execution - CVE-2016-1542, CVE-2016-1543, CVE-2016-5063

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages