HP Data Protector Encrypted Communication Remote Command Execution
Posted by deepcore on June 7, 2016 – 9:07 pm
This Metasploit module exploits a well known remote code execution exploit after establishing encrypted control communications with a Data Protector agent. This allows exploitation of Data Protector agents that have been configured to only use encrypted control communications. This exploit works by executing the payload with Microsoft PowerShell so will only work against Windows Vista or newer. Tested against Data Protector 9.0 installed on Windows Server 2008 R2.
Post a reply
You must be logged in to post a comment.