HomeMalware & ThreatsFortra GoAnywhere MFT – Vulnerability Allows Unauthenticated Remote Code Execution

Fortra GoAnywhere MFT – Vulnerability Allows Unauthenticated Remote Code Execution

Published on

spot_img

A vulnerability within the Fortra GoAnywhere MFT has been discovered, allowing an unauthenticated attacker to create a new administrator account and potentially execute remote code. Specifically, this vulnerability affects GoAnywhere MFT versions 6.x from 6.0.1, as well as 7.x before 7.4.1. Exploiting this vulnerability would enable an attacker to upload a JSP payload and subsequently achieve remote code execution.

The Metasploit module has been crafted to exploit this vulnerability. The module itself is incredibly versatile, featuring various functionalities such as an automatic check and an auxiliary report that observes the stability, reliability, and side effects of the exploit.

Upon initialization, the module uses a series of targets and options to determine the best approach for exploitation. It checks for the presence of the unauthenticated REST API endpoint and extracts the version number to confirm the presence of the vulnerability. Upon successful confirmation, the module is capable of creating a new administrator account and storing the required credentials.

Additionally, the module effectively targets the appropriate operating system and product installation directory, making use of the about.xhtml page to gather essential information required for the exploit. The presence of a JSP payload is crucial in this process, as the module is designed to upload this payload to a specific directory within the target system. The exploit also automatically creates and stores the JSP payload, ensuring that it is deleted after generating a session.

Although the automatic targeting and payload upload processes are carefully handled by the module, it is important to note that it is not feasible to delete the user account created as a part of the exploit. This limitation is due to restrictions within the web interface or REST API.

Furthermore, the module provides functionalities to manage and store credentials, logging pertinent information and encrypting data to ensure secure storage. This helps in maintaining a record of the exploitation activities and their outcomes, adding a layer of accountability and traceability within the exploit environment.

Overall, the Metasploit module for the Fortra GoAnywhere MFT Unauthenticated Remote Code Execution vulnerability is a comprehensive and sophisticated tool for identifying, exploiting, and managing the intricacies of this security flaw. It provides convenience and a high degree of automation, making it an effective solution for security professionals in detecting and addressing vulnerabilities within the GoAnywhere MFT software.

Source link

Latest articles

We belong: Q&A with Miriam Saffer – Creative, pragmatic, and resilient.

MIriam Saffer: about being judged or not believed. If an employee trusts you enough...

The Resounding Boom of Cybersecurity: Understanding the Ever-Expanding Industry

The cybersecurity industry is currently experiencing unprecedented growth and innovation due to a variety...

DVIDS News: AvengerCon VIII – Army Cyber’s Homegrown Hacker Con Makes a Comeback

of the big things we missed was being able to share our experiences among...

Troutman Pepper Establishes Incidents and Investigations Team

Troutman Pepper, a prominent law firm based in Orange County, Calif., and Richmond, Va.,...

More like this

We belong: Q&A with Miriam Saffer – Creative, pragmatic, and resilient.

MIriam Saffer: about being judged or not believed. If an employee trusts you enough...

The Resounding Boom of Cybersecurity: Understanding the Ever-Expanding Industry

The cybersecurity industry is currently experiencing unprecedented growth and innovation due to a variety...

DVIDS News: AvengerCon VIII – Army Cyber’s Homegrown Hacker Con Makes a Comeback

of the big things we missed was being able to share our experiences among...
en_USEnglish