Join GitHub today
Enter the OfficeScan activation code (AC) and click Next. Cluster storage disk Trend Micro OfficeScan AuthCertBAckup, then enter the password that you set on Node 1. Afterwards, click Next. Click Next and process the OfficeScan installation on Node 2. After receiving the code, continue with the installation process. See Product Activation Screen. To log on to your Trend Micro licensing management account, go to If you need a Registration Key, contact a Trend Micro sales representative. See Contacting Trend Micro.
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upHave a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Rufus reid evolving bassist ebook readers. By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Trend Micro Officescan Activation Code Download
commented Oct 8, 2017 • edited by h00die
edited by h00die
This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. Verification
Scenarios |
The committer email address is not verified.
commented Oct 8, 2017
Nice work! But I also bypassed the auth too! It’s just that ZDI ‘couldn’t repro’. |
commented Oct 9, 2017
Hi! Does the error {'response':'ERR','errcode':108,'timestamp':1507535648,'message':'Invalid http header token'} mean the server is patched ? Thanks. |
commented Oct 9, 2017
That make sense tho. I've done my homework before releasing the article tbh :-) I've diff'ed the source code between latest version and vulnerable version. I realised that command injection is fixed but authentication bypass still exist. Since none of the ZDI advisory didn't mention it, I've claimed that I've found it. I thank you for your awesome work @stevenseeley |
documentation/modules/exploit/windows/http/trend_micro_officescan_widget_exec.md Outdated
##Scenarios |
``` |
msf > use exploit/windows/http/trendmicro_officescan_exec |
Oct 9, 2017
Going to change it to
trendmicro_officescan_widget_exec
. I'm just waiting a full review so I can fix them with a single commit.Oct 9, 2017
Yeah I didn't report it because I wouldn't get paid. It's how it goes sometimes.
Oct 9, 2017
reviewed Oct 9, 2017
documentation/modules/exploit/windows/http/trend_micro_officescan_widget_exec.md Outdated
This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. |
Trend Micro Officescan product have widget feature which is implemented with PHP. Talker.php takes ack and hash parameter but don't validate these values, which leads to an authentication bypass for widget. Proxy.php files under the mod TMCSS folder takes multiple parameter but the process does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the web server user. |
Oct 9, 2017
The Trend Micro OfficeScan product has a widget feature which is implemented with PHP. Talker.php takes ack and hash parameters but doesn't validate these values, which leads to an authentication bypass for the widget. Proxy.php files under the mod TMCSS folder take multiple parameters but the process does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the web server user.
documentation/modules/exploit/windows/http/trend_micro_officescan_widget_exec.md Outdated
If you don't see an affected version of OfficeScan, you can try to download it directly from following URL. |
[ftp://download.trendmicro.com/products/officescan/XG/osce_xg_win_en_gm_b1315.exe](ftp://download.trendmicro.com/products/officescan/XG/osce_xg_win_en_gm_b1315.exe) |
Oct 9, 2017
or [http](http://files.trendmicro.com/products/officescan/XG/osce_xg_win_en_gm_b1315.exe)
modules/exploits/windows/http/trendmicro_officescan_widget_exec.rb Outdated
This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a |
terminal command under the context of the web server user. |
The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Micro Officescan product |
Oct 9, 2017
commented Oct 9, 2017
looks like you need a valid activation code for this product to install it. |
commented Oct 9, 2017 • edited
edited
@h00die You can get it through free trial submission. Or just use this OS-8Y6M-XYUDV-6S4ZK-Q2Z77-LH2UR-RCC7G . |
commented Oct 9, 2017
trying imsva then i'll circle back |
commented Oct 9, 2017 • edited
edited
Please stop review till new commit. I've got lead on @ThePirateWhoSmellsOfSunflowers 's question. There is two major version of OfficeScan ( 11 and XG ). This module has been implemented for only XG which is newer version. There is slightly difference between these versions. I'm about the finishing the work. We will have a single module that exploits both of them. |
The committer email address is not verified.
commented Oct 9, 2017
Okay, I've made a lot of changes. I try my best to make it clear on comments in the source code @h00die . You may need to test the module agains OfficeScan 11 as well. Here is the download link.ftp://download.trendmicro.com/products/officescan/OSCE11_1028_GM.exe You can use exactly same activation code . Here is the output of the module. I've done my test against both versions. Results for OfficeScan XG Results for OfficeScan 11 |
commented Oct 9, 2017
i'll get to this today. Want to add ftp://download.trendmicro.com/products/officescan/OSCE11_1028_GM.exe to the downloads list? |
Trend Micro Office Scan Password
commented Oct 9, 2017
I think it's unnecessary, they are showing only XG version on their download webpage. I've just found the older version on their ftp server. |
self-assigned this Oct 9, 2017
commented Oct 10, 2017
XG working. |
commented Oct 10, 2017
11 also working. |
merged commit c14c93d
into rapid7:masterOct 10, 2017
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details added a commit that referenced this pull request Oct 10, 2017
This commit was signed with a verified signature.
GPG key ID: C5A9D25D1457C971Learn about signing commits
commented Oct 10, 2017
Had one minor edit (file rename and added a L3 heading): b796c0b#diff-827d139b3afe7983b0907975f6241456 |
commented Oct 10, 2017
This PR adds an unauthenticated RCE for Trend Micro OfficeScan XG and 11 combining two different vulnerabilities (auth bypass, RCE) to achieve the shell. |
commented Oct 10, 2017
excellent work @mmetince thanks for getting it all tackled in short time! |
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.
FTP Rush 2.1.8
FTP Rush is a free comprehensive FTP client for smooth file transfer. The program offers fully-fledged functionality delivered in a user-friendly interface and allows experienced users to create..
FTP Rush is a free comprehensive FTP client for smooth file transfer. The program offers fully-fledged functionality delivered in a user-friendly interface and allows experienced users to create..
Crypt4Free 5.47
Crypt4Free is files encryption software with ability to encrypt files and text messages. Support for ZIP files and ability to secure delete sensitive files. Skinnable user friendly interface.
Crypt4Free is files encryption software with ability to encrypt files and text messages. Support for ZIP files and ability to secure delete sensitive files. Skinnable user friendly interface.
Luxand Blink! 2.0
Login to your PC without touching a thing! Luxand Blink! is a free tool to let you log in to your Windows account by simply looking into a webcam - no passwords to type and no fingers to scan.
Login to your PC without touching a thing! Luxand Blink! is a free tool to let you log in to your Windows account by simply looking into a webcam - no passwords to type and no fingers to scan.
InTask Personal 1.5
InTask designed to help team leaders, developers and QA persons to share their efforts and deliver the products on time. The product includes fast task management, interactive gantt, document..
InTask designed to help team leaders, developers and QA persons to share their efforts and deliver the products on time. The product includes fast task management, interactive gantt, document..
Pop-up Free 1.56
Get rid of annoying popup windows and enhance your Web surf experience. https://skieyharmony201.weebly.com/american-horizons-schaller-pdf-download.html. Kill unexpected popup windows and protect your privacy. No more annoying advertisement windows and save your time.
Get rid of annoying popup windows and enhance your Web surf experience. https://skieyharmony201.weebly.com/american-horizons-schaller-pdf-download.html. Kill unexpected popup windows and protect your privacy. No more annoying advertisement windows and save your time.
Glary Utilities Portable 2.56.0.8322
One Click A Day For PC Maintenance, Keeps Any PC Problems Away. With 7 million worldwide users, the first-rank & free Glary Utilities is an INDISPENSABLE friend for your PC, with its 100% safe,..
One Click A Day For PC Maintenance, Keeps Any PC Problems Away. With 7 million worldwide users, the first-rank & free Glary Utilities is an INDISPENSABLE friend for your PC, with its 100% safe,..
VPSpro 3.695
VPSpro is the ultimate in the creation of financial projection and general business plans. The unique walk-through process is simple to use and makes easy work of the hard parts of business planning.
VPSpro is the ultimate in the creation of financial projection and general business plans. The unique walk-through process is simple to use and makes easy work of the hard parts of business planning.
Rylstim Budget Lite 4.5.1.6376
Plan and manage your finances with a simple friendly calendar. Perfect solution for home users and freelancers!
Plan and manage your finances with a simple friendly calendar. Perfect solution for home users and freelancers!
Neox Screen 1.0.0.277
Neox Screen is a free application which with the help of the hotkeys you can take screenshots that are crystal sharp, small in size and ready to be shared.
Neox Screen is a free application which with the help of the hotkeys you can take screenshots that are crystal sharp, small in size and ready to be shared.
EMCO Remote Installer Free 4.1.1
This free remote software deployment tool is designed to install and uninstall Windows software on remote PCs through local networks. You can use it to install and uninstall EXE setups and MSI..
This free remote software deployment tool is designed to install and uninstall Windows software on remote PCs through local networks. You can use it to install and uninstall EXE setups and MSI..