Exploiting an Unsecured Dell Foglight Server

May 23, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

Dell Foglight for Virtualization is an infrastructure performance monitoring tool that can also be used to manage systems as well. It comes configured with a default username and password of “foglight.”

It is possible to execute code on the host itself through an integrated scripting console.

By browsing to Homes -> Administration


click to enlarge image

And then browsing to Investigate -> Data -> Script Console

Under the “Scripts” tab, click the [+] Add button.

From here you can enter any groovy code and execute it on the host. A simple way to execute commands is by using:

"cmd.exe /c ".execute

or

"powershell.exe -NoP -NonI -W Hidden -Enc".execute

This is a good place to swap in your Powershell Empire or Metasploit Web Delivery stage 0 payload.

click to enlarge image

Foglight can also execute code on the devices it manages.

By browsing to Homes -> Automation

And then browsing to the Workflow Management tab and clicking the [+] New button.

When in the Workflow Studio, click All ActionPacks -> Common -> Scripting

Here you will see a few choices:

  • Run PowerShell Script
  • Send and Run Command(s)
  • Send and Run PowerShell script

I was not able to create a functional workflow, however with this, it is likely possible to push a malicious workflow to all managed devices.

One other notable feature of Foglight is that it stores credentials.

By browsing to Dashboards-> Administration -> Credentials

and then click Manage Credentials.

According to the Foglight UI, “A lockbox contains a collection of encrypted credentials and the keys for their encryption and decryption.” While there does not seem to be a way to extract the credential plaintext thorough the UI, it is likely possible to compromise and decrypt these stored credentials once the host is compromised.

Esteban Rodriguez

Author

Esteban Rodriguez — Consultant, Coalfire Labs, Coalfire

Recent Posts

Post Topics

Archives

Top