This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extract all user credentials. The first vulnerability is a unauthenticated file download in the FetchFile servlet, which is used to download the file containing the user credentials. The second vulnerability is that the the passwords in the file are obfuscated with a very weak algorithm which can be easily reversed. This module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on Windows and Linux.
WebNMS Framework Server 5.2
Attacker: kali Linux
Victim PC: WebNMS Framework Server 5.2
Open Kali terminal type msfconsole
msf exploit (webnms_cred_disclosure)>set rhost 192.168.0.103 (IP of Remote Host)
msf exploit (webnms_cred_disclosure)>exploit