Hacktricks-skills pentesting-compaq-hp-insight-manager
How to pentest Compaq/HP Insight Manager services. Use this skill whenever the user mentions HP Insight Manager, Compaq Insight Manager, port 2301, port 2381, or any HP server management service enumeration. Trigger for any reconnaissance, vulnerability assessment, or penetration testing tasks involving HP/Compaq server management infrastructure.
git clone https://github.com/abelrguezr/hacktricks-skills
skills/network-services-pentesting/pentesting-compaq-hp-insight-manager/SKILL.MDPentesting Compaq/HP Insight Manager
This skill provides guidance for security testing of Compaq/HP Insight Manager services, which are server management tools used for monitoring and managing HP/Compaq hardware infrastructure.
Service Overview
Default Ports:
- Primary Insight Manager port2301/tcp
- Alternative/secondary port2381/tcp
Reconnaissance Phase
1. Service Enumeration
When you encounter these ports open on a target, identify the service:
# Check if HP Insight Manager is running nmap -p 2301,2381 <target> nmap -sV -p 2301,2381 <target> # Banner grabbing nc -v <target> 2301 nc -v <target> 2381
2. Version Detection
Try to determine the version of Insight Manager:
- Check HTTP headers if web interface is available
- Look for version strings in banners
- Search for known version-specific vulnerabilities
Default Credential Testing
HP Insight Manager installations often use default or weak credentials. Test these common defaults:
Common Default Passwords
| Username | Password |
|---|---|
| admin | admin |
| admin | password |
| admin | (blank) |
| root | root |
| root | (blank) |
| administrator | administrator |
| administrator | (blank) |
| hp | hp |
| compaq | compaq |
Testing Approach
# Using hydra for brute force (if service supports it) hydra -L /path/to/usernames -P /path/to/passwords <target> http-post-form 2301 # Manual testing via web interface if available # Try common username/password combinations
Note: Always have proper authorization before testing credentials on any system.
Configuration File Discovery
If you gain access to the file system, look for these configuration files that may contain sensitive information:
Key Configuration Files
path.properties # Path configurations, may contain credentials mx.log # Application logs, may reveal errors or credentials CLIClientConfig.cfg # Client configuration, potential sensitive data database.props # Database properties, likely contains DB credentials pg_hba.conf # PostgreSQL authentication config (if using Postgres) jboss-service.xml # JBoss service configuration .namazurc # User configuration file
What to Look For
- Hardcoded credentials in database.props or path.properties
- Connection strings with embedded passwords
- Log files that may contain error messages revealing system information
- Configuration paths that could lead to other sensitive files
Vulnerability Assessment
Common Issues to Check
- Outdated versions - Older versions of Insight Manager have known vulnerabilities
- Default credentials - As mentioned above, very common
- Unencrypted communications - Check if traffic is sent in plaintext
- Information disclosure - Error messages, banners revealing version info
- Access control issues - Weak authentication, missing authorization checks
Information Gathering Commands
# Check for SSL/TLS configuration openssl s_client -connect <target>:2301 # Look for directory listings if web interface # Check for backup files, config files exposed # Search for known CVEs affecting the version
Post-Exploitation Considerations
If you successfully compromise an Insight Manager instance:
- Document the access - Record what you found and how
- Check for lateral movement - Insight Manager often has access to multiple servers
- Review managed systems - The console may show other systems under management
- Check for stored credentials - For other systems or services
- Assess impact - What data can be accessed through this service?
Ethical Considerations
IMPORTANT: Only perform these tests on systems you own or have explicit written authorization to test. Unauthorized access to computer systems is illegal.
Authorization Checklist
- Written authorization from system owner
- Clear scope of testing defined
- Testing window agreed upon
- Contact information for emergencies
- Data handling procedures established
Reporting
When documenting findings:
- Include evidence - Screenshots, logs, command outputs
- Rate severity - Based on impact and exploitability
- Provide remediation - Specific steps to fix each issue
- Reference sources - CVE numbers, vendor advisories
References
- Default password lists: http://www.vulnerabilityassessment.co.uk/passwordsC.htm
- HP/Compaq Insight Manager documentation
- CVE database for known vulnerabilities
Remember: This skill is for authorized security testing only. Always operate within legal and ethical boundaries.