You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This application utilizes the nCentral agent dot net libraries to simulate the agent registration and pull the agent/appliance configuration settings. This information can contain plain text active directory domain credentials. This was reported to SolarWinds PSIRT(psirt@solarwinds.com) on 10/10/2019. In most cases the agent download URL is not secured allowing anyone without authorization and known customer id to download the agent software. Once you have a customer id you can self register and pull the config. Application will test availability of customer id via agent download URL. If successful it will then pull the config. We do not attempt to just pull the config because timing out on the operation takes to long. Removing the initial check, could produce more results as the agent download could be being blocked where as agent communication would not be.
5
+
6
+
Harmony is only used to block the nCentral libraries from saving and creating a "config" directory that is not needed.
7
+
8
+
## Usage
9
+
nCentralDumpsterDiver 1.0.0.0
10
+
Copyright c 2020
11
+
ERROR(S):
12
+
Required option 'u, url' is missing.
13
+
-u, --url Required. URLs to be Processed
14
+
-i, --id Customer IDs to try processing, will be excluded from bruteforce
15
+
16
+
-b, --bruteforce (Default: false) Enable Customer ID BruteForce
17
+
--min (Default: 100) Minimum Customer ID to try for bruteforce.
18
+
--max (Default: 200) Maximum Customer ID to try for bruteforce.
0 commit comments