CVE-2021-21972
Proof of Concept Exploit for vCenter CVE-2021-21972
Research credit to: https://swarm.ptsecurity.com/unauth-rce-vmware/, http://noahblog.360.cn/vcenter-6-5-7-0-rce-lou-dong-fen-xi/
Tested on both Windows and Unix vCenter VCSA targets.
Usage
To benignly check if the target is vulnerable just supply the --target argument.
To exploit provide the --file, --path, and --operating-system flags. Write the file supplied in the --file argument to the location specified in the --path argument.
Windows Targets:
Tested by uploading the webshell cmdjsp.jsp to the /statsreport endpoint as indicated by PtSwarm. The webshell executes commands in the context of NT AUTHORITY/SYSTEM.
Unix Targets:
The file will be written in the context of the vsphere-ui user. If the target is vulnerable, but the exploit fails, it is likely that the vsphere-ui user does not have permissions to write to the specified path.
If writing the vsphere-ui user's SSH authorized_keys, when SSH'ing with the keys it was observed in some cases that the vsphere-ui user's password had expired and forced you to update it (which you cannot because no password is set).
7 Nov 24, 2022
26 Sep 04, 2022
1 Oct 22, 2021
1.6k Dec 30, 2022
41 Nov 22, 2022
11 Nov 11, 2022
5 Sep 12, 2022
9 Dec 17, 2022
0 Aug 28, 2022
7 Nov 17, 2022
86 Aug 21, 2022
355 Aug 03, 2022
48 Aug 28, 2022
14 Nov 11, 2022
11 Dec 07, 2022
430 Dec 27, 2022
48 Dec 19, 2022
253 Jan 05, 2023
15 Dec 22, 2022
9 Nov 23, 2022