• XSS.stack #1 – первый литературный журнал от юзеров форума

VMs Where do you hunt for esxi / vsphere.local credentials?

Отслеживать
pwnstar

pwnstar

HDD-drive
Забанен
Регистрация
10.05.2023
Сообщения
21
Реакции
1
Пожалуйста, обратите внимание, что пользователь заблокирован
Meow meow my bros



So, as the title suggests, I have access to the domain admin network to several companies that have esxi on their network. for example, I'm logged in to RDP on DC at 192.168.1.101 and can access to the ESXI UI web app at 192.168.1.250. I tried running mimikatz to extract any plaintext passwords and no vsphere credentials :(( I looked at the home directories of some users with domain admin privileges, but I didn't find any logins.





ps:

I read somewhere while looking for that once you become a domain admin you can elevate your privileges and then add a new group called "ESX Admins" and from there add your user to the group with the backdoor and somehow by doing this you will have access to the esxi ui web app with the help of the backdoor user. I had no luck there, but I thought about including it here maybe it will work for someone else to try it :p
-
any tips where to get them creds or how to break into them?
 
Search in browser.
pwnstar сказал(а):
Meow meow my bros



So, as the title suggests, I have access to the domain admin network to several companies that have esxi on their network. for example, I'm logged in to RDP on DC at 192.168.1.101 and can access to the ESXI UI web app at 192.168.1.250. I tried running mimikatz to extract any plaintext passwords and no vsphere credentials :(( I looked at the home directories of some users with domain admin privileges, but I didn't find any logins.





ps:

I read somewhere while looking for that once you become a domain admin you can elevate your privileges and then add a new group called "ESX Admins" and from there add your user to the group with the backdoor and somehow by doing this you will have access to the esxi ui web app with the help of the backdoor user. I had no luck there, but I thought about including it here maybe it will work for someone else to try it :p
-
any tips where to get them creds or how to break into them?
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Братислава сказал(а):
I'll enter ESXI into the domain and create a new ESXI administrator
via access to the domain controller
YESsssss thats exactly what I'm trying to do. But for some reason, I need to give credentials to enter esxi web ui, I have access to both 2 domain controllers on the network but none of them have any browser saved credentials or even logged in sessions. When I go to esxi web panel, it just asks me to login with username and password. I tried creating Active Directory group called "ESX Admins" and then add my backdoor user to it but I cant login to the panel to add my user if that makes sense. I also tried reusing domain admin passwords i found but nothing :(

I don't have much knowledge more than this so any insight or more guidance will be helpful:)
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх