• XSS.stack #1 – первый литературный журнал от юзеров форума

VMs Looking for a VMware Vcenter Data Exfilteration Technique

Отслеживать
molotov477

molotov477

(L3) cache
Пользователь
Регистрация
01.11.2022
Сообщения
182
Реакции
44
Гарант сделки
4
Hello, I was looking for guidance on what is the most quickest way to exfilterate data from a Vcenter, I have admin access on a Vcenter WebUI, I can log in, see the datastores, copy and move, delete and even download them as zip from the browser onto the machine I am accessing it from, the issue is that the machine is sitting on a private network, so I am connecting to the network via RDP onto a Windows Machine that has access to the Web UI of Vcenter, so if I want to exfil the data stores or entire VMs or vmdk files, how can I go about it,

the architecture is as following,

RDP to Windows Machine > Web UI VCenter

I have tried to download a vmdk file in zip format, but then due to large size 150GB, moving it out from the Windows system was a headache, what other options do I have? Directly from Vcenter or from the Windows Machine I download the zip file onto?

Thanks
 
Sec13B сказал(а):
try and see of your login work also ssh .
if your login is good :
use cmd : find / -name "*.vmx"
default is /vmfs/volumes

maybe this will help you :
github.com

GitHub - mbadanoiu/CVE-2024-22274: CVE-2024-22274: Authenticated Remote Code Execution in VMware vCenter Server

CVE-2024-22274: Authenticated Remote Code Execution in VMware vCenter Server - mbadanoiu/CVE-2024-22274
github.com
The login is valid for ssh but the issue is that it is not exposed over the internet, so either I have to make a pivot from the windows machine and then try to exfiltrate data.

I will have to double check on the ssh as it allowed me to login but it said that my user was not allowed to run ssh commands on it for some reason.
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх