horizon3ai/CVE-2021-21972

Stars
248
Rank 162,619 (Top 4 %)
Language
Python
License
Apache License 2.0
Created over 3 years ago
Updated over 3 years ago

horizon3ai/CVE-2021-21972

horizon3ai

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2021-21972

Proof of Concept Exploit for vCenter CVE-2021-21972

Research credit to: https://swarm.ptsecurity.com/unauth-rce-vmware/, http://noahblog.360.cn/vcenter-6-5-7-0-rce-lou-dong-fen-xi/

Tested on both Windows and Unix vCenter VCSA targets.

Usage

To benignly check if the target is vulnerable just supply the --target argument.

To exploit provide the --file, --path, and --operating-system flags. Write the file supplied in the --file argument to the location specified in the --path argument.

Windows Targets:

Tested by uploading the webshell cmdjsp.jsp to the /statsreport endpoint as indicated by PtSwarm. The webshell executes commands in the context of NT AUTHORITY/SYSTEM.

Unix Targets:

The file will be written in the context of the vsphere-ui user. If the target is vulnerable, but the exploit fails, it is likely that the vsphere-ui user does not have permissions to write to the specified path.

If writing the vsphere-ui user's SSH authorized_keys, when SSH'ing with the keys it was observed in some cases that the vsphere-ui user's password had expired and forced you to update it (which you cannot because no password is set).

vcenter_saml_login

A tool to extract the IdP cert from vCenter backups and log in as Administrator

CVE-2022-40684

A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

CVE-2022-39952

POC for CVE-2022-39952

CVE-2021-38647

Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

CVE-2022-1388

POC for CVE-2022-1388

CVE-2022-22972

vRealizeLogInsightRCE

POC for RCE using vulnerabilities described in VMSA-2023-0001

CVE-2023-34362

MOVEit CVE-2023-34362

CVE-2022-47966

POC for CVE-2022-47966 affecting multiple ManageEngine products

proxyshell

Proof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207

CVE-2023-27524

Basic PoC for CVE-2023-27524: Insecure Default Configuration in Apache Superset

backup_dc_registry

A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY

CVE-2023-34051

VMware Aria Operations for Logs CVE-2023-34051

CVE-2024-0204

Authentication Bypass in GoAnywhere MFT

CVE-2023-27532

POC for Veeam Backup and Replication CVE-2023-27532

CVE-2023-27350

Proof of Concept Exploit for PaperCut CVE-2023-27350

CVE-2022-28219

PoC for ManageEngine ADAudit Plus CVE-2022-28219

CVE-2023-48788

Fortinet FortiClient EMS SQL Injection

CVE-2023-38035

Ivanti Sentry CVE-2023-38035

CVE-2024-23108

CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command Injection

CVE-2021-44077

Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

CVE-2023-34992

CVE-2023-34992: Fortinet FortiSIEM Command Injection Proof of Concept Exploit

CVE-2023-26067

Lexmark CVE-2023-26067

CVE-2024-1403

Progress OpenEdge Authentication Bypass

h3-cli

CLI tool for the Horizon3.ai API

CVE-2024-29824

Ivanti EPM SQL Injection Remote Code Execution Vulnerability

CVE-2021-44142

cyanide

SecureConnect-Auth-Bypass

An exploit proof of concept for ConnectWise SecureConnect authentication bypass vulnerability.