what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Hynek Petrak

VMware VCenter Server Vmdir Authentication Bypass

Posted Aug 31, 2024

Authored by wvu, Hynek Petrak, JJ Lehmann, Ofri Ziv | Site metasploit.com

This Metasploit module bypasses LDAP authentication in VMware vCenter Servers vmdir service to add an arbitrary administrator user. Version 6.7 prior to the 6.7U3f update is vulnerable, only if upgraded from a previous release line, such as 6.0 or 6.5. Note that it is also possible to provide a bind username and password to authenticate if the target is not vulnerable. It will add an arbitrary administrator user the same way.

tags | exploit, arbitrary

advisories | CVE-2020-3952

SHA-256 | 7a7fd73d7bbbeb14f0c845a71c89c324bdb28e63ab5cdecf8020da8a44a15e8a

Download | Favorite | View

LDAP Information Disclosure

Posted Aug 31, 2024

Authored by Hynek Petrak | Site metasploit.com

This Metasploit module uses an anonymous-bind LDAP connection to dump data from an LDAP server. Searching for attributes with user credentials (e.g. userPassword).

tags | exploit

advisories | CVE-2020-3952

SHA-256 | bc4bf555faaf6cbcb6c6acfe391203df90e551f5ade1c9d1f23102fe3e5efb6f

Download | Favorite | View

VMware vCenter Server vmdir Information Disclosure

Posted Aug 31, 2024

Authored by wvu, Hynek Petrak | Site metasploit.com

This Metasploit module uses an anonymous-bind LDAP connection to dump data from the vmdir service in VMware vCenter Server version 6.7 prior to the 6.7U3f update, only if upgraded from a previous release line, such as 6.0 or 6.5. If the bind username and password are provided (BIND_DN and BIND_PW options), these credentials will be used instead of attempting an anonymous bind.

tags | exploit

advisories | CVE-2020-3952

SHA-256 | f9159afd722a0024de174ba2c1275242941f2daf990c180faba72bd933c96c0b

Download | Favorite | View