module
VMware vCenter Extract Secrets from vmdir / vmafd DB File
| Disclosed | Created |
|---|---|
| May 10, 2022 | Jun 13, 2022 |
Disclosed
May 10, 2022
Created
Jun 13, 2022
Description
Grab certificates from the vCenter server vmdird and vmafd
database files and adds them to loot. The vmdird MDB database file
can be found on the live appliance under the path
/storage/db/vmware-vmdir/data.mdb, and the DB vmafd is under path
/storage/db/vmware-vmafd/afd.db. The vmdir database contains the
IdP signing credential, and vmafd contains the vCenter certificate
store. This module will accept either file from a live vCenter
appliance, or from a vCenter appliance backup archive; either or
both files can be supplied.
database files and adds them to loot. The vmdird MDB database file
can be found on the live appliance under the path
/storage/db/vmware-vmdir/data.mdb, and the DB vmafd is under path
/storage/db/vmware-vmafd/afd.db. The vmdir database contains the
IdP signing credential, and vmafd contains the vCenter certificate
store. This module will accept either file from a live vCenter
appliance, or from a vCenter appliance backup archive; either or
both files can be supplied.
Author
npm npm@cesium137.io
Platform
Linux
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.