module
VMware vCenter Secrets Dump
| Disclosed |
|---|
| Apr 15, 2022 |
Disclosed
Apr 15, 2022
Description
Grab secrets and keys from the vCenter server and add them to
loot. This module is tested against the vCenter appliance only;
it will not work on Windows vCenter instances. It is intended to
be run after successfully acquiring root access on a vCenter
appliance and is useful for penetrating further into the
environment following a vCenter exploit that results in a root
shell.
Secrets include the dcAccountDN and dcAccountPassword for
the vCenter machine which can be used for maniuplating the SSO
domain via standard LDAP interface; good for plugging into the
vmware_vcenter_vmdir_ldap module or for adding new SSO admin
users. The MACHINE_SSL, VMCA_ROOT and SSO IdP certificates with
associated private keys are also plundered and can be used to
sign forged SAML assertions for the /ui admin interface.
loot. This module is tested against the vCenter appliance only;
it will not work on Windows vCenter instances. It is intended to
be run after successfully acquiring root access on a vCenter
appliance and is useful for penetrating further into the
environment following a vCenter exploit that results in a root
shell.
Secrets include the dcAccountDN and dcAccountPassword for
the vCenter machine which can be used for maniuplating the SSO
domain via standard LDAP interface; good for plugging into the
vmware_vcenter_vmdir_ldap module or for adding new SSO admin
users. The MACHINE_SSL, VMCA_ROOT and SSO IdP certificates with
associated private keys are also plundered and can be used to
sign forged SAML assertions for the /ui admin interface.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.