POC详情: 5aa3a8444d39e27d8a86cd53e7027c1e60aeaac6

来源
https://github.com/WTN-arny/Vmware-ESXI
关联漏洞
标题: VMware ESXi 安全漏洞 (CVE-2024-37085)
描述:VMware ESXi是美国威睿(VMware)公司的一套可直接安装在物理服务器上的服务器虚拟化平台。 VMware ESXi存在安全漏洞,该漏洞源于存在身份验证绕过漏洞,导致攻击者可获得对之前配置的ESXi主机的完全访问权限。
描述
CVE-2024-37085 unauthenticated shell upload to full administrator on domain-joined esxi hypervisors.
介绍
## CVE-2024-37085          [![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https://github.com/crt4b-ETX/CVE-2024-37085-PoC&count_bg=%2379C83D&title_bg=%23555555&icon=&icon_color=%23E7E7E7&title=ESXI&edge_flat=false)](https://hits.seeyoufarm.com)
<br>
unauthenticated shell upload to full administrator on domain-joined esxi hypervisors.<br>

## [Download ESXI[VORTEX]](https://bit.ly/4fIsppe)

## Details:
an authentication bypass which leads to shell upload in context of `vpxuser` leading to full administrative permission on domain-joined ESXI hypervisors.<br>
in order to exploit this vulnerability the ESXI shell must to enabled.<br>

## Exploit:
The exploitation of this vulnerability needs to perform few steps in order to acheive full administrator controll.<br>
which all the steps are handled by a single python script.<br>
to exploit this vuln you need to chose the methods which are used in this script<br>
with the `--full` or `-f` argument the script will try to get a shell with full administrative permissions<br>
and if the `--dc` or `-d` argument is not provided then the script, will only upload a shell to the target<br>
if the argmunet for shell is provided (`--shel` or `-s`) if not provided then it'll use the default shell<br>
which you can execute command with post request using param `cmd=[command]`. <br>
```
python3.10 and above are requiered.
this script doesnt supports multithreadin for some reasons
```

## Info:
as usaul I asking you, before buying or even considering to buy, make sure to verify the DOWNLOAD links provided here via this email: etx_arny@proton.me<br>
and also upon the request I will provide prove.<br>
but dont ask me to send you the script before making the payment, or sending your specific target to test it for you and/or give you shell<br>
Other payment methods are support via the email, including XMR<br>

## [Download ESXI[VORTEX]](https://bit.ly/4fIsppe)

## Note:
Limited copies are provided for now, price change and/or suspension of sells are possible.<br>

## Todo:
* Adding multithreading functionality.
* Writting a complete analyze.
* Check if target is vulnerable and save it to file.

# My Other Works:
if your interrested in my other works here is the latest which I still consider selling<br>
full configuration and after purchase service is offered with this exploit.<br>

[Magento](https://bit.ly/3WXjWHq) --> CVE-2024-34102
文件快照

 [4.0K]  /data/pocs/5aa3a8444d39e27d8a86cd53e7027c1e60aeaac6
└── [2.4K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。