CVE-2021-21974 PoC — 威睿 VMware ESXi 缓冲区错误漏洞

Source

https://github.com/n2x4/Feb2023-CVE-2021-21974-OSINT

Associated Vulnerability

Title:威睿 VMware ESXi 缓冲区错误漏洞 (CVE-2021-21974)
Description:Vmware VMware ESXi是美国威睿（Vmware）公司的一套可直接安装在物理服务器上的服务器虚拟化平台。 ESXi 存在安全漏洞，该漏洞源于同一网段的恶意行为者可以访问端口427，导致远程代码执行。以下产品及版本受到影响：7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG。

Description

Analysis of the ransom demands from Shodan results

Readme

# Feb2023-CVE-2021-21974-OSINT
Analysis of the ransom demands from Shodan results **and** Censys

For Shodan:

I've provided a script that you can use as a basis for your own analysis, or to update and gather more results as Shodan scrapes them. I've also included a python script that can be used to query the blockstream.info API for any wallet addresses with associated transactions.

At the time of this publication, there were over 500 results. Those results can be found in the provided CSV where the Ransom amount, Bitcoin wallet, and TOX ID are all listed.

For Censys:

I used the Censys API to collect all listed impacted IPs (2,559). I then scanned each IP, and if that IP was still showing a Crypto wallet address, I scraped the results into the censys text file. There are 1733 crypto addresses still up at the time of this update (2-5-23)

File Snapshot


 [4.0K]  /data/pocs/8f9840bf90e486a6c182bccf4c0ffbd0714ac90f
├── [ 59K]  bitcoin_addresses_from_censys.txt
├── [ 63K]  ESXResults.csv
├── [ 700]  ipscrape.py
├── [ 853]  README.md
├── [ 620]  results.sh
└── [ 779]  transactiontracker.py

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!