7MS #581: Tales of Pentest Pwnage – Part 49

(Sorry, I don’t know how to count. The video says it’s pwnage part 48, but it’s actually part 49)

Oooo, giggidy! Today’s tale of pentest pwnage is about pwning vCenter with CVE-2021-44228 – a vulnerability that lets us bypass authentication entirely and do/take what we want from vCenter! Key links to make the magic happen:

How to exploit log4j manually in vCenter
How to automate the attack!
Tool to steal the SAML database you extract from vCenter

Tags: pentesting

Written by: Brian Johnson

Share on socials:

podcast

7MS #621: Eating the Security Dog Food – Part 6
Continue reading
podcast

7MS #620: Securing Your Mental Health – Part 5
Continue reading
podcast

7MS #619: Tales of Pentest Pwnage – Part 56
Continue reading

7MS #581: Tales of Pentest Pwnage – Part 49

Recent Posts:

7MS #621: Eating the Security Dog Food – Part 6

7MS #620: Securing Your Mental Health – Part 5

7MS #619: Tales of Pentest Pwnage – Part 56

About Us

Services

Resources