maride/hacktricks

mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00

Translator 409cf0a1b9 Translated ['src/linux-hardening/privilege-escalation/vmware-tools-servi

2025-10-01 10:27:18 +00:00

768 B

Raw Blame History

VMware ESX / vCenter Pentesting

{{#include ../../banners/hacktricks-training.md}}

열거

nmap -sV --script "http-vmware-path-vuln or vmware-version" -p <PORT> <IP>
msf> use auxiliary/scanner/vmware/esx_fingerprint
msf> use auxiliary/scanner/http/ms15_034_http_sys_memory_dump

Bruteforce

msf> auxiliary/scanner/vmware/vmware_http_login

유효한 credentials를 찾으면 추가적인 metasploit scanner modules를 사용해 정보를 얻을 수 있습니다.

참고

Linux LPE via VMware Tools service discovery (CWE-426 / CVE-2025-41244):

{{#ref}} ../../linux-hardening/privilege-escalation/vmware-tools-service-discovery-untrusted-search-path-cve-2025-41244.md {{#endref}}

{{#include ../../banners/hacktricks-training.md}}