Episode Details

Oooo, giggidy! Today's tale of pentest pwnage is about pwning vCenter with CVE-2021-44228 - a vulnerability that lets us bypass authentication entirely and do/take what we want from vCenter! Key links to make the magic happen:

• How to exploit log4j manually in vCenter
• How to automate the attack!
• Tool to steal the SAML database you extract from vCenter