7MS #581: Tales of Pentest Pwnage - Part 49 - a podcast by Brian Johnson
from 2023-07-21T17:44
::
::
Oooo, giggidy! Today's tale of pentest pwnage is about pwning vCenter with CVE-2021-44228 - a vulnerability that lets us bypass authentication entirely and do/take what we want from vCenter! Key links to make the magic happen:
- How to exploit log4j manually in vCenter
- How to automate the attack!
- Tool to steal the SAML database you extract from vCenter
Further episodes of 7 Minute Security
Further podcasts by Brian Johnson
Website of Brian Johnson