Jul 21, 2023 1 min read Podcast, Pentesting

7MS #581: Tales of Pentest Pwnage - Part 49

(Sorry, I don't know how to count. The video says it's pwnage part 48, but it's actually part 49)

Oooo, giggidy! Today's tale of pentest pwnage is about pwning vCenter with CVE-2021-44228 - a vulnerability that lets us bypass authentication entirely and do/take what we want from vCenter! Key links to make the magic happen:

How to exploit log4j manually in vCenter
How to automate the attack!
Tool to steal the SAML database you extract from vCenter

Psst! Looking for ways to support the show? You can:

Buy 7MS a hot cocoa
Support us on Patreon
Consider our professional services for your risk assessment, penetration testing and training needs

You might also like...

7MS #607: How to Succeed in Business Without Really Crying - Part 15

7MS #606: Hacking OWASP Juice Shop (2024 edition)

7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira

7MS #604: A Two Tool Teaser

7MS #603: Monitoring Your Tailscale Network with Uptime Kuma

Popular tags