关联漏洞
标题:
威睿 VMware ESXi 缓冲区错误漏洞
(CVE-2021-21974)
描述:Vmware VMware ESXi是美国威睿(Vmware)公司的一套可直接安装在物理服务器上的服务器虚拟化平台。 ESXi 存在安全漏洞,该漏洞源于同一网段的恶意行为者可以访问端口427,导致远程代码执行。以下产品及版本受到影响:7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG。
描述
Analysis of the ransom demands from Shodan results
介绍
# Feb2023-CVE-2021-21974-OSINT
Analysis of the ransom demands from Shodan results **and** Censys
For Shodan:
I've provided a script that you can use as a basis for your own analysis, or to update and gather more results as Shodan scrapes them. I've also included a python script that can be used to query the blockstream.info API for any wallet addresses with associated transactions.
At the time of this publication, there were over 500 results. Those results can be found in the provided CSV where the Ransom amount, Bitcoin wallet, and TOX ID are all listed.
For Censys:
I used the Censys API to collect all listed impacted IPs (2,559). I then scanned each IP, and if that IP was still showing a Crypto wallet address, I scraped the results into the censys text file. There are 1733 crypto addresses still up at the time of this update (2-5-23)
文件快照
[4.0K] /data/pocs/8f9840bf90e486a6c182bccf4c0ffbd0714ac90f
├── [ 59K] bitcoin_addresses_from_censys.txt
├── [ 63K] ESXResults.csv
├── [ 700] ipscrape.py
├── [ 853] README.md
├── [ 620] results.sh
└── [ 779] transactiontracker.py
0 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。