GuestStealer allows for the stealing of VMware guests from vulnerable hosts based on the Directory Traversal Vulnerability

GuestStealer allows for the stealing of VMware guests from vulnerable hosts based on the Directory Traversal Vulnerability detailed in CVE-2009-3373 and VMSA-2009-0015. GuestStealer was released at ShmooCon 2010 during Tony Flick's 'Stealing Guests...The VMware Way' presentation.

More info and Download

Download Stealing Guests…The VMware Way PDF

http://fyrmassociates.com/tools/gueststealer-v1.pl

 

GuestStealer allows for the stealing of VMware guests from vulnerable hosts based on the Directory Traversal Vulnerability detailed in CVE-2009-3373 and VMSA-2009-0015. GuestStealer was released at ShmooCon 2010 during Tony Flick's 'Stealing Guests...The VMware Way' presentation.

Requirements

  1. Perl interpreter
  2. LWP::Simple perl module
  3. XML::Simple perl module
  4. Data::Dumper perl module
  5. Crypt::SSLeay perl module

Instructions

  1. perl gueststealer-v1.pl -h <Host> -p <Web Access UI Port> -s <SSL Web Access UI> -t <Server Type> -o <Output Directory>
  2. -h = The target host (IP Address or Host Name)
    -p = Port for the Web Access UI (Defaults: ESX/ESXi = 80/443, Server = 8222/8333)
    -s = Is the Web Access UI utilizing SSL (yes/no)
    -t = Target type (server/esx/esxi)
    -o = Output directory
  3. Example Usage:
    perl gueststealer-v1.pl -h 192.168.1.2 -p 8333 -s yes -t server -o /tmp

 

你可能感兴趣的:(GuestStealer allows for the stealing of VMware guests from vulnerable hosts based on the Directory Traversal Vulnerability)