CVE-2021-21974 PoC — 威睿 VMware ESXi 缓冲区错误漏洞

Source

Associated Vulnerability

Description

Analysis of the ransom demands from Shodan results

Readme

# Feb2023-CVE-2021-21974-OSINT
Analysis of the ransom demands from Shodan results **and** Censys

For Shodan:

I've provided a script that you can use as a basis for your own analysis, or to update and gather more results as Shodan scrapes them. I've also included a python script that can be used to query the blockstream.info API for any wallet addresses with associated transactions.

At the time of this publication, there were over 500 results. Those results can be found in the provided CSV where the Ransom amount, Bitcoin wallet, and TOX ID are all listed.

For Censys:

I used the Censys API to collect all listed impacted IPs (2,559). I then scanned each IP, and if that IP was still showing a Crypto wallet address, I scraped the results into the censys text file. There are 1733 crypto addresses still up at the time of this update (2-5-23)

File Snapshot

 [4.0K]  /data/pocs/8f9840bf90e486a6c182bccf4c0ffbd0714ac90f
├── [ 59K]  bitcoin_addresses_from_censys.txt
├── [ 63K]  ESXResults.csv
├── [ 700]  ipscrape.py
├── [ 853]  README.md
├── [ 620]  results.sh
└── [ 779]  transactiontracker.py

0 directories, 6 files

Remarks