OMIGOD PoC# OMIGOD PoC
## Usage
```
$ go run CVE-2021-38647.go -h
USAGE: go run CVE-2021-38647.go [FLAGS]
-c string
Command to run.
-p int
Remote WSMan port. (default 5986)
-t string
IP address of the vulnerable server.
```
## Docker
To build docker container:
```
docker build -t "microsoft/omi" .
```
To run docker container:
```
docker run --name omi_poc -p 5985:5985 -p 5986:5986 microsoft/omi
```
To stop docker container:
```
docker stop omi_poc
```
To connect into docker container:
```
docker exec -it omi_poc /bin/bash
```
## References
* https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
* https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
* https://github.com/microsoft/omi
* https://twitter.com/GossiTheDog/status/1437896101756030982
* https://msrc-blog.microsoft.com/2021/09/16/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/
* https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
* https://rootsecdev.medium.com/creating-your-own-private-pwn-lab-for-omi-exploitation-b6919fc63956
* https://attackerkb.com/topics/08O94gYdF1/cve-2021-38647
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view