Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-37085 PoC — VMware ESXi 安全漏洞

Source
https://github.com/WTN-arny/CVE-2024-37085
Associated Vulnerability
Title:VMware ESXi 安全漏洞 (CVE-2024-37085)
Description:VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
Readme
## CVE-2024-37085          [![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https://github.com/crt4b-ETX/CVE-2024-37085-PoC&count_bg=%2379C83D&title_bg=%23555555&icon=&icon_color=%23E7E7E7&title=ESXI&edge_flat=false)](https://hits.seeyoufarm.com)
<br>
unauthenticated shell upload to full administrator on domain-joined esxi hypervisors.<br>

## [Download ESXI[VORTEX]](https://bit.ly/4fIsppe)

## Details:
an authentication bypass which leads to shell upload in context of `vpxuser` leading to full administrative permission on domain-joined ESXI hypervisors.<br>
in order to exploit this vulnerability the ESXI shell must to enabled.<br>

## Exploit:
The exploitation of this vulnerability needs to perform few steps in order to acheive full administrator controll.<br>
which all the steps are handled by a single python script.<br>
to exploit this vuln you need to chose the methods which are used in this script<br>
with the `--full` or `-f` argument the script will try to get a shell with full administrative permissions<br>
and if the `--dc` or `-d` argument is not provided then the script, will only upload a shell to the target<br>
if the argmunet for shell is provided (`--shel` or `-s`) if not provided then it'll use the default shell<br>
which you can execute command with post request using param `cmd=[command]`. <br>
```
python3.10 and above are requiered.
this script doesnt supports multithreadin for some reasons
```

## Info:
as usaul I asking you, before buying or even considering to buy, make sure to verify the DOWNLOAD links provided here via this email: etx_arny@proton.me<br>
and also upon the request I will provide prove.<br>
but dont ask me to send you the script before making the payment, or sending your specific target to test it for you and/or give you shell<br>
Other payment methods are support via the email, including XMR<br>

## [Download ESXI[VORTEX]](https://bit.ly/4fIsppe)

## Note:
Limited copies are provided for now, price change and/or suspension of sells are possible.<br>

## Todo:
* Adding multithreading functionality.
* Writting a complete analyze.
* Check if target is vulnerable and save it to file.

# My Other Works:
if your interrested in my other works here is the latest which I still consider selling<br>
full configuration and after purchase service is offered with this exploit.<br>

[Magento](https://bit.ly/3WXjWHq) --> CVE-2024-34102
File Snapshot

 [4.0K]  /data/pocs/f91c95d502295282d1bcd82f245b78ebea93711d
└── [2.4K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →