automatic module_metadata_base.json update

mrshu · Jan 19, 2022 · d52f039 · d52f039
1 parent 4cf3ae3
commit d52f039
Showing 1 changed file with 75 additions and 1 deletion.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -82955,7 +82955,7 @@
       "Windows",
       "Linux"
     ],
-    "mod_time": "2022-01-11 16:25:21 +0000",
+    "mod_time": "2022-01-13 11:51:39 +0000",
     "path": "/modules/exploits/multi/http/log4shell_header_injection.rb",
     "is_install_path": true,
     "ref_name": "multi/http/log4shell_header_injection",
@@ -90074,6 +90074,80 @@
     "session_types": false,
     "needs_cleanup": true
   },
+  "exploit_multi/http/vmware_vcenter_log4shell": {
+    "name": "VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)",
+    "fullname": "exploit/multi/http/vmware_vcenter_log4shell",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2021-12-09",
+    "type": "exploit",
+    "author": [
+      "Spencer McIntyre",
+      "RageLtMan <rageltman@sempervictus>",
+      "jbaines-r7",
+      "w3bd3vil"
+    ],
+    "description": "VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can sent to the server\n        that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS\n        command execution in the context of the root user in the case of the Linux virtual appliance and SYSTEM on\n        Windows.\n\n        This module will start an LDAP server that the target will need to connect to. This exploit uses the logon page\n        vector.",
+    "references": [
+      "CVE-2021-44228",
+      "URL-https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228-log4shell/rapid7-analysis",
+      "URL-https://www.vmware.com/security/advisories/VMSA-2021-0028.html",
+      "URL-https://twitter.com/w3bd3vil/status/1469814463414951937"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 443,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Automatic",
+      "Windows",
+      "Linux"
+    ],
+    "mod_time": "2022-01-13 15:05:43 +0000",
+    "path": "/modules/exploits/multi/http/vmware_vcenter_log4shell.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/vmware_vcenter_log4shell",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "AKA": [
+        "Log4Shell",
+        "LogJam"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "RelatedModules": [
+        "auxiliary/scanner/http/log4shell_scanner",
+        "exploit/multi/http/log4shell_header_injection"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_multi/http/vmware_vcenter_uploadova_rce": {
     "name": "VMware vCenter Server Unauthenticated OVA File Upload RCE",
     "fullname": "exploit/multi/http/vmware_vcenter_uploadova_rce",