unauthenticated shell upload to full administrator on domain-joined esxi hypervisors.
an authentication bypass which leads to shell upload in context of vpxuser leading to full administrative permission on domain-joined ESXI hypervisors.
in order to exploit this vulnerability the ESXI shell must to enabled.
The exploitation of this vulnerability needs to perform few steps in order to acheive full administrator controll.
which all the steps are handled by a single python script.
to exploit this vuln you need to chose the methods which are used in this script
with the --full or -f argument the script will try to get a shell with full administrative permissions
and if the --dc or -d argument is not provided then the script, will only upload a shell to the target
if the argmunet for shell is provided (--shel or -s) if not provided then it'll use the default shell
which you can execute command with post request using param cmd=[command].
python3.10 and above are requiered.
this script doesnt supports multithreadin for some reasons
as usaul I asking you, before buying or even considering to buy, make sure to verify the DOWNLOAD links provided here via this email: etx_arny@proton.me
and also upon the request I will provide prove.
but dont ask me to send you the script before making the payment, or sending your specific target to test it for you and/or give you shell
Other payment methods are support via the email, including XMR
Limited copies are provided for now, price change and/or suspension of sells are possible.
- Adding multithreading functionality.
- Writting a complete analyze.
- Check if target is vulnerable and save it to file.
if your interrested in my other works here is the latest which I still consider selling
full configuration and after purchase service is offered with this exploit.
Magento --> CVE-2024-34102