神兵利器 - SharpSphere 攻击 vSphere 基础架构
神兵利器 - SharpSphere 攻击 vSphere 基础架构
Khan安全团队
发布于 2021-02-08 11:32:29
发布于 2021-02-08 11:32:29
介紹
SharpSphere使红队人员能够轻松地与vCenter管理的虚拟机的客人操作系统进行交互。它使用 vSphere Web Services API,并公开了以下功能。
命令与控制--结合F-Secure的C3,SharpSphere可以使用VMware Tools向虚拟机提供C&C,而无需与目标虚拟机直接进行网络连接。
- 代码执行 - 允许在客户操作系统中执行任意命令并返回结果。
- 文件上传 - 允许将任意文件上传到客人的操作系统上。
- 文件下载 - 允许从客户操作系统下载任意文件。
- 列出虚拟机 - 列出由 vCenter 管理的、运行有 VMware Tools 的虚拟机。
SharpSphere支持通过Cobalt Strike的execute-assembly执行。
如果你自己编译,你需要使用ILMerge来组合SharpSphere.exe和CommandLine.dll在发布文件夹中。
现有模块:
SharpSphere.exe help
list List all VMs managed by this vCenter 列出此 vCenter 管理的所有虚拟机
execute Execute given command in target VM 在目标虚拟机中执行指定的命令c2 Run C2 using C3's VMwareShareFile module 使用C3的VMwareShareFile模块运行C2
upload Upload file to target VM 上传文件到目标虚拟机
download Download file from target VM 下载 从目标虚拟机下载文件
help Display more information on a specific command help 显示特定命令的更多信息
version Display version information 版本 显示版本信息举例VM:
SharpSphere.exe list --help
--url Required. vCenter SDK URL, i.e. https://127.0.0.1/sdk
--username Required. vCenter username, i.e. administrator@vsphere.local
--password Required. vCenter password控制:
SharpSphere.exe c2 --help
--url Required. vCenter SDK URL, i.e. https://127.0.0.1/sdk
--username Required. vCenter username, i.e. administrator@vsphere.local
--password Required. vCenter password
--ip Required. Target VM IP address
--guestusername Required. Username used to authenticate to the guest OS
--guestpassword Required. Password used to authenticate to the guest OS
--localdir Required. Full path to the C3 directory on this machine
--guestdir Required. Full path to the C3 directory on the guest OS
--inputid Required. Input ID configured for the C3 relay running on this machine
--outputid Required. Output ID configured for the C3 relay running on this machine文件上传:
SharpSphere.exe upload --help
--url Required. vCenter SDK URL, i.e. https://127.0.0.1/sdk
--username Required. vCenter username, i.e. administrator@vsphere.local
--password Required. vCenter password
--ip Required. Target VM IP address
--guestusername Required. Username used to authenticate to the guest OS
--guestpassword Required. Password used to authenticate to the guest OS
--source Required. Full path to local file to upload
--destination Required. Full path to location where file should be uploaded文件下载:
SharpSphere.exe download --help
--url Required. vCenter SDK URL, i.e. https://127.0.0.1/sdk
--username Required. vCenter username, i.e. administrator@vsphere.local
--password Required. vCenter password
--ip Required. Target VM IP address
--guestusername Required. Username used to authenticate to the guest OS
--guestpassword Required. Password used to authenticate to the guest OS
--source Required. Full path in the guest to the file to upload
--destination Required. Full path to the local directory where the file should be downloaded下版本新增:
- 增加对Linux操作系统的支持
- 包含一个--verbose选项,用于列出虚拟机
- 增加一个--安静标志,不提及每一个传输的数据包
- 增加--estauth标志,以确认凭证是有效的
项目地址:
https://github.com/JamesCooteUK/SharpSphere
本文参与 腾讯云自媒体分享计划,分享自微信公众号。
原始发表:2021-01-29,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读