dmurphy18
commented
1 year ago Able to hack access to esxi and vcenter using the following proxy settings
root@david-XPS-15-9570:/home/david# cat /srv/pillar/pesxi.sls
proxy:
proxytype: esxi
host: 10.225.3.203
username: root
passwords:
- dogkat2015
You have new mail in /var/mail/root
root@david-XPS-15-9570:/home/david# cat /srv/pillar/pvcenter.sls
proxy:
proxytype: vcenter
vcenter: 10.225.2.11
username: administrator@vsphere.local
verify_ssl: False
mechanism: userpass
passwords:
- dogkat2015
root@david-XPS-15-9570:/home/david# cat /srv/pillar/top.sls
base:
'*':
- base
pesxi:
- pesxi
pvcenter:
- pvcenter
root@david-XPS-15-9570:/home/david#Which results in the following:
root@david-XPS-15-9570:/home/david# salt pvcenter vcenter.get_details
pvcenter:
----------
ca_bundle:
None
mechanism:
userpass
password:
dogkat2015
passwords:
- dogkat2015
port:
None
protocol:
None
username:
administrator@vsphere.local
vcenter:
10.225.2.11
verify_ssl:
False
root@david-XPS-15-9570:/home/david#
root@david-XPS-15-9570:/home/david# salt pesxi esxi.get_details
pesxi:
----------
host:
10.225.3.203
password:
dogkat2015
port:
None
protocol:
None
proxytype:
esxi
username:
root
root@david-XPS-15-9570:/home/david# salt pesxi test.versions
pesxi:
Salt Version:
Salt: 3004.1
Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: 2.8.1
docker-py: 1.8.0
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 3.0.3
libgit2: 1.1.0
M2Crypto: 0.38.0
Mako: 1.1.3
msgpack: 1.0.3
msgpack-pure: Not Installed
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: Not Installed
pycryptodome: 3.11.0
pygit2: 1.6.1
Python: 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0]
python-gnupg: Not Installed
PyYAML: 5.4.1
PyZMQ: 22.3.0
smmap: Not Installed
timelib: Not Installed
Tornado: 4.5.3
ZMQ: 4.3.4
Salt Extensions:
pytest-salt: 2020.1.27
pytest-salt-factories: 0.912.2
System Versions:
dist: ubuntu 22.04 Jammy Jellyfish
locale: utf-8
machine: x86_64
release: 5.15.0-56-generic
system: Linux
version: Ubuntu 22.04 Jammy Jellyfish
root@david-XPS-15-9570:/home/david#
root@david-XPS-15-9570:/home/david# salt pvcenter test.versions
pvcenter:
Salt Version:
Salt: 3004.1
Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: 2.8.1
docker-py: 1.8.0
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 3.0.3
libgit2: 1.1.0
M2Crypto: 0.38.0
Mako: 1.1.3
msgpack: 1.0.3
msgpack-pure: Not Installed
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: Not Installed
pycryptodome: 3.11.0
pygit2: 1.6.1
Python: 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0]
python-gnupg: Not Installed
PyYAML: 5.4.1
PyZMQ: 22.3.0
smmap: Not Installed
timelib: Not Installed
Tornado: 4.5.3
ZMQ: 4.3.4
Salt Extensions:
pytest-salt: 2020.1.27
pytest-salt-factories: 0.912.2
System Versions:
dist: ubuntu 22.04 Jammy Jellyfish
locale: utf-8
machine: x86_64
release: 5.15.0-56-generic
system: Linux
version: Ubuntu 22.04 Jammy Jellyfish
root@david-XPS-15-9570:/home/david# Note: has to disable verify_ssl check in salt/proxy/esxi.py _get_instance, since for some reason getting SSL_CERTIFICATE errors on Ubuntu 22.04
See JIRA entries https://jira.eng.vmware.com/browse/VRAE-33298 https://jira.eng.vmware.com/browse/VRAE-33295 https://jira.eng.vmware.com/browse/VRAE-33296
Need to implement get_details functionality from the Salt core modules (and hence proxy modules implementation) in VMware Salt Extensions, see