<p>Oooo, giggidy! Today's tale of pentest pwnage is about pwning vCenter with CVE-2021-44228 - a vulnerability that lets us bypass authentication entirely and do/take what we want from vCenter! Key links to make the magic happen:</p> <ul> <li><a href= "https://www.sprocketsecurity.com/resources/how-to-exploit-log4j-vulnerabilities-in-vmware-vcenter"> How to exploit log4j manually in vCenter</a></li> <li><a href="https://github.com/puzzlepeaches/Log4jCenter">How to automate the attack!</a></li> <li><a href="https://github.com/horizon3ai/vcenter_saml_login">Tool to steal the SAML database you extract from vCenter</a></li> </ul>