Skip to main content

22. In internal network penetration, if you have obtained a set of vCenter credentials, how would you further deepen your exploitation? How can the database file be decrypted, and what is the principle?

Approach: Forge a cookie → create an administrator via LDAP → gain access to the backend Windows machines of the vCenter → use the forged cookie or LDAP‑created administrator to enter the backend → locate a Windows host that is at the lock screen and create a snapshot.