Skip to main content

29. If the defenders have discovered your activity but the webshell on vCenter remains, yet you can no longer log in to the Web console, what other exploitation methods exist?

By obtaining the permissions of the ESXi vsphere-ui user, you can take a snapshot of the system and thereby capture passwords once again.