Table of Contents

Scanner VMware Auxiliary Modules


vmware_enum_users

This module will log into the Web API of VMware and try to enumerate all the user accounts. If the VMware instance is connected to one or more domains, it will try to enumerate domain users as well.

msf > use auxiliary/scanner/vmware/vmware_enum_users
msf  auxiliary(vmware_enum_users) > show options

Module options (auxiliary/scanner/vmware/vmware_enum_users):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   PASSWORD  password         yes       The password to Authenticate with.
   Proxies                    no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS                     yes       The target address range or CIDR identifier
   RPORT     443              yes       The target port (TCP)
   SSL       true             no        Negotiate SSL/TLS for outgoing connections
   THREADS   1                yes       The number of concurrent threads
   USERNAME  root             yes       The username to Authenticate with.
   VHOST                      no        HTTP server virtual host

msf  auxiliary(vmware_enum_users) > 

Running this module will output a nice list of all the groups and users on the server.

msf  auxiliary(vmware_enum_users) > run

[+] Groups for server 192.168.1.52
==============================

 Name        Description
 ----        -----------
 daemon      
 localadmin  
 nfsnobody   
 nobody      
 root        
 tty         
 users       
 vimuser     

[+] Users for server 192.168.1.52
=============================

 Name        Description
 ----        -----------
 hacker      hacker
 daemon      daemon
 dcui        DCUI User
 nfsnobody   Anonymous NFS User
 nobody      Nobody
 root        Administrator
 vimuser     vimuser

[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf  auxiliary(vmware_enum_users) >