SMB Client

Last updated 2 years ago

SMB Client

I'll check the smbclient since those ports are open.

smbclient -L [Target IP]

Hit enter when asked for a password.

It looks like there are quite a few available shares. Let's try asking them.

smbclient //[Target URL]/[Sharename]

print$ doesn't allow access.
tmp does and has a lot of files to check out.

I downloaded the .X0-lock file and the vgauthsvclog.txt.0 since they were the only ones to have data.
.X0-lock --> Empty
vgauthsvclog.txt.0 -->

vgauthsvclog is a log file that is associated with VMware software. Specifically, it is related to the VMware Horizon View Authentication service, which is a component of VMware Horizon View. This service provides authentication and authorization services for Horizon View, which is a virtual desktop infrastructure (VDI) solution that allows users to access their desktops and applications from any device. The vgauthsvclog file contains logs of the Horizon View Authentication service's activities, including information about user logins, authentication attempts, and errors. The log file can be useful for troubleshooting issues with the authentication service or diagnosing problems with the VDI environment. The location of the vgauthsvclog file may vary depending on the operating system and configuration of the Horizon View environment. However, it is typically located in the log directory of the Horizon View Authentication service, which is installed on the server that hosts the service.

[Apr 25 04:44:45.235] [ message] [VGAuthService] VGAuthService 'build-4448496' logging at level 'normal'
[Apr 25 04:44:45.235] [ message] [VGAuthService] Pref_LogAllEntries: 1 preference groups in file '/etc/vmware-tools/vgauth.conf'
[Apr 25 04:44:45.235] [ message] [VGAuthService] Group 'service'
[Apr 25 04:44:45.235] [ message] [VGAuthService]         samlSchemaDir=/usr/lib/vmware-vgauth/schemas
[Apr 25 04:44:45.235] [ message] [VGAuthService] Pref_LogAllEntries: End of preferences
[Apr 25 04:44:45.295] [ message] [VGAuthService] VGAuthService 'build-4448496' logging at level 'normal'
[Apr 25 04:44:45.295] [ message] [VGAuthService] Pref_LogAllEntries: 1 preference groups in file '/etc/vmware-tools/vgauth.conf'
[Apr 25 04:44:45.295] [ message] [VGAuthService] Group 'service'
[Apr 25 04:44:45.295] [ message] [VGAuthService]         samlSchemaDir=/usr/lib/vmware-vgauth/schemas
[Apr 25 04:44:45.295] [ message] [VGAuthService] Pref_LogAllEntries: End of preferences
[Apr 25 04:44:45.295] [ message] [VGAuthService] Cannot load message catalog for domain 'VGAuthService', language 'C', catalog dir '.'.
[Apr 25 04:44:45.295] [ message] [VGAuthService] INIT SERVICE
[Apr 25 04:44:45.295] [ message] [VGAuthService] Using '/var/lib/vmware/VGAuth/aliasStore' for alias store root directory
[Apr 25 04:44:45.325] [ message] [VGAuthService] SAMLCreateAndPopulateGrammarPool: Using '/usr/lib/vmware-vgauth/schemas' for SAML schemas
[Apr 25 04:44:45.353] [ message] [VGAuthService] SAML_Init: Allowing 300 of clock skew for SAML date validation
[Apr 25 04:44:45.353] [ message] [VGAuthService] BEGIN SERVICE

Looks like there may be a misconfiguration with the /etc/vmware-tools/vgauth.conf file.
I didn't find anything else or have access to anything else :(

PreviousSSH NextExploitation

Last updated 2 years ago

I'll check the smbclient since those ports are open.

smbclient -L [Target IP]

Hit enter when asked for a password.

It looks like there are quite a few available shares. Let's try asking them.

smbclient //[Target URL]/[Sharename]

print$ doesn't allow access.
tmp does and has a lot of files to check out.

I downloaded the .X0-lock file and the vgauthsvclog.txt.0 since they were the only ones to have data.
.X0-lock --> Empty
vgauthsvclog.txt.0 -->

vgauthsvclog is a log file that is associated with VMware software. Specifically, it is related to the VMware Horizon View Authentication service, which is a component of VMware Horizon View. This service provides authentication and authorization services for Horizon View, which is a virtual desktop infrastructure (VDI) solution that allows users to access their desktops and applications from any device. The vgauthsvclog file contains logs of the Horizon View Authentication service's activities, including information about user logins, authentication attempts, and errors. The log file can be useful for troubleshooting issues with the authentication service or diagnosing problems with the VDI environment. The location of the vgauthsvclog file may vary depending on the operating system and configuration of the Horizon View environment. However, it is typically located in the log directory of the Horizon View Authentication service, which is installed on the server that hosts the service.

[Apr 25 04:44:45.235] [ message] [VGAuthService] VGAuthService 'build-4448496' logging at level 'normal'
[Apr 25 04:44:45.235] [ message] [VGAuthService] Pref_LogAllEntries: 1 preference groups in file '/etc/vmware-tools/vgauth.conf'
[Apr 25 04:44:45.235] [ message] [VGAuthService] Group 'service'
[Apr 25 04:44:45.235] [ message] [VGAuthService]         samlSchemaDir=/usr/lib/vmware-vgauth/schemas
[Apr 25 04:44:45.235] [ message] [VGAuthService] Pref_LogAllEntries: End of preferences
[Apr 25 04:44:45.295] [ message] [VGAuthService] VGAuthService 'build-4448496' logging at level 'normal'
[Apr 25 04:44:45.295] [ message] [VGAuthService] Pref_LogAllEntries: 1 preference groups in file '/etc/vmware-tools/vgauth.conf'
[Apr 25 04:44:45.295] [ message] [VGAuthService] Group 'service'
[Apr 25 04:44:45.295] [ message] [VGAuthService]         samlSchemaDir=/usr/lib/vmware-vgauth/schemas
[Apr 25 04:44:45.295] [ message] [VGAuthService] Pref_LogAllEntries: End of preferences
[Apr 25 04:44:45.295] [ message] [VGAuthService] Cannot load message catalog for domain 'VGAuthService', language 'C', catalog dir '.'.
[Apr 25 04:44:45.295] [ message] [VGAuthService] INIT SERVICE
[Apr 25 04:44:45.295] [ message] [VGAuthService] Using '/var/lib/vmware/VGAuth/aliasStore' for alias store root directory
[Apr 25 04:44:45.325] [ message] [VGAuthService] SAMLCreateAndPopulateGrammarPool: Using '/usr/lib/vmware-vgauth/schemas' for SAML schemas
[Apr 25 04:44:45.353] [ message] [VGAuthService] SAML_Init: Allowing 300 of clock skew for SAML date validation
[Apr 25 04:44:45.353] [ message] [VGAuthService] BEGIN SERVICE

Looks like there may be a misconfiguration with the /etc/vmware-tools/vgauth.conf file.
I didn't find anything else or have access to anything else :(