Skip to content
/ CVE-2023-27532-RCE-Only Public
forked from Yeeb1/CVE-2023-27532-RCE-Only

Modified Exploit for CVE-2023-27532 against Veeam Backup & Replication

0 stars 21 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

D3STY/CVE-2023-27532-RCE-Only

BranchesTags
 
 

Repository files navigation

Forked Version (RCE Only)

Forked repository and removed the credential leak part. Applied fixes for compilation.

CVE-2023-27532

Proof of Concept code to exploit CVE-2023-27532 and either leak plaintext credentials or perform remote command execution.

Overview

For a detailed analysis of the vulnerability and exploitation please read the Rapid7 AttackerKB Analysis.

Building

Open in Visual Studio. Since the Liberis Veeam.Backup.Common.dll, Veeam.Backup.Interaction.MountService.dll, and Veeam.Backup.Model.dll are included in the project, they do not need to be concerned about.

Usage

Leak the plaintext credentials from the remote server.

> VeeamHax.exe --target 192.168.0.100

VeeamHax1

Run an arbitrary command with local system privileges on the remote server.

> VeeamHax.exe --target 192.168.0.100 --cmd calc.exe

VeeamHax2

VeeamHax3

Credits

Previous research into this vulnerability was performed by:

About

Modified Exploit for CVE-2023-27532 against Veeam Backup & Replication

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

VeeamHax-RCE Latest
Jan 26, 2024

Packages

No packages published

Languages

  • C# 100.0%