vulnerability | RobWillis.info / #yolosec Fri, 09 May 2025 08:11:20 +0000 en-US hourly 1 https://wordpress.org/?v=6.9 VMware vCenter CVE-2021-21972 Scanner /2021/02/vmware-vcenter-cve-2021-21972-scan-tool/ Sat, 27 Feb 2021 10:31:52 +0000 /?p=5318 In this post, I am releasing a PowerShell POC script that will scan the specified target hosts and attempt to detect those that are vulnerable to VMware vCenter CVE-2021-21972. You can find the script, Invoke-CVE-2021-21972-Scan.ps1, on my github here: https://github.com/robwillisinfo/VMware_vCenter_CVE-2021-21972 The script executes in the following order: Create a log file, default log name is […]

The post VMware vCenter CVE-2021-21972 Scanner first appeared on RobWillis.info.]]> Apache Struts CVE-2018-11776 – Testing, Analyzing, & Detection /2018/08/apache-struts-cve-2018-11776-testing-analyzing-detection/ Fri, 31 Aug 2018 13:49:06 +0000 /?p=3843 Intro Any time a new Apache Struts vulnerability comes out it should be taken pretty seriously as there are many “mission critical” systems that are leveraging the framework, with a considerable amount of them being public facing. Unfortunately, as a former Sys Ad I can tell you that many of these systems will go on […]

The post Apache Struts CVE-2018-11776 – Testing, Analyzing, & Detection first appeared on RobWillis.info.]]> Exploiting Apache Struts – CVE-2017-9805 /2017/09/exploiting-apache-struts-cve-2017-9805/ Sat, 16 Sep 2017 03:53:16 +0000 /?p=3255 CVE-2017-9805 is yet another very legitimate vulnerability in the Apache Struts framework. In the video, I demonstrate how easy it is to run a simple public python script against a vulnerable remote server, ultimately resulting in a reverse shell back to the attacker. In this post, I will cover all the steps shown in the […]

The post Exploiting Apache Struts – CVE-2017-9805 first appeared on RobWillis.info.]]> IIS 7/7.5 Hardening SSL TLS – Windows Server 2008 R2 /2013/09/iis-77-5-hardening-ssl-tls-windows-server-2008-r2/ Sat, 21 Sep 2013 00:40:52 +0000 /?p=2098      One of the first steps you should do when deploying a new public facing web server is hardening your server’s SSL/TLS connections. Disabling vulnerable protocols, ciphers, hashes and key exchange algorithms can help mitigate the now more common exploits like the BEAST attack. By default many weaker technologies are enabled, leaving IIS traffic vulnerable and […]

The post IIS 7/7.5 Hardening SSL TLS – Windows Server 2008 R2 first appeared on RobWillis.info.]]>