$ go run CVE-2021-38647.go -h
USAGE: go run CVE-2021-38647.go [FLAGS]
-c string
Command to run.
-p int
Remote WSMan port. (default 5986)
-t string
IP address of the vulnerable server.
To build docker container:
docker build -t "microsoft/omi" .
To run docker container:
docker run --name omi_poc -p 5985:5985 -p 5986:5986 microsoft/omi
To stop docker container:
docker stop omi_poc
To connect into docker container:
docker exec -it omi_poc /bin/bash
- https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
- https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
- https://github.com/microsoft/omi
- https://twitter.com/GossiTheDog/status/1437896101756030982
- https://msrc-blog.microsoft.com/2021/09/16/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
- https://rootsecdev.medium.com/creating-your-own-private-pwn-lab-for-omi-exploitation-b6919fc63956
- https://attackerkb.com/topics/08O94gYdF1/cve-2021-38647