SharpSphere gives red teamers the ability to easily interact with the guest operating systems of virtual machines managed by vCenter. It uses the vSphere Web Services API and exposes the following functions:
- Command & Control – In combination with F-Secure’s C3, SharpSphere provides C&C into VMs using VMware Tools, with no direct network connectivity to the target VM required.
- Code Execution – Allows arbitrary commands to be executed in the guest OS and returns the result
- File Upload – Allows arbitrary files to be uploaded to the guest OS
- File Download – Allows arbitrary files to be downloaded from the guest OS
- List VMs – Lists the VMs managed by vCenter that have VMware Tools running
- Dump Memory – Dump and download VM’s memory, then manually extract credentials from LSASS offline using WinDbg and Mimikatz (Guide)