What is one method to obtain the data.mdb file without direct local administrator access to a running vCenter?
An attacker can obtain the data.mdb file from vCenter backup files. If backup files are leaked or accessible, the same extraction technique can be used to retrieve the IdP certificate and SAML token, leading to administrator access to the VCSA management panel.
---
**Related reading:**
- vSphere Development Guide 6 - vCenter SAML Certificates — original article
- Covenant Utilization Analysis
- ADAudit Plus Exploitation Analysis — Data Encryption Analysis
- Domain Penetration - Executing Programs on Remote Systems Using DCOM
---
**Related reading:**
- vSphere Development Guide 6 - vCenter SAML Certificates — original article
- Covenant Utilization Analysis
- ADAudit Plus Exploitation Analysis — Data Encryption Analysis
- Domain Penetration - Executing Programs on Remote Systems Using DCOM
data.mdbvCenter backupSAML tokenVCSA