Before getting into the Attacking and Exploitation, it is recommended to know the difference between vSphere, vCenter and ESXI/ESX hosts. 

VMware vSphere: VMware vSphere is the name given for the comprehensive virtualization platform that includes multiple software products and tools for creating, managing, and running virtual machines (VMs) on a physical server. It provides features like resource management, high availability, and centralized management.

vCenter Server: vCenter Server is a key component of the vSphere platform. It serves as a centralized management system that enables administrators to control and monitor multiple ESXi hosts and VMs. It offers features like VMotion, Distributed Resource Scheduler (DRS), and centralized management of virtual infrastructure.

ESXi (VMware vSphere Hypervisor): ESXi is a bare-metal hypervisor, which is a type 1 hypervisor installed directly on the physical server hardware. It provides the foundation for running VMs by managing the physical resources of the host, such as CPU, memory, storage, and networking, while also supporting features like vMotion and High Availability (HA). ESXi hosts are like a normal vmware or virual box that we usually setup locally - it enables users to create VM's on demand. On the other hand, vCenter Server is a management console which has the capability to control/manage Multiple ESXi hosts at once. 

Reference Links 

1. Soap API Guide
2. Ports and Services
3. Vcenter Security Guide

Port 902 - VMWare Authentication Daemon

- It is possible to brute force credentials on Port 902 using metasploit 
- 902 Port is available only when remote access is required. 
- Uses Windows Domain Login Creds - unless local access is set. 
- Generally, this kind of service is not logged 
- Recommended to brute force 902 port instead of RDP or ssh when. 

#Bruteforcing 
msfconsole
use auxiliary/scanner/vmware/vmauthd_login 

#Access 
nc 10.10.10.10 902 
USER root
PASS toor