VisualDoor: SonicWall SSL-VPN Exploit

I’ve been sitting on this one for quite a while now, and figured what with SonicWall back in the news for getting owned via some 0days in their own shit products, it would be somewhat amusing to release this. I’m fairly sure its patched by now. Anyway, its lockdown 3.0 so you should stay inside …

AliumTerm: Reverse Shells over Tor, Part 2. The PTY.

In this post, we will upgrade our listener to give us a PTY, and write a simple enough python implant to send us back our shells. We will also discuss the problem of adding dependencies to our script, and I’ll show the absolutely hideous solution I came up with. A reasonably short entry, as spawning …

Reverse SSL Shells with stunnel.

Just a quick post, something I came across today, and after a bit of experimenting, got working. In this post I’ll show you a neat “living off the land” trick, using the “stunnel” utility as a “backdoor” of sorts, delivering you a reverse shell over SSL to a socat listener. Even better – you can …

AliumTerm: Reverse Shells over Tor, Part 1. Basics.

Before I begin, this project (which will unfold over a few blog posts) probably has no real application to “authorized intrusion activities” (red teaming, penetration testing, etc), and its release has largely been motivated by a desire to show how various problems were identified and overcome along the way. Kind of a “showing the work”. …