OpenSSL Engines for Linux Persistence

So a while back I read a blog post about using OpenSSL engines on Windows as part of a local privesc exploit against a certain VPN client. This got me thinking. If every time the OpenSSL library is called, an engine gets loaded, that seems like a fairly decent place to persist a process. So …

PHP Webshells, vBulletin, and Equifax Mode

This is just a quick post about some of the stuff behind an exploit I wrote for CVE-2020-7373. If you want to know more about the vulnerability itself, I’d suggest reading this blog post by zenofex. Effectively the vulnerability gives us a method of executing arbitrary PHP code on a vulnerable vBulletin installation. When I …

Basic Programming: File Uploads using Python-Requests

So uploading files is something I figured I should cover first, before discussing the “streaming files” stuff later. In the requests library, there is a pretty simple way to manage uploading files. I’ll cover some examples here, which are probably the ways I end up doing it most often. In all of these examples, we …

AliumTerm: Reverse Shells over Tor, Part 1. Basics.

Before I begin, this project (which will unfold over a few blog posts) probably has no real application to “authorized intrusion activities” (red teaming, penetration testing, etc), and its release has largely been motivated by a desire to show how various problems were identified and overcome along the way. Kind of a “showing the work”. …