PHP Webshells, vBulletin, and Equifax Mode

This is just a quick post about some of the stuff behind an exploit I wrote for CVE-2020-7373. If you want to know more about the vulnerability itself, I’d suggest reading this blog post by zenofex. Effectively the vulnerability gives us a method of executing arbitrary PHP code on a vulnerable vBulletin installation. When I …

Detecting SSH Honeypots with non-persistent filesystems.

A lot has been written on the topic of detecting SSH honeypots in the past, usually using their canned responses against them, SSH protocol quirks, them accepting every password, etc. While experimenting with honeypots based on Docker and suchlike, which spin up a new container for each attacker that logs in, which can be a …

AliumTerm: Reverse Shells over Tor, Part 2. The PTY.

In this post, we will upgrade our listener to give us a PTY, and write a simple enough python implant to send us back our shells. We will also discuss the problem of adding dependencies to our script, and I’ll show the absolutely hideous solution I came up with. A reasonably short entry, as spawning …

Basic Programming: File Uploads using Python-Requests

So uploading files is something I figured I should cover first, before discussing the “streaming files” stuff later. In the requests library, there is a pretty simple way to manage uploading files. I’ll cover some examples here, which are probably the ways I end up doing it most often. In all of these examples, we …