spring4shell Capture File
source link: https://blog.didierstevens.com/2022/03/31/spring4shell-capture-file/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Thursday 31 March 2022
spring4shell Capture File
If you are interested, I’ve put a spring4shell exploit capture file on my GitHub.
It might trigger your AV, like Defender (Defender triggers on the webshell code).
First HTTP request in the capture file, is just a test query.
Second HTTP request is the exploit that drops a webshell.
Third HTTP request is using that webshell.
Figure 1: just a test request
Figure 2: exploit dropping a webshell
Figure 3: using the webshell
Related
Quickpost: /JBIG2Decode Trigger TrioWednesday 4 March 2009In "Malware"
bpmtk: Spying on IEWednesday 19 March 2008In "Hacking"
Quickpost: “ProxyLogon PoC” Capture FileFriday 12 March 2021In "Forensics"
Leave a Comment »
No comments yet.
RSS feed for comments on this post. TrackBack URI
Leave a Reply (comments are moderated)
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK