You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: dloser/README.md
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,3 +4,8 @@ Old exploit I found on one of my old boxes that I put together for a demo. Bug w
4
4
This exploit has been shared around a fair bit in the past, and probably has seen some actual in the wild use, so figured it was time to kill it dead.
5
5
6
6
"callback.php" is the PentestMonkey reverse shell, stripped of some bits and such so that it works reliably. I can't find it currently but will upload it later. You are welcome to supply your own backconnect payload and alter the exploit appropriately.
7
+
8
+
Notes:
9
+
Originally committed in 2017 to this repo, some minor fixes in 2020 on a whim (replaced "requesocks" with "requests", removed Tor dependency).
10
+
Bug was found... Sometime around 2013 or so? Maybe a bit earlier? I can't be sure. Turns out theres a bug collission and someone else had also found it in 2012! - http://roberto.greyhats.it/advisories/20120208-dlink-rce.txt
11
+
Bug seems to have been used ITW to create a botnet by some weaboo - https://www.zdnet.com/article/for-8-years-a-hacker-operated-a-massive-iot-botnet-just-to-download-anime-videos/
0 commit comments