Shadowsocks Log Manipulation / Command Execution

Posted by deepcore on October 15, 2017 – 2:33 pm

Several issues have been identified, which allow attackers to manipulate log files, execute commands and to brute force Shadowsocks with enabled autoban.py brute force detection. Brute force detection from autoban.py does not work with suggested tail command. The key of captured Shadowsocks traffic can be brute forced. The latest commit 2ab8c6b on Sep 6, 2017 is affected.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Shadowsocks-libev 3.1.0 Command Execution AlienVault USM 5.4.2 Cross Site Request Forgery »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Shadowsocks Log Manipulation / Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL