Baldr Botnet Panel Shell Upload

Posted by deepcore on July 30, 2020 – 2:28 am

This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [webapps] Online Shopping Alphaware 1.0 – Authentication Bypass WordPress Maintenance Mode By SeedProd 5.1.1 Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Baldr Botnet Panel Shell Upload

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL