blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob
Preview meta tags from the blog.chebuya.com website.
Linked Hostnames
9- 3 links togithub.com
- 1 link toaceresponder.com
- 1 link toblog.chebuya.com
- 1 link toblog.doyensec.com
- 1 link tohackerone.com
- 1 link topacketstormsecurity.com
- 1 link tosamy.blog
- 1 link totwitter.com
Search Engine Appearance
Unauthenticated RCE on a BYOB via arbitrary file write (CVE-2024-45256)
PoC: https://github.com/chebuya/exploits/tree/main/BYOB-RCE Your browser does not support the video tag. Summary BYOB (Build Your Own Botnet) is an open-source post-exploitation framework for students, researchers and developers with support for Linux, Windows and OSX systems. With approximately 9,000 stars, it ranks among the most popular post exploitation frameworks on GitHub. While auditing the codebase, I was able to discover an unauthenticated arbitrary file write in an exfiltration endpoint allowing attackers to overwrite the sqlite database on disk and bypass authentication. With authenticated access to the botnet panel, I discovered a command injection in the payload generation page. By chaining these vulnerabilities, remote unauthenticated attackers are able to take full control over the botnet server.
Bing
Unauthenticated RCE on a BYOB via arbitrary file write (CVE-2024-45256)
PoC: https://github.com/chebuya/exploits/tree/main/BYOB-RCE Your browser does not support the video tag. Summary BYOB (Build Your Own Botnet) is an open-source post-exploitation framework for students, researchers and developers with support for Linux, Windows and OSX systems. With approximately 9,000 stars, it ranks among the most popular post exploitation frameworks on GitHub. While auditing the codebase, I was able to discover an unauthenticated arbitrary file write in an exfiltration endpoint allowing attackers to overwrite the sqlite database on disk and bypass authentication. With authenticated access to the botnet panel, I discovered a command injection in the payload generation page. By chaining these vulnerabilities, remote unauthenticated attackers are able to take full control over the botnet server.
DuckDuckGo
Unauthenticated RCE on a BYOB via arbitrary file write (CVE-2024-45256)
PoC: https://github.com/chebuya/exploits/tree/main/BYOB-RCE Your browser does not support the video tag. Summary BYOB (Build Your Own Botnet) is an open-source post-exploitation framework for students, researchers and developers with support for Linux, Windows and OSX systems. With approximately 9,000 stars, it ranks among the most popular post exploitation frameworks on GitHub. While auditing the codebase, I was able to discover an unauthenticated arbitrary file write in an exfiltration endpoint allowing attackers to overwrite the sqlite database on disk and bypass authentication. With authenticated access to the botnet panel, I discovered a command injection in the payload generation page. By chaining these vulnerabilities, remote unauthenticated attackers are able to take full control over the botnet server.
General Meta Tags
15- titleUnauthenticated RCE on a BYOB via arbitrary file write (CVE-2024-45256) //
- titleExploit-DB
- titleHackerOne
- titleGitHub
- titleTwitter
Open Graph Meta Tags
5- og:urlhttps://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob/
- og:titleUnauthenticated RCE on a BYOB via arbitrary file write (CVE-2024-45256)
- og:descriptionPoC: https://github.com/chebuya/exploits/tree/main/BYOB-RCE Your browser does not support the video tag. Summary BYOB (Build Your Own Botnet) is an open-source post-exploitation framework for students, researchers and developers with support for Linux, Windows and OSX systems. With approximately 9,000 stars, it ranks among the most popular post exploitation frameworks on GitHub. While auditing the codebase, I was able to discover an unauthenticated arbitrary file write in an exfiltration endpoint allowing attackers to overwrite the sqlite database on disk and bypass authentication. With authenticated access to the botnet panel, I discovered a command injection in the payload generation page. By chaining these vulnerabilities, remote unauthenticated attackers are able to take full control over the botnet server.
og:localeen_us- og:typearticle
Twitter Meta Tags
3- twitter:cardsummary
- twitter:titleUnauthenticated RCE on a BYOB via arbitrary file write (CVE-2024-45256)
- twitter:descriptionPoC: https://github.com/chebuya/exploits/tree/main/BYOB-RCE Your browser does not support the video tag. Summary BYOB (Build Your Own Botnet) is an open-source post-exploitation framework for students, researchers and developers with support for Linux, Windows and OSX systems. With approximately 9,000 stars, it ranks among the most popular post exploitation frameworks on GitHub. While auditing the codebase, I was able to discover an unauthenticated arbitrary file write in an exfiltration endpoint allowing attackers to overwrite the sqlite database on disk and bypass authentication. With authenticated access to the botnet panel, I discovered a command injection in the payload generation page. By chaining these vulnerabilities, remote unauthenticated attackers are able to take full control over the botnet server.
Link Tags
2- shortcut icon/favicon.ico
- stylesheet/css/main.min.ee73fb576303200d41c6bc20372653bfc6bc0ab470858ebbb72d7f322f4708b7.css
Links
11- https://aceresponder.com/blog/exploiting-empire-c2-framework
- https://blog.chebuya.com
- https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html
- https://github.com/chebuya
- https://github.com/chebuya/exploits/tree/main/BYOB-RCE