The purpose of this post is to explain the TORQUE vulnerability I recently created a proof of concept for. Since the proof of concept was just a simple stub, I feel the mechanics behind the exploit should be described as well. Torque To be completely honest, I have never used TORQUE before attempting to exploit it. I was looking for a vague CVE to proof of concept, and this one did not appear to obscure CVE-2014-0749.
This year at RSAC 2014, Stuart McClure and myself did a talk titled Hacking Exposed: Art of Deterrence. During this talk, we announced various botnet vulnerabilities which had not been previously disclosed and some that had been. Here I will document some of them. Dexter Dexter, the POS malware was the botnet in the primary focus of the talk. There were 2 exploits released prior to RSAC, with slightly different objectives.