The purpose of this post is to explain the TORQUE vulnerability I recently created a proof of concept for. Since the proof of concept was just a simple stub, I feel the mechanics behind the exploit should be described as well. Torque To be completely honest, I have never used TORQUE before attempting to exploit it. I was looking for a vague CVE to proof of concept, and this one did not appear to obscure CVE-2014-0749.
During my talk at RSAC 2014, we announced multiple botnet vulnerabilities which had been discovered. The following vulnerability is one of them. Herpes Net is botnet with a wide range of functions, with everything from opening the CD tray to mining bitcoins (via plugins). With a vulnerability in the command and control panel, we can get information on the botnet operator. When this vulnerability was discovered by myself, I had thought it was a rediscovery of a vulnerability discovered by malware.lu.
In a recent search through some underground communities, I came across the source code to a version of the MultiLocker panel. With ransomware, the security industry is always looking for a good way to resolve the issue without the ransom being paid. This could potentially be done by gathering information from the botnet’s panel. While there are likely other vulnerabilities, this one stood out after a quick grep of the code.
This year at RSAC 2014, Stuart McClure and myself did a talk titled Hacking Exposed: Art of Deterrence. During this talk, we announced various botnet vulnerabilities which had not been previously disclosed and some that had been. Here I will document some of them. Dexter Dexter, the POS malware was the botnet in the primary focus of the talk. There were 2 exploits released prior to RSAC, with slightly different objectives.