Didier Stevens

Thursday 31 March 2022

spring4shell Capture File

Filed under: Networking,Vulnerabilities — Didier Stevens @ 19:13

If you are interested, I’ve put a spring4shell exploit capture file on my GitHub.

It might trigger your AV, like Defender (Defender triggers on the webshell code).

First HTTP request in the capture file, is just a test query.

Second HTTP request is the exploit that drops a webshell.

Third HTTP request is using that webshell.

Figure 1: just a test request
Figure 2: exploit dropping a webshell
Figure 3: using the webshell

Wednesday 30 March 2022

New Tool: xlsbdump.py

Filed under: My Software — Didier Stevens @ 0:00

This is a new tool to parse XLSB files.

It is still in beta.

Tuesday 29 March 2022

Update: oledump.py Version 0.0.64

Filed under: My Software,Update — Didier Stevens @ 7:22

This new version of oledump brings option -u. This option is used to look for data past the end of the streams.

oledump_V0_0_64.zip (http)
MD5: D2FE33398A2BA85A760518972C0207D3
SHA256: C44F11D31CDCFDE0E7207363A9F35ED07A98A69A4A4228A8CA49292BA8EE9683

Saturday 5 March 2022

Overview of Content Published in February

Filed under: Announcement — Didier Stevens @ 14:15
Here is an overview of content I published in February:

Blog posts: YouTube videos: SANS ISC Diary entries:

Blog at WordPress.com.