Yesterday, Moxa published an advisory regarding multiple vulnerabilities in their MXSecurity product. Among the issues fixed in the updates the advisory talks about, is a vulnerability I discovered - CVE-2023-39982.
First, before I
Note: this is the "main" blogpost for the talk I am giving at BSides Basingstoke 2023. It spawned a dozen or so other blog posts, some of which have yet to be published.
Editors Note: This post spawned the related "You should be using PSC" and related PSC posts, stuff got out of order in the scheduling process as the SPAxxx Exploitation project developed. Oh well.
This is one "blog post" in a series of blog posts about developing an exploit, and post-exploitation toolkit, for a number of Cisco devices. These are notes written while solving the problems, so
PortShellCrypter offers up a scripting socket, and a simple utility (pscsh) that allows executing shell scripts on the remote end.
pscsh basically enables you to write a shell script, and have it be