Atomic Honeypot: A MySQL Honeypot That Drops Shells
Free on SceneLog — log in or create an account to track it.
Overview
Discover a MySQL honeypot that "attacks the attackers." In 2023, we identified CVE-2023-21980, a vulnerability allowing a rogue MySQL server to execute RCE on a connecting client. In 2024, we found another RCE in mysqldump (CVE-2024-21096). We combined these with an arbitrary file read vulnerability to create a rogue MySQL server that uses a chain of three exploits: file read, 2023 RCE, and 2024 RCE. This atomic honeypot uncovered two new attack methods against MySQL, enabling us to analyze attackers' code and counter-attack effectively.
Comments
Be the first to comment.
Leave a comment
Your email won't be published. Comments are reviewed before they appear.