SceneLog
Atomic Honeypot: A MySQL Honeypot That Drops Shells

Atomic Honeypot: A MySQL Honeypot That Drops Shells

S32 · E10 August 9, 2024

Free on SceneLog — log in or create an account to track it.

Overview

Discover a MySQL honeypot that "attacks the attackers." In 2023, we identified CVE-2023-21980, a vulnerability allowing a rogue MySQL server to execute RCE on a connecting client. In 2024, we found another RCE in mysqldump (CVE-2024-21096). We combined these with an arbitrary file read vulnerability to create a rogue MySQL server that uses a chain of three exploits: file read, 2023 RCE, and 2024 RCE. This atomic honeypot uncovered two new attack methods against MySQL, enabling us to analyze attackers' code and counter-attack effectively.

Comments

Be the first to comment.

Leave a comment

Your email won't be published. Comments are reviewed before they appear.