So further along the magic adventure of finding RCE holes in skid toys, I found another hole in another shitty piece of malware.
Totally-Not-A-Virus is a keylogger/screenshot thing/remote-command running magic bundle…
So I was looking at this amusing RAT named HydraPHP on Github, figuring it probably would have some bugs in the C&C. Its written in some godawful Visual Basic shite, and uses a PHP script to shuffle commands/data to and from the “Controller tool” and the implant.
So this is a fun, but short, one. I was playing about with the C&C server (written in PHP…) for a little remote admin tool called QuickShell, when I realized that it seemed like pwning it would be pretty easy — after all, it is PHP.