Stephen Bradshaw
Stephen Bradshaw
I performed the exact same steps using the newer and older revisions of poseidon mentioned above on the exact same hosts (e.g. the same Mythic server, the same Linux system...
FYI, I did a little bit more testing by running tcpdump on the Linux host running poseidon as well as the Mythic server while trying to proxy a connection to...
Ive lost access to the test environment I was using to reproduce this issue. Will see what I can do about creating a new one to try and test the...
Ive just retested this on a newly built Ubuntu 16.04.7 machine with poseidon [c63e0f5](https://github.com/MythicAgents/poseidon/commit/c63e0f590e7e7525298bbcb4d88b6acf7194c99e) and Mythic 2.3.13 and cant reproduce it - SOCKS is now working just fine. Not sure...
Id be happy to help further with this, e.g. with more intensive testing and/or code fixes/PR depending on what you need, however wont have the bandwidth to do so for...
Been looking at this myself, the code catching the `force_post` instructions sits inside an if statement that requires a proxy session token to be present in the request here https://github.com/kgretzky/evilginx2/blob/master/core/http_proxy.go#L658....
Hi dugdug36 Yes I suppose I could do that, might take me a little while to get around to it though. In the meantime, as it turns out, the XXE...
Blind XXE doesn't work very well in that particular example, as any invalid characters in the source file (e.g. a newline or carriage return) will kill processing before any request...
This will work, but as I said it's extremely finicky, and wont work if the target file has ANY characters not allowable in a URL - its so finicky that...
WRT the XXE injection issue, I might investigate if changing the app to use a different XML parser will allow this vulnerability to be exploited blind in a more realistic/usable...