Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 6 June 2018
  • Workshops will be held on 5 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here.
Back To Schedule
Wednesday, June 6 • 14:45 - 15:15
Circumventing egress filtering by exploiting HTTP “transfer-encoding: chunked” for faster web shells

Log in to save this to your schedule, view media, leave feedback and see who's attending!

During a red team engagement we breached a web server that only allowed HTTP inbound and no outbound connections. While able to upload web shells, reverse shells were unable to establish a connection back to us and as all ports were firewalled, bind shells were not an option. Furthermore, the only existing tool we were aware of TUNNA proved to be too slow for practical
exploitation. In this talk we'll introduce ChunkyTuna, a web shell which allowed us to pivot through the compromised server and reach further into the target network. ChunkyTuna began as a reengineering of TUNNA which utilizes the "transfer-encoding: chunked" HTTP mechanism rather than a constant poll loop with request/response pairs. In effect ChunkyTuna piggybacks an existing HTTP connection to offer near direct access to either the STDIO streams of an arbitrary process or the IO streams of an arbitrary TCP port, in a manner similar to the streaming of a media file with unknown content-length.

avatar for Lorenzo Grespan

Lorenzo Grespan

Secarma Ltd.
I’m a computer scientist turned penetration tester; I’ve been a systems administrator, a developer and a project manager in medical robotics as well as researcher in computational neuroscience and evolutionary and adaptive systems. I like to solve interesting problems.

Wednesday June 6, 2018 14:45 - 15:15 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD