Trojan under the .NET platform remains unchanged for a hundred years (22nd Jul 2020)

Preface: SharePoint will simply not use Framework versions for which they do not apply. For example, SharePoint 2010 uses .NET 2.0. If you install .NET 4, it will remain unused by SharePoint 2010. SharePoint 2019 uses .NET 4.7 and any lower version will simply not be used.

Background: Using Microsoft sharepoint as CRM, or external protal are popular setup past few years. SharePoint is a web-based platform built atop an ASP.NET framework. It is favored by many companies because the interface can be fully integrated with Microsoft Office.
Remark: SharePoint Server includes a set of web parts that users can add to pages after installing the product. If an organization needs custom web parts, a developer can write custom ASP.NET web parts and install them.

Design weakness: For .NET platform applications. By default, the executable string “Response.Write” after connection establish. Because the code-behind modules are compiled first, all of the output that is generated by Response.Write, Response.WriteFile, or inline server-side <SCRIPT> tags appears before any HTML tags when the HTML output is sent to the browser. Coincidentally, the chopper’s technique have way to conduct the attack to .NET Framework ASP.NET app.

Current status: The cyber criminals will be targeted insecure default configurations in common web servers. General speaking, they used their initial unauthorized access to place malicious web shell programs and credential-stealing software on victim networks, which allowed them to remotely execute commands on victim computers and related entities.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.