I hereby claim:
- I am fmunozs on github.
- I am bef0rd (https://keybase.io/bef0rd) on keybase.
- I have a public key whose fingerprint is 3D03 3279 9B23 C562 3C6F 7383 BB0C AB84 4A77 D063
To claim this, I am signing this object:
$ ./zsh -c 'a="a=n++";((a))' | |
================================================================= | |
==13566==ERROR: AddressSanitizer: heap-use-after-free on address 0xb61056d5 at pc 0x08205bb8 bp 0xbfffe1c8 sp 0xbfffe1bc | |
READ of size 1 at 0xb61056d5 thread T0 | |
#0 0x8205bb7 in matheval (/root/fuzzshell/zsh+0x8205bb7) | |
#1 0x8270cd4 in getnumvalue (/root/fuzzshell/zsh+0x8270cd4) | |
#2 0x82050ca (/root/fuzzshell/zsh+0x82050ca) | |
#3 0x82059f0 in matheval (/root/fuzzshell/zsh+0x82059f0) |
## Debian mksh version | |
user@deb64:~/mksh/mksh$ mksh | |
$ echo $KSH_VERSION | |
@(#)MIRBSD KSH R59 2021/07/10 | |
user@deb64:~/mksh/mksh$ mksh < file | |
mksh: no closing quote | |
Segmentation fault | |
## mksh from master |
# mksh -c 'echo ${0/}' | |
Segmentation fault | |
(gdb) run -c 'echo ${0/}' | |
Starting program: /root/fuzzshell/mksh -c 'echo ${0/}' | |
Program received signal SIGSEGV, Segmentation fault. | |
0x0804ba3c in findptr (ap=0x201b60, ptr=0x8201a7c "/root/fuzzshell/mksh", lpp=<synthetic pointer>) at ../../lalloc.c:59 | |
59 while (ap->next != lp) | |
(gdb) bt |
OpenSSL Null pointer Dereference | |
================================= | |
I *think* anything below 1.0.2 is affected. I didn't have time to report it | |
but noticed that the last update doesn't crash anymore, so I guess one of | |
the recently fixed CVE's fixed this too [1]. | |
[1] https://www.openssl.org/news/secadv_20150319.txt | |
(old) Openssl on OSX | |
==================== |
#!/usr/bin/python | |
# -*- coding: utf-8 -*- | |
# simple script to open all urls found in a new email | |
# useful to automate client side exploits on a pentesting lab | |
# author: fmunozs http://github.com/fmunozs | |
import os | |
import sys | |
import imaplib |
I hereby claim:
To claim this, I am signing this object:
$ mksh -c 'echo 1111111111111111111111111111111111111>1' | |
Segmentation fault (core dumped) | |
$ gdb mksh | |
GNU gdb (GDB) 7.8 | |
Copyright (C) 2014 Free Software Foundation, Inc. | |
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> | |
This is free software: you are free to change and redistribute it. | |
There is NO WARRANTY, to the extent permitted by law. Type "show copying" | |
and "show warranty" for details. |
var http = require('http'); | |
var https = require('https'); | |
var get = require('get'); | |
var fs = require('fs'); | |
var hustlers = []; | |
var bounties = []; | |
/* |