Skip to content

Instantly share code, notes, and snippets.

hfiref0x

Block or report user

Report or block hfiref0x

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@hfiref0x
hfiref0x / akagi_58a.c
Created Oct 23, 2019
UAC bypass using EditionUpgradeManager COM interface
View akagi_58a.c
typedef interface IEditionUpgradeManager IEditionUpgradeManager;
typedef struct IEditionUpgradeManagerVtbl {
BEGIN_INTERFACE
HRESULT(STDMETHODCALLTYPE *QueryInterface)(
__RPC__in IEditionUpgradeManager * This,
__RPC__in REFIID riid,
@hfiref0x
hfiref0x / log.txt
Created Feb 5, 2019
CMake (6e91f5d6204e650c808b6585074faa248ee6e6a9)
View log.txt
/Build/cmake/Source/kwsys/ProcessUNIX.c 378 err V595 The 'cp->Commands' pointer was utilized before it was verified against nullptr. Check lines: 378, 381.
/Build/cmake/Source/kwsys/Terminal.c 62 warn V560 A part of conditional expression is always true: !pipeIsConsole.
/Build/cmake/Source/kwsys/System.c 31 err V1028 Possible overflow. Consider casting operands of the '* size * 2' operator to the 'size_t' type, not the result.
/Build/cmake/Source/cmsys/RegularExpression.hxx 409 warn V730 Not all members of a class are initialized inside the constructor. Consider inspecting: regstart, reganch, regmust, regmlen, progsize.
/Build/cmake/Source/kwsys/RegularExpression.cxx 260 err V536 Be advised that the utilized constant value is represented by an octal form. Oct: 0234, Dec: 156.
/Build/cmake/Source/kwsys/SystemTools.cxx 851 warn V769 The 'orig' pointer in the 'searchPos - src + orig' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 851, 849.
/Bu
@hfiref0x
hfiref0x / log.txt
Created Feb 4, 2019
Mimikatz (fe6a853ec3e7ff50d79dd608dbed5e05cfab3322)
View log.txt
This file has been truncated, but you can view the full file.
mimikatz\mimikatz\mimikatz.c (182): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: '(match + 2 - argv[0])'.
mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi.c (424): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: '(wcslen(convertedSid) + 1)'.
mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi.c (397): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(szPassword)'.
mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi_oe.c (135): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(entry->data.sid)'.
mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi_oe.c (142): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(password)'.
View log.txt
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 143 err V576 Incorrect format. Consider checking the third actual argument of the 'sprintf' function. The memsize type argument is expected.
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. A pointer to the signed long type is expected.
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the second actual argument of the 'printf' function. The memsize type argument is expected.
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the third actual argument of the 'printf' function. The memsize type argument is expected.
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 147 err V576 Incorrect format. Consider checking the third actual argument of the 'sprintf' function. The memsize type argument is expected.
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 1
View log.txt
/Build/ffmpeg/libavdevice/fbdev_common.c 128 warn V547 Expression 'fd >= 0' is always true.
/Build/ffmpeg/libavdevice/sndio.c 106 warn V547 Expression 'hdl' is always true.
/Build/ffmpeg/libavdevice/xcbgrab.c 637 warn V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. It's dangerous to use string specifier without width specification. Buffer overflow is possible.
/Build/ffmpeg/libavfilter/af_acrossover.c 191 warn V614 Potentially uninitialized variable 'q' used. Consider checking the third actual argument of the 'set_lp' function.
/Build/ffmpeg/libavfilter/af_aecho.c 227 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself.
/Build/ffmpeg/libavfilter/af_aecho.c 228 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself.
/Build/ffmpeg/libavfilter/af_aecho.c 229 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself.
/Build/ffmpeg/libavfilter/af_aecho.c 230
View log.txt
/Build/LibVNCServer/test/encodingstest.c 195 warn V522 There might be dereferencing of a potential null pointer 'cd'. Check lines: 195, 189.
/Build/LibVNCServer/test/encodingstest.c 198 warn V575 The potential null pointer is passed into 'sprintf' function. Inspect the first argument. Check lines: 198, 197.
/Build/LibVNCServer/test/encodingstest.c 287 warn V522 There might be dereferencing of a potential null pointer 'server->frameBuffer'. Check lines: 287, 284.
/Build/LibVNCServer/client_examples/vnc2mpg.c 342 warn V1004 The 'video_st' pointer was used unsafely after it was verified against nullptr. Check lines: 336, 342.
/Build/LibVNCServer/client_examples/vnc2mpg.c 360 warn V707 Giving short names to global variables is considered to be bad practice. It is suggested to rename 'oc' variable.
/Build/LibVNCServer/examples/example.c 158 warn V519 The 'cd->oldButton' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 156, 158.
/Build/LibVNCServer/examples/example.c 271 warn
View log.txt
/Build/nginx-1.15.8/src/core/ngx_log.c 335 err V547 Expression 'nlen == 0' is always false.
/Build/nginx-1.15.8/src/core/ngx_inet.c 792 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in'.
/Build/nginx-1.15.8/src/core/ngx_inet.c 952 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'.
/Build/nginx-1.15.8/src/core/ngx_inet.c 962 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in'.
/Build/nginx-1.15.8/src/core/ngx_inet.c 985 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'.
/Build/nginx-1.15.8/src/core/ngx_file.c 477 err V536 Be advised that the utilized constant value is represented by an octal form. Oct: 0600, Dec: 384.
/Build/nginx-1.15.8/src/core/ngx_resolver.c 1673 err V1028 Possible overflow. Consider casting operands of the '2 + qle
@hfiref0x
hfiref0x / log.txt
Created Feb 1, 2019
openssl_1_1_0f
View log.txt
/Build/openssl-1.1.0f/crypto/asn1/a_gentm.c 116 warn V560 A part of conditional expression is always false: (n < min[i]).
/Build/openssl-1.1.0f/crypto/asn1/a_int.c 547 warn V560 A part of conditional expression is always false: r > 0x7fffffffffffffffL.
/Build/openssl-1.1.0f/crypto/asn1/a_int.c 547 warn V560 A part of conditional expression is always false: r < (- 0x7fffffffffffffffL - 1L).
/Build/openssl-1.1.0f/crypto/asn1/a_int.c 590 warn V560 A part of conditional expression is always false: r > 0x7fffffffffffffffL.
/Build/openssl-1.1.0f/crypto/asn1/a_int.c 590 warn V560 A part of conditional expression is always false: r < (- 0x7fffffffffffffffL - 1L).
/Build/openssl-1.1.0f/crypto/asn1/a_utctm.c 90 warn V560 A part of conditional expression is always false: (n < min[i]).
/Build/openssl-1.1.0f/crypto/asn1/asn1_gen.c 597 warn V560 A part of conditional expression is always true: str.
/Build/openssl-1.1.0f/crypto/asn1/asn1_par.c 236 warn V547 Expression '!nl' is always true.
/Build/openssl-1.1.0f/crypto/asn1/
@hfiref0x
hfiref0x / log.txt
Created Jan 31, 2019
transmission_log
View log.txt
/Build/Transmission/build/third-party/utp/src/utp/utypes.h 10 warn V677 Custom declaration of a standard 'uint' type. The declaration from system header files should be used instead.
/Build/Transmission/build/third-party/utp/src/utp/templates.h 116 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'mem' is lost. Consider assigning realloc() to a temporary pointer.
/Build/Transmission/build/third-party/utp/src/utp/utp.cpp 163 err V512 A call of the 'memset' function will lead to underflow of the buffer 'sin'.
/Build/Transmission/build/third-party/utp/src/utp/utp.cpp 168 warn V641 The size of the '& sa' buffer is not a multiple of the element size of the type 'sockaddr_in6'.
/Build/Transmission/build/third-party/utp/src/utp/utp.cpp 378 warn V522 There might be dereferencing of a potential null pointer 'buf'. Check lines: 378, 372.
/Build/Transmission/build/third-party/utp/src/utp/templates.h 116 warn V701 Instantiation of Array < RST_Info >: realloc() possible leak:
View log.txt
/Build/vlc-3.0.6/include/vlc_arrays.h 347 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'pp' is lost. Consider assigning realloc() to a temporary pointer.
/Build/vlc-3.0.6/include/vlc_arrays.h 532 warn V522 There might be dereferencing of a potential null pointer 'p_entry'. Check lines: 532, 531.
/Build/vlc-3.0.6/include/vlc_charset.h 271 warn V769 The 'utf8' pointer in the 'utf8 ++' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 271, 261.
/Build/vlc-3.0.6/include/vlc_vlm.h 238 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'p_dst->ppsz_input' is lost. Consider assigning realloc() to a temporary pointer.
/Build/vlc-3.0.6/include/vlc_vlm.h 240 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'p_dst->ppsz_option' is lost. Consider assigning realloc() to a temporary pointer.
/Build/vlc-3.0.6/src/config/
You can’t perform that action at this time.