hyper 

@[email protected]
213 Followers
109 Following
58 Posts

Security Engineer @ [REDACTED]
Sniffing acks and smashing stacks since 2007. 0x41414141414141 enthusiast. Friend of all cats. Him/he.

#hacking #linux #rust #vulnerabilityresearch

twitterhttps://twitter.com/hyprdude
bloghttps://blog.coffinsec.com/
Show threadhyper Aug 1, 2023
@0xca7 thanks! Glad you found it useful
hyper Jun 22, 2023
raptor Jun 21, 2023

chonked pt.1: #minidlna 1.3.2 http chunk parsing #heap #overflow (cve-2023-33476) root cause analysis
https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html

chonked pt.2: #exploiting cve-2023-33476 for remote code execution
https://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html

// by @hypr

chonked pt.1: MiniDLNA 1.3.2 HTTP Chunk Parsing Heap Overflow (CVE-2023-33476) Root Cause Analysis

first part in a two-part series going over a heap overflow in MiniDLNA, a media server commonly deployed in embedded environments. this post provides a summary and root cause analysis of the vulnerability.

hyprblog
hyper Jun 20, 2023

part 2 of my last blog post covering the heap overflow I found in MiniDLNA (CVE-2023-33476) is up! this one focuses on the exploit dev process used to get remote code execution and pop a shell. exploits included ;)

https://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html

chonked pt.2: exploiting cve-2023-33476 for remote code execution

second part in a two-part series going over heap overflow in MiniDLNA (CVE-2023-33476). this post provides a walkthrough of steps taken to write an exploit for this vulnerability in order to achieve remote code execution and pop a shell.

hyprblog
Show threadhyper Jun 8, 2023
@thc yup! :)
hyper Jun 4, 2023
raptor Jun 4, 2023

Cool #bug 🐞 by @hypr

Can you spot it?

while( (line < (h->req_buf + h->req_buflen)) &&
(h->req_chunklen = strtol(line, &endptr, 16) > 0) &&
(endptr != line) )

chonked pt.1: #minidlna 1.3.2 http chunk parsing heap #overflow (cve-2023-33476) root cause analysis

https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html

chonked pt.1: MiniDLNA 1.3.2 HTTP Chunk Parsing Heap Overflow (CVE-2023-33476) Root Cause Analysis

first part in a two-part series going over a heap overflow in MiniDLNA, a media server commonly deployed in embedded environments. this post provides a summary and root cause analysis of the vulnerability.

hyprblog
Show threadhyper Jun 1, 2023
@Xilokar thanks 🙏🏽
Show threadhyper Jun 1, 2023
@swapgs thanks! And that’s good to know about p2o Toronto, I guess that would explain why they didn’t accept it
hyper Jun 1, 2023

new post is live! this is the first part of a two-part series going over the details and root cause analysis of a heap overflow in MiniDLNA media server that I discovered a couple of months ago. part two will go over the exploit dev process and provide exploits for both x86_64 and ARM32 targets.

https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html

chonked pt.1: MiniDLNA 1.3.2 HTTP Chunk Parsing Heap Overflow (CVE-2023-33476) Root Cause Analysis

first part in a two-part series going over a heap overflow in MiniDLNA, a media server commonly deployed in embedded environments. this post provides a summary and root cause analysis of the vulnerability.

hyprblog
hyper May 17, 2023
pancake May 17, 2023

I don't have much spare time, so I decided to publish the PoC of my project to get shells on a variety of archs/os like openbsd-sparc64, linux-ppc32, ...

https://github.com/trufae/quemoo

It's a PoC, but it works, and it's easy to contribute and extend, i though about rewriting it in another language like V and provide static binaries, but i guess just refactoring the makefile should be enough for 99% of the people.

Feel free to check it out and add more images and qemu oneliners to handle every single arch of your favourite unix flavour!

GitHub - trufae/quemoo: Friendly way to setup qemu shells for multiple Archs/OS

Friendly way to setup qemu shells for multiple Archs/OS - GitHub - trufae/quemoo: Friendly way to setup qemu shells for multiple Archs/OS

GitHub
hyper May 15, 2023
I did a patch diff analysis of the latest patches for the Netgear Nighthawk RAX30 and provide a PoC exploit for one of them (ZDI-23-496) https://blog.coffinsec.com/nday/2023/05/12/rax30-patchdiff-nday-analysis.html
RAX30 Patch Diff Analysis & Nday Exploit for ZDI-23-496

patch diff analysis of the latest patches for the netgear rax30 and an nday exploit for one of them (ZDI-23-496)

hyprblog