▄▄▄       ██ ▄█▀▄▄▄     ▄▄▄█████▓ ██▓     ██████ ▓█████  ▄████▄   ██▀███  ▓█████▄▄▄█████▓   ▓█████▄  ██▓ ▄▄▄       ██▀███ ▓██   ██▓
▒████▄     ██▄█▒▒████▄   ▓  ██▒ ▓▒▓██▒   ▒██    ▒ ▓█   ▀ ▒██▀ ▀█  ▓██ ▒ ██▒▓█   ▀▓  ██▒ ▓▒   ▒██▀ ██▌▓██▒▒████▄    ▓██ ▒ ██▒▒██  ██▒
▒██  ▀█▄  ▓███▄░▒██  ▀█▄ ▒ ▓██░ ▒░▒██▒   ░ ▓██▄   ▒███   ▒▓█    ▄ ▓██ ░▄█ ▒▒███  ▒ ▓██░ ▒░   ░██   █▌▒██▒▒██  ▀█▄  ▓██ ░▄█ ▒ ▒██ ██░
░██▄▄▄▄██ ▓██ █▄░██▄▄▄▄██░ ▓██▓ ░ ░██░     ▒   ██▒▒▓█  ▄ ▒▓▓▄ ▄██▒▒██▀▀█▄  ▒▓█  ▄░ ▓██▓ ░    ░▓█▄   ▌░██░░██▄▄▄▄██ ▒██▀▀█▄   ░ ▐██▓░
 ▓█   ▓██▒▒██▒ █▄▓█   ▓██▒ ▒██▒ ░ ░██░   ▒██████▒▒░▒████▒▒ ▓███▀ ░░██▓ ▒██▒░▒████▒ ▒██▒ ░    ░▒████▓ ░██░ ▓█   ▓██▒░██▓ ▒██▒ ░ ██▒▓░
 ▒▒   ▓▒█░▒ ▒▒ ▓▒▒▒   ▓▒█░ ▒ ░░   ░▓     ▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒  ░░ ▒▓ ░▒▓░░░ ▒░ ░ ▒ ░░       ▒▒▓  ▒ ░▓   ▒▒   ▓▒█░░ ▒▓ ░▒▓░  ██▒▒▒ 
  ▒   ▒▒ ░░ ░▒ ▒░ ▒   ▒▒ ░   ░     ▒ ░   ░ ░▒  ░ ░ ░ ░  ░  ░  ▒     ░▒ ░ ▒░ ░ ░  ░   ░        ░ ▒  ▒  ▒ ░  ▒   ▒▒ ░  ░▒ ░ ▒░▓██ ░▒░ 
[blog] [twitter] [github] [mail/gpg]
Spawn your shell like it's 90s again!
2016-07-21 09:09:58
Abusing SUID files should be dead in 90s, but surprisingly it's still alive. I accidentally found a Time To Check To Time To Use issue in mail.local(8) which luckily can be turned into privilege escalation! This article is a quick walk-through to gaining root privileges in the NetBSD.

Comments: 10Read more >
A tale of openssl_seal(), PHP and Apache2handle
2016-02-01 09:11:48
The openssl_seal() is prone to use uninitialized memory that can be turned into a code execution. This document describes our journey to hijack apache2 requests.

Comments: 21Read more >