Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
John Hammond Profile picture
@_JohnHammond
Oct 11, 2023 10 tweets 4 min read Read on X
Scrolly
curl/libcurl HIGH CVE-2023-38545 seemed to have a patch diff out early?
gitlab.com/redhat/centos-…
Image
This is the vulnerability that had curl maintainers cut an early release, slated for October 11.
github.com/curl/curl/disc…
The test data included in the patch makes it clear enough to poke and play with this. Image
For some super quick local testing, you can slap up a simple SOCKS5 proxy kudos to "pysoxy": github.com/MisterDaneel/p…
Image
And sure, you can stage a dumbo easy redirect (php -S 0.0.0.0:8000 or whatever) and then use curl to drive through the SOCKS proxy to that redirect.... Image
And yeah, you can use curl with -v to see the same error message that was patched out from the diff, so we're in the right spot... Image
But, if the risk is supposed to be curl switching to local resolve...

Maybe I'm dumb, but what damage does that do?

Sure you could append in some local resources you might "enumerate", but couldn't you already do that with SOCKS to begin with? Image
It's not ever likely for there to be a local name with over 255 characters, right? So you'd drive to a new location with @ if the goal to enumerate local resources, but how is that any different than just reaching that in the first place?

How do you actually weaponize this? Image
I'm out of my element at this point so forgive my nonsensical garbage babble, but, since it does store the whole hostname in a buffer, you could presumably do some funky stack stuff.

With a 2036-character long URI, it looks to be the limit of what is displayed in verbose info
Image
Image
kek, could force a URL too long or drain memory Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Hammond

John Hammond Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @_JohnHammond

John Hammond Profile picture
Aug 12, 2024
Luke shared the URL from the original phishing email with me, so I'd like to showcase it a bit.

Planning to record a video to walk through it, but don't have a chance to record for the next few hours... so will roll with a Twitter/X thread for now 🧵
Image
I won't show the full URL, but here's the big link redacted and defanged.

Cutesy that it is from a SendGrid tracking link. Obviously a juicy treat for attacker to be able to mass spam emails with a trusted/common delivery service like SendGrid, and a perk of click tracking. Image
Of course, it's a 302 redirect to the malicious domain and actual credential harvesting website.

Again I won't show the full URL right now, but will be reporting to the domain registrar/usual disclosure process
Image
Image
Read 31 tweets
John Hammond Profile picture
Jul 19, 2024
A thread of new domains following the CrowdStrike catastrophe: 🧵
clownstrike[.]co

Presumably selling legitimate merchandise for this 😂
Image
Image
clownstrike[.]co[.]uk

A Futurama GIF for "0 days since last accident" Image
Read 11 tweets
John Hammond Profile picture
Jul 19, 2024
CrowdStrike Falcon agents are imploding right now and causing a Blue Screen of Death boot loop on every endpoint. Reports of massive outages globally.
reddit.com/r/crowdstrike/…
I'd love to be able to see their messaging, but it is behind a login.
Image
Image
Presumably the status update is just "we are aware", but no further details of what is wrong/how to remediate/etc. Image
Read 7 tweets
John Hammond Profile picture
Jun 7, 2024
ok lets go Image
I set up Recall in an Azure VM with AmperageKit, which seems like the easiest thing to get going so far.

1. Ensure you have a Microsoft account so you can login at login.live.com
Image
2. Login to the Azure Portal at .

If you haven't mucked with Azure much before, would totally recommend you take advantage of the free $200 credits if you can. portal.azure.com
Image
Read 28 tweets
John Hammond Profile picture
Jan 1, 2023
Want to know what a YouTube channel with half a million subscribers looks like behind the scenes?

As we're cruising into 2023 and the new year, I'd like to peel back the curtain.

I want to be as transparent as possible here, in the hopes that this might help other creators. 🧵
This year in 2022, I uploaded ~170 videos, with most being released in the latter half of the year.

Trying with a certain of amount of grace and dignity, I did lean into the "cringy" thumbnails with the exaggerated expressions or more modern titles.
But please, "don't hate the player... hate the game" -- I really do think these thumbnails and titles added to greater reception and viewership of my content.

The past 28 days made for 1M comprehensive views, 100K watch hours, +11K subscribers and 20M impressions.
Read 18 tweets
John Hammond Profile picture
Sep 21, 2022
"Would you like to earn millions of dollars $$$ ?"
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(