Are you serious
Ghidra opens up JDWP in debug mode listening on port 18001, you can use it to execute code remotely 
.. to fix change line 150 of support/launch.sh from * to 127.0.0.1 https://static.hacker.house/releasez/expl0itz/jdwp-exploit.txt …
-
-
-
Yes, I also claim first blood and RCE.
-
This doesn't even qualify as a bug let alone RCE.
-
It listens on a network port and allows you to run code remotely. ¯\_(ツ)_/¯
-
If I put things into debug mode, I meant it was for debugging.
-
Yet, did you mean that you wanted the world and his dog to run code on your host? Because that's what this does.
-
What port should it use to accommodate virtual machines, but not other computers? I'm really confused about this actually, it's just what another person on the internet brought up.https://www.reddit.com/r/ReverseEngineering/comments/axrzci/ghidra_is_now_available_for_download/ehy2suv?utm_medium=android_app&utm_source=share …
-
Ideally it should listen on 127.0.0.1 only by default for both JDWP and Java RMI when enabling debugging or at least warn users ofthe potential risks exposing the service on a network interface.
End of conversation
New conversation -
-
-
The one nsa just released ghidra?
-
Yup, run in debug mode for remote code execution on your box.
-
That's kind of misleading, of course debug mode opens a debug port. I thought you were implying it did it automatically.
-
Generally wouldn't expect it to open a remotely accessible debug service. JDWP has many known issues and if used should be restricted to the localhost.
-
That's fair.
End of conversation
New conversation -
-
-
Going to have to agree with
@nneonneo on this one. https://github.com/NationalSecurityAgency/ghidra/issues/6#issuecomment-469930744 … Pretty sure the NSA wasn't using this in environments where RCE was part of the threat model. -
Once they released it to the public they should ensure that such functionality comes with a clear warning or ideally is restricted to the localhost.
-
Yeah, that's a fair take.
End of conversation
New conversation -
-
-
I hear the EcuadorIan embassy puts on a great cooked breakfast...
-
I do look fabulous in Orange tho.
End of conversation
New conversation -
-
-
To all the morons saying “but it’s in debug mode”, listen. Even Android with ADB port 5000 in debug mode uses priv/pub key auth (by default). What devices do you know that start up a debug port TO THE WORLD? 127.0.0.1, ok. But 0.0.0.0? No.
-
How many do not have their computers behind nat/firewall tho
-
By this rationale, Wannacry should have NEVER happened.
-
This Tweet is unavailable
-
You may be right about overhyping. I think it's something that has caused some controversy and not really worth getting angry over. However, I do have a bit of a bone to pick with the firewall being shared through the firewall by default. Who's doing that? & why?
-
This Tweet is unavailable
-
Sorry I didn't realize it was still the 90's
If workstations are going to exposed on the open internet in corporate environments, then surely NSA reverse engineering software will be to (with debug enabled because of some post they read off stack overflow to fix a bug) -
This Tweet is unavailable
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.