Is using an intentional debug interface really an RCE?
-
-
This Tweet is unavailable.
- 1 more reply
-
-
-
Iirc WinDBG KDNET requires a shared key and can’t run without a passwd set. Or at minimum if you set it up via visual studio it forces you to set a key.
-
KDNET doesn’t require a key when run through windbg or kd directly
- 3 more replies
New conversation -
-
-
Obviously the severity should not be overplayed, but I think it's irresponsible to ship a script like this with a preconfigured bind address someone might not be aware of and run it. If you insist on doing it, insist on the user specifying the address/port.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Seems like standard behavior. The "I didn't know debugging was listening on * when I ENABLED IT, bc I ran a script OFF THE INTERNET w/o any due diligence is just lazy and a
#FAIL. This isn't a Chrome release to consumers, it's a Gov. RE tool WITH SRC code, act accordingly?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Or equivalently Chromium’s --remote-debugging-port
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.