Internet Bug Bounty: Mercurial can be tricked into granting authorized users access to the Python debugger

I reported this bug privately to Mercurial and they produced an out of band release to fix the bug here: https://www.mercurial-scm.org/wiki/WhatsNewMercurial4.1.3.282017-4-18.29 I produced a very detailed proof of concept with a Metasploit exploit module, which can be seen publicly here:...

Mercurial Custom hg-ssh Wrapper Remote Code Exec

This module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution. This module requires Metasploit: https://metasploit.com/downlo...

[WinAppDbg 1.5] Python Debugger

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach...