Full Disclosure mailing list archives
Re: COM Server-Based Binary Planting ProofOfConcept
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Thu, 2 Jun 2011 19:19:38 +0000
I'll call you on that. Set it up, send it out, and show us how many people IRL you can actually get this to be exploited on. Your assumptions that the "majority" will fall because of "inherent casualness" has no basis whatsoever, and it just more blah-blah-windows-blah-blah crap from the Windows 95 days. Seriously. Put your money where your mouth is. t From: yati sagade [mailto:yati.sagade () gmail com] Sent: Thursday, June 02, 2011 11:57 AM To: Mitja Kolsek Cc: Thor (Hammer of God); full-disclosure () lists grok org uk; bugtraq () securityfocus com; Dan Kaminsky Subject: Re: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept Hi, Nice revelations here. what we need to understand here is that the majority of Windows users there *will* fall for the remote exploit because of their inherent casualness(some actually think that 7 is the nicest OS ever made). I appreciate the efforts taken in finding these exploits, especially on such a closed, undocumented system. Additionally , thanks for those amusing tricks with special folders. keep up the good job. regards, yati On Thu, Jun 2, 2011 at 9:51 PM, Mitja Kolsek <mitja.kolsek () acros si<mailto:mitja.kolsek () acros si>> wrote: Thor, the "Online Proof of Concept" section of the blog post points you to a *remote* exploit (without any warning) but let me repeat the link here: http://www.binaryplanting.com/demo/XP_2-click/test.html Visit this with IE8 on 32-bit Windows XP. Please find further information here: http://blog.acrossecurity.com/2011/05/anatomy-of-com-server-based-binary.html http://blog.acrossecurity.com/2011/05/silently-pwning-protected-mode-ie9-and.html In general there are two types of remote binary planting exploits: SMB and WebDAV. The former works inside (local) networks where firewalls block outbound SMB traffic. WebDAV attacks work through firewalls too since many firewalls allow outbound WebDAV traffic and Windows silently fall back to WebDAV if SMB doesn't work. If our online remote exploit doesn't work for you, you can download the PoC locally and test it in your local network. I'll be happy to explain it to you further if need be. Thanks, Mitja
-----Original Message----- From: Thor (Hammer of God) [mailto:thor () hammerofgod com<mailto:thor () hammerofgod com>] Sent: Thursday, June 02, 2011 6:00 PM To: security () acrossecurity com<mailto:security () acrossecurity com>; 'Dan Kaminsky' Cc: full-disclosure () lists grok org uk<mailto:full-disclosure () lists grok org uk>; bugtraq () securityfocus com<mailto:bugtraq () securityfocus com> Subject: RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept But it *is* worth mentioning that you have to create the malicious dll file, copy it to the system, create folders etc, and all the other mumbo jumbo to "exploit" this in the "default configuration." So, the answer to Dan's question is actually, "no, you can't." Which brings into question the actual "worth" of mentioning this in the first place. :) t-----Original Message----- From: full-disclosure-bounces () lists grok org uk<mailto:full-disclosure-bounces () lists grok org uk> [mailto:full-disclosure-<mailto:full-disclosure-> bounces () lists grok org uk<mailto:bounces () lists grok org uk>] OnBehalf Of ACROSSecurity Lists Sent: Thursday, June 02, 2011 8:42 AM To: 'Dan Kaminsky'; security () acrossecurity com<mailto:security () acrossecurity com> Cc: full-disclosure () lists grok org uk<mailto:full-disclosure () lists grok org uk>; bugtraq () securityfocus com<mailto:bugtraq () securityfocus com> Subject: Re: [Full-disclosure] COM Server-Based BinaryPlanting ProofOfConcept It would hardly be worth mentioning otherwise. Cheers, Mitja-----Original Message----- From: full-disclosure-bounces () lists grok org uk<mailto:full-disclosure-bounces () lists grok org uk> [mailto:full-disclosure-bounces () lists grok org uk<mailto:full-disclosure-bounces () lists grok org uk>] OnBehalf Of DanKaminsky Sent: Thursday, June 02, 2011 5:36 PM To: security () acrossecurity com<mailto:security () acrossecurity com> Cc: si-cert () arnes si<mailto:si-cert () arnes si>; full-disclosure () lists grok org uk<mailto:full-disclosure () lists grok org uk>; bugtraq () securityfocus com<mailto:bugtraq () securityfocus com>; cert () cert org<mailto:cert () cert org> Subject: Re: [Full-disclosure] COM Server-Based Binary Planting Proof OfConcept Does this run code without prompting, on a reasonably default configuration? On Thu, Jun 2, 2011 at 7:52 AM, ACROS Security Lists <lists () acros si<mailto:lists () acros si>> wrote:We published a remote/local proof of concept for the COMServer-BasedBinary Planting exploit presented at the Hack in the Boxconference in Amsterdam.Feel free to try it out online if WebDAV works through yourfirewall,or download it and test it in your local network or simplyon your computer.http://blog.acrossecurity.com/2011/06/com-server-based-binary-planting-proof.html or http://bit.ly/iSxHKO Best regards, Mitja Kolsek CEO&CTO ACROS, d.o.o. Makedonska ulica 113 SI - 2000 Maribor, Slovenia tel: +386 2 3000 280 fax: +386 2 3000 282 web: http://www.acrossecurity.com ACROS Security: Finding Your Digital Vulnerabilities BeforeOthers Do_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- COM Server-Based Binary Planting Proof Of Concept ACROS Security Lists (Jun 02)
- Re: COM Server-Based Binary Planting Proof Of Concept Dan Kaminsky (Jun 02)
- Re: COM Server-Based Binary Planting Proof OfConcept ACROS Security Lists (Jun 02)
- Re: COM Server-Based Binary Planting Proof OfConcept Thor (Hammer of God) (Jun 02)
- Re: COM Server-Based Binary Planting ProofOfConcept Mitja Kolsek (Jun 02)
- Re: COM Server-Based Binary Planting ProofOfConcept yati sagade (Jun 02)
- Re: COM Server-Based Binary Planting ProofOfConcept Thor (Hammer of God) (Jun 02)
- Re: COM Server-Based Binary Planting Proof OfConcept ACROS Security Lists (Jun 02)
- Re: COM Server-Based Binary Planting ProofOfConcept Mitja Kolsek (Jun 02)
- Re: COM Server-Based Binary Planting ProofOfConcept Dan Kaminsky (Jun 02)
- Re: COM Server-Based Binary Planting ProofOfConcept Mitja Kolsek (Jun 02)
- Re: COM Server-Based Binary Planting Proof Of Concept Dan Kaminsky (Jun 02)