Hi, Nice revelations here. what we need to understand here is that the majority of Windows users there *will* fall for the remote exploit because of their inherent casualness(some actually think that 7 is the nicest OS ever made). I appreciate the efforts taken in finding these exploits, especially on such a closed, undocumented system. Additionally , thanks for those amusing tricks with special folders.
keep up the good job. regards, yati On Thu, Jun 2, 2011 at 9:51 PM, Mitja Kolsek <[email protected]> wrote: > > Thor, the "Online Proof of Concept" section of the blog post points you to > a *remote* > exploit (without any warning) but let me repeat the link here: > > http://www.binaryplanting.com/demo/XP_2-click/test.html > > Visit this with IE8 on 32-bit Windows XP. > > Please find further information here: > > > http://blog.acrossecurity.com/2011/05/anatomy-of-com-server-based-binary.html > > http://blog.acrossecurity.com/2011/05/silently-pwning-protected-mode-ie9-and.html > > In general there are two types of remote binary planting exploits: SMB and > WebDAV. > The former works inside (local) networks where firewalls block outbound SMB > traffic. > WebDAV attacks work through firewalls too since many firewalls allow > outbound WebDAV > traffic and Windows silently fall back to WebDAV if SMB doesn't work. If > our online > remote exploit doesn't work for you, you can download the PoC locally and > test it in > your local network. > > I'll be happy to explain it to you further if need be. > > Thanks, > Mitja > > > > -----Original Message----- > > From: Thor (Hammer of God) [mailto:[email protected]] > > Sent: Thursday, June 02, 2011 6:00 PM > > To: [email protected]; 'Dan Kaminsky' > > Cc: [email protected]; [email protected] > > Subject: RE: [Full-disclosure] COM Server-Based Binary > > Planting ProofOfConcept > > > > But it *is* worth mentioning that you have to create the > > malicious dll file, copy it to the system, create folders > > etc, and all the other mumbo jumbo to "exploit" this in the > > "default configuration." So, the answer to Dan's question > > is actually, "no, you can't." Which brings into question the > > actual "worth" of mentioning this in the first place. :) > > > > t > > > > > -----Original Message----- > > > From: [email protected] > > > [mailto:full-disclosure- [email protected]] On > > Behalf Of ACROS > > > Security Lists > > > Sent: Thursday, June 02, 2011 8:42 AM > > > To: 'Dan Kaminsky'; [email protected] > > > Cc: [email protected]; [email protected] > > > Subject: Re: [Full-disclosure] COM Server-Based Binary > > Planting Proof > > > OfConcept > > > > > > It would hardly be worth mentioning otherwise. > > > > > > Cheers, > > > Mitja > > > > > > > -----Original Message----- > > > > From: [email protected] > > > > [mailto:[email protected]] On > > Behalf Of Dan > > > > Kaminsky > > > > Sent: Thursday, June 02, 2011 5:36 PM > > > > To: [email protected] > > > > Cc: [email protected]; [email protected]; > > > > [email protected]; [email protected] > > > > Subject: Re: [Full-disclosure] COM Server-Based Binary Planting > > > > Proof OfConcept > > > > > > > > Does this run code without prompting, on a reasonably default > > > > configuration? > > > > > > > > On Thu, Jun 2, 2011 at 7:52 AM, ACROS Security Lists > > > > <[email protected]> > > > > wrote: > > > > > > > > > > We published a remote/local proof of concept for the COM > > > > Server-Based > > > > > Binary Planting exploit presented at the Hack in the Box > > > > conference in Amsterdam. > > > > > > > > > > Feel free to try it out online if WebDAV works through your > > > > firewall, > > > > > or download it and test it in your local network or simply > > > > on your computer. > > > > > > > > > > > > > > > > http://blog.acrossecurity.com/2011/06/com-server-based-binary-planti > > > > ng > > > > > -proof.html > > > > > or > > > > > http://bit.ly/iSxHKO > > > > > > > > > > Best regards, > > > > > > > > > > Mitja Kolsek > > > > > CEO&CTO > > > > > > > > > > ACROS, d.o.o. > > > > > Makedonska ulica 113 > > > > > SI - 2000 Maribor, Slovenia > > > > > tel: +386 2 3000 280 > > > > > fax: +386 2 3000 282 > > > > > web: http://www.acrossecurity.com > > > > > > > > > > ACROS Security: Finding Your Digital Vulnerabilities Before > > > > Others Do > > > > > > > > > > > > > > > _______________________________________________ > > > > > Full-Disclosure - We believe in it. > > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > > > > _______________________________________________ > > > > Full-Disclosure - We believe in it. > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
