***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windows
Moderator: Moderator Team
-
- Posts: 88
- Joined: Mon Feb 13, 2012 7:39 pm
***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windows
Hi... Look what I've found:
https://www.blackhat.com/docs/eu-14/mat ... Vector.pdf
basically, it's about a vulnerability - sort of auto code execution, similar to ShellShock
(RFD... or I don't know how it's called - you can read the paper)
try this: open cmd.exe in ROS and paste this:
{"results":["q", "
rfd
\
"||
calc
||","I love
rfd
"]}
Oh... and do tell me in the comments below if you needed to press ENTER or not
This can extend to web pages,links and probably a lot more and it can
execute code without consent.
https://www.blackhat.com/docs/eu-14/mat ... Vector.pdf
basically, it's about a vulnerability - sort of auto code execution, similar to ShellShock
(RFD... or I don't know how it's called - you can read the paper)
try this: open cmd.exe in ROS and paste this:
{"results":["q", "
rfd
\
"||
calc
||","I love
rfd
"]}
Oh... and do tell me in the comments below if you needed to press ENTER or not
This can extend to web pages,links and probably a lot more and it can
execute code without consent.
Last edited by laurflorin on Sun Oct 19, 2014 5:49 pm, edited 1 time in total.
IT: The only place where a cookie could pose a risk to your privacy.
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
What is it supposed to do?
I use ReactOS on real hardware. Will you? My Computers: https://www.reactos.org/wiki/PC_ROS_Rigs Go all the way to the bottom.
[ external image ]
[ external image ]
-
- Posts: 88
- Joined: Mon Feb 13, 2012 7:39 pm
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
It should execute calc.exe without consent (one does not even
need to press ENTER).
UPDATE: I've also made a video to show what I mean:
http://tinypic.com/player.php?v=iehyty% ... EPktsmOAek
need to press ENTER).
UPDATE: I've also made a video to show what I mean:
http://tinypic.com/player.php?v=iehyty% ... EPktsmOAek
IT: The only place where a cookie could pose a risk to your privacy.
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
I haven't had time to try this. I will try it now.
I use ReactOS on real hardware. Will you? My Computers: https://www.reactos.org/wiki/PC_ROS_Rigs Go all the way to the bottom.
[ external image ]
[ external image ]
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
It works with ReactOS, but whats happening is, Windows Server/ReactOS is trying to execute each line of code. It can't run the other lines of code but when it hits calc, it executes calculator. I still don't don't understand why the enter key does not have to be pressed. I will go some more research and see why this happens. Maybe the ReactOS command prompt could detect this pattern of code and stop the execution.
I use ReactOS on real hardware. Will you? My Computers: https://www.reactos.org/wiki/PC_ROS_Rigs Go all the way to the bottom.
[ external image ]
[ external image ]
-
- Posts: 88
- Joined: Mon Feb 13, 2012 7:39 pm
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
I think this is a major security bug in the NT platform...
I discover MS Windows to be less and less secure by the day,
particularly since I started playing with Kali Linux.
I really hope ReactOS can come with workarounds that would not
make it as insecure as the original Windows. Because if ReactOS
inherits the weaknesses of Windows, it would be a really easy target
at the beginning after it's done and hits mainstream (even though this will take a while to happen,
still I would really hope to see a mature SECURE ReactOS, no matter when it's done).
Windows flaws that I can think of so far:
-Autorun.inf;
-easy password circumvention (Hiren,Linux etc);
-no or very poor rootkit/driver protection;
-very poor malware protection (though there are decent AVs out there, so this should not be a problem if they could also run in ReactOS) ;
-no "HIPS" of any kind;
-very poor Task Manager (i.e. compared to KillSwitch or Process Hacker);
-Administrator account be default (no encouragement to use standard user accounts) - I think this accounts for 70%+ success of malware being able to wreak havoc;
-Microsoft has an EMET Tool (a sort of anti-exploit tool), I don't understand why they don't have it on Windows by default;
-No keylogger protection;
and many more that I can't think of as of now.
Some of you may say that if MS Windows incorporated these protections by default, it would probably
mean that other 3rd-party products would not be able to be in fair competition with MS...
Probably...... But I think that information security is a right, not a privilege
I discover MS Windows to be less and less secure by the day,
particularly since I started playing with Kali Linux.
I really hope ReactOS can come with workarounds that would not
make it as insecure as the original Windows. Because if ReactOS
inherits the weaknesses of Windows, it would be a really easy target
at the beginning after it's done and hits mainstream (even though this will take a while to happen,
still I would really hope to see a mature SECURE ReactOS, no matter when it's done).
Windows flaws that I can think of so far:
-Autorun.inf;
-easy password circumvention (Hiren,Linux etc);
-no or very poor rootkit/driver protection;
-very poor malware protection (though there are decent AVs out there, so this should not be a problem if they could also run in ReactOS) ;
-no "HIPS" of any kind;
-very poor Task Manager (i.e. compared to KillSwitch or Process Hacker);
-Administrator account be default (no encouragement to use standard user accounts) - I think this accounts for 70%+ success of malware being able to wreak havoc;
-Microsoft has an EMET Tool (a sort of anti-exploit tool), I don't understand why they don't have it on Windows by default;
-No keylogger protection;
and many more that I can't think of as of now.
Some of you may say that if MS Windows incorporated these protections by default, it would probably
mean that other 3rd-party products would not be able to be in fair competition with MS...
Probably...... But I think that information security is a right, not a privilege
IT: The only place where a cookie could pose a risk to your privacy.
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
I saw a video once on how to exploit the autorun feature of Windows. I think it was left out of ReactOS intentionally for that reason. The default user account in ReactOS has Administrator rights by default. The multi user logon system is still being worked on.I think this is a major security bug in the NT platform...
I discover MS Windows to be less and less secure by the day,
particularly since I started playing with Kali Linux.
I really hope ReactOS can come with workarounds that would not
make it as insecure as the original Windows. Because if ReactOS
inherits the weaknesses of Windows, it would be a really easy target
at the beginning after it's done and hits mainstream (even though this will take a while to happen,
still I would really hope to see a mature SECURE ReactOS, no matter when it's done).
Windows flaws that I can think of so far:
-Autorun.inf;
-easy password circumvention (Hiren,Linux etc);
-no or very poor rootkit/driver protection;
-very poor malware protection (though there are decent AVs out there, so this should not be a problem if they could also run in ReactOS) ;
-no "HIPS" of any kind;
-very poor Task Manager (i.e. compared to KillSwitch or Process Hacker);
-Administrator account be default (no encouragement to use standard user accounts) - I think this accounts for 70%+ success of malware being able to wreak havoc;
-Microsoft has an EMET Tool (a sort of anti-exploit tool), I don't understand why they don't have it on Windows by default;
-No keylogger protection;
and many more that I can't think of as of now.
Some of you may say that if MS Windows incorporated these protections by default, it would probably
mean that other 3rd-party products would not be able to be in fair competition with MS...
Probably...... But I think that information security is a right, not a privilege
Last edited by Pi_User5 on Sun Oct 19, 2014 8:26 pm, edited 2 times in total.
I use ReactOS on real hardware. Will you? My Computers: https://www.reactos.org/wiki/PC_ROS_Rigs Go all the way to the bottom.
[ external image ]
[ external image ]
-
- Posts: 131
- Joined: Sun Oct 20, 2013 6:50 am
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
@Pi_User5
If you have copied as is from the opening post and pasted it into cmd, then the reason why you don't have to press return is probably that you have also copied the line breaks at the end of
each line.
@ laurflorin
Is there a reason why you had broken it into serveral lines? The linked document says all on the same line. When used as in your opening post, calc is supposed to execute regardless of what you have put
on the lines before and after it.
If you have copied as is from the opening post and pasted it into cmd, then the reason why you don't have to press return is probably that you have also copied the line breaks at the end of
each line.
@ laurflorin
Is there a reason why you had broken it into serveral lines? The linked document says all on the same line. When used as in your opening post, calc is supposed to execute regardless of what you have put
on the lines before and after it.
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
I forget you can do that. It always gets me when using Putty and I'm copying and pasting code.If you have copied as is from the opening post and pasted it into cmd, then the reason why you don't have to press return is probably that you have also copied the line breaks at the end ofeach line.
I use ReactOS on real hardware. Will you? My Computers: https://www.reactos.org/wiki/PC_ROS_Rigs Go all the way to the bottom.
[ external image ]
[ external image ]
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
To me, this looks like another version of the Code Execution Causes Code Execution vulnerability.
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
I don't get why you listed the password thing as a flaw.
When the system is offline it can't actively protect itself.
It can well put up a fence, but there wont be a person to stand in the way.
Hence why many of those programs like Deep Freeze can be broken provided offline access
When the system is offline it can't actively protect itself.
It can well put up a fence, but there wont be a person to stand in the way.
Hence why many of those programs like Deep Freeze can be broken provided offline access
-
- Posts: 531
- Joined: Thu Jan 10, 2013 6:17 pm
- Contact:
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
I'm fairly certain that the presentation linked to in the first post is actually describing a security vulnerability (attack vector) in web APIs and browsers. This, in turn, allows arbitrary execution of both shell /command line and VBscript-type code.
The listed instructions we're told to paste into our command lines is just running calc because that's logically what the result of those commands would be. It's essentially telling your computer "gibberish, gibberish, gibberish, RUN CALC!, gibberish". And your computer says, "I understood one part of that! Running calc, sir!"
Not sure this particular issue has too much to do with ROS directly...
The listed instructions we're told to paste into our command lines is just running calc because that's logically what the result of those commands would be. It's essentially telling your computer "gibberish, gibberish, gibberish, RUN CALC!, gibberish". And your computer says, "I understood one part of that! Running calc, sir!"
Not sure this particular issue has too much to do with ROS directly...
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
It may break compatibility with different programs (especially with virtual/sandbox containers ala thinapp and etc).laurflorin wrote:Microsoft has an EMET Tool (a sort of anti-exploit tool), I don't understand why they don't have it on Windows by default;
The user then can rack their brains what caused the malfunction. Therefore, this tool is for advanced users only.
Much has been done by default in favor of compatibility.
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
shell shock work in windows 7laurflorin wrote:Hi... Look what I've found:
https://www.blackhat.com/docs/eu-14/mat ... Vector.pdf
basically, it's about a vulnerability - sort of auto code execution, similar to ShellShock
(RFD... or I don't know how it's called - you can read the paper)
try this: open cmd.exe in ROS and paste this:
{"results":["q", "
rfd
\
"||
calc
||","I love
rfd
"]}
Oh... and do tell me in the comments below if you needed to press ENTER or not
This can extend to web pages,links and probably a lot more and it can
execute code without consent.
[ external image ]
Re: ***IMPORTANT!*** A ShellShock-like [?] vuln in MS Windo
Bravo to everybody !!!!!!!! You've just (re)discovered that the command line interpreter can start... programs ^^
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 22 guests