|
|
BugTraq
COM Server-Based Binary Planting Proof Of Concept Jun 02 2011 02:52PM ACROS Security Lists (lists acros si) (1 replies) Re: [Full-disclosure] COM Server-Based Binary Planting Proof Of Concept Jun 02 2011 03:35PM Dan Kaminsky (dan doxpara com) (1 replies) RE: [Full-disclosure] COM Server-Based Binary Planting Proof OfConcept Jun 02 2011 03:42PM ACROS Security Lists (lists acros si) (1 replies) RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept Jun 02 2011 03:59PM Thor (Hammer of God) (thor hammerofgod com) (2 replies) RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept Jun 02 2011 04:21PM Mitja Kolsek (mitja kolsek acros si) |
|
Privacy Statement |
Thor, the "Online Proof of Concept" section of the blog post points you to a *remote*
exploit (without any warning) but let me repeat the link here:
http://www.binaryplanting.com/demo/XP_2-click/test.html
Visit this with IE8 on 32-bit Windows XP.
Please find further information here:
http://blog.acrossecurity.com/2011/05/anatomy-of-com-server-based-binary
.html
http://blog.acrossecurity.com/2011/05/silently-pwning-protected-mode-ie9
-and.html
In general there are two types of remote binary planting exploits: SMB and WebDAV.
The former works inside (local) networks where firewalls block outbound SMB traffic.
WebDAV attacks work through firewalls too since many firewalls allow outbound WebDAV
traffic and Windows silently fall back to WebDAV if SMB doesn't work. If our online
remote exploit doesn't work for you, you can download the PoC locally and test it in
your local network.
I'll be happy to explain it to you further if need be.
Thanks,
Mitja
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor (at) hammerofgod (dot) com [email concealed]]
> Sent: Thursday, June 02, 2011 6:00 PM
> To: security (at) acrossecurity (dot) com [email concealed]; 'Dan Kaminsky'
> Cc: full-disclosure (at) lists.grok.org (dot) uk [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: RE: [Full-disclosure] COM Server-Based Binary
> Planting ProofOfConcept
>
> But it *is* worth mentioning that you have to create the
> malicious dll file, copy it to the system, create folders
> etc, and all the other mumbo jumbo to "exploit" this in the
> "default configuration." So, the answer to Dan's question
> is actually, "no, you can't." Which brings into question the
> actual "worth" of mentioning this in the first place. :)
>
> t
>
> > -----Original Message-----
> > From: full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed]
> > [mailto:full-disclosure- bounces (at) lists.grok.org (dot) uk [email concealed]] On
> Behalf Of ACROS
> > Security Lists
> > Sent: Thursday, June 02, 2011 8:42 AM
> > To: 'Dan Kaminsky'; security (at) acrossecurity (dot) com [email concealed]
> > Cc: full-disclosure (at) lists.grok.org (dot) uk [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed]
> > Subject: Re: [Full-disclosure] COM Server-Based Binary
> Planting Proof
> > OfConcept
> >
> > It would hardly be worth mentioning otherwise.
> >
> > Cheers,
> > Mitja
> >
> > > -----Original Message-----
> > > From: full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed]
> > > [mailto:full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed]] On
> Behalf Of Dan
> > > Kaminsky
> > > Sent: Thursday, June 02, 2011 5:36 PM
> > > To: security (at) acrossecurity (dot) com [email concealed]
> > > Cc: si-cert (at) arnes (dot) si [email concealed]; full-disclosure (at) lists.grok.org (dot) uk [email concealed];
> > > bugtraq (at) securityfocus (dot) com [email concealed]; cert (at) cert (dot) org [email concealed]
> > > Subject: Re: [Full-disclosure] COM Server-Based Binary Planting
> > > Proof OfConcept
> > >
> > > Does this run code without prompting, on a reasonably default
> > > configuration?
> > >
> > > On Thu, Jun 2, 2011 at 7:52 AM, ACROS Security Lists
> > > <lists (at) acros (dot) si [email concealed]>
> > > wrote:
> > > >
> > > > We published a remote/local proof of concept for the COM
> > > Server-Based
> > > > Binary Planting exploit presented at the Hack in the Box
> > > conference in Amsterdam.
> > > >
> > > > Feel free to try it out online if WebDAV works through your
> > > firewall,
> > > > or download it and test it in your local network or simply
> > > on your computer.
> > > >
> > > >
> > >
> http://blog.acrossecurity.com/2011/06/com-server-based-binary-planti
> > > ng
> > > > -proof.html
> > > > or
> > > > http://bit.ly/iSxHKO
> > > >
> > > > Best regards,
> > > >
> > > > Mitja Kolsek
> > > > CEO&CTO
> > > >
> > > > ACROS, d.o.o.
> > > > Makedonska ulica 113
> > > > SI - 2000 Maribor, Slovenia
> > > > tel: +386 2 3000 280
> > > > fax: +386 2 3000 282
> > > > web: http://www.acrossecurity.com
> > > >
> > > > ACROS Security: Finding Your Digital Vulnerabilities Before
> > > Others Do
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
[ reply ]