Posted on 01/24/2016 7:36:54 PM PST by Utilizer
Shmoocon Foxglove Security bod Stephen Breen has strung together dusty unpatched Windows vulnerabilities to gain local system-level access on Windows versions up to 8.1.
The unholy zero-day concoction, reported to Microsoft in September and still unpatched, is a reliable way of p0wning Windows for attackers that have managed to pop user machines.
Breen released exploit code for his attack dubbed Hot Potato following his talk at the Shmoocon conference in Washington over the weekend.
"Hot Potato takes advantage of known issues in Windows to gain local privilege escalation in default configurations, namely NTLM relay -\- specifically HTTP-SMB relay - and NBNS spoofing," Breen says.
"Using this technique, we can elevate our privilege on a Windows workstation from the lowest levels to NT Authority/System - the highest level of privilege available on a Windows machine.
"This is important because many organisations unfortunately rely on Windows account privileges to protect their corporate network."
The work borrows techniques disclosed by the Google Project Zero hack house.
Attackers who use the technique after first gaining low-level access - a common situation for black hats and penetration testers - can begin lateral network movement from where other hosts can be hosed.
"Gaining high privilege access on a host is often a critical step in a penetration test, and is usually performed in an ad-hoc manner as there are no known public exploits or techniques to do so reliably," Breen says.
Microsoft has known of the vulnerable elements in the attack since the turn of the century, but legacy and backwards compatibility has made patching difficult.
(Excerpt) Read more at theregister.co.uk ...
Is this some kind of hipster language crapola in the original site? I can’t understand half of the weirdy words.
Be nice if they hired someone who spoke English to edit it.
>> I can’t understand half of the weirdy words.
The Register is British.
Fairly well respected in the IT community though.
Most of the “weirdy words” are coder-speak for certain processes and terms, and others are the names of certain conferences that programmers and codegeeks attend.
If you simply ignore the strange words (think:”LULZ”, for instance as a type of term to ignore) and read the rest of the article you can pick up fairly quickly the gist of the problem.
Watcha talkin bout Willis!? /s
I understood every word. Its just that I could not comprehend every word.
But not impossible. Right?
Programmers, like Linux Coders, tend to apply a rather zany attitude to naming processes.
For instance, one of the subsystem processes were called the “GNU” utilities. Feel free to look that up, as it follows along the thinking behind the name “LINUX”, as in: “Linux Is Not UniX” for example.
When they worked towards developing a partitioning utility beyond fdisk, they called it the GNU partition program, or “GNU-Parted” for short. An audible pronunciation of the name should quickly provide an understanding of the geekhumor behind the name. *grin*
Re: post #8. *grin*
You seem to be under the mistaken impression that MicSquish equates “fixable” with “capable of generating a profit”.
Thus the obvious lack of interest in many of the MS difficulties (by MS) over the years.
Ping for your list
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.