Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept
From: "Mitja Kolsek" <mitja.kolsek () acros si>
Date: Thu, 2 Jun 2011 18:21:12 +0200


Thor, the "Online Proof of Concept" section of the blog post points you to a *remote*
exploit (without any warning) but let me repeat the link here:

http://www.binaryplanting.com/demo/XP_2-click/test.html

Visit this with IE8 on 32-bit Windows XP.

Please find further information here:

http://blog.acrossecurity.com/2011/05/anatomy-of-com-server-based-binary.html
http://blog.acrossecurity.com/2011/05/silently-pwning-protected-mode-ie9-and.html

In general there are two types of remote binary planting exploits: SMB and WebDAV.
The former works inside (local) networks where firewalls block outbound SMB traffic.
WebDAV attacks work through firewalls too since many firewalls allow outbound WebDAV
traffic and Windows silently fall back to WebDAV if SMB doesn't work. If our online
remote exploit doesn't work for you, you can download the PoC locally and test it in
your local network.

I'll be happy to explain it to you further if need be.

Thanks,
Mitja


-----Original Message-----
From: Thor (Hammer of God) [mailto:thor () hammerofgod com] 
Sent: Thursday, June 02, 2011 6:00 PM
To: security () acrossecurity com; 'Dan Kaminsky'
Cc: full-disclosure () lists grok org uk; bugtraq () securityfocus com
Subject: RE: [Full-disclosure] COM Server-Based Binary 
Planting ProofOfConcept

But it *is* worth mentioning that you have to create the 
malicious dll file, copy it to the system, create folders 
etc, and all the other mumbo jumbo to "exploit" this in the 
"default configuration."   So, the answer to Dan's question 
is actually, "no, you can't."  Which brings into question the 
actual "worth" of mentioning this in the first place. :)

t

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure- bounces () lists grok org uk] On 
Behalf Of ACROS 
Security Lists
Sent: Thursday, June 02, 2011 8:42 AM
To: 'Dan Kaminsky'; security () acrossecurity com
Cc: full-disclosure () lists grok org uk; bugtraq () securityfocus com
Subject: Re: [Full-disclosure] COM Server-Based Binary 
Planting Proof 
OfConcept

It would hardly be worth mentioning otherwise.

Cheers,
Mitja

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On 
Behalf Of Dan 
Kaminsky
Sent: Thursday, June 02, 2011 5:36 PM
To: security () acrossecurity com
Cc: si-cert () arnes si; full-disclosure () lists grok org uk;
bugtraq () securityfocus com; cert () cert org
Subject: Re: [Full-disclosure] COM Server-Based Binary Planting 
Proof OfConcept

Does this run code without prompting, on a reasonably default 
configuration?

On Thu, Jun 2, 2011 at 7:52 AM, ACROS Security Lists 
<lists () acros si>
wrote:

We published a remote/local proof of concept for the COM
Server-Based
Binary Planting exploit presented at the Hack in the Box
conference in Amsterdam.

Feel free to try it out online if WebDAV works through your
firewall,
or download it and test it in your local network or simply
on your computer.



http://blog.acrossecurity.com/2011/06/com-server-based-binary-planti
ng
-proof.html
or
http://bit.ly/iSxHKO

Best regards,

Mitja Kolsek
CEO&CTO

ACROS, d.o.o.
Makedonska ulica 113
SI - 2000 Maribor, Slovenia
tel: +386 2 3000 280
fax: +386 2 3000 282
web: http://www.acrossecurity.com

ACROS Security: Finding Your Digital Vulnerabilities Before
Others Do


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]