Adam Boileau (Metlstorm) has released a script (winlockpwn) written in Python, which allows a device running Linux to be connected to the FireWire port of a target workstation running Windows XP to get full read/write memory access and bypass Windows authentication. He demonstrated the tool in 2006, but didn’t release it until a few days ago. And this type of attack is also apparently effective against other OSes such Linux and OS X. And if the device doesn’t have a FireWire port, you’re not necessarily out of luck. If it has a slot for a PCMCIA card, a PCMCIA FireWire card will do the trick. And if you don’t have Linux on your laptop, just run your favorite Linux Live CD distro and grab the winlockpwn code and go.
VMWare Security Crumbling: Not Really
February 26, 2008 — secauditorThis week CoreLabs came out with notification of a vulnerability found with in VMWare’s software. This vulnerability allows an attacker to break out of the Guest Operating System. This vulnerability was found in VMware’s shared folders mechanism. It grants users of a Guest system read and write access to any portion of the Host’s file system including the system folder and other security-sensitive files. The exploitation of this vulnerability allows attackers to break out of a Guest system to compromise the underlying Host system that controls it. To understand what is bad about this you have to see that the Guest system has been considered an isolated system.
Many security experts have utilized a virtual environment for testing malware, security exploits and vulnerabilities for years. I to am one of these. The one issue that I see that is creating a problem in these environments that has never really been an issue revolves around shared folders.
Exploiting the Core
February 23, 2008 — secauditorThis is the first in a two part blog about utilizing Yersinia to check out the security of your routers and switches. While there are many different exploits and areas of concerns in the routing infrastructures and designs of today, I am going to focus on two areas. Today’s blog is focused on man in the middle attacks (MITM) against routers, specifically, utilizing Yersinia to insert your attack machine in the middle of an HSRP configuration.
——————-
WARNING****Audit Notes
I wanted to put this early on in this post to ensure everyone knows how destructive this tool can be to ones network. This is a very invasive and dangerous exploit for the network. My usual approach is to talk with the IT manager about multiple exploits in this class and to inform them that in my belief it is better to receive a hard copy of the configs and document a simulated attack. If the customer wants us to proceed with a live attack, I always have signed documentation that ensures they know and accept the risks.
-
Radical Reads
Incident Response and Computer Forensics, Second EditionVRRP: Increasing Reliability and Failover with the Virtual Router Redundancy Protocol
Cyber Crime Investigator's Field Guide, Second Edition
CEH: Official Certified Ethical Hacker Review Guide: Exam 312-50
Certified Ethical Hacker Exam Prep (Exam Prep 2 (Que Publishing))
