Jump to content

Search the Community

Showing results for tags 'smb'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1). More refined versions of the exploit are expected to emerge, especially since at least two cybersecurity companies created exploits for the vulnerability and have been holding back the release since April. Critical severity Known by various names (SMBGhost, CoronaBlue, NexternalBlue, BluesDay), the security flaw can be leveraged by an unauthenticated attacker to spread malware from one vulnerable system to another without user interaction. SMBGhost affects Windows 10 versions 1909 and 1903, including Server Core. Microsoft patched it in March, warning that exploitation is “more likely” on both older and newer software releases and that it is as critical as can be: maximum severity score of 10. All an attacker would need to do to exploit it is send a specially crafted packet to a targeted SMBv3 server. The result would be similar to the WannaCry and NotPetya attacks from 2017, which used the EternalBlue exploit for SMB v1. Exploit code for SMBGhost After the vulnerability leaked in March, security researchers started to find a way to exploit SMBGhost but the results were limited to local privilege escalation (LPE) and denial of service (blue screen). Cybercriminals have been leveraging the vulnerability to escalate local privileges and deliver malware pieces (1, 2) such as the Ave Maria remote access trojan with keylogging and info stealing capabilities. While LPE can help attackers in a post-compromise stage, remote code execution (RCE) would get them in and around, making it game over for vulnerable systems. Almost three months since Microsoft released the patch, a security researcher using the Twitter handle Chompie shared publicly a version of the SMBGhost RCE. The exploit relies on a physical read primitive, the researcher told BleepingComputer, and that demonstrating this interesting primitive was her intention with the code. The researcher says that this primitive may allow easier exploitation of future SMB memory corruption bugs. Right now, an information leak is needed for remote exploitation. However, the primitive would permit for a less complicated method. Her code is not 100% reliable and the purpose is to help others expand their knowledge in the reverse-engineering area. “It was written quickly and needs some work to be more reliable,” the researcher states in the readme file. “Sometimes you BSOD. Using this for any purpose other than self education is an extremely bad idea. Your computer will burst in flames. Puppies will die.” Chompie told us that it works best on Windows 10 1903 and that many individuals were able to exploit the bug successfully on this version."Will Dormann, vulnerability analyst for CERT/CC, tested Chompie’s code on a machine running Windows 10 v1909, and obtained inconsistent results for remote code execution. Sometimes the exploit would crash the test system, other times it would just fail. Will Dormann, vulnerability analyst for CERT/CC, tested Chompie’s code on a machine running Windows 10 v1909, and obtained inconsistent results for remote code execution. Sometimes the exploit would crash the test system, other times it would just fail. source: Will Dorma From an attacker’s standpoint, though, the code does not have to be 100% reliable, Dormann told us. A crash is nothing but a longer wait for the next attempt as Windows typically reboots after the memory dump finishes. If the code simply fails, nothing is stopping the attacker from trying until they achieve the desired effect. When targeting a vulnerable machine, the bad guys just need to be patient and insist until the code works. credit: Will Dormann Moreover, those with knowledge can tweak it to iron out the wrinkles. And SMBGhost is the type of bug skilled threat actors like to use. Chompie’s exploit for SMBGhost RCE is not the only one. Startup cybersecurity company ZecOps announced in April that they created an exploit that works when chained with an infoleak vulnerability. On the same day, cybersecurity firm Ricerca Security said that obtaining RCE was not easy and provided proof that it was possible. They also published technical details explaining the strategy and methods that could be used to exploit the SMBGhost. However, both companies held back from releasing the actual exploit. On April 26, ZecOps said that they would publish the code and a write up after the next Windows update. Chompie says that it will happen in the following days, which is also the reason she decided to make her research public. [Update]: Article updated with info about the vulnerability being exploited in the wild. Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit
×
×
  • Create New...