Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Sandboxie 4.12

jalaffa

By jalaffa
in News & Updates

Recommended Posts

Ponting

Ponting

Posted
Posted

In our analysis of the provided information, the user takes advantage of the default configuration of an existing Microsoft-provided Windows Remote Management service (WS-Management) running on the Windows host. He is using an administrator-privileged client (winrs) running in the sandbox to connect to the host itself over TCP to the management service (winrm) running on the host, thereby creating a sandbox to host communication. (Windows Remote Management service is a Microsoft-provided service that allows for remote access to another host to perform management functions.) As you can imagine, any remote management service can be used to perform both positive and negative actions on the host itself.

This access does not take advantage of a vulnerability (0-day or other) or a defect in Sandboxie in how it isolates the file system, registry, or running processes from the host.

In fact, there are many legitimate use cases for sandboxed processes to communicate with a network service on the same host. Additionally as a point of concern, this type of remote management access can be performed completely outside of Sandboxie whereby one host on a network can connect to the Windows Remote Management service running on a second host on the same network, for example, at a public WiFi hotspot.

We recommend safe configurations of your PC’s operating system and running applications working in conjunction with the isolation protection offered by Sandboxie. Any of these configurations would block the access that was demonstrated:

- Disable default services on your PC that you do not use or which presents a security risk.

A good list for Windows 7 is available here (http://www.blackviper.com/service-c...dows-7-service-pack-1-service-configurations/), and similar configurations apply to other Windows versions.​

- If remote management is needed, configure the service to request a user-provided strong password.

- Install and configure a third-party firewall to block localhost-initiated network communications to local services (on loopback and the active network adapter)

We did implement a control in the just-released Sandboxie 4.13 beta version that specifically blocks running the winrs client in the sandbox altogether, among other edge cases we found in our analysis to provide even more protection. We are continuously evaluating where we can have Sandboxie implement security control over the risk created by default Windows services to better protect our users.

Thank you for bringing this to our attention and safe browsing!

Sandboxie Team

Source: http://malwaretips.com/threads/news-0-day-discovered-in-sandboxie.30956/page-3#post-246590

For more: http://malwaretips.com/threads/news-0-day-discovered-in-sandboxie.30956/

Link to comment
Share on other sites
  • Replies 117
  • Views 19.2k
  • Created
  • Last Reply
DDOS

DDOS

Posted
Posted

Sandiboxie Power Activator v1.0 Beta (1) (x86 and x64 ) full featured activation

669572.jpg

https://anonfiles.com/file/737e2b6aff75c6036cac64f7acdb7dd8

https://www.youtube.com/watch?v=BO8pBnUbf0o

Could someone please provide a TusFiles mirror? Can't seem to download from that link.

bc12961457ef1.png

https://www.youtube.com/watch?v=VgEhD1ryYM4

https://www.mirrorcreator.com/files/0WNIEMZY/Power_Activator_v1.0b2.rar_links

Link to comment
Share on other sites
HandyPAF

HandyPAF

Posted
Posted

Thanks for the new link! Finally got Sandboxie working on my machine (8.1 x64)

Is Sandboxie a good way to test if a portable program leaves trace data behind?

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

Thanks for the new link! Finally got Sandboxie working on my machine (8.1 x64)

Is Sandboxie a good way to test if a portable program leaves trace data behind?

No its not I think most use it to prevent from getting infected and im still not convinced they ever patched the hole in x64 ..Some say the hole really is not patched just the vendors wrote off that as its safe but its not. It dont replace and anti virus that's for sure

To see if they leave stuff behind you need programs like these

https://www.raymond.cc/blog/tracking-registry-and-files-changes-when-installing-software-in-windows/

Also using a search program like everything to find hidden folders is good for files hiding on your system .

Link to comment
Share on other sites
HandyPAF

HandyPAF

Posted
Posted

I use Sandboxie for the security purpose, I was just curious if it also worked to find trace data left behind by a poorly created launcher.

Thank you for the link btw, it answered my question :)

Link to comment
Share on other sites
  • 3 weeks later...
locoJoe

locoJoe

Posted
Posted

Sandboxie beta v4.13.4 Sept.12, 2014

Combined 32/64 installer:
http://www.sandboxie.com/SandboxieInstall-413-4.exe

Separate:
http://www.sandboxie.com/SandboxieInstall32-413-4.exe
http://www.sandboxie.com/SandboxieInstall64-413-4.exe

Fixes in 4.13.4

1) The auto-update feature only checked the next update time (SbieCtrl_NextUpdateCheck) 1 time when SbieCtrl.exe was started. If SbieCtrl.exe was kept running, it would never check the update time again. This has been fixed.

2) Several large memory leaks (reported by Dr. Larry Pepper et al.) have been fixed. In particular: viewtopic.php?f=11&t=18412

3) ASLR is now enabled for SbieDll.dll 32 bit (64 bit will come later).

4) OpenIpcPath=\BaseNamedObjects\FontCachePort is now in templates.ini as a default. Until now, this was a suggested work-around for some Chrome 37 problems.
NOTE: the default only applies to new installs. For existing installs, you need to go into Sandbox settings->Applications->All Applications, and check the option "Allow direct access to Windows Font Cache"

5) NtQueryInformationProcess was not working correctly for 32 bit apps running in 64 bit Windows. The sandbox path was returned instead of the host path. This is mainly for Buster and BSA.

6) There is a new EULA (license.txt)

The Chrome 37/38 permissions problem with drop rights is still being worked.

Link to comment
Share on other sites
kingviking

kingviking

Posted
Posted
worked for me :)

2014-09-17_102402_zpsb160f25c.png

That isn't proof. Even the previous "crack" did that much.

Does Forced Programs and Forced Folders features work? Can u run programs in more than one sandbox at the same time?

FORCED programs and forced folders is working for me and even one then one sandbox :smoke: :smoke:

sb_zpsbd8c0954.jpg

Link to comment
Share on other sites
kingviking

kingviking

Posted
Posted

Yeah, works fine with all the pro features but you can't remove the horrible Test Mode Watermark !

Bear with it :rockon: ..say thanks to coder..

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

Is the crack only for 32bit?

both 64 and 32

When i tested it on x64 after i rebooted after applying the fix and open it up and try to apply the code it kept giving me and invaild code . Ive never had much luck with any kind of patch on x64 for this.

Link to comment
Share on other sites
kingviking

kingviking

Posted
Posted

Is the crack only for 32bit?

both 64 and 32

When i tested it on x64 after i rebooted after applying the fix and open it up and try to apply the code it kept giving me and invaild code . Ive never had much luck with any kind of patch on x64 for this.

ARE u copying only the code or the full line...just copy only the code not the word syscode...it happened to me also... :rolleyes:

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

Is the crack only for 32bit?

both 64 and 32

When i tested it on x64 after i rebooted after applying the fix and open it up and try to apply the code it kept giving me and invaild code . Ive never had much luck with any kind of patch on x64 for this.

ARE u copying only the code or the full line...just copy only the code not the word syscode...it happened to me also... :rolleyes:

I copy only the code it dont work for me .I tired to install it 2 times . I got invalid code . I dont know could it be EMET or the fact i run nod and you can only turn it off while logged on?

Link to comment
Share on other sites
demoneye

demoneye

Posted
Posted

Can someone test this patches for Sandboxie v4.12 ?

Patch_Sandboxie_v4.12_Dev_Point_x86_x64

xxxxxxxx

you forgot the pass and plz make the link according to forum rulez. :)

Link to comment
Share on other sites
OZOZO

OZOZO

Posted
Posted

Can someone test this patches for Sandboxie v4.12 ?

Patch_Sandboxie_v4.12_Dev_Point_x86_x64

xxxxxxxxx

you forgot the pass and plz make the link according to forum rulez. :)

Sorry my mistake :s Password: nsane

Link to comment
Share on other sites
knowledge-Spammer

knowledge-Spammer

Posted
Posted

Could you test this SandBoxie Patches
do they work properly or not
and do they activate all the Paid Feautures
like creating unlimited Default Boxes
and the "Forced Program Feautures ?

i do not like patchs at rest my pc with out asking 1st but will test for u

Link to comment
Share on other sites
OZOZO

OZOZO

Posted
Posted

Could you test this SandBoxie Patches

do they work properly or not

and do they activate all the Paid Feautures

like creating unlimited Default Boxes

and the "Forced Program Feautures ?

i do not like patchs at rest my pc with out asking 1st but will test for u

MANY THANKS :D

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...