Sunday, February 6, 2011

Mulling Through the Windows NTLM Weak Nonce Vulnerability

As of late there have been relatively few Windows 7 exploits, the only major ones were a DoS attack using SMB, and a UAC code-injection bypass attack. However, a new exploit surfaced about a month ago detailing an exploit capable of bypassing SMB user credentials by using repeated challenges. The whole thing (documented here) works similarly to the infamous SMB credential reflection attack. It involves repeatedly spamming a computer with SMB Negotiate Protocol Requests and logging the challenges that result. Then the computer is forced to connect to a JavaScript page that repeatedly connects back to the attacker. The attacker listens for similar challenges and when it receives a challenge that it knows, it replays the challenge. The sad part is that similar to the aforementioned SMB credential reflection attack, the exploit has been around for a pretty long time, 17 years. The exploit was released on the Microsoft site sometime last year and the exploit-PoC was posted about a month ago.

MS10-081 SVG Issues! (YAY)

So back at the beginning of the year a new exploit appeared on concerning SVG graphics. The whole issue had to do with a third party plugin dealing with yet another Adobe plug-in. This time it was Adobe SVG Viewer. (Last September it was flash and PDF exploits) Apparently the patch has already gone out and in fact, was the very thing that made finding the exploit possible. (You can read more about the beauty of this hack, here) Now, this hack only works for Windows XP SP3 (or so I am told) and has already been patch (So it looks like most are safe for now)

Welcome to FOPTA!

My name is Ian Rash and I run an online penetration testing academy from YouTube. I have been studying computers since I was in the fifth grade. I began programming in BASIC and eventually went on to take classes at Irvine Valley College, in middle school, for A+ and Network+. I passed both classes. I began studying security when I was in high school about 2 years ago. I came to love the world of pen testing and now I run a course online dedicated to the subject. I hope to do some text tutorials on the blog so stay tuned for extra lessons. :)