Hosted by Dailymotion. For legal issues report at the Copyright Center, report us on DMC, or use the Instant Removal tool.
New attack Windows vulnerables for 8 years.
Description
Today, I am going to release a Proof of Concept of the sandman attack using SandMan Framework. This PoC consists in elevating a user CMD shell to SYSTEM level under Windows XP SP3 RC1.
Sandman Framework offers a wide range of possibilities, both offensive and defensive. Like cryptographic keys retrieving in popular encryption software (e.g. TrueCrypt, GPG), privilege
escalation (cf. PoC), login without any password, and so on.
All Windows versions are concerned, from Windows 2000 up to Windows 2008 (and possibly Windows Seven).
The following video shows how the system can be subverted in a few minutes. The following points are highlighted:
* Deactivating hibernation feature does not solve the problem.
* The sandman attack affects every Windows version, from Windows 2000 to Windows 2008, 32- and 64-bit alike.
* We can read and write everything everywhere in the physical memory (RAM).
* This attack is feasible in real life on every computer with no hardware requirements.
* The attack has no time limitation. If a computer has been hibernated one
week ago, extracting his physical memory is still possible.
This is far more powerful than other recently demonstrated attacks against physical memory, like Cold Boot and FireWire attacks.
Source : <a class="link" rel="nofollow" href="http://www.msuiche.net/">http://www.msuiche.net/</a>
SandMan Framework : <a class="link" rel="nofollow" href="http://sandman.msuiche.net">http://sandman.msuiche.net</a>
Sandman Framework offers a wide range of possibilities, both offensive and defensive. Like cryptographic keys retrieving in popular encryption software (e.g. TrueCrypt, GPG), privilege
escalation (cf. PoC), login without any password, and so on.
All Windows versions are concerned, from Windows 2000 up to Windows 2008 (and possibly Windows Seven).
The following video shows how the system can be subverted in a few minutes. The following points are highlighted:
* Deactivating hibernation feature does not solve the problem.
* The sandman attack affects every Windows version, from Windows 2000 to Windows 2008, 32- and 64-bit alike.
* We can read and write everything everywhere in the physical memory (RAM).
* This attack is feasible in real life on every computer with no hardware requirements.
* The attack has no time limitation. If a computer has been hibernated one
week ago, extracting his physical memory is still possible.
This is far more powerful than other recently demonstrated attacks against physical memory, like Cold Boot and FireWire attacks.
Source : <a class="link" rel="nofollow" href="http://www.msuiche.net/">http://www.msuiche.net/</a>
SandMan Framework : <a class="link" rel="nofollow" href="http://sandman.msuiche.net">http://sandman.msuiche.net</a>
Keywords & Tags
More from User
07:36
New attack Windows vulnerables for 8 years.
msuiche
Related Videos
03:52
Enabling hibernation in Windows Vista
Tim Smith
05:23
Save power by using hibernation in Windows Vista
Tim Smith
03:16
Enabling hibernation in Windows XP
Tim Smith
00:05
[Read PDF] Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry
Vítor17
00:27
[PDF] Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides Full
Huldrych Matt
00:25
PDF Malware Forensics Field Guide for Windows Systems Digital Forensics Field Guides EBook
RoseEvansJohnson