Security Basics mailing list archives

Re: .LNK vulnerbility

From: Curt Purdy <infosysec () gmail com>
Date: Wed, 28 Jul 2010 09:43:13 -0400

Daniel,

I find the best way to understand a vulnerability and exploit is to do
hands on work. Not only do you generate a much greater understanding
than you would if you simply read stuff, but it will remain in your
memory much longer.

I have always been a big fan of H. D. Moore's Metasploit, and
unfortunately (for us hackers, not for him as he deserves all the
money he can make) he is taking Metasploit commercial, but there is
still an open-source version available. He has a module demonstrating
the use in drive-by attacks. Per the website:

Microsoft Windows Shell LNK Code Execution
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain an icon resource pointing to a
malicious DLL. This module creates a WebDAV service that can be used
to run an arbitrary payload when accessed as a UNC path.

http://www.metasploit.com/modules/exploit/windows/browser/ms10_xxx_windows_shell_lnk_execute

And no, the link is not to a sample attack ;) It is to the module description.

Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA
infosysec () gmail com
purdy () tecman com

Daniel Hood <dsmhood () gmail com> writes:

List,

Can someone please share how this vulnerability actually works.

I'm wondering whether its a "You visit a .php page thats infected and
your exploited" or whether its a "You click a link on a .php page and
it links to a .lnk file and you download it and run it and your
exploited."?

Can someone please shed some light on this?

Daniel


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RE: .LNK vulnerbility, (continued)
- - RE: .LNK vulnerbility Eggleston, Mark (Jul 23)
    - Re: .LNK vulnerbility Todd Haverkos (Jul 23)
    - Re: .LNK vulnerbility Shreyas Zare (Jul 23)
    - RE: .LNK vulnerbility Eggleston, Mark (Jul 23)
    - RE: .LNK vulnerbility faruk (Jul 27)
    - Re: .LNK vulnerbility John Koelndorfer (Jul 23)
    - Re: .LNK vulnerbility William Warren (Jul 27)
  - RE: .LNK vulnerbility David Bobrosky (Jul 23)
  - Re: .LNK vulnerbility Todd Haverkos (Jul 23)
    - Re: .LNK vulnerbility vijay upadhyaya (Jul 27)
  - Re: .LNK vulnerbility Curt Purdy (Jul 28)
- RE: .LNK vulnerbility krymson (Jul 27)