Security Basics mailing list archives
Re: .LNK vulnerbility
From: Curt Purdy <infosysec () gmail com>
Date: Wed, 28 Jul 2010 09:43:13 -0400
Daniel, I find the best way to understand a vulnerability and exploit is to do hands on work. Not only do you generate a much greater understanding than you would if you simply read stuff, but it will remain in your memory much longer. I have always been a big fan of H. D. Moore's Metasploit, and unfortunately (for us hackers, not for him as he deserves all the money he can make) he is taking Metasploit commercial, but there is still an open-source version available. He has a module demonstrating the use in drive-by attacks. Per the website: Microsoft Windows Shell LNK Code Execution This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path. http://www.metasploit.com/modules/exploit/windows/browser/ms10_xxx_windows_shell_lnk_execute And no, the link is not to a sample attack ;) It is to the module description. Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA infosysec () gmail com purdy () tecman com
Daniel Hood <dsmhood () gmail com> writes:List, Can someone please share how this vulnerability actually works. I'm wondering whether its a "You visit a .php page thats infected and your exploited" or whether its a "You click a link on a .php page and it links to a .lnk file and you download it and run it and your exploited."? Can someone please shed some light on this? Daniel
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: .LNK vulnerbility, (continued)
- RE: .LNK vulnerbility Eggleston, Mark (Jul 23)
- Re: .LNK vulnerbility Todd Haverkos (Jul 23)
- Re: .LNK vulnerbility Shreyas Zare (Jul 23)
- RE: .LNK vulnerbility Eggleston, Mark (Jul 23)
- RE: .LNK vulnerbility faruk (Jul 27)
- RE: .LNK vulnerbility Eggleston, Mark (Jul 23)
- Re: .LNK vulnerbility John Koelndorfer (Jul 23)
- Re: .LNK vulnerbility William Warren (Jul 27)
- RE: .LNK vulnerbility David Bobrosky (Jul 23)
- Re: .LNK vulnerbility Todd Haverkos (Jul 23)
- Re: .LNK vulnerbility vijay upadhyaya (Jul 27)
- Re: .LNK vulnerbility Curt Purdy (Jul 28)