January 24, 2016 at 21:25Hot potatoes will break your windows: obtaining system rights on all versions of Windows, starting with the 7th
Foxglove Security’s security specialists have been able to combine several vulnerabilities in Microsoft’s operating systems, the oldest of which is already 15 years old. The system of three vulnerabilities, assembled into one, was called "Hot Potato". This system allows for a reasonable time to raise the privileges of the process from the lowest to the system, and thereby gain control over the OS. Among the vulnerabilities used are NTLM relay, an attack on the authentication protocol of NT LAN Manager (specifically HTTP-> SMB relay). Another vulnerability is NBNS spoofing, which allows an attacker to configure fake proxies in the Web Proxy Auto-Discovery Protocol. All vulnerabilities work in Windows 7, 8, 10, Server 2008 and Server 2012.
How the utility works in Windows 7 The
vulnerabilities used are not new. Moreover, they are all well known within Microsoft. The only problem is that fixing these vulnerabilities is impossible without violating the backward compatibility of different versions of operating systems. Therefore, various kinds of hackers exploit them to this day.
Researchers took as the basis of their system the 2014 method from Google Project Zero , and then expanded and supplemented it. New is the method of combining known vulnerabilities among themselves.
Successive application of three vulnerabilities can take quite a long time, from several minutes to several days, but if successful, the attacker can raise the privileges of the process to the system one. Since many administrators, when building network protection, rely on the level of privileges, the process that has received the highest privileges will allow penetrating other computers on the network, thereby compromising the entire network.
Foxglove Security was revealed at its latest ShmooCon hacking conference last weekend. They did not hesitate not only to describe in detail the technology of hacking on their page , but also to publish videos with a demonstration and even to lay out the code for the hacking utility on GitHub .