And that’s why you make sure you have sanitization checks on the backed too. From end should just provide your users with quicker feedback and save on network traffic. The backend should prevent anything from actually being executed that shouldn’t. That way it doesn’t matter how it gets submitted. Same if you were have a UI and API. The API may get inputs outside of a UI so you should have your checks there.
Damn...
I'm a Linux user that basically hates the MS way of life, but I must admit that they are taking AI seriously AND share their tools. So kudos, please continue !
I shamelessly reused the AI assesment template at work and this RIT will be pushed to some colleagues.
Yeah. It was pretty interesting to hear the details of pretending to be a HID device and how you could use it in practice to make malicious changes to the host computer. But surely adding to /etc/hosts is not the most preferred sneaky thing you can do with your unrestricted access.
I also own my computer. Doesn't hold me back to remove my user all admin rights.
If you still log in with admin rights, being hacked by a charging phone won't be the first bad thing happening to your system.
You would also get several prompts asking if you want to do this, both from Windows under UAC (by default, even if you can escalate), the Android driver, and the phone itself. It's rarely the case now that Windows users execute privileged actions without notification, but it's possible.
I don't want to discourage people testing ways to compromise security for the good of everyone, but this is a well known vector and a lot of jumps have to succeed to give the attacker value.
You can cut down a lot of room for failure by just using a rubber ducky USB instead. It doesnt have to be an Android phone. Even then, there's more than a few controls in the way.
No one pays attention to the prompts. If you've ever watched a standard computer user they click away a prompt as fast as it appears without even reading it.
So I understand better, could you explain the scenario where you would use this and what it would get you as the attacker?
Is it like: "Hey bud, please plug my phone into your computer." Then, they click through everything, you get privileged execution, and you choose to modify the hosts file?
You believe that would have a high chance of success? What do you get afterwards?
and, ultimately, our achievement of RCE on Apple’s production server.
😕
Notably, our exploitation extended to potentially compromising Lucee's update server, thereby unveiling a classic supply chain attack to compromise any Lucee installation with malicious updates.
That is awesome. Though since he could patch the firmware and they had custom encryption code, I would have patched that out to get unencrypted calls. Those his method allowed for stock operation.
netsec
Hot