Windows fails! (by ethical hacking...)

All things asdf (and anything else)
User avatar
erik422
ASDF-ville inhabitant
ASDF-ville inhabitant
Posts: 19
Joined: Tue Nov 20, 2012 12:48 am

Windows fails! (by ethical hacking...)

Post by erik422 » Tue Nov 20, 2012 12:57 am

Post stuff here about funny windows weaknesses!

Yesterday, I wrote a Java applet that got privileges to write to the user's hard disk with just 2 security dialogs! Windows+Java=stupid easy, really. I made it so it copies an exe to some random obscure appdata folder, then put a shortcut to it in the start menu's startup folder. I didn't want to go this far, but you could really introduce some malicious software like this. Like a keylogger... I just put an annoying dialog.... Than sent it to my (programmer) friend, who figured it out eventually... :wink:
Note: If you are noting this note, then please note that there is nothing to note. :D

User avatar
atomtengeralattjaro
Site Admin
Site Admin
Posts: 37528
Joined: Wed May 23, 2007 3:43 pm
Location: green
Pronouns: he / they / that submarine
Contact:

Re: Windows fails! (by ethical hacking...)

Post by atomtengeralattjaro » Tue Nov 20, 2012 11:50 am

welcome.
nice, but i must say that if someone wants to run an applet so badly that they press OK on two security dialogs, they must either trust the publisher or be really careless..
Ivokyuftaf6666 wrote:
Sun Oct 20, 2019 5:22 pm
Awesome Site, Delivering Fun
Image

User avatar
vraiment
JKL;'s Nightmare
JKL;'s Nightmare
Posts: 9505
Joined: Sun Oct 05, 2008 2:35 am
Pronouns: Well it shouldn't really be that complicated if you go over my post history but then... why are you searching through my post history? Don't you think you are over complicating something as simple as just referring to me? Why are you like this? Is it just out of boredom? Does your religion require it? You could just assume them and skip all this paragraph, don't worry an eldritch horror won't appear out of nowhere to eat you (or me for that matter) if you get this wrong, the worst that can happen is I ignore you and even in that case you can try again! There shouldn't be that many options anyway so if you get it wrong the first time try again and again. Bottom line is: you just lost a bunch of time reading this paragraph for something as trivial as figuring out how to refer to me when you could just have deduced it which should make you think your life choices so far.

Re: Windows fails! (by ethical hacking...)

Post by vraiment » Tue Nov 20, 2012 3:19 pm

* + java = shit
Image

User avatar
Anonymously Famous
JKL; Assassin
JKL; Assassin
Posts: 11413
Joined: Thu Mar 03, 2011 6:52 pm
Location: Area ???, under Bermuda Triangle

Re: Windows fails! (by ethical hacking...)

Post by Anonymously Famous » Tue Nov 20, 2012 6:50 pm

You can copy files with just about any programming language, provided the user has permissions to write to the location.
BOTTOM TEXT
ThingerDudes wrote:The only reasonable amount of Nutella is infinity. Everything else is too little.
Proud poster of the 300kth post in General

User avatar
atomtengeralattjaro
Site Admin
Site Admin
Posts: 37528
Joined: Wed May 23, 2007 3:43 pm
Location: green
Pronouns: he / they / that submarine
Contact:

Re: Windows fails! (by ethical hacking...)

Post by atomtengeralattjaro » Tue Nov 20, 2012 7:23 pm

Java did have a significant security leak earlier this year, but I think it only affected Java 6. I think it was something to do with being able to invoke some otherwise "forbidden" methods using reflection, in a sandboxed environment (applets). I have no idea why said forbidden classes/methods were even in the browser-version JRE in the first place, though.. but i have nearly no insight on how does sandboxing work internally anyway.
Ivokyuftaf6666 wrote:
Sun Oct 20, 2019 5:22 pm
Awesome Site, Delivering Fun
Image

User avatar
erik422
ASDF-ville inhabitant
ASDF-ville inhabitant
Posts: 19
Joined: Tue Nov 20, 2012 12:48 am

Re: Windows fails! (by ethical hacking...)

Post by erik422 » Tue Nov 20, 2012 9:15 pm

No I'm assuming the user is (somewhat) dumb (with computers) and the applet looks like a convincing game...
Note: If you are noting this note, then please note that there is nothing to note. :D

User avatar
Anonymously Famous
JKL; Assassin
JKL; Assassin
Posts: 11413
Joined: Thu Mar 03, 2011 6:52 pm
Location: Area ???, under Bermuda Triangle

Re: Windows fails! (by ethical hacking...)

Post by Anonymously Famous » Tue Nov 20, 2012 10:16 pm

I'd heard that there was a leak in Java 7, too, though it was an offhand comment from my work's IT manager, so I don't have any details. And it might be fixed by now.
BOTTOM TEXT
ThingerDudes wrote:The only reasonable amount of Nutella is infinity. Everything else is too little.
Proud poster of the 300kth post in General

User avatar
erik422
ASDF-ville inhabitant
ASDF-ville inhabitant
Posts: 19
Joined: Tue Nov 20, 2012 12:48 am

Re: Windows fails! (by ethical hacking...)

Post by erik422 » Tue Nov 20, 2012 10:50 pm

I found an even easier way to put files on a computer through IE (specifically IE, because IE has activeX). http://carnal0wnage.attackresearch.com/ ... ploit.html
IE is so dumb...
Note: If you are noting this note, then please note that there is nothing to note. :D

User avatar
atomtengeralattjaro
Site Admin
Site Admin
Posts: 37528
Joined: Wed May 23, 2007 3:43 pm
Location: green
Pronouns: he / they / that submarine
Contact:

Re: Windows fails! (by ethical hacking...)

Post by atomtengeralattjaro » Tue Nov 20, 2012 11:12 pm

sounds cool and i'll look at it, but by just looking at the date of that post i can assume that it's no longer working on an up-to-date IE.
Ivokyuftaf6666 wrote:
Sun Oct 20, 2019 5:22 pm
Awesome Site, Delivering Fun
Image

User avatar
assdef
JKL;'s Nightmare
JKL;'s Nightmare
Posts: 7273
Joined: Sat Jan 02, 2010 9:30 pm

Re: Windows fails! (by ethical hacking...)

Post by assdef » Tue Nov 20, 2012 11:32 pm

"ethical hacking"

I think I will leave that right next to "jumbo shrimp" and "almost exactly" and "alone together" and "government secrets."
Image

User avatar
Anonymously Famous
JKL; Assassin
JKL; Assassin
Posts: 11413
Joined: Thu Mar 03, 2011 6:52 pm
Location: Area ???, under Bermuda Triangle

Re: Windows fails! (by ethical hacking...)

Post by Anonymously Famous » Wed Nov 21, 2012 12:19 am

Not to mention "Military Intelligence" and "Microsoft Works".

There is such a thing as ethical hacking. All the hacking I do is ethical. (And by "hacking" I mean creating programs to solve problems, mostly dealing with my own work). There are also those who are hired to find security vulnerabilities within systems so that those vulnerabilities can be eliminated or minimized. I'd call that ethical.
BOTTOM TEXT
ThingerDudes wrote:The only reasonable amount of Nutella is infinity. Everything else is too little.
Proud poster of the 300kth post in General

User avatar
ThingerDudes
ASDF Warlord
ASDF Warlord
Posts: 20958
Joined: Sun Apr 12, 2009 4:12 am
Location: near, far, wherever i are

Re: Windows fails! (by ethical hacking...)

Post by ThingerDudes » Wed Nov 21, 2012 1:01 am

Yeah but capitalism is evil and unethical like white male landowners.
Image

User avatar
vraiment
JKL;'s Nightmare
JKL;'s Nightmare
Posts: 9505
Joined: Sun Oct 05, 2008 2:35 am
Pronouns: Well it shouldn't really be that complicated if you go over my post history but then... why are you searching through my post history? Don't you think you are over complicating something as simple as just referring to me? Why are you like this? Is it just out of boredom? Does your religion require it? You could just assume them and skip all this paragraph, don't worry an eldritch horror won't appear out of nowhere to eat you (or me for that matter) if you get this wrong, the worst that can happen is I ignore you and even in that case you can try again! There shouldn't be that many options anyway so if you get it wrong the first time try again and again. Bottom line is: you just lost a bunch of time reading this paragraph for something as trivial as figuring out how to refer to me when you could just have deduced it which should make you think your life choices so far.

Re: Windows fails! (by ethical hacking...)

Post by vraiment » Wed Nov 21, 2012 1:19 am

open sources is theoretically awesome and beautiful

truth is most users don't give a sh*t about software freedom

java is a lame and old language
Image

User avatar
erik422
ASDF-ville inhabitant
ASDF-ville inhabitant
Posts: 19
Joined: Tue Nov 20, 2012 12:48 am

Re: Windows fails! (by ethical hacking...)

Post by erik422 » Wed Nov 21, 2012 5:03 pm

Are you kidding me? Java is awesome! It is absolutely not old or lame. I code in it a lot because it is cross platform, so I don't have to worry about all those C++ libraries and extra code that I would have to worry about if I wanted to make a C++ application cross platform.
Note: If you are noting this note, then please note that there is nothing to note. :D

User avatar
atomtengeralattjaro
Site Admin
Site Admin
Posts: 37528
Joined: Wed May 23, 2007 3:43 pm
Location: green
Pronouns: he / they / that submarine
Contact:

Re: Windows fails! (by ethical hacking...)

Post by atomtengeralattjaro » Wed Nov 21, 2012 10:09 pm

Better not get Vraiment started on java.. :P it's gonna be an endless flame war.
erik422 wrote:It is absolutely not old or lame.
It is definitely old. Lameness is subjective, i won't get into that now.. but I do prefer C#.
Ivokyuftaf6666 wrote:
Sun Oct 20, 2019 5:22 pm
Awesome Site, Delivering Fun
Image

User avatar
assdef
JKL;'s Nightmare
JKL;'s Nightmare
Posts: 7273
Joined: Sat Jan 02, 2010 9:30 pm

Re: Windows fails! (by ethical hacking...)

Post by assdef » Wed Nov 21, 2012 10:43 pm

*gets his flame thrower ready*
Image

User avatar
vraiment
JKL;'s Nightmare
JKL;'s Nightmare
Posts: 9505
Joined: Sun Oct 05, 2008 2:35 am
Pronouns: Well it shouldn't really be that complicated if you go over my post history but then... why are you searching through my post history? Don't you think you are over complicating something as simple as just referring to me? Why are you like this? Is it just out of boredom? Does your religion require it? You could just assume them and skip all this paragraph, don't worry an eldritch horror won't appear out of nowhere to eat you (or me for that matter) if you get this wrong, the worst that can happen is I ignore you and even in that case you can try again! There shouldn't be that many options anyway so if you get it wrong the first time try again and again. Bottom line is: you just lost a bunch of time reading this paragraph for something as trivial as figuring out how to refer to me when you could just have deduced it which should make you think your life choices so far.

Re: Windows fails! (by ethical hacking...)

Post by vraiment » Thu Nov 22, 2012 12:23 am

erik422 wrote:Are you kidding me? Java is awesome! It is absolutely not old or lame. I code in it a lot because it is cross platform, so I don't have to worry about all those C++ libraries and extra code that I would have to worry about if I wanted to make a C++ application cross platform.


I WANT TO WATCH THE WORLD BURN

Java is not multiplatform, does java run in iOS?

C/C++ are kinda portable.

Right now I'm making a little game for a class in C++ and SDL.

Compiles in windows and os x.

Same code runs in both platforms, (and maybe it would run in linux)

The only difference to make compile is how you set up each IDE.

I'm too lazy to do it by console.

And to execute them, you just have to set the DLL or .framework in the correct directory.

Something the IDE does automatically as is correctly configured.

C# is also kind of portable.

Java lacks of function pointers or something similar.

Interfaces are good idea, without excess.

Java will take 8 versions AFAIK to include unsigned integers. That's like a lot.

Unsigned integers are not that hard to implement.

Java generics are a joke-syntactic-sugar.

Is lame that you cannot cast (Object[]) to (MyClass[]), in the end they are pointers.

I could go on and on with troubles I have found working with Java.

It has good things, but has more bad things.

Try C#.
Image

User avatar
ThingerDudes
ASDF Warlord
ASDF Warlord
Posts: 20958
Joined: Sun Apr 12, 2009 4:12 am
Location: near, far, wherever i are

Re: Windows fails! (by ethical hacking...)

Post by ThingerDudes » Thu Nov 22, 2012 3:18 am

kinda relevant xkcd (I guess not really but it's relevant to me!)
Image

User avatar
vraiment
JKL;'s Nightmare
JKL;'s Nightmare
Posts: 9505
Joined: Sun Oct 05, 2008 2:35 am
Pronouns: Well it shouldn't really be that complicated if you go over my post history but then... why are you searching through my post history? Don't you think you are over complicating something as simple as just referring to me? Why are you like this? Is it just out of boredom? Does your religion require it? You could just assume them and skip all this paragraph, don't worry an eldritch horror won't appear out of nowhere to eat you (or me for that matter) if you get this wrong, the worst that can happen is I ignore you and even in that case you can try again! There shouldn't be that many options anyway so if you get it wrong the first time try again and again. Bottom line is: you just lost a bunch of time reading this paragraph for something as trivial as figuring out how to refer to me when you could just have deduced it which should make you think your life choices so far.

Re: Windows fails! (by ethical hacking...)

Post by vraiment » Thu Nov 22, 2012 3:30 am

i always was too lazy to learn emacs

but not to learn vi(m)

I like vi(m)
Image

User avatar
assdef
JKL;'s Nightmare
JKL;'s Nightmare
Posts: 7273
Joined: Sat Jan 02, 2010 9:30 pm

Re: Windows fails! (by ethical hacking...)

Post by assdef » Thu Nov 22, 2012 6:19 am

ROAR!!!!!

*insert plausible argument about the virtues of a particular programming language here*

ALL OTHERS ARE WRONG AND MUST SUFFER MY WRATH!!!!
Image

Post Reply