lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BAY2-F65J0sca0ZkfzD00009bbe@hotmail.com>
From: sirhumpsalot97 at hotmail.com (Sir Humpsalot)
Subject: How to easily bypass a firewall...

Whenever a program first tries to access the Internet, most/all personal 
firewalls display a dialog box asking the user if he/she wants to allow 
program "This is a Trojan.exe" to access the Internet. If the user wants 
"This is a Trojan.exe" to access the Internet, he/she clicks "Remember my 
answer" and then "OK". "This is a Trojan.exe" can now access the Internet.

Now, if you can't figure out how to bypass the firewall, read on. Otherwise, 
delete this email and celebrate. You've mastered "101 Programming a Trojan"!

"This is a Trojan.exe" is a smarter program, and it knows that it's smarter 
than the firewall. Since it already knows that the user will press OK, it 
will save the user from pressing enter, and will send the required commands 
to the firewall itself. Right before it tries to connect to some Internet 
site and send all passwords, credit card numbers, and porn pictures of the 
user's wife, it will start a new thread. This thread's only goal in life is 
to check all new windows if it's the firewall, and, whenever it finds the 
firewall's dialog box, send the required commands to enable "This is a 
Trojan.exe" full Internet acccess.

Possible solutions:

1. Firewall forces the user to wait eg. 2 secs before he/she can press OK.
Analysis: User is angry, uses another firewall. Or, "This is a Trojan.exe" 
gets an upgraded brain, and tries to connect to the Internet when the user 
isn't using the computer (eg. at night, or when the user's in the bathroom)

2. Firewall uses some random title string so "This is a Trojan.exe" can't 
find its window
Analysis: There are other means of detecting the firewall dialog box than 
just using the title string. Eg., it could check if the dialog has buttons 
with certain strings, etc.

3. Firewall stops "This is a Trojan.exe" and all its threads right before 
displaying the dialog box
Analysis: "This is a Trojan.exe" could launch a separate process that can do 
the same thing as the thread. And it doesn't need to launch the process 
itself, it could let Windows launch it at startup so that it wouldn't be 
possible for the firewall to also stop all processes launched by "This is a 
Trojan.exe".

4. Firewall doesn't allow programs to send commands to its dialog box
Analysis: Not possible due to Windows' messaging architecture. Any window 
can send any command to any other window, and the destination window has no 
way of knowing if the key press was sent by a program or if it actually was 
the user pressing enter.

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ