Message-ID: <CAJ8usC6v1XLJzm+_rAM__3F7wjdnKh_VzsUtARvJ43FHbaQGEA@mail.gmail.com>
Date: Wed, 1 Jun 2016 13:39:19 -0300
From: Raiden lol <coolerlair@...il.com>
To: Fulldisclosure@...lists.org
Subject: [FD]  Force allow access button to Bypass windows firewall

Title: Force allow access to Bypass windows firewall
Vulnerability: Missing Authorization
Wednesday, May 18, 2016
Credit: CoolerVoid

Technical Details
===========
Windows has the function *SendInput()*
<https://msdn.microsoft.com/pt-br/library/windows/desktop/ms646310%28v=vs.85%29.aspx>
to
simulate a keystroke. This function accepts as argument an array of INPUT
structures. The INPUT structures can be either a mouse or a keyboard event.
The keyboard event structure has a member called wVk which can be any key
on the keyboard.

*SendInput()
<https://msdn.microsoft.com/pt-br/library/windows/desktop/ms646310%28v=vs.85%29.aspx>*played
an important role when writing the code for allow access to bypassing
Windows firewall. How does it work?

Firstly, the programm it finds a window with title 'Windows Security Alert'
using the function *GetWindowText()*
<https://msdn.microsoft.com/pt-br/library/windows/desktop/ms633520%28v=vs.85%29.aspx>.
Secondly, it calls* SendInput()
<https://msdn.microsoft.com/pt-br/library/windows/desktop/ms646310%28v=vs.85%29.aspx>
function *with
TAB and ENTER keys to choose button 'allow access'. As simple as that

Proof-of-Concept PoC
================

https://github.com/CoolerVoid/X_files/blob/master/docs/PoCs/bypass_firewall_windows.cpp



More information
====================

http://funguscodes.blogspot.com.br/2016/05/uncommon-trick-to-bypass-windows.html


Tested at windows 7

-- 

---------------

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists