lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 19 Jan 2021 09:55:35 -0800
From: Garrett Skjelstad <garrett@...elstad.org>
To: malvuln <malvuln13@...il.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Constructor.Win32.SMWG.a / Insecure Permissions

Are we tracking vulnerabilities in malware now? Improve the malware to be
more resilient?

I'm just as likely to remove malware without vulnerabilities, as I am
malware WITH vulnerabilities.

Surely there are no bug bounties or upcoming patches (lol) for these.

I guess I'm confused about the purpose of these disclosures.

On Tue, Jan 19, 2021 at 9:50 AM malvuln <malvuln13@...il.com> wrote:

> Discovery / credits: Malvuln - malvuln.com (c) 2021
> Original source:
> https://malvuln.com/advisory/07cd532823d6ab05d6e5e3a56f7afbfd.txt
> Contact: malvuln13@...il.com
> Media: twitter.com/malvuln
>
> Threat: Constructor.Win32.SMWG.a
> Vulnerability: Insecure Permissions
> Description: Win32.SMWG VBS.sucke.gen worm generator by sevenC / N0:7
> outputs its malicious VBS script granting change (C) permissions to
> authenticated users group.
>
> Type: PE32
> MD5: 07cd532823d6ab05d6e5e3a56f7afbfd
> Vuln ID: MVID-2021-0033
> Dropped files: sucke.vbs
> Disclosure: 01/18/2021
>
> Exploit/PoC:
> C:\>cacls c:\sucke.vbs
> c:\sucke.vbs BUILTIN\Administrators:(ID)F
>              NT AUTHORITY\SYSTEM:(ID)F
>              BUILTIN\Users:(ID)R
>              NT AUTHORITY\Authenticated Users:(ID)C
>
>
> Disclaimer: The information contained within this advisory is supplied
> "as-is" with no warranties or guarantees of fitness of use or
> otherwise. Permission is hereby granted for the redistribution of this
> advisory, provided that it is not altered except by reformatting it,
> and that due credit is given. Permission is explicitly given for
> insertion in vulnerability databases and similar, provided that due
> credit is given to the author. The author is not responsible for any
> misuse of the information contained herein and accepts no
> responsibility for any damage caused by the use or misuse of this
> information. The author prohibits any malicious use of security
> related information or exploits by the author or elsewhere. Do not
> attempt to download Malware samples. The author of this website takes
> no responsibility for any kind of damages occurring from improper
> Malware handling or the downloading of ANY Malware mentioned on this
> website or elsewhere. All content Copyright (c) Malvuln.com (TM).
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists