Promised POC ?

[CloneRanger]

About 2 months ago HungryMan said he was going to code a POC in around a week or so !

If i've missed it please point me to the thread

If it hasn't appeared, what's happened to it ?

TIA

[STV0726]

Ah, you mean the POC for bypassing/circumventing/anyway infecting a system without being halted by a Software Restriction Policy in place?

Funny you bring that up now. I just referred to that out of the blue in another post I just made.

[CloneRanger]

@ STV0726

Yes that's the one.

What response did you get to the post you made asking about it ?

TIA

[Hungry Man]

At one point in that topic at least a few users said a POC wouldn't prove anything because it wasn't a "bypass" it was just an attack that AEs weren't meant to do anything about. So I wasn't exactly rushing towards it.

I don't know enough to build the POC. I can create a C++ program that reads/writes to the disk no problem but I don't know enough about shellcode and I don't know enough ASM. If I knew ASM I could modify shellcode myself. But that isn't really necessary as there already exists projects like metasploit that do this.

That + it's the summer and I've been out a lot means it's dropped well down to the bottom of my list. Same reason I only get one blog post out every few days.

You can probably try it in a VM or something. Just use metasploit in your VM and look at what you can do from the shellcode. There doesn't need to be any special payload for it to work.

Here's a good tutorial for doing this - the first video will show getting shell in Windows XP service and you should be able to do everything I talked about in that topic.

http://www.securitytube.net/groups?o...iew&groupId=10

edit: I also was working on a GUI for DNSCrypt. That may actually still happen since I can do everything *except* the GUI for it (ie: I can set up userinput to trigger writing to files and changing settings) and at some point I'll learn QT. Again, just not at the top of my list.

[CloneRanger]

Well the way you were talking before led us to expect the promised POC could/would be written by you, & posted by now !

As Clint Eastwood once said in one of his films " A man's gotta know his limitations" In this case a Hungry one Honest of you to now admit that you don't feel able to accomplish it, & you don't think it would work anyway.

[Hungry Man]

I would suggest you look at the link and check out metasploit. It's providing what I would have done but without automation. Everything I was talking about in that topic is still entirely possible. The first video will show an exploited Windows XP service running commands. You can do the same for Firefox or whatever else and see how much you can/ can't do to a system with an AE.

[CloneRanger]

I'll take a look

[STV0726]

I'm still in favor of Hungry or *someone* makes this hypothetical, automated POC.

Let's see what & how much can be done to in any way do something malicious on an AE-protected computer, and THEN we'll decide what to "label" it afterward.

[Hungry Man]

I'll see if I can set up a VM sometime and record what can be done from a shell in Windows XP. It won't be automated but it would prove what can/can't be done.

If anyone here is familiar with metasploit they can always do it. I've never set up a VM for exploitation - I don't even have virtualbox installed and I'd have to do it on Windows (virtualbox doesn't play with PaX), which I rarely boot into.