undefined | Better HN

0 pointsRastafarian13y ago0 comments

Buddy, did you even read the article before commenting??

"andrewaylett:

But it's not an autorun vulnerability, that wouldn't be newsworthy -- the problem is that simply mounting the filesystem exploits bugs in the filesystem driver."

0 comments

amckenna13y ago

@Rastafarian

Did you watch the video before retorting?

In the video he has to run "ntfs_exploit.exe" in order to exploit the vulnerability. That's why a local account, as well as the ability to insert the USB dongle, is needed in order to leverage the exploit. So simply mounting the filesystem is not sufficient to trigger the exploit

robk13y ago

Understood, but to fully _exploit_ the vulnerability one would need to actually execute more code than just triggering the vulnerability presumably.

chuppo13y ago

You appear to not understand the concepts you are attempting to participate in a discussion about.

To "trigger" the vulnerability is to deliver your exploit code. This USB stick can be inserted into any Windows 7 system and, voila you have your rootkit on that machine, without any user interaction required. No running of .exe files anywhere. You could put some pictures on the usb drive for the user to look at while his system is compromised. (Rootkitted is that a word? Backdoored is.)

elarkin13y ago

In his demo video, he needs to run a specially crafted program to actually achieve privilege escalation. That's why you need both physical access and a local user account.

Social engineering only gets you both if you can autorun the executable upon insertion of the usb stick.

StavrosK13y ago

> You appear to not understand the concepts you are attempting to participate in a discussion about.

I would be more demure. This way, it wouldn't look this bad when I'm wrong.

j / k navigate · click thread line to collapse