Breach or just an Error condition?

Go down

Breach or just an Error condition?

Post by fats on 15/4/2011, 13:22

sandboxie 3.52
google Chrome v10.0.648.204
virtualbox 4
guest machine winxp sp3

drop rights checked
separate sandbox only for chrome, start/run chrome only

a script kiddie has been hacking my computer.
I am surfing with google chrome inside sandboxie, running on a virtualbox guest machine winxp sp3. several chrome tabs are open. Tab 1 was on, Tab 2 was on streaming a trailer.

i get 2 popup errors,
dwwin.exe application error
when i close it, get another error
drwtsn32.exe application error
2 tabs from chrome have crashed.
task manager on guest machine winxp sp3 shows that
dwwin.exe and drwtsn32.exe are running.

from guest machine process explorer
path windows\system32\WBEM
Image Command Line C:\WINDOWS\system32\drwtsn32 -p 504 -e 2984 -g
Image Command Line C:\WINDOWS\system32\dwwin.exe -x -s 2904
chrome pid = 504

is this a breach, did the kiddie get through? or does it only "look" like a breach because all the kiddie has done is create an error condition for dwwin and drwtsn32 to run in winxp?

"I figured out that dwwin invokes drwtsn32 which also invokes dwwin and so on infinitely"

by calling dwwin and drwtsn together, does it create a pseudo infinite loop, or special condition which gets past sandboxie?

Please NOTE: I am using this program and would like to see it get patched up if an exploit exists. It benefits all users.

New Member
New Member

Posts : 1
Join date : 2011-04-15

View user profile

Back to top Go down

Re: Breach or just an Error condition?

Post by ssj100 on 15/4/2011, 14:54

We'll probably never know unless you or someone else figures out exactly what the "script kiddie" was doing, and then reproduces it.

Anyway, sounds like tzuk has answered your question:
I don't think there was any breach; in fact I don't share your opinion that anything here even looks like a breach.

Programs are allowed to crash inside the sandbox, that's fine. What they are not allowed is to try to breach the barrier of the sandbox and "get into" your computer.

Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Posts : 1389
Join date : 2010-04-14

View user profile

Back to top Go down

Re: Breach or just an Error condition?

Post by Guest on 17/4/2011, 22:44

Programs are allowed to crash inside the sandbox lol!

A polite way of saying:when someone is able to break three consequetive sandboxes: VM - SBIE and Chrome, it is not a script kiddie, but ├╝ber-hacker.

To my knowledge such a feat is never accomplished ever


Back to top Go down

Re: Breach or just an Error condition?

Post by Sponsored content

Sponsored content

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum