ssj100 Security Forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Yet another proposed Sandboxie bypass

2 posters

Go down

Yet another proposed Sandboxie bypass Empty Yet another proposed Sandboxie bypass

Post by ssj100 19/7/2010, 16:53

Check this out:
http://www.sandboxie.com/phpbb/viewtopic.php?t=8607

For those who can't be bothered downloading the video(s), the tester essentially runs a file called "Malware.exe" sandboxed, and after a couple of seconds, a .txt file appears on the REAL desktop, suggesting that Sandboxie has been bypassed. Unfortunately, the tester doesn't show any proof (so far) that he hasn't altered the Sandboxie configuration file. I described this point here:

The problem with using a video to show a bypass (particularly when it's not someone well known like Buster etc) is that we can't be sure if something has been altered. As I said, we need to see the Sandboxie.ini notepad file itself.

Now the best way to show us the Sandboxie.ini file itself and scroll through it would be as follows:
"Sandboxie Control" >>> "Configure" >>> "Edit Configuration"

As I already mentioned, this is to check that there hasn't been any added configuration under Global Settings to allow all sandboxes direct/full access to the desktop. If Sandboxie allows global access to the desktop, then of course it will be easily bypassed haha.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Yet another proposed Sandboxie bypass Empty Re: Yet another proposed Sandboxie bypass

Post by Buster_BSA 22/7/2010, 00:39

The guy didnĀ“t show up again so we can conclude that the bypass was a fake, similar to the one I did.

I tried to produce a real bypass for Sandboxie doing what tzuk explained (connection to 127.0.0.1/port 445) but I was unable because CIFS is not well documented and I think not in all cases that way could be used as I feel like the system must be configured in a certain manner.
Buster_BSA
Buster_BSA
Member
Member

Posts : 87
Join date : 2010-07-21

Back to top Go down

Yet another proposed Sandboxie bypass Empty Re: Yet another proposed Sandboxie bypass

Post by ssj100 22/7/2010, 02:26

Yes, I don't know much about the bypass via Port 445, but I suspect it doesn't just require Port 445 to be (potentially) open, but any related service/setting to be configured just right too.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Yet another proposed Sandboxie bypass Empty Re: Yet another proposed Sandboxie bypass

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum