Yet another proposed Sandboxie bypass
2 posters
Page 1 of 1
Yet another proposed Sandboxie bypass
Check this out:
http://www.sandboxie.com/phpbb/viewtopic.php?t=8607
For those who can't be bothered downloading the video(s), the tester essentially runs a file called "Malware.exe" sandboxed, and after a couple of seconds, a .txt file appears on the REAL desktop, suggesting that Sandboxie has been bypassed. Unfortunately, the tester doesn't show any proof (so far) that he hasn't altered the Sandboxie configuration file. I described this point here:
http://www.sandboxie.com/phpbb/viewtopic.php?t=8607
For those who can't be bothered downloading the video(s), the tester essentially runs a file called "Malware.exe" sandboxed, and after a couple of seconds, a .txt file appears on the REAL desktop, suggesting that Sandboxie has been bypassed. Unfortunately, the tester doesn't show any proof (so far) that he hasn't altered the Sandboxie configuration file. I described this point here:
The problem with using a video to show a bypass (particularly when it's not someone well known like Buster etc) is that we can't be sure if something has been altered. As I said, we need to see the Sandboxie.ini notepad file itself.
Now the best way to show us the Sandboxie.ini file itself and scroll through it would be as follows:
"Sandboxie Control" >>> "Configure" >>> "Edit Configuration"
As I already mentioned, this is to check that there hasn't been any added configuration under Global Settings to allow all sandboxes direct/full access to the desktop. If Sandboxie allows global access to the desktop, then of course it will be easily bypassed haha.
Re: Yet another proposed Sandboxie bypass
The guy didnĀ“t show up again so we can conclude that the bypass was a fake, similar to the one I did.
I tried to produce a real bypass for Sandboxie doing what tzuk explained (connection to 127.0.0.1/port 445) but I was unable because CIFS is not well documented and I think not in all cases that way could be used as I feel like the system must be configured in a certain manner.
I tried to produce a real bypass for Sandboxie doing what tzuk explained (connection to 127.0.0.1/port 445) but I was unable because CIFS is not well documented and I think not in all cases that way could be used as I feel like the system must be configured in a certain manner.
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Yet another proposed Sandboxie bypass
Yes, I don't know much about the bypass via Port 445, but I suspect it doesn't just require Port 445 to be (potentially) open, but any related service/setting to be configured just right too.
Similar topics
» Sandboxie's future
» Sandboxie Discount?
» DefenseWall and Sandboxie together?
» Sandboxie testing x86 vs x64
» breakout sandboxie 3.46 x64
» Sandboxie Discount?
» DefenseWall and Sandboxie together?
» Sandboxie testing x86 vs x64
» breakout sandboxie 3.46 x64
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum