A forum for reverse engineering, OS internals and malware analysis 

Messaging

All off-topic discussion goes here.

Messaging

 #26798  by reflectivedetective
 Fri Sep 25, 2015 7:55 am
Hello.

I recently tried to PM an administrator on here, but failed miserably. I did this from a new account because my old one was either pruned or I forgot the credentials.
Are there any restrictions on when you can send messages? And if so, would anyone enlighten me on those.

Re: Messaging

 #26819  by reflectivedetective
 Sun Sep 27, 2015 7:36 am
EP_X0FF wrote:OK, about your second question https://msdn.microsoft.com/en-us/librar ... s.85).aspx, examples posted on github. It is DLL's using COM interfaces.
I've read this. I want to propose to you a theoretical UAC bypass in the event that Microsoft somehow gets their shit together and puts an end to the auto-elevate stuff:

Malicious file comes bundled with usermode driver, sort of like when you attach a keyboard. No UAC dialog is presented.
Now, if you've been watching Hak5, you'd know what a rubberducky is. Same as BadUSB. Basically controlling keyboard inputs via USB chip.
Here's the method of action:

Driver is loaded.
UAC windows is spawned.
Driver clicks Windows left key to highlight "Yes" in the UAC dialog.
Driver clicks Enter.
UAC is pwned.

As someone who has more experience with drivers than me, presumably. Would something like this work?

Re: Messaging

 #26821  by EP_X0FF
 Sun Sep 27, 2015 5:21 pm
UAC window works on separate desktop which makes this idea useless because services cannot directly interact with user since Vista, UMDF driver host runs as an instance of Wudfhost.exe under LocalService https://msdn.microsoft.com/en-us/librar ... s.85).aspx
 Return to “General Discussion”