Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remote hijack computers using Intel's insecure chips


  • Please log in to reply
6 replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 AM

Posted 06 May 2017 - 08:55 AM

Code dive You can remotely commandeer and control computers that use vulnerable Intel chipsets by sending them empty authentication strings.
 
You read that right. When you're expected to send a password hash, you send zero bytes. Nothing. Nada. And you'll be rewarded with powerful low-level access to a vulnerable box's hardware from across the network – or across the internet if the management interface faces the public web.
 
Remember that the next time Intel, a $180bn international semiconductor giant, talks about how important it treats security.
 
To recap: Intel provides a remote management toolkit called AMT for its business and enterprise-friendly processors; this software is part of Chipzilla's vPro suite and runs at the firmware level, below and out of sight of Windows, Linux, or whatever operating system you're using. The code runs on Intel's Management Engine, a tiny secret computer within your computer that has full control of the hardware and talks directly to the network port, allowing a device to be remotely controlled regardless of whatever OS and applications are running, or not, above it.

 

 

Article



BC AdBot (Login to Remove)

 


#2 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:05:33 PM

Posted 07 May 2017 - 12:27 AM

Copy 'n'paste into whatevername.bat file. Right-click of batch file (.bat) and run as administrator.

@echo off
cls
title Vulnerability Scan for Intel Active Management Technology 
echo An escalation of privilege vulnerability in Intel's...
echo Active Management Technology (AMT)
echo Standard Manageability (ISM)
echo Small Business Technology (SBT)
echo Reference, https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
echo.
title Gathering Netstat Data and Exporting to %computername%.txt
echo   Proto  Local Address          Foreign Address        State           PID
netstat -anob > %computername%.txt
ping -n 10 127.0.0.1>nul
title Scanning Known Ports and App.
FINDSTR /i "LMS.exe" %computername%.txt
FINDSTR ":623" %computername%.txt
FINDSTR ":664" %computername%.txt
FINDSTR ":16992" %computername%.txt
FINDSTR ":16993" %computername%.txt
FINDSTR ":16994" %computername%.txt
FINDSTR ":16995" %computername%.txt
echo.
title Scan finished.
echo Compare scan PID with Active Connections below.
echo.
echo _____________________________________________________________________________
echo.
type %computername%.txt
pause
exit

 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 08 May 2017 - 02:59 AM

If you use netstat -ano, you don't need administrative rights.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:05:33 PM

Posted 08 May 2017 - 07:11 PM

If you use netstat -ano, you don't need administrative rights.


The netstat -ano command requires administrative rights ON MY system - extra security.
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 09 May 2017 - 11:11 AM

 

If you use netstat -ano, you don't need administrative rights.


The netstat -ano command requires administrative rights ON MY system - extra security.

 

 

How did you achieve this?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:05:33 PM

Posted 09 May 2017 - 07:35 PM

How did you achieve this?


Make program always Run as Administrator

If you want to make a program always run with admin privileges, right-click on the program’s executable file, select Properties. Here, select the Run this program as an administrator box. Click Apply > OK. This post will show you in detail, how to make applications always Run as Administrator.

http://www.thewindowsclub.com/how-to-make-applications-always-run-as-administrator-in-windows-7

http://www.thewindowsclub.com/elevated-privileges-windows
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 10 May 2017 - 08:46 AM

Ah, OK, I understand :-)

netstat requires admin privileges. I understood it was netstat with options -ano.

Because by default, netstat with options -anob will ask for elevation, and -ano not.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users