Yet another proposed Sandboxie bypass

View previous topic View next topic Go down

Yet another proposed Sandboxie bypass

Post by ssj100 on 19/7/2010, 16:53

Check this out:
http://www.sandboxie.com/phpbb/viewtopic.php?t=8607

For those who can't be bothered downloading the video(s), the tester essentially runs a file called "Malware.exe" sandboxed, and after a couple of seconds, a .txt file appears on the REAL desktop, suggesting that Sandboxie has been bypassed. Unfortunately, the tester doesn't show any proof (so far) that he hasn't altered the Sandboxie configuration file. I described this point here:

The problem with using a video to show a bypass (particularly when it's not someone well known like Buster etc) is that we can't be sure if something has been altered. As I said, we need to see the Sandboxie.ini notepad file itself.

Now the best way to show us the Sandboxie.ini file itself and scroll through it would be as follows:
"Sandboxie Control" >>> "Configure" >>> "Edit Configuration"

As I already mentioned, this is to check that there hasn't been any added configuration under Global Settings to allow all sandboxes direct/full access to the desktop. If Sandboxie allows global access to the desktop, then of course it will be easily bypassed haha.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Yet another proposed Sandboxie bypass

Post by Buster_BSA on 22/7/2010, 00:39

The guy didnĀ“t show up again so we can conclude that the bypass was a fake, similar to the one I did.

I tried to produce a real bypass for Sandboxie doing what tzuk explained (connection to 127.0.0.1/port 445) but I was unable because CIFS is not well documented and I think not in all cases that way could be used as I feel like the system must be configured in a certain manner.
avatar
Buster_BSA
Member
Member

Posts : 87
Join date : 2010-07-21

View user profile

Back to top Go down

Re: Yet another proposed Sandboxie bypass

Post by ssj100 on 22/7/2010, 02:26

Yes, I don't know much about the bypass via Port 445, but I suspect it doesn't just require Port 445 to be (potentially) open, but any related service/setting to be configured just right too.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Yet another proposed Sandboxie bypass

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum