Breach or just an Error condition?

View previous topic View next topic Go down

Breach or just an Error condition?

Post by fats on 15/4/2011, 13:22

sandboxie 3.52
google Chrome v10.0.648.204
virtualbox 4
guest machine winxp sp3

configuration
drop rights checked
separate sandbox only for chrome, start/run chrome only
ClosedFilePath=dwwin.exe
ClosedFilePath=drwtsn32.exe

a script kiddie has been hacking my computer.
I am surfing with google chrome inside sandboxie, running on a virtualbox guest machine winxp sp3. several chrome tabs are open. Tab 1 was on google.com, Tab 2 was on comingsoon.net streaming a trailer.

i get 2 popup errors,
dwwin.exe application error
when i close it, get another error
drwtsn32.exe application error
2 tabs from chrome have crashed.
task manager on guest machine winxp sp3 shows that
dwwin.exe and drwtsn32.exe are running.


from guest machine process explorer
path windows\system32\WBEM
Image Command Line C:\WINDOWS\system32\drwtsn32 -p 504 -e 2984 -g
Image Command Line C:\WINDOWS\system32\dwwin.exe -x -s 2904
chrome pid = 504

QUESTION
is this a breach, did the kiddie get through? or does it only "look" like a breach because all the kiddie has done is create an error condition for dwwin and drwtsn32 to run in winxp?

----
http://forums.techguy.org/windows-xp/859254-drwtsn32-exe-dwwin-exe-application.html
"I figured out that dwwin invokes drwtsn32 which also invokes dwwin and so on infinitely"
----

by calling dwwin and drwtsn together, does it create a pseudo infinite loop, or special condition which gets past sandboxie?

-----
Please NOTE: I am using this program and would like to see it get patched up if an exploit exists. It benefits all users.


fats
New Member
New Member

Posts : 1
Join date : 2011-04-15

View user profile

Back to top Go down

Re: Breach or just an Error condition?

Post by ssj100 on 15/4/2011, 14:54

We'll probably never know unless you or someone else figures out exactly what the "script kiddie" was doing, and then reproduces it.

Anyway, sounds like tzuk has answered your question:
http://www.sandboxie.com/phpbb/viewtopic.php?p=66858#66858
I don't think there was any breach; in fact I don't share your opinion that anything here even looks like a breach.

Programs are allowed to crash inside the sandbox, that's fine. What they are not allowed is to try to breach the barrier of the sandbox and "get into" your computer.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Breach or just an Error condition?

Post by Guest on 17/4/2011, 22:44

Programs are allowed to crash inside the sandbox lol!

A polite way of saying:when someone is able to break three consequetive sandboxes: VM - SBIE and Chrome, it is not a script kiddie, but ├╝ber-hacker.

To my knowledge such a feat is never accomplished ever

Guest
Guest


Back to top Go down

Re: Breach or just an Error condition?

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum