[TOOL] Safe Run As - Keylogger Protection

From: SecuriTeam (support_at_securiteam.com)
Date: 03/07/05

  • Next message: SecuriTeam: "[NT] Multiply Vulnerabilities in Raiden HTTPD"
    To: list@securiteam.com
    Date: 7 Mar 2005 10:30:13 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Safe Run As - Keylogger Protection
    ------------------------------------------------------------------------

    SUMMARY

    DETAILS

    This tool is created to protect administrative passwords against
    keyloggers. Administrators passwords are stored in the AES encrypted file
    on the removalable storage (flash-drive, floppy). Then, when you need to
    use 'run as' command you launch saferunas.hta, and provide username and
    encryption key.
    Password are decrypted and cmd.exe is launched with selected user's
    privileges. Edit.hta tool can be used to create and modify file with
    encrypted passwords.

    Attention:
    1.This tool doesn't protect against smart malware which can copy password
    file and steal encryption key.
    2.You cant choose program to run. Coming soon.
    3.In this version password entered is used as AES key directly. This is
    bad idea. PKCS#5 version is coming soon.
    4.Attention when you run GUI application as high privileged user, you are
    vulnerable for Shatter-style attacks (see shatter vbs for example).

    Download Information:
    The tool can be obtained from:
    <http://www.security.nnov.ru/soft/srunas/srunas.zip>
    http://www.security.nnov.ru/soft/srunas/srunas.zip

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:gordey@itsecurity.ru> Sergey
    V. Gordeychik.
    To keep updated with the tool visit the project's homepage at:
    <http://www.security.nnov.ru/soft/srunas/>
    http://www.security.nnov.ru/soft/srunas/

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: SecuriTeam: "[NT] Multiply Vulnerabilities in Raiden HTTPD"

    Relevant Pages

    • [TOOL] Gen - Random Password/Wordlist Generator
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Gen is a small password/wordlist generator written in Perl. ... # Passwords number: 3 ... printf "Output file $passoutputfile created\n"; ...
      (Securiteam)
    • [TOOL] Cisco Password Cracker
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... the passwords are no longer ... # Passwords can be up to eleven mixed-case characters. ... unsigned char *enc_pw; ...
      (Securiteam)
    • [NT] ZipTorrent Local Information Disclosure
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Lack of proper protection of the passwords used by ZipTorrent allows local ... ZipTorrent stores proxy server information and password in ...
      (Securiteam)
    • [NEWS] Security Vulnerability in Xerox Document Centre (Directory Traversal)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A security vulnerability has been found in the Xerox Document Centre, ... vulnerability allows remote access to files, access to plaintext passwords ... Requesting: http://xerox_dc_470.example.com/ .. ...
      (Securiteam)
    • [NT] Cain & Abel PSK Sniffer Heap overflow
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... of passwords by sniffing the network, ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)