64/bit Windows
Platforms:
Windows 7 Enterprise SP1 32-bit and 64-bit
Windows 7 Professional SP1 32-bit and 64-bit
Windows Vista Business SP2 32-bit and 64-bit
Windows Vista Enterprise SP2 32-bit and 64-bit
Windows XP Professional SP3
http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-WIN
Release Notes:
http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 2dc393fcc4e78dcf2165098a4938699a
sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569
For Linux
http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-LX
http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-WIN
Release Notes:
http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 2dc393fcc4e78dcf2165098a4938699a
sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569
For Linux
http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-LX
http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 7565d16b7d7e0173b90c3b76ca4656bc
sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
http://www.vmware.com/support/ws65/doc/releasenotes_ws652.html
For Windows
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 8336586b9f9e5180d5279a0b988e82a6
sha1sum: ccdb6bcb867638e8f4f493bc02c6f70c5ebbb88e
For Linux
http://www.vmware.com/support/ws65/doc/releasenotes_ws652.html
For Windows
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 8336586b9f9e5180d5279a0b988e82a6
sha1sum: ccdb6bcb867638e8f4f493bc02c6f70c5ebbb88e
For Linux
http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 7565d16b7d7e0173b90c3b76ca4656bc
sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 7565d16b7d7e0173b90c3b76ca4656bc
sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
http://www.vmware.com/support/ws65/doc/releasenotes_ws652.html
For Windows
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 8336586b9f9e5180d5279a0b988e82a6
sha1sum: ccdb6bcb867638e8f4f493bc02c6f70c5ebbb88e
For Linux
>
> "The Sony MicroVault USM-F fingerprint reader software that comes with
> the USB stick installs a driver that is hiding a directory under
> "c:\windows\". So, when enumerating files and subdirectories in the
> Windows directory, the directory and files inside it are not visible
> through Windows API. If you know the name of the directory, it is e.g.
> possible to enter the hidden directory using Command Prompt and it is
> possible to create new hidden files. There are also ways to run files
> from this directory. Files in this directory are also hidden from some
> antivirus scanners (as with the Sony BMG DRM case) — depending on the
> techniques employed by the antivirus software. It is therefore
"The Sony MicroVault USM-F fingerprint reader software that comes with
the USB stick installs a driver that is hiding a directory under
"c:\windows\". So, when enumerating files and subdirectories in the
Windows directory, the directory and files inside it are not visible
through Windows API. If you know the name of the directory, it is e.g.
possible to enter the hidden directory using Command Prompt and it is
possible to create new hidden files. There are also ways to run files
from this directory. Files in this directory are also hidden from some
antivirus scanners (as with the Sony BMG DRM case) — depending on the
techniques employed by the antivirus software. It is therefore
tests and allows the use of familiar executables in social engineering
endeavors. Payloads can be generated as VBA macros for insertion into
Word documents, as Windows Scripting Hosts scripts and the standard
formats (C, Ruby, Javascript, etc).
Metasploit now supports 64-bit Windows as a target platform, with the
ability to use standard stagers, generate executables with embedded
payloads and load Meterpeter on 64-bit systems. Metasploit now supports
64-bit Linux on the PowerPC architecture as a target platform. The
alphanumeric encoders have seen a number of bug fixes and improvements
since version 3.2, including the ability to prepend alphanumeric GetEIP
This vulnerability can be exploited by a malicious person by a simple
click on the xchat's Icon in the Try-bar.
After the click on that icon xchat will crash.
Windows API used to put the application in the tray bar: Shell_NotifyIcon .
Info registers:
EDI: 0x7ffd6000
EBX: 0x0012d8e8
// Dirty mitigation for the Internet Explorer 6/7
// getElementsByTagName Body Style zero-day. Downgrades an
// exploitation attempt to a harmless crash.
//
// This mitigation is for 32-bit (x86) Windows only -- it does
// not work on 64-bit Windows, even though 64-bit Internet
// Explorer is technically affected.
//
// To build:
//
// 1. Start Visual Studio 2008 (2005 should also work)
compromise of the host system but could lead to a privilege
escalation on guest operating system. An attacker would need to
have a user account on the guest operating system.
Affected
64-bit Windows and 64-bit FreeBSD guest operating systems and
possibly other 64-bit operating systems. The issue does not
affect the 64-bit versions of Linux guest operating systems.
VMware would like to thank Derek Soeder for discovering
this issue and working with us on its remediation.
shared folder using a path traversal attack. The resulting wide character
string converted from 'PathName' is then passed to the file system API on
the Host system.
The conversion is performed using the 'MultiByteToWideChar' function from
the Windows API [5] which maps a character string provided as input to a
wide (Unicode UTF-16) character string.
The call of 'MultiByteToWideChar' to map the 'PathName' to Unicode UTF-16
specifies that the UTF-8 CodePage should be used for the conversion. Since
validation of the input to remove the dot-dot substring is performed
Using Interix subsystem, you can create a deep tree to the NTFS partition.
example:
fts_level -10000
Then, we can no longer do anything with incorrect directory from the Windows API.
If you try change permissions, copy the directory, you will receive a lot of bugs (stack overflow etc.).
SearchIndexer.exe will crash many times
- ---
> >
> > "The Sony MicroVault USM-F fingerprint reader software that comes with
> > the USB stick installs a driver that is hiding a directory under
> > "c:\windows\". So, when enumerating files and subdirectories in the
> > Windows directory, the directory and files inside it are not visible
> > through Windows API. If you know the name of the directory, it is e.g.
> > possible to enter the hidden directory using Command Prompt and it is
> > possible to create new hidden files. There are also ways to run files
> > from this directory. Files in this directory are also hidden from some
> > antivirus scanners (as with the Sony BMG DRM case) — depending on the
> > techniques employed by the antivirus software. It is therefore
-------------------
http://www.vmware.com/go/downloadplayer
Release notes:
https://www.vmware.com/support/player31/doc/releasenotes_player315.html
VMware Player for 32-bit and 64-bit Windows
md5sum: fcc91227963e58efcb63fb791d2fd813
sha1sum: d39d9da694c22530a7fa701e3ded6cccdc3ea390
VMware Player for 32-bit Linux
md5sum: c96867c8093d23065bed7e71e020bb19
> >
> > "The Sony MicroVault USM-F fingerprint reader software that comes with
> > the USB stick installs a driver that is hiding a directory under
> > "c:\windows\". So, when enumerating files and subdirectories in the
> > Windows directory, the directory and files inside it are not visible
> > through Windows API. If you know the name of the directory, it is e.g.
> > possible to enter the hidden directory using Command Prompt and it is
> > possible to create new hidden files. There are also ways to run files
> > from this directory. Files in this directory are also hidden from some
> > antivirus scanners (as with the Sony BMG DRM case) — depending on the
> > techniques employed by the antivirus software. It is therefore
administrators username,domain name, and NTLM hashes. Now go to your
machine, use them with IAM.EXE and compromise the domain controller
using the administrator's credentials.
* GENHASH.EXE: This is a small utility that generates LM and NT
hashes using some 'undocumented' functions of the Windows API. This is
a small tool to aid testing of IAM.EXE.
Thanks!,
Hernan
|
