Skip to main content

Researcher Shows How To Hack Windows Login Details Using Google Chrome And SCF Files

By combining a flaw in the working of SMB networking protocol and Windows .scf files, a security researcher has come up with a unique Windows hacking method. Just by accessing the folder with a specially crafted .scf file, a user will end up sharing the computer credentials via Chrome and SMB protocol. The users are advised to disable the
automatic download feature in Google Chrome web browser. The researcher also expects that Google will soon address this issue.
SMB, or Server Message Blocks, is a network file sharing protocol that’s implemented in Microsoft Windows. Using SMB protocol, an application can access files at a remote server and resources like printers, mailslots, etc. Attacks on Windows operating system via SMB file sharing is an already known issue, but it’s limited to local area networks. In a new development, a security researcher has come up with such an attack using Google Chrome.
This attack on Windows operating system works by exploiting Chrome’s behavior of automatically downloading the files that it deems safe. Chrome downloads the files to a preset location and doesn’t ask for the same. Let’s suppose a malicious file is downloaded on the system. In that case, the user would need to interact with the file to perform malicious actions. What if there are files that don’t need any interaction for such actions?

.SCF file + SMB Protocol + Google Chrome

One such file type is Windows Explorer Shell Command File (.scf files). It supports some Windows Explorer commands like showing desktop or opening a Windows Explorer window. A .scf file, if stored on disk, retrieves an icon file when it’s loaded in a Windows Explorer window.
Serbian security researcher Bosko Stankovic of DefenseCode combined these two concepts of SMB protocol and .scf file to devise a new type of hacking attack.
A .scf file can be used to trick Windows into authenticating a remote SMB server. This is how the contents of file will look like:
[Shell] IconFile=\\\icon
After a user downloads the file on system, it’s triggered as soon as download folder is opened to view the file. Please note that one doesn’t need to click/open this file; Windows File Explorer automatically attempts to load the icon.
The rest of the work is done by the remote SMB server which is set up by some notorious force. The server is ready to capture user’s username and NTLMv2 password hash, which can be cracked offline. The server can also be configured to relay this connection to some external service that needs such credentials.

Defeating Windows login credential theft

The security researcher advises the users to disable the automatic downloads in Google Chrome. To do so, one needs to open Show Advanced Settings in Settings. There, check the Ask where to save each file before downloading.
This change will force Google to ask for your permission before downloading a file. The researcher also hopes that Google Chrome will soon address this flaw.
Did you find this article on Windows hacking using Google Chrome, .SCF file, and SMB protocol useful? Don’t forget to share your views.



Learn How To Download Videos From Popular Platforms Such As YouTube, Facebook, Twitter, Instagram And Any Others

Having trouble downloading that video your crush shared on Instagram or one of those adorable cat videos on YouTube? Refer our guide to learn how to download videos from popular platforms such as YouTube, Facebook, Twitter, Instagram and many others.

Microsoft Has Released The First Windows 10 Build 16353 For Insiders

As Fall Creators Update is nearing its release, Skip Ahead was announced last month. It enables fast ring users to continue receiving new features, though the RS_PRERELEASE

Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

Apple Has Confirmed The LTE Issues With Its New Watch Series 3

Before the product starts shipping on Friday, Apple has confirmed the existence of LTE issues with its new Apple Watch Series 3. Reviewers noted the wearable has