Hacking Windows 7 using Vbootkit 2.0

In HITBSecConf2009 Vipin Kumar (Founder nvLabs.in) demonstrated how easily Windows 7 can be attacked via boot sectors using Vbootkit 2.0. 

He demonstrated

The use of Vbootkit in gaining access to a system without leaving traces. 
Leveraging normal programs to escalate system privileges. 
Running unsigned code in kernel. 

Worst part of this kind of attack (Bootkits) is almost impossible to detect.
Good thing about this attack is that you need physical access to the machine at the start of the attack. Which minimise the risk level. Also if other have physical access to your computer, operating system cannot provide any security to your compute.

Download Vbootkit2.0

Compiling Vbootkit 2.0

switch to build directory and run build.bat
This will give you an ISO image containing Vbootkit 2, which can be used to test out functionality

*A pre-build ISO already exists, so as users can directly test it out

To compile pingv client, you can use Visual Studio ( express edition works fine) and build the exe yourself.Just in case, prebuilt EXE's are also there in the directory.

Testing Vbootkit 2.0

Just boot the Windows 7 system, using the Vbootkit 2 CD and uncross your fingers ( so as you can type commands !!!)

Now, execute pingv.exe IP address command-code

The command codes are 
        Command Code      Action
        0                 Get Signature immediate
        1                 Get Signature Delayed
        2                 Get Keylog data
        3                 Escalate CMD.EXE privileges
        4                 Reset Passwords/Set Passwords( toggles between states) ( This effect can be persistant )

Vbootkit does not try to stick to your system in any case.

All Credit to Viping Kumar @Nvlabs

For more information Check Nvlabs Homepage

Technorati Tags:Technorati Tags:
Your rating: None Average: 3.7 (7 votes)



Sponsered links

Bookmark Us!


Page Rank


Try not to become a man of success but a man of value.

Explore Tags

Follow Us