Post by Rift on Apr 23, 2004 17:31:00 GMT -5
Surfnet is a program ran on a lot of Public Computer Kiosks through out the united states. I had been working at a place that had one of these kiosks located in the building. These kiosks are used to view webpages, chat, netmeet, etc. You give yourself credit(time) by using creditcards or currency. This software is supposed to keep the computer secure to help prevent corruption of the computer by malicious users, however it does not work effectively. The program runs partly on CMD commands sent through the address bar of the programs browser area. Whilst playing around on the system here are some exploits / Bugs i have foundbr]
Bugtraq Locationbr]http://www.securityfocus.com/bid/9346/info/
The first allows you to freeze the clock on the program that depletes your credit. While doing this it allows you to drop into "My Computer" on the computer. This is not supposed to be accomplished, as they have blocked out typing C:\ D:\ etc. However when this is typed it allows you to go straight into MY Computer. From there you can double click on the Hard Drive icon and enter into the Root directory. From there you can run taskmgr and end task on something called "Surfguard.exe" this program closes any windows that should not be opened as bonus security. Too bad they didnt addd "Task Manager" to the list.
2. Bugtraq location: www.securityfocus.com/bid/9347
Free deposite of time into anyone's accountbr]
Normaly you have to pay by credit card or currency to receive more time to surf the net with surfnet. This can be avoided by depositing time into any account with this commandbr]C:\Surfnet\WWWRoot\CMD_Existing_Account_Attempt:Login=Username:Password=Password
This will double any time you currently have, example in minutesbr]2 becomes 4, 8, 16, 32, 64, etc. this will max out at about 150,500 minutes.
3. bugtraq location: www.securityfocus.com/bid/9348
this exploit allows you to make the Surfnet.exe program hit an error and drop you into the main shell of the computer you are using.
This is accomplished by typing: C:\Surfnet\WWWRoot\CMD_CREDITCARD_CHARGE:Charge=20
into the addressbar. From there you are dropped into the current shell of the machine you are on. by default surfnet changes the shell to surfnet.exe so the computer can reboot right back into the program safely. But if you use the exploit listed in number 1, you can change the shell in the registry to explorer.exe so when you drop into the shell you see the usualy Windows interface that you are used to.
The vendor has been notified a while ago, and i received no response or notification of my e-mail being retrieved. I decided to submit these things to securityfocus. As of today the vendor has still not issued any patches to these problems. Perhaps they think that this isnt a serious problem but it is. Anyone who can exploit these vulnerabilities could easily set a malicious program on the hosting machine that could do whatever they please, such as harvesting sensitive data. Did i mention you pay with a creditcard to add time to your account? *cough*
The really bad part about this is that even banks use these machines and support them. example: 216.239.39.104/search?q=cache:UMwK_YaaGhgJ:www.visi.com/~keefner/pdfs/finser.pdf+surfnet+exploit&hl=en
If you see these machines, you have been warned, anything you do on them could be going to someone who was there before you. I had once linked up to the one at my work place and watched everyone who walked by and who used the kiosk. This was easy being that it has a webcam mounted to it and i could access the main computer.
Bugtraq Locationbr]http://www.securityfocus.com/bid/9346/info/
The first allows you to freeze the clock on the program that depletes your credit. While doing this it allows you to drop into "My Computer" on the computer. This is not supposed to be accomplished, as they have blocked out typing C:\ D:\ etc. However when this is typed it allows you to go straight into MY Computer. From there you can double click on the Hard Drive icon and enter into the Root directory. From there you can run taskmgr and end task on something called "Surfguard.exe" this program closes any windows that should not be opened as bonus security. Too bad they didnt addd "Task Manager" to the list.
2. Bugtraq location: www.securityfocus.com/bid/9347
Free deposite of time into anyone's accountbr]
Normaly you have to pay by credit card or currency to receive more time to surf the net with surfnet. This can be avoided by depositing time into any account with this commandbr]C:\Surfnet\WWWRoot\CMD_Existing_Account_Attempt:Login=Username:Password=Password
This will double any time you currently have, example in minutesbr]2 becomes 4, 8, 16, 32, 64, etc. this will max out at about 150,500 minutes.
3. bugtraq location: www.securityfocus.com/bid/9348
this exploit allows you to make the Surfnet.exe program hit an error and drop you into the main shell of the computer you are using.
This is accomplished by typing: C:\Surfnet\WWWRoot\CMD_CREDITCARD_CHARGE:Charge=20
into the addressbar. From there you are dropped into the current shell of the machine you are on. by default surfnet changes the shell to surfnet.exe so the computer can reboot right back into the program safely. But if you use the exploit listed in number 1, you can change the shell in the registry to explorer.exe so when you drop into the shell you see the usualy Windows interface that you are used to.
The vendor has been notified a while ago, and i received no response or notification of my e-mail being retrieved. I decided to submit these things to securityfocus. As of today the vendor has still not issued any patches to these problems. Perhaps they think that this isnt a serious problem but it is. Anyone who can exploit these vulnerabilities could easily set a malicious program on the hosting machine that could do whatever they please, such as harvesting sensitive data. Did i mention you pay with a creditcard to add time to your account? *cough*
The really bad part about this is that even banks use these machines and support them. example: 216.239.39.104/search?q=cache:UMwK_YaaGhgJ:www.visi.com/~keefner/pdfs/finser.pdf+surfnet+exploit&hl=en
If you see these machines, you have been warned, anything you do on them could be going to someone who was there before you. I had once linked up to the one at my work place and watched everyone who walked by and who used the kiosk. This was easy being that it has a webcam mounted to it and i could access the main computer.