Today, I am going to release a Proof of Concept of the sandman attack using SandMan Framework. This PoC consists in elevating a user CMD shell to SYSTEM level under Windows XP SP3 RC1. <br /><br />Sandman Framework offers a wide range of possibilities, both offensive and defensive. Like cryptographic keys retrieving in popular encryption software (e.g. TrueCrypt, GPG), privilege <br />escalation (cf. PoC), login without any password, and so on. <br /><br />All Windows versions are concerned, from Windows 2000 up to Windows 2008 (and possibly Windows Seven). <br /><br />The following video shows how the system can be subverted in a few minutes. The following points are highlighted: <br /><br />* Deactivating hibernation feature does not solve the problem. <br />* The sandman attack affects every Windows version, from Windows 2000 to Windows 2008, 32- and 64-bit alike. <br />* We can read and write everything everywhere in the physical memory (RAM). <br />* This attack is feasible in real life on every computer with no hardware requirements. <br />* The attack has no time limitation. If a computer has been hibernated one <br />week ago, extracting his physical memory is still possible. <br /><br />This is far more powerful than other recently demonstrated attacks against physical memory, like Cold Boot and FireWire attacks. <br /><br />Source : <a class="link" rel="nofollow" href="http://www.msuiche.net/">http://www.msuiche.net/</a> <br />SandMan Framework : <a class="link" rel="nofollow" href="http://sandman.msuiche.net">http://sandman.msuiche.net</a>
