Jump to content

Ep 808 Stoned Boot

Mr-Protocol

By Mr-Protocol
in Everything Else

 Share

Recommended Posts

Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted (edited)

http://www.stoned-vienna.com/

Does that link work for anyone in the US or anywhere for that matter?

I get hit with the "Access Wall" and I am in the US, not one of the banned countries..

Access Wall

Unfortunately the access is blocked for the countries Germany, Austria and Czech Republic. You can find research papers at the Black Hat, DeepSec and Hacking at Random archive pages

Edited by Mr-Protocol
Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

That is happening to me too, I am using http://peacefire,org/ to bypass the filters,

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted
works fine for me.

They must have exceptions for some countries, and your country must be on their exception list.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted (edited)

I'm in the US (NJ) and have no issues viewing it. Maybe your ISP blocking it via DNS? Could also be your user agent. The site owner might block certain UA strings. I know I do that at times for things like file downloaders, web bots, etc.

Edited by digip
Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted
I'm in the US (NJ) and have no issues viewing it. Maybe your ISP blocking it via DNS? Could also be your user agent. The site owner might block certain US strings. I know I do that at times for things like file downloaders, web bots, etc.

Good point, haven't thought of that.

I will try using a different agent and perhaps change my DNS settings to see if that works.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted
works fine for me.

I see your in NJ too, where abouts in jersey are you?

Link to comment
Share on other sites
Guest Deleted_Account

Guest Deleted_Account

Posted
Posted (edited)

blocked for me too in canada weird. Anyways i just used googles cached copy.

Anyone worried about this? I'm not and heres why:

1) By now (since its open source and public) most AV's probably have sig's for it

2) I don't run as admin in windows and i NEVER run suspicious programs. Before installing ANYTHING i check with reputable sites like CNET and PC mag and do research even if it is used by lots of people (Like comodo did lots of research before installing it).

3) Physical access is generally solved with BIOS passwords and HDD Locks

4) Easily fixed: If i am worried I just dd the MBR and re-install the bootloader. THEN scan with a live AV :)

5) I am using LINUX most of the time now anyways :)

EDIT: Just wanted to make it clear I do understand the threat and am glad that they made such a tool as now TC and others can find a way to prevent it :)

Edited by x942
Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted (edited)
blocked for me too in canada weird. Anyways i just used googles cached copy.

Anyone worried about this? I'm not and heres why:

1) By now (since its open source and public) most AV's probably have sig's for it

2) I don't run as admin in windows and i NEVER run suspicious programs. Before installing ANYTHING i check with reputable sites like CNET and PC mag and do research even if it is used by lots of people (Like comodo did lots of research before installing it).

3) Physical access is generally solved with BIOS passwords and HDD Locks

4) Easily fixed: If i am worried I just dd the MBR and re-install the bootloader. THEN scan with a live AV :)

5) I am using LINUX most of the time now anyways :)

EDIT: Just wanted to make it clear I do understand the threat and am glad that they made such a tool as now TC and others can find a way to prevent it :)

Physical access to install it means all bets are off to begin with. I can see it being used both as an admin tool, and a hack tool but I doubt anyone really needs it if they did have physical access to the hardware. Pull the HDD, inspect via an other machine. I think it was more like they mentioned, a proof of concept.

1- Rootkits of this nature do still exist via malware, so its not like you couldn't still get infected by one of these from something you downloaded online.

2 - I would imagine obfuscation and work arounds against standard signatures are probably possible via metasploit or some other method, and escalation to administrator is as simple as having powershell installed in windows and your done. See Dave (rel1k) Kennedy and Iron Geeks work on the Teensy tool that gives you admin access via a tool like the rubber ducky, all because Power Shell is installed by default in later versions of windows such as Vista, 7, and Windows server OS's. I'm sure a powershell metasploit attack could be done in same fashion remotely.

3- Most BIOS's these days don't require you to work on the machine while at the console to edit the bios settings. Often these are accessible from the desktop, which means you can set a payload to run upon shutdown or reboot, and you wouldn't be the wiser to the fact your bios just got flashed or system attacked. I recently updated my BIOS from within widows, without having to boot off of external media to flash the bios, so access to the low level areas of the real mode system are possible from within the desktop environment.

4 - While this is one way to fix it, some systems might already be infected and the anti-virus rendered useless if it cant identify a problem and it has such low level control of the system

5 - While Stoned might only be used to attack windows machines at this time, its not at all impossible for someone to build a linux or unix version that does something similar if they can gain full control of the box. One might already exist fr linux that we just don't even know about yet. MBR is not somehow onlyu exclusive to windows, its required by all OS's to boot the system, so linux could surely fall prey to the same threat. And if that happens to you, what Antivirus would you be running in a *nix environment that would even be checking for this ;)

Edited by digip
Link to comment
Share on other sites
Guest Deleted_Account

Guest Deleted_Account

Posted
Posted (edited)
Physical access to install it means all bets are off to begin with. I can see it being used both as an admin tool, and a hack tool but I doubt anyone really needs it if they did have physical access to the hardware. Pull the HDD, inspect via an other machine. I think it was more like they mentioned, a proof of concept.

1- Rootkits of this nature do still exist via malware, so its not like you couldn't still get infected by one of these from something you downloaded online.

2 - I would imagine obfuscation and work arounds against standard signatures are probably possible via metasploit or some other method, and escalation to administrator is as simple as having powershell installed in windows and your done. See Dave (rel1k) Kennedy and Iron Geeks work on the Teensy tool that gives you admin access via a tool like the rubber ducky, all because Power Shell is installed by default in later versions of windows such as Vista, 7, and Windows server OS's. I'm sure a powershell metasploit attack could be done in same fashion remotely.

3- Most BIOS's these days don't require you to work on the machine while at the console to edit the bios settings. Often these are accessible from the desktop, which means you can set a payload to run upon shutdown or reboot, and you wouldn't be the wiser to the fact your bios just got flashed or system attacked. I recently updated my BIOS from within widows, without having to boot off of external media to flash the bios, so access to the low level areas of the real mode system are possible from within the desktop environment.

4 - While this is one way to fix it, some systems might already be infected and the anti-virus rendered useless if it cant identify a problem and it has such low level control of the system

5 - While Stoned might only be used to attack windows machines at this time, its not at all impossible for someone to build a linux or unix version that does something similar if they can gain full control of the box. One might already exist fr linux that we just don't even know about yet. MBR is not somehow onlyu exclusive to windows, its required by all OS's to boot the system, so linux could surely fall prey to the same threat. And if that happens to you, what Antivirus would you be running in a *nix environment that would even be checking for this ;)

Lol very true :P maybe i underestimated it :P as for the first point my HDD is encrypted with AES-256 bit if its powerd off no one can access it even with physical access (well not without a few hundred years.):/ I also enabled bios and HDD locks for what they are worth. so installing live (without the malware as you said) would not be easy.

EDIT: And yeah definitely a POC I cannot see this being used in the real world at this point. And by the time it is there will be security mesures against it :P

Edited by x942
Link to comment
Share on other sites
Snubs Grand Master

Snubs

Posted
Posted

Damn, sorry guys! When I did the segment I didn't know it was blocked in some countries.

I know it works in the US states Missouri, California, and Virginia...

Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
  • Author
Posted
Damn, sorry guys! When I did the segment I didn't know it was blocked in some countries.

I know it works in the US states Missouri, California, and Virginia...

It's ok. Not sure why mine is blocked (OH in USA) but I managed to get all the info (papers, presentation, framework).

Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
  • Author
Posted (edited)

The torrent stopped for me. Probably because I was on a banned IP block and the torrent never finished downloading. But I got it from the direct download.

That and not sure why he has banned some countries. Maybe for a good reason and should we really make a work around for that?

Edited by Mr-Protocol
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...