Totally over rated, Most distributions have fixed it by ether removing the daemon, or disabling it. This is not Windows were it takes them for weeks to fix anything.
@regisu8517 сағат бұрын
Nice explanation! Thanks
@pierrecolin637619 сағат бұрын
31:58 Your telnet expects " " newline sequences while the remote terminal only prints " ". After skimming the manpage, I think the onlcr option in stty can address that.
@MalwareCube18 сағат бұрын
@pierrecolin6376 nice catch :)
@mohammedmuzammilali32020 сағат бұрын
awesome poc. thanks for the video
@twr464121 сағат бұрын
Awesome demo. Great narration. Thank you! I am not a linux person, what surprised me is that apparently it seems common practice that network printers located outside your LAN can simply advertise themselves to your linux box. Mitigation imho would be fixing firewall settings or adding OS specific protection against accepting IPs outside your home turf. If this exploit is based on mDNS, I would doubt though that mDNS would be sble to cross your subnet in the first place. Or did I miss a crucial point? I have to admit I have definitely blind spots when it comes to Linux 😊 Thanks anyway for taking the time & explaining the mechanics behind this in such a well paced way, I am sure it helps many people better judge their personal risk.
@MalwareCube20 сағат бұрын
@twr4641 thanks! Yeah there is a way to exploit internet facing systems that doesn't use the mDNS method just by sending over a UDP port 631 packet. This video demonstrates that LAN / local network method since it was a bit easier to lab, but the original blog I linked shows the WAN entry point method as well :)
@twr464117 сағат бұрын
@@MalwareCubeThat makes sense. I am sure the service might be triggerable in a variety of ways. Thanks for demoing this vulnerability at just the right pace.
@MartinWoadКүн бұрын
Rather than trying to come up with a printer brand just call it "Print to PDF". I guarantee most enteprise workers would fall for it. You can even make the command actually produce a pdf file and they wouldn't notice the impact.
@MalwareCube20 сағат бұрын
@@MartinWoad fantastic idea, you're right.
@Abhinav-MRКүн бұрын
Dude, I was watching this video 2 days ago when you had 999 subscribers. Now you have 1.41k. Nice!! Great explanation indeed. Loved it
@MalwareCube20 сағат бұрын
@@Abhinav-MR thank you so much!
@salvationbygracethroughfaithКүн бұрын
i strip all services and block all ports except ipsec protected ports needed for my servers. pretty much eliminates all kinds of low hanging fruit attacks. even if i never update my systems again. Of course a motivated attacker is a different story
@royalcanadianbearforce9841Күн бұрын
Loved the lab demo. Great video!
@stanislavsmetanin1307Күн бұрын
Awesome. Thanks. 🥲
@stxythesameКүн бұрын
8:20 @PirateSoftware REF 💅
@neuromaskКүн бұрын
😈🖨 EvilPrinter
@javabeanz8549Күн бұрын
Ubuntu had the patched CUPS packages out early that morning ( West Coast US )
@drkwrk5229Күн бұрын
Not interesting really. Problem is.. cups.. desktop.. NAT.. != normally on public IP... So it makes it incredibly boring.. and no one in their right mind put it on the internet.. But as a horizontal vector.. sure
@MalwareCubeКүн бұрын
correct, but at least 75k had put it on the Internet. Actually, according to Marcus Hutchins' research, he found 107,287 Internet exposed cups-browsed instances. Not really a nothingburger but I wouldn't clock it as a 9.9 either.
@saimanish4374Күн бұрын
Brilliant walkthrough 😍😍😍
@Mcohen20Күн бұрын
Really great explanation!
@JamalHiggins23Күн бұрын
Great video, earned a sub bro!!!
@muqsitbaigКүн бұрын
Amazing video man. Loved the way you went into detail and explained everything.
@erglaligzda2265Күн бұрын
Why this is so highly rated? Well I could bet on "now printers work fine, we will fix issue later". Later comes never and everybody forgets about it. :)
@MalwareCubeКүн бұрын
@@erglaligzda2265 considering one of the CVEs has basically been around since 2011, you're probably right 😅
@sirseven3Күн бұрын
Actually yes. I've found clues of this attack style at an enterprise and ive spot checked all of the printers and some managers reported this issue a year ago and nothing happened.
@pawleyjamesКүн бұрын
i will keep my macbook no linux
@stolenlaptopКүн бұрын
Pretty sure Mac uses cups.
@alignedfibers2 күн бұрын
Proper NAT, and keeping your local network secure is important, obviously port 631 should be blocked on your public network facing nics.
@comosaycomosah2 күн бұрын
this channel is such a gem bro hope you get more subs soon! Edit: btw do you know your site is down it may be my filters but i dont think so
@MalwareCube2 күн бұрын
Thank you so much! me too :) lol
@seba197622 күн бұрын
So, for a user behind NAT, there's nothing to worry about?
@ADudeOnTheInternet2 күн бұрын
You didn't really do anything wrong except not align xterm with your terminal sizing. You I believe were using xterm-256-color but regardless you can fix it with exporting the terminal size with stty rows and columns. Good video.
@MalwareCube2 күн бұрын
@ADudeOnTheInternet ahhh yes, that's what it was. Good catch lol. And thank you :)
@Thiccolo2 күн бұрын
subbed
@neotokyo982 күн бұрын
hey congrats on hitting 1000 subscriber. I'm the 1000th subscriber
@MalwareCube2 күн бұрын
Woot! that's huge, thank you for being 1k. 🥳
@OfflineSetup2 күн бұрын
The vulnerability is concerning, but of more concern is THE LINUX COMMUNITY (not the developers) trying to play down the seriousness.
@MalwareCube2 күн бұрын
I think it will be interesting to see how it plays out. The CVEs have already been downgraded slightly from what it was originally hyped up to be.
@-iIIiiiiiIiiiiIIIiiIi-2 күн бұрын
The devs HAVE played this down. I get where they are coming from. It's a lot o work to fix this. They just don't have the will or resources to tackle this fix.
@ramseyibe28442 күн бұрын
Great video
@MalwareCube2 күн бұрын
@ramseyibe2844 thank you :)
@praisong74752 күн бұрын
Great video and explanation
@TylerRamsbey2 күн бұрын
Awesome stuff. Thank you for covering this!
@MalwareCube2 күн бұрын
@@TylerRamsbey thanks for watching Tyler!! 🙏
@DarkSw0rD2 күн бұрын
thanks
@DalBileAbas2 күн бұрын
Thanks for the thorough demo.
@JuanBotes2 күн бұрын
thx for the nice explanation and POC \o/
@YousefNein3 күн бұрын
Great video. Thanks for sharing
@richscaglione8 күн бұрын
Fantastic video, Andrew! Thank you for putting this together and sharing. Looking forward to more videos in the future.
@MalwareCube8 күн бұрын
Thanks so much :)
@lightningdev19 күн бұрын
I got the same email. John Hammond made a video about the same "fake captcha" phishing attempt this week too. Was funny to see it in the wild literally the day after watching that video.
@neikidev9 күн бұрын
Hey, great video! Saw myself in the VT community tab :D Keep it up!
@MalwareCube9 күн бұрын
no way, that's really cool! Thank you.
@aimenatwi9 күн бұрын
I laughed so hard when i saw "press pasta then enter" asking me to run your malware on my computer for you is crazy lol
@dakota98219 күн бұрын
Fr
@IndustryOfMagic10 күн бұрын
5:48 19/96 vendors spam it malicious and -50 community score for me on virustotal at the moment of writing this comment
@MalwareCube9 күн бұрын
And still climbing!
@IndustryOfMagic10 күн бұрын
5:48 19/96 vendors spam it malicious and -50 community score for me on virustotal at the moment of writing this comment
@readysetexploit10 күн бұрын
Literally at 3:20 I noticed the creation date and 4 seconds late you pointed that out, awesome And woah that captcha and JS was wild Thank you for this great contribution to the community
@MalwareCube10 күн бұрын
Thank you! I got lucky with this sample, it was the perfect amount of clever and entertaining
@zerosploit11 күн бұрын
got the same email but mine was from 'thehackingsage/hacktronian'
@aakashraman27411 күн бұрын
Great video Andrew, its so unique what Copy Paste can do! John Hammond covered the same technique too!
@NoNoandNo-no14 күн бұрын
Hi Andrew, I wanted to ask this during the Cyber Mentor live session, but I missed the notification, unfortunately. Do I need to learn Python and scripting for a SOC analyst role? If so, where should I start?
@MalwareCube14 күн бұрын
@NoNoandNo-no yeah it can be useful as you progress in the SOC or move into more engineering roles. I wouldn't put it as a requirement as an entry level analyst (meaning I think there are other areas that should take priority first) but you'll sometimes see it as a "nice to have " on job postings. I can only suggest TCM's python course as personally I haven't taken any others to compare, but I thought it was a great foundation.
@k_usuan28 күн бұрын
Very good walkthrough . Bravo
@ImTheMrFoxman2 ай бұрын
How well does port scanning run through this? Still hot garbage, or does this work a lot better?
@MalwareCube2 ай бұрын
It's way faster than some of the other methods. And you can still run syn scans through it, which if I remember correctly is a limitation with something like Chisel.