Explain Badlock and its use.

314    Asked by WandaMay in Java , Asked on Oct 17, 2022

A while back there was an announcement for the disclosure of a security vulnerability named "Badlock" - including this fancy name and a logo.

How can an attacker gain administrator access by exploiting Badlock?, or formulated slightly differently: How does badlock work?

How could I mitigate it if there was no patch?


Answered by Tanya verma

Badlock was massively overhyped and, it turns out, the name has nothing at all to do with the vulnerability (it has nothing to do with bad locking, mutexes, or anything of the sort). It requires a man-in-the-middle attack to carry out, and allows an attacker to execute arbitrary Samba network calls using the context of the intercepted user. The attacker will gain read and write access to the SAM database and will have access to password hashes, which they can use to elevate privileges.


The vulnerability is CVE-2016-2118. According to its description page:

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com