White Wolf Security #080922-1:

Exploiting Systems Through ActiveSync


Summary

As of ActiveSync 4.0, Microsoft has incorporated the Remote Network Driver Interface Specification (RNDIS) into creation of a syncing session between a Windows Mobile device and its host PC. While the implementation of this technology has numerous advantages, it also creates an exploitable situation by which a host PC can be attacked. White Wolf Labs has researched out this issue and designed a proof of concept that illustrates how this vulnerability can be exploited. For more details on this work, check out the article titled Exploiting Systems through ActiveSync. We have provided a short video demonstration showing how the vulnerability can be used against a host PC, along with a proof of concept executable (ActiveSink), and the packet captures used to exploit the host PC.


Video


Binary Files

ActiveSink Download [Windows Mobile Binary]
Netcat for Windows Mobile (Needed to receive a reverse shell to the handheld.)


Packet Capture Files

Adding a new Administrator user to a Windows PC [PCAP]
Generating a Reverse Shell from a Windows PC [PCAP]


Contact

Source code for the tool is available to any interested. Please contact info@whitewolfsecurity.com.