Windows 10 ansi escape sequences11/19/2023 ![]() "Every 10 years or so someone tries to do something like this," Stök told us. OSC52, which adds clipboard support to the terminal, can also be abused to inject malicious content into the clipboard buffer. You probably don't want people including click-able malicious links in your log files. ![]() Microsoft has since added the ability to link to files using OSC8. OSC8, for example, is used to include links in text. That answer was found in the form of operating system commands, or OSCs, which Stök said he was able to abuse to accomplish his goal. Proprietary or special escape codes implemented by developers of various terminal apps were also looked at as an attack vector before Stök said he finally asked himself the question: "Is there anything that's been widely adapted, trusted and used by most terminal users that could be weaponized?" Moore's technique, which involved changing the title of terminal windows using ANSI escape sequences, has long been addressed, Stök said, as have other vulnerabilities discovered by security researchers including Giovanni Pellerano and Eviatar Gerzi. There's a long history of ANSI escape sequence attacks to look at for inspiration, and Stök went all the way back to a 2003 attack developed by infosec guru and Metasploit project founder H D Moore for inspiration. "You can design and inject a whole UI with escape sequences – the sky's the limit," Stök said. We can imagine some buffer overflow-style bugs could be exploited, too, if present. When it comes to examining an incident or strange system behavior, Stök said, lots of people tend to start by running their logs through cat, grep, awk, and/or one of several apps that can display the contents of a log file.Īs Stök told us, some tool along that chain may accept and follow any ANSI escape sequences included in that input stream, so if an attacker can manage to get some carefully crafted codes embedded in a log file – such as in a profile name or some submitted feedback – you could end up with a mangled or manipulated view of your IT situation. "Log files are a very, very important thing when it comes to creating a timeline of a breach," Stök said. But hey, that was years ago, and now is a good time as any to remind people about cleaning user input before handling it. ![]() Some of us older vultures can recall being warned back in the day about cat'ing log files and other sources with potentially user-submitted data, in case whatever was processing and displaying the information – such as a filter and terminal emulator – had a bug that could be exploited by that input. You can design and inject a whole UI with escape sequences – the sky's the limit "Somebody is going to break stuff with this," Stök told The Register, and log files would be one thing to stuff up.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |