Posts Tagged ‘security’

Gathering passwords with the JAWS builtin keylogger

October 19, 2009

JAWS so helpfully contains a built-in script that logs all keys pressed on the keyboard. This method has a better chance of working on XP than the others. You must have a user account on the machine to make this work.

1. Open Keyboard manager, and open the default file. Add a key to the “ToggleKeyboardLogging” script.

2. Once done, log out of the machine. Your profile will still be loaded. Press that key. The only thing JAWS will say is “enabled”. Log into the machine, then open keystrokes.log in your jaws program directory. all keys pressed will be there, from the last time the script was enabled.

JAWS security flaw, round 2

October 19, 2009

In my First Post, I described a security vulnerability that allowed local users to gain system-level access to a machine. A quick test with JAWS 11.0.729, the release build of JAWS 11, reveals that it is fixed. Here is a slightly different set of instructions that will do the same thing.

1. From the login screen, press insert+j, and navigate to utilities/configuration manager.
2. When configuration manager opens, press control+o.

3. press the Import button. The open dialog will appear.

4. On my Windows 7 test machine, I got an error box that can safely be dismissed. Once done, type %windir%\system32\*.exe into the open dialog.

5. find cmd in the list, and press the applications key on it. Select Run as administrator if it appears. If not, keep following these steps.

6. From cmd’s context menu, pick select. answer no to the question asking you to overwrite settings files, if it comes up.

7. press import, and pick cmd from the list again. Activate the context menu, and select Run as administrator.

If done correctly, you should have an administrative command prompt.

Critical security flaw in JAWS

October 16, 2009

I have found a critical security flaw in the JAWS Screen reader that allows an attacker to gain full system-level access to

the machine. I have tested this on 32-bit Windows Vista
with JAWS 10.0.1154 and 32-bit Windows 7 with JAWS 11.0.611 Beta.

Instructions:

1. From the Windows logon screen with JAWS running, press insert+f2. Run JAWS Manager will appear.
2. Select Settings Packager, and press ok. Settings Packager will open.
3. From Settings Packager, go to File menu > Open, or press ctrl+o.
4. In the open dialog, type “%windir%\system32\*.exe” into the file name field (without the quotes) and press enter.
5. In the list of files, find cmd. Right click on it, or press the applications key and select Run as Administrator.
A system-level command prompt should open. To get out of it, type exit and press enter, then close the Settings Packager.

Update: audio demonstration available here.
 

Contact information:
tyler Spivey
Email: tspivey@pcdesk.net, PGP key: 0x048C58A4
Twitter: tspivey