Ok, that is kind of clever.
Though I suppose even the dumbest user will chicken out once the terminal pops out.
With that shortcut only a tiny run window will appear and not the scary terminal
I tried it and it’s not working for me, my terminal is super+T and paste is Ctrl+Shift+V
Ooooohhh… Been using Ubuntu and Mint next to Windows for a couple years and always right-clicked to paste. So that’s the secret sauce!
Shift-insert works too, one key less
But insert is farther than shift :P
That’s so sassy I kinda respect it.
Too bad for those who fall for it.
Kinda brilliant to disguise malware as a captcha, though. I won’t be surprised.
its not working, my krunner bind is windows+d
Why not Alt+F2?
I have fn lock on for volume and brightness, so that becomes Alt+FN+F2
Instructions were unclear, ransomware dev now owes me 0.15 bitcoin.
That is extremely hilarious
Except for the fact that a lot of less tech savvy people will fall for it.
diabolical
This reminds of when I was 13 I used to tell my opponents in Warcraft 3 that pessing alt+q+q quickly reveals the map. It’s a shortcut for closing the game. Worked way to many times
I do see this working
/disco mode on
btw if you want to try and hack me, my IP is 127.0.0.1
We’d constantly get people by telling them holding alt and typing fax would get mirc to give them ops. Usually about a quarter of the channel would drop out.
ALT+F4 for free funds, opened alot of slots on bfh servers whenever my friends couldn’t join.
Followed instructions but verification failed, seems like nothing happened except dick got stuck in toaster again. Using Arch, btw.
You have to
pacman -S femboy
first.
As someone tech literate that looks hilarious to follow through with.
But if not, that really does seem similar to a normal captcha with fairly simple steps.
Anybody got more info on the actual payload?
powershell.exe -eC [payload_w_base64]
is mentioned here.-eC
just means encoded command afaik.This is actually pretty smart because it switches the context of the action. Most intermediate users avoid clicking random executables by instinct but this is different enough that it doesn’t immediately trigger that association and response.
Thats why on Linux you need to run the sudo command and type the root password (or user password) to install something. I get this isn’t Linux but its a serious security vulnerability that someone could run a super user level command by clicking yes on a confirmation box that pops up so often that nobody thinks twice.
You don’t need root access to steal all of the data that your user account has access to.
If Linux was more popular, you would definitely see a Linux variant of this doing the exact same thing.
The only issue I see with targeting Linux is the sheer variety of Desktop setups. Finding one keyboard shortcut and payload that will work on even just the majority of distros would be a challenge.
(Citation needed)
The goal is not always to “take control” of the whole system. A cryptolocker that makes all your files unreadable will happily run in user space.
Also, you’re forgetting that windows also have UAC, and that people will happily type the admin password of their device when asked to, because they’ve been conditioned to not care by badly made stuff. And, while win+r is unlikely to work in most Linux DE I know about, triggering a visual prompt that ask for your password is also a thing.
There is not much difference between common Linux distro and windows as far as seizing user files with malware is concerned, aside from the fact that no website will care to try telling you “press alt+space” instead of “win+r”.
The behavior is configurable just like it is on linux, UAC can be set to require a password every time.
But I think its not set this way by default because many users don’t remember their passwords, lol. You think I’m kidding, you should meet my family…
Also, scripts can do plenty without elevation, on linux or Windows.
It should be default, its a good security practice and not every app needs super user permissions.
But something like this can still erase everything stored in your home folder or launch further exploits to gain root or something.
Its a lot harder and can do significantly less damage if it doesnt have root privileges, its like how putting a lock on the door to your house wont stop thieves but its better then not having one.
Bruh, let’s say an attacker deleted all of my important documents, say book drafts, and assume I don’t have a backup.
Now my progress has been set back six months and the publisher is angry.
Would I care if they deleted my system files or not?
So inventive these guys. If only we could harness that ingenuity for the common good instead, it would have a huge impact.
“To prove that you are human, donate $$$ to Doctors Without Borders.”
“To prove that you are human, register to vote.”
“To prove that you are human, adopt a pet from the local animal shelter.”
To prove you are human, a turtle is upside down, or whatever the blade runner test thing was.
“To prove that you are human, adopt a pet from the local animal shelter.”
I’ve got 22 cats already, but I need to check my email!
THEY’RE EATING THE DOGS. THEY’RE EATING THE CATS.
Sorry.
PLEASE ADOPT VERIFICATION CAT TO CONTINUE
Fwiw there are a large number of people who volunteer their time and effort toward worthwhile projects. It’s just they don’t get rewarded anywhere near the level of benefit that they provide.