April 13 guys from the SPEAR wrote a post about the vulnerability in all versions of Windows. Strange that it was done until now. The vulnerability was published many years ago, when Internet Explorer was much more common than Netscape Navigator, and chromium in those days was not at all. Briefly about the vulnerability When you call to the SMB resource (for file: //) components IE sent in the request for authorization data. Sent as a local login on the system, and NTLM hash of the user. Thus it is possible to obtain data for authorization on the victim's computer. Vulnerable not only IE, but the software and that uses the components to communicate with the world, or the local network. The basis of the attack is to intercept HTTP requests from the user and redirect it to the attacker resource on which the software is deployed, the client requesting authorization data. This is done very simply, for example, a response to the HTTP request through the 302 redirect code and redirect to the appropriate protocol, in this case file. To carry out the attack, use the following software: SMBTrap - to intercept the authorization data Ettercap - for ARP and DNS spufiga Nginx - to redirect the circuit file Video https://www.youtube.com/watch?v=YlFmdCemANQ