New research has uncovered critical vulnerabilities in Python applications for Windows, including Snowflake, Gradio, Jupyter, and Streamlit, that could allow hackers to steal NTLM credentials. Learn how to protect your systems from this critical security threat.
Researchers at Horizon3.ai have discovered a critical vulnerability in a Python Windows application that could allow hackers to steal NTLM credentials.
NTLM (NT Lan Manager) is a legacy authentication protocol still widely used in Windows environments. Successful exploitation of this vulnerability could allow an attacker to gain access to your network and sensitive data.
A technique commonly used in internal penetration testing, NTLMv2 hash stealing exploits Microsoft Outlook to exploit issues such as legacy LLMNR/NBT-NS protocols and forced authentication vulnerabilities such as PetitPotam. Tools such as responder and ntlmrelayx are used to exploit this technique.
In a report shared with Hackread.com ahead of its publication on August 23, 2024, Naveen Sunkavally of Horizon3.ai explained that NTLMv2 hash theft can occur on Windows hosts when auditing web apps through Server-Side Request Forgery (SSRF) or XML External Entity (XXE) vulnerabilities.
According to the researchers, the vulnerability in the Python framework stems from the way files are retrieved: in Python, “file system operations performed on insufficiently validated input can lead to the leakage of NTLMv2 hashes,” Naveen noted.
New SSRF vulnerabilities have been discovered in popular Python frameworks, including Hugging Face's Gradio, Jupyter Server, and Snowflake's Streamlit, exposing NTLMv2 hashes in popular AI tools that run on these frameworks, including Jupyter Notebook, JupyterLab, and Streamlit.
The vulnerability results from a flaw in the way these frameworks handle file paths on Windows. The flaw in Gradio could allow an attacker to send a crafted path to a malicious server, revealing the NTLMv2 hash of the user running the framework.
The use of Python's os.path.isabs function and Gradio's werkzeug.security.safe_join can also lead to similar NTLMv2 hash leaks. The Jupyter Server flaw involves a static file handler that uses os.path.isfile to check for the existence of a file before verifying the path's validity. The Streamlit flaw is similar and allows attackers to leak NTLMv2 hashes on vulnerable Windows systems.
By capturing the NTLMv2 hash, an attacker can exploit vulnerabilities in Internet-exposed applications, such as the “Share” feature in Gradio. In addition, an attacker can exploit the SSRF vulnerability to trick an application into sending requests to a malicious server, leaking the NTLMv2 hash. User-run applications are at higher risk because they typically have weaker passwords than system accounts.
Additionally, NTLMv2 hashes can be used in relay attacks to gain access to other network resources that the compromised user has access to. An example was found in a real-world penetration test by NodeZero.
To stay safe, configure your firewall to block outgoing SMB traffic to the Internet to prevent exploitation of vulnerabilities that rely on forced Windows authentication. Update Python to the latest version to avoid the os.path.isabs bug present in versions below 3.11.2 (especially for Windows users). Finally, update vulnerable applications to the latest version: Gradio: 4.20+, Jupyter Server: 2.14.1+, Streamlit: 1.37.0+.
Related Topics
- PyPI is being exploited to infiltrate systems through Python packages
- Qubitstrike malware attacks Jupyter Notebooks, performs cryptojacking
- Python in Threat Intelligence: Analyzing and Mitigating Cyber ​​Threats
- VMCONNECT: Malicious PyPI packages mimicking Python tools
- New version of Jupyter Infostealer distributed via MSI installer