Hackers are constantly looking for new ways to compromise our security. Every so often new techniques, vulnerabilities and even malware appear that can be used to jeopardize the security of both users and companies. However, threats can always hide where we least expect. And one example of this is how an innocent CMD command, finger, can be used to steal any file from our computer.
The “Finger” command is one of the latest additions to the Microsoft operating system. With it, it is possible to easily retrieve all the information from any remote computer that uses this same service. Initially, this command is intended to make the administration of corporate networks easier for administrators. However, a researcher has discovered that it may actually have a hidden use.
The Finger command can be used to download files
As this researcher has shown, this inoffensive command for CMD can very easily become a file downloader that allows us to copy any data saved on the remote computer that we consult to our PC . And not only that, but with a few small changes, it can become a complete command-and-control server to remotely control malware, send commands, and filter data.
Normally companies usually block port 79 used by this command to work. However, it is very easy to bypass this block, redirect the port to another and be able to enter any company without raising suspicions. Even Windows Defender is unable to detect this anomalous activity.
An exploit demonstrates how Finger works
This security researcher has posted a video demonstrating how this weakness works. On the one hand, you have created a script that acts as a server, within a server, and a script in BAT that runs on the client side. As you can see, the client ends up downloading all the files from the server without raising the slightest suspicion from the antivirus.
It is very rare that this vulnerability is exploited domestically. But it could happen. And, for now, there is no way to protect yourself from it. Therefore, if we do not want to end up being “touched” by Finger, what we must do is take extreme precautions and be careful with what we run on our PC.
Other similar bugs in Windows 10
The CMD Finger command is not the only one that can be used to download files remotely. Without going any further, for example, Windows Defender itself has received an argument function, DownloadFile, which can be used for malicious purposes, to download malware remotely on the PC. But he’s not the only one.
The certutil.exe tool can also be used in a similar way to download files remotely from a computer, although in this case Windows Defender does detect and block it. And another similar example is the desktopimgdownldr.exe process, used by Windows 10 as part of CSP to customize the lock screen and desktop backgrounds.
Even Microsoft Teams , that program that has become so popular with the rise of telecommuting, is capable of being used to remotely execute malware. There is no magic way to protect ourselves. Threats can be hidden anywhere.
But to avoid ending up being victims of hackers, the best thing to do is make sure we keep our operating system always up to date, and have good security software (antivirus and firewall) to help us detect, and block, possible suspicious activities.