lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: thierry.haven at xmcopartners.com (Thierry Haven)
Subject: smtpsvc and undocumented registry values

Hi,
I?ve been hacking around smtpsvc.dll (Windows Server 2003) in order to hide the Server version when a mail is relayed:

Original header:
"from [192.168.X.X] ([192.168.X.X]) by winserv2003 with Microsoft SMTPSVC(6.0.3790.0);	 Wed, 23 Feb 2005 15:47:51 +0100" 


I found that it is possible to remove this information by patching the code directly in the DLL:

Modified header:
"from [192.168.X.X] ([192.168.X.X]) by winserv2003 with some server;	 Wed, 23 Feb 2005 15:49:51 +0100" 

... Assuming that smtpsvc.dll checks its own version at runtime by retrieving information in the .rsrc section of the PE thanks to version.dll calls. However I'd like to know if there is a better way to disable this "feature" (maybe a key in the registry ?). 


Next I'd like to ask about such undocumented registry values. Where to find information about them ?


Best Regards,

_______________________________________
Thierry Haven - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ