| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <98de0b550512150035wfa3acdcm4103fb6f64104ff3@mail.gmail.com> Date: Thu Dec 15 08:35:48 2005 From: avnerus at gmail.com (Avner Peled) Subject: Another Checkpoint SecureClient NGX SCV Bypass Hello all, After reading the post on http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039634.htmlabout disabling secure configuartion verification in Checkpoint's SecureClient I thought I'd post my own findings. My method of bypassing the check also requires Administrator privileges but does not require anything running in the background. Here are the steps I took to bypass the check. 1. Download the free OPSEC Desktop SDK from www.opsec.com 2. Prepare an scv dll using the sample scv plugin in the sdk, have the plugin always return SCV_CHECK_PASSED in Status() function. 3. Make a copy of that dll for each dll that is being used by the policy, each time changing the #define PiName for the name of the check you want to bypass (For example AntivirusMonitior, RegMonitor). Copy the new dll's (dll name could be different) to Program Files\Checkpoint\SecureRemote\scv 4. Stop secureclient. 5. Use the tool provided in the sdk PiReg.exe to unregsiter (-d flag) the monitor dll's in Program Files\Checkpoint\SecureRemote\scv 6. Use the same tool to register all of the dll's with the same PiName. 7. Start secureclient. "Configuration Verified" --------------------- Avner Peled. avnerus@...il.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051215/790c3f19/attachment.html
Powered by blists - more mailing lists