[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] smtpsvc and undocumented registry values
- To: Thierry Haven <thierry.haven@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] smtpsvc and undocumented registry values
- From: Andres Tarasco <atarasco@xxxxxxxxx>
- Date: Wed, 23 Feb 2005 21:08:04 +0100
Try Microsoft IIS Metabase Editor to change that data.
btw, there is a nice pdf about hardening Windows 2003 from
safehack.com people that explains how to change it
regards,
Andres Tarasco
On Wed, 23 Feb 2005 18:26:40 +0100, Thierry Haven
<thierry.haven@xxxxxxxxxxxxxxxx> wrote:
> Hi,
> I've been hacking around smtpsvc.dll (Windows Server 2003) in order to hide
> the Server version when a mail is relayed:
>
> Original header:
> "from [192.168.X.X] ([192.168.X.X]) by winserv2003 with Microsoft
> SMTPSVC(6.0.3790.0); Wed, 23 Feb 2005 15:47:51 +0100"
>
> I found that it is possible to remove this information by patching the code
> directly in the DLL:
>
> Modified header:
> "from [192.168.X.X] ([192.168.X.X]) by winserv2003 with some server; Wed,
> 23 Feb 2005 15:49:51 +0100"
>
> ... Assuming that smtpsvc.dll checks its own version at runtime by retrieving
> information in the .rsrc section of the PE thanks to version.dll calls.
> However I'd like to know if there is a better way to disable this "feature"
> (maybe a key in the registry ?).
>
> Next I'd like to ask about such undocumented registry values. Where to find
> information about them ?
>
> Best Regards,
>
> _______________________________________
> Thierry Haven - Xmco Partners
> Security Consulting / Pentest
> web : http://www.xmcopartners.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
Loco de aTar
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html