■使い方
C:\>srvcheck2 -?
Services Permissions checker v2.0
(c) 2006 Andres Tarasco - atarasco@gmail.com
Usage:
-l list vulnerable services
-m <service> modify the configuration for that service
-c <command> Command to execute throw remote service
by default. bindshell application will be used
-H <Host> specify a remote host to connect ip/netbiosname)
-u <user> if not seletected Default logon credentials used)
-p <password> if not used Default logon credentials used)
-? Extended information with samples
examples:
srvcheck.exe -l (list local vulnerabilities)
srvcheck.exe -m service (spawn a shell at port 8080)
srvcheck.exe -m service -c "cmd.exe /c md c:\PWNED"
srvcheck -l -H host (list remote vulnerabilities)
C:\>
■MD5Sum
89b7dbaa6ef619f8c681ec077ae68d3c
■File Size
36,5 KB
■Description
Proof of concept of Sudhakar Govindavajhala and Andrew Appel paper (http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
) Running as an unprivileged user you can test if your services are vulnerable and can be used to install a backdoor. Both source code and binary included
Microsoft advisory: http://microsoft.com/technet/security/advisory/914457.mspx
SrvCheck v2.0 is able to perform this checks remotely using for example domain user credentials
Third part affected Software:
HP Software: "Pml Driver HPZ12" (HP Printer Laserjet 4200L PCL 6)
Audodesk: "Autodesk Licensing Service"
Dell Power Managment Software for network cards: "NICCONFIGSVC"
Macromedia: "Macromedia Licensing Service"
Zonelabs.com TrueVector Device Driver: "vsdatant"
C-Dilla Software: "C-DillaCdaC11BA"
Macrovision SECURITY Driver (Security Windows NT): "CdaC15BA"
Macrovision SECURITY Driver (Security Windows NT): "SecDrv"
Download FIX
Here is a short list of Known vulnerable services under XP sp2:
- Advanced User:
service: DcomLaunch ( SYSTEM )
Service: UpnpHost ( Local Service )
Service: SSDPSRV (Local Service)
- User:
Service: UpnpHost ( Local Service )
Service: SSDPSRV (Local Service)
- Network Config Operators:
service: DcomLaunch ( SYSTEM )
Service: UpnpHost ( Local Service )
Service: SSDPSRV (Local Service)
Service: DHCP ( SYSTEM )
Service: NetBT (SYSTEM - .sys driver)
Service DnsCache (SYSTEM)
Windows 2000 Professional SP4:
- Power User:
service: WMI - Windows Management Instrumentation Driver Extensions ( SYSTEM )
Windows 2003 Standard Edition:
- Power User:
service: DcomLaunch - DCOM Server Process Launcher ( LocalSystem )
service: kdc - Kerberos Key Distribution Center ( SYSTEM )