Re: smtpsvc and undocumented registry values

[Andres Tarasco <atarasco () gmail com>]

Try Microsoft IIS Metabase Editor to change that data.

btw, there is a nice pdf about hardening Windows 2003 from
safehack.com people  that explains how to change it

regards,

Andres Tarasco

On Wed, 23 Feb 2005 18:26:40 +0100, Thierry Haven
<thierry.haven () xmcopartners com> wrote:
> Hi,
> I've been hacking around smtpsvc.dll (Windows Server 2003) in order to hide the Server version when a mail is relayed:
>
> Original header:
> "from [192.168.X.X] ([192.168.X.X]) by winserv2003 with Microsoft SMTPSVC(6.0.3790.0);   Wed, 23 Feb 2005 15:47:51 
> +0100"
>
> I found that it is possible to remove this information by patching the code directly in the DLL:
>
> Modified header:
> "from [192.168.X.X] ([192.168.X.X]) by winserv2003 with some server;     Wed, 23 Feb 2005 15:49:51 +0100"
>
> ... Assuming that smtpsvc.dll checks its own version at runtime by retrieving information in the .rsrc section of the 
> PE thanks to version.dll calls. However I'd like to know if there is a better way to disable this "feature" (maybe a 
> key in the registry ?).
>
> Next I'd like to ask about such undocumented registry values. Where to find information about them ?
>
> Best Regards,
>
> _______________________________________
> Thierry Haven - Xmco Partners
> Security Consulting / Pentest
> web  : http://www.xmcopartners.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
Loco de aTar
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html