Penetration Testing mailing list archives

Re: NT/IIS Decoy

From: "Qazi M.M. Ahmed" <qaziahmed () pakcert org>
Date: Wed, 12 Dec 2001 08:03:43 -0800

You can disable Windows File Protection (and enable it again) in Windows2000 by editing registry keys. A hex editor will do the rest for w3svc.dll

You can find details about Windows File Protection (how toenable/disable etc) here:


http://www.microsoft.com/hwdev/driver/sfp/wfp.asp

For XP Windows File Protection, you have to edit the file:

%systemroot%\system32\restore\filelist.xml

Add the filename in the exclude section to disable protection for thespecific file.


Qazi M.M. Ahmed


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

NT/IIS decoy Lambott (Dec 10)
- Re: NT/IIS decoy Michael Katz (Dec 10)
- Re: NT/IIS decoy Chuck Fitzpatrick (Dec 10)
- <Possible follow-ups>
- RE: NT/IIS decoy nvondadelszen (Dec 10)
- RE: NT/IIS decoy Clement-Evans, Rhys (Dec 11)
- RE: NT/IIS decoy Thor (Dec 12)
- Re: NT/IIS Decoy Qazi M.M. Ahmed (Dec 12)