Forums: Reg-key Against Dcom Exploit ?! - Forums

Jump to content

  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Reg-key Against Dcom Exploit ?! check this pls ...

#1 User is offline   =k3Rn= 

  • Corporal
  • Icon
  • Group: Members
  • Posts: 158
  • Joined: 17-September 03

Post icon  Posted 15 October 2003 - 06:43 PM

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="N"

can you secure a system by using this reg-key do that dcom service isnt started at all?

thx for any replies!
0

#2 Guest_noam_*

  • Group: Guests

Posted 15 October 2003 - 08:58 PM

as far as i know, it works perfectly!
it disables dcom, so both dcom1/2 are "patched" :)
0

#3 User is offline   virus 

  • Specialist
  • Icon
  • Group: Members
  • Posts: 506
  • Joined: 05-July 03

Posted 15 October 2003 - 10:57 PM

already discussed at the forum .....
but I'll let this one stay as its a separate thread and is helpful for protecting against DCOM exploits ;)
0

#4 User is offline   thatsmej 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 103
  • Joined: 17-August 03

Posted 15 October 2003 - 11:35 PM

noam, on Oct 16 2003, 04:58 AM, said:

as far as i know, it works perfectly!
it disables dcom, so both dcom1/2 are "patched" :)

i tried it local..
and was still able to get my self a shell on rpc1...

microsoft says it should work...
but on my win2k sp3 it didnt...
0

#5 Guest_hermel_*

  • Group: Guests

Posted 16 October 2003 - 03:48 AM

It works first after a restart
0

#6 User is offline   =k3Rn= 

  • Corporal
  • Icon
  • Group: Members
  • Posts: 158
  • Joined: 17-September 03

Posted 16 October 2003 - 04:22 PM

ok, one restart. but then it should be fixed - right?
0

#7 Guest_0xc0000005_*

  • Group: Guests

Posted 17 October 2003 - 01:19 AM

i remember that shit is a little bit old to change the reg key from Y (=YES) to "N" (=NO)

but @ Linux regedit this entry doesn't exist, or?!
0

#8 Guest_hermel_*

  • Group: Guests

Posted 17 October 2003 - 01:45 AM

@ =k3Rn=
Yes ;)

@ 0xc0000005
No it works only on WIN
0

#9 Guest_dozolax_*

  • Group: Guests

Posted 19 December 2003 - 07:33 PM

good post
0

#10 User is offline   ST. 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 94
  • Joined: 29-December 03

Posted 19 January 2004 - 03:01 PM

if i'll disable it, what i'll lose?
system stability will be ok?
0

#11 User is offline   virus 

  • Specialist
  • Icon
  • Group: Members
  • Posts: 506
  • Joined: 05-July 03

Posted 20 January 2004 - 07:44 AM

I disabled it on my system and works fine. Basically depends on the applications that you are using. Maybe you have an app that uses DCOM ..... so it depends
0

#12 Guest_Dinos_*

  • Group: Guests

Post icon  Posted 20 January 2004 - 08:07 AM

Greetings,
My first post in the board... There is no problem disabling the key, unless you are one of the following: a) a user working with shared contacts in a ms exchange server enviroment B) a user working with very specific web base programs.

Regards,
Dinos
0

#13 User is offline   TaScam 

  • Private
  • Icon
  • Group: Members
  • Posts: 15
  • Joined: 01-February 04

Posted 02 February 2004 - 07:38 AM

only the restart :( . But is beter then be rehacked. So nice solution :)
thx M8
0

#14 User is offline   vnet576 

  • Specialist
  • Icon
  • Group: Members
  • Posts: 1,000
  • Joined: 01-August 03

Posted 02 February 2004 - 08:09 AM

TaScam, on Feb 2 2004, 10:38 AM, said:

But is beter then be rehacked.

So u are already hacked?

:lol:
0

#15 User is offline   forza 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 88
  • Joined: 12-February 04

Posted 16 February 2004 - 11:43 AM

or just this tool
http://grc.com/dcom/ :-)
0
  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting