cancel
Showing results for 
Search instead for 
Did you mean: 
sagarmc004
Level 7

Tampering XML, CFG, REG and other configuration files

Hi,

I have an interesting scenario here. I was doing a security audit on Solidifier installed on Windows and below are my results.

a)  I created an executable (Solid.exe) which reads, write and execute the configuration (XML) file. I solidified the system and then modified the XML file to delete few files, directories and executable from the system.

      When I executed Solid.exe, I was able to delete the files, directories and executable from the system. 

     This means that solidifier do not protect XML and other CFG files ? These configuration files can be tampered, modified and can be used to perform unintended actions cause a denial of service ?

b) I created some registry files which hardens the TCP and I solidified the system. Then I changed the registry values to make the system insecure ( no more TCP hardening). I executed the registry file and the registry update was successful.

I know we have write-protect-reg and write-protect, but due to some requirements, you may can't completely lockdown people from writing into registry or config files.

Is there way to achieve this ?

Message was edited by: sagarmc004 on 4/19/13 12:14:26 AM CDT

Message was edited by: sagarmc004 on 4/19/13 12:17:53 AM CDT

Message was edited by: sagarmc004 on 4/19/13 3:53:28 AM CDT

Message was edited by: sagarmc004 on 4/19/13 3:54:05 AM CDT

Message was edited by: sagarmc004 on 4/19/13 3:55:19 AM CDT
0 Kudos
1 Reply
bzielin
Level 10

Re: Tampering XML, CFG, REG and other configuration files

Is Solid.exe part of the solidified inventory, is it an updater?

0 Kudos