1 Reply Latest reply on Apr 22, 2013 12:51 PM by bzielin

    Tampering XML, CFG, REG and other configuration files

    sagarmc004

      Hi,

       

      I have an interesting scenario here. I was doing a security audit on Solidifier installed on Windows and below are my results.

       

      a)  I created an executable (Solid.exe) which reads, write and execute the configuration (XML) file. I solidified the system and then modified the XML file to delete few files, directories and executable from the system.

            When I executed Solid.exe, I was able to delete the files, directories and executable from the system. 

           This means that solidifier do not protect XML and other CFG files ? These configuration files can be tampered, modified and can be used to perform unintended actions cause a denial of service ?

       

      b) I created some registry files which hardens the TCP and I solidified the system. Then I changed the registry values to make the system insecure ( no more TCP hardening). I executed the registry file and the registry update was successful.

       

      I know we have write-protect-reg and write-protect, but due to some requirements, you may can't completely lockdown people from writing into registry or config files.

       

      Is there way to achieve this ?

       

      Message was edited by: sagarmc004 on 4/19/13 12:14:26 AM CDT

       

      Message was edited by: sagarmc004 on 4/19/13 12:17:53 AM CDT

       

      Message was edited by: sagarmc004 on 4/19/13 3:53:28 AM CDT

       

      Message was edited by: sagarmc004 on 4/19/13 3:54:05 AM CDT

       

      Message was edited by: sagarmc004 on 4/19/13 3:55:19 AM CDT