In 1st Part, I explained the procedure of exploitation of Microsoft Server Service Relative Path Stack Corruption (smn_ms08_067_netapi). In this Part I will show you how to prevent exploitation of Microsoft Server Service Relative Path Stack Corruption with Symantec Critical System Protection (SCSP).
So lets starts
1) In 1st part i got the meterpreter shell and then i got cmd shell of my victim machine. Now i am going to close the previous meterpreter session. I type exit and hit enter to close the meterpreter session.
2) Now I logged into my SCSP Server. Click on Prevention Tab --> Policies.
3) I create one policy named ms08_067_netapi to prevent ms08_067_netapi vulnerability.
4) Right Click on Policy and Click Apply policy.
5) Select Agent and Click on Next. Now I am Appling a Prevention Policy on Our target machine.
6) SCSP Prevention is enabled on Windows XP machine.
7) Now Again I am trying to exploit this vulnerability but this time i am not able to create session.
8) To verify our Policy I disabled prevention from Windows XP machine. Now i will try to exploit this system.
9) After Disable Policy i successfully exploit the same vulnerability and got meterpreter session.
It means we are able to prevent Microsoft Server Service Relative Path Stack Corruption (ms08_067_netapi) exploitation With Symantec Critical System Protection (SCSP) Prevention Policies on Unpatched System.