In WebDAV Application DLL Hijacking Exploitation and Prevention Part 1, I explained How to exploit WebDAV Application DLL Hijacking Vulnerability in Windows. In this Part I will show you how to Prevent WebDAV Application DLL Hijacking exploitation with Symantec Critical System Protection (SCSP).
Prevention of WebDAV Application DLL Hijacking
1) I logged into my SCSP Server. Click on Prevention Tab --> Policies.
2) I create one policy named DLL Hijacking Prevention to prevent WebDAV Application DLL Hijacking Vulnerability in Windows.
3) Right Click on Policy and Click Apply policy.
4) Select Agent and Click on Next. Now I am Appling a Prevention Policy on Our target machine.
5) SCSP Prevention is enabled on Windows XP machine
6) Now again Our Victim tries to access the shared folder of Attacker Machine.
7) Our Victim is not able to access the shared folder of Attacker Machine.
8) Our Victim is able to access shared folder of any other machine.
9) To Verify our Policy. I disable SCSP Prevention on Victim Machine.
9) Now again Our Victim tries to access the shared folder of Attacker Machine.
10) Our Victim is able to View the content of Shared Folder of Attacker Machine.
11) When our Victim opens any file. Our exploit and payload successfully executed in backgroud.
12) Attacker successuly gets the meterpreter session of Victim Machine
13) Attacker successfully connected with Victim Machine and Attacker is able to take the full control over Victim Machine.
So we are able to Prevent WebDAV Application DLL Hijacking Vulnerability With Symantec Critical System Protection.