Critical System Protection

In Wireshark console.lua pre-loading vulnerability Exploitation and Prevention Part-I, I explained how to exploit Wireshark console.lua pre-loading vulnerability in windows. In this part i will show you how to prevent Wireshark console.lua pre-loading vulnerability with Symantec Critical System Protection (SCSP). 

 

 

1) I logged into my SCSP Server. Click on Prevention Tab -->  Policies.

 

2) I create one policy named Wireshark Buffer Overflow Prevention to prevent Wireshark Buffer Overflow Vulnerability in Windows.

 

    

 

3) Right Click on Policy and Click Apply policy.

 

    

 

4) Select Agent and Click on Next. Now I am Appling a Prevention Policy on Our target machine.

 

    

 

5) SCSP Prevention is enabled on Windows XP machine.

 

    

 

6) Server is already running on Attacker Machine to listen connection from other machine's.

 

    

 

7) Our Victim tries to access the shared folder of Attacker machine.

 

    

 

8) It shows a malicous pcap file om Victim Machine.

 

    

 

9) When Our Victim tries to open the msf.pcap file in wireshark.

 

8) But this time SCSP blocks the exploit to execute and didn't give shell to the attacker machine. Attacker will not get meterpreter shell even victim Opens the same file again.