Symantec Critical System Protection Bypass POC

[abid shaikh]

Hi everyone,

One of our client is using Symantec Critical System Protection 5.2.5 on windows 2003 server R2 (Unpatched). Few days back, Symantec released a security
advisory related to Bypassing Symantec Critical System Protection on windows.

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140502_00

My client wants to check whether his server is secure or not. So i have to pen-test the  server with Symantec Critical System Protection prevention enabled on it.
Can anyone help me out and provide some idea or POC how to bypass Symantec Critical System Protection. I have this 3 days timeframe to conduct this pentest,

Regards,

An!l

[sanehdeep singh]

Hi,

If you have to pentest SCSP installed on unpatched windows, you have to exploit multiple vulnerabilities to bypass SCSP Prevention. SCSP has 3 types of policies:
1. Core
2. Limited
3. Strict

I have used mutiple vulnerabilities to bypass SCSP Prevention. First of all, you have to find the OS installed on server and then you have to know which policy they have applied on server. But you have to run all exploits related to OS and application to bypass SCSP prevention as you don't have any information about policy applied on server.

If Strict policy is applied on server, you have to escalate privilege to get admin access on server.

I have used OS exploit and client side exploits to bypass SCSP prevention.If you need more help add me on gtalk sane...@gmail.com

Regards,
Sanehdeep Singh