[Full-Disclosure] smtpsvc and undocumented registry values
thierry.haven at xmcopartners.com
Wed Feb 23 17:26:40 GMT 2005
I’ve been hacking around smtpsvc.dll (Windows Server 2003) in order to hide the Server version when a mail is relayed:
"from [192.168.X.X] ([192.168.X.X]) by winserv2003 with Microsoft SMTPSVC(6.0.3790.0); Wed, 23 Feb 2005 15:47:51 +0100"
I found that it is possible to remove this information by patching the code directly in the DLL:
"from [192.168.X.X] ([192.168.X.X]) by winserv2003 with some server; Wed, 23 Feb 2005 15:49:51 +0100"
... Assuming that smtpsvc.dll checks its own version at runtime by retrieving information in the .rsrc section of the PE thanks to version.dll calls. However I'd like to know if there is a better way to disable this "feature" (maybe a key in the registry ?).
Next I'd like to ask about such undocumented registry values. Where to find information about them ?
Thierry Haven - Xmco Partners
Security Consulting / Pentest
web : http://www.xmcopartners.com
Full-Disclosure is hosted and sponsored by Secunia.