Mcafee EPO Static Encryption Key

I came across a Mcafee EPO server not long ago and found that during an on host review it stores the SQL database connection details and encrypted password in a file within the EPO directory, “/conf/orion/”. The password is encrypted with a statically known key that is used on all EPO deployments of a similar version.

The good news is there is already a metasploit module created in which someone has kindly went to the effort to extract the encryption key.

VB Script!

So, Recently I have spent alot of time on Local Lockdown testing and 98 times out of a 100 they allow VBScript to be run. Very bad mistake. With VBScript it is possible to do lots of wonderful this that a normal locked down user wouldn’t, i.e. Access Registry Execute Programs Get File Permissions Query… Continue reading VB Script!