Vulnerability Details

Windows file Checksums

Published: 2013-07-02 05:25:14

CVSS Base Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:N

Summary:
Checks the checksums (MD5 or SHA1) of specified files in Windows

Detection Method:
This script transfers the application rehash.exe v0.2 to the target encoded in a VB Script. This is done via a WMI connection (win_cmd_exec()) as Base64 code. The script will then execute the VB Script over WMI, with the command 'cscript //nologo %temp%\\greenbone_base64_to_exe.vbs' to decode the Base64 code of the rehash.exe program. After decoding the VB Script will be deleted with the command 'del %temp%\\greenbone_base64_to_exe.vbs'. Subsequently, the application rehash.exe will be started. It will verify checksums based on the data supplied through the option 'Target checksum File'. If configured, the application rehash.exe will be deleted afterwards with the command 'del rehash.exe'. License of the application rehash.exe: BSD 2-Clause License Sourcecode and Binary for the application rehash.exe are linked within the references.

Report Confidence:
98

References:

https://documentation.mageni.net
http://sourceforge.net/projects/rehash/files/rehash/0.2/rehash-0.2-src.zip/download
http://sourceforge.net/projects/rehash/files/rehash/0.2/rehash-0.2-win.zip/download

Severity
Detection Plugin
CVSS Score
0.0
Published
2013-07-02
Modified
2019-03-13
Category
Policy

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.