Monday, November 14, 2011

win7 - Activate Netlogon debugging

Sometimes we need to see exactly what's happening on a host logon, to do this on a Win7 Box: 

1. Start the Regedt32 program.
2. Delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag
3. At a command prompt, type net stop netlogon, and then type net start netlogon. This enables debug logging.


After this a new file is created on %windir%\debug\netlogon.log
Happy reading...

A nice app to facilitate the reading of this debug log it's:  Policy Reporter (hxxp://www.sysprosoft.com/policyreporter.shtml)


.
Posted by at No comments:
Labels: ,

Sunday, November 13, 2011

Easter Egg for Win7 - Local DoS for Win2008 / O.o

Special folder : "God mode" on Win7

Create a folder with any name, than add this extension:

.{ED7BA470-8E54-465E-825C-99712043E01C}

Tchan tchan ;)

(it doesn't give you any new "privileges" but it as a lot of nice config stuff)

However if you do this on a Win2008 desktop you'll have problems !!
! Local denial of service O.o

(if you did it on win2008, and are getting an "explorer error" you should access the remote admin share c$ and rename the folder)

http://it-audit.sans.org/blog/2011/08/22/windows-7-feature-windows-2008-local-denial-of-service/
Posted by at No comments:
Labels: ,

Tuesday, November 8, 2011

More links....to read

Nice intro into TCP / tcpdump
http://danielmiessler.com/study/tcpdump/

Lots pentest links:
http://code.google.com/p/pentest-bookmarks/wiki/BookmarksList

BrowserSec:
http://code.google.com/p/browsersec/wiki/Main

Malware on routers:
http://www.securelist.com/en/analysis/204792187/Heads_of_the_Hydra_Malware_for_Network_Devices

Nice tools:
http://dereknewton.com/forensic-tools/


File checksum integrity verifier:
http://support.microsoft.com/kb/841290

Microsoft AD directory services - blog
http://blogs.technet.com/b/askds/

.: TEST APPS :.
BadStore
Link: http://www.badstore.net/
Platform: Perl, Apache and MySQL
Install: Meant to run by booting a Live CD, but I'd recommend using my Live CD VMX
Notes: Easy to set up, and it's nice that you can run it from a VM with a little work. Just make sure you set the VM to use the IP addresses that are only available from the local host OS (NAT or Host-only).

Damn Vulnerable Web App
Link: http://www.ethicalhack3r.co.uk/damn-vulnerable-web-app/ 
Platform: PHP, Apache and MySQL
Install: Should work on any box you can install Apache/PHP/MySQL on.

Hacme TravelLink: http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm 
Platform: Windows XP, MSDE 2000 Release A, Microsoft .NET Framework v1.1, C++

http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx

Moth
Link: http://www.bonsai-sec.com/en/research/moth.php
Platform: Linux VMWare image
Install: Just download the VM and open it in VMWare player
 
WebGoat
Link: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Platform: J2EE web application
Install: Self contained Tomcat server you can run from a directory under Windows or Linux

Test ssl
http://www.darknet.org.uk/2011/12/sslyze-fast-and-full-featured-ssl-configuration-scanner/



The internet ;)
https://www.google.com
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)