WPS - Wifi Protected Setup - PIN BTA vulnerability
link to read:
https://code.google.com/p/reaver-wps/wiki/README
"...Reaver targets the external registrar functionality mandated by the WiFi Protected Setup specification.
Access points will provide authenticated registrars with their current wireless configuration (including the WPA PSK), and also accept a new configuration from the registrar."
nice =)
http://dshield.org/diary.html?storyid=12292
Friday, December 30, 2011
Monday, November 14, 2011
win7 - Activate Netlogon debugging
Sometimes we need to see exactly what's happening on a host logon, to do this on a Win7 Box:
1. Start the Regedt32 program.
2. Delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag
3. At a command prompt, type net stop netlogon, and then type net start netlogon. This enables debug logging.
After this a new file is created on %windir%\debug\netlogon.log
Happy reading...
.
Sunday, November 13, 2011
Easter Egg for Win7 - Local DoS for Win2008 / O.o
Special folder : "God mode" on Win7
Create a folder with any name, than add this extension:
.{ED7BA470-8E54-465E-825C-99712043E01C}
Tchan tchan ;)
(it doesn't give you any new "privileges" but it as a lot of nice config stuff)
However if you do this on a Win2008 desktop you'll have problems !!
! Local denial of service O.o
(if you did it on win2008, and are getting an "explorer error" you should access the remote admin share c$ and rename the folder)
http://it-audit.sans.org/blog/2011/08/22/windows-7-feature-windows-2008-local-denial-of-service/
Create a folder with any name, than add this extension:
.{ED7BA470-8E54-465E-825C-99712043E01C}
Tchan tchan ;)
(it doesn't give you any new "privileges" but it as a lot of nice config stuff)
However if you do this on a Win2008 desktop you'll have problems !!
! Local denial of service O.o
(if you did it on win2008, and are getting an "explorer error" you should access the remote admin share c$ and rename the folder)
http://it-audit.sans.org/blog/2011/08/22/windows-7-feature-windows-2008-local-denial-of-service/
Tuesday, November 8, 2011
More links....to read
Nice intro into TCP / tcpdump
http://danielmiessler.com/study/tcpdump/
Lots pentest links:
http://danielmiessler.com/study/tcpdump/
Lots pentest links:
http://code.google.com/p/pentest-bookmarks/wiki/BookmarksList
BrowserSec:
http://code.google.com/p/browsersec/wiki/Main
Malware on routers:
http://www.securelist.com/en/analysis/204792187/Heads_of_the_Hydra_Malware_for_Network_Devices
Nice tools:
http://dereknewton.com/forensic-tools/
File checksum integrity verifier:
http://support.microsoft.com/kb/841290
Microsoft AD directory services - blog
http://blogs.technet.com/b/askds/
.: TEST APPS :.
BadStore
Link: http://www.badstore.net/
Platform: Perl, Apache and MySQL
Install: Meant to run by booting a Live CD, but I'd recommend using my Live CD VMX
Notes: Easy to set up, and it's nice that you can run it from a VM with a little work. Just make sure you set the VM to use the IP addresses that are only available from the local host OS (NAT or Host-only).
Damn Vulnerable Web App
Link: http://www.ethicalhack3r.co.uk/damn-vulnerable-web-app/
Platform: PHP, Apache and MySQL
Install: Should work on any box you can install Apache/PHP/MySQL on.
Hacme TravelLink: http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
Platform: Windows XP, MSDE 2000 Release A, Microsoft .NET Framework v1.1, C++
http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Moth
Link: http://www.bonsai-sec.com/en/research/moth.php
Platform: Linux VMWare image
Install: Just download the VM and open it in VMWare player
WebGoat
Link: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Platform: J2EE web application
Install: Self contained Tomcat server you can run from a directory under Windows or Linux
Test ssl
http://www.darknet.org.uk/2011/12/sslyze-fast-and-full-featured-ssl-configuration-scanner/
The internet ;)
https://www.google.comThursday, October 27, 2011
Enable debug GPOs
If you like the userenvlog from Windows XP, you may want to know how to get more information from the GPSVR service in Windows 2008/Visa/Win 7. If so then try this:
How to enable logging in the Gpsvc.log file To enable logging in the Gpsvc.log file, follow these steps. Click Start, click Run, type regedit, and then click OK.
- Make sure that you have the folder %windir%\debug\usermode, if the usermode folder is not there, then manually create it.
- Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
- On the Edit menu, point to New, and then click Key.
- Type Diagnostics, and then press ENTER.
- Right-click the Diagnostics subkey, point to New, and then click DWORD Value.
- Type GPSvcDebugLevel, and then press ENTER.
- Right-click GPSvcDebugLevel, and then click Modify.
- In the Value data box, type 0x30002, and then click OK.
- Exit Registry Editor.
- At a command prompt, type the following command, and then press ENTER: gpupdate /force
- . View the Gpsvc.log file in the following folder: %windir%\debug\usermode
Tuesday, October 25, 2011
Tip, Verifying Windows Box state, before and after installing a software
Monitor an Install Program Without Using Any (Expensive) Tools
Finding out what files have been copied/updated by another install program is very easy when you know how.
1. First of all, take a 'clean' machine, i.e. one that has only got an operating system on it.
2. Make a dump of the file list. This can be done by typing
DIR c:\*.* /s/one >c:\before.txt
3. Open REGEDIT.EXE and go to Registry->Export Registry File and save the registry as c:\before.reg
4. Install the product that you want to monitor
5. Make another dump of the file list by typing
DIR c:\*.* /s/one >c:\after.txt
6. Open REGEDIT.EXE and go to Registry->Export Registry File, as before, and save the registry as c:\after.reg
You now have all the information required to find out everything about the program that you installed
---------------------------------------- ---------------------------------------- ----------------------------------------
Finding out what files have been copied/updated by another install program is very easy when you know how.
1. First of all, take a 'clean' machine, i.e. one that has only got an operating system on it.
2. Make a dump of the file list. This can be done by typing
DIR c:\*.* /s/one >c:\before.txt
3. Open REGEDIT.EXE and go to Registry->Export Registry File and save the registry as c:\before.reg
4. Install the product that you want to monitor
5. Make another dump of the file list by typing
DIR c:\*.* /s/one >c:\after.txt
6. Open REGEDIT.EXE and go to Registry->Export Registry File, as before, and save the registry as c:\after.reg
You now have all the information required to find out everything about the program that you installed
---------------------------------------- ---------------------------------------- ----------------------------------------
Troubleshooting group policy win7 / win2008r2 gpo
tips:
http://www.grouppolicy.biz/archives/tutorials/
http://social.technet.microsoft.com/wiki/contents/articles/1456.aspx
http://technet.microsoft.com/en-us/library/cc749336%28WS.10%29.aspx
in "Microsoft Technet"
GPLogView
Often times, it is easier to read text files for troubleshooting instead of using the Event Viewer. In fact, exporting event logs into text files may be the only solution when troubleshooting computers in remote locations. GPLogView is a utility you can download and use to export Group Policy event data from the system and operational log into a text, html, or xml file. You can download GPLogView from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=75004). The following examples show the syntax of commonly used options for GPLogView.
Example 1: Export all Group Policy events
You can use GPLogView to export all Group Policy–related events from the system log and the operational log.
gplogview -o gpevents.txt
Example 2: Export Group Policy events with a specific Activity ID
GPLogView filters Group Policy–related events by Activity ID, which is useful when troubleshooting a specific instance of Group Policy processing.
gplogview -a 8A7C7CE5-F7D0-4d32-8700-57C650A53839 -o gpevents.txt
Example 3: Monitor Mode
You can use GPLogView to capture Group Policy events in real time. GPLogView writes all Group Policy related events to the command window, as they occur. Press CTRL+C to exit monitor mode, or press Q and ENTER.
gplogview -m
GPO preprocessing: + networking
http://technet.microsoft.com/en-us/library/cc727306%28WS.10%29.aspx
Tuesday, October 18, 2011
Nice feature do examine... Win7 / Win2008
Redirect built into windows?
netsh interface portproxy add v4tov4 listenport=8080 connectaddress=10.1.1.1 connectport=8080 protocol=tcp
.
Could it be used to redirect traffic? probalbly ;)
.
hxxp://ipv6int.net/systems/windows_xp-ipv6.html
.
Basic IPv6 functions
Beforehand, you need the following information:
Add IPv6 address:
In our tests, the configuration of the public 6to4 anycast address was necessary:
netsh interface portproxy add v4tov4 listenport=8080 connectaddress=10.1.1.1 connectport=8080 protocol=tcp
.
Could it be used to redirect traffic? probalbly ;)
.
hxxp://ipv6int.net/systems/windows_xp-ipv6.html
.
Basic IPv6 functions
Overview
I think on WinXP IPv6 is not active in a default installation. The IPv6 part has to be installed and activated manually on the command line:netsh interface ipv6 install Afterward IPv6 is active and ready to perform stateless autoconfiguration for local and global addresses. Preference
Windows XP prefers IPv6 if a DNS query results in IPv4 and IPv6 addresses being sent back (A and AAAA RRs).Privacy Extensions
Privacy addresses are enabled and used by default after the installtion of IPv6. They can be manually deactivated on the command line:netsh interface ipv6 set privacy disabled Packet Filter/Firewall
Windows XP integrates since Service Pack 2 (SP2) a stateful IPv6 firewall into the base system firewall, called just Windows Firewall.Tunnelling IPv4/IPv6
Configured tunnels
Windows XP supports configured tunnels with the integrated tunnel interface. Setting up a manual tunnel requires several steps on the command line.Beforehand, you need the following information:
- $host-ipv4
- IPv4-address of the host
- $router-ipv4
- IPv4-address of the router/tunnel-server
- $tunnel-v6host
- (Tunnel) IPv6-address of the host
- $tunnel-v6router
- (Tunnel) IPv6-address of the router
netsh interface ipv6 add v6v4tunnel "tunnel name" $host-ipv4 $router-ipv4 Add IPv6 address:
netsh interface ipv6 add address "tunnel name" $tunnel-v6host netsh interface ipv6 add route ::/0 "tunnel name" $tunnel-v6router 6to4
When IPv6 is active and the system has a public IPv4 address, Windows XP automatically activates 6to4 if the interface does not have a global IPv6 address.In our tests, the configuration of the public 6to4 anycast address was necessary:
netsh interface ipv6 6to4 set relay 192.88.99.1 Other tunnels
As per the documentation, Windows XP SP2 supports several other tunnelling mechanisms:- Automatic tunnels: Deactivated by default
- ISATAP: Activated by default
- 6over4: Deactivated by default
- Teredo: Deactivated by default
- PortProxy
Thursday, October 13, 2011
tcpdump - for win :P
A friend of mine (thanks Kabrinsky ;) told me that there is a tcpdump for win boxes that doesn't need's instalation.
I searched... found it, and it's very nice, here are some brief tips, for me (i really don't have a good memory, soo a write stuff...to remember):
Where to find it:
hxxp://www.microolap.com/products/network/tcpdump/
usage:
+ find your box interfaces
tcpdump.exe -D
+ listen to everything on interface 5
tcpdump.exe -i 5 -nn -vv
+ listen to everything on interface 5 and save it to a file
tcpdump.exe -i 5 -nn -vv -w tt.pcap
+ listen only to some ip's and save it to a file
tcpdump.exe -i 5 -nn -vv -w tt.pcap host 192.168.1.254 and host 192.168.1.64
+ to save all the packet data: -s 0
tcpdump.exe -i 5 -nn -s 0 -vv -w tt.pcap host 192.168.1.254
that's it.
.
.
Saturday, September 24, 2011
Tips for Windows Uninstalls
Recently i had a problem with my laptop and Win7, and i did a little research for uninstallations here's some tips:
On the Registry here's the KEY were you can find the uninstalls strings:
HKLM\Software\microsoft\windows\currentversion\uninstall
You will find some folders and inside each the corresponding application and uninstall strings ;)
One of the applications that microsoft gives for uninsttaling drivers is "dpinst.exe"
If you need to look at the install or uninstall log, goto
c:\windows\dpinst.log
That's it, just another quick tip.
.
On the Registry here's the KEY were you can find the uninstalls strings:
HKLM\Software\microsoft\windows\currentversion\uninstall
You will find some folders and inside each the corresponding application and uninstall strings ;)
One of the applications that microsoft gives for uninsttaling drivers is "dpinst.exe"
If you need to look at the install or uninstall log, goto
c:\windows\dpinst.log
That's it, just another quick tip.
.
Thursday, August 4, 2011
Tips . RegEx - intro
.: Regex :.
\d = any number
\D = anything but a number
\s = any space
\S = anything but a space
\w = any char (letter)
\W = anything but a char
. = any char, number
\b = blank space betwen words
\+ = one or more chars
? = 0 or 1 repetitions
* = 0 or more repetitions
{n}= exact number -> \d{5} represents five digits in a row
{n}= \d{1,5} between one and five digits
\e = Escape
\f = form feed
\n = newline
\r = Carriage return
\t = horizontal tab
calende[ae]r = search calender or calendar
[a-z] = any lower case letters
[0-9] = all numbers
[A-F] = any capital letters from A to F
\d = any number
\D = anything but a number
\s = any space
\S = anything but a space
\w = any char (letter)
\W = anything but a char
. = any char, number
\b = blank space betwen words
\+ = one or more chars
? = 0 or 1 repetitions
* = 0 or more repetitions
{n}= exact number -> \d{5} represents five digits in a row
{n}= \d{1,5} between one and five digits
\e = Escape
\f = form feed
\n = newline
\r = Carriage return
\t = horizontal tab
calende[ae]r = search calender or calendar
[a-z] = any lower case letters
[0-9] = all numbers
[A-F] = any capital letters from A to F
Monday, July 18, 2011
Linux - Ubuntu - 2 Media tips
Two quick Linux media tips:
- Webcam - Viewer / recorder
To use my webcam i found this great peace of software:
"GUVCView"
To install it on ubuntu (simply):
# apt-get install guvcview
And that's it, you can launch it and view / record or take snapshots with your webcam.
- ffmpeg - great tool to encode and transform your videos, avi, mpeg, mov...etc.
# apt-get install ffmpeg
and use it:
$ ffmpeg -formats
$ ffmpeg -i yourfile.ext -vcodec wmv2 -sameq -acodec wmav2 -f avi outfile.avi
I run into some trouble with the xvid codecs, but found the solution here:
https://wiki.ubuntu.com/ffmpeg
That's it.
- Webcam - Viewer / recorder
To use my webcam i found this great peace of software:
"GUVCView"
To install it on ubuntu (simply):
# apt-get install guvcview
And that's it, you can launch it and view / record or take snapshots with your webcam.
- ffmpeg - great tool to encode and transform your videos, avi, mpeg, mov...etc.
# apt-get install ffmpeg
and use it:
$ ffmpeg -formats
$ ffmpeg -i yourfile.ext -vcodec wmv2 -sameq -acodec wmav2 -f avi outfile.avi
I run into some trouble with the xvid codecs, but found the solution here:
https://wiki.ubuntu.com/ffmpeg
That's it.
Thursday, May 19, 2011
Socat - nifty tool ;)
Here's some tips to test "socat"
: connect to port 80
> socat - tcp4-connect:192.168.1.1:80
-----------------------------------------------------------
: connect to port 80 + verbose
> socat -d -d - tcp4-connect:192.168.1.1:80
-----------------------------------------------------------
: listen to port 80
> socat -d -d - tcp4-listen:80
-----------------------------------------------------------
: Port forward : listen on port 443 -> send to 80 of the host
> socat -d -d tcp4-listen:443 tcp4:192.168.1.1:80
-----------------------------------------------------------
There's lot's more, try socat -h
.
examples:
http://technostuff.blogspot.com/2008/10/some-useful-socat-commands.html
: connect to port 80
> socat - tcp4-connect:192.168.1.1:80
-----------------------------------------------------------
: connect to port 80 + verbose
> socat -d -d - tcp4-connect:192.168.1.1:80
-----------------------------------------------------------
: listen to port 80
> socat -d -d - tcp4-listen:80
-----------------------------------------------------------
: Port forward : listen on port 443 -> send to 80 of the host
> socat -d -d tcp4-listen:443 tcp4:192.168.1.1:80
-----------------------------------------------------------
There's lot's more, try socat -h
.
examples:
http://technostuff.blogspot.com/2008/10/some-useful-socat-commands.html
Tuesday, March 29, 2011
Bash - simple "for loop"...
This may be usefull, it's a simple loop in BASH
.
#!/bin/bash
for hostname in $(cat text.txt); do
host $hostname
done
for hostname in $(cat text.txt); do
host $hostname
done
Just substitute the "text.txt" with a file containing the hosts.
..
Subscribe to:
Posts (Atom)