Archive for category /dev/urandom
Economics in One Lesson
Posted by scriptjunkie in /dev/urandom on March 13, 2013
This is off the security topic, but I was really excited to find this online, so deal with it. Everyone who votes needs to understand this. We have all heard the fallacies before, and it’s hard not to disagree. When people need jobs, why can’t the government create jobs with public works projects? Don’t all [...]
Authenticated Remote Code Execution Methods in Windows
Posted by scriptjunkie in /dev/urandom, Defense on February 3, 2013
All of the below are supported ways of remotely executing code that are built-in to Windows. If psexec isn’t working since a service is not running or ports are blocked, you can try all these other options; defenders who want to detect intruders moving through the network need to detect all of these; incident responders might want to look for evidence of these…
Running Code From A Non-Elevated Account At Any Time
Posted by scriptjunkie in /dev/urandom on January 2, 2013
You may have found yourself in a situation where you have access to a system through a limited user account, or could not or did not want to bypass UAC (AlwaysOn setting for example) and you needed to continue running code even when the account logged off and/or the system rebooted (and even if you [...]
Attack Test
Posted by scriptjunkie in /dev/urandom, Defense on December 23, 2012
Well, the Mayan Apocalypse came and went, and since we’re all still here, it’s time to get back to computer security. It shouldn’t be a surprise that the most likely way you’ll get exploited is through your browser, so you should routinely check for vulnerabilities there. I was inspired by some of the free browser [...]
Vulnerable systems setup
Posted by scriptjunkie in /dev/urandom, Vulnerabilities on September 19, 2012
I frequently get asked how to set up a test lab to practice hacking on… So I looked through some release timelines and oldversion.com postings to figure out which versions of your favorite browser, plugins, and PDF reader would be installed if you had up-to-date versions of each on January 1st of the past three years, and where you can get them from. Enjoy.
Fragerizer – profile-guided load-order disk optimizer
Posted by scriptjunkie in /dev/urandom on September 14, 2011
A full load of the Metasploit GUI with database entails accessing almost 10,000 objects on disk. Even if you defragment your hard drive, you still wait for the access time of the disk to seek and access each file.
It would be faster if each file and directory was laid out on disk in the order that it would be accessed to load more quickly. So I wrote fragerizer, a smallish utility to perform that arranging for you. And invented a new word:
Fragerize. v. To defragment and arrange files & directories sequentially on disk in order of use.
Original Source Forgery
Posted by scriptjunkie in /dev/urandom, webapps on September 8, 2011
If you were looking for vulnerabilities on a website, you might open up the original page source looking for commented-out code, javascript source, hidden forms, etc. If you suspected an XSS attack on your own site, chances are you might right-click on the page and view source to check for unwanted scripts. If you needed to register for CTP, hack this site, or read the snarky comments in the HTML of www.defcon.org, you would probably need to view the page source.
This is all based on your assumption that when you right-click on the page and select “View Source” the text you see is the HTML source that the server sent to your browser when it requested the URL in your address bar. Unfortunately if you assumed this, you would be wrong [...]
Shells, terminals, and sudo mitm
Posted by scriptjunkie in /dev/urandom on April 14, 2011
In many situations, you can find yourself with a simple shell, able to read and write stdin/stdout, but some command that you are using requires a full terminal. Example: you got a netcat shell on a server or you’re writing a web application with popen() calls, etc. If you need to execute a command through [...]
Screwing with Nmap
Posted by scriptjunkie in /dev/urandom on August 20, 2010
It is always interesting to me to see what defense can be put up against tools used by attackers/pen testers. I don’t believe there are any public exploits against Nmap (Secunia is not aware of any at least) and I doubt I could find a useful one against a basic scan. On the other hand, [...]