IDNeon

Active Members
  • Content count

    41
  • Joined

  • Last visited

  • Days Won

    1

About IDNeon

  • Rank
    Hak5 Fan +
  1. I have to say if your IS program is a useful program (teaches server administration and the networking standard, CCNA) and not some IT administrative program, then you're definitely on the right track even if you don't feel that you are. Those two sides of the coin are the gate keepers, hacking isn't its own thing. It's the misuse of THOSE two things.
  2. I've been busy but I finally got to talk with a friend whose more technical at the engineering level of OS's and he basically confirmed the same idea I had. Qubes provides an extra layer of user security but that's about it. We both conceptualized it as essentially being like you were using published apps for everything. On the hardware it makes no sense for it to function any differently than Windows OS etc. So anything exploiting something at those levels, kernel/root, bios, would not be affected by the virtualization. Virtualization to over simplify it is basically different "user_processes" interacting.
  3. Here is an example of automating/generalizing a task mixing batch and powershell, the requirement of batch in this example is obvious, because to run a powershell script remotely requires an execution policy, but this can be bypassed using batch: There are features not always installed so you might need to include a "get module" to get, for instance, servermanager which is where "get-windwosfeature" lives in older versions of powershell. The program creates a powershell script and executes it. This can be made as complex and lengthy as you want it in order to grab as much information as you want in a generic process, and pipe the results (out-file, output, etc.) to a single folder, or even append to a single file, where you can collect the data from some common location. If you create a loop you, with a few more pieces, you can cycle through a laundry list of variables to grab information from a list of computers, etc.
  4. I think it'd be useful to share some basic tasks for beginners in order to help them start to conceptualize "automation". And so the goal of this thread is to provide a "forum" to post useful tid-bits. And I'll kick it off with something on my mind below, but first, I think it's important to mention that the basics of automation requires generalization. So any solution requires a generalized form. If you're involved in mathematics any that term should ring a bell. A generalized form would for example, use variables to contain lists that are generated by the host, such as a list of computers generated by an Active Directory that is a variable with a For loop (or other mechanism) so your task applies to all computers, or a set of those computers, contained in that list. The goal of this thread is not to contain the entirety of an automated process, but rather to contain the bits and pieces that form parts of automation. In terms of Programming this might be considered "functions", or the tools in your program you call upon to do things. The one that came to mind that led me to generate this thread is just a little tid-bit I picked-up and discarded as not useful right now. Written for batch, and the purpose was to uninstall a program I don't know the full name of and remove (scour) any left-overs from an unclean uninstall. Each post should be a contribution, or comment on a contribution. I'll make a second post with another contribution just to keep the ball rolling. For organizational reasons, putting the contribution in quotes seems pertinent. So this short snip will unistall an example that is part of the program name with wild cards on either side of the part. It'll scour for directories with that same snippet with a wild card after (for instance if the directory is formed by program name with a random number generated after). You can get creative. I was thinking about it, because strangely deleting folders with wild cards using Batch is NOT intuitive. The pings are timers, to give each process enough time to complete, depending on your target system a WMIC might take a while, so having a timer is critical. Post Script: Oh I forgot to mention a critical part. For some reason (which I've not taken the time to figure out it's just not that important to me right now) running this script REMOTELY breaks at the WMIC. However, the script runs normally if run locally. If the script were to start on start-up I'm sure it'd run normally. There's something in the remote process that WMIC hangs-up the authentication token is my guess so when ran remotely it kills the batch.
  5. Yeah I suppose but I figure you're already stepping out of scope for their actual applications, it's better to seek what is common in a scientific computing setting, just ask vendor what they recommend for large multivariable statistical analysis. All of this is academic, I think in pentesting proving you CAN brute force, is more important than ACTUALLY brute forcing. Whether or not it takes your system 100 million years versus the latest and greatest super computer is irrelevant. You don't need to brute force anything to prove the vulnerability exists. For instance do you have a lock-out policy on your domain accounts for OWA logins? No? Then that CAN be brute forced.
  6. Regarding CPU, not much is needed. I suppose whatever you consider mid-level is overkill, but you probably need some CPU for Microsoft Office suite so you can run your administrative overhead decently. Regarding GPU, if you have the right tools, the BEST GPU you can fit and afford will server you well. The GPU can be used to do parallel programming and parallel computing which means you can utilize those 32 cores for your password cracking, giving you much more power than what CPUs are currently out there. https://en.wikipedia.org/wiki/General-purpose_computing_on_graphics_processing_units
  7. Maybe you twittered your passwords 2x to the world...are you Press Secretary Spicer by any chance?
  8. Virtual machines. I don't think there's many students out there that would think it's a good idea to have local admin rights to users. If your environments are still that way then you're dealing with a very slow-to-change large enterprise, or SMBs that are unwilling to invest in virtual machines.
  9. Not sure this answer makes sense. A connection is the exchange of packets (files). You can't possibly have a connection to another computer WITHOUT sending files. Will the computer just magically decide to send you its files? And to where?
  10. Haze, your point is apt, but I'm just heaping way too much info here for fun, to elaborate some lesser known factoids :) The original title "The Art of War" belongs to Jomini's title of his scientific work which defeated Napoleon (and was misapplied by Jomini-Napoleonic trained US-Confederate Generals during the Civil War to disastrous outcomes). Sun Tzu's "Art of War" is wrongly titled for western audiences and is actually called "Master Sun's Rules of Warfare". (It's a pet-peeve of mine that they stole Jomini's title to promote it to western audiences). Most of it deals with the appropriate magical spells and which way the wind farts to divinate success on the battlefield, the rest are maxims that could be learned from the game Go. :) It's also a pet-peeve of mine since a phenomenon called "Orientalism" exists where Westerners heap condescending praise upon useless works as if they are profound because Westerners simultaneously think that Easterners are spiritual, philosophical and wise, and also are extremely culturally racist toward them. Jomini's works are still the basis of all military thought, even more important than Clausewitz who was largely a philosopher and not a military scientist.
  11. Well if I understand your question right, then yes you should be able to arpspoof your traffic on the network and piggy-back on the traffic of legitimate devices as long as it doesn't need to be routed, but the reply will only go back to the devices you spoofed depending on how the AP makes a connection to each device, and depending on how creative you are in building your packets (i.e you could arguably change the return mac to what you want it to be but defeats the purpose of spoofing). Might be easier to connect authentically with a bunch of virtual adapters with their own MAC addresses
  12. This: https://www.amazon.com/Practice-System-Network-Administration-Second/dp/0321492668 And learn CCNA ICND1 & ICND2
  13. Brilliant thanks for that clarification. That's why I wanted to get deeper into this, my gut feeling was that the big-picture wasn't well understood and as you said, the "solution" was really not a solution. Reason I wanted to pursue that was it's in those patch-jobs that problems are created. Your explanation would provide for a completely exact answer.
  14. Not sure that's the answer though EITHER? Because the OP provided a solution "`@[a-zA-Z0-9]" which has an intended result This means your explanation does not explain why his solution would work to segregate as it did?
  15. I was in the middle of a thought process (and editing my previous posts to update) but got busy, usually that happens and you'll just have to move on from those posts when I don't get back to them. What I was trying to show before I had to abandon it was what the value of $Group actually was when -match compares it to your expression. I wanted to see if the $Group value was carrying the @ through its comparison. I was in the process of writing a little debugger for that but got busy and this is the first time in 3 days I have had time to revisit this thread.