Jump to content

kickarse

Dedicated Members
  • Posts

    625
  • Joined

  • Last visited

Posts posted by kickarse

  1. I'm happy your cynicism hasn't changed at all Digip ;) lol... you picked that one right apart huh?

    It's just a proof of concept idea from what I gander. That's really all it's useful for. It might work on someone who doesn't know jack about PC's (most home users); I mean they end up "scanning" their PC for viruses with software they never paid for or installed. And yes, Konboot would be better.

    As for your other "questions" you might want to ask him what he planned on doing with it. I'm just a messenger.

  2. I wonder if there's a way to do some sort of passive pass through tap... so information goes in but nothing goes out using some one way gate, but still goes across the bridge without affecting the information. Sort of piggy back on the signal, but then you need something to capture it like Usbalyzer or Usbsnoop. This way you get around the HID having to install.

    USB Pin out - http://pinouts.ru/SerialPortsCables/usb_cable_pinout.shtml

    P1 - VCC - Power

    P2 - USB Data -

    P3 - USB Data +

    P4 - Ground

    It should be possible to tap with a Diode at 5v, that way we don't overdrive it, or not even hook it up at all. I guess in a way this is a USB splitter.

    Found this --

    http://vusb.wikidot.com/usb-device-classes

    http://www.workinprogress.ca/v-usb-tutoria...-for-mega-tiny/

  3. What exactly are you looking to understand? The inner workings of ESX/ESXi (hypervisor)? How to setup a cluster (VM or MS?)? How the hosts talk to a SAN?

    It's kind of a broad subject, if you could hone in on a topic or a couple topics I'd be happy to answer some questions. And not anything against you, believe me, but I hope they aren't going to just go "here's a SAN and VMware manage it!".

  4. I've demo'd Languard (great price) but use PatchLink (very expensive) and WSUS. I find that Patchlink is very thorough but the agents sometimes go corrupt. WSUS works find but only for MS patches (although Eminentware has software that will addon to it so you can install third party software).

  5. Careful with your payload. These types of software usually send information regarding software that's been started and if you name your executable "pwnsk00l.exe" it'll be send and flagged. Something like notepad.exe would most likely be better.

    Just sayin'. I haven't had any experience with LanSchool and I don't know what data it sends. But these types of software usually do this.

  6. It's a hard suit because while they were typing the information on a company workstation the data now resides on an off site server. This information was at one time, although not saved, on the corporate network, which in turn you own. Like Sparda said if you have some NDA policy that they signed then you can probably get a court order from the ISP.

  7. The Lala.com hack is a simple one

    You need to start your capture to catch/filter this (could be any number, all i've found below):

    tcp.stream eq 4

    or

    tcp.stream eq 6

    The stream you want to reassemble is (info column)

    [TCP segment of a reassembled PDU]

    You must wait until the song finishes to reassemble. After the song is finished right click on the packet and click follow tcp stream, make sure it's raw. Save as an mp3.

  8. Their reasoning is that they deploy services and functionality that uses these ports and various ip addresses. I disagree and call bullshit.

    I asked them to supply a list of a few ports and ip addresses to connect to and they said they can't. I called bullshit.

    I asked them to supply technical references for other companies and they told me they can't and that all companies either open the ports or t1 to them. I called bullshit.

    There's a third option that uses port 80/443 for a connection to a Citrix presented application. The install rep tells me that it doesn't have the same functionality as the locally installed client. I ask if he can provide a list of functionality that it does not provide. He tells me that it's to long to list.

    So I request the "list". I call bullshit, again, and quote the install doc telling me that the the citrix presented application is the EXACT same application installed locally.

    He then tells me to talk to our sales rep and leads me to believe that he's obviously trying to pull something.

    This is bloomberg.com btw and their wonderful Bloomberg service.

    -----------

    Believe me I know the issues with the ephemeral ports. He wants us to open the ports, including various other ports, on our firewall to the WAN. From internal sources to external sources and vice versa.

    We actually have a firewall vendor which is a great company. It's a Squid proxy firewall, btw. They've stated that they block that port range. It's one of the reasons why we don't use regular FTP sessions.

  9. So we have a vendor who wants us to basically open up all Ephemeral ports to about 1,300+ IP addresses on 6 subnets.

    How would you guys feel about that? I know that I feel pissed off that they want us to do this or buy a dedicated T1 to them to bypass this hole. They keep giving the run around that we somehow need all of this.

    Please chime in with your thoughts. I love to get the security/hacking communities view on this.

  10. SUPERMICRO MBD-H8DME-2-O Dual 1207(F) NVIDIA nForce Professional 3600 Extended ATX Dual AMD Opteron Server Motherboard - Retail - $369.99

    Note: going to use onboard Dual NICs, SATA controller and RAID. Easy to upgrade later. 128GB max memory, 2 PCI-E 8x, 4 PCI-X

    AMD Shanghai 2.4GHz Socket F Quad-Core Server Processor – Retail - $189.99 x2

    Careful with the nforce 3600 chipset. There have been issues with it not supporting the Shanghai processor. However, it seems that supermicro got it right. Asus's, however, has not and might not ever support the Shanghai chip.

    Also, onboard RAID?

    I would have gone with almost the same exact setup though. Heh... to bad for me :)

  11. So at work we don't currently have anything setup like GoToMyPC so when we get a call on the dept. cell phone and someone needs to be unlocked someone, anyone, has to come in to unlock/reset a user.

    Today I combined a two different scripts to create a quick and dirty remote domain user unlocker via an email into outlook.

    Basically its comprised of

    1. A rule in outlook to check for messages that

    A) has a certain subject (whatever you want it to be, the longer the pass phrase the better)

    B) has been sent by a certain address

    C) has an attachment

    D) has been sent to only one address

    E) Runs a script (script is described next, called SaveAttachments) against any new email, saving the attachments to a certain location

    2. OTM Script in Outlook.

    If you press Alt-F11 in Outlook you will see Outlooks VBA editor. On the left hand side you will see all the defaults and on the right side an area to post the script. The VBA script is shown below, change the Root variable to a location of your choosing and save the script (ctrl-s). Change your rule to run this script called SaveAttachments. Make sure you have macro security set to None/Off (I know, I know, don't know a way around it yet)

    Sub SaveAttachments(ByRef item As Outlook.MailItem)
    
       Const Root = "C:\UnlockDomainUsers" ' Root folders structure. Change it according your needs
       
       Dim FName As String 'To store he name whole name of each attached file
       Dim fs 'To manage files
       Dim CountAttach As Integer 'Total number of attached files
       Dim I As Integer 'Tipical counter index
    
       CountAttach = item.Attachments.count 'Retrive the number of attachments
       
       If CountAttach > 0 Then 'Only do something when the email have files attached
            
            'Check for the folders structure and create if something is missing
            Set fs = CreateObject("Scripting.FileSystemObject")
            
            For I = CountAttach To 1 Step -1 'From the end to the begining to avoid problems
                'Creating the whole name of the file
                FName = Root & "\" & item.Attachments.item(I).FileName
                
                'Saving the file
                item.Attachments.item(I).SaveAsFile (FName)
    
                'Check if the file was saved and remove from email
                If fs.FileExists(FName) Then
                    item.Attachments.item(I).Delete
                End If
            Next I
            
            item.Save
            
       End If
    End Sub

    3. Next you'll need an AutoIT script. You can download the script editor and compiler from www.autoitscript.com . You will need to change two variables, the Processfilelocation (to the location you specified in the Outlook VBA script) and Domain (your domain, duh). Once compiled you keep this script running and it will check the folder you specified for a user.loc file. It will read the user.loc file for a username and unlock the user and log it to a log file.

    #Include <File.au3>
    
    global $strInfo
    $ProcessFileLocation = "C:\UnlockDomainUsers\user.loc"; Location path of file to read from user
    $Domain = "YourDomain"; Your domain
    $LogFileLocation = @ScriptDir & "\unlockusers.log"; Location path of file to write log to
    
    $x = 0; just set a variable that'll never be attained
    Do
        Do 
            Sleep(10000)
        Until FileExists($ProcessFileLocation); Sleep every 10 seconds until you come across the .loc file
        
        Tooltip("A user is going to be unlocked",20,20,"Email Domain User Unlocker"); Let logged in user know what's going on
        $UnlockUser = FileReadLine($ProcessFileLocation,1); Read unlock information from file
        
        Tooltip("User: " & $Domain &"\" $UnlockUser & " will be unlocked shortly",20,20,"Email Domain User Unlocker"); Let logged in user know what's going on
        _UnlockDomainUsers($UnlockUser, $Domain); Unlock user in specified file
        
        Tooltip($Domain &"\" $UnlockUser & " " & $strInfo,20,20,"Email Domain User Unlocker"); Let logged in user know what's going on
        _FileWriteLog($LogFileLocation,$Domain &"\" $UnlockUser & " " & $strInfo); Write log information
        
        sleep(2000);sleep before deleting file
        
        Tooltip("Deleting file " & $ProcessFileLocation,20,20,"Email Domain User Unlocker"); Let logged in user know what's going on
        FileDelete($ProcessFileLocation); delete file for next incoming email 
    
    Until $x = 1; forever!
    
    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    Func _UnlockDomainUsers($strUser, $strDomain)
        $GetUserInfo = ObjGet("WinNT://"& $strDomain &"/" & $strUser & ""); Get user information
        If $GetUserInfo.IsAccountLocked = 0 Then; If the value is 0 the user is not locked out
            $strInfo = "-- User is not locked out"; return the information
    
        Elseif $GetUserInfo.IsAccountLocked = -1 Then; if the value is -1 the user is locked out
            $GetUserInfo.IsAccountLocked = 0; set value to unlock
            $GetUserInfo.Setinfo; update the domain
            $strInfo = "-- User has been unlocked"; return the information
            
        Endif
    EndFunc

    4. When you send an email to your work email it will need to run against the rules you set in place. The attachment is just a txt file (except with the extension .loc) with the first line being the username you want to unlock. This is what you will send yourself.

    User.loc

    MyIdiotUser

    That's pretty much it! Remember it runs in the user context. You could actually delegate a domain user account to only do unlocking of accounts if you wanted to http://support.microsoft.com/kb/279723

×
×
  • Create New...