SonicWALL Aventail is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Further research conducted by the vendor indicates this issue may not be a vulnerability affecting the application
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5262
Sunday, March 10, 2013
Monday, July 30, 2012
Windows 7 - Unable to install any USB devices
Here's the solution for the ones who might have this problem:
This worked for me in Windows 7 Ultimate 64bit!
You must have all administrator privileges!
1- Open Windows Explorer
2- Go to C:/Windows/System32/DriverStore
You will have a couple of folders and files.
You will have *.dat files and other file named: infcache.1
3- Right click every file (dont touch the folders!) and choose properties.
4- go to security tab
5- click Edit
6- choose your account and check the box: full control (see ss)
7- Click ok.
8- Repeat to every file
9- Select all the files (*.dat and infcache.1)
10- Press shift+del
11- Press OK.
12- Now, go to C:Windows/System32/Driver Store/File Repository/
13- Search for folder named usbstor.inf
14- Open it (if you have more than one, choose the most recent)
15- Copy "usbstor.inf" and "usbstor.PNF"
16- Paste those two files to C:/Windows/inf
17- Reboot your pc and voilla! :b
This worked for me in Windows 7 Ultimate 64bit!
You must have all administrator privileges!
1- Open Windows Explorer
2- Go to C:/Windows/System32/DriverStore
You will have a couple of folders and files.
You will have *.dat files and other file named: infcache.1
3- Right click every file (dont touch the folders!) and choose properties.
4- go to security tab
5- click Edit
6- choose your account and check the box: full control (see ss)
7- Click ok.
8- Repeat to every file
9- Select all the files (*.dat and infcache.1)
10- Press shift+del
11- Press OK.
12- Now, go to C:Windows/System32/Driver Store/File Repository/
13- Search for folder named usbstor.inf
14- Open it (if you have more than one, choose the most recent)
15- Copy "usbstor.inf" and "usbstor.PNF"
16- Paste those two files to C:/Windows/inf
17- Reboot your pc and voilla! :b
Sunday, April 1, 2012
BT5 password for postgresql
root@bt:/opt/framework/config#
cat database.yml
production:
adapter: postgresql
database: msf3
username: msf3
password: eccd8310
host: 127.0.0.1
port: 7175
pool: 75
timeout: 5
Saturday, February 11, 2012
Change Your Google Talk Status to Away
Do you wanna control your gtalk idle status? If yes, then here is trick to control Idle Status on Google Talk.You can choose always idle to remain idle always, it will show you idle evan when you are chatting. Also you can choose Never idle, It will never show you idle.
Go to system registry editor (regedit.exe)
Go to HKEY_CURRENT_USER\Software\Google\Google Talk\Options
Add a DWORD named "inactive_minutes"
0 means always idle BUT email notifications are disabled.
or
A free program called gAlwaysIdle is looking to solve that problem. It provides an option in the Google Talk right-click menu that will let you always have your status set to away, whether or not your are using your computer:
It has three different modes that you can choose from:
Normal Idle – Uses the default Google Talk settings
Always Idle – You’re always set to idle
Never Idle – Makes sure you are never set to away even when you’re not at your computer
Go to system registry editor (regedit.exe)
Go to HKEY_CURRENT_USER\Software\Google\Google Talk\Options
Add a DWORD named "inactive_minutes"
0 means always idle BUT email notifications are disabled.
or
A free program called gAlwaysIdle is looking to solve that problem. It provides an option in the Google Talk right-click menu that will let you always have your status set to away, whether or not your are using your computer:
It has three different modes that you can choose from:
Normal Idle – Uses the default Google Talk settings
Always Idle – You’re always set to idle
Never Idle – Makes sure you are never set to away even when you’re not at your computer
Installing WPScan in BT
WPScan installation.
wget http://wpscan.googlecode.com/files/wpscan-1.0.zip
unzip wpscan-1.0.zip
sudo apt-get install libcurl4-gnutls-dev rubygems1.8 ruby
sudo gem install typhoeus
sudo gem install xml-simple
apt-get install wpscan
cd /pentest/web/wpscan/
EXAMPLES
Do 'non-intrusive' checks...
ruby ./wpscan.rb --url www.example.com
Do wordlist password brute force on enumerated users using 50 threads...
ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
Do wordlist password brute force on the 'admin' username only...
ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
Generate a new 'most popular' plugin list, up to 150 pages...
ruby ./wpscan.rb --generate_plugin_list 150
Enumerate instaled plugins...
ruby ./wpscan.rb --url www.example.com --enumerate p
wget http://wpscan.googlecode.com/files/wpscan-1.0.zip
unzip wpscan-1.0.zip
sudo apt-get install libcurl4-gnutls-dev rubygems1.8 ruby
sudo gem install typhoeus
sudo gem install xml-simple
apt-get install wpscan
cd /pentest/web/wpscan/
EXAMPLES
Do 'non-intrusive' checks...
ruby ./wpscan.rb --url www.example.com
Do wordlist password brute force on enumerated users using 50 threads...
ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
Do wordlist password brute force on the 'admin' username only...
ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
Generate a new 'most popular' plugin list, up to 150 pages...
ruby ./wpscan.rb --generate_plugin_list 150
Enumerate instaled plugins...
ruby ./wpscan.rb --url www.example.com --enumerate p
Wednesday, December 21, 2011
Run CMD.exe as Local System Account
Strike 1:
I found information online which suggests lauching the CMD.exe using the DOS Task Scheduler AT command. Here’s a sample command:
AT 12:00 /interactive cmd.exe
I gave it a shot but I received a Vista warning that “due to security enhancements, this task will run at the time excepted but not interactively.”
It turns out that this approach will work for XP, 2000 and Server 2003 but due to session 0 isolation Interactive services no longer work on Windows Vista and Windows Server 2008.
Strike 2:
Another solution suggested creating a secondary Windows Service via the Service Control (sc.exe) which merely launches CMD.exe.
C:\sc create RunCMDAsLSA binpath= "cmd" type=own type=interactC:\sc start RunCMDAsLSA
In this case the service fails to start and results it the following error message:
FAILED 1053: The service did not respond to the start or control request in a timely fashion.
Strike 3:
The third suggestion was to launch CMD.exe via a Scheduled Task. Though you may run scheduled tasks under various accounts, I don’t believe the Local System Account is one of them. I’ve tried using the Runas as well, but think I’m running into the same restriction as found when running a scheduled task.
Not Out Yet:
Fortunately, I came across this article which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft in July, 2006. I launched the command line and issued the following statement and suddenly I was running under the Local System Account like magic:
psexec -i -s cmd.exe
PSTools worked great. It’s a lightweight, well-documented set of tools which provided an appropriate solution to my problem.
I found information online which suggests lauching the CMD.exe using the DOS Task Scheduler AT command. Here’s a sample command:
AT 12:00 /interactive cmd.exe
I gave it a shot but I received a Vista warning that “due to security enhancements, this task will run at the time excepted but not interactively.”
It turns out that this approach will work for XP, 2000 and Server 2003 but due to session 0 isolation Interactive services no longer work on Windows Vista and Windows Server 2008.
Strike 2:
Another solution suggested creating a secondary Windows Service via the Service Control (sc.exe) which merely launches CMD.exe.
C:\sc create RunCMDAsLSA binpath= "cmd" type=own type=interactC:\sc start RunCMDAsLSA
In this case the service fails to start and results it the following error message:
FAILED 1053: The service did not respond to the start or control request in a timely fashion.
Strike 3:
The third suggestion was to launch CMD.exe via a Scheduled Task. Though you may run scheduled tasks under various accounts, I don’t believe the Local System Account is one of them. I’ve tried using the Runas as well, but think I’m running into the same restriction as found when running a scheduled task.
Not Out Yet:
Fortunately, I came across this article which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft in July, 2006. I launched the command line and issued the following statement and suddenly I was running under the Local System Account like magic:
psexec -i -s cmd.exe
PSTools worked great. It’s a lightweight, well-documented set of tools which provided an appropriate solution to my problem.
How to gain access to system account the most powerful account in Windows.
Don’t follow the procedure below if you don’t know what you
are doing. You may harm your PC. If you follow, Do it on your own risk.
1)Check the name of the account you’ve logged into (Click start. You
will see the name of the account you’ve logged in.)
2)Launch the command prompt. (Start | Run | cmd | [Enter] )
in command prompt, create a schedule to run cmd.exe.
To create a schedule type the following line and hit enter.
at 10:41 /interactive “cmd.exe”
this will create a schedule to run cmd.exe at 10:41.
(Since you are testing, check the time in your system try and add two or three minutes.)Change this time according to your local time
Hint: you can check if the schedule is placed by typing “at“
and hitting enter after the above step.
3)Wait for the time you set for the schedule.
cmd.exe would be launched at the specified time.
4)After cmd.exe is launched by the scheduled time, press [CTRL] + [ALT] + [DEL] and launch task manager.
Select “Process” tab, select explorer.exe in the process list and click “End Process” button.
You will receive a confirmation dialogue. Click “Yes” to end the process.
5)Close task manager by clicking the close (X) button.
Close the first cmd window (be careful to close the first one not the second one.)
Now you have only the second command prompt window and an empty desktop.
In command prompt type the following line and hit “Enter”
cd ..
6)In command prompt type the following line and hit “Enter”
explorer.exe
If this is the first time you do it, windows creates the necessary
components for you to access System ( Desktop, start menu,
My document)
when it’s finished you will have a new desktop.
7)Close command prompt window. Click start and check your username. It’s changed to System. Now you are a super-power user. Be careful not to harm your PC and delete or modify system files if you don’t know what you are doing.
Am once again saying, don’t attempt accessing system account, unless you are an experienced Windows user
are doing. You may harm your PC. If you follow, Do it on your own risk.
1)Check the name of the account you’ve logged into (Click start. You
will see the name of the account you’ve logged in.)
2)Launch the command prompt. (Start | Run | cmd | [Enter] )
in command prompt, create a schedule to run cmd.exe.
To create a schedule type the following line and hit enter.
at 10:41 /interactive “cmd.exe”
this will create a schedule to run cmd.exe at 10:41.
(Since you are testing, check the time in your system try and add two or three minutes.)Change this time according to your local time
Hint: you can check if the schedule is placed by typing “at“
and hitting enter after the above step.
3)Wait for the time you set for the schedule.
cmd.exe would be launched at the specified time.
4)After cmd.exe is launched by the scheduled time, press [CTRL] + [ALT] + [DEL] and launch task manager.
Select “Process” tab, select explorer.exe in the process list and click “End Process” button.
You will receive a confirmation dialogue. Click “Yes” to end the process.
5)Close task manager by clicking the close (X) button.
Close the first cmd window (be careful to close the first one not the second one.)
Now you have only the second command prompt window and an empty desktop.
In command prompt type the following line and hit “Enter”
cd ..
6)In command prompt type the following line and hit “Enter”
explorer.exe
If this is the first time you do it, windows creates the necessary
components for you to access System ( Desktop, start menu,
My document)
when it’s finished you will have a new desktop.
7)Close command prompt window. Click start and check your username. It’s changed to System. Now you are a super-power user. Be careful not to harm your PC and delete or modify system files if you don’t know what you are doing.
Am once again saying, don’t attempt accessing system account, unless you are an experienced Windows user
Subscribe to:
Posts (Atom)
