Wednesday, December 21, 2011
I found information online which suggests lauching the CMD.exe using the DOS Task Scheduler AT command. Here’s a sample command:
AT 12:00 /interactive cmd.exe
I gave it a shot but I received a Vista warning that “due to security enhancements, this task will run at the time excepted but not interactively.”
It turns out that this approach will work for XP, 2000 and Server 2003 but due to session 0 isolation Interactive services no longer work on Windows Vista and Windows Server 2008.
Another solution suggested creating a secondary Windows Service via the Service Control (sc.exe) which merely launches CMD.exe.
C:\sc create RunCMDAsLSA binpath= "cmd" type=own type=interactC:\sc start RunCMDAsLSA
In this case the service fails to start and results it the following error message:
FAILED 1053: The service did not respond to the start or control request in a timely fashion.
The third suggestion was to launch CMD.exe via a Scheduled Task. Though you may run scheduled tasks under various accounts, I don’t believe the Local System Account is one of them. I’ve tried using the Runas as well, but think I’m running into the same restriction as found when running a scheduled task.
Not Out Yet:
Fortunately, I came across this article which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft in July, 2006. I launched the command line and issued the following statement and suddenly I was running under the Local System Account like magic:
psexec -i -s cmd.exe
PSTools worked great. It’s a lightweight, well-documented set of tools which provided an appropriate solution to my problem.
are doing. You may harm your PC. If you follow, Do it on your own risk.
1)Check the name of the account you’ve logged into (Click start. You
will see the name of the account you’ve logged in.)
2)Launch the command prompt. (Start | Run | cmd | [Enter] )
in command prompt, create a schedule to run cmd.exe.
To create a schedule type the following line and hit enter.
at 10:41 /interactive “cmd.exe”
this will create a schedule to run cmd.exe at 10:41.
(Since you are testing, check the time in your system try and add two or three minutes.)Change this time according to your local time
Hint: you can check if the schedule is placed by typing “at“
and hitting enter after the above step.
3)Wait for the time you set for the schedule.
cmd.exe would be launched at the specified time.
4)After cmd.exe is launched by the scheduled time, press [CTRL] + [ALT] + [DEL] and launch task manager.
Select “Process” tab, select explorer.exe in the process list and click “End Process” button.
You will receive a confirmation dialogue. Click “Yes” to end the process.
5)Close task manager by clicking the close (X) button.
Close the first cmd window (be careful to close the first one not the second one.)
Now you have only the second command prompt window and an empty desktop.
In command prompt type the following line and hit “Enter”
6)In command prompt type the following line and hit “Enter”
If this is the first time you do it, windows creates the necessary
components for you to access System ( Desktop, start menu,
when it’s finished you will have a new desktop.
7)Close command prompt window. Click start and check your username. It’s changed to System. Now you are a super-power user. Be careful not to harm your PC and delete or modify system files if you don’t know what you are doing.
Am once again saying, don’t attempt accessing system account, unless you are an experienced Windows user
Tuesday, November 22, 2011
Microsoft Outlook Web Access is prone to a security-bypass vulnerability.
Successful exploits may allow attackers to hijack web sessions or bypass authentication through a replay attack and gain access to a victim's email account.
Microsoft Outlook Web Access 188.8.131.52 is vulnerable; other versions may also be affected.
An attacker can carry out this attack using readily available network utilities.
The following proof of concept is available:
GET /owa/?ae=Folder&t=IPF.Note&a= HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application,
application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap,
application/vnd.ms-powerpoint, application/msword, application/x-mfe-ipt,
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0;
SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR
3.5.30729; FDM; .NET CLR 3.0.30729; .NET4.0C)
Accept-Encoding: gzip, deflate
SonicWALL Aventail is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Attackers can use a browser to exploit this issue.
The following example URI is available:
Sunday, September 11, 2011
Whois and geo-location
ShowIP : Show the IP address of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and Hostname (left mouse button), like whois, netcraft.
Shazou : The product called Shazou (pronounced Shazoo it is Japanese for mapping) enables the user with one-click to map and geo-locate any website they are currently viewing.
HostIP.info Geolocation : Displays Geolocation information for a website using hostip.info data. Works with all versions of Firefox.
Active Whois : Starting Active Whois to get details about any Web site owner and its host server.
Bibirmer Toolbar : An all-in-one extension. But auditors need to play with the toolbox. It includes ( WhoIs, DNS Report, Geolocation , Traceroute , Ping ). Very useful for information gathering phase
Enumeration / fingerprinting
Header Spy: Shows HTTP headers on statusbar
Header Monitor : This is Firefox extension for display on statusbar panel any HTTP response header of top level document returned by a web server. Example: Server (by default), Content-Encoding, Content-Type, X-Powered-By and others.
People Search and Public Record: This Firefox extension is a handy menu tool for investigators, reporters, legal professionals, real estate agents, online researchers and anyone interested in doing their own basic people searches and public record lookups as well as background research.
Googling and spidering
Advanced dork : Gives quick access to Google’s Advanced Operators directly from the context menu. This could be used to scan for hidden files or narrow in a target anonymously (via the scroogle.org option) [Updated Definition. Thanks to CP author of Advanced Dork]
SpiderZilla : Spiderzilla is an easy-to-use website mirror utility, based on Httrack from www.httrack.com.
View Dependencies : View Dependencies adds a tab to the "page info" window, in which it lists all the files which were loaded to show the current page. (useful for a spidering technique)
Sunday, May 22, 2011
First find out where your GTalk is installed. This would usually be:
C:\Program Files\Google\Google Talk\googletalk.exe
Once you have found out where your Google Talk is,
• create a short cut by right clicking on your desktop and choosing Shortcut
• Browse and choose the location of the file and add “/nomutex” in the end of the location. So your path looks like this
That’s it. Now click on your usual link to open GTalk. After you open it, log into it. Now click on the new shortcut that you created to open the second Google Talk.
1)# apt-get install libmysqlclient-dev
2) # start mysql or #/etc/init.d/mysql start
3)# mysql -u root -p'toor' by default password is toor
4)mysql> create database metasploit3; // mysql> create database
6)mysql> grant all privileges on metasploit3.* to root@localhost;
7)# update-alternatives --config ruby //
after choose type selection number: 0
8)# ruby -v //check ruby version it should be ruby 1.8.7
9)#gem install mysql
10)# ruby1.8 /pentest/exploits/framework3/msfconsole // it should be starting with ruby1.8 every u open msfconsole
11)msf > db_driver mysql
12)msf > db_connect root:firstname.lastname@example.org:3306/metasploit3
13)msf > db_status
14)msf > db_nmap -sS -n 192.168.1.2 // check it working or not
Wednesday, April 27, 2011
Solution: To put images into your messages or attach images want to inline them. Just turn on "Inserting images" from the Labs tab under Settings
Make sure you're in rich formatting mode, or it won't show up. Click the little image icon, and you can insert images in two ways: by uploading image files from your computer or providing image URLs.
Gmail doesn't show URL-based images in messages by default to protect you from spammers, so if you're sending mail to other Gmail users, they'll still have to click "Display images below" or "Always display images from ..." to see images you embed.
Tuesday, February 15, 2011
Visit http://kernel.org/ and download the latest source code. File name would be linux-x.y.z.tar.bz2, where x.y.z is actual version number.
Step # 2 Extract tar (.tar.bz2) file
root@asheesh# tar -xjvf linux-2.6.25.tar.bz2 -C /usr/src
root@asheesh# cd /usr/src
Step # 3 Configure kernel
root@asheesh# apt-get install gcc (if gcc is not installed)
Step # 4 Compile kernel
Start compiling to create a compressed kernel image
Start compiling to kernel modules:
root@asheesh# make modules
Step # 5 Install kernel
Compiled kernel and installed kernel modules.
Step # 6: Create an initrd image
Type the following command at a shell prompt:
root@asheesh# cd /boot
root@asheesh# mkinitrd -o initrd.img-2.6.37 2.6.37
Step # 7 Modify Grub configuration file
- /boot/grub/menu.lst (before Edit Please take backup)
Open file using vi or gedit:
root@asheesh# vi /boot/grub/menu.lst
title Debian GNU/Linux, kernel 2.6.25 Default
kernel /boot/vmlinuz root=/dev/hdb1 ro
Remember to setup correct root=/dev/hdXX device. Save and close the file. If you think editing and writing all lines by hand
is too much for you, try out update-grub command to update the lines for each kernel in /boot/grub/menu.lst file. Just type
Step # 8 : Reboot computer and boot into your new kernel