I was reading about the iKAT tools; I came across their set of binaries that don’t obey GP. These are awesome and if you couple them with the base64 file encoding proxy I wrote a while ago. With this you should be able to get full cmd access on just about any environment where you have internet access. the tools included in the iKAT package are:
cmd.exe
command.com
control.exe
cscript.exe
explorer.exe
ipconfig.exe
osk.exe
rasphone.exe
regedit.exe
runonce.exe
sc.exe
taskman.exe
taskmgr.exe
wscript.exe
And the complete zip is mirrored here.
Tag Archives: Administration
I was developing a a web application at work for use on the intranet. And if you’re anything like the security nut I am you love logging just as much as I do. I love logging so much I have a page for just about every I use generally my log pages look something like
import os
print "Content-Type:text/html"
print
print
print '<br/>'.join(os.popen("tail -100 somelog.log").read().split("n"))
Now this is ok but wouldn’t it be cool if it updated without the page refreshing?
Now I’m not very good at Jquery so I had no idea to start but eventually I came across Jeff Star’s blog post http://perishablepress.com/ajax-error-log/ which was pretty much exactly what I was after without all the fancy 404 logging since my web framework does all that.
So quite simply I took this code
<!DOCTYPE HTML>
<html>
<head>
<title>Ajax Error Log</title>
<!-- Ajax Error Log @ http://perishablepress.com/ajax-error-log/ -->
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<style>
pre {
font: 10px/1.5 Courier, "Courier New", mono;
background-color: #efefef; border: 1px solid #ccc;
width: 700px; margin: 7px; padding: 10px;
white-space: pre-wrap;
}
</style>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js "></script>
<script>
$(document).ready(function() {
$("#results").load("AjaxErrorLog.php");
var refreshId = setInterval(function() {
$("#results").load("AjaxErrorLog.php").fadeIn("slow");
}, 2000); // refresh time (default = 2000 ms = 2 seconds)
});
</script>
</head>
<body>
<noscript><div id="response"><h1>JavaScript is required for this demo.</h1></div></noscript>
<div id="results"></div>
</body>
</html>
And changed AjaxErrorLog.php to the cgi script tailing my log and presto a live log feed.
GUIDs are the Globally unique Identifiers used by windows to install and identify software; they are used in the registry to ensure that keys used that piece of software are unique, a normal guid will look like this {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} but this guid is only one of the ways software will identify it’s self in the registry. You can also have a compressed GUID which you can get from a normal GUID by following this process
The first group of eight hexadecimal digits are placed in reverse order:
ABCDEFGH becomes HGFEDCBA
The same is done with the second group of four hexadecimal digits:
IJKL becomes LKJI
The same is done with the third group of four hexadecimal digits:
MNOP becomes PONM
In the fourth group of four hexadecimal digits, every two digits switch places:
1234 becomes 2143
In the last group of 12 hexadecimal digits, again every two digits switch places:
Lastly remove all {} ans -’s
python function to do this for you
compress_guid=(lambda guid:"".join(map(lambda x: x[::-1],guid[0:3])+map(lambda x:''.join([x[i:(i+2):][::-1]for i in range(0,len(x),2)]),guid[4:])))
compressed GUIDs occur in various places in the registry common ones being
HKEY_LOCAL_MACHINESOFTWAREClassesInstallerProducts
and somewhere under
HKEY_CLASSES_ROOT