Friday, May 12, 2017

Running commands as system on windows 10

Playing god on windows 10 :)

the method is to run PSEXEC which is part of windows pstools

Command

Run - > cmd as Administrator

psexec -i -s cmd


A new command prompt window will pop-out with system privileges


Now you can almost any command with elevated privileges

C:\Windows\system32>start regedit



Monday, August 13, 2012

Python oneliner - HTTP servers

Power of python :)

# python -m SimpleHTTPServer 8080
 
# python3 -m http.server 8000

# sudo python -m pyftpdlib.ftpserver.
 
 

Sunday, August 12, 2012

Python - inserting data into excel file

Creating excel file with Python
----snip-----
import win32api
import win32con
import win32file

import win32com.client
xlapp = win32com.client.Dispatch("Excel.Application")
xlapp.visible=1
#xlwb=xlapp.workbooks.open("results.xls")
xlapp.workbooks.Add()
xlapp.cells(1,1).value ="Hello"
xlSheet = xlApp.Sheets(1)

----snip----

Python Script to Parse MBSA files

Simple python script to parse Microsoft MBSA files

#-------------------------------------------------------------------------------
# Name:        MBSA parser
# Author:      Azmath
# Created:     11/07/2012
# Copyright:   (c) 2012
#-------------------------------------------------------------------------------


from xml.etree import ElementTree

with open('test.mbsa', 'rt') as f:
    tree = ElementTree.parse(f)
print "servername" + "|"+"domainname" +"|"+"scandate"+"|"+"id" +"|"+ "severity" +"|"+ "Patchtype" + "|"+"Description"
for node in tree.iter('SecScan'):
    name = node.attrib.get('Machine')
    domain = node.attrib.get('Domain')
    scandate = node.attrib.get('LDate')
    if name and domain:
        print '  %s :: %s' % (name, domain)
    else:
        print name

for node in tree.iter('UpdateData'):
    id = node.attrib.get('ID')
    if id:
        isinstalled = node.attrib.get('IsInstalled')
        if isinstalled == 'false':
            bid = node.attrib.get('BulletinID')
            if bid:
                bulletinid = bid
            else:
                bulletinid = "None"
            idd = node.attrib.get('ID')
            #print "Patch id = " +idd
            severity = node.attrib.get('Severity')
            #print "Severity = "+severity
            dtype = node.attrib.get ('Type')
            #print "Patch type:" + dtype
            for p in node.getiterator('Title'):
                desc = p.text
            print name + "|"+domain +"|"+scandate+"|"+idd +"|"+ severity +"|"+ dtype + "|"+desc

AIX oneliners for auditing

Locked Accounts

#sudo cat /etc/security/user | grep -iE '\:|account_locked'|grep -iv '*'

Last password change date
#for a in `cut -f1 -d: /etc/passwd | grep -v '\+' `;do echo $a; /usr/bin/sudo /usr/lbin/getprpw $a; done|cut -f9 -d ','

NFS shares:
#/usr/bin/sudo cat /etc/exports||echo 'file not found'

Inactive Accounts:
#/usr/bin/sudo lsuser -a id ALL | awk '{ print $(NF-1) }' |while read user ; do sudo lssec -f /etc/security/lastlog -s $user -a time_last_login;done

Last password change date:
#/usr/bin/sudo lsuser -a id ALL | awk '{ print $(NF-1) }' |while read user ; do sudo lssec -f /etc/security/passwd -s $user -a lastupdate;done

All SNMP strings:
#/usr/bin/sudo cat /etc/snmpd.conf|grep -iE '^[a-z][A-Z]'

Default SNMP

#sudo cat /etc/snmpd.conf | grep -iE 'community|public|private' |grep -iv '# '

List of services:
#/usr/bin/sudo cat /etc/services |grep -iE '^[a-z][A-Z]'

Users with uid=0, gid=0
 #cat /etc/passwd | grep ':0:'
#cat /etc/group | grep ':0:'

Check if auditing service is running:
#/usr/bin/sudo ps -ef |grep auditd|grep -v 'grep'||echo 'not enabled'

List of sudoer:
#/usr/bin/sudo cat /etc/sudoers|grep -iE '^[a-z][A-Z]'

unmask value

sudo lssec -f /etc/security/user -s default -a umask

List of users:
sudo cat /etc/passwd|cut -d ':' -f1

account/password policy:
sudo lssec -f /etc/security/user -s default -a maxage
sudo lssec -f /etc/security/user -s default -a maxexpired
sudo lssec -f /etc/security/user -s default -a minalpha
sudo lssec -f /etc/security/user -s default -a minother
sudo lssec -f /etc/security/user -s default -a minlen
sudo lssec -f /etc/security/user -s default -a mindiff
sudo cat /etc/security/user | grep -iE '\:|loginretries'
sudo cat /etc/security/user | grep -iE '\:|histsize'
sudo cat /etc/profile |grep -i 'tmout'
sudo cat /etc/security/user | grep -iE '\:|histexpire'
sudo cat /etc/security/user | grep -iE '\:|pwdwarntime'
sudo cat /etc/security/user | grep -iE '\:|maxrepeats'

Login Delay
sudo cat /etc/security/login.cfg | grep -i 'logindelay'

Log Login attempts:
sudo ls -l /var/adm/ /etc/security |grep -iE 'loginlog|sulog|failedlogin'

cat /etc/services


Friday, July 16, 2010

Windows 7 God Mode

Lol.. what is god mode? i asked my self ... GodMode reminds me of shooting Games .. lol
Well we are talking abt windows

Getting Godmode is so Easy

1)Create a new folder
2)rename it to GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

There u have a god mode .. so easy isn't it

Friday, June 26, 2009

Detecting Load Balancers

While penetration testing we might require to find the load balancers on the site, it's pretty complicated to find the no of load balancers,
there is a good tool that comes in handy, it's halberd

installation
------------
# tar -xzvf halberd-0.2.3.ta.gz
# python setup.py install

running:
--------
# halberd www.site.com
or
# halberd