Search This Blog

Wednesday, March 21, 2012

Empty Recycle Bin at Logoff and Shutdown on Windows XP

I had been looking for a simple solution for legacy systems (Windows XP) to perform a simply empty recycle bin during a shutdown and even better if it can be integrated into a logoff. To my surprise there were tons of requests for years and nobody gave a solution properly which does not require any 3rd party tools.

Most of the users suggest to turn off Recycle bin totally, but it can save lives sometimes, so that not what we want. Secondly, if we need to install a tool, we are just expanding our exposure to risk since the tool may have vulnerability and who knows what it can do when run as SYSTEM during a shutdown.

I found the simplest solution is to make use of Microsoft's built in shutdown and logoff script function:

Shutdown scripts:
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/gptext_assigncomputershutdownscripts.mspx?mfr=true
Logoff scripts:
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/gptext_logoffscripts.mspx?mfr=true

However, do take note that Shutdown scripts are run as SYSTEM and logoff scripts are run as the user logging off.

A simple "Empty the Recycle Bin" scripts using just batch file:

ATTRIB %systemdrive%\RECYCLER\* -R -S -H /S /D
DEL %systemdrive%\RECYCLER\* /F /S /Q
RD %systemdrive%\RECYCLER /S /Q

It's 3 lines to make sure it deletes and finish the job. Just copy and paste into a batch file which is your logoff / shutdown script.

There we have it. A simple and do-no-need-3rd-party solution. I hope you will find it useful.

Tuesday, March 20, 2012

Reverse Bruteforcing of Accounts

I may had talked about this in the past somewhere, not sure if its here, but in any case, this still works even today and there is no harm mentioning it again.

Given a black box system for pentest, you know there are some minimum security set in:

  • There is a lockout for X retries (usually not 65535...)
  • There are a large amount of user (easily deduced from company size)
  • The users are lazy and like to choose easy passwords (always a given. Even if there is password limit, it will still be simple passwords like P@ssword123 or qwerty12345 which passed the password requirement)

Point 3 is where we would base this attack on. In order to show them how bad their passwords are, we probably need to crack some majority of it and bruteforcing is required unless we can dump the hashes (in Windows) or offline crack their salted password (from Linux). Traditionally, bruteforce will choose a useraname (example admin) and try to guess the password (admin, password, admin123, iamgod...) and before you know it, the account is locked (Shit! damn...). See point 1 above.

So, lets think out of the box. How many user would use lets say the password "password" (if its allowed by the password policy). Probably a lot. That's why I am going to introduce another to bruteforce such a system. This is what I call Reverse Bruteforcing. Instead of using a username and bruteforcing the password, we choose a password and bruteforce the username instead. Of course, in some case, we might even have the username (from the emails servers, or client contact list etc). But in the worst case, this will work.

So, we would go:

"password" - user1, user2, user3 etc...

This will not lock out the accounts as quickly as traditional bruteforcing, but it will eventually depending on how they set it up. If its time based (x attempts in x mins), then by spacing out the bruteforce, we might actually overcome it totally. Go online and get a list of commonly used password and mix in some variation with the company's name, slogan etc and you have a good list to start with.

Actually in some of my previous pentests, this methods proves to be quite effective and can be easily automated and while it run, you can proceed with your Metasploit or other attacks. Its a quick win any day! (P.S. My best win is root, root without locking the account up :P)


Sunday, March 18, 2012

CM9 for Nook Tablet First Alpha

The first Alpha for Nook Tablet CM9 is out. However as stated being an alpha, not everything works and the hardware video decoding is of course still unfixed. However, if you feel that you want to have a shot at how CM9 looks like, go ahead and grab the binaries from xda-developers:
http://forum.xda-developers.com/showthread.php?t=1534192


Saturday, March 10, 2012

Download Adobe Photoshop Lightroom 4

Since Lightroom 4 had been out there are many good reviews all over the net, so I will not repeat them. But I found out that I actually have a problem downloading the trial version to see for myself. After some minutes of debugging, I realized that the Coldfusion download server used by Adobe does not seems to be Chrome friendly.

The links are here:
http://trials2.adobe.com/AdobeProducts/LTRM/4/win32/Lightroom_4_LS11.exe
http://trials3.adobe.com/AdobeProducts/LTRM/4/win32/Lightroom_4_LS11.exe

So, I have to fire up the trusty IE (its not bad, just not my choice of browser). And all a sudden it starts to download the 718MB trial happily.

Well this is just an update for anyone who has similar issue with the download.
Do drop a comment here (for encouragement) if this post helps you!

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.