Friday, November 20, 2015

Windows10 Security

Starting powerpoint from cmd line
> bp user32!setwindowstextw "ezu @eax \"Untitled:Powerpoint\" ;bd*;gc"

1) Tokens / Elevated Tokens

Launch two cmd prompt one as normal user and other as admin and run
> whoami /all
This would give you your SID.

Once we login, WinLogon will give us an elevated access
Then a Second token which is filtered
Then create a process called explorer.exe using the filtered token mentioned above.

Elevation process uses Shell Execute API.  This will called in "AppInfo Service" if this is turned off we cannot elevate our rights.  This in turn would invoke consut.exe.

The elevation is driven by "Local Group Policy Editor" under Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.  Now that we are here if we scroll down way down we get to all the "User Account Control: **********".

UAC master switch is controlled by "User Account Control: Run all administrators in Admin Approval Mode"

The two most important things which we need to be worried about are
"User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode"
"User Account Control: Behavior of the elevation prompt for standard users"

In Windows we have a collection of "Logon Sessions" which contains a collection of "Desktops" which contains a collection of "Windows" which can again contain a collection of "windows".

MSRA.exe is Microsoft Remote Assistance the one which looked similar to conf remember ???

Microsoft Application Compatibility Administrator Tool - This is a part of Application Compatibility Toolkit.  This is hidden inside the Windows ADK (Assessment and Deployment Kit) 5.61 we will get the Kernel one.

Double clicking on Setup we have *Setup*
Under update we have *Update*
Under Installer Detection we have *instal*
Under Patch we have *patch*

Under "Compatibility Fixes" We have something called as "RunAsAdmin", "RunAsHightest" and "RunAsInvoker".
We also have something called as "SpecificInstaller" and "SpecificNonInstaller".

When we launched "whoami /all" we can see something called as "Medium Mandatory level" that comes into play when we have the situation of do we trust all our apps to the same degree ?

"S-1-16" is the Integrity
8192 is the Level, This is a 32 bit number which determines the integrity level.

psexec -l -d c:\Windows\SysWOW64\notepad.exe

The -l on psexe would execute notepad as a low integrity process.  This would even prevent notepad from writing to the user home directory as whom we launched the notepad process as.

chml is a change integrity level tool.  To change a file to low integrity file use the command as follows.

chml file.txt -b 0-i:ll

Let us launch an application called "Microsoft Spy++" which is distributed as part of visual studio.  This will show us how many windows are launched on our system.

2) Integrity Levels

3) User Interface Privilege Isolation.

4) Capabilities (New in Win 8 and Win 10)

5) App Containers

Saturday, September 5, 2015

SED Kufu

This saved me from a boring task.  Here I tried to rename a bunch of files by removing some standard text and including leading zero to single digit file titles.

ls -ltrh | grep -o Java.* | sed -e 's/.*/mv_&" "&"/g' -e 's/ "Java Programming Tutorial/ "/g' -e 's/" - /\n"Java/g' | sed -E '/(mv_Java)/!s/ //g' | paste -d" " - - | sed 's/mv_/mv "/g'
sed -E "Would skip lines with mv_Java"
This would help add leading zero to single digits.
ls -ltrh | grep -o -P Java[0-9]{1}-.* | sed 's/.*/mv_&\n&/g' | sed -E '/mv_/!s/Java/Java0/g' | paste -d" " - - | sed 's/mv_/mv /g'

Sunday, August 2, 2015

Treesheets cheatsheet

Treesheet cheatsheet :-)



To install treesheets from Git Respository follow these steps below.

We need GTK > 1.2 to get wxwidgets installed.  wxWidgets is needed for treesheets.
apt-get install libgtk-3-dev

Now let us get the MD5SUM (b8833e54675154f3098e9e0f114d3082) from the link

Now unzip that zip file and go inside and configure it with the following options and then do make as normal user.

$ ./configure --enable-unicode --enable-optimize=-O2 --disable-shared
$ make

Now let us get the treesheets zip file from git (6ede9f8db292d22c91c0a411a9d56d01).

Now unzip that as before and go into the src directory.  Now we need to move the wxWidgets-master folder into the treesheets/src/wx directory.  Then run make.  We should see the treesheets executable in the TS directory.

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/home/std/Downloads/ts/src/wx
echo $PATH

There is one mystery which I have not been able to solve is why is treesheet listening on port 4242, when we invoke it.

Saturday, July 4, 2015

RaspberryPI xbmc-send - Playing Youtube videos from laptop

If we are watching some youtube videos on our laptop or desktop and want to push that video to RaspberryPI we can follow the following steps.

1. Install xbmc-send software on our system where we are watching youtube.
2. Next copy paste the code from [1] and replace RaspberryPI_ip with your RaspberryPI IP address.
3. Next make the script executable with "chmod +x" Then call it with youtube url as parameter for it.


Raspberry PI JASON

Wow now we can use Jason to control RaspberryPI :-)

curl -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"GUI.ShowNotification","params":{"title":"This is the title of the message","message":"This is the body of the message"},"id":1}' http://username:password@RasbperryPi_IPaddress/jsonrpc

The list of all method we can using under jason is given under [1].  [2] showed how to explore the methods in a more structured way.