PowerShell – More than the command prompt

Abstract

Windows PowerShell™ is a new Windows command-line shell designed especially for system administrators. The shell includes an interactive prompt and a scripting environment that can be used independently or in combination.

Introducing Windows PowerShell

Most shells, including Cmd.exe and the SH, KSH, CSH, and BASH Unix shells, operate by executing a command or utility in a new process, and presenting the results to the user as text. Over the years, many text processing utilities, such as sed, AWK, and PERL, have evolved to support this interaction.
These shells also have commands that are built into the shell and run in the shell process, such as the typeset command in KSH and the dir command in Cmd.exe. In most shells, because there are few built-in commands.many utilities have been created.
Windows PowerShell is very different.

• Windows PowerShell does not process text. Instead, it processes objects based on the .NET platform.
• Windows PowerShell comes with a large set of built-in commands with a consistent interface.
• All shell commands use the same command parser, instead of different parsers for each tool. This makes it much easier to learn how to use each command.

Best of all, you don’t have to give up the tools that you have become accustomed to using. You can still use the traditional Windows tools, such as Net, SC, and Reg.exe in Windows PowerShell.

Read the rest of this story…

Posted in Coding, Linux, Windows | No Comments

Details of privilege escalation hole in Windows

In a security alert last week, Microsoft reported a vulnerability which allows local users and users signed on with access to an Internet Information Server (IIS) or MS SQL server to escalate their privileges. Server operators such as hosting providers who allow user code to be executed, for example on IIS or SQL servers, were rated as particularly vulnerable by Microsoft.

Cesar Cerrudo of security service provider Argeniss discovered the vulnerability and presented initial details at the HITBSecConf2008 security conference.

The vulnerability is due to a process running as a service being able to adopt the security token of another process. Windows uses this token to record the privileges of a process, for example the user account in which the process is running. One of the privileges in this security token, SeImpersonatePrivilege, allows a process to execute a thread at a different security level than its parent process.

Under Windows XP and Server 2003, services can run in the Local Service, Network Service or Local System user accounts, but only Local System allows unrestricted system access. The services are not able to directly access each other. According to Cerrudo, however, services in both operating systems have the right to modify the access restrictions in the service’s Access Control Lists (ACLs) (WRITE_DAC), allowing all the services to adopt the security tokens of other services.

As an example, Cerrudo presented the Microsoft Distributed Transaction Coordinator (MSDTC) service, in which a service can obtain the security token which grants impersonation privileges to Network Service by calling DtcGetTransactionManagerEx(). This token allows the process to access the threads of the Remote Procedure Call System Services (RPCSS) service. These threads can use their security token to obtain Local System privileges.

Read the rest of this story…

Posted in Coding, Privacy, Security, Windows | No Comments

Add file type support to Vista’s Explorer preview pane with PreviewConfig

PreviewConfig is a utility that gives Vista users the power to add file type support to the Explorer preview pane, which can be activated via “Organize.” Though the preview pane can be an interesting and useful feature of the OS, it really lacks in file support. It’s possible to add support for more without a 3rd party program, but that requires some risky and time-consuming registry tweaking.

But fear not lazy and/or less-advanced Vista users! PreviewConfig makes it easy to add support for more file types. Simply open the application, choose the file type on the left and select how to preview it on the right. In the photo above, you can see the results of adding support for a multimedia file — in this case an MP3 — which is previewed through Windows Media Player.

Though it was easy to add support for MP3 files, adding more would require the user to go through the process again. This isn’t a big deal if you’re looking to add a few more, but adding support for 20, 30, or more file types could prove to be extra boring. Then again, it beats doing the registry hack over and over again.

Source: Download Squad

Posted in Windows | No Comments

Microsoft Opens the Gates to Hack Their Web Services

It seems like Microsoft are starting to get serious about security, in a very progressive move they have said they are ok with ethical hackers finding security flaws in their online services.

It’s been fairly ok so far to hack away at software installed on your own hardware, but hitting remotely hosted applications has been a big no-no with individuals facing legal action even when they were just trying to help.

In a first for a major company, Microsoft has publicly pledged not to sue or press charges against ethical hackers who responsibly find security flaws in its online services.

The promise, extended Saturday at the ToorCon security conference in Seattle, is a bold and significant move. While researchers are generally free to attack legally acquired software running on their own hardware, they can face severe penalties for probing websites that run on servers belonging to others. In some cases, organizations have pursued legal action against researchers who did nothing more than discover and responsibly report serious online vulnerabilities.

Read the rest of this story…

Posted in Coding, Internet, Networking, Privacy, Security, Software | No Comments

Additional Bitlocker Incident Response tips

In January, I posted some Incident Response tips on how to deal with a Vista system with Bitlocker enabled. You can read the initial post here. I was recently doing some training and we discussed Bitlocker techniques in depth and decided to post a follow up with some additional tips.

The first thing you must do when you roll up on a system running Vista is to determine if Bitlocker is enabled. Remember that Bitlocker is only available in the Enterprise and Ultimate editions of Windows Vista. A quick look at the system properties should tell you what version you are dealing with:

Read the rest of the story…

Posted in Privacy, Security, Windows | No Comments