While doing some contract work I came across a custom written application with a hard coded value to an E: drive that was no longer present. There was plenty of space on the F: drive for files to be created (this was an automated nightly backup) to a set path on E:\somepath\somefile.
Intro stage left the subst.exe command from windows CLI.
As you can imagine it's to substitute and it works like this:
C:\>subst E: F:\customapp\
E:\>cd E:
E:\
E:\>dir
Volume in drive E is New Volume
Volume Serial Number is 0472-8727
Directory of E:\
03/15/2009 07:41 PM dir .
03/15/2009 07:41 PM dir ..
0 File(s) 0 bytes
2 Dir(s) 196,957,515,776 bytes free
These mappings are persistent, however if you wanna dump it use subst E: /D (or whatever your drive letter is).
You can also list mappings with "subst" on it's own
c:\>subst
e:\: => F:\customapp
Not rocket surgery, but pretty handy if you didn't know already :)
Monday, March 16, 2009
Thursday, March 12, 2009
VoIP Hopper
If you read many security books you have probably come across the topic of VLAN hopping more than once. Up until now I hadn't seen any tools designed to take advantage of this vulnerability.
From the authors description:
VoIP Hopper is a security validation tool that tests to see if a PC can mimic the behavior of an IP Phone. It rapidly automates a VLAN Hop into the Voice VLAN.
VoIP Hopper can be downloaded here!
From the authors description:
VoIP Hopper is a security validation tool that tests to see if a PC can mimic the behavior of an IP Phone. It rapidly automates a VLAN Hop into the Voice VLAN.
VoIP Hopper can be downloaded here!
Sunday, March 8, 2009
MPack - A better explanation
I have mentioned MPack in past CCSP and CEH classes and given a brief description of how it works. I remembered seeing a video this morning and hunted it down again. This is useful for anyone out there who has managed a web server.
While Mpack is no longer affective against patched servers, it's a great example of what current "packs" contain and how they work.
MPACK infection vectors are:
While Mpack is no longer affective against patched servers, it's a great example of what current "packs" contain and how they work.
MPACK infection vectors are:
* Web Servers - An Iframe code that allows MPACK installation.
* Spam - Social engineering containing email that links to a legitimate but infected website.
What makes this piece of code successful is that it employs the following exploits:
* WinZip ActiveX overflow
* QuickTime overflow
* MS06-014 Microsoft Windows MDAC Vulnerability
* MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers
* MS06-044 Vulnerability in Microsoft Management Console
* MS06-071 Vulnerability in Microsoft XML Core Services
* MS06-057 Vulnerability in Windows Explorer)
* MS07-017 - Vulnerability in Windows Animated Cursor
Tuesday, March 3, 2009
The Realm - Cisco is cooler than you thought!
Today I discovered a portion of Cisco's website called "The Realm". This area hosts an anime series that focuses on a team of superheros that battle computer villains such as malware, botnets, and hackers. Check out the episodes today!
Monday, March 2, 2009
Is it still available? The new criagslist email harvester :-(
Last night I listed my camera gear on craigslist, and throughout the night I received about ten inquiries. Why systematically clearing out my inbox from oldest messages to newest, responding to each one I started to look more closely and notice that the name of the sender was not the same as the name of the email address, and that in NONE of these inquiries did the "potential seller" mention the camera. Most of their emails contained typo's typical of 419 / phishing scams. After a bit of research I found postings on forums where several CL users were complaining about lots of "is it still available" requests but no follow up. I hadn't found anywhere that seemed like people have put this togethet yet, but I'm sure it's just a way to harvest email addresses for spamming.
For example:
Hello dear,just to let you know that am very much interested in your item,that is why i want to confirm if the camera is still available for sell.pls get back to me asap.
Regards Andrew.
(This was the most obvious that sparked my suspicions, I'm sure the other are fake as well.)
As I'm writing this blog I recieved:
hello,
i want to buy the item so,let me know it's condition.
get back to me asap.
Too bad the description is about 4 lines in length and I mention twice that the gear is in excellent condition and has only been used three times.
Hopefully the word will get out and people will be more cautious when replying to craigslist.org inquiries that are simply asking "Is the item still available".
That's it for now, stay safe :)
-Ryan
For example:
Hello dear,just to let you know that am very much interested in your item,that is why i want to confirm if the camera is still available for sell.pls get back to me asap.
Regards Andrew.
(This was the most obvious that sparked my suspicions, I'm sure the other are fake as well.)
As I'm writing this blog I recieved:
hello,
i want to buy the item so,let me know it's condition.
get back to me asap.
Too bad the description is about 4 lines in length and I mention twice that the gear is in excellent condition and has only been used three times.
Hopefully the word will get out and people will be more cautious when replying to craigslist.org inquiries that are simply asking "Is the item still available".
That's it for now, stay safe :)
-Ryan
Subscribe to:
Posts (Atom)
Posts
