|
Cup Runneth Over posted:But there's hot single women in {YOUR_AREA} I think you mean hot {marital fetish} {sex of choice} in {target area}, the more specific the fetish, the more likely you are to be open to honey-potting. Click {here} for malware targeting your specific sexual kinks. If you're top quartile for user education vis a vis malware bullshit, anyone who isn't spear phishing you for a payout or mossad is gonna avoid dealing with you simply because you're too hard to trick. Anyone who is able to kidnap you is gonna get your passwords via rubber hose method, and anyone who isn't can't do anything you don't allow via user error or unpatched vulns. Patch your poo poo, and don't send wire transfers to uzbekistan banks. Methylethylaldehyde fucked around with this message at 09:47 on Aug 29, 2020 |
# ? Aug 29, 2020 09:42 |
|
|
# ? Apr 26, 2024 20:39 |
|
CLAM DOWN posted:I am far far too elite to fall prey to your petty whaling schemes Cup Runneth Over posted:But there's hot in {YOUR_AREA}
|
# ? Aug 29, 2020 10:03 |
|
Cup Runneth Over posted:But there's hot single women in {YOUR_AREA} In Cardboard Box Town? (just outside Vancouver)
|
# ? Aug 29, 2020 15:16 |
|
CommieGIR posted:Oh good, the old methodology of "Escape the Security Requirement through a couple clicks" lives on past Windows 95. I still remember one of the earlier versions of NT, possibly NT 3.1, its been a while, that had a help link on the login screen. If you clicked through it opened up the full chm reader which you could helpfully get into the file system via "open" and then use its overly useful dialogue to open a cmd window, logged in as SYSTEM. From there you could get explorer.exe up and it all goes downhill from there
|
# ? Sep 1, 2020 16:02 |
|
duck monster posted:I still remember one of the earlier versions of NT, possibly NT 3.1, its been a while, that had a help link on the login screen. If you clicked through it opened up the full chm reader which you could helpfully get into the file system via "open" and then use its overly useful dialogue to open a cmd window, logged in as SYSTEM. From there you could get explorer.exe up and it all goes downhill from there P sure that was the 9x line, not the NT line. NT had a different, but equally dumb security flaw iirc
|
# ? Sep 1, 2020 16:48 |
duck monster posted:I still remember one of the earlier versions of NT, possibly NT 3.1, its been a while, that had a help link on the login screen. If you clicked through it opened up the full chm reader which you could helpfully get into the file system via "open" and then use its overly useful dialogue to open a cmd window, logged in as SYSTEM. From there you could get explorer.exe up and it all goes downhill from there https://www.youtube.com/watch?v=ZdsSgklRoag RFC2324 posted:P sure that was the 9x line, not the NT line. BlankSystemDaemon fucked around with this message at 16:57 on Sep 1, 2020 |
|
# ? Sep 1, 2020 16:54 |
|
Another one that works on Windows 10 is to boot into a command prompt from installation media, rename cmd.exe to utilman.exe (after renaming utilman.exe to something else). You then boot normally, click the Ease Of Access button on the login screen, and now have a CMD prompt logged in as SYSTEM. Do whatever you need to do, and reverse the change. I've used it a couple times to get around lost/forgotten passwords.
|
# ? Sep 1, 2020 17:21 |
|
stevewm posted:Another one that works on Windows 10 is to boot into a command prompt from installation media, rename cmd.exe to utilman.exe (after renaming utilman.exe to something else). You then boot normally, click the Ease Of Access button on the login screen, and now have a CMD prompt logged in as SYSTEM. Do whatever you need to do, and reverse the change. this won't work on a bitlockered system you should be bitlockering all the things if you can
|
# ? Sep 1, 2020 17:23 |
|
RFC2324 posted:P sure that was the 9x line, not the NT line. No, this was definately NT. The 9x line you just had to mash escape. edit: I wonder if this sort of thing worked on all those old cytrix terminal servers duck monster fucked around with this message at 17:28 on Sep 1, 2020 |
# ? Sep 1, 2020 17:23 |
duck monster posted:No, this was definately NT. The 9x line you just had to mash escape.
|
|
# ? Sep 1, 2020 17:31 |
|
On 9x the network login screen was just that.. A screen to collect your credentials to authenticate against a Microsoft network resource. It was NOT a login to Windows. Which is why you could just cancel it. Windows itself would work, but since you didn't supply your network credentials, any connections to network resources requiring authentication would not work.
|
# ? Sep 1, 2020 17:31 |
|
stevewm posted:Another one that works on Windows 10 is to boot into a command prompt from installation media, rename cmd.exe to utilman.exe (after renaming utilman.exe to something else). You then boot normally, click the Ease Of Access button on the login screen, and now have a CMD prompt logged in as SYSTEM. Do whatever you need to do, and reverse the change. You are why I insist on locking the hell down every endpoint I can.
|
# ? Sep 1, 2020 17:49 |
|
My last year of school had a PC in the student common room running what must have been Win95 plus some third party security program that was meant to lock it down to a few approved programs. I think it took me a few days to figure out a way of using a Word macro to launch a command prompt that eventually let me re-enable safe boot and ultimately disable the lockdown program. Reboot and PC and use it to play games instead. I don't think they ever figured out who was doing it or how...
|
# ? Sep 1, 2020 17:57 |
|
Pablo Bluth posted:My last year of school had a PC in the student common room running what must have been Win95 plus some third party security program that was meant to lock it down to a few approved programs. I think it took me a few days to figure out a way of using a Word macro to launch a command prompt that eventually let me re-enable safe boot and ultimately disable the lockdown program. Reboot and PC and use it to play games instead. I don't think they ever figured out who was doing it or how... During my high school years, I usually spent my lunch periods in the library downloading mp3s and various other things off IRC using mIRC. (and ferrying it all home on copious amounts of floppy disks!) The lockdown app normally prevented mIRC from running, so it had to go. Library computers where NT4 running some sort of app that was a combination web filter and lock out app. (IIRC it was called CyberPatrol). It famously even blocked parts of the school's own website. I had a batch file on a few library computers I frequented that would simply rename the main EXE of the lock down app and reboot. Upon reboot the lockdown app wouldn't run, so nothing was blocked. When I wanted to reverse it, I would just run the batch file again which put it back to the original name and rebooted again. I later figured out how to add programs to the allowed list.. It was ridiculously easy. It was a .INI file in the c:\WINNT folder. I just added mIRC to that and never had to worry about disabling the lockout app again. I could also whitelist websites.
|
# ? Sep 1, 2020 18:19 |
|
My middle school computer lab still had Windows 3.1 machines in 1998 and their "lockdown" program was just a driver loaded from config.sys, so I set up my own DOS boot chain on a floppy that was the same files but with the driver commented out. Enter class, insert my floppy, reboot, no lockdown. Remove disk when I leave, no traces left behind and it's back to normal after a reboot. I was proud of that one as a 12 year old. The regular classrooms had Windows 95 machines with Novell Netware but strangely weren't really locked down at all, I installed all the games and software I wanted on those without any kind of limitation. Who else had the "Bess" internet filter at their school? gently caress that dog. Fortunately it was pretty trivial to bypass since it just did URL scanning. Use the IP address, search engine cache, Akamai, etc. and you could get to anything.
|
# ? Sep 1, 2020 19:59 |
|
win 9x had zero security model, everything was root and if you had local console access you could do anything you wanted short of goofy custom software explicitly killing certain commands or programs, and even those you could disable on next reboot
|
# ? Sep 1, 2020 20:07 |
|
I knew i saved this gif for a reason:
|
# ? Sep 1, 2020 20:25 |
|
wolrah posted:My middle school computer lab still had Windows 3.1 machines in 1998 and their "lockdown" program was just a driver loaded from config.sys, so I set up my own DOS boot chain on a floppy that was the same files but with the driver commented out. Enter class, insert my floppy, reboot, no lockdown. Remove disk when I leave, no traces left behind and it's back to normal after a reboot. I was proud of that one as a 12 year old. My middle school computer labs also had 3.1 but with Novell Netware. There was no lock down though of any kind, and internet access wasn't a thing yet. Many hours where wasted with NetWars though, with the teachers permission even. Some even held NetWars tournaments. Individual class rooms had Apple II or Mac LC "pizza box" machines with Apple II cards. No lockdown stuff on those either, though it wasn't really necessary. Nothing was networked then, except for the Win 3.1 computer labs.
|
# ? Sep 1, 2020 21:59 |
|
We were an all-Mac shop in my middle/high schools. I don't remember any tech workarounds to get admin mode, but my friend and I ingratiated ourselves to the point where we could just ask our computer teacher to put in the password whenever we needed it. There then came a day where she had to tell us that we were using 85% of the entire district's storage space, and to probably knock it off. It was a delicate line to walk.
|
# ? Sep 2, 2020 01:03 |
|
Our high school was mostly a Mac shop, and setting the error sound to 8 seconds of silence was a nice way to show off all the concurrency capabilities that System 6 didn’t have.
|
# ? Sep 2, 2020 03:51 |
|
I just got my first InfoSec job offer for a pentesting role I posted in this thread a few months ago, asking if anyone had made the move from software engineer to infosec. Thanks, thread!
|
# ? Sep 2, 2020 13:42 |
Congrats buddy I'm currently in the process of preparing for OSCP, pen testing is fun and hopefully will be doing it as a career soon too.
|
|
# ? Sep 2, 2020 13:54 |
|
Sir Bobert Fishbone posted:We were an all-Mac shop in my middle/high schools. I don't remember any tech workarounds to get admin mode, but my friend and I ingratiated ourselves to the point where we could just ask our computer teacher to put in the password whenever we needed it. There then came a day where she had to tell us that we were using 85% of the entire district's storage space, and to probably knock it off. It was a delicate line to walk. OS X is actually a proper operating system with a real security model so it usually took some effort. Except that one time when it allowed you to log in as root with a blank password.
|
# ? Sep 2, 2020 16:12 |
|
I mean, it's been a while since I checked, but I'm pretty sure single user mode is still a thing
|
# ? Sep 2, 2020 16:47 |
|
lol Apple issuing notarization signatures to the most common piece of mac malware guess shlayer is giving them a 30% cut on all the revenue from clickjacks and ad injections, the most important part of being on apple
|
# ? Sep 2, 2020 17:19 |
|
The Fool posted:I mean, it's been a while since I checked, but I'm pretty sure single user mode is still a thing
|
# ? Sep 2, 2020 17:26 |
|
CyberPingu posted:Congrats buddy Same, I was gonna take my OSCP this year but then Covid hit and my company is now declining to pay for the test, so I'll wait till next year and keep practicing.
|
# ? Sep 2, 2020 19:35 |
|
wolrah posted:Classic Macs were really easy to get around basically anything on. Booting with extensions disabled was enough to do it most of the time in my experience. Loved that one of those classic Mac OS "Desktop Security" programs was called Foolproof and simply disabling extensions was enough to stop it.
|
# ? Sep 2, 2020 21:09 |
|
Klyith posted:lol Apple issuing notarization signatures to the most common piece of mac malware What is even the point of this program?
|
# ? Sep 2, 2020 21:17 |
|
CommieGIR posted:Same, I was gonna take my OSCP this year but then Covid hit and my company is now declining to pay for the test, so I'll wait till next year and keep practicing.
|
# ? Sep 2, 2020 21:34 |
|
Volmarias posted:What is even the point of this program? The idea is that a safety net with some holes is more useful than no safety net at all.
|
# ? Sep 2, 2020 22:46 |
|
Klyith posted:lol Apple issuing notarization signatures to the most common piece of mac malware Are we going to repeat the decade+ debate about "bad people shouldn't be able to get tls certs" but on macos? Certs are only good for identity, they're no good at saying you don't suck. Stop trying to use them for that.
|
# ? Sep 2, 2020 22:53 |
|
Volmarias posted:What is even the point of this program? Could be about safety, but given apple's proclivities and current strategy, my feeling is it's to lay one course of bricks for the future walled garden. Space Gopher posted:The idea is that a safety net with some holes is more useful than no safety net at all. It's true, since at least they can pull the certs quickly. It's funny that apple devotes a whole lot of human manpower to scrutinizing the app store for monetization, but this is an automated system that's trivially taken advantage of. apseudonym posted:Are we going to repeat the decade+ debate about "bad people shouldn't be able to get tls certs" but on macos? Cool, tell apple not to sell it that way. Or even make the signing more like the windows signed drivers system where devs have full independence once they've gotten their identity validated.
|
# ? Sep 2, 2020 23:07 |
|
Klyith posted:
Not sure I'd take window's code signing model as one to be followed
|
# ? Sep 2, 2020 23:11 |
|
Volmarias posted:What is even the point of this program? now they can revoke the cert and the company that pulled the poo poo has divulged a bunch of personal info to get it in the first place
|
# ? Sep 3, 2020 00:21 |
|
BangersInMyKnickers posted:now they can revoke the cert and the company that pulled the poo poo has divulged a bunch of personal info to get it in the first place I somehow get the feeling that they haven't divulged anything that's real, and they'll just pop another one of these up the next day.
|
# ? Sep 3, 2020 01:04 |
|
wyoak posted:OSCP is super fun, I got it a couple years ago and now I've forgotten nearly everything As someone that is taking it now, it got way different. You can't use metasploit metapeter for the test, but nothing stops you from breaking down the ruby code its based on to upload a stack smashing executable you made and manually trigger the exploit. edit: plus you need to broadcast your lab computer's screen to their internal monitoring network because cheating got out of hand apparently.
|
# ? Sep 3, 2020 01:41 |
|
Volmarias posted:I somehow get the feeling that they haven't divulged anything that's real, and they'll just pop another one of these up the next day. They did it within the day, actually!
|
# ? Sep 3, 2020 01:55 |
|
EVIL Gibson posted:As someone that is taking it now, it got way different. You can't use metasploit metapeter for the test, but nothing stops you from breaking down the ruby code its based on to upload a stack smashing executable you made and manually trigger the exploit. You can use meterpreter on one machine in the exam. Once you use it, it's locked to that machine wether the exploit is successful or not. So choose wisely. Imo I'd use it for a windows privesc you're struggling with because that poo poo is obnoxious and msf has a bunch of stuff to make that way easier.
|
# ? Sep 3, 2020 03:32 |
|
|
# ? Apr 26, 2024 20:39 |
|
You don't need meterpreter for anything on the exam. You can use it if you really want, but it's by no means necessary. If you really need it, you goofed
|
# ? Sep 3, 2020 03:36 |