penetration testing is a small hobby of mine, so I don't have a lot of experienced doing it. Keep that in mind when answering please.
I recently came across a network, where access to the C drive was blocked, so you couldn't access it by typing a path into Windows file manager, but there are some shortcuts on the desktop (which are the same and unchangeable for every standard user like me on the network), eg Photoshop, which if you do view file location on, you get into the C drive, and can navigate wherever you want. This made me think that that file viewer, which has access to the C drive has something special about it, and that I might be able to use it for some sort of privilege escalation, but being an amateur, I don't know if I'm correct, and I wouldn't be able to capitalise on it even if I was correct.
If someone could explain this to me, I would highly appreciate that. P.S.: the programming language I know best is python, and I have experience in using Kali Linux (I have a live bootable USB)
Related
So I'll be honest right up front. I know what the end product I need is, but I'm not 100% sure how to get there. Please read on so I can fully explain my situation and also some ideas I tried. I was torn between whether I should send this to a gaming form or to here. Considering that this is more "backend" related tho I opted to send it here.
So here's my dilemma. I'm not gonna bother explaining why because it isn't necessary, but essentially, I'm a sys admin for a minecraft server. We work on extremely high quality productions generally including custom coded systems and resourcepacks. One of the biggest problems we have is other individuals coming on to our networks and looking through our resourcepacks (which, if you aren't familiar, resourcepacks are sent from the server to the client as a .zip)
So essentially a individual from, say, a rivaling network comes onto ours and will snoop around our resourcepacks and uncover cool techniques or technologies that we develop. Only for us to later see those technologies implemented elsewhere!
A number of days ago I stumbled across a network which actually have managed to encrypt their resourcepacks so that it's not possible to snoop around them (via extracting them. Remember, these are archive files). When you try to extract or make any other changes to the archive, it will return a 80004005 error which I've come to learn is related to operating system permissions.
So here's what I'm looking for:
How can I encrypt a ResourcePack, or rather, an archive (specifically a .zip) but still have it be readable by Minecraft?
It's that second half which has stumped me.
I've already been able to encrypt a resourcepack myself (using WinZip) which recreated the 80004005 error as well as expected results (like not being able to copy files from inside of the archive for example.) However, obviously because the file is encrypted, there isn't any way for minecraft to read it!
And since the original network's file is encrypted (which I did reach out to them to see if they'll talk to me about how they implemented this feature) there's no way that I know of to reverse engineer the encrypted archive to figure out what method they used.
To reiterate, I have no interest in obtaining the contents of this other network's resourcepack. Rather I'm only interested in figuring out how to be able to encrypt/lock my own network's resourcepacks so that other's can't access it, but Minecraft can.
I'm already well aware that this question is outside of the realm of what we normally see on this website. I'm seriously taking shots in the dark to figure this cool technology out since file encryption and system permissions stuff is not exactly down my alley.
Like I said, 0 confidence on this topic, hopefully I gave enough details for you to help me out!
Even if you may not know much about Minecraft as a game. But have insight into how programs might be able to access an encrypted file while users can't (specific protocols to look into maybe?) I'm hoping I can get at least enough information to piece together the answer I need! Thank you again for your help!
This is completely impossible. In this case, not only do you have the standard reasons that effective DRM is impossible, but also that Minecraft only knows how to open completely normal .zip files. As for this:
A number of days ago I stumbled across a network which actually have managed to encrypt their resourcepacks so that it's not possible to snoop around them (via extracting them. Remember, these are archive files). When you try to extract or make any other changes to the archive, it will return a 80004005 error which I've come to learn is related to operating system permissions.
You've misunderstood what's going on here somehow. They didn't encrypt anything. If you post a new question (probably on a sister site and not this one) with the details of exactly how to get that .zip and the steps you followed, someone will be able to explain the real reason why you couldn't extract it at first.
On Windows, I've used NEWT in the past, but it's difficult to use, not current (but I can find old copies on non-MS sites), and difficult though possible to degrade just the app's view of the network without messing up everything else on the machine like the VPN connection and NAS volumes.
On Mac, the Network Link Conditioner that is available with Xcode is far too limited and in particular doesn't model bursts, which is my current immediate interest.
I'm also interested in Windows programs running in a VMware VM, and that's already going through an emulated network connector. I wonder if that can be made to do the traffic shaping?
In summary, can someone suggest a tool that I ought to be using for this?
I guess http://henrydu.com/blog/how-to/simulate-a-slow-link-by-linux-bridge-123.html should work on your mac. It uses traffic control with ifconfig, something you might want to google for.
I would like to develop a Network Inventory application that works on any operating system.
Reports on every possible resource attacehd to a network.
Reports all pertinent details of hardware and software.
Thats (and i hate to use the phrase) my "End Game".
However I am running before i can crawl here.
I have no experience of this type of development, e.g. discovering a computers hardware and software settings.
I've spent almost two weeks googling and come up short! :-(.
So I am turning to you to ask these questions:-
My first step is to find an existing open source project i can incorporate into my own code that extracts the fine grained details i am after, e.g. EVERYTHING there is to know about the hardaware and software on a single machine.
Does this project exist? or do i have to develop that first?
Have i got to write all this in C?
I am guessing getting this information about a computer is going to be easier than for printers, scanners, routers etc... e.g. everything else you would find attached to a network.
Once i have access to a single computers details i then need to investigate how i can traverse an entire newtork of printers, scanners, routers, load balancers, switches, firewalls, workstations, servers, storeage devices, laptops, monitors, the list goes on and on
One problem i have is i dont have a 1000 machine newtork to play on!
Is there any such resource available on theinternet? (is that a silly question?)
Anywho, if you dont ask you wont find out!
One aspect iam really looking forward to finding out how to travers the entire network,
should i be using TCP/IP for this?
Whats a good site, blog, usergorup, book for TCP/IP development?
How do i go about getting through firewalls?
How many questions can i ask in one go? :-)
My previous question on this topic ended up with PYTHON being championed as the language/script to go with to develop this application in.
Having looked at a few PYTHON examples they all seemed to be related to WINDOWS networks
and interrogating Windows Management Instrumentation (WMI). I had the feeling you cant rely on whats in WMI, and even if you can that s no good for UNIX netwrks.
Surely there exist common code for extracting hardware and software details from a computer? Why cant i find it on the internet?
Pease help?
Theres no prizes though :-(
Thanks in advance
I would like to appologise if i have broken forum rules or not tried hard enough on my own before asking for assistance.
I just would like to start moving forward with this as its one of the best projects i have been involved with.
I am inspired by the many differnt number of challenges involved and that if i manage to produce a useful application at the end of it it would hopefully be extremely helpful to many people.
That sit
Thanks in advance
DD
as a software vendor of a discovery solution, I can just say: Respect, that you want to start a new one :-). Just in case you are interested in what it could look like: http://www.jdisc.com
Now to some of our experience:
Programming Language:
I wouldn't write it in C. Use Java or .NET. Those languages have great advantages when it comes to tracking down errors or problems. For instance, in Java (and I guess also in .NET), you can see the stack trace when something is failing. For some pieces of code (e.g. WMI access), you might need to use C++ or C (e.g. access to native APIs from Microsoft). Use a native interface or a COM bridge from Java. In .NET, it should even be easier to access the Windows APIs).
Devices:
well, network printers, router, and switches are actually easier to discover. They usually expose their information via SNMP. SNMP is pretty easy to use and pretty robust. Getting information from Windows (or even Unix) systems is a bit trickier. Protocols can be blocked, misconfigured, messed up... We had cases, where WMI was simply hanging when requesting data from a remote device.
Test Devices:
Since we are also a smaller company, we also do not have 1000 different devices to test with. But, there are some things that might help:
a) For SNMP devices use a SNMP simulator. We use MIMIC 9.0 from Gambit Solutions and we are pretty happy with it. You can import SNMP walks from network devices and simulate the device as if it would be in your network.
b) Secondly, use virtualization whenever possible. With VMware, you can install Windows, Linux, or even Solaris. We also use a project called GNS3 to emulate Cisco Routers, Firewalls or Juniper routers.
c)You can test the rest of the devices only, if you have a customer that helps you with testing and implementing new devices.
This are just some ideas to start with. But I have to tell you, that it is not trivial and it takes a lot of time....
Hope that you got some ideas to start with...
I don't know that it's open source, but we use Spiceworks (http://www.spiceworks.com) here as an IT management platform. You may get some use out of exploring that.
Our company is using some software that ONLY accepts input from an "Imaging Device" i.e. a TWAIN device (e.g. scanner).
The problem is that we are receiving our files digitally, so using an actual scanner would require us to print, scan, and shred documents that we already have on the computer, but not in the software.
I was curious if anybody has any idea of how we might be able to work around this problem in the meantime. My first thought was to find some way to trick the program into thinking we're using a scanner, via some new 'imaging device' that would just read in the file, and spit it out to the software, but I don't even know where to begin with that.
We put in a feature request, seeing as how this problem should obviously be addressed in the software itself, but the company is notorious for lagging pretty hard when it comes to updates.
The system used by scanners is called TWAIN, so you'd be looking for some sort of virtual twain driver.
A quick google search will produce several hits, I don't have any experience with the software myself so can't advise any further.
Two such providers I found via experts exchange:
http://www.twaintools.de
http://www.scanpoint-usa.com
OK, months late... but in case you are interested, I have a TWAIN driver framework/toolkit that might let you build this fairly easily, depending on just what your scanning app expects, and how hard it is to read images from your digital documents. It's a Microsoft Visual C++ project. No charge but you'd need our permission to redistribute a driver based on it: GenDS
The TWAIN Working Group also has a sample/skeleton driver, I think it's straight C - and used to have some rather bad bugs (Why I wrote mine ;-) but, it might have got better.
Look for the "sample data source and application" on their download page.
And of course I have a 'commercial' version of GenDS that I use to write TWAIN drivers on contract.
I'm planning on doing more coding from home but in order to do so, I need to be able to edit files on a Samba drive on our dev server. The problem I've run into with several editors is that the network latency causes the editor to lock up for long periods of time (Eclipse, TextMate). Some editors cope with this a lot better than others, but are there any file system or other tweaks I can make to minimize the impact of lag?
A few additional points:
There's a policy against having company data on personal machines, so I'd like to avoid checking out the code locally.
The mount is over a PPTP VPN connection.
Mounting to Linux or OS X client
Use a source control system — Subversion, Perforce, Git, Mercurial, Bazaar, etc. — so you're never editing code on a shared server. Instead you should be editing a local work area and committing changes to a repository located on the network.
Also, convince your company to adapt their policy such that company code is allowed on personal machines if it's on an encrypted volume. Encrypted disk images that you can use for this are trivial to create using Disk Utility, and can use strong cryptography. You can get even more security by not storing your encryption passphrase in your keychain, and instead typing it every time you mount the encrypted volume; this means that even if your local user account is compromised, as long as you don't have the volume mounted, nobody else will be able to mount it.
I did this all the time when I was consulting and none of my clients — some of whom had similar rules about company code — ever had a problem with it once I explained how things worked. (I think some of them even started using encrypted disk images even within their offices.)
Remate plugin simply disables this dreadful refresh-on-focus feature.
Download, unpack, doubleclick and choose "Disable Refresh on Regaining Focus" from "Window" menu (you can refresh manually by right-clicking project in drawer). Voila!
If you are accessing the data from your personal computer, it is in your RAM, so we will assume that you just can't store it on your hard drive, floppy, USB stick, etc.
Your solution is a RAM drive. Copy the files you need to edit there using whatever method you prefer (I would suggest source control) and then you can edit them without lag. When you are done commit them back to the server.
As was pointed out your editor may be caching changes to your temp directory, or maybe even your swap file (if it is in memory, then it can get swapped out). The solution to that is get a much larger RAM drive and run a Virtual Machine in the RAM drive. Not sure what OS you are running, but you can get a pretty slim install of most OS's if all you are doing is editing source code.
If you don't have enough RAM, then get a Gigabyte i-RAM solid state drive and remove the battery, that way it will lose everything when you power down.
Set your VMWare to not allow the OS to swap any of the virtual machine. Keep a baseline VM on your hard drive and copy it to your RAM drive before booting it up. Then you can use the hard drive in the VM like a hard drive, even though it is RAM.
Might be a good idea to run a secure erase on your RAM drive before powering down. Also keep in mind that they have found if you super cool a RAM chip before removing it from a functioning computer, and place it in a new computer quick enough, the data may still be intact.
I guess it all comes down to how detailed that policy is, and how it is interpreted.
Good luck!
Short answer: you can do no trick. CIFS is really geared towards LAN with a reasonably calm trafic, so you have zero chance to not suffer intermittent lag accessing a share through a VPN. The editor at some point needs to access the file in blocking IO, because it makes no real sense to do otherwise.
You could switch editor and use Emacs + TRAMP which is geared to work on remote files.