http://www.packet-broker.co.za/blog/ Ramblings from The ZA Packet-Broker en Serendipity 1.5.5 - http://www.s9y.org/ Tue, 22 Feb 2011 09:17:00 GMT http://www.packet-broker.co.za/blog/templates/default/img/s9y_banner_small.png http://www.packet-broker.co.za/blog/ 100 21 http://www.packet-broker.co.za/blog/archives/14/Mimicking-Command-Prompt-with-a-Batch-Script.html Code Snippets http://www.packet-broker.co.za/blog/archives/14/Mimicking-Command-Prompt-with-a-Batch-Script.html#comments http://www.packet-broker.co.za/blog/wfwcomment.php?cid=14 0 http://www.packet-broker.co.za/blog/rss.php?version=2.0&type=comments&cid=14 nospam@example.com (Junaid Loonat) Without a doubt, <a href="http://en.wikipedia.org/wiki/Kiosk_software" title="Kiosk Software">kiosk hacking</a> assessments have the simplest objective... <em>Gain command execution!</em><br /> <br /> During one of my engagements, I was provided with locked-down desktop that had most/all functionality disabled.<br /> The user account, of course, was unprivileged.<br /> <br /> The system administrators blacklisted <em>cmd.exe</em> (Command Prompt) but did not prevent the use of batch scripts.<br /> So although I was unable to work within a command prompt session, I could still run batch scripts to execute commands.<br /> <br /> [side note: When locking-down, always opt for whitelisting applications rather than blacklisting]<br /> <br /> Instead of constantly modifying-and-running batch scripts, I threw together some quick+dirty batch-fu to mimic a command prompt:<br /> <blockquote>@echo off<br /> :getcmd<br /> set /P CMDIN=Cmd: %=%<br /> %CMDIN%<br /> goto getcmd</blockquote><br /> I'm sure it's been done before, but I'm positive that writing the above script was faster than google'ing for an existing implementation.<br /> For brownie points, which application / tool does the "Cmd:" prompt most resemble?<br /> Tue, 22 Feb 2011 10:18:38 +0200 http://www.packet-broker.co.za/blog/archives/14/guid.html http://www.packet-broker.co.za/blog/archives/1/Creating-a-Proxy-Shim-DLL.html Code Snippets http://www.packet-broker.co.za/blog/archives/1/Creating-a-Proxy-Shim-DLL.html#comments http://www.packet-broker.co.za/blog/wfwcomment.php?cid=1 0 http://www.packet-broker.co.za/blog/rss.php?version=2.0&type=comments&cid=1 nospam@example.com (Junaid Loonat) A while back I found the need for a Win32 shim DLL, so I took the opportunity to create a quick hack-up.<br /> Shim DLLs are normally used to extend or alter the functionality offered by a regular DLL.<br /> In my case, I just wanted to observe the data being transmitted from an application to its crypto / hashing library.<br /> So we start with an application we'll call SecProggie and its respective hashing library, SecLibbie.<br /> <br /> Now SecLibbie is exporting a few methods but none of them are decorated.<br /> As such, we don't know what argument combination the methods are expecting, unless I take a look at the library's ASM.<br /> I'm avoiding that because I wasnt something I can reuse again later. <br /><a href="http://www.packet-broker.co.za/blog/archives/1/Creating-a-Proxy-Shim-DLL.html#extended">Continue reading "Creating a Proxy / Shim DLL"</a> Sat, 20 Jun 2009 07:31:00 +0200 http://www.packet-broker.co.za/blog/archives/1/guid.html