Testing for impact of Infineon's vulnerable RSA generation (CVE-2017-15361)

A security vulnerability exists in the firmware of certain Infineon Trusted Platform Module (TPM) chipsets. The vulnerability weakens key strength. It is weakened so much that it is possible to derive the private key from the public key for RSA key pairs of up to 2048-bit.
This page contains a number of manners in which you can verify whether your computer contains an affected Infineon TPM chip that generates vulnerable RSA key pairs.

Tags: 

How to run the WSUS Server Cleanup Wizard from command-line

When running the WSUS Server Cleanup Wizard from the MMC snap-in, it can occur that you receive the following WSUS database error:

Error: Database Error
An error occurred when trying to perform a database operation. This can happen if the database is very busy, if the database service is stopped, if the connection to the database is lost, of if the Post-Installation task is not completed successfully. Please contact your system administrator if the problem persists.

Click Reset Server Node to try to connect to the server again.

Tags: 

Scanning for CVE-2017-0143 (EternalBlue) using nmap (MS17-010)

With both WannaCry and NotPetya using MS17-010 for propagation it is important to be able to detect servers which are vulnerable.
This vulnerability has been assigned CVE-ID CVE-2017-0143. The vulnerability is also often nicknamed EternalBlue.
This page explains how you can scan for it from a Windows machine using nmap.

Tags: 

Scanning for CVE-2017-5638 using nmap

On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a crafted Content-Type header value.
This vulnerability has been assigned CVE-ID CVE-2017-5638.
This page explains how you can scan for it from a Windows machine using nmap.

Tags: 

How to allow a normal user to start, stop, and pauze/continue a Windows service

By default, starting and stopping Windows services are tasks that can only be performed by administrators. There are cases where you want regular users to be able to start or stop services. This can be easily accomplished using the subinacl.exe command-line tool.

This is the subinacl.exe syntax of how you can allow a normal user to start, stop, and pauze/continue a service.

Tags: 

How to list hidden shares remotely

When sharing Windows folders on the network, it is possible to hide the shared folder from the list of shares. This can be done by adding a $-sign to the end of a share name.
It is important to mention that this does not really hide such shares from the network. If you ask a Windows machines for a list of its shares, then it reports all shares, including those with a $-sign. It are then the clients who filter out all shares that end in a dollar-sign.

So how can you get a list of all the hidden shares on a server?

Tags: 

Anatomy of the SQL injection in Drupal’s database comment filtering system SA-CORE-2015-003

In the Drupal security advisory that was released on August 19th, 2015 Drupal’s security team announced that it solved an SQL injection vulnerability in the Drupal database API.


The security advisory contained the following description of the SQL injection vulnerability:

A vulnerability was found in the SQL comment filtering system which could allow a user with elevated permissions to inject malicious code in SQL comments.


Tags: 

ICACLS command line options


ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
    stores the DACLs for the files and folders that match the name
    into aclfile for later use with /restore. Note that SACLs,
    owner, or integrity labels are not saved.

ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile
                 [/C] [/L] [/Q]
    applies the stored DACLs to files in directory.

Tags: 

Pages

Subscribe to Vanstechelman.eu RSS