How to allow a normal user to start, stop, and pauze/continue a Windows service

By default, starting and stopping Windows services are tasks that can only be performed by administrators. There are cases where you want regular users to be able to start or stop services. This can be easily accomplished using the subinacl.exe command-line tool.

This is the subinacl.exe syntax of how you can allow a normal user to start, stop, and pauze/continue a service.


How to list hidden shares remotely

When sharing Windows folders on the network, it is possible to hide the shared folder from the list of shares. This can be done by adding a $-sign to the end of a share name.
It is important to mention that this does not really hide such shares from the network. If you ask a Windows machines for a list of its shares, then it reports all shares, including those with a $-sign. It are then the clients who filter out all shares that end in a dollar-sign.

So how can you get a list of all the hidden shares on a server?


Anatomy of the SQL injection in Drupal’s database comment filtering system SA-CORE-2015-003

In the Drupal security advisory that was released on August 19th, 2015 Drupal’s security team announced that it solved an SQL injection vulnerability in the Drupal database API.

The security advisory contained the following description of the SQL injection vulnerability:

A vulnerability was found in the SQL comment filtering system which could allow a user with elevated permissions to inject malicious code in SQL comments.


ICACLS command line options

ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
    stores the DACLs for the files and folders that match the name
    into aclfile for later use with /restore. Note that SACLs,
    owner, or integrity labels are not saved.

ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile
                 [/C] [/L] [/Q]
    applies the stored DACLs to files in directory.


Remove whitelisted events from Splunk search results

Splunk is a great tool to monitor and review many different kinds of log files. In some cases it can occur that you want to be alerted of specific types of events, but only for occurrences of the events that are not defined in an exceptions whitelist. For example: you may want to be alerted of all logons to your server by users who are not IT employees. While it is possible to enumerate all exceptions in the search query, this article shows how this can be done by storing all exceptions in a CSV-file. 


Importing vbscript code at runtime

Many script languages have an import function that allows to import and execute code that is stored in another file. Microsoft's vbscript however is lacking such functionality. This page shows how it can be accomplished to import and execute vbscript code that is stored in another file.

Assume that you have the following file with some functions that you have defined:


Scan for FREAK using nmap

Not everyone is vulnerable to the potential attack vector that researchers from INRIA, a French research institute, and Microsoft disclosed recently. In order to be vulnerable, the computer or server must support a class of deliberately weak export cipher suites. Support for these weak algorithms has remained in many implementations, however they are typically disabled by default. Nevertheless, the researchers discovered that several implementations incorrectly allow the message sequence of export ciphersuites to be used even if a non-export ciphersuite was nogotiated.



Subscribe to RSS