Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "probably all of the monitoring shit"
-
My work computer is so fucking laggy that even simple typing is often infuriating, and sometimes bloody impossible.
My input gets garbled, or it takes so long that I finish typing and have to wait for it to show up. And sometimes. Sometimes it’s just. I don’t have words. I just typed “merchants”, saw a giant spam of “eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee[...]” and then saw it replaced with “etsmhcaern”. What. The. 🦆.15 -
Alrighty, saturday morning rant time!
I just recieved a mail from one of my not-so-much-loved colleagues.
Now Background first: I work in IT-Support. We provide services for other companies. One of those services is monitoring servers and clients for various things. I recently took over the project (was assigned to do it) and restructured everything, wrote new scripts to test more stuff, successfully tested it internally and rolled it out over the last 2 weeks.
Now one of these scripts hooks into the Windows Update API and looks at the update history. It filters for known Windows Update Agent strings (UpdateOrchestrator, AutomaticUpdates and AutomaticUpdatesWuApp in case you also want to do something like this) and then looks for installation errors over the last 24 hours and wherever there have even been any successful updates over the last one and a half months.
Back to that mail.
My colleague sent me this lovely mail about a ticket i opened about his customers servers beeing all out-of-date on updates.
"This is all wrong, everything's fine. I disabled the checks."
...
It's on bitch.
So i logged on to my work PC via TeamViewer, opened my script, connected to the customer and was ready to debug the shit out of my script, knowing i probably won't even need to.
I looked at the update history via Windows Update itself and behold: 1st April. That's almost 50 days in the past.
So the script works, go figure.
Great, so search for new Updates then.
>None found.
Hm. What could it be? Did my super special colleague forget to care about his very special totally-needs-WSUS-customer WSUS again?
Yup.
Online-Search finds a ton of new Updates.
Screenshot, write pissed mail to colleague, re-enable checks, breakfast.1 -
Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!
System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.
Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.
Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.
That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.
We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.
Hella excited about this!
If you guys have any suggestions let us know. We are utter noobs when it comes to this.6