Monthly Archives: September 2010

Blog wrap-up for September 2010

Last record to first:

The report of my first reported vulnerability

The CLI nostalgic series continues (Driverquery, fc, find)

The CLI nostalgic series continues (clip, color, comp)

Yeah. MS issued MS Chrome Winking smile

The start of CLI Series. Nostalgia begins here Smile

MS CTA and discounts for MS Partners’ employees

Viruses go x64. Beware!

Call me if you want, I’m on my phone if I’m online

Advertisements

Vulnerability in VMWare Workstation installer. Not a 0-day anymore.

The only reason for mentioning the vulnerability is… Bragging. Yes, I’m going to brag about the first vulnerability I had discovered and reported before the CVE was issued =) I found several vulnerabilities earlier, but all of them already had a CVE published, so it was useless.

The vulnerability in VMWare Workstation and Player installer allowed criminal to launch any code you may embed into a .htm page. Well, the page must be placed in the same directory where the installer is placed and it will shoot your computer only if you are installing the new version, but, hey, it’s my firstling and my work is not to look for those! =)

What it looked like before version 7.1.2:

1) If we have a folder where there is an index.htm file and, say, VMWare Workstation 7.1.1 file

image

2) and run our installation, then, after elevation prompt all of a sudden:

image

What the heck is this???!!! Well, this is what our malicious .htm file does. Of course, no one is going to click the link if it looks like this (and with such a text), though… Well, that’s another story. Nevertheless, if we will succeed in putting into that file some script or will make the page look like installer window and place some link in it… Then our malicious file will be executed with elevated privileges.

Very narrow attack vector, of course, but still I’m glad it is closed now.

P.S. Of course bragging is not the only reason to write about this topic: finding the issue gave me two more ideas for discussion, so consider this article as an introductory one.

Old good command line #2…

Let’s continue overview of what was found by me in command line tools.

  • driverquery. List drivers, installed into your system with various information about them. For example, we can obtain information about signed drivers:

image

May be handy in case of some drivers problems.

  • fc. Whoa, kind of déjà vu… Haven’t we such a command described in the previous issue of “old good command line”? Isn’t it the same as “comp command”? Well, not exactly. While “comp” compares byte-by-byte, this command has some different options and is more powerful in some cases. It can compare in ASCII mode, be case-sensitive or insensitive and so on and so forth. By default the command outputs lines which are different between the files being compared:

image

It should even be able to synchronize files, if they are different, but I failed to do that =)

  • find. Well… It should be named BING: But It Is Not Grep. Still, it is powerful enough to be useful.

image

That is all for today, we’ll continue Winking smile

Old good command line…

You know what? What struck me after I had written the post about cmdkey is that while reading about cmdkey’s syntax, I saw many commands which… Well, it’s a shame but I didn’t know them. Really. Though I still remember what did “expand” word in DOS I can’t tell you what does “comp” or “clip”. Actually, I couldn’t, because I’ve done some research and in this message I’ll tell you about some command which seem to be interesting to me. Of course there are many commands, which either deprecated (break), or cannot be used directly from a script or in CLI (autochk, call), nevertheless, there are some commands which may be useful in a day to day life of a system administrator. Here they are (these are just those which have interested me or look fun, so I could omitted some interesting for you or include some rubbish, you know):

  • clip. Sometimes we just need to put results of a command or a program run-time into clipboard and being pasted into email, IM windows or somewhere else. Just copied somewhere and get rid of it. What I usually do is:

image

Open file.txt with notepad:

image[30]

and copy/paste it. Now I can do just

image

and what I have in my clipboard is:

I’m thinking
40% done…

No more creatingFile-openingFile-selectingAllInTheFile—copying-pasting-closingTheFile-deletingTheFile. It was too boring, now it is much quicker, I guess.

  • color. Just for fun make your CLI look like Norton Commander

image

turn it back to normal

image

  • comp. Suddenly: very powerful command. Compares files byte-by-byte. If, for instance, we have two files:

image

and

image

and run the command:

comp file.txt file2.txt /a

 

we’ll receive the following:

image

Isn’t it cute useful?

The next chunk of utilities overview is to follow…

IE 9 Beta starts

imageYeah, we are receiving it. Come to http://www.beautyoftheweb.com/invite on the 15th of September (UPD: the download links are already accessible) to get more info about it, to download it and try it any way you want. The brief and not very full list of what’s new:

– HTML5 support

– Faster than previous

– Many improvements in CSS and HTML compatibility

– And more and more and more… Enjoy! =)

Utilities: cmdkey

imageWe use credentials to surf the Internet, access resources on an intranet and our home network may require them too. Managing them may be easy or hard, secure or not, but many people consider saving credentials locally good enough comparing to having enter them every time. Another situation when we save a credentials is by mistake. Anyway, sometimes we just need to assess what saved info we are having or automate adding and deleting those. In windows 7 we can solve the task partially accessing Windows Vault:

 

Vault

but it is unavailable in more earlier OSs like Vista, it is unavailable (at least directly) in server OSs at all and it cannot be automated. And this is where we move to the utility of the day: cmdkey. Reading on the link above will tell you about the syntax, so I will just show you a couple of examples.

This is how looks credential storage for a “newborn” user:

image

Let us add a credential for user “user” in domain “domain2” to access server “server” in domain “domain1”:

image

And this is how it looks now:

image

And now we can delete it if it is not needed anymore:

image

This utility may be handy not only in cases I described above, but in some not obviously connected with it (look at an example here, question about DFS path), so keep it in mind.

Certification News

Just news, briefly:

  1. New certification program for students and newbies without IT experience just started. You already can pass several exams to become MS Certified Technology Associate. More info in the program site. Brilliant way to start your certified life, I think Smile
  2. Another freebies… Well, almost. MS gives discount up to 30% on certification exams for employees of companies which are MS partners. And, though you are to by the exams wholesale, those who work for MS partners know that you are sometimes to pass them wholesale too, so enjoy. Details.