XSS and bypassing an Imperva WAF with JSFuck
It’s has been a little while since I have blogged – Not only has it been bugging me and making me Grumpy, it been bugging my girlfriend as I keep saying “I wanna blog…. instead of looking after the kids etc”…. Well I guess it is a good thing that Grumpy Admin has been busy as it means, Grumpy Admin has a life…. also in the very short period of time lots of exciting things have happened….
The first was the Windows 10 RTM release… nearly 80 million devices are now on the platform… my work computer not being one of them making me very very grumpy!
So I thought I would with the release of CTP 3 for Windows Server 2016 a couple weeks ago I would have a little look and play with Powershell 5.0.
First lets do some research and see what the new features are documented, and just like all seasoned IT professionals. The first hit in Google was this!
Excellent – research done… thank you google! All my questions answered, well kinda… well no but still want to know how the odd shoe ends up in at the side of the road…. how many hitch hikers with only one shoe on must there be…. not knowing this answer makes me Grumpy!
Now lets skim this list and have a look at some of the new Powershell goodness Microsoft have decided to give us! The first thing I notice is, there are two distinct and separate branches of improvements.
First there are all the improvements to DSC and then there improvements and additions to exisiting cmdlets. Which actually help support DSC.
I am going to do the unthinkable and make a prediction, that powershell scripting is about to change not by much but in a way that will make things more readable and easier!
This will be mainly down to version 5 providing support for classes. Powershell prides itself on being object oriented and now with basic class support it is getting there!
So in good old fashion grumpy admin style lets launch in and have a look…
Now can you guess what the very first command will run will be….
it’s a new version of Powershell so lets just do a quick
Then lets do the old faithful command get-help to find out a little more about classes! Are you excited like me???
As mentioned It appears to me that this implementation was to improve the DSC features. It says so right here in the help! Not having to use MOF files directly now… ummmmm.. this could speed up deployments and configurations. I going to skip the DSC stuff for now as I am working some something and really need to dust off my old hardware lab in order to demo it correctly for you!
Back to classes and lets have a quick look at the base language implementation of classes
so just like a function there is now the
and like most class based languages you can have inheritance on these class objects. They use a fruity example… as you can see from their example (use the get-help -example )they defined a fruit class put a function inside it sold() which has a hard coded returned int and then to prove the inheritance features they define a class called apple from fruit and then they create it and call the sold function and get the return value. I make an observation, is there any thing in the fact they use fruit and apple…. normally I would suspect Microsoft Corp lawyers would say don’t use the word apple we might get sued!
Anyway example looks simple and fun o lets cut and paste and see if it actually works, proving that classes are working in Powershell 5.0
Aswell as class, 5.0 brings you the ability to define an enum
so as you can see they have in their example the following
yellow = [Color]::Blue
They do point out that it can’t be a dynamic value. Again this could be quite useful and I am excited to see the usages in scripts in the future….
They also provide a way of hiding and protecting methods and members by using the new
Which does exactly what it says in the verb! I haven’t seen any constructor or destructor implementations maybe that will come in the future or might be in there and I not digged around enough. They give a detailed HTML and CSS class example at the end of help – This is a great example and usage scenario. In summary I think classes are going to be a very welcome and great development
So what else is there in this new shiny Powershell 5.0 – well quite a few things… I won’t cover everything… just some of the stuff I read and thought… neat!
I often get content back as a string, and you have to do stuff with it! Now we have a neat little cmdlet.
As is the Grumpy Admin way lets do a quick get-help and then lets do a -example on that!
Excellent – again, works as expected. I think this might be very useful a wonderful simple addition to make life just a little easier!
let’s again do my normal routine of throwing it through the get-help!
WHAT!!!! no helpfile yet! grrr this so cutting edge there no help! Nevermind I expect there will be more detailed information. I could experiment, do a get-member but I want to explore and lets move on to what else there is available!
hello there – where you been hiding… a simple addition that adds in zip support to powershell… I think it is limited to zip’s. I expect I will have a full play another day 🙂
Right so let me import the module and show the commands and then do a get-help example
Another announcement is the “oneget” is being renamed to the Package Management I have covered oneget in a prior post and I am sure there will be more posts using the package manager! So watch this space!.
Another little tweak and improvement that brought this Grumpy Admin to a smile is the fact that new-item now supports the -itemtype of Symboliclink. I before had to drop down into .net to create a symboliclink programmatically to solve a problem. Now I can do it one line! ACE! Grumpy Admin is lazy!
The notes and that MSDN blog also state that the copy-item cmdlet has been improved to allow you to copy between Powershell sessions. This is great and will really help out. Think of your powershell Malware being able to copy files via PSession.. could be great maybe… but then a Windows 2016 feature is malware protection at the powershell level… will it catch it… a great area of research perhaps for them Malware fan boys.
My gut feeling is as well as what the blog says all these minor improvements in fluidity of file transfers etc. Supporting SSH (expected soon before RTM) and the likes and copy-item over sessions is all in the aid of “Management of Nano Servers”. Windows Nano is going to change Windows Server administration and the lives of Administrators…
This again is a another example of a minor tweak that is actually very powerful. Basic blocks that when put to smart usage can make life so much easier for us!
The blog also says there are some improvements to the transcript features of powershell. These can also be controlled via group policy 🙂 This is worth checking out, I love my transcripts, seeing all the dumb ass mistakes I make daily on the cmdline! Transcripts are now global, so if something runs a powershell command or script block, it will get logged!
Just for you guys, as Grumpy Admin is nice, screenshots from win2k12 and now the win2k16 gpo screenshots 🙂 More options can only be a good thing, more to remember to configure… 🙂
Now – I love tech and I love to feel like a geek. So when you can do stuff like this
gc .\write.exe |format-hex
You can feel uber geeky – A great quick command to run this when high-level management come around looking at your screen and you need to look busy doing something technical so you can’t be spammed with shit… it looks complicated so must be earning your wage right! But on the serious side, converting things to hex . this could be very useful in helping to make powershell a platform for forensics types. There are bound to be some great usages out there. They wouldn’t include if there wasn’t demand!
Another small but useful addition to Powershell is some new cmdlets like these two!
Also a long time feature of Windows finally gets some Powershell love… you can now empty your recycle bin via Powershell! Simple but has it’s place I guess!
Powershell syntax is now colour coded and highlighted just like when you in the ISE! This is for me is simple wonderful, makes this grumpy admin less grumpy and helps spots syntax errors that I make very quickly… as I type like a 4 year old monkey!
The improvements go a lot deeper than colour, with the PSReadlinekeyhandler but I really want to do a whole post on that subject as I really like it and think it is neat and useful!
There are other features and enhancements and tweaks as with every major release, I skipped quite a few I expect. However, I expect I will touch upon them at some point in the future. I mentioned that I skipped the DSC stuff, as this deserves it’s own special blog post in the near future!
With the upcoming release of Server 2016 and Nano server and with Windows 10 on all them devices the direction Microsoft is going is actually exciting.
Oh and another feature I should quickly point out is the support for multiple versions of modules.