Wagtail XSS + LocalStorage = Account Hijack
Every now and then I like to do a little bit of bug hunting in
Grumpy Admin here (again),
Doesn’t it make you grumpy, that you write a blog post, then directly after you publish it you actually find a better way of doing something you mention in the blog post.
Well we all learn stuff don’t we… Finding a better way of doing stuff is what this always about!
Little did I know that in WMF 5.0 which is installed in Windows 10 and Server 2016 etc, Microsoft now support the copying of files over a session.
https://blogs.technet.microsoft.com/poshchap/2015/10/30/copy-to-or-from-a-powershell-session/
So I can create a session variable
like this
$session = new-pssession -computername nano01 -credential (get-credentials)
and then I can simple supply the session as part of the destination
copy-item .\nano01 -destination "c:\temp" -ToSession $session
How much simpler is that, than all that messing around, with file shares, and firewalls and stuff – Goes to show, Grumpy Admin learns new stuff all the time as well!
So here are some screenshots on how to improve my method of domain joining a nano server!
Simple
Hazzy