XSS and bypassing an Imperva WAF with JSFuck
Happy Monday fellow administrators,
Well the weather has taken a turn for the worse, but that doesn’t stop twitter! And bored administrators who don’t really want to do any work! I follow quite a few PowerShell type people on twitter and spot lots of cool stuff often I bookmark something and say hey that will be neat I want to play with that or that method saves me hassle or solves a problem I been working on.
Overall, Twitter is becoming a great way for me to stay current and expand my horizon when it come to PowerShell and Windows and tech in general. Catching up with all the tweets this weekend, this one made me stop, re-tweet and go yeah that is cool and I actually decided to have a quick play!
A PowerShell module for Microsoft cognitive services! Exciting, let’s put Microsoft Machine Learning API and stuff to the test!
here the link to the guys blog – I will be following his blog from now on! Mr Prateek Singh is great, how i haven’t come across him before I don’t know… Here his link and his blog! Worth checking out!!!!
I thought this was just fab! Especially using the facial and age recognition stuff. I don’t have much time, my work avoidance schemes can only work for so long on a Monday Morning! This makes me grumpy!
So I had to have a play – I can’t think of a usage case right now but meh Something will come up right!
So Let’s install the module, The project is hosted on the default repository so install-module will find it and install it. I just love it when stuff is simple!
install-module -name ProjectOxford
Grumpy Admin cares about security, but sometime he can’t be bothered and doesn’t care, so will install it directly from the repository without code review… lets just hit yes to the security warning…. THIS IS BAD! But hey ho! It’s a Monday what the worse that could happen… Enterprise admin rights for my company sneak out on the web to a bad actor….
and now let’s have a look, at what this gives us! Using our
get-command -module ProjectOxford
Now the blog post is great, it shows examples of how to use every cmdlet, so it well worth a full and detailed read…
As with any good PowerShell module, you can do a quick get-help get-sentiment 🙂 Very useful, as it clearly says we need to be subscripted to the API services. It even gives you the URL.
My first attempt at signing up failed, and I had to move to using the Edge Microsoft browser which worked first time. Once I done this, as you can see there are lots of API’s, so I just ticked all the boxes accepted the EULA and accept.
You have to click the show key to reveal the key! As you can see there are limits to the number of limits, either rate or transaction, I am sure if you build a commercial application you can buy additional requests and transactions. At the end of the day, companies never really do anything for free!
Now we have our key, we need to install it in memory for the script to access
The blog post, recommends to include this in your $profile… which isn’t a bad call tbh! But I am lazy so won’t this is just a quick play to take my mind off my massive to do list!
I overheard the a team member who was using instant message chat, say the following and I jumped on this as way of testing the get-sentiment cmdlet! I think it is clear that this is a negative sentiment statement.
“I asked you to transfer me to them at the very BEGINNING of this chat”
so test the cmdlet just to see how it responds
get-sentiment -string “I asked you to transfer me to them at the very BEGINNING of this chat"
Odd it’s positive, so that a failure in my mind!
Let’s tweak our statement so it’s more clear, from tone that it should result in a negative, by adding an exclamation mark!
get-sentiment -string “I hate you”
get-sentiment -string “I love you“
So we know it sort of works… let me go back to my original string and put it to the extreme.
Right well, this was fun, while is an indication of sentiment, it still doesn’t feel right, I got a more positive score when I started the sentence with “fuck you”.
Perhaps the next API should be get-sarcasm