XSS and bypassing an Imperva WAF with JSFuck
Does it not get your goat, that they released a game called “goat simulator!” It is really odd, and is just…. meh! Where the hell did that come from? Well that was an odd start to the day, did someone spike my coffee????
It often makes me grumpy that I don’t really have time in my day, or at home (dam you Netflix’s!) to get to grips with new versions of software fast enough. So I thought I would have a quick sneak peak here at the new Windows Management Framework 5.0.
Inside of this 5.0 feature set, there are some great and amazing upgrade to PowerShell which actually have me really excited, and really shows the direction that they are taking! Now I am going to do this blog as I go. I haven’t touched this before I started blogging so it’s a document of my learning experience and what I can see. This might work or it might not…
Firstly, as you are aware if you read my blog, grumpy admin’s work machine is a WIN7 client. They won’t let me upgrade to Windows 8.1 🙁
THE WMF5.0 Preview Feb 2015 version requires :-
Windows 8.1 or Server 2012/R2
The download can be got from the following location on the MS site!
So with my laptop being on Windows 7. I will have to use a VM with Windows Server. I need to download the WindowsBlue x64 edition of the file and then install it on my test server!
As I am limited in hardware, my home server labs are a bit noisy and cost far too much in electricity to have running all the time especially when I am at work where I might not get time to remote in and play. It just seems a waste of energy( I have 2 HP DL360 G5 and 2 x G4 servers as my test and development machines).
So when I am at work, and when I need to do things like this, I load up my AZURE portal and play with these thing inside a throwaway VM. Typically, the intenet is much faster and unfiltered on my Azure VM’s than on the company internet. (I didn’t remap the endpoints so 3389 is on 80 on Azure VM btw so I could break out of the firewall at work and remote in to my azure machines via RDP!)
So sadly after installing the WMF 5.0 – you have to restart the machine in order for the update to be applied… this makes me grumpy! I would really have thought that we would have got past the needing to reboot stage in the Windows product line!
I think that there will be some improvements in the new Server Preview in regards to restarting and applying updates but I haven’t really had chance to play or read the release notes yet! Time is my enemy and I am not getting younger! Again not being able to play with shiny stuff as soon as it comes out makes me GRUMPY!!!!
While waiting for my test server to reboot, I am off for a coffee. As it’s a works mate’s birthday there are snacks and stuff in the kitchen… I fancy a breakfast cookie!
Rights – so it’s back up and running… let’s load PowerShell and get cracking as I really want to show you this one particular new feature!
As ever, let’s just do a quick check to make sure it did in fact install and I’m on the new PowerShell version. PowerShell has a wonderful variable that will allow us to check the version number as well as some other stuff!
As you can see we are now at version 5.0.10018.0
Now for people who have used Linux before, you will be aware of the old APT-GET and the power of installing software and dependencies from the command line. For Example, I want an FTP server, I apt-get FTPSERVER 🙂 – well wouldn’t that be great if that sort of thing was inside PowerShell! Such a feature would allow unlimited power! Powerful but could also be dangerous! Never forget, when things become powerful for us Administrators, they can also become powerful for the nasty people!
The Microsoft OneGet feature, is what provides the apt-get features to PowerShell, from what I understand it does a lot more. But for now all I am interested in is its ability to install software or in the context of this a package.
Right lets dive right in and do my old trusted Get-Command on the OneGet module
As you can see there are some great packages there!- This is a new installation. People who know me will know the answer to this question. What is my best and most loved PowerShell command of all time – The GET-HELP, because you know I need it!!!!
So let’s just throw a update-help, so we have access to the help files just in case. Best practice and all that! I might not need to do that but I rather update the help while I get the chance and remember.
So let’s have a look at the verbs we have in the oneget module
We have find, get, install, register, save, set, uninstall and unregister – Well it looks like we have providers which host sources and sources which host packages. Which seems logical so let have a look at the
first…. ummm there msu,msi,ARP <— what is this??? I might have to google, can anyone tell me throw it in the comments ta! And there is psmodule.
Interesting… Some google work required here! For now, let’s have a look at the
Well this is useful, it tell me that there is a repository of PowerShell under the name PSgallery which points to website. The important thing that catches my eye right away is the fact that this IsTrusted is set to false. My initial thoughts are that this is a good, but will it prevent me from installing or will it prompt me from installing? My money this being PowerShell it will Prompt a Security Warning at me!
I think the cmdlet that we really want to use is the find-package, got to know what we want to install first right!
errr…. I get this… looks like I have to nuget installed, but lucky for me it asking me if I want to do this… so being a cowboy, I hit Y!!!
Then my screen fills up! With packages – 🙂 excellent lots to choose from. I can only assume that at some point this will grow and become bigger with more software added. I also assume as they have support to adding in your own providers and sources, you can setup a company internal repository and use that!
Combined with code signing and other assurance methods I think you could build quite a secure software installation environment from PowerShell maybe! More investigation required though…
The first thing that jumps out me on this list is this! Anyone who done anything with powershell will have read or come across mentions of the PowershellCookbook by Lee Holmes. it’s on O’Reilly I believe. Worth investing in, he has made a module of lots of useful code and functions and stuff, one of the best ways to learn this shit is to look at other people code. See how they solve problems and the ctrl-c and ctrl-v J
Here I can get it using this oneget install-package! Wow handy I think 🙂 So I’m going to get this module so I can use its code and functions/cmdlets elsewhere!
So I think the next logical step is go right ahead and
But just to check, what I am doing and the syntax of the install-package, I do the following
Right, now i willing to just go ahead and install – Hell to the warning, it’s a scrub box anyway!
All done and installed
Now lets have a look and see if we can now list these new commands from the powershellcookbook… so let do a
get-command -module PowershellCookBook
Excellent, lots of commands there for us to use! Now let’s just execute one to prove to the world that they also work! Lets use the get-diskusage cmdlet as our example command. Chosen at random as it was the first one that I saw when my eyes hit the list. Having too much choice actually makes me grumpy!
There it works!
We have downloaded modules from a repository and installed it and ran a command from it all from PowerShell. This is great for a PowerShell module. Let’s have a look at what else we can install from the list and try and find other goodies!
So let’s do another
OMG!!! What the hell – there is hell of a lot more than before, what has happened – all of a sudden I now have a source called chocolatey. Let’s do another
As you can see this new provider is now registered. This must have happened when we installed the nuget 🙂 that is good for us as this open up soooo much more choice!!! Now let’s have look at the list right there I can see
google-chrome-x64 listed as a package to install! so right away, I am going to go for a
As you can see it’s installing 🙂 which is a good sign… then as if by magic It worked!
Wow that was amazing, the best thing is – the find-package is PowerShell!!! So we can use wild cards on it something like this on it
find-package | ft name,summary
find-package |out-gridview -PassThru | Install-Package
This is a software installation candy shop guys! This is very exciting and will add greater emphasise on to PowerShell for the future…. so I welcome the OneGet module with open arms, and hope to be experimenting with other things in the new PowerShell soon!
The main thing, is it means we can now script software dependencies in to our scripts – as we can do a check if it’s installed or not and then just grab and install it, all with very little effort, and carry on! Or use it to automate the installation of software.