XSS and bypassing an Imperva WAF with JSFuck
Not sure if you people have done this, might of experienced this if your server commissioning methods are as backwards as my companies. You are tasked with a server build.
You go through the normal methods, of IP address allocation, Naming Convention, Allocate the correct resources that you think it might require, based on the very detailed user requirements given to you. Or in the case of Grumpy Admin, you just do what you think is best cause there is no user requirements given to you. You are told build user X a server! No idea what they are going to do with it. Being in the dark about things makes me grumpy anyway!
O.K., VM resources allocated – Base OS build/install is done – this is then your choice, you can add a non patched machine directly to your domain at this stage or you patch first and not take the risk, especially if your network doesn’t deploy any NPS funky stuff.
Grumpy Admin doesn’t really care, so I just domain join regardless of patch status! as its going to get patched one way or the other! But some places if you do this, you might make your security team very grumpy and end up in an email fist fight, and random accounts seem to always get deleted (don’t upset your IT Administrator guys!!!) – but advice so you don’t sue me is always follow your company policies. Its a meh but better than a p45! What has this got to do with the title….Making people think about these things is part of the bigger picture of this blog I think, and its my blog so if I go off topic for a moment, so what!!!. If I was running a secure network, I would have it in place NPS or stuff like that anyway to prevent this sort of thing… right back to the story!
So I apply windows updates manually from my neat little monthly Windows Update SCCM package.
yes, you read that right, all them advance tricks of using a clone sysprep image or funky auto-installation scripts, work flows and service templates and all them great advances to make Grumpy Admin a happy Lazy Admin like zero touch installation features of System Centre… Not allowed to use them or even investigate implementing them!!!
I am not even allowed to slipstream all windows updates into a custom WIM to allow me to install servers faster! (I am sure that will be the topic of another blog soon!). Cause we all love working with DISM right??? lol
So I have to deploy servers, by mounting the image and then manually configuring it and then installing Windows Updates afterwards. So I domain join them as they get the SCCM GPO, then I can push these out by via SCCM, which makes life a little easier and I have more control over the rebooting and it means the machine is then already in SCCM for the Monthly Patch Tuesday mayhem! Grumpy Admin only like doing stuff once!!!
As expected, my new server reboots – dropping the RDP session, cause you aren’t still using the Hyper-V/SCVMM console right???
You wasted quite a lot of time on this server getting it nice and ready for your user 🙂 Again making Grumpy Admin grumpy and resentful that he can’t use tools designed to commission servers fast and save lots of time and therefore, money and allow me to spend more time trawling the !and as your faviourt grumpy admin is lazy I want to know when the server is back up from the reboots running so you can RDP in to and do you stuff! So you throw a ping -t at it and go back to reading dilbert on the internet!
after 10 mins of Request timed out, you remember you actually have work to do and you investigate and remember you didn’t set the server to respond to ICMP when you enabled the RDP access from Server Manager!
Most normal places, would put a GPO in place, to modify the firewall property and allow ICMP
Here is a handy link to the correct GPO which would good to implement perhaps… please mr boss man! ( http://gpsearch.azurewebsites.net/Default.aspx?PolicyID=2710 )
This makes me stupidly grumpy! As with most thing Microsoft there are quite a few way to do it!
You can do it via Powershell
Set-NetFirewallRule -DisplayName “File and Printer Sharing (Echo Request – ICMPv4-In)” -enabled True
Tip – if you want IPV6 – you can change the 4 for a 6 😉 and if you want to turn it off some some reason…
Guess what – use some boolean logic and change the -enabled True…. to that right you guessed it! -enabled False
This is easy to cut and paste,
You could also do it via the GUI or using the netsh command…
another way to do it is to use the good old fashion – easy to use SCONFIG – which can be a quick way to get it done, as well as turn on remote management at the same time…
- select option 4 – Configure Remote Management
- select option 3 – Configure Server Response to Ping
Easy as 3.141 – it would be a lot easier and less grumpy if I could use a GPO!