For my link archive: [Wayback/Archive] Making SMB Accessible with NTLMquic – TrustedSec
Via [Wayback/Archive] Florian Hansemann on Twitter: “”Making SMB Accessible with NTLMquic” #pentest #redteam #infosec”
Related: Read the rest of this entry »
Archive for the ‘Windows’ Category
Making SMB Accessible with NTLMquic – TrustedSec
Posted by jpluimers on 2022/08/30
Posted in Development, Power User, Red team, Security, Software Development, Windows, Windows Development | Leave a Comment »
Since about 5 months now, there has been a new Chocolatey package maintainer for OpenVPN
Posted by jpluimers on 2022/08/26
Last winter, I discovered that the OpenVPN version on Chocolatey was really old: it had not been updated since 2019.
Most Chocolatey maintainers are volunteers and sometimes the burden can become too large. Back then the maintainer was [Wayback/Archive] Chocolatey Software | wget, but luckily [Wayback/Archive] Chocolatey Software | dgalbraith has stepped in and in March 2022 bumped the version from [Wayback/Archive] Chocolatey Software | OpenVPN 2.4.7 to [Wayback/Archive] Chocolatey Software | OpenVPN – Open Source SSL VPN Solution 2.5.4 and kept maintaining (currently there is [Wayback/Archive] Chocolatey Software | OpenVPN – Open Source SSL VPN Solution 2.5.7).
Share this:
Posted in *nix, *nix-tools, Chocolatey, Hardware, Network-and-equipment, OpenVPN, Power User, ssh/sshd, VPN, Windows | Leave a Comment »
Legacy Windows: Why are console windows limited to Lucida Console and raster fonts? – The Old New Thing
Posted by jpluimers on 2022/08/15
I think this holds to or maybe even including Windows Vista: [Wayback] Why are console windows limited to Lucida Console and raster fonts? – The Old New Thing
The workaround is in KB247815.
Luckily, many old KB articles are still in the BetaArchive (see the blog post Source: Missing a KB article? Try the Microsoft KB Archive – BetaArchive Wiki last month), including [Wayback/Archive.is] Microsoft KB Archive/247815 – BetaArchive Wiki
Windows NT 4 / Windows 2000: Necessary criteria for fonts to be available in a command window
…
An unsupported work around is available by adding the following font specific entry:
Add a String Value
Name=00
Data=“Font Name” (without “”)Into the following registry:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Console\TrueTypeFontThe name needs to be incrimented with “
0” for each additional font. The Data entry needs to match the font’s entry in the following registry location:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Fonts
Via: [Wayback/Archive.is] Hack does not show up in the font list for Windows command-prompt · Issue #147 · source-foundry/Hack
–jeroen
Share this:
Posted in Font, Lucida Console, Power User, Programmers Font, Windows | Leave a Comment »
Some notes on Input Director and alternatives: what about multiple platforms and mixing local plus remote access?
Posted by jpluimers on 2022/07/29
More than 10 years ago, I wrote about 7 screens; 3 computers; 1 keyboard/mouse to direct them all: Input Director and started with
At home, I have 7 screens on 3 computers on the same desk. That sounds like a clutter, but all these keyboards and mice hooked up to them add even more clutter. Until I found out about Input Direct…
In the mean time, I’ve mainly used a Mac with MacOS as a front-end to virtually logon to remote machines using both the internal display and one or two external monitors.
Especially when doing video (think Covid-19 and especially on-line meetings!) in addition to software development work, this is far from ideal.
So here are some things on my list of potential enhancements to this situation:
- [Wayback/Archive.is] Input Director – Software KVM to Control Multiple Computers though Windows-only is rock-solid and at version 2.0.1 (back from the version 1.2.2 wayback in 2010): [Wayback/Archive.is] Input Director – Software KVM to Control Multiple Computers
- [Wayback/Archive.is] If you use a multi-computer setup try Garage Mouse without Borders to use your mouse and keyboard across your computers. : LifeProTips
tl;dr:
- Windows machines give [Wayback/Archive.is] Garage Mouse without Borders a try
- Windows and Mac try [Wayback/Archive.is] ShareMouse
- Windows, Mac and Linux try [Wayback/Archive.is] Synergy, which requires one computer to act as host (Only host can control mouse/kb across multiple devices).
- Linux try [Wayback/Archive.is] x2x
- [Wayback/Archive.is] Top 5 Best Mouse Without Borders Mac Alternatives You Should Try
- [Wayback/Archive.is] debauchee/barrier: Open-source KVM software
- [Wayback/Archive.is] How to Control Multiple Computers With One Keyboard and Mouse | PCMag
- Mouse Without Borders: Free and Easy for Windows
- Synergy & Barrier: Smooth and Cross-Platform
- Input Director: Mouse Without Borders Alternative
- Sharemouse: Synergy Alternative
- KVM Switch: The Hardware Option
- (Chrome & Microsoft) Remote Desktop
- [Wayback/Archive.is] Chrome Remote Desktop – Wikipedia
–jeroen
Share this:
Posted in Apple, Hardware, Keyboards and Keyboard Shortcuts, KVM keyboard/video/mouse, Mac OS X / OS X / MacOS, Power User, Uncategorized, Windows | Leave a Comment »
Missing a KB article? Try the Microsoft KB Archive – BetaArchive Wiki
Posted by jpluimers on 2022/07/21
Over the last years, Microsoft has been retiring a lot of KB articles that in some situations can be of great value, not just when using legacy systems: sometimes they are the only source of accurate information on current systems as well.
I was glad to find that many of the retired articles made it to the [Wayback/Archive.is] Microsoft KB Archive – BetaArchive Wiki.
From that page:
Share this:
Posted in Development, Power User, Software Development, Windows, Windows Development | Leave a Comment »
Viewing the most recent Windows DNS requests on the console
Posted by jpluimers on 2022/07/18
I missed that over time, ipconfig has been extended with some more commands.
The command ipconfig /displaydns does exaxctly what I want: Display the contents of the DNS Resolver Cache.
The ipconfig help:
USAGE: ipconfig [/allcompartments] [/? | /all | /renew [adapter] | /release [adapter] | /renew6 [adapter] | /release6 [adapter] | /flushdns | /displaydns | /registerdns | /showclassid adapter | /setclassid adapter [classid] | /showclassid6 adapter | /setclassid6 adapter [classid] ] where adapter Connection name (wildcard characters * and ? allowed, see examples) Options: /? Display this help message /all Display full configuration information. /release Release the IPv4 address for the specified adapter. /release6 Release the IPv6 address for the specified adapter. /renew Renew the IPv4 address for the specified adapter. /renew6 Renew the IPv6 address for the specified adapter. /flushdns Purges the DNS Resolver cache. /registerdns Refreshes all DHCP leases and re-registers DNS names /displaydns Display the contents of the DNS Resolver Cache. /showclassid Displays all the dhcp class IDs allowed for adapter. /setclassid Modifies the dhcp class id. /showclassid6 Displays all the IPv6 DHCP class IDs allowed for adapter. /setclassid6 Modifies the IPv6 DHCP class id. The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP. For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP will be released or renewed. For Setclassid and Setclassid6, if no ClassId is specified, then the ClassId is removed. Examples: > ipconfig ... Show information > ipconfig /all ... Show detailed information > ipconfig /renew ... renew all adapters > ipconfig /renew EL* ... renew any connection that has its name starting with EL > ipconfig /release *Con* ... release all matching connections, eg. "Wired Ethernet Connection 1" or "Wired Ethernet Connection 2" > ipconfig /allcompartments ... Show information about all compartments > ipconfig /allcompartments /all ... Show detailed information about all compartments
Via:
- [Wayback/Archive.is] Here is how to view DNS cache on any Windows 10 computer – Auslogics blog
- [Wayback/Archive.is] DNS Logging and Diagnostics | Microsoft Docs
–jeroen
Share this:
Posted in DNS, Internet, Power User, Windows, Windows 10 | Leave a Comment »
Firewall whitelist for Windows Update
Posted by jpluimers on 2022/07/11
For Windows 10 to update at all, I had to add a truckload of domains to the Fritz!Box whitelist configuration; this is the list for now:
fe3.delivery.dsp.mp.microsoft.com.nsatc.net
fe3cr.delivery.mp.microsoft.com
www.tm.a.prd.aadg.akadns.net
prda.aadg.msidentity.com
www.tm.lg.prod.aadmsa.trafficmanager.net
login.msa.msidentity.com
login.live.com
geo.prod.do.dsp.mp.microsoft.com
ocsp.comodoca.com.cdn.cloudflare.net
ocsp.sectigo.com
crl.usertrust.com
ocsp.usertrust.com
fe2cr.update.microsoft.com.akadns.net
fe2cr.update.microsoft.com
ocsp.digicert.com
vip1-wns2-db5p.wns.notify.trafficmanager.net
wns.notify.trafficmanager.net
client.wns.windows.com
time.windows.com
*.prod.do.dsp.mp.microsoft.com
emdl.ws.microsoft.com
*.dl.delivery.mp.microsoft.com
*.windowsupdate.com
*.delivery.mp.microsoft.com
*.update.microsoft.com
adl.windows.com
tsfe.trafficshaping.dsp.mp.microsoft.com
fe2cr.update.microsoft.com
fe3cr.delivery.mp.microsoft.com
ctldl.windowsupdate.com
emdl.ws.microsoft.com
*.prod.do.dsp.mp.microsoft.com
*.au.download.windowsupdate.com
download.windowsupdate.com
ocsp.digicert.com
slscr.update.microsoft.com
adl.windows.com
*dl.delivery.mp.microsoft.com
*.tlu.dl.delivery.mp.microsoft.com
windowsupdate.microsoft.com
*.windowsupdate.microsoft.com
download.windowsupdate.com
download.microsoft.com
*.download.windowsupdate.com
test.stats.update.microsoft.com
ntservicepack.microsoft.com
update.microsoft.com
*.update.microsoft.com
*.download.microsoft.com
windowsupdate.com
wustat.windows.com
login.live.com
mp.microsoft.com
*.mp.microsoft.com
www.update.microsoft.com
support.microsoft.com
www.msftconnecttest.com
Related:
- my blog post Firewall whitelist for Windows Update
–jeroen
Share this:
Posted in Power User, Windows, Windows 10 | Leave a Comment »
The only practical way of running x86 VMs on Apple M1 seems to be QEMU based UTM
Posted by jpluimers on 2022/07/01
Few articles exist on running x86 VMs on Apple M1 architecture.
This is the best I found, and clearly states that QEMU based UTM is the way to go, but notably lacks 3D support: [Wayback/Archive.is] Apple Silicon M1: How to run x86 and ARM Virtual Machines on it? | by Dmitry Yarygin | Mar, 2021 | Medium
Without VMs, but running Windows x86_64 code is already possible using Windows 10 for ARM via Parallels: [Wayback] Windows 10 on M1 Macs: What you can do (virtualization, sorta) and can’t (Boot Camp) | Macworld.
VMware Fusion is not going to support x86_64 virtualisation anytime soon as per [Wayback/Archive.is] Fusion on Apple Silicon: Progress Update – VMware Fusion Blog – VMware Blogs
…
What about x86 emulation?
We get asked regularly about running x86 VMs on M1 Macs. It makes total sense… If Apple can emulate x86 with Rosetta 2, surely VMware can do something too, right?
Well, the short answer is that there isn’t exactly much business value relative to the engineering effort that is required, at least for the time being. For now, we’re laser focused on making Arm Linux VMs on Apple silicon a delight to use.
So, to be a bit blunt, running x86 operating systems on Apple silicon is not something we are planning to deliver with this project. Installing Windows or Linux from an x86 ISO, for example, will not work.
…
More on UTM, which is open source:
- Downloads:
- [Wayback/Archive.is] UTM | Virtual machines for Mac
- [Wayback/Archive.is] UTM: Run virtual machines on iOS
- Github:
- [Wayback/Archive.is] utmapp/UTM: Virtual machines for iOS
- [Wayback/Archive.is] UTM/README.md at master · utmapp/UTM
UTM is a full featured system emulator and virtual machine host for iOS and macOS. It is based off of QEMU. In short, it allows you to run Windows, Linux, and more on your Mac, iPhone, and iPad. More information at https://getutm.app/ and https://mac.getutm.app/
…
Features
- Full system emulation (MMU, devices, etc) using QEMU
- 30+ processors supported including x86_64, ARM64, and RISC-V
- VGA graphics mode using SPICE and QXL
- Text terminal mode
- USB devices
- JIT based acceleration using QEMU TCG
- Frontend designed from scratch for macOS 11 and iOS 11+ using the latest and greatest APIs
- Create, manage, run VMs directly from your device
…
- [Wayback/Archive.is] Home · utmapp/UTM Wiki
- [Wayback/Archive.is] Known Issues · utmapp/UTM Wiki
- [Wayback/Archive.is] Install Ubuntu ARM64 on Apple M1 · utmapp/UTM Wiki
- [Wayback/Archive.is] Install Windows ARM64 on Apple M1 · utmapp/UTM Wiki
…
Due to an issue with QEMU handling of VHDX images, sometimes Windows will be corrupted from normal usage. This would result in BSOD or random application crashes/errors. To work around this issue, it is recommended that you convert the VHDX image to a QCOW2 image. Currently, UTM does not provide this functionality in the UI so you have to do it directly from QEMU.- Install Homebrew if you do not have it already.
- Run
brew install qemu - Run
qemu-img convert -p -O qcow2 /path/to/Windows10_InsiderPreview_Client_ARM64_en-us_21286.VHDX /path/to/output/Windows10_InsiderPreview_Client_ARM64_en-us_21286.qcow2replacing the paths with your own. - Use the QCOW2 image with UTM. It is recommended you do this with a fresh VHDX from Microsoft in case your image was already corrupted.
- [Archive.is] How to expand an already created Linux VM’s space? · utmapp/UTM Wiki
- [Wayback/Archive.is] UTM/MacDevelopment.md at master · utmapp/UTM
Now hopefully someone posts a Wiki of running x86_64 Windows on Apple M1 (:
This is a small start that it can be done [Wayback/Archive.is] Has anyone tried running Delphi on Windows ARM? – Delphi IDE and APIs – Delphi-PRAXiS [en]
It works well. I’ve managed to build and run my VCL and FMX projects on Android, iOS, Windows and Mac without any problems.Note that both Windows ARM and the way it runs Delphi are still in preview so tread carefully!On 4/18/2021 at 8:01 PM, Der schöne Günther said:Can you confirm it cannot only build projects but also debug them?I can debug Windows and Android no problem. I’m having issues debugging iOS as it’s stopping in the IDE but showing the CPU rather than code views. I believe this might be a badly built component I need to re-install rather than an issue with the environment but can’t confirm either way at the moment.…
An update on the debugging issues on iOS – it’s all working now. My VM just needed a restart and I can debug without problems now.
--jeroen
Share this:
Posted in Apple, M1 Mac, Mac, Mac OS X / OS X / MacOS, Power User, Qemu, UTM, Virtualization, Windows, Windows 10 | Leave a Comment »
chocolatey-community/chocolatey-test-environment: A testing setup related to how the Chocolatey Package Verifier runs testing. Used for manual testing or prior to submission
Posted by jpluimers on 2022/06/29
On my list of things to play around with: [Wayback/Archive.is] chocolatey-community/chocolatey-test-environment: A testing setup related to how the Chocolatey Package Verifier runs testing. Used for manual testing or prior to submission
It sort of is a standalone version of the [Wayback] Chocolatey Software Docs | Package Verifier Moderation Service that you can use to check Chocolatey package that you develop/modify.
From the github repository README:
Requirements
You need a computer with:
- a 64-bit processor and OS
- Intel VT-x enabled (usually not an issue if your computer is newer than 2011). This is necessary because we are using 64bit VMs.
- Hyper-V may need to be disabled for Virtualbox to work properly if your computer is a Windows box. NOTE: This may actually not be required.
- At least 10GB of free space.
Setup
To get started, ensure you have the following installed:
- Vagrant 1.8.1+ – linked clones is the huge reason here. You can technically use any version of Vagrant 1.3.5+. But you will get the best performance with 1.8.x+. It appears you can go up to Vagrant 2.1.5, but may have some issues with 2.2.2 and Windows guests (newer versions may be fine).
- Virtualbox 4.3.28+ – 6.1.6 (this flows in the selection of Vagrant – 5.2.22 seems to have some issues but newer versions may work fine)
- vagrant sahara plugin (
vagrant plugin install sahara)NOTE: If you decide to run with version 1.8.1 of Vagrant, you are going to need to set the
VAGRANT_SERVER_URLenvironment variable as described in this forum post, otherwise, you will get an HTTP 404 error when attempting to download the base vagrant box used here.
Related: people wanting to do a similar thing for Linux: [Archive.is] chocolatey/choco: Has anyone ever tried to set up virtual box with linux (e.g. ubuntu) for choco testing ? – Gitter
Yes, it should work for
choco new,choco pack, andchoco push, running on mono.
[Wayback/Archive.is] https://github.com/chocolatey/choco/runs/3660684196?check_suite_focus=true…
There is also a
dockerfileavailable here:
[Wayback/Archive.is] https://github.com/chocolatey/choco/tree/develop/dockerHowever, as @AdmiringWorm said, there are not any official builds or official support at this time.
…
In my own private fork of choco however I’m using such interfaces as RestartManager
//https://docs.microsoft.com/en-us/windows/win32/api/restartmanager/nf-restartmanager-rmstartsession [DllImport("rstrtmgr.dll", SetLastError = true, CharSet = CharSet.Auto)] static extern int RmStartSession(out uint pSessionHandle, int dwSessionFlags, string strSessionKey); //https://docs.microsoft.com/en-us/windows/win32/api/restartmanager/nf-restartmanager-rmendsession [DllImport("rstrtmgr.dll", SetLastError = true)] static extern int RmEndSession(uint pSessionHandle); //https://docs.microsoft.com/en-us/windows/win32/api/restartmanager/nf-restartmanager-rmgetlist [DllImport("rstrtmgr.dll", SetLastError = true)] static extern int RmGetList(uint dwSessionHandle, out uint pnProcInfoNeeded, ref uint pnProcInfo, [In, Out] ProcessInfo[] rgAffectedApps, ref uint lpdwRebootReasons);those will be windows specific indeed, but I’ll reach them later on.
–jeroen
Share this:
Posted in .NET, Chocolatey, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »
Windows: require UAC elevation to enter password instead of a simple “Yes” helps preventing USB HID attacks
Posted by jpluimers on 2022/06/17
Of course you should be careful inserting random USB devices. Apart from USB HID attacks, they could perform other attacks like DMA ones.
To help preventing automated UAC elevation, you can make it harder to activate UAC by requiring a password. I think the below registry trick and policy is supported as of Windows 7, but it could be more recent (i.e. Windows 8.1).
The video below shows the trick, but does not document it in text. So here we go [WayBack] Windows doesn’t ask for your password when changing settings – Windows 10 Forums
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorUser" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableInstallerDetection" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableSecureUIAPaths" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableUIADesktopToggle" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "FilterAdministratorToken" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t REG_DWORD /d "1" /f
(A more elaborate batch file with lots more hardening is at [WayBack] Win 10 edits · GitHub)
The registry trick is especially useful for Home editions of Windows which do not allow you to run the Security Policy control panel applet secpol.msc.
The first two values explained at [WayBack] How to configure Windows UAC prompt behavior for admins and users – gHacks Tech News:
ConsentPromptBehaviorAdmin
This key defines the User Account Control behavior for system administrators. The default value is set to prompt but do not require credentials to be entered. Here are all possible values:
- 0: A value of 0 allows administrators to perform operations that require elevation without consent (meaning prompts) or credentials (meaning authentication).
- 1: A value of 1 requires the admin to enter username and password when operations require elevated privileges on a secure desktop.
- 2: The value of 2 displays the UAC prompt that needs to be permitted or denied on a secure desktop. No authentication is required.
- 3: A value of 3 prompts for credentials.
- 4: A value of 4 prompts for consent by displaying the UAC prompt.
- 5: The default value of 5 prompts for consent for non-Windows binaries.
ConsentPromptBehaviorUser
- 0: A value of 0 will automatically deny any operation that requires elevated privileges if executed by standard users.
- 1: The value of 1 will display a prompt to enter the username and password of an administrator to run the operation with elevated privileges on the secure desktop.
- 3: The default value of 3 prompts for credentials on a secure desktop.
The changes should take effect immediately. You can for instance set the admin behavior to 0 so that no prompts are displayed, and user behavior to 0 as well to prevent them from running operations that require elevated privileges.
Related:
Share this:
Posted in Power User, Windows, Windows 10, Windows 8, Windows 8.1 | Leave a Comment »
The Wiert Corner - irregular stream of stuff 