WMI Scripting - Hidden and Dangerous

notepad C:\TEMP\file.txt:myfile.vbs

Cscript C:\TEMP\file.txt:myfile.vbs
or
Wscript C:\TEMP\file.txt:myfile.vbs

______________
Contents of file.txt:myfile.vbs:
____

strComputer = "."

Set objSWbemServices = GetObject("winmgmts:\\" & strComputer & "\root")
Set colNameSpaces = objSwbemServices.InstancesOf("__NAMESPACE")

For Each objNameSpace In colNameSpaces
Wscript.Echo objNameSpace.Name
Next

_______________
Notes: Set objService = objLocator.ConnectServer(".", "root\cimv2")')
Links: http://www.pcmag.com/article2/0,1759,1639276,00.asp

Arp Poison that machine

Wonderful arpoison - tutorial

arptoxin -sip 10.0.0.1 -es [AnyShitMacAddress] -ed [TheVictimsMacAddress] -d 1

The problem is that it instead of redirecting it some where it tells the [TheVictimsMacAddress] that 10.0.0.1 is at ff:ff:ff:....

From CMD:
Tell [TheVictimsMacAddress] that 10.0.0.1 is at ff:ff:ff:ff:ff:ff

Lock a station with a shortcut

%windir%\System32\rundll32.exe user32.dll,LockWorkStation

Think Simple (Web forms)

Instead of trying clever tricks, to by-pass forms and their arguments and how to reach the next page by providing as little private information as possible, sometimes the simplest approach is the most effective.

At the time of posting these to sites bellow have no or very basic form checks therefore allowing the user to progress without providing any information.

Site: Hugin Expert
URL: http://www.hugin.com/Products_Services/Products/Demo/AdvisorEval/Form/
Analysis of Problem: If you just push Download the cgi script, where the information is sent to, looks if the email address is not null(throws an error if null).Now by going back and filling in a letter in the e-mail field(not even a valid email is required), you can proceed to the sites download links.

Site: Security Innovation
URL:
http://www.sisecure.com/holodeck/holodeck-trial.shtml
Analysis of Problem: This site's form is the best example of this problem.(Unless intended) Just push "Proceed to Download".

man0war

Disconnecting MSN and aMSN chat

It seams that the following strings make the MSN messenger chat connection, to drop:

HTTP_ACCEPT
HTTP_ACCEPT_LANGUAGE
and anything else starting with HTTP_ACCEPT_...

This can be seen with amsn which displays the chat status at the bottom.

How To Debug an Active Process in 32-bit Visual C++

You can debug an active process with 32-bit editions of Microsoft Visual C++. You can attach to the active process by starting Visual C++ using the undocumented -p switch, followed by the process identification number (PID).

http://support.microsoft.com/default.aspx?scid=kb;en-us;120707

MS Calculator Error

The problem was found by $0cr4t3$:

MS Calculator has a problem in calculating negative numbers.
When in Scientific mode and trying the transformation of "-1" from Decimal to HEX calc.exe produces an unwanted result FFFFFFFFFFFFFFFF

What is this hex subtraction:
0xA3 - 0xF5 =
e.g.
http://www.google.com/search?hl=en&lr=&q=0xA3-0xF5&btnG=Search

Answer: 0xA3 - 0xF5 = -0x52
The answer has been given by Google.com

More on Google.com calculating abilities:

http://www.googleguide.com/calculator.html
http://www.google.com/help/features.html#calculator

___________________________

Another problem found by man0war:

Try the following sequence of events while in HEX mode
A(HEX) -> +/- -> +/- -> = -> +/-

That means push A then +/- then +/- again then
= and then +/- again and you have FFFFFFFFFFFFFFF6

___________________________

After searching("calculator hex") at support.microsoft.com only the following link that was of relevance was found.

Solution to an old problem, still very effective:
"Microsofts solution to another problem when calculating large numbers:
To prevent this problem from occurring, do not use Calculator to convert large decimal numbers to hexadecimal. "

http://support.microsoft.com/default.aspx?scid=kb;en-us;187514
___________________________

distributed RC5 Stats

http://rc5stats.distributed.net/participant/psearch.php?project_id=5&st= (participation id)