archiveren

development

Everyone is tracking everyone nowadays…

Yet, sometimes I really have trouble remembering what I did, and where I was…
The “what I did” is easily reproducable by using NirSoft’s LastActivityView, checking my send e-mails, and my browsing history… (But as I’m using 3 computers not in logical order, this is also not ideal)

The “where I was” is more difficult…

Enter tracks: https://mendelonline.be/tracks/

Clientside it’s built on top of Nokia’s SensorCore SDK example Tracks (yes, i stole the name, and the layout, and actually just about everything =) ) https://github.com/Microsoft/tracks
The only thing it does it getting all track points containing geographical information from the co-processor on my old but trustworty Nokia 930 running W10M, and posting it to some stupid php “api” putting it in a MSSQL db. (nope, no authN here…)

 

I build some stupid front-end for it, but for now, it looks something like this: https://mendelonline.be/tracks/share.php?accesskey=xqnmSI4vAEItrRaQKaiVnGTx

But you can do way cooler things with it! For example heatmaps! Where did I go most:

Next on the to-to list are statistics…

  • how much time in the car a week
  • how many km in a week
  • how much time in traffic
  • ..
Advertenties

Password Filter

A DLL that provides password policy enforcement and change notification. The functions implemented by password filters are called by the Local Security Authority. – http://msdn.microsoft.com/en-us/library/windows/desktop/ms721882%28v=vs.85%29.aspx 
The purpose for this hook into the LSA is to create custom filters when users change password. Want some specific “default for your company” password filtered out? Want a custom RegEx next to Microsoft’s Complexity Requirements? Want to setup a real ugly sync passwords to another database? Or do you just want access to plaintext passwords? Than this is the way to go…But you can also do other stuff with it, because: “hey! a cleartext pasword!” :-p

Next piece of code doesn’t work, but also talks about the idea: http://carnal0wnage.attackresearch.com/2013/09/stealing-passwords-every-time-they.html
And this blogpost tries to fix what the previous one couldn’t do: http://www.phocean.net/2013/10/02/password-stealing-using-a-password-filter.html

Anyway, code is visualcpp,

Most code (pretty much everyting) came from devx, who did a great job with his article: http://www.devx.com/security/Article/21522 !

Next functions are called by the OS when a users changes a password:

BOOLEAN PasswordFilter(
  _In_  PUNICODE_STRING AccountName,
  _In_  PUNICODE_STRING FullName,
  _In_  PUNICODE_STRING Password,
  _In_  BOOLEAN SetOperation
);

NTSTATUS PasswordChangeNotify(
  _In_  PUNICODE_STRING UserName,
  _In_  ULONG RelativeId,
  _In_  PUNICODE_STRING NewPassword
);
BOOLEAN InitializeChangeNotify(void);

 

Visual studio 2013 project to download: https://www.mendelonline.be/downloader/?file=passwordfilterregex.zip

The only thing this code does, is write out the cleartext password to a textfile… Just a proof of concept of what you can do of course… Rest is for you guys to code 😉

So, model 2013 revealed some more secrets!

using Newtonsoft.Json;
using ManagedUPnP;

Finding all upnp services on the current network

Services lsServices = Discovery.FindServices(null,timeout, 0,out lbCompleted,AddressFamilyFlags.IPvBoth);

And filter out the ones being Sony.

foreach (Service IndividuallsService in lsServices)
{
if (IndividuallsService.Description().Actions.ContainsKey("X_SendIRCC"))
{
sony bravia television found! :-)
sonytv=IndividuallsService;
}
}

Register to the device by calling webservice (json) twice! Once without basic auth and once with basic auth and password the number shown on the television itself! Catch the cookie, because it contains the authentication key! (With expiration date 00-00-0000).
Using the same json.net library, you can easily serialize the cookiecontainer for later use.

string hostname = System.Windows.Forms.SystemInformation.ComputerName;
string jsontosend = "{\"id\":13,\"method\":\"actRegister\",\"version\":\"1.0\",\"params\":[{\"clientid\":\"" + hostname + ":11c43119-af3d-40e7-b1b2-743311375322c\",\"nickname\":\"" + hostname + " (Mendel's APP)\"},[{\"clientid\":\"" + hostname + ":11c43119-af3d-40e7-b1b2-743311375322c\",\"value\":\"yes\",\"nickname\":\"" + hostname + " (Mendel's APP)\",\"function\":\"WOL\"}]]}";


var httpWebRequest = (HttpWebRequest)WebRequest.Create("http://"+theipadres+"/sony/accessControl");
httpWebRequest.ContentType = "application/json";
httpWebRequest.Method = "POST";
httpWebRequest.AllowAutoRedirect = true;
httpWebRequest.CookieContainer = allcookies;


string authInfo = "" + ":" + pincode; #pincode shown on television
authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));
httpWebRequest.Headers["Authorization"] = "Basic " + authInfo;
(HttpWebResponse)httpWebRequest.GetResponse();

And you can send any command using upnp. The list of commands can be found grabbing the response from the correct request (click here for known requests)

sonytv.InvokeAction("X_SendIRCC", "AAAAAQAAAAEAAABgAw==");

Or the special commands using json

string jsontosend = "{\"id\":78,\"method\":\"setTextForm\",\"version\":\"1.0\",\"params\":[\"http://www.mendelonline.be\"]}";

sonybravia

After a few years of fighting with Lync2010 , we decided to stop using this service on premise and migrate everyone to the cloud/Office365!

For something as Lync, privacy and auditing isn’t that important (not yet), so we guessed we can trust Microsoft on this one…

  • First thing to do: create a trust between Microsoft and our on-premise AD.

This is done by implementing ad fs.
On top, you need to have an active “DirSync”, syncing your AD to the cloud.

To create the hybrid set-up with an on-premise Lync environment, and the “in the cloud”-office365 one, you’ll need the latest iteration of the Lync server software: version 2013.
So, we added the Lync 2013 servers to our 2010 deployment. And after some little hassles, everything started to work. (Single IP deployment, you can google around how to set it up)

You need a lync2013 edge and front-end, because we’ll need some specific features introduced in 2013.

  • Next: the Office 365 part.

Office 365 is a complete infrastructure as a service platform from Microsoft offering Sharepoint, Exchange,  Lync and some more Microsoft Services in the cloud. It’s pretty cool actually.
I’ve never been too fond of office 365: it’s cool, nice and cheap when everything is working. But when it start failing… You’re gone… AAAND you always have to mention the Patriot Act…

Anyway, since it’s February wave of updates, office 365 became even more functional!
It’s PowerShell support got an update, and now supports Lync Online cmldlets!

Before, you actually had to ask Microsoft to enable the PowerShell for Lync Online because it was in beta. Nowadays (since august), everyone gets it!
So, nice again 🙂

Msol-powershell doesn’t support a lot of cmdlets, but at least some essentials.

  • To be able to migrate a user, we’ll have some more requirements: on premise active directory tweaking and office 365 domain setup.

Of course you need to connect your DNS-domain to your office365 tenant (can be done easily using dns-verification)

Next, make sure your AD upn (username@domain.com) corresponds to your lync domain and your office 365 account. You can add the domain as a custom suffix in ad.
So, you’ll have an internal AD user frafra@domain.com, name.firstname@lyncdomain.com as sip-address, and the same frafra@domain.com as office 365 user (synced by dirsync).
Your lyncdomain doesn’t exactly has to be the same as your login domain, but hey, “why make it simple and functional if you can make it complex and wonderful?!”…

After that, you can fire up PowerShell!

Fist of all, you have to add Lync Online as an trusted host on your onpremise lync and you have to make your on premise Lync share the SIP address-space with Lync online
Use “Set-CsHostingProvider” here…

And then you can actually move someone between both environments! 🙂 (make sure the user has a office365 license assigned). Again, all can be done in PowerShell.

So, connect to your onprem lync and office365, and push your clients to the cloud!


#onprem
$CSSession = New-PSSession -ConnectionUri https://onpremlync.contoso.lcl/ocspowershell -Credential $AdminUsername -ErrorAction SilentlyContinue
Import-PSSession -Session $CSSession
#exchange online
$ExSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $ExSession
#office365
connect-msolservice -Credential $cred
#lync online
Import-Module LyncOnlineConnector
$CSolSession = New-CsOnlineSession -Credential $cred
Import-PSSession $CSolSession –AllowClobber

get-msoluser -UserPrincipalName user@contoso.com | Set-MsolUser -UsageLocation “BE”
Set-MSOLUserLicense -UserPrincipalName user@contoso.com -AddLicenses CONTOSO:MCOSTANDARD
get-csuser user@contoso.com | Move-CsUser -Credential $cred -target “sipfed.online.lync.com” -HostedMigrationOverrideUrl “https://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc” -ProxyPool “onpremlync13registrar.contoso.lcl”

AD FS, STS, SSO, Claims, Realms, Tokens, SAML, WS-Federation, WS-Security, … All these fuzzy terms that where thrown at my last month…

The project was to implement AD FS (see title) in our environment.
The single and only purpose of AD FS is to create a “single sign on experience” between applications. Sign on on any website, and you can visit all other websites with that same account! (Only trusted websites that is, ofc…)
There are claims providers for Exchange OWA, Sharepoint. You can use it native in custom and cross-platform applications, on Microsoft Azure and in our case Office 365.
And because it’s based on an open standard, you don’t have to use .net, but you can use Java (jeej) as well! Or even php -> http://code.google.com/p/simplesamlphp/.
As long as your application is compatible with saml, you’re good to go!

So, all mentioned abbreviations also have a meaning! And if you want to know what it means and what their purpose is, read this article on msdn!

A more “conceptual” article you can read: A Guide to Claims-Based Identity and Access Control (2nd Edition)
Especially the part about “the airport” explains a lot 😛

Some more “academic” OASIS articles on WS-Trust and WS-Federation

And if you want to know more about WSDL, just read wikipedia 🙂

Powershell is being positioned by Microsoft as a “unix shell loookalike”.
And with the release of W8 it’s lifted to edition 3.0

If you have absolutely never heard of it: it’s the successor of dos -> cmd -> cscript (VBscript) -> powershell.

Nowadays, you can actually script a big part of almost any Microsoft product installation/configuration/administration in this shell (like windows, exchange, sharepoint, lync, …)
Plus, you can make calls to .net/COM/windows!

Let’s get you started!

Start -> search for “powershell” -> start it!

You can run commands you already know like ipconfig/nslookup, cd/ls/dir or even something like “Get-Counter -ListSet processor | Get-Counter” (more info) for more advanced usage 🙂

I’m not going to rephrase great readings, but I am going to put them in a list to get you started!

  1. Read this: http://www.johndcook.com/PowerShellCookbook.html
    It’s very brief summary of how to get you started in powershell scripting (the setup, especially the “set-executionpolicy”, and some real basic commands!)
  2. Check this page: http://www.computerperformance.co.uk/powershell/index.htm
    It’s also a very good introduction to the conditional branching, comparators and loops syntax in powershell!
  3. or google anything with “powershell” and your question 😉

If you’ve programmed before, you’ll be up and running in no time!
Otherwise, it’ll take you like 2 minutes 😛

Anyway, some example scripts for you! -> http://www.mendelonline.be/code/index.php?filename=get%20all%20servers%20from%20ad%20and%20get%20version%20of%20specific%20file.ps1