You should know about that but extracting windows configuration is something very boring. mspaint.exe, screenshot + crop. HORRIBLE.
A good way to extract some information is to use the WMIC utility.
The wmic is a core feature of all Windows since Windows 2000 and most of the commercial monitoring software are using it to extract, analyze and display system information :
Here is a little list of actions you can perform through WMIC utility :
- launch process,
- stop process,
- reboot computer,
- list of installed programs,
- list of installed security patchs,
- etc…
Read the rest of this entry
audit, conf, configuration, win32, windows, wmic
You may have heard about the new DDOS tools released by THc yesterday exploiting an OLD CVE :
here is how to protect yourlsef from the vulnerability :
Just edit your SSL configuration files ( or all your vhost files, depend your configuration) as follows:
SSLVerifyDepth 4 # max number of depth
SSLVerifyClient none (ou require)
SSLCipherSuite RC4-SHA:RC4-MD5:HIGH:MEDIUM:!ADH:!DSS:!SSLv2:+3DES # Ciphers suite used in the renegociation
SSLProtocol all -SSLv2 # Let’s disable sslv2
SSLHonorCipherOrder on #using the order we just set
have fun @patching your apache configuration files !
apache, conf, configuration, ddos, ssl, thc, tools
