There have been many ways to try and update windows from the command line. All of which range from medium difficulty to very difficult. Now it appears there is a free solution to install these updates via the command line all from one pre-coded program.
WUInstall allows you to run this program from a command prompt allowing you to update windows without needing a GUI environment. This tool could be very useful to those who have to update a box remotely. For example in a CTF event you could download and install the updates via the command line to help you lock down the box from access from anyone else.
The command to update via the command line is WuInstall.exe /install
It's that simple after the command it will automatically download and install all the windows security updates!!
I am going to post a link at the bottom of this post I hope it helps you out!
http://www.wuinstall.com/
Saturday, October 9, 2010
Friday, October 8, 2010
Louisville,Kentucky Issa Capture the Flag 2010 - My writeup on making second place.
Okay well I guess I will just say before I get started Adrian did an amazing job with the setup of the CTF event. Now down to business. I came in at 8:30AM and adrian had that as the start time. So I went ahead and got started discovering the computers ports and services with nmap. I was there until almost 10:00 am before anyone showed up and then there were only us two who had never competed before so it took FOREVER for us to both really get off the ground due to us having limited experience. The first box 10.0.0.1 was a linux box running a apache server and openssh. The apache server version was vulnerable but metasploit was having some issues trying to encode the exploit even when I unsetg encoder it still was trying to encode the exploit before using it. Anyways 10.0.0.2 was originally a windows XP SP0 which I gained a shell to right when adrian decided to switch up the setup on it due to the fact that the other competitor having a 12 minute run with it so I was behind. He replaced the SP0 box with a SP2 or SP3 box not really sure as I focused the rest of my efforts on the wildcard box which was a windows 98 box we were getting a shell but no session in the box neither me or my competitor managed to do it so adrian ended up giving an easy opportunity for points he made the windows 98 computer share its c drive on the network. So my friend Jeff who is my next door neighbor was the one who found that he had shared the c drive on the network.
Jeff ended up just being a temporary team member seeing as he was only there for about 30 mins or so. But I "defaced" the website with my team name and scored 12 points then adrian changed the wildcard computer to a linux box. So me and my competitor were tied. I scanned the linux box 10.0.0.3 it had about 5-6 different services running and about 2 maybe 3 services could have been exploited but i found that the samba version was the easiest to exploit and the most reliable. I used a exploit located under multi/samba/ in metasploit. This gave me a reverse command shell which I then had to run the /bin/bash command to gain a remote shell with root access. First thing I did was create 1-2 users which would be decoys one was named "pwnme" and the other one I forgot the name of it. Anyways so I changed the root password aswell in order to always keep access open to the box. The computer had OpenSSH running on it already so I just ssh'ed to the box under the root user. "Purehate" who was one of the people moderating the competition repeatidly killed my metasploit exploit process and he took the bait and deleted the created users and didn't focus on the root user. So I had a constant ssh session open to the 10.0.0.3 box. I started to gain consistant points and then Purehate decided to switch things up he removed all the defaced webpages and then all of us had to go back in and redeface the pages. One of my competitors (2 more had just registered around 1PM) had gotten the exploit working in the 10.0.0.3 linux box and manged to block my ip address with ip tables. So I went in and changed my ip address to a static ip address so I could avoid the firewall rules he had instilled. I sshd back into the root user of the box then used iptables to reject all other ip addresses except mine. I did make a newbie mistake and ended up blocking my own by a typo and then noone could access the box so purehate had to go in and reset it. I had rejected connections from the 10.0.0.99 box aswell which was the score box and so i probably lost about 20 points before I relized it wasnt gaining anymore points. The site was defaced I was just not getting points for it anymore.
Then I fixed that mistake and started pulling farther ahead of my competitor. Purehate decided to pull a trick on us all and on my end he deleted the var/www/ folder which was the website folder. I recreated the html file and went to the page to find out it still said the site didnt exist. I found out it was in an apache2 config he had changed the allow website config to a directory under /root/ so I had to change it back. When I did I found out he deleted the www folder and had to recreate it and the html file. Finally I was getting points again. But there was a team "uky" who noone knew who they were but they had control of the 10.0.0.1 box or so we thought. They had setup a server with xammp and then arp poinsed the scoring box to check their ip address for the 10.0.0.1 site. This allowed them to not have to exploit the box or deface the site all it did was make it so the scorebox would see the actual site everyone else would have control of the boxes and actually deface the site but not receive points for it. I tried the password on the 10.0.0.1 box I had gotten from SQL injecting the website it was hosting. I logged in as greg and found a password which was used in the 2009 ctf. It turns out the uky team had already changed it so my easy way into the box had been eliminated and the exploit wasnt working which was supposed to work with the apache version it was running.
Anyways finally it came to a close when that team had pulled ahead of me and the other competitor. I ended up with 52 points and second place. The uky team had 130. Anyways so i learned a HUGE ammount during this conference adrian and the other people managing the competition gave us hints here and there and if we didnt know a command to do something they would tell us the base command so we could figure out which command to use and then how to use it by looking at the help pages. For the last 2 hours of the competition i had the 10.0.0.3 box under my control but the uky team basicly bypassed it for that last hour so I got no points. Anyways I really enjoyed myself and will definatly compete next year it was definatly interesting and fun to work on first hand the things everyone talk about with eachother everyday. Hope to see you there next year everyone!!
Jeff ended up just being a temporary team member seeing as he was only there for about 30 mins or so. But I "defaced" the website with my team name and scored 12 points then adrian changed the wildcard computer to a linux box. So me and my competitor were tied. I scanned the linux box 10.0.0.3 it had about 5-6 different services running and about 2 maybe 3 services could have been exploited but i found that the samba version was the easiest to exploit and the most reliable. I used a exploit located under multi/samba/ in metasploit. This gave me a reverse command shell which I then had to run the /bin/bash command to gain a remote shell with root access. First thing I did was create 1-2 users which would be decoys one was named "pwnme" and the other one I forgot the name of it. Anyways so I changed the root password aswell in order to always keep access open to the box. The computer had OpenSSH running on it already so I just ssh'ed to the box under the root user. "Purehate" who was one of the people moderating the competition repeatidly killed my metasploit exploit process and he took the bait and deleted the created users and didn't focus on the root user. So I had a constant ssh session open to the 10.0.0.3 box. I started to gain consistant points and then Purehate decided to switch things up he removed all the defaced webpages and then all of us had to go back in and redeface the pages. One of my competitors (2 more had just registered around 1PM) had gotten the exploit working in the 10.0.0.3 linux box and manged to block my ip address with ip tables. So I went in and changed my ip address to a static ip address so I could avoid the firewall rules he had instilled. I sshd back into the root user of the box then used iptables to reject all other ip addresses except mine. I did make a newbie mistake and ended up blocking my own by a typo and then noone could access the box so purehate had to go in and reset it. I had rejected connections from the 10.0.0.99 box aswell which was the score box and so i probably lost about 20 points before I relized it wasnt gaining anymore points. The site was defaced I was just not getting points for it anymore.
Then I fixed that mistake and started pulling farther ahead of my competitor. Purehate decided to pull a trick on us all and on my end he deleted the var/www/ folder which was the website folder. I recreated the html file and went to the page to find out it still said the site didnt exist. I found out it was in an apache2 config he had changed the allow website config to a directory under /root/ so I had to change it back. When I did I found out he deleted the www folder and had to recreate it and the html file. Finally I was getting points again. But there was a team "uky" who noone knew who they were but they had control of the 10.0.0.1 box or so we thought. They had setup a server with xammp and then arp poinsed the scoring box to check their ip address for the 10.0.0.1 site. This allowed them to not have to exploit the box or deface the site all it did was make it so the scorebox would see the actual site everyone else would have control of the boxes and actually deface the site but not receive points for it. I tried the password on the 10.0.0.1 box I had gotten from SQL injecting the website it was hosting. I logged in as greg and found a password which was used in the 2009 ctf. It turns out the uky team had already changed it so my easy way into the box had been eliminated and the exploit wasnt working which was supposed to work with the apache version it was running.
Anyways finally it came to a close when that team had pulled ahead of me and the other competitor. I ended up with 52 points and second place. The uky team had 130. Anyways so i learned a HUGE ammount during this conference adrian and the other people managing the competition gave us hints here and there and if we didnt know a command to do something they would tell us the base command so we could figure out which command to use and then how to use it by looking at the help pages. For the last 2 hours of the competition i had the 10.0.0.3 box under my control but the uky team basicly bypassed it for that last hour so I got no points. Anyways I really enjoyed myself and will definatly compete next year it was definatly interesting and fun to work on first hand the things everyone talk about with eachother everyday. Hope to see you there next year everyone!!
Subscribe to:
Posts (Atom)