Questions tagged [windows-server]
The windows-server tag has no summary.
135 questions
1
vote
0
answers
239
views
Spectre Mitigations Output for sucessful patch
I got the results of an internal pentest at my company and the job to fix it. The paper they gave me looked like the output i got from microsofts speculativecontrol powershell script from https://...
- 74
2
votes
0
answers
132
views
Is it normal to have Sysmon detect CreateRemoteThread on a fresh and clean Windows Server installation?
A fresh Windows Server installation (20212 R2), all updates applied. Sysmon v15.15 installed. Literally nothing else was installed/added. Never started a browser, never opened a web page. Only apps ...
- 23
0
votes
1
answer
131
views
Is SMB/CIFS secure?
I am working on a non-internet facing and internal/air-gapped system. The vendor providing the solution is using Total Commander for file transfer which they mention is based on SMB/CIFS. Additionally,...
1
vote
2
answers
167
views
PHP embedded within PNG is not executing rather randering in IIS but executes in Apache
I am pentesting a site with all permissions. I have been able to upload a PHP shell embedded within a png image. I have also been able to change the extension of the file like
something.php. So my ...
- 129
0
votes
1
answer
181
views
Nexpose reporting ciphers not present in machine
Nexpose reports the following vulnerability:
TLS/SSL Server Supports The Use of Static Key Ciphers. Negotiated with the following insecure cipher suites:
TLS 1.2 ciphers: ...
1
vote
0
answers
135
views
Low level privilege assignment using Secedit failed
I, as Administrator, tried to assign Backup privileges to a sample user via secedit command...
cmd> secedit /export /cfg config.inf
It exported the contents of Local Security Policy (LSP) database ...
- 85
1
vote
0
answers
159
views
Pass-the-hash, why do I get a shell with high integrity?
I am testing the security of a Windows Server 2019 machine and have a question about remote access to the machine.
The user on the machine has the permission "SeBackupPrivilege". I can ...
- 11
0
votes
0
answers
134
views
How to handle Microsoft FTP server being DDoSed
We noticed FTP service going down intermittently in the server and we found an FTP user was used to DDoS the server. Then we deleted the specific user from the server. After that the user "...
- 1
0
votes
1
answer
321
views
How to protect a local app that acts as a webserver from exploits?
For me building interfaces through HTML / JS frameworks is by far easier then any other framework I have tried in the past. It's also not that strange, as by far the most UIs are based on the web ...
- 549
0
votes
0
answers
4k
views
Windows Event ID 4624 with Anonymous Logon. Is it safe?
In our SIEM, I saw the following event below.
From the image above here is what I'm observing:
Successful login noted via eventid 4624
Username used to login was Anonymous logon as indicated by SID ...
- 133
4
votes
2
answers
691
views
How to find the process that is running PowerShell commands that appear in Windows Defender
On one of our Windows Datacenter 2016, there's an alert that a trojan is trying to install :
The following PowerShell commands are trying to execute at seemingly random hours of the day (always ...
- 139
0
votes
0
answers
410
views
How strong is windows firewall on Windows Server 2019?
How strong is Windows Firewall?
I have no knowledge on Botnets or how to use them, so I have no way to test Windows firewall's strength. And I believe it would go against the contract I signed with my ...
0
votes
1
answer
333
views
Notepad.exe establishing an outbound TCP over port 1025 from Windows using server to a Teradata server, is this unusual?
We have a situation where a user logged into a Windows Server which primarily runs Tableau established an outbound TCP connection over port 1025 where the destination server is part of a Teradata ...
- 1
0
votes
1
answer
2k
views
Cipher Suites settings wrong order?
I'm trying to setup a custom order of TLS cipher suites according to this Microsoft list, on Windows Server 2022 but the outcome is not the one that I was expecting.
After using the powershell to ...
- 3
3
votes
1
answer
454
views
Remote code execution after a valid SMB (net use) password in Windows?
I am doing a capture-the-flag exercise in a Windows scenario.
It uses Windows 2016 server. I was able to find the password and I can access the files with a:
net use z: \\computer\C$ password /user:...
- 31