Windbg search address by protection - windbg

I'm searching a way to find all the address that have a specific protection.
I tried to use !vprot and !adress but those are not what I'm searching.

Related

How does windbg classify crashes broadly and which term in result of "!analyze -v" indicates this?

Can you give me details of all the terms that are useful to understand properly the issue with crash after we use "!analyze -v"? Which term indicates what like The FAULTING_IP field shows the instruction pointer at the time of the fault.
I am not getting it anywhere with proper description.
It is BUCKET_ID that categorizes the issue, and Microsoft has a big internal database to reveal typical issues,
The BUCKET_ID field shows the specific category of failures that the current failure belongs to. This category helps the debugger determine what other information to display in the analysis output.
If you are connected to the internet, the debugger attempts to access a database of crash solutions maintained by Microsoft. This database contains links to a tremendous number of Web pages that have information about known bugs. If a match is found for your problem, the INTERNAL_SOLUTION_TEXT field will show a URL that you can access for more information.
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/using-the--analyze-extension
If you need to investigate on non typical issues, things like STACK_COMMAND might be your friend.
However, dump analysis on native crashes is never an easy task, and corrupt memory can further mess up the situation.
So you should buy services from either Microsoft or other service providers.

Which exploit and which payload use?

Hi everyone and sorry for my bad English.
I'm learning penetration testing.
After reconnaissance and scanning of my target, I have enough information to pass to next phase.
Some info I have is open ports with related running services, names of the services, service's versions, operative system of the device, firewalls used, etc.)
I launched the mfs console.
I should find the correct exploit and payload, based on the information collected to gain access. I've read the Metasploit Unleashed guide on offensive-security. I've learned the Metasploit Fundamentals and the use of mfs console.
But I don't understand the way to start all of this. Assuming that my target has 20 ports open, I want test the vulnerability using an exploit payload that do not require user interaction. The possibilities of which exploit and payloads to use are now reduced, but are always too. Searching and testing all exploit and payloads for each ports isn't good! So, if i don't know the vulnerability of the target, how do I proceed?
I would like to be aware of what I do. and do not try without understanding.
Couple of things:
We have a stack exchange for security! Check it out at https://security.stackexchange.com/
For an answer: you want to look for "remote exploits", as those do not require user interaction. you can find a curated list of exploits here: https://www.exploit-db.com/remote/
You can search the services on this page for something that matches the same service/version as your attack vector.

Is it still worth obfuscating email-addresses to prevent harvesting?

I was wondering, is it really worth the trouble to implement email-obfuscation techniques in order to prevent emails from being harvested these days? My initial thought is no but i might be wrong. My (possibly inaccurate) arguments:
spam filtering and detection is superior these days (when looking at my gmail spambox over 90% of all mail i receive is spam but none ends up in my inbox). Is it safe to assume the same for most other email services?
most techniques aren't 100% proof against advanced harvesting scripts so all effort could be in vain.
You might argue that it's no trouble to obfuscate an e-mail address but i notice a lot of our clients enter their e-mail addresses through our CMS which thus requires me to filter out the e-mail adresses from the text and replace it with an obfuscated version which obviously is a little more trouble.
I'd like to hear from other people wondering the same or actually proving me wrong :)
If it's your address, you can do whatever you see fit.
If it's not your address, you might want to ask the owners. (Or check DNS to see if it's hosted on Google Apps)
As I described here, it is possible to block even the most advanced harvesters. (Unless they specifically target your site and work with the script)

postfix: programmatically adding a user

I asked this question two months ago and got nary an answer. In fact I earned the tumbleweed badge for asking a question that garnered so little interest.
However, this seems like a straightforward question with a definitive answer and I really need to be able to do this.
If there's still no answers I'd sure appreciate if anyone has any ideas about any other forums that might help me out. I tried asking godaddy but I guess I don't spend enough money with them for this level of support.
Thanks and here's the question:
I'm using a godaddy virtual dedicated
server, and the default email server
that comes bundled with it is postfix.
There is even a way to add domains and
user accounts through the godaddy
control panel.
I am trying to figure out (1) exactly
what it is they are doing to create
new accounts via the control panel,
and then (2) how to do that via a
Linux shell script.
I have never used postfix and have
been trying to wade through the man
pages and other documentation. It
appears that when the user accounts
are associated with a domain, then the
user accounts are "virtual". So far
I've discovered that when I use the
godaddy control panel to add a new
email account, it adds an entry into
/etc/postfix/turbopanel/virtual_alias.
Then, that entry also seems to get
committed to the binary
virtual_alias.db in the same
directory.
I have manually replicated the process
of adding a new email address to the
virtual_alias file and then running
postmap
/etc/postfix/turbopanel/virtual_alias
to get the entry into the
virtual_alias.db file. This works, but
some steps are missing: I am not able
to send email to the added user, and
the user doesn't show up in the
godaddy control panel.
I don't think a new Linux account
needs to be created for the virtual
alias. The accounts created via the
control panel DO NOT have an
associated entry in /etc/passwd.
Any help is much appreciated.
Jeremy
Did you want to create virtual mailboxes or forwarders for these virtual users?
see doc on
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
/etc/postfix/vmailbox
Tim
//

Do you break up addresses into street / city / state / zip?

My current app needs to store address information for a user. I'm currently debating whether to use the customary street address / city / state / zip textboxes and dropdowns or to go with Google's method of simply having everything on one line. Any thoughts on the pros/cons of storing address information in either of these manners?
You should split it up. It will make it far easier to do reporting down the road. What happens if you want to pull up all the residents of a state or zip code, or city? If you use all one field, you will be stuck and wish you had split it up.
Also, users will forget to put in all the information you need if you don't prompt them for it.
Judging by the user-input tag on your post, I assume you are referring to how the user enters the data, and now how you are storing the data in your back-end database.
Presumably your database will still need to store this information as separate fields, if you want to be able to sort and analyse the information (e.g. for reporting and statistics purposes).
In this case, I think it would depend on how confident you are that you could parse the addressing information properly into its individual fields.
One hybrid option would be to allow the user to enter the address as a single line, and then do a best-effort parsing of the information into the separate fields. This is similar to how Outlook manages addresses for contacts - you enter all of the information into a single memo field, and then it splits it up for you. You can then correct if it interpreted any of the fields wrong.
I would be very much against just having a single text field where users enter their address. You'd be surprised how many people will leave out their zip code or some other important info if you don't have a specific field for it. Also, as others have mentioned, it make reporting much easier to report on this information later if all the data is pre-parsed. As other users mentioned, programs like outlook will parse this information, but only because the source of the data is often the signatures of emails, which is something that is never in a consistent format.
I tend to split it up, allows searching to be done for a specific section of the address and you can limit the addresses you want to handle by knowing the formatting i.e. Only ship to east coast addresses.
1) You should split it.
2) May I recommend you read this before you attempt to do international address input?
I concur with Kibbee. I was even surprised to see people don't even read the field's labels, inverting first and last name, postal code and city, etc.
No, you can't determinate if a postal code is valid, in a Web application targeting international customers...
Some countries have alpha characters in postal code, various lengths, no state info, etc.
Definitely split the input. If you can help it--and depending upon your business requirements--it may be wise to perform address verification at the point of entry. This will allow you to know that your addresses are going into your database clean and allow you to do a number of other things such as fraud prevention. Having a verified address can help reduce shipping costs if you're shipping physical goods to your customers and can help reduce credit card merchant fees by ensuring the correct ZIP Code is submitted during AVS verification.
In the interest of full disclosure, I'm the founder of SmartyStreets. We offer CASS-certified address verification services. Users can upload a list for scrubbing (CSV/Excel/etc) to our website or use our address verification web service API called LiveAddress.