Windows 10 SSTP with self-signed certificates

I can’t seem to get the Windows 10 sstp client to connect to the (router) sstp server

I have tried numerous combinations when creating my self signed certificates (ca & server) but I have to admit that I’m a little stumped

CA : https://prnt.sc/rqtkhv + https://prnt.sc/rqtks0 Server : https://prnt.sc/rqtls4 + https://prnt.sc/rqtm0y

Windows 10 : https://prnt.sc/rqtxsq + https://prnt.sc/rqtyfm

Q1) When installing the certificate in Windows I usually select [Local Computer] certificate store rather than [current user]. Is it normal for Windows to also install a copy in the [current user] store ? If so what is the point of this duplicate certificate installation ?

Q2) When installing the certificate into the “Trusted Root Certificate Authorities” for [current user] I obtain the following warning : https://prnt.sc/rqtoyb – why don’t I get this same warning when installing via [Local Computer] ?

Q3) What is the meaning of the yellow triangle with exclamation mark on both [Basic Constraints] and [Key Usage] ? https://prnt.sc/rqtzj0 + https://prnt.sc/rqtzut

Q4) Why doesn’t the SSTP client (https://prnt.sc/rqu1r5) detect the presence of the previously installed (sstp server’s ca) certificate ? https://prnt.sc/rqu0o0

Q5) I feel like my multiple certificate installation attempts may have ‘polluted’ my Windows’ certificate store. Is this possible ? If so is there a way to ‘clean up’ the certificate store (besides manually deleting unwanted certificates) ?

Q6) I believe that this used to work with Windows 10 before but, maybe because of the regular updates, things seem to have changed ?

regards yann

Using Windows Registry and File Forensic Locations in Investigations

There are a number of forensically-useful areas in the Windows registry and file system like those detailed in this SANS Poster. I’ve found this data can be really useful when I’m conducting investigations.

I was curious about how much others take advantage of this data.

  1. Do you use the data found in those locations as part of your investigations?
  2. What tool(s) do you use to extract the data from those locations?
  3. What tool(s) do you use to visualize/interact with the data you’ve extracted?
  4. Do you bring that data you’ve extracted into your SIEM?
  5. Do you use any dashboards/add-ons/apps within your SIEM to interact with that data?

understanding an integer overflow under windows 10

I did this test case that checks for the lens of contents, and based on what I was researching on the internet it says from -128 to 127 the length range, but the code was compiled under visual studio 2019 with the following: /GS , /dynamicbase , however, the proof of concepts is below. once I got executed the POC of concept in order to overwrite EIP / seh chains. I got __report_gsfailure which is where it detects the overflow. i am trying to overwrite the seh chains in order to get code execution. I also tried to overwrite seh chains eb 0 pointing to a non safeseh , but it doesnt work either

exp poc

junk = "A" * 1000  nseh = struct.pack('<I', 0x42424242) #struct.pack('<I',0x90906eb) #struct.pack('<I', 0x42424242)  seh = struct.pack("<I", 0x43434343) # 320 nseh # 316 seh  payload = junk #+ nseh + seh  

stack trace

0:000> g WARNING: Continuing a non-continuable exception (1534.1d3c): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!) eax=00000001 ebx=006d9000 ecx=00000002 edx=000001e3 esi=00d347b8 edi=00d38718 eip=00a71b04 esp=008ff7d0 ebp=008ffaf4 iopl=0         nv up ei pl nz na po nc cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202 demo!__report_gsfailure+0x17: 00a71b04 cd29            int     29h  0:000> k  # ChildEBP RetAddr   00 008ffaf4 00a71258 demo!__report_gsfailure+0x17 [d:\agent\_work\s\src\vctools\crt\vcstartup\src\gs\gs_report.c @ 220]  01 008ffc2c 41414141 demo!main+0x258 [C:\Users\user\Source\Repos\demo\demo\Source.cpp @ 38]  WARNING: Frame IP not in any known module. Following frames may be wrong. 02 008ffce0 777a7b44 0x41414141 03 008ffcf0 00000000 ntdll!_RtlUserThreadStart+0x1b  0:000> !exchain 008ffc64: 41414141 Invalid exception stack at 41414141 

program output 1k “A”

size: -113 length: 399 

source code

#define MAX_DATA_SIZE 255   char buffer[MAX_DATA_SIZE];    memcpy(buffer,contents,strlen(contents));  if(size < MAX_DATA_SIZE)  {   memset(buffer, '', MAX_DATA_SIZE);   memcpy(buffer,contents,strlen(contents));   printf("[+] overflow");  }  else  {   printf("Error!! Max Size:300\n");   exit(1);  } 

vps server windows linux 2.50$ month also possible to rent for 1 hour at 0.03$

free trial option to try the machines
possibility to rent the vps for a minimum of 1 hour at $ 0.03
vps windows and linux prices:
1 hour 0.03 $
1 day $ 0.10
7 days $ 0.65
1 month $ 2.50
possibility of wholesale and stock prices and customized.
great for use of proxy botnet socks to use as ip for various jobs
each vps to its different ip and different countries. possibility of any kind no block.
take advantage today for your work and future earnings

vps sharkk is the perfect place to get simple, fast and secure hosting solutions that allow you to take your business to a higher level. we implemented premium Intel Xeon servers with full SSD / HDD storage in premium data centers connected to redundant Tier 1 Internet providers. Our fast servers are provided with a super fast technical support service 24 hours a day, 7 days a week.

* Why choose us?
~ Rent your hourly vps
~ 24×7 rescue system
~ Premium bandwidth
~ Free installation
~ 100% availability guarantee
~ Fast and powerful servers
~ Free managed services
~ Money back guarantee
~ great for making money online
Just register and be online within minutes with our instant and free configuration.

****** VPS Hosting Plan ******

VPS Startup: $ 2.50 / monthly
– 1024 MB of memory
– OpenVZ VPS type both windows and linux
– 30 GB Raid 10 Storage
– 2 TB of monthly traffic

VPS Pro: $ 3.50 / monthly
– 2048 MB of memory
– VPS OpenVZ type
– 60 GB Raid 10 Storage
– 3 TB monthly traffic

VPS Premium: $ 5.00 / monthly
– 4096 MB of memory
– VPS Type OpenVZ
– 120 GB Raid 10 Storage
– 4 TB monthly traffic

For more plans and information:
Skype: alligator.cash
telegram: teamvps2020
email: paciuttieddu1988ttp@gmail.com

accepted payment methods: paypal, bitcoin, perfect money, payeer.

Thank you.

Any tool to help disable Windows defender? by creating a file to send to the victim VM and test? [closed]

I am using two VMs on my computer , A Kali Linux, and a Windows 10 machine.

I was able to exploit the windows machine without any problem. however I had to disable windows defender first.

I was wondering if there is any tool in Linux Kali that can either remotely disable windows defender, or I can create a file that then move to the windows machine and execute to disable windows defender to simulate a real life scenario.

Thank you!!

Windows 10 version 1809, not offered an upgrade to 1909 in Windows update

My Windows 10 build version is 1809. When I go into Windows update it does not offer to upgrade me to 1909 which should be the most recent as of today.

I notice that there is a bad bug (source: https://thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html) in 1909 which is patched by KB4551762 (https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb4551762), but I don’t get it on my build.

So does this mean 1809 is not vulnerable to the SMBv3 ‘wormable’ issue? ANd why don’t I get the newest version of Windows?

SSD not working anymore and windows not opening [migrated]

I’m struggling with a problem: the Windows suddenly stopped working when I connected the HDD with rack on my laptop. I’ve tried almost everything, so later on I have discovered after re-installing the HDD, and place the SSD in the rack that SSD is not initialized and also, is 100% free. After that, I tried to recover the files from the SSD because I’ve lost sensitive information and a lot of photos from the past years… nothing worked, What happened and what solutions do you think I have? Is the SSD broken somehow? EDIT: Last error when I`m trying to initialize enter image description here

Destroy cluster windows server 2012 r2

I want know how to delete a Windows Server Failover Cluster. My case is a bit special.

I encountered some problems while creating a failover cluster, and I stopped the cluster services then I did “evict nodes”, then “destroy cluster”.

Then the cluster disappears and now I can no longer recreate a cluster because it tells me that the servers are in a cluster. In this case how to delete a cluster which is not visible in server manager?

It’s for SQL Server high availability.