mrzcn

Exchange sunucularınızın güvenliği için “Captcha Doğrulama” ile bruteforce ataklara karşı güvenliğinizi daha da sıkılaştırabilirsiniz.

İlk olarak google hizmeti olan captcha sayfasına giderek site (site) ve secret (gizli) keylerimizi alıyoruz.

https://www.google.com/recaptcha/about/


Captcha keylerimizi aldıktan sonra Exchange sunucusuna bağlanıyoruz ve aşağıdaki path’e gidiyoruz.

mrzcn

There are two simple ways you can find these accounts in Active Directory.  The first method involves creating a custom LDAP query in Active Directory Users & Computers (see Reference below) and using the LDAP query string below:
(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=4194304))
The second method is to use PowerShell to query Active Directory.  Two examples are shown below:
get-aduser  -LDAP "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=4194304))" -properties DoesNotRequirePreAuth
get-aduser -filter * -properties DoesNotRequirePreAuth |where {$_.DoesNotRequirePreAuth -eq "TRUE"}

mrzcn

What did work was a combination of holding down Enter and pressing ESC at random intervals. 
Eventually the Test Account Settings windows is skipped.

mrzcn

slmgr.vbs -upk

mrzcn

runas /user:Laptop\Administrator /savecred “C:\Program Files\CCleaner\CCleaner.exe”

mrzcn

# Ce script couvre mes serveurs Windows 2008 | 2008r2 | 2012 | 2012r2
# Version Powershell 2.0 & 3.0

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force

$VersionNumber = "1.1"

#Gestion du FLAG
$VersionKeyLocation = test-path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\MYCORP"
$VersionKEY = test-path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\MYCORP\$VersionNumber"

mrzcn

The following is a brief summary recent SMB v1 vulnerabilities, ransomware and an enterprise approach to disabling SMB v1 via Group Policy.

Why SMB v1 Isn’t Safe (September 16, 2016)
Ned Pyle wrote a blog post in September of 2016 on why SMBv1 isn’t safe where he stated that if your clients use SMB1, then a man-in-the-middle can tell your client to ignore security settings like:
	• Pre-authentication Integrity (SMB 3.1.1+). Protects against security downgrade attacks.
	• Secure Dialect Negotiation (SMB 3.0, 3.02). Protects against security downgrade attacks.
	• Encryption (SMB 3.0+). Prevents inspection of data on the wire, MiTM attacks. In SMB 3.1.1 encryption performance is even better than signing!
	• Insecure guest auth blocking (SMB 3.0+ on Windows 10+) . Protects against MiTM attacks.
	• Better message signing (SMB 2.02+). HMAC SHA-256 replaces MD5 as the hashing algorithm in SMB 2.02, SMB 2.1 and AES-CMAC replaces that in SMB 3.0+. Signing performance increases in SMB2 and 3.
“...If your clients use S

mrzcn

Navigate to C:\Windows\System32\Inetsrv\ by typing “cd C:\Windows\System32\Inetsrv\” on the command line.
In the Inetsrv folder, run the following command for each of the other websites on the IP address that need to use the certificate (copy both lines): 

appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']

mrzcn

Run CMD as Admin
Slmgr.vbs /ipk XXXXX-BF9TX-XXXXX-7VRBV-XXXXX   

mrzcn

shutdown -r -f -m \\TIC18775PN -t 1 
-c "Shutting down for storm. Save work and close apps."