PowerShell security issue with file access

I ran into strange behavior of PowerShell, which I consider being a security issue. I don’t know if this is expected behavior built in by Microsoft, but by using this “bug”, you can check the contents of a folder to which you don’t have access permissions. When using the Test-Path cmdlet, the command behaves a bit different than expected.

If Test-Path is used on a file which is in a folder where you don’t have access permissions to (eg. NTFS permissions are set), the command returns $false, but also throws an UnauthorizedAccessException (access denied). However, when the file actually doesn’t exist, the command will only return $false. By catching the error, you know if the file exists or not. By using a brute-force method, you can enumerate the entire contents of the directory. This way it’s possible to find out what kind of applications are installed on a machine, and possibly exploiting weakness in these applications. Read More

Configuring Windows Server 2012 Core: PowerShell

As mentioned in my previous post about configuring Windows Server 2012 Core, you have multiple options. One is sconfig, but the preferred method is using PowerShell. PowerShell is a really powerful scripting language and Microsoft is pushing the use in all of their products.

In this post, I will describe how to configure your Windows Server 2012 Core installation using PowerShell. I will describe how to change your computername, set the IP address and join your server to the domain.

Read More

Configuring Windows Server 2012 Core: SConfig

With the release of Windows 2008, Microsoft introduced the Core installation. This is a stripped down version of the Windows Operating System, without any GUI (less space, smaller attack surface). Microsoft continues this option with Server 2012 and recommends to install the core version. When you install Windows Server 2012, the core installation is even selected by default. Configuring Windows Server 2012 Core is a bit harder without the GUI, so I’m writing two articles about configuring Windows Server 2012 Core.

For the configuration, you have two options: using SConfig or using PowerShell. Microsoft is pushing the use of PowerShell harder and harder, so PowerShell would be the preferred way to configure Windows Server 2012. I will get to PowerShell in the next article, in this article I will focus on using SConfig.

Read More