IT Dribble

I have finished setting up a new tool for in browser AES256 encryption via the javaScrypt library. Included within the page is a tool to produce SHA1 / SHA224 / SHA256 / SHA384 / SHA512 hashes.

The idea was that I has a central place to encrypt and decrypt data any time, any place with no reliance on anything except a web browser. I wanted to use java script so that both mine and your data doesn’t leave the browser and stays confidential.
(Perhaps David Petraeus could have used something like this, the trail might have been even harder to follow had he left the ‘draft’ message encrypted)

I implemented the SHA hashing as a tool to strengthen poor passphrases. The idea being that you use your lame password as input, create the hash and encrypt your data with the 128 character key (SHA512). When you need to decode your data you just do the reverse. Now some valid points to think about are:

• If you were being targeted and an attacker knew that your password was a SHAx hash then, you would be susceptible to bruteforce attacks against the hash.
• Using a hash (lower case letters and numbers) will provide less entropy against a fully random password of equal length.
• I believe (my opinion) that if you can afford to trade the security of someone knowing your password is a hash vs a shorter more complicated password your better off hashing your actual password with SHA512 (128 characters a-z 0-9)
• Of course your better off with 128 character fully random key but how are you suppose to remember that?

Check it out here: http://www.cammckenzie.com/encrypt/

Tool functionalities:

Once this tool is launched, it will join the IGMP group and listen on UDP 5355 port multicast.
This tool will also listen on TCP port 139, 445, 1433, 80 and UDP port 137, if you have any service running on these ports, you will need to stop them prior launching this tool.
The tool will write captured hashes to a file in the current folder for each poisoned host with the following syntax: [SMB/HTTP/SQL]-[NTLMv1/v2]-Client-IP.txt in a John Jumbo format.The SMB server supports Windows ranging from NT4 to Windows Server 2012 RC, Samba, Mac OsX Lion.

http://blog.spiderlabs.com/2012/10/introducing-responder-10.html

Apart from this package being rather old, it still works.
You need to install libxml2-devel dbus-devel and pmount

 yum install libxml2-devel dbus-devel pmount 

After the make and make install
Run:

pamusb-conf --add-device MyDevice 

Where you might receive the error:

 Unable to read /etc/pamusb.conf: not well-formed (invalid token): line 43, column 52 

The easiest fix is to delete the whole following example section from /etc/pamusb.conf

                <!-- Example:
                        Authenticate user scox using "MyDevice", and configure pamusb-agent
                        to automatically start/stop gnome-screensaver on key insertion and
                        removal:
                        <user id="scox">
                                <device>MyDevice</device>
                                <option name="quiet">true</option>
                                <agent event="lock">gnome-screensaver-command --lock</agent>
                                <agent event="unlock">gnome-screensaver-command --deactivate</agent>
                        </user>

                        Configure user root to authenticate using MyDevice, but update one
                        time pads at every login (default is 1 hour):
                        <user id="root">
                                <device>MyDevice</device>
                                <option name="pad_expiration">0</option>
                        </user>
                -->

That’s a good boy / girl delete the whole section as above.
Excellent after the rest of your progress you may notice on 64bit builds that it doesn’t work that’s because the build doesn’t care for 64 bit installs so move the pam module into the correct directory:

 mv /lib/security/pam_usb.so /lib64/security/pam_usb.so 

Follow the rest of the instructions and you should be good to go!

where {$_ -match “SomeString”}

Or Inverse match (grep -v)
where {$_ -notmatch “SomeString”}

Find all users who have Full Access to the mailbox of others:

Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | ? {($_.AccessRights -match "FullAccess") -and 
not ($_.User -like "NT AUTHORITYSELF")} | ft Identity, User

Finding all users who have Send-As :

Get-Mailbox -Resultsize Unlimited | Get-ADPermission | ? {($_.ExtendedRights -like "*send-as*") -and -not
($_.User -like "nt authorityself")} | ft Identity, User -auto

Finding all users who have Send-As (Restricted to an OU):

Get-Mailbox -Resultsize Unlimited | Get-ADPermission | ? {($_.ExtendedRights -like "*send-as*") -and
($_.Identity -like "*/SomeOU/Users/*") -and -not ($_.User -like "nt authorityself")} | ft Identity, User -auto

Find out who a particular user can Send-As:

Get-Mailbox -Resultsize Unlimited | Get-ADPermission | ? {($_.ExtendedRights -like "*send-as*") -and -not
($_.User -like "nt authorityself") -and ($_.User -like "DOMAINUsernameUwantToFind")} | ft Identity, User -auto