|
Ethical Hacker Community Forums
|
|
September 07, 2008, 09:47:57 PM
|
Show Posts
|
|
Pages: [1]
|
|
2
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Event log cleanup
|
on: October 05, 2007, 11:57:03 PM
|
|
Dean,
Thanks for the post. WinZapper didn't help much because it won't run on XP/2k3 Server. I checked in Olly to see what it is doing, it does an OS check right off the bat and exits. I am not great in the reversing world and figured a lot has changed on the API from NT4 and 2K so I didn't want to mess with it.
Windows has the event log locked down to where if the service is stopped your system restarts.
Thanks for the post, anyone else have any ideas
-Paul
|
|
|
|
|
3
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Event log cleanup
|
on: October 05, 2007, 12:13:58 AM
|
|
I am currently trying to do cleanup within a vbscript. I am trying to clean up the event log. I want to erase only a few select entries within the log. now using WMI this accesses a lot of calls available from the Win API. I have found that by no suprise windows has locked out this ability. I have tried finding out the current size of the log, resetting the max to this size then tell the log to delete entries only if they are over 2 years old. Now even when I do this logging still happens. The only calls I can make or settings adjusted are
Call BackupEventLog (useless) Call ClearEventLog (useless... overkill)
Set MaxFileSize Set OverwriteOutDated
tried messing with the sets but didn't work out afterall, I could set them, but it kept on logging.
Does anyone have some insight on tools or methods for event log cleanup.
Thanks!!
|
|
|
|
|
4
|
Columns / Heffner / Great Paper!!
|
on: August 12, 2007, 05:15:54 PM
|
|
Thanks for your awesome paper. I have been interested in learning more on RCE and have been held up by the fact that no one writes to the true entry level person. Your overview of registers was very well wrote.
I ran through the Hello World examples and had slight differences. I understand each disassembler will spit something different, I am wondering if you can tell me what is going on though. I m using gdb 6.6-debian.
Dump of assembler code for function main: 0x080483a0 <main+0>: lea 0x4(%esp),%ecx 0x080483a4 <main+4>: and $0xfffffff0,%esp 0x080483a7 <main+7>: pushl 0xfffffffc(%ecx) 0x080483aa <main+10>: push %ebp 0x080483ab <main+11>: mov %esp,%ebp 0x080483ad <main+13>: push %ecx 0x080483ae <main+14>: sub $0x4,%esp 0x080483b1 <main+17>: movl $0x1,0x80495cc 0x080483bb <main+27>: call 0x8048374 <myprint> 0x080483c0 <main+32>: mov $0x0,%eax 0x080483c5 <main+37>: add $0x4,%esp 0x080483c8 <main+40>: pop %ecx 0x080483c9 <main+41>: pop %ebp 0x080483ca <main+42>: lea 0xfffffffc(%ecx),%esp 0x080483cd <main+45>: ret End of assembler dump.
The first three lines are where I am confused. I read about load effective address, but I don't know what it is loading.
Also in myprint(), I am using:
0x0804838b <myprint+23>: call 0x80482bc <puts@plt>
I understand this is the print statement although do you have any input on puts vs print?
Thanks for the awesome paper, when is part two coming out?
|
|
|
|
|
Loading...
|