I am calling a web page from a VB application to perform a validation, something like :
Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")
...
objXMLHTTP.Open "GET", ls_address, False
objXMLHTTP.Send
The value of objXMLHTTP.Status is 0 in Windows7 and 200 in Windows10.
I have a lot of people that started to have this problem yesterday (2018-01-29) so I am thinking that a Windows 7 update might have caused this?
Also, my ls_address is https://... and I have the problem in Windows7, but when I change it to http://... it works again. Both work in Windows10.
Anybody has a clue where to look, Windows Defender, Microsoft Security Essentials, etc. ???
Try adding this line of code:
objXMLHTTP.setRequestHeader "Origin", ls_address
Also: is there any authentication needed?
The problem was not with a windows 7 update as I tought first, but rather a security update on the web server that caused trouble only with windows 7 clients.
As mentionned by Lankymart, it is related to SSL/TLS protocols or cyphers. I am not sure if I could code something different in VBA to make it work. I tried using Server.CreateObject ("MSXML2.XMLHTTP.6.0"), but it did not work in my vba environment.
As a temporary solution, the update on the web server was undone and everything went back to normal.
TLS version 1.2 update in Windows Server 2008 R2, 2012, and Windows 7
https://support.site24x7.com/portal/en/kb/articles/to-update-to-tls-version-1-2
Related
I am trying to understand/reproduce Log4shell vulnerability, using this poc and also information from Marshalsec.
To do that, I've downloaded Ghidra v10.0.4, which is said (on Ghidra download page) to be vulnerable to log4shell. Installed it on an ubuntu VM, along with java 1.8 (as stated in POC), and loaded the Poc + marshalsec snapshot.
Tried to start Ghidra, it said java 11 was needed, so although I've installed java 1.8 I still downloaded java 11 and, when you start ghidra, it says the installed version is not good enough and ask for the path to a java11 version; so I just gave him path to the jdk11 directory and it seems happy with it. Ghidra starts alright.
Then set up my listener and launched the poc, got the payload string to copy/paste in ghidra, and got a response in the ldap listener saying it'll send it to HTTP. But nothing more. The end.
Since the HTTP server is set up by the same POC, I thought maybe I just couldn't see the redirection, so I started the http server myself, started the ldap server myself with marshalsec, and retried (see pics below for exact commands/outputs).
Setting http server:
Set listener:
Setting LDAP server:
Send payload string in Ghidra (in the help/search part, as shown in kozmer POC); immediately got an answer:
I still receive a response on the LDAP listener (two, in fact, which seems weird), but nothing on the HTTP. The the Exploit class is never loaded in ghidra (it directly sends me a pop-up saying search not found, I think it is supposed to wait for the server answer to do that?), and I get nothing back in my listener.
Note that I don't really understand this Marshalsec/LDAP thing so I'm not sure what's happening here. If anyone have time to explain it will be nice. I've read lot of stuff about the vuln but it rarely goes deeply into details (most is like: the payload string send a request to LDAP server, which redirect to HTTP server, which will upload the Exploit class on the vulnerable app and gives you a shell).
Note: I've checked, the http server is up and accessible, the Exploit.class file is here and can be downloaded.
Solved it.
Turned out for log4shell to work you need a vulnerable app and a vulnerable version of Java; which I thought I had, but nope. I had Java 11.0.15, and needed Java 11 (Ghidra need Java 11 minimum, only vulnerable version of Java 11 is the first one).
Downloaded and installed Java 11, POC working perfectly.
I am new to Vb.net. I am creating an intranet application which needs the windows loginname. I got the login name from System.Net.CredentialCache.DefaultNetworkCredentials. It worked fine in my localhost machine. But the problem is that when I am trying to access the site from Development server it is showing the error:
The request failed with HTTP status 401: Access Denied
But the same code is working fine in Test environment.I don't have any idea why these both environment behaving differently.
I am using windows Integrated authentication and Anonymous access disabled. Please help me to figure out this issue.
Dim consumeWebService As ws-ProfileService
consumeWebService = New ws-ProfileService
consumeWebService.PreAuthenticate = True
consumeWebService.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials
Thanks in advance.
It sounds like an impersonation issue. Have a read here and see if this helps. It's definitely worth the read even if seven years old.
How To: Use Impersonation and Delegation in ASP.NET 2.0
I'm upgrading an old Windows 2003 server (32-bit) with IIS 6 to a Windows 2008 server (64-bit) with IIS 7.5. I'm in the process of installing necessary DLLs on the new machine (I only need two). The first one worked fine. The second one, ASPIMAGE.DLL is causing some trouble.
Here's what I've done (same process that worked for XZIP.DLL):
Move ASPIMAGE.DLL to C:\Windows\SYSWOW64
C:\Windows\SYSWOW64\regsvr32.exe C:\Windows\SYSWOW64\ASPIMAGE.DLL - I get a prompt saying "DLLRegisterServer in ASPIMAGE.DLL succeeded". I've run this multiple times - I hope that's not an issue.
Set "Enable 32-Bit Application" to True in the Application pool. Restarted the Site and AppPool just to be sure.
Attempt running code (which works fine on the Win2003 machine):
I get this error:
Server object error 'ASP 0177 : 800703e6'
Server.CreateObject Failed
/scripts/update/resize.asp, line 2
800703e6
Note that I've also tried this as a replacement, and I have the same issue (it looks like it registers fine, but the code can't see it):
http://code.google.com/p/aspnetimage/
Any ideas what the issue is? It's strange to me, because it seems like it registers fine, but ASP can't find it.
I was able to solve the problem by using AspNetImage as a replacement in conjunction with LoadPicture(): http://www.w3schools.com/vbscript/func_loadpicture.asp.
http://code.google.com/p/aspnetimage/
I have a WCF service that exposes some methods with WebInvoke and POST method, this has been working on a Windows 2003 server machine for some time now, the thing is that I have to migrate the service to a new windows 2008 server machine and this is where I'm getting the issue, I get error 400 Bad Request when I try to call from the client. The code deployed into both machines is the same, I have been trying to perform the calls with both a UnitTest VS2008 solution and Fiddler2, the very same request returns a 200 OK response from the w2003 server but the 400 on the 2008 one.
I had another WCF service based on the same philosophy also working on the 2003 server machine so I tried to deploy it on the 2008 server, I found out that GET methods worked correctly on both machines but If I try to consume a very simple POST method, then I get an ERROR 500. Internal Server Error pointing o an "Object reference not set to an instance of an object" error. The thing is that also this method is working If I make the call to the other server, the call is exactly the same, only changes the IP, so I think that there must be some problem with IIS 7 that I can't figure out since the code is working perfectly on w2003/IIS6. I checked for .NET 3.5 installed and all the stuff I found on the forums.
I guess I should post some code but since it's working on the W2003 machine I'm not quite sure It would make any difference, I tried all sort of things with bindings but no luck, I think It should not be necessary since I'm not trying to generate any proxy with svctool or VS2008, I just format an URL request and send it to the server, as stated before it's working flawlessly on the first machine...
Here is an example of a request hand-made with fiddler2 (on the unit tests I use the WebRequest class to generate the request object with the same result):
POST http://XX.XXX.XXX.XXX/ServiceiPhone/service.svc/DoWork HTTP/1.1
Host: XX.XXX.XXX.XXX
User-Agent: FoodLinker/1.0
Accept: text/xml
Content-Type: application/json
Accept-Language: es-es
Accept-Encoding: gzip, deflate
Content-Length: 17
Connection: keep-alive
{"Data":"MyData"}
The code on the server looks like this:
[WebHelp(Comment = "Sample description for DoWork")]
[WebInvoke(UriTemplate = "DoWork")]
[OperationContract]
public SampleResponseBody DoWork(SampleRequestBody request)
{
//TODO: Change the sample implementation here
return new SampleResponseBody()
{
Value = String.Format("Sample DoWork response: '{0}'", request.Data)
};
}
There is no special binding configuration on the web.config file, as stated before it's working on the previous machine but no on the other one.
This is for the test project, the code I really want to deploy is a little bit more complex but its a similar scenario and I think If I can manage to solve this probably I will with the other one.
Any ideas would be very welcome,
thanks in advance
Ok, so I finally figured it out, it was an issue with .NET Framework 3.5, installing the .NET Framework 3.5 SP1 did the trick, so if you ever encounter this problem its worth trying to update and see if it was the problem as in this case.
I am trying to generate a WCF proxy client code for a Windows mobile application that uses basicHttpBinding and I'm continuously receiving the follow error:
Error: An error occurred in the tool.
Error: Error in the application
I was able to generate the proxy before but I don't know why suddenly this happens.
I have read the Sameh Samir's post but the service I use doesn't use any Message Contracts created by me (I've used LINQ to SQL ORD) and the WCFTestClient can connect to the service and shows the contracts.
UPDATE
It seems the problem was with the Windows 7 RC1. I was trying it on Win7 and after running the NetCFSvcUtil on XP everything works just fine.
Anyone knows how can I report this problem to the Microsoft?
THere is now a new tool available that replaces the older version of NetCFSvcUtil. It came out on Monday, August 10, 2009. It can be downloaded at the following link:
http://download.microsoft.com/download/6/2/0/6205ED05-E435-44FC-AA82-B763CA5F8B1A/NetCFSvcUtil.exe
Best of luck!
I found this: http://blogs.msdn.com/habibh/archive/2009/06/26/netcfsvcutil-exe-and-windows-7.aspx
Basically, it states:
Currently, there are no fixes available for this issue. The only workaround is to run NetCFSvcUtil.exe on Windows Vista (SP1 or earlier) or Windows Server 2008 (SP1 or earlier) and then copy the generated client code to other machines.