|
On November 11 2011 02:30 Triscuit wrote:Show nested quote +On November 11 2011 02:25 Perfect wrote: I just wrote some powershell coding to use white space obfuscation to hide my Password to an administrator account that i need to call in my script but i dont want it to be locked into a secure string.
So what you do is you find the ASCII value of the letters in your password, you then conver that ascii value into a Binary code (obviously composed of only zero's and ones). Using ascii values 9 and 32 you can then turn all of your zeros and ones into Spaces and Tabs which are spit out into a .txt. When viewed with the naked eye the .txt looks blank, but its full of TABS and Spaces that get DEcoded back into your script as the password.
More of a hacker method used in VB that we are using in our enterprise "ethically"
Something fun Ahaha, wow... That is pretty awesome actually. So like 'tab' decodes to 0 and 'space' decodes to 1 or vice versa?
wow wow hahaha nice
I understood the second part but could you please explain the first part?
I just wrote some powershell coding to use white space obfuscation to hide my Password to an administrator account that i need to call in my script but i dont want it to be locked into a secure string.
Is it basically hiding the password well? Why will you need to do it? Is it modifying the way your password is stored in your pc? And wouldn't people start knowing and looking for this? A simple highlight will easily show that you're using white space obsfucation right?
And how can they hack with this? Since you're using it as a security measure .
|
|
On November 11 2011 03:13 kingNothing42 wrote: Sounds a lot like my experience when I interviewed, especially the part about driving to the hotel! It was kind of terrifying taking the rental through dark, unfamiliar streets to find the hotel in Bellevue. Congrats! Sorry I couldn't make the dinner, I was actually hosting another friend from college that was interviewing that day. It seems as if driving from SEATAC to your hotel at night is a rite of passage. The exit I needed to take was closed, too. Also the bit about waking up very early the day of the interview brings back some memories
|
Very nice read, thanks for posting.
Please post your thoughts on the Google interview process, I can imagine that will be just as fun to read as this one.
|
On November 11 2011 03:33 JieXian wrote:Show nested quote +On November 11 2011 02:30 Triscuit wrote:On November 11 2011 02:25 Perfect wrote: I just wrote some powershell coding to use white space obfuscation to hide my Password to an administrator account that i need to call in my script but i dont want it to be locked into a secure string.
So what you do is you find the ASCII value of the letters in your password, you then conver that ascii value into a Binary code (obviously composed of only zero's and ones). Using ascii values 9 and 32 you can then turn all of your zeros and ones into Spaces and Tabs which are spit out into a .txt. When viewed with the naked eye the .txt looks blank, but its full of TABS and Spaces that get DEcoded back into your script as the password.
More of a hacker method used in VB that we are using in our enterprise "ethically"
Something fun Ahaha, wow... That is pretty awesome actually. So like 'tab' decodes to 0 and 'space' decodes to 1 or vice versa? wow wow hahaha nice I understood the second part but could you please explain the first part? Show nested quote +I just wrote some powershell coding to use white space obfuscation to hide my Password to an administrator account that i need to call in my script but i dont want it to be locked into a secure string. Is it basically hiding the password well? Why will you need to do it? Is it modifying the way your password is stored in your pc? And wouldn't people start knowing and looking for this? A simple highlight will easily show that you're using white space obsfucation right? And how can they hack with this? Since you're using it as a security measure . First of all I did not mean to Hi Jack this thread so I it is viewed as such please delete A few weeks ago I was asked to make a short PS script that adds a computer to the domain automatically. So I built a basic PowerShell script that does this. However, in order to add a computer to the domain, you need to have a Login with elevated permissions to add a computer to the domain and i had to provide that information in the script.
If someone was thinking outside the box they could just edit the script and see the User name and Pass and login to the domain with those credentials. So instead I have a PS script using Whitespace Obfuscation encoding where I type in ANY password I want and it converts it into Spaces and Tabs, which to the naked eye looks like nothing. (As said before you do this by Converting the Letter into an ascii value, then converting the ascii value into a binary code of zeros and ones, then converting each zero and one into a TAB or SPACE and printing it to a Location, and when read it looks blank)
Then I change my admin password to the password I secured in the Encoding script. Next in my addDomain script I pull back from the text document of Tabs and Spaces and rebuild it back to a readable password and supply it to my script. So Vola the computer is added to the domain automatically but no one can just read the password.
Now I know some people will say, well you could just figure out the algorithm and you have the password. Which is true of advanced Scripters, but to scrub IT tech they won’t figure it out. Not to mention that you could put your Blank spaces and Tabs ANYwhere (between words, at the beginning of code) and build it that way, which would be much more complicated but very secure.
HACKING - You asked me how this could be used for hacking. Well I’m using this sort of "obfuscation" idea in PowerShell as an administrator and using it for good as a protection.
If you wanted to be malicious you could pass this through HTML code and when someone looks at the source code it looks fine, but you can assign each space/tab that is used throughout the code to build a malicious pointer to another website. To any virus scanning software it will look as if there is nothing wrong BECAUSE there are SUPPOSED to be TABS and Spaces in the HTML language.
For example my reply here consists of many tabs and spaces. I could write scripting that pulls from any random spot in-between my words (or perfectly normal looking scripting) and rebuild malicious coding.
|
@OP Hi, i have a question if you dont mind answering. I'm also a CSI student about to graduate but I have some physical disabilities(spinal cord injury). My question is have you seen anybody with some disability while you were there at Microsoft? Do do they give chances to people like me or do they straight up reject app for that reason. I'm one of the top in my classes when it comes to grades and knowledge but i'm not sure if I'm will be facing some difficulties landing a good job because of my limitations. As much as I'm concerned i dont see how my disability can affect my ability to work other then maybe the fact i dont type as fast. Appreciate any answer.
|
Grades are 20% of your application, the other 80% is UP TO YOU. How you fit with their corporate culture. How you behave. Your mindset. Your SOCIAL interactions.
|
I hope to write a blog like this sometime soon. Congrats!
|
United States4991 Posts
|
United States4991 Posts
On November 11 2011 04:29 Perfect wrote: HACKING - You asked me how this could be used for hacking. Well I’m using this sort of "obfuscation" idea in PowerShell as an administrator and using it for good as a protection.
If you wanted to be malicious you could pass this through HTML code and when someone looks at the source code it looks fine, but you can assign each space/tab that is used throughout the code to build a malicious pointer to another website. To any virus scanning software it will look as if there is nothing wrong BECAUSE there are SUPPOSED to be TABS and Spaces in the HTML language.
For example my reply here consists of many tabs and spaces. I could write scripting that pulls from any random spot in-between my words (or perfectly normal looking scripting) and rebuild malicious coding.
If you can execute arbitrary scripts on my computer why would you waste time doing something like that? I don't really see how you would ever be able to use that for anything actually malicious. If you really want to encrypt data you should consider doing it with a cert instead of a homebrewed obfuscation.
|
On November 11 2011 05:12 Insane wrote:Show nested quote +On November 11 2011 04:29 Perfect wrote: HACKING - You asked me how this could be used for hacking. Well I’m using this sort of "obfuscation" idea in PowerShell as an administrator and using it for good as a protection.
If you wanted to be malicious you could pass this through HTML code and when someone looks at the source code it looks fine, but you can assign each space/tab that is used throughout the code to build a malicious pointer to another website. To any virus scanning software it will look as if there is nothing wrong BECAUSE there are SUPPOSED to be TABS and Spaces in the HTML language.
For example my reply here consists of many tabs and spaces. I could write scripting that pulls from any random spot in-between my words (or perfectly normal looking scripting) and rebuild malicious coding.
If you can execute arbitrary scripts on my computer why would you waste time doing something like that? I don't really see how you would ever be able to use that for anything actaully malicious. If you really want to encrypt data you should consider doing it with a cert instead of a homebrewed obfuscation. Quite right. Obfuscation is not a method to provide real secrecy of data. It's there to prevent easy code comprehension and theft. For most obfuscation you don't need to actually have a specific compiler to make the code work. It will usually be an external tool that will rewrite the code with obfuscated methods (such as calling function a() which will contain local variable named a and global variable a... but the code is perfectly correct, just a nightmare to understand). For white space obfuscation though you really need an interpreter to make it work. Meaning that you need first to have installed on the target system a code working with the system, Or you need to compile it (getting a binary and no longer being used in a standard HTML).
Also : congrats to the OP, I hope you find the right company to work with. It's funny though cause I had some interviews a few years ago with Microsoft for their consultancy team and had a completly different experience. Maybe it depends on which country you apply, the work experience or other things...
|
Congratulations, nice to have the luxury of a job offer
Trivia: My teacher at college could probably solve any linked list problem in the world, and he could also make programs that solve them for you. But when being recruited by Microsoft he stumbled at a simple question about window sizes or similar due to being nervous... Then again, that's what he remembered and there are probably other aspects of the interview(s) that might have been the real issue.
Another thing I found interesting is that I would probably have done very well with all those technical questions right after school (don't know about the other questions). But today I would have to think long and hard, and probably draw everything on the whiteboard until I remembered it :p Not many programmers have to think about linked lists or binary trees at work.
|
On November 11 2011 05:02 Insane wrote:Show nested quote +On November 11 2011 04:50 boski055 wrote: @OP Hi, i have a question if you dont mind answering. I'm also a CSI student about to graduate but I have some physical disabilities(spinal cord injury). My question is have you seen anybody with some disability while you were there at Microsoft? Do do they give chances to people like me or do they straight up reject app for that reason. I'm one of the top in my classes when it comes to grades and knowledge but i'm not sure if I'm will be facing some difficulties landing a good job because of my limitations. As much as I'm concerned i dont see how my disability can affect my ability to work other then maybe the fact i dont type as fast. Appreciate any answer. You might do better asking one of us who works at Microsoft . I've seen multiple people who are confined to wheelchairs in various states of ability from within the wheelchair [and who have jobs here]. Microsoft definitely provides good support for people with physical disabilities, and there's no way they'll reject you based on that (they'd get in deep shit if they did ) See the page from our state on this: http://www.hum.wa.gov/FAQ/FAQDisibility3.html e: nobody on my team has such a disability, so I don't actually know how they do their work on a day to day basis, but I assume they have some special setup. e2: I wouldn't worry about typing speed btw. I type quite quickly, but there are some people at work who type very slowly . It's more important that you know things and can logically think through and solve something without losing sight of the "big picture".
I have also seen people around Microsoft with varying physical issues (canes, walkers, wheelchairs, etc.). Go for it!
|
On November 11 2011 05:41 humblegar wrote:Congratulations, nice to have the luxury of a job offer Trivia: My teacher at college could probably solve any linked list problem in the world, and he could also make programs that solve them for you. But when being recruited by Microsoft he stumbled at a simple question about window sizes or similar due to being nervous... Then again, that's what he remembered and there are probably other aspects of the interview(s) that might have been the real issue. Another thing I found interesting is that I would probably have done very well with all those technical questions right after school (don't know about the other questions). But today I would have to think long and hard, and probably draw everything on the whiteboard until I remembered it :p Not many programmers have to think about linked lists or binary trees at work.
Yeah, which is part of the reason why the interview process doesn't really revolve around getting the right answer, it's more of how you think. Or at least it's supposed to be. Sometimes I just get very specific questions that are "you either know it or you don't" and I think that is the most frustrating part of interviewing. Because then you get all that pressure like "great, I can't answer this problem" and that leads to floundering and you almost always just look bad at the end.
Very few of the questions I encountered at Microsoft fell under the category of just knowing things. It would help to understand the data structures, but fundamentally everything you need to know could be answered by looking at a picture they drew, or in a minute or two of explanation.
I've had interviews where they literally hand you a test and leave the room. And the test was on trigonometry, which I haven't had in 4 years. That was fucked up.
|
On November 11 2011 05:12 Insane wrote:Show nested quote +On November 11 2011 04:29 Perfect wrote: HACKING - You asked me how this could be used for hacking. Well I’m using this sort of "obfuscation" idea in PowerShell as an administrator and using it for good as a protection.
If you wanted to be malicious you could pass this through HTML code and when someone looks at the source code it looks fine, but you can assign each space/tab that is used throughout the code to build a malicious pointer to another website. To any virus scanning software it will look as if there is nothing wrong BECAUSE there are SUPPOSED to be TABS and Spaces in the HTML language.
For example my reply here consists of many tabs and spaces. I could write scripting that pulls from any random spot in-between my words (or perfectly normal looking scripting) and rebuild malicious coding.
If you can execute arbitrary scripts on my computer why would you waste time doing something like that? I don't really see how you would ever be able to use that for anything actually malicious. If you really want to encrypt data you should consider doing it with a cert instead of a homebrewed obfuscation.
Oh.. definatly. Its easy to say, why this, if this. The difficult part is understanding it. And to the naked eye where you could easily browse through and find malicous coding or have protection type software that is constantly doing a look up "white Space" obfuscation is just a fun and really neat way of using what you know.
Mind you Scripts are just doing what you tell them to, if someone knows the reverse its easy, its understanding it thats the difficult part
|
welcome to seattle son (if you accept the offer)
|
On November 11 2011 05:48 kingNothing42 wrote:Show nested quote +On November 11 2011 05:02 Insane wrote:On November 11 2011 04:50 boski055 wrote: @OP Hi, i have a question if you dont mind answering. I'm also a CSI student about to graduate but I have some physical disabilities(spinal cord injury). My question is have you seen anybody with some disability while you were there at Microsoft? Do do they give chances to people like me or do they straight up reject app for that reason. I'm one of the top in my classes when it comes to grades and knowledge but i'm not sure if I'm will be facing some difficulties landing a good job because of my limitations. As much as I'm concerned i dont see how my disability can affect my ability to work other then maybe the fact i dont type as fast. Appreciate any answer. You might do better asking one of us who works at Microsoft . I've seen multiple people who are confined to wheelchairs in various states of ability from within the wheelchair [and who have jobs here]. Microsoft definitely provides good support for people with physical disabilities, and there's no way they'll reject you based on that (they'd get in deep shit if they did ) See the page from our state on this: http://www.hum.wa.gov/FAQ/FAQDisibility3.html e: nobody on my team has such a disability, so I don't actually know how they do their work on a day to day basis, but I assume they have some special setup. e2: I wouldn't worry about typing speed btw. I type quite quickly, but there are some people at work who type very slowly . It's more important that you know things and can logically think through and solve something without losing sight of the "big picture". I have also seen people around Microsoft with varying physical issues (canes, walkers, wheelchairs, etc.). Go for it!
Indeed, and if you need special ergonomic gear (convertible sitting/standing desk, keyboards, etc. etc.) they're really good at helping you out with that as well. It's far more important that you are able to solve problems, implement algorithms in code, and communicate well, than being able to type at X or Y WPM or being able-bodied. There's several people in my building with varying degrees of disability who get on just fine.
|
Holy shit. I'm a third year COSC major right now, and reading this just scared the shit out of me. Microsoft interviews, you scary. =/
How'd you prepare for this?
|
For Google, are you flying to California? The Google campus in Mountain View is pretty amazing. I've toured it and its super super nice.
|
Gz on the offer, but man 6 interviews, must just drain you so much.
|
|
|
|