How to change Windows proxy settings using cmd/command prompt/registry/.cmd/.bat

Keywords: Microsoft Windows proxy, proxy settings, Registry, regedit, Registry Editor, wildcard

Method 1: Using Registry directly

Warning: Changing other parameters from registry might cause damage to operating system, please modify carefully.

1 Use Win + R key combination open “Run” window

Microsoft Windows - Run window
Microsoft Windows – Run window

2 Enter “regedit” then press “OK” button

3 Find following path

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Microsoft Windows - Registry Editor
Microsoft Windows – Registry Editor

4 Change/Create “DWORD” Key “ProxyEnable”, Set value to “0” to disable proxy, “1” to enable proxy

Registry Editor - ProxyEnable
Registry Editor – ProxyEnable

If you have enabled proxy from Step 4, follow below steps to continue configuration process

5 Change/Create “String Value” Key “ProxyServer”, Set value to <proxy address>:<port>. e.g.

127.0.0.1:1234 OR myproxyname.com:5678
Registry Editor - ProxyServer
Registry Editor – ProxyServer

Extra: If you need to exclude some addresses from proxy follow Step 6

6 Change/Create “String Value” Key “ProxyOverride”, Set value to include desired addresses which you want to exclude

10.0.0.1;google.com;localhost;*.bing.com;<local>;192.168.100.*
Registry Editor - ProxyOverride
Registry Editor – ProxyOverride

*.bing.com: Any domain under bing.com e.g. ads.bing.com, cdn.bing.com

192.168.100.*: Including the whole subnet (192.168.100.1-192.168.100.254)

<local>: Check the “Don’t use the proxy server for local (intranet) addresses” from Windows Settings

Windows Settings - Proxy
Windows Settings – Proxy

Method 2: Using command prompt

1 Use Win + R key combination open “Run” window

  • Enter following command and hit Enter key to disable proxy
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
  • Enable proxy
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
  • Set proxy IP address and port
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d 10.0.1.1:1234 /f
  • Bypass for selected addresses
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /t REG_SZ /d "10.0.0.1;google.com;localhost;*.bing.com;192.168.100.*;<local>" /f
  • Clean proxy settings
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f

reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f

Method 3: Import proxy settings by using Registry file

1 Save desired proxy settings to a text file then change file extension from “.txt” to “.reg”

e.g. Save following text to “proxy.reg”

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001
"ProxyServer"="10.0.1.0:1234"
"ProxyOverride"="10.0.0.1;google.com;localhost;*.bing.com;192.168.100.*"

2 Double click on “proxy.reg”

proxy.reg
proxy.reg

3 Click on “Yes” if you see this Window

User Account Control (UAC) Window - Registry Editor
User Account Control (UAC) Window – Registry Editor

4 Click on “Yes” to continue

Registry Editor - "Adding information can unintentionally change of delete values and cause components to stop working correctly. If you do not trust the source of this information in .... .reg, do not add it to the registry." "Are you sure you want to continue?"
Registry Editor – “Adding information can unintentionally change of delete values and cause components to stop working correctly. If you do not trust the source of this information in …. .reg, do not add it to the registry.” “Are you sure you want to continue?”

5 Now the proxy settings is imported, click on “OK”.

Registry Editor - "The keys and values contained in .. .reg have been successfully added to the registry."
Registry Editor – “The keys and values contained in .. .reg have been successfully added to the registry.”

Method 4: Using “.cmd” “.bat” file

1 Create a text file

2 Add following content to the text file

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d 10.0.1.0:1234 /f

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /t REG_SZ /d "10.0.0.1;google.com;localhost;*.bing.com;192.168.100.*" /f

3 Rename it to “enable-proxy.cmd” or “enable-proxy.bat”

4 Double click on enable-proxy.cmd” or “enable-proxy.bat”, now the proxy is configured (If not, run with administrator account)

To Disable proxy

1 Add following content to “disable-proxy.cmd” or “disable-proxy.bat”

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

2 Double click on “disable-proxy.cmd” or “disable-proxy.bat” to run the commands

To Clean proxy settings (Doesn’t matter enabled or disabled)

1 Add following content to “clean-proxy.cmd” or “clean-proxy.bat”

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f

reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f

2 Double click on “clean-proxy.cmd” or “clean-proxy.bat” to run the commands

Note: Using unknown proxy servers can be danger, especially when browsing websites or using apps which requires to login.

Search Hacking, Google Hacking, Google Dork, Shodan

Google

QueryDescriptionExample
filetypeSearch for file typefiletype:txt
inurlSearch URLinurl:”/login.html”
intextSearch Text from articlesintext:”Download”
intitleSearch Titleintitle:”Joomla”

Documents

"default username password" filetype:pdf
"scanned by camscanner" filetype:pdf
Document with default username and password included
Document with default username and password included

Data

intitle:"Namenode information" AND inurl:":50070/dfshealth.html"
hadoop HDFS
hadoop HDFS
intitle:"netdata dashboard" AND intext:"Costa Tsaousis"
netdata dashboard
netdata dashboard

Video

intitle:"Live View / – AXIS"
intitle:"Network Camera NetworkCamera"
intitle:"Yawcam" inurl:8081
intitle:"VB Viewer"
inurl:embed.html inurl:dvr
inurl:/guestimage.html
inurl:"/view/view.shtml?id="
inurl:embed.html inurl:dvr
inurl:embed.html inurl:dvr

Github

Email credential

@gmail.com smtp
Github Search “@gmail.com smtp”

Database credential

mysql_pass
Github Search - "mysql_pass"
Github Search – “mysql_pass”

Bonus: More Google Hacking tricks can be found here: Google Hacking Database

Shodan

Shodan – Search engine which allow users to discover various types of devices (routers, webcams, computers etc.)

Note: Shodan is not completely free, it is more like freemium.

Shodan Search - webcam 7
Shodan Search – webcam 7
  • city: find devices in a particular city
  • country: find devices in a particular country
  • geo: search coordinaters
  • hostname: find the hostname that matches
  • os: search particular operating system
  • port: find particular open ports
  • before/after: find results with a specific timeframe

Find Apache servers in Germany

apache city:“Germany”

Find Nginx servers in Russia

nginx country:"RU"

Find GWS (Google Web Server):

"Server:gws" hostname:"google"

Find Cisco devices on a particular subnet

cisco net:"xxx.xxx.xxx.x/24"

Intel Active Management Technology (AMT) Usage & Configuration. For out-of-band (OOB) remote support

Keywords: Intel Active Management Technology, AMT, Intel AMT, OOB, out-of-band management, out-of-band remote support, out-of-band management

What is Intel AMT: Intel Active Management Technology (AMT) [1] is hardware and firmware for remote out-of-band management of select business computers. AMT is built into PCs with Intel vPro technology and is based on the Intel Management Engine (ME). Intel AMT uses a hardware-based out-of-band (OOB) communication channel that operates regardless of the presence of a working operating system (OS). [2]

[1] Intel: Intel vPro® Platform: Intel® Active Management Technology

[2] Wikipedia: Intel Active Management Technology

Before starting:

  • Make sure your client PC supports Intel AMT, usually i5 vPro, i7 vPro and Xeon supports Intel AMT (Or explore BIOS for Intel AMT option Or Check your PC’s specification from official website Or Install Intel AMT software see if it detects Intel AMT)
  • Make sure you understand what is BIOS
    • More Important: How to access and configure BIOS
  • Make sure you have two PCs if you want to control a PC via Intel AMT from another
  • Warning: Keep in mind that by enabling Intel AMT, it can increase attack surface from security perspective. Make sure you understand the risk before starting. (Strong password and encrypted connection is always preferred)

BIOS configuration:

BIOS configuration - Enable Intel AMT Control
BIOS configuration – Enable Intel AMT Control

1 Make sure you know how to access BIOS.

  • For Windows 10 PC, you can hold Shift button and click on Restart button from Windows 10 start menu -> Select “Troubleshoot” -> “UEFI Firmware”
  • Another option is to press some key during cold boot, you need to check your PC brand/model or motherboard manual

2 Once into BIOS configuration screen, find “Intel AMT” and Enable it

Warning: Do not change anything else, otherwise it can render your PC unbootable or even damage it.

ME configuration:

1 After you have pressed Power button to start the PC, keep press Ctrl + P key combination repetitively until ME configuration come up. (You may see a different screen from below image if it’s first time to configure ME on the PC, in that case you might need to enter the default password which is “admin” to enter configuration) If you see similar screen as below, Press 1 to continue (In this case the password might be changed to something else rather than “admin”)

Ctrl + P -> Screen before entering ME configuration screen

2 You will see following screen, Select MEBx Login, enter correct password

ME - First screen
ME – First screen

3 You will see “Main Menu”

ME - First screen after login (Main Menu)
ME – First screen after login (Main Menu)

4 Enter ME Generation Settings, we can change password Enable/Disable Firmware update.

ME - Intel ME General Settings
ME – Intel ME General Settings

5 Most of the other configuration are under Intel AMT Configuration

ME - Main Menu
ME – Main Menu

6 To be able to use Intel AMT (That is, to utilise Intel AMT to remote control the PC without worrying about OS) we need to make following changes

7 Enable “Manageability Feature Selection”

ME - Intel AMT Configuration
ME – Intel AMT Configuration

8 Enter “SOL/Storage Redirection/KVM” menu

9 Enable “SOL”, Enable “Storage Redirection”, Enable “KVM Feature Selection”

ME -  Intel AMT Configuration -> SOL/Storage Redirection/KVM
ME – Intel AMT Configuration -> SOL/Storage Redirection/KVM

10 Enter “User Consent” menu

 ME -  Intel AMT Configuration
ME – Intel AMT Configuration

11 Change “User Opt-in” to NONE, Enable “Opt-in Configurable from Remote IT”

ME -  Intel AMT Configuration -> User Consent
ME – Intel AMT Configuration -> User Consent

12 Enter “Network Setup” menu

ME – Intel AMT Configuration

13 Enter “Intel ME Network Name Settings”

ME -  Intel AMT Configuration -> Intel ME Network Setup
ME – Intel AMT Configuration -> Intel ME Network Setup

14 Change “Host Name” to your preferred host name

ME -  Intel AMT Configuration -> Intel ME Network Name Settings
ME – Intel AMT Configuration -> Intel ME Network Name Settings

15 Enter “TCP/IP Settings” menu

ME -  Intel AMT Configuration -> Intel Me Network Setup
ME – Intel AMT Configuration -> Intel Me Network Setup

16 Enter “Wired LAN IPV4 Configuration” menu

 ME -  Intel AMT Configuration -> TCP/IP Settings
ME – Intel AMT Configuration -> TCP/IP Settings

17 Enable DHCP Mode (Unless if you have static IP address assigned)

ME - Intel AMT Configuration -> Wired LAN IPv4 Configuration
ME – Intel AMT Configuration -> Wired LAN IPv4 Configuration

18 Save and exit the menu

After the PC is restarted, find the IP address of the configured PC. Try to connect via another device through URL:

For Non-TLS – http://<IP_or_FQDN>:16992
For TLS – https://<IP_or_FQDN>:16993

If you are able to access the “Intel® Active Management Technology” it means Intel AMT is configured correctly for remote support.

You can confirm with “Intel Management and Security Status” form within OS

Intel Management and Security Status
Intel Management and Security Status
Intel Management and Security Status
Intel Management and Security Status

Now you can remote control this PC even without having an OS installed on this Intel AMT enabled PC. (Whereas many other remote control software only works with OS installed and can’t control the PC unless the system already booted into OS) Thus, you can even change BIOS settings remotely with Intel AMT (And that’s why it is dangerous too if not correctly configured and secured)

For more on real-world use cases/how to utilise Intel AMT click here

Out-of-band (OOB) Management, Remote support/control with Intel Active Management Technology (AMT) using open source MeshCommander

Keywords: Intel Active Management Technology, AMT, Intel AMT, Remote control, Remote support, OOB, out-of-band management, out-of-band remote support, MeshCommander, Open Source, free, software, free Intel AMT software

Click here if not sure What is Intel Active Management Technology (AMT)

MeshCommander is an open source software which enables you to provide remote management/support/control via Intel AMT. Compare to traditional remote control protocol, Intel AMT provides out-of-band management ability, which means you do not even need to install operating system (OS) on the computer while you are still able to remote control the device (Which means you can even modify BIOS settings remotely, whereas traditional remote control software only works within OS), this is useful when you need to reinstall OS remotely or modify BIOS settings remotely.

Tips: You can still use Intel AMT to control the OS, there is nothing wrong with that. Though you might find other remote control software are easier to use when controlling the OS e.g. copy/paste/transfer files, send key combination etc.


MeshCommander is the ultimate open source Intel® AMT management console. In an effort to make Intel® AMT easier, support many platforms and over the Internet usages, MeshCommander is entirely built in JavaScript. You can now manage your Intel® AMT computers from within a browser or as a standalone tool.

You can use MeshCommander as-is or download the source code and samples to build your own web based Intel® AMT tool. If you have Intel AMT 11.6+ or Intel AMT 12.0.20+ you can load MeshCommander inside the flash storage of Intel® AMT. To do this, take a look at the firmware installer. Your privacy matters: MeshCommander does not collect or send back any usage data or telemetry.

Downloads


MeshCommander - Computer Management
MeshCommander – Computer Management
MeshCommander - Certificate Manager
MeshCommander – Certificate Manager
MeshCommander - Intel AMT USB Setup.bin Manager
MeshCommander – Intel AMT USB Setup.bin Manager
MeshCommander - Recorded Session Player
MeshCommander – Recorded Session Player

Cisco Access point/Switch swap primary boot image/backup boot image

Keywords: Cisco Boot Image, Cisco access point, access point, primary boot image, backup boot image, ap running image, cisco mobility express, switch primary boot image, switch backup boot image, swap primary boot image, swap backup boot image

1 Connect to the device via console/SSH (If using Mobility express, connect to the device IP via SSH or console cable, not the Mobility Express controller IP address)

2 Login with correct credential

3 You will see “name of the device> ” in command window

Console command window
Console command window

4 Type “show version” to view current image information

5 From following image we can see currently the AP us running on “Primary Boot Image” which is “8.8.120.0” the “Backup Boot Image” is “8.10.105.0”

AP Running Image, Primary Boot Image, Backup Boot Image
AP Running Image, Primary Boot Image, Backup Boot Image

6 Now we need to login to “Cisco Controller”. For Mobility Express running as master or “Autonomous Mode” you can SSH to the IP address which you used to login to Mobility Express controller (See following image).

Cisco Mobility Express Controller
Cisco Mobility Express Controller
SSH -> Cisco Mobility Express
SSH -> Cisco Mobility Express

7 Enter following command, replce <AP_Name> with correct access point name

(Cisco Controller) >config ap image swap <AP_Name>
config ap image swap <AP_Name>
config ap image swap <AP_Name>
config ap image swap MyAP
config ap image swap MyAP

8 If there is no error message returned, reboot the AP.

After the AP rebooted, use the same “show version” command to check the booted image, now it should be swapped. (Or use Wireless LAN Controller Web UI to check current version number)

How to hide users from address lists (GAL/Global Address List etc.) By configuring Office 365/Exchange server

(This article is for Office 365/Exchange server Administrators)

Keywords: hide users from GAL, hide users from global address list, office 365, exchange server, hide users from address list, Office 365 administrator, O365

1 Login to https://outlook.office365.com/ecp with Office 365 Administrator account

2 Click on “recipients” -> double click on the name of the user you want to hide from address list

Microsoft Exchange admin center - recipients
Microsoft Exchange admin center – recipients

3 Check the “Hide from address lists” box, click on “Save” button

Microsoft Exchange admin center - User editor
Microsoft Exchange admin center – User editor

4 Wait for 2 minutes, check the Outlook Global Address List again, the hidden user should not appear in the list anymore.

How long does it take for Microsoft Exchange mail flow rule to take effect (And what is Enforce, Test with Policy Tips, Test without Policy Tips)

From the real world test, it can take up from 2-10 minutes (usually it will not work instantly, you have to wait at least 2-10 minutes.)

From Microsoft documents: They suggest to wait 30 minutes.

Important

Wait 30 minutes after creating a rule before you test it. If you test immediately after you create the rule, you may get inconsistent behaviour. If you’re using Exchange Server and have multiple Exchange servers, it may take even longer for all the servers to receive the rule.

https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/test-mail-flow-rules

Bonus:

Modes

Enforce: Apply the rule

Test with Policy Tips: Use this mode together with an incident report action, and you can receive an email message each time an email matches the rule.

Test without Policy Tips: This mode is only available if you’re using Data loss prevention (DLP), which is available with some Exchange Online and Exchange Online Protection (EOP) subscription plans. With this mode, a message is set to the sender when a message they are sending matches a policy, but no mail flow actions are taken.

Find out more from “Test a mail flow rule in Exchange Online

Kali Linux 2019.4 install bettercap web-ui v1.3.0

Keywords: How to install bettercap, Kali Linux, How to install bettercap web-ui

1 Install the latest bettercap

# apt install bettercap

2 Download bettercap web-ui: https://github.com/bettercap/ui/releases

Click here to download the v1.3.0 ui.zip file directly

3 Extract to “/usr/share/bettercap/ui”

Kali Linux 2019.4 "/usr/share/bettercap/ui"
Kali Linux 2019.4 “/usr/share/bettercap/ui”

4 Use following command to start the web-ui

# sudo bettercap -caplet http-ui

5 Open http://127.0.0.1

6 Now you can login with default account

Username: user
Password: pass
bettercap login page
bettercap login page
bettercap web-ui
bettercap web-ui

Warning: It’s recommended to change the default login details

Change default login details

1 Use your favourite text editor to open

/usr/share/bettercap/caplets/http-ui.cap

2 Find following lines

set api.rest.username user
set api.rest.password pass
/usr/share/bettercap/caplets/http-ui.cap
/usr/share/bettercap/caplets/http-ui.cap

3 Change “user” to your preferred username, change “pass” to your preferred password

4 Save the file

5 Kill the bettercap process then use “sudo bettercap -caplet http-ui” to start the web-ui again, login with new login details

Web-UI

bettercap web-ui
bettercap web-ui
bettercap - Search bar
bettercap – Search bar

1 Recording/Replay: Record and reply the session, for reviewing the information only, it will not actually fire the commands

2 Delay for getting information from API

3 Clear the screen: Clean the screen in web-ui, if you did not save the log, the history will lost, you can probably still find them from your terminal window.

4 How many records to be displayed per page (You can click on messages to view detail)

5 Command bar: You can enter bettercap commands here e.g. “net.probe on” you can also enter terminal commands here e.g. “!ping 127.0.0.1 -c 4” it will execute the command but the output will not be displayed from web-ui.

6 Search bar: Search details in data packets e.g. password

Extended reading:

1 Web UI Usage and other commands https://www.bettercap.org/usage/

Tips

If you have encountered “File has unexpected size” -> Click here: Kali Linux apt upgrade Error – File has unexpected size

Office 365 Mailbox/Shared mailbox Litigation hold

Shared Mailbox

1.1 Sign in from https://admin.microsoft.com then click on “Exchange” or use this link to open the “Exchange admin center” directly https://outlook.office365.com/ecp

Microsoft Office 365 admin center -> Exchange
Microsoft Office 365 admin center -> Exchange

1.2 Click on recipients -> shared -> double click on one of the shared mailbox

Exchange admin center -> recipients -> shared
Exchange admin center -> recipients -> shared

1.3 Click on mailbox features -> Enable (Under “Litigation hold: Disabled”)

Exchange admin center -> mailbox features
Exchange admin center -> mailbox features

1.4 You can click on “Save” button in next window, or specify hold duration in days, message you want to show to the user (If leave them empty, users will not know Litigation is enabled)

Exchange admin center -> litigation hold
Exchange admin center -> litigation hold

Users

2.1 Sign by following step 1.1

2.2 Following step 1.2 (Note: Instead of click on “shared”, this time we click on “mailboxes”)

2.3 Follow step 1.3 to 1.4

Extended reading:

In-Place Hold (Retention policy) and Litigation Hold: https://docs.microsoft.com/en-us/exchange/security-and-compliance/in-place-and-litigation-holds