Loading folder path and filenames manually gives many errors. Spaces, spelling, different file paths and many others add to these. One way to avoid this is to allow the user to choose the path and filenames. Unless these are some predefined file/folderpaths which are static everywhere.

In this blog post two PowerShell functions will be defined for this purposes.

Folder Path

This script will create a pop-up window to select folder path.

Introduction

Qualys has published a detailed guide on using API. Primarily this blog will concentrate on “cURL” and “PowerShell” as the scripting language to query the API.

Note on API limits: Qualys has applied rate limit on API calls based on subscription. Reading API limit is easy, look for X-Powered-By header in http-reponse headers, “X-RateLimit-Limit:” API calls per “X-RateLimit-Window-Sec:/60*60” hrs. Ex: if “X-RateLimit-Limit: 100” “X-RateLimit-Window-Sec: 86400” Then,

Pre-Requisites

We need three virtual machines to recreate this attack. I used virtual box to setup these virtual machines. All three machines should be on same subnet.

All three machines are in “Nat in network” mode. Attacker machine can be of any OS. Victim should be of Windows OS(any windows OS will do good for demo)