Wednesday, October 9, 2013


Vyatta is an open-source Linux distribution that offers IPv4 and IPv6 routing, as well as other features such as a stateful firewall.  An .ISO can be downloaded at the link below.

The screen captures below were taken using VMware Workstation and Vyatta version 6.6.  An additional network adapter was added to the virtual machine’s configuration before the initial boot.

The .ISO is a Live CD that allows a direct boot.  The default user name and password are vyatta.  The show version command will display the version number of the application.


The install system command will start a wizard to install the application on the local hard drive.



As stated above, two network adapters were installed on the virtual machine.  This can be verified by the show interfaces command.


Vyatta is similar to Cisco’s IOS operating system in that it has two modes:  Operational and Configuration.  To enter Configuration Mode, use the command configure.  To exit Configuration Mode, use the exit command.  To save a change, use the commit command as well as the save command.

To allow SSH access, use the command set service ssh allow-root within the Configuration Mode.  Commit and save the modification.


To configure an initial IP address value, use the command set interfaces ethernet ethx address x.x.x.x/x.


To set the DNS server value, use the command set system name-server x.x.x.x.


The main gateway address can be set using the command set system gateway-address x.x.x.x.  The current configuration can be displayed by using the command show –all within the Configuration Mode.  The command run show configuration should display the same data.  The command show configuration commands should display information without the {} lines.  The hostname can be set by using the command set system host-name.


Tcpdump is available for packet analysis.  To view packets for IPv6 for example, use the command sudo tcpdump ip6.


Another example would be sudo tcpdump -nvi eth0 dst and not port 22, which would return all traffic on eth0 with a destination IP address of when the port is not 22.


The application tshark is available as well.


Several default time servers are present.  The command delete system ntp server value can be used to remove the default entries, and set system ntp server value can be used to add a new entry.


To shutdown the operating system, use the command poweroff.

A site that includes more commands can be found at  Details concerning IPv6 commands can be found at

Sunday, October 6, 2013


Windows 8.1 and Windows Server 2012 R2 include a new PowerShell cmdlet with the name of Test-NetConnection or TNC.  The default usage will return general information.


The –TraceRoute flag will attempt to display trace route data.


The –Port flag will allow testing of a specific TCP port.


The cmdlet has some built-in aliases for some common services, such as RDP.


Other aliases would include SMB, HTTP, and PING.


The flag –InformationLevel Detailed can be used to obtain more data.


HFS (HTTP File Server)

HFS (HTTP File Server) is a web-based file server.

Allow more than one RDP session per account with a Windows Server

To allow a Windows Server to have more than one RDP session per account, access HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server and change the value of fSingleSessionPerUser from 1 to 0.  This change does not allow more than the default number of administrative remote sessions.

Paros and Zed Attack Proxy (ZAP)

Paros is a Java based HTTP/HTTPS proxy for assessing web application vulnerability.  It supports editing/viewing HTTP messages on-the-fly.  The application has not been updated for several years.

Zed Attack Proxy (ZAP) is another web proxy that has more recent releases.

Saturday, October 5, 2013

PowerShell command to prevent accidental deletion

To enable the feature to prevent accidental deletion for all user objects within Active Directory, use the following PowerShell command.

Get-ADObject -filter {(ObjectClass -eq "user")} |  Set-ADObject -ProtectedFromAccidentalDeletion:$true

The command above should enable the parameter for all user and computer accounts within Active Directory.

Test-ComputerSecureChannel PowerShell cmdlet

The PowerShell cmdlet Test-ComputerSecureChannel will return a true or false reply depending on the status of a client with the domain.  This issue can occur if a snapshot is created for a domain-joined client and then restored to that point in time, but the machine password has been modified on the domain.


The command has a –Repair switch that will attempt to fix a “lost” connection to a domain.

How to determine local .NET Framework versions via the command prompt

To determine the versions of any .NET Framework packages that are installed, launch an elevated command prompt and use the command below. 

wmic /namespace:\\root\cimv2 path win32_product where "name like 'microsoft%.NET%'" get name, version



SwiftSearch is an utility to perform fast searches with NTFS volumes.  Given administrator privileges, it completely bypasses the file system (only NTFS supported) and reads the file table directly.