Wednesday, October 9, 2013

Vyatta

Vyatta is an open-source Linux distribution that offers IPv4 and IPv6 routing, as well as other features such as a stateful firewall.  An .ISO can be downloaded at the link below.

http://www.vyatta.org/

The screen captures below were taken using VMware Workstation and Vyatta version 6.6.  An additional network adapter was added to the virtual machine’s configuration before the initial boot.

The .ISO is a Live CD that allows a direct boot.  The default user name and password are vyatta.  The show version command will display the version number of the application.

vyatta1

The install system command will start a wizard to install the application on the local hard drive.

vyatta2

vyatta3

As stated above, two network adapters were installed on the virtual machine.  This can be verified by the show interfaces command.

vyatta4

Vyatta is similar to Cisco’s IOS operating system in that it has two modes:  Operational and Configuration.  To enter Configuration Mode, use the command configure.  To exit Configuration Mode, use the exit command.  To save a change, use the commit command as well as the save command.

To allow SSH access, use the command set service ssh allow-root within the Configuration Mode.  Commit and save the modification.

vyatta5

To configure an initial IP address value, use the command set interfaces ethernet ethx address x.x.x.x/x.

vyatta6

To set the DNS server value, use the command set system name-server x.x.x.x.

vyatta7

The main gateway address can be set using the command set system gateway-address x.x.x.x.  The current configuration can be displayed by using the command show –all within the Configuration Mode.  The command run show configuration should display the same data.  The command show configuration commands should display information without the {} lines.  The hostname can be set by using the command set system host-name.

vyatta8

Tcpdump is available for packet analysis.  To view packets for IPv6 for example, use the command sudo tcpdump ip6.

vyatta9

Another example would be sudo tcpdump -nvi eth0 dst 172.16.1.1 and not port 22, which would return all traffic on eth0 with a destination IP address of 172.16.1.1 when the port is not 22.

vyatta10

The application tshark is available as well.

vyatta11

Several default time servers are present.  The command delete system ntp server value can be used to remove the default entries, and set system ntp server value can be used to add a new entry.

vyatta12

To shutdown the operating system, use the command poweroff.

A site that includes more commands can be found at http://www.v12n.com/mediawiki/index.php/Vyatta_How_To.  Details concerning IPv6 commands can be found at http://samsclass.info/ipv6/proj/pV7-dhcpv6.html.

Sunday, October 6, 2013

Test-NetConnection

Windows 8.1 and Windows Server 2012 R2 include a new PowerShell cmdlet with the name of Test-NetConnection or TNC.  The default usage will return general information.

test_netconnection_1

The –TraceRoute flag will attempt to display trace route data.

test_netconnection_2

The –Port flag will allow testing of a specific TCP port.

test_netconnection_3

The cmdlet has some built-in aliases for some common services, such as RDP.

test_netconnection_4

Other aliases would include SMB, HTTP, and PING.

test_netconnection_5

The flag –InformationLevel Detailed can be used to obtain more data.

test_netconnection_6

Additional examples can be found at https://isc.sans.edu/forums/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202/

HFS (HTTP File Server)

HFS (HTTP File Server) is a web-based file server.

http://www.rejetto.com/hfs/

Allow more than one RDP session per account with a Windows Server

To allow a Windows Server to have more than one RDP session per account, access HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server and change the value of fSingleSessionPerUser from 1 to 0.  This change does not allow more than the default number of administrative remote sessions.

Paros and Zed Attack Proxy (ZAP)

Paros is a Java based HTTP/HTTPS proxy for assessing web application vulnerability.  It supports editing/viewing HTTP messages on-the-fly.  The application has not been updated for several years.

http://www.parosproxy.org/

Zed Attack Proxy (ZAP) is another web proxy that has more recent releases.

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Saturday, October 5, 2013

PowerShell command to prevent accidental deletion

To enable the feature to prevent accidental deletion for all user objects within Active Directory, use the following PowerShell command.

Get-ADObject -filter {(ObjectClass -eq "user")} |  Set-ADObject -ProtectedFromAccidentalDeletion:$true

The command above should enable the parameter for all user and computer accounts within Active Directory.

Test-ComputerSecureChannel PowerShell cmdlet

The PowerShell cmdlet Test-ComputerSecureChannel will return a true or false reply depending on the status of a client with the domain.  This issue can occur if a snapshot is created for a domain-joined client and then restored to that point in time, but the machine password has been modified on the domain.

test_computersecurechannel

The command has a –Repair switch that will attempt to fix a “lost” connection to a domain.

How to determine local .NET Framework versions via the command prompt

To determine the versions of any .NET Framework packages that are installed, launch an elevated command prompt and use the command below. 

wmic /namespace:\\root\cimv2 path win32_product where "name like 'microsoft%.NET%'" get name, version

net_framework_versions

SwiftSearch

SwiftSearch is an utility to perform fast searches with NTFS volumes.  Given administrator privileges, it completely bypasses the file system (only NTFS supported) and reads the file table directly.

http://sourceforge.net/projects/swiftsearch/

swiftsearch