Using the DSQUERY utility to print a system generated list of Active Directory users

DSQUERY is a command line tool that comes with Windows 2003 server. This utility can be run locally or copied off to a domain joined XP workstation for use. To generate a list of users from Active Directory, navigate to the utility’s directory via command prompt.

Use the folowing example to dump a list of all accounts to a .txt file named netusers at the root of the C drive.

dsquery user -o rdn -limit 500 >C:\netusers.txt Continue reading “Using the DSQUERY utility to print a system generated list of Active Directory users”

Diskpart.exe Windows Disk Command Line Tool

The diskpart command starts diskpart.exe, a command line interface to disk partitoning tools. The tool allows creating, reparing and breaking a mirror, marking a partiton active, assigning drive letters, volume control including create and extending, deleting an object and gathering information.

‘diskpart list’ as a command will display a list of objects. ‘diskpart rescan’ will rescan for disks and objects. The ‘select’ command allows the utility to explicitly set the focus on a target – commands are then aimed at the active target. The ‘detail’ command provides details for disks, partitions or volumes.

Continue reading “Diskpart.exe Windows Disk Command Line Tool”

Common Services And Ports Used

DNS Domain Name System 53
POP3 Post Office Protocol 110
SMTP Simple Mail Transfer Protocol 25
SNMP Simple Network Management Protocol 160,161
NNTP Network News Transfer Protocol 119
FTP File Transfer Protocol 20,21
SSL Secure Sockets Layer 443
TELNET 23
TACACS authentication 49
HTTP 80
HTTPS 443
NetBIOS 137,138,139
IMAP 143
LDAP 389
LDAP SSL 636
SSH Secure Shell 22
AH, ESP ports 50 and 51
BOOTP server 67 UDP
BOOTP Client 68 UDP
TFTP 69 UDP
NTP 123
BGP 179
SYSLOG 514
MSSQL 1433
RDP 3389
VNC 5500

coconutBattery

coconutBattery is an application that monitors the status of a Mac battery. The latest version, 2.5.1, is compatible with the MacBook and Macbook Pro. This freeware app can tell what the current charge of the battery is, what the current capacity is and the original capacity was. It can also detect the model of MacBook it is running on, how old the computer is and how many load cycles the battery has undergone. The program can save battery information for long term analysis as well.

coconutBattery can be downloaded from the author’s site at coconut-flavour.com. The author accepts donations via paypal, please support this program

Cisco VPN Client on Windows Server 2003

When using the Cisco VPN client on windows Server 2003, users may experience inability to create a tunnel. This is caused by the Windows IPSec implementation stepping on the Cisco client’s connection. Fortunately, getting the Cisco VPN client up and running on Win2K3 requires only a small bit of tweaking. First, get version 4.8.1 of the client from your source, be it Cisco or your VPN host who should legally be able to distribute it.

Continue reading “Cisco VPN Client on Windows Server 2003”

Category 5, 5e, 6 Cable Pinout

EIA/TIA 568 A

1 White-Green
2 Green
3 White-Orange
4 Blue
5 White-Blue
6 Orange
7 White-Brown
8 Brown

EIA/TIA 568 B
1 White-Orange
2 Orange
3 White-Green
4 Blue
5 White-Blue
6 Green
7 White-Brown
8 Brown

Crossover Cable
1 White-Orange 1 White-Green
2 Orange 2 Green
3 White-Green 3 White-Orange
4 Blue 4 Blue
5 White-Blue 5 White-Blue
6 Green 6 Orange
7 White-Brown 7 White-Brown
8 Brown 8 Brown

Gigabit Crossover- Uses 4 pairs for transmission, double cross
1 White-Orange 1 White-Green
2 Orange 2 Green
3 White-Green 3 White-Orange
4 Blue 4 White-Brown
5 White-Blue 5 Brown
6 Green 6 Orange
7 White-Brown 7 Blue
8 Brown 8 White-Blue

Sniffer Cable Pinout

The sniffer cable is needed to connect a sniffer to an ethernet¬†hub, but not transmit any data that may reveal the sniffer’s existence. This cable will return an inverted version of anything sent to the interface. The pinout for this cable is from the book Windows Forensics, by Chad Steel (ISBN 0-470-03862-4), but can also be found at dgonzalez.net, along with other useful pinouts for receive-only cables.

Orange White TD+ (pin 1)
Orange TD- (pin 2)
Green White RD+ (pin 3)
Green RD- (pin 6)

Hub Side:
Orange White is spliced into Green
Orange is spliced into Green White

Sniffer Side
Orange White is cut and sealed.
Orange is cut and sealed.

How To Set SPF records In Google Apps For Business

Google Apps for Business allows the use of SPF for cut back on mail spoofing. SPF (Sender Policy Framework) records allow a domain owner to specify which hosts are permitted to use their domain name when sending mail. This security seffting cuts back on email spoofing.¬† Because SMTP is implemented in a manner which allows the sender of an email to claim to be someone else, spammers and conmen take advantage of this design flaw to send emails with forged From: addresses. The Sender Policy Framework allows a domain owner to use a special format of DNS TXT records to specify which machines/hosts are authorized to transmit email for their domain, making it difficult (but not impossible) to forge From: addresses. Continue reading “How To Set SPF records In Google Apps For Business”

TeleVantage Hardening and Attack Response

Vertical Televantage offers some options to defend against remote phone abuse. All PBX phone systems will be abused at some point, whether internally or externally. If you suspect an attack is taking place, Vertical Televantage offers some features that can give evidence of the attacker’s strategy, and some tools to lessen the attack profile.

Watch Logs
Batches of off-hour calls should stand out easily -individual calls should be harder to spot in normal traffic. Make sure you have logging enabled for external calls. Internal calls can also be logged, but the volume of traffic may create issues.

Tools-> System Settings-> Call Log and Trunk Log – make sure at a minimum the call history log and the trunk log settings are checked. Continue reading “TeleVantage Hardening and Attack Response”

Users Log In To Domain Workstation, But Windows Creates A New Profile For Some Ungodly Reason

This issue occurs occasionally, as if the logging in user has never logged into a machine before. The old profile is still in in Documents and Settings, along with the newly created profile. Suspicions point to ntuser.dat becoming corrupted.

How to return to the old profile Continue reading “Users Log In To Domain Workstation, But Windows Creates A New Profile For Some Ungodly Reason”