Archive for the ‘security’ Category
February 1st, 2012 | 
Author: I added a batch script I wrote to install SNMP on a bunch of machine back on Jan. 14, 2012 (http://www.anthonyreinke.com/2012/01/14/installing-snmp-through-the-command-line/). I have since modified the script. Changing the file from a .bat to a .cmd will allow you to right click and run as administrator on Windows 2008. Also I noticed in 2008, it defaults in to having the localhost as the only system that can communicate to the SNMP Service.
PsExec.exe @hosts.txt -s -c installsnmp.cmd
Below is the file to download. Rename the file to installsnmp.cmd
installsnmp.cmd.txt
As always, please contact me if you have questions.
@echo off
cls
REM Detect if the system is Windows Server 2003 systeminfo | find "2003" > nul if %ERRORLEVEL% == 0 goto 2003
REM Detect if the system is Windows XP systeminfo | find "XP Pro" > nul if %ERRORLEVEL% == 0 goto XPPro
REM Detect if the system is Windows XP systeminfo | find "2008" > nul if %ERRORLEVEL% == 0 goto 2008
REM If the system is Windows Vista, Windows Server 2008, or higher, REM they have the required files built in. goto ERROR
:2003 REM If Windows 2003, set the path to the i386 directory REM Note: The path needs to be one level above the i386 directory REM Example: if the path is \\server\share\windows2003\i386\ then REM the path would be \\server\share\windows2003\ REM Note that the you need both a 32bit and 64bit versions
if (%PROCESSOR_ARCHITECTURE%) == (AMD64) ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\Win2003x64\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\Win2003x64\\" ) > %temp%\setW2003Path.reg
IF (%PROCESSOR_ARCHITECTURE%) == (x86) ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\Win2003\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\Win2003\\" ) > %temp%\setW2003Path.reg
REM Installing the created Registry File regedit /s /q %temp%\setW2003Path.reg
goto SNMP
:XPPro REM If Windows XP Professional, set the path to the i386 directory REM Note: The path needs to be one level above the i386 directory REM Example: if the path is \\server\share\windowsXP\i386\ then REM the path would be \\server\share\windowsXP\ if (%PROCESSOR_ARCHITECTURE%) == (AMD64) ( ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\XPProx64\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\XPProx64\\" ) > %temp%\setXPProPath.reg ) ELSE IF (%PROCESSOR_ARCHITECTURE%) == (x86) ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\XPPro\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\XPPro\\" ) > %temp%\setXPProPath.reg )
REM Installing the created Registry File regedit /s /q %temp%\setXPProPath.reg.reg
goto SNMP
:2008 REM Since 2008 stopped using the sysocmgr.exe to install features, in Vista and higher REM you need to use the servermanagercmd.exe to add features. A great list of the REM features and their command line install string is at: REM http://www.techrepublic.com/blog/datacenter/install-windows-server-2008-features-with-servermanagercmd/294
servermanagercmd.exe -install SNMP-Services
goto Strings
:SNMP REM Building the Unattended Install
( echo ;SetupMgrTag echo [NetOptionalComponents] echo SNMP=1 echo [SNMP] echo Any_Host=YES ) > %temp%\snmp.txt
REM Installing the SNMP application with the Unattended Install
sysocmgr /i:%windir%\inf\sysoc.inf /u:%temp%\snmp.txt
goto Strings
:Strings
REM Removing the public string ( echo Windows Registry Editor Version 5.00 echo. echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMP\Parameters\ValidCommunities]
REM Removing the only allow localhost communication, by default 2008 will only allow the REM localhsot to talk to the SNMP service echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMP\Parameters\PermittedManagers]
REM Setting the SNMP strings echo.
REM Setting the SNMP Contact Info echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMP\Parameters\RFC1156Agent] echo "sysContact"="Server Administrators" echo "sysLocation"="Server Room" echo "sysServices"=dword:0000004f echo. REM Setting the Read Only and Read Write Communities echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMP\Parameters\ValidCommunities] echo "readonly"=dword:00000004 echo "readwrite"=dword:00000008 echo. REM Creating the Permitted Managers Key echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMP\Parameters\PermittedManagers] echo. ) > %temp%\setupsnmp.reg
REM Installing the created Registry File
regedit /s /q %temp%\setupsnmp.reg
REM Cleaning Up
IF EXIST %temp%\setupsnmp.reg del %temp%\setupsnmp.reg IF EXIST %temp%\setW2003Path.reg del %temp%\setW2003Path.reg IF EXIST %temp%\setXPProPath.reg.reg del %temp%\setXPProPath.reg.reg IF EXIST %temp%\snmp.txt del %temp%\snmp.txt
echo %COMPUTERNAME% Complete >> \\server\share\SNMP\SNMPInstall.txt
goto END
:ERROR echo. echo Could not determine the OS type pause
goto END
:END
Posted in 
Tags: 
On June 30, 1999, sheriff’s officers in St. Louis, Missouri discovered the body of 41-year-old Ricky McCormick. He had been murdered and dumped in a field. The only clues regarding the homicide were two encrypted notes found in the victim’s pants pockets.
Pictures of notes and more details here:
http://www.fbi.gov/news/stories/2011/march/cryptanalysis_032911/cryptanalysis_032911
I was playing around on the Android market place and notice Wigle Wifi. I remembered Wigle from the old War Driving days. I downloaded the app and started to play with it.
It is pretty easy to work with. Lauch the app and off you go. When you are done, click “Upload to WiGLE.net” and your data is being processed. In just a quick drive I found 385 networks.
I prefer to use a signed web certificate and not the self signed certificate. I found a couple different topics on the process, but found that most of them referred to the distributive searching certificate. Here are the step to generate the certificate and get it in to the right place for Splunk to use it.
—————————————————————–
## Generate the local key
openssl genrsa -out linux0001.key 4096
## Generate the csr
opensll req -new -key linux0001.key -out linux0001.csr
## Submit the .csr file to the CA
## Move the original certs for backup purposes
mv cert.pem cert.pem.bak
mv privkey.pem privkey.pem.bak
## Convert the binary cert to a standard cert
openssl x509 -in certnew.cer -inform DER -out cert.pem -outform PEM
## Copy the new files in the Splunk folder
cp linux0001.key /opt/splunk/share/splunk/certs/privkey.pem
cp cert.pem /opt/splunk/share/splunk/certs/cert.pem
## Restart Splunk
/opt/splunk/bin/splunk restart
Demo of Hacktics’ Seeker New Generation Application Security Testing Software.
Software is getting scary. Almost to the Hollywood Hacker style of breaking in to websites.