Posts Tagged ‘administrator’

Splunk Dashboards

PostDateIcon May 2nd, 2010 | PostAuthorIcon Author: Anthony Reinke

I have begun building my own dashboards in Splunk.  Once I have the custom views built, I will post them up here.  So far everything I have been working on is with a system’s administrator in mind because that is what I have been doing for the past 12 years (wow, thats a long time).  Currently I am building a view for searching failed logins and the source of lockouts.  They tie in to one another.  Our technicians want to be more involved in the systems administration and hopefully this will help them respond quicker to our customers.  Everything comes from Splunk being installed on all our domain controllers.  From there we get all the logs in to our central logging system (Splunk).  Due to the amount of data we are pushing now everyday, we might have to build a backup environment just for our Splunk data.  How awesome is this!

PostCategoryIcon Posted in geek, security, work | PostTagIcon Tags: , , , , , , , , | PostCommentsIcon No Comments »

2 Old Tools and 1 New Tool

PostDateIcon June 26th, 2009 | PostAuthorIcon Author: Anthony Reinke

Many time you might need to access a system but have been locked out or the password to access the local system has been forgotten. There are many ways to deal with that.

NT Offline
If you just want to get in quickly you can use NT Offline. NT Offline will allow you to blank/clear or change the password of an existing local account.  This boots up in to a linux command line utility.  From here you select the drive the OS is on, the path to the config files, and then which account(s) you would like to modify.

fgdump
Being able to change  a password is great and all but what if you need to get the password.  fgdump will allow you to dump the dump the LSASS.  This will allow you to get the users accounts and their hashed passwords.  How to find the password from the hash is another story.  You might start by looking at RainbowTables.

KonBoot
This is the new tool.  It is getting quite a bit of hype right now.  This tool will boot a different kernel of the OS and then load Windows or Linux during the boot.  Once you get to the login screen, simple select a local user or a cached user and press enter with no password and you are in.  There is not much you can do to the account, but you have access to the machine.

Yes I know that these can be listed as “hacker” tools.  But the “hacker” tools are a administrator’s best friend.

I will post these in the links section also.

PostCategoryIcon Posted in geek | PostTagIcon Tags: , , , , , , , , , , , , , | PostCommentsIcon No Comments »
Search
Categories
Archives
Links:

Log in
Copyright © 2012 Anthony Reinke. All Rights Reserved.

Powered by Wordpress | Theme Powered by drawings wordpress themes and provided by ringcentral.com fax for free.