2015 in review


The WordPress.com stats helper monkeys prepared a 2015 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 21,000 times in 2015. If it were a concert at Sydney Opera House, it would take about 8 sold-out performances for that many people to see it.

Click here to see the complete report.

What are the top skills for systems administrators?


  1. Customer service skills.
  2. Ability to work under pressure.
  3. Writing skills.
  4. Disaster planning.
  5. Person-to-person networking.
  6. Troubleshooting skills.
  7. Learning skills.
  8. Technical skills.

Use Netstat to See Listening Ports and PID in Windows


For instance, my Internet connection was running really slow and I could not figure out why. I restarted the router and that normally fixes any issue, but the Internet would slow down again every time.

Finally, I ran the netstat command just for the heck of it and saw one process using up a few TCP ports. I checked it out and saw there was some weird program I had never heard of running on my computer in the background. I Googled the process and it was a virus!! Goodness knows what kind of data it was transferring, but I killed the process, restarted the computer and scanned it using a offline virus scanning tool. After the virus was gone, everything was back to normal.

I have never had that happen to me before, but had I not used the netstat command to see which ports were being used by what Windows process, I would have never known I had a virus since it was secretly running in the background. In this article, I’ll show you one handy usage of the netstat command instead of telling you 10 different commands that will make things confusing.

To get started, open the command prompt by clicking on Start and then typing cmd. In the command window, go ahead and type in the following command:

netstat -a -n -o

In the command above, the -o parameter is what will add the PID to the end of the table. Press enter and you should see something like this:

netstat ports

You can see the port being used in the second column called Local Address. You’ll see the port number after the colon. You’ll also see some ports and some PIDs listed more than once. That’s because one process can be using the same port number on different protocols like TCP, UDP, etc.

Now to see the name of the process that is using that port, go to Task Manager by pressing CTRL + SHIFT + ESC and then click on the Process tab. By default, the task manager does not display the process ID, so you have to click on View and then Select Columns.

select columns

Go ahead and check the box for PID (Process Identifier) and then click OK.

process identifier

Now you should also see the PID alongside the process name in task manager. You can click on the column header to quickly sort the list by PID, thereby making it easy to find the process you are looking for.

process task manager

And that’s about it! Hopefully this will help you find out which process is listening on what ports in Windows. If you have any questions, post a comment! Enjoy!

Entering an FTP username and password as well as the hostname in a URL


Sometimes it is useful to enter a username and password in a FTP URL.  It is done in this format:

username:password@ftpserver.com
m0nkey" you would enter this string into your browser url bar.

ftp://dave:m0nkey@ftpserver.com

Import a list of Windows computer names into a text file


If you wish to import all of the computers in a domain or workgroup displayed under the Windows Network into a text file there isn’t always an obvious way of doing it. However with a simple cmd prompt command you can get a listing of the machines registered in the domain. In my example I am going to output the computer names into a file called hostnames.txt

Obtain the listing

Open a command prompt Start->Run->cmd Type

net view > hostnames.txt

or if you wish to specify a particular domain

net view /domain:mydomain > hostnames.txt

The output of the domain will then be placed in file called hostnames.txt. You can manipulate this file in Notepad, Excel or any other program capable of editing ascii files.

2013 in review


The WordPress.com stats helper monkeys prepared a 2013 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 18,000 times in 2013. If it were a concert at Sydney Opera House, it would take about 7 sold-out performances for that many people to see it.

Click here to see the complete report.

NESSUS Set up scans


{ Set up scans and read results }


Background Information
  1. What is NESSUS?
    • Tenable Network Security provides enterprise-class solutions for continuous monitoring and visibility of vulnerabilities, configurations, user activity and system events that impact security and compliance.
    • Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture.
  2. Reference Link: 
  3. Lab Notes
    • In this lab we will do the following:
      1. Create a Nessus Internal Scan
      2. Scan Damn Vulnerable WXP-SP2
      3. Analyze Results
      4. Export Results
  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with “no warranties, either express or implied.” The information contained is provided “as-is”, with “no guarantee of merchantability.”
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your “own” test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.
Section 1: Login to PENTEST-WXP (Attacking Machine)
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer

     

  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on PENTEST-WXP
      2. Edit Virtual Machine Settings
    • Note:
      • This VM is running Windows XP.

     

  3. Set Network Adapter
    • Instructions:
      1. Click on Network Adapter
      2. Click on the radio button “Bridged: Connected directly to the physical network”.

     

  4. Start Up PENTEST-WXP
    • Instructions:
      1. Click Play virtual machine
  5. Send Ctrl+Alt+Del
    • Instructions:
      1. Click Player
      2. Click Send Ctrl+Alt+Del

     

  6. Logging into PENTEST-WXP
    • Instructions:
      1. Username: administrator
      2. Password: Supply your password

     

  7. Open a Command Prompt
    • Instructions:
      1. Start –> All Programs –> Accessories –> Command Prompt

     

  8. Determine IP Address
    • Instructions:
      1. ipconfig
    • Note(FYI):
      • My IP Address is 192.168.1.111. 
      • Your IP Address will probably be different.

 

Section 2: Login to Damn Vulnerable WXP-SP2 (Victim Machine)
  1. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Edit Virtual Machine Settings
    • Note:
      • This VM is running Windows XP.
      • This is the Victim Machine that we will be scanning with PENTEST-WXP.

     

  2. Set Network Adapter
    • Instructions:
      1. Click on Network Adapter
      2. Click on the radio button “Bridged: Connected directly to the physical network”.

     

  3. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine

     

  4. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Username: administrator
      2. Password: Use the Class Password or whatever you set it.

     

  5. Open a Command Prompt
    • Instructions:
      1. Start –> All Programs –> Accessories –> Command Prompt

     

  6. Obtain the IP Address
    • Instructions:
      1. In the Command Prompt type “ipconfig”
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2’s IP Address 192.168.1.116.
      • This is the IP Address of the Victim Machine.
      • Record your IP Address.

 

Section 3: Login to Nessus
  1. Start the Nessus Web Client
    • Instructions:
      1. Make sure you are on PENTEST-WXP
      2. Click on the Nessus Web Client located on the desktop
  2. Login To Nessus
    • Instructions:
      1. Username: admin
      2. Password: Supply your password
      3. Click the Sign In To Continue Button

 

Section 4:  Creating a Scan
  1. Click on Scan
    • Instructions:
      1. Click on the Scan Tab
      2. Click on New Scan
  • Create New Scan
    • Instructions:
      1. Scan Title: Damn Vulnerable WXP-SP2
      2. Scan Type: Run Now
      3. Scan Policy: Internal Network Scan
      4. Scan Target: Input Damn Vulnerable WXP-SP2’s IP Address.
        • In my case, the IP Address is 192.168.1.116
      5. Click the Create Scan Button

     

  • Monitor the Scan
    • Instructions:
      1. Click on the Running Status

     

  • Host Result Summary
    • Instructions:
      1. Wait 5 to 10 minutes until scan is 100% complete.
      2. Click on the purple section to see the most critical vulnerabilities.

     

  • View Critical Alert(s)
    • Instructions:
      1. Click on MS08-067

     

  • Analyzing MS08-067 Results
    • Instructions:
      1. Read the Synopsis
      2. Read the Description
      3. Read the Vulnerability Information
        • This will show you which tools can be used to exploit this vulnerability.
    • Note(FYI):
      • Basically the attacker can use a tool like Metasploit to mangle the kernel by overflowing the stack and then execute code after overrunning the kernel.

     

  • View Critical Alert
    • Instructions:
      1. Export Format: CSV
      2. Click the Export Button

     

  1. Download Report
    • Instructions:
      1. Click the radio button “Save File”
      2. Click the OK button.

     

Section 5:  Proof of Lab
  1. Open a Command Prompt
    • Instructions:
      1. Start –> All Programs –> Accessories –> Command Prompt

     

  2. Proof of Lab Instructions
    • Instructions:
      1. cd “My Documents\Downloads”
      2. type *.csv | findstr MS08-067
      3. date /t
      4. echo “Your Name”
        • Replace the string “Your Name” with your actual name.
        • e.g., echo “John Gray”
      5. Do a PrtScn
      6. Paste into a word document
      7. Upload to Moodle

IaaS, SaaS, PaaS, and XaaS & Public cloud, private cloud, hybrid cloud – Explanations


Hybrid Cloud

Private cloud

When the term cloud computing was first introduced, vendors of conventional enterprise software were quick to invent the term private cloud so they could claim that they can do cloud computing, too. Of course, the first cloud providers immediately protested that this term doesn’t make sense. Nowadays, the IT community agrees that private clouds exist. As long as the five characteristics of my last post can be applied, it is justified to talk about cloud computing. It doesn’t really matter if the consumers are only from one organization and the cloud therefore is private.

Public cloud

Of course, if there is a private cloud there must also be a public cloud—a cloud that is not restricted to a particular group of consumers. If someone asks you which was first (private cloud or public cloud), you have to ask back whether he is talking about “public cloud” and “private cloud” or private cloud and public cloud. Yeah, sometimes concepts only come into existence after the things they denote, even if those things were invented by humans.

Hybrid cloud

The term hybrid cloud is often misunderstood. A typical example can be found at SearchCloudComputing. The idea is that if an organization uses the services of a public cloud provider in addition to its private cloud, say for particular services, then this organization has a hybrid cloud. This is like putting a donkey and a horse in a stall and then claiming that you just created a mule. The key of a hybrid cloud is that the private and public clouds interact with each other. For instance, a solution that automatically moves virtual machines from the private cloud to the public cloud at peak times could be considered a hybrid cloud. Likewise, if the horse and the donkey interact and have some fun, you might get a mule eleven to twelve months later.

Vertical cloud

Vertical clouds are tailored to a particular industry, such as healthcare or finance. Some authors also use the term community cloud. I don’t like this expression because it sounds as if the consumers of the cloud have to interact in some way. Some analysts believe that vertical clouds are the next big thing. I think this remains to be seen. Just as retailers that are specialized on a certain product type now have a hard time competing with “everything stores” like Amazon, so will vertical cloud providers find it difficult to keep up with Amazon’s versatile “everything cloud.”

Horizontal cloud

Of course, if there is a vertical cloud there must also be a horizontal cloud, which is a general cloud that doesn’t specialize in any industry. You won’t hear this term often, simply because horizontal cloud providers don’t feel the need to distinguish themselves from vertical clouds. I think it is likely that vertical clouds will grow within horizontal clouds. The Amazon cloud ecosystem is growing at a remarkable pace, and many providers are already offering special cloud services by utilizing Amazon’s cloud infrastructure. Just as specialized online shops are using Amazon’s marketplace instead of their own website to offer their products, so will vertical cloud providers use Amazon’s cloud infrastructure and ecosystem to build their vertical clouds.

Software as a Service (SaaS)

The NIST defines Software as a Service (SaaS) like this: “The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure.” In my opinion, this explanation causes confusion. I think such explanations are the reason why many IT pros reject cloud computing as something new.

The term SaaS was first mentioned in a paper from the Software & Information Industry Association (SIIA) in 2001, which makes no reference to cloud computing. In fact, SaaS is perfectly possible without any cloud infrastructure involved. For instance, if a service provider requires human interaction before a software service can be provisioned, then, according to the NIST’s own definition of cloud computing, the provider’s SaaS doesn’t run on cloud infrastructure.

Software as a Service

Software as a Service

There are only two requirements for SaaS: the software runs on the provider’s own infrastructure and the software is rented by the consumer. The location of the service doesn’t have to be virtualized, you don’t need resource pooling and rapid elasticity, and the service doesn’t even have to be measured. Of course, SaaS and the cloud harmonize well, but so do many other new and old information technologies and concepts.

The main confusion stems from the fact that many equate “cloud computing” with “online services,” which is, of course, nonsense. If that were the case, then we really don’t need the term “cloud computing” at all.

Infrastructure as a Service (IaaS)

The same can be said about Infrastructure as a Service (IaaS). Some cloud providers offer IaaS, but cloud infrastructure is not a requirement for IaaS. An organization can rent a whole data center from a service provider without using cloud technology. The point about IaaS is that hardware resources such as CPU power, storage, and networks are rented, but consumers run and manage the operating system either on the rented infrastructure or on their own infrastructure.

For instance, a server virtualization solution offered as a service counts as IaaS. In this case, the consumer installs the operating system on the rented infrastructure. Storage as a Service (STaaS) is another typical IaaS example. Like in the first example, the consumer must manage the operating system, albeit, in this case, the operating system runs on-premises and the API of the infrastructure provider is used to access the storage.

According to this definition, classical hosting providers also offer IaaS.

Platform as a Service (PaaS)

If IaaS is essentially about renting hardware resources and SaaS is about renting software, then Platform as a Service (PaaS) must be about renting a platform. Thus, there suddenly appears to be a third fundamental IT category beside software and hardware. Can that be? Not really. In my opinion, PaaS is a sub category of SaaS. A platform such as ASP.NET is, of course, software. The difference between PaaS and other SaaS forms is that, with PaaS, consumers run their own software on top of the software that is provided as a service.

SaaS, PaaS, and IaaS compared

Actually, IaaS always also involves the renting of software, such as server virtualization software. However, I think my IaaS characterization above is correct because hardware is always delivered together with software. For example, even if you buy a server without an operating system, the server always comes with BIOS, which is also software. The point about IaaS is that computation capabilities are provided without an operating system and this implies that you can run any (platform independent) software to utilize these resources.

From my point of view, it would be better in most cases to avoid the term SaaS and talk about Application as a Service (AaaS) instead of SaaS to avoid confusion.

Other aaSes

Because analysts and journalists love to juggle as many technical terms as possible, many new “aaSes” have been added to the cloud concept jungle lately. Here are just a few, with a short description.

Desktop as a Service (DaaS)

Desktop virtualization provided as a service is called Desktop as a Service (DaaS). There was quite a buzz on the web a couple of days ago when Amazon announced Workspaces. In my view, this won’t change the fact that Virtual Desktop Infrastructure (VDI) will stay a relatively unimportant transition technology.

Process as a Service (PraaS)

Process as a Service (PraaS) is another sub category of SaaS. A service provider not only offers independent software solutions as a service but integrates all applications in a way that portrays the business process of the consumer.

Communication as a Service (CaaS)

I added Communication as a Service (CaaS) to the list to demonstrate that there is still much room for more aaSes. Of course, you can provide any kind of application type as a service, and so it also works with Voice over IP (VoIP), instant messaging (IM), or video conferencing, which fall under CaaS.

Cloud as a Service (CaaS)

Cloud as a Service (CaaS) is a good example of how carelessly concepts in computer science are often defined compared to other scientific disciplines. CaaS not only stands for Communication as Service but also for Cloud as a Service. The latter means that a service provider offers a whole cloud infrastructure as a service. Sometimes CaaS can also mean Cluster as a Service, but I am too tired to add an extra paragraph for it.

Anything as a Service (XaaS)

This is my favorite. It stands for the fact that anything can be provided as a service. Typical examples are PaaS (Pizza as a Service), LaaS (Love as a Service), or NaaS (Nonsense as a Service). The biggest NaaS infrastructure provider I know is Facebook.

General Backup and Recovery Terminology


General Backup and Recovery Terminology

Throughout this series I am going to be repeating some of the same terminology, and so it will help to become familiar with it if you are not already.

Backup Types

  • Full Backup – a complete copy of the data being backed up.  In the context of Exchange Server 2010 this also truncates the transaction logs for databases.
  • Incremental Backup – a partial copy of the data being backed up.  Contains all of the changes to the data since the last Full or Incremental backup.  When Full + Incremental backups are used a restore operation requires the last Full backup plus each of the subsequent Incremental backups.
  • Differential Backup – a partial copy of the data being backed up. Contains all of the changes to the data since the last Full or Incremental backup, however unlike the other backup types does not mark the data as having being backed up.  This means that a restore operation only requires the last Full plus the last Differential backup.

Each of the backup types makes a trade off between backup and recovery speed.  Full backups are the easiest and fastest to restore from but take the longest to backup, whereas Incremental backups are usually the fastest to backup but require more effort and time to restore from.

Backup Storage

  • Tape – magnetic tape backup storage comes in many different formats. It used to be the most cost effective and portable media for storing backups but these days disk can be more practical in some scenarios.
  • Disk – large capacity hard disk storage is more affordable and portable these days than in years past and has many advantages over traditional tape backups.
  • Cloud – this refers to an off-site, externally hosted backup service that is used for remote backup storage.  The cloud storage may be a mix of tape and disk depending on the service that is being used.
  • Online – backup storage that is immediately accessible, such as a disk array connected to the backup server.
  • Offline – backup storage that is on-premises but is not immediately accessible without human interaction, for example tapes that have been removed from the tape drive.
  • Offsite – backup storage that is stored offsite, either at an alternate physical location for the business (eg, a school with two separate campuses) or that has been taken away by an offsite storage company.

Again each storage type makes a trade off between convenience and protection.  Online disk storage is the easiest for backup and restore but carries the highest risk of data loss if there was a disaster in the data center itself such as fire or flood.  Offsite backup storage is safe from such disasters but adds to the restore time because the media must first be transported from offsite.

Backup Planning and Management

  • RPO – the Recovery Point Objective is the point in time at which you are aiming to recover data.  The RPO basically defines how much data loss the business is willing to tolerate, and so this plays an important part in designing a backup solution, particularly the scheduling of backups to meet the RPO requirements.
  • RTO – the Recovery Time Objective is the amount of time in which a recovery must take place after a disaster has occurred.  Again this plays an important part in designing backup solutions to ensure that the correct infrastructure is in place to facilitate that speed.
  • Backup Window – this is the time each day in which backup operations are able to be run.  For most businesses this is overnight, outside of their core business hours.  However depending on the RPO it may be necessary to run backups during business hours as well.

Other Terminology

  • Bare-Metal – this refers to a type of backup that makes it possible to recover the server and its data in their entirety from a single backup.
  • System State – this refers to a collection of data on a Windows Server that includes various services and configuration information that relate to its particular role, such as the Registry, boot files, Active Directory database (for Domain Controllers), cluster service information, IIS metabase, and other system files.

Exchange Server Backup and Recovery Concepts

Exchange Server 2010 itself has some specific backup and recovery concepts that Exchange Server administrators need to understand.

  • VSS – the Volume Shadow-copy Service is a backup API included with Windows Server operating systems and server products such as Exchange Server 2010.  This is the only supported backup technology for Exchange Server 2010, unlike previous versions that also supported a streaming backup API.
  • Active/Passive Databases – Exchange Server 2010 introduced a new high availability concept called Database Availability Groups (DAGs).  A DAG consists of multiple database copies across 2-16 Mailbox servers.  Only one copy of each database is “active” at any one time, the remainder are considered “passive”.
  • Recovery Databases – this is a special database that can be used as a target for a mailbox database restore operation, allowing the administrator to mount the restored database and extract the required data from it into an active database or a PST file.
  • Database Portability – the ability for Exchange Server 2010 to mount databases that have been copied or restored from other Mailbox servers.  This simplifies restore scenarios in which the original server is not available.
  • Dial Tone Portability – the ability for Exchange Server 2010 to mount a temporary database with empty mailboxes for end users to continue to send and receive email while restore operations are taking place in the background.
  • Log Truncation – all database operations are logged to transaction logs on the Mailbox server.  The logs can be used to recover information written since the last backup was taken if there is a database failure. When a database has been backed up all of the transaction logs that are no longer required for recovery are removed (truncated) from the server.
  • Circular Logging – when this is enabled the database transaction logs are automatically truncated by the server once the database operations are written from memory to the database itself.  When circular logging is enabled the transaction logs are no longer useful for restoring data in the event of a database failure.

Adding Domain user to local group on multiple computers


Want to add a user to a local group in multiple computers ? Try below steps.
Step 1. Copy Psexec.exe on your server. You can download it from here.
Step 2: Create Servers.txt in the same location where Psexex.exe resides and store the multiple computers IP.
Step 3 : Open Command prompt with Admin Privileges and change directory to where Psexec.exe resides.
Step 4: Execute below command now
Psexec.exe @servers.txt NET.exe LocalGroup Administrators domain\username /add 
Above example is for adding the user to Administrators group. If you need to add it to another group like Remote Desktop Users, enclose it within quotes.

Psexec.exe @servers.txt NET.exe LocalGroup “Remote Desktop Users” domain\username /add

%d bloggers like this: