Blogs

Access Cisco's ASDM via Linux Ubuntu

First you need to install the following if its not already installed 

sudo apt-get install gcj openjdk-6-jre cacao gij jamvm 

Now go to the management interface 192.168.1.1 or whatever you re-ip'ed it to. 

Click Run ASDM - if OpenjDK is not in the Open With then save the asdm.jnlp to your home directory. 

After that downloads you can 

chmod +x asdm.jnlp 

javaws asdm.jnlp

Thank You Firefox for letting me know of Adobe's vulnerable Flash

I upgraded Firefox and they let me know Adobe Flash needed to be updated.  Very Cool.  Thanks Firefox.

 

Removing a Bad Windows Dll that is used by many processes

So I found this bad okajocetuwe.dll (window essentials says its a Trojan:Win32/Hiloti.gen!D) on this remote machine. So to start the removal process. For one the dll was used by almost every process running on the box. Take a look. I used psexec, wmic, tasklist, taskkill for this exercise.

psexec \\ipaddress cmd.exe

C:\WINDOWS\system32>tasklist /m okaj*

Image Name PID Modules
========================= ====== ==================
explorer.exe 1656 okajocetuwe.dll
Apoint.exe 1380 okajocetuwe.dll

Quick Windows Script to get IP addresses from known computer names

1.  Create a file name computernames.txt and place your computer names in that file.   

2.  Create a file named findips.bat in the same directory as the computernames.txt and paste the the highlighted contents below in that file and save.

Since there is no awk for windows I decided to use powershell.  So basically the powershell command acts as my awk equivalent for windows.

SANS 560 Index is now Viewable - Sorry I had permissions issues.

Please click the following link in order to get the SANs 560 Index.

 

http://www.kellyodonnell.com/content/index-sans-560

What is this - MLB.com not operating SSL?

Unless I am not understanding how flash works when taking in credit card information from a site but it sure does appear that mlb.com is taking credit cards in an unsecured fashion.  Some one please explain this?

How to change Terminal Services Port Via the Command line

Say we want to make Terminal Services listen on port 2222

 

Use a decimal to hex editor for your port choosing.  I am using 2222.  The hexadecimal value is 8ae for 2222.

You can also drop into powershell and use the Convert command at the command  prompt by typing

>powershell

>[Convert]::ToString(2222, 16)

This will display 8ae.

How to find strange Windows executables running via WMIC

C:\wmic PROCESS GET ExecutablePath, Commandline, ProcessID, ParentProcessID

If you leave off everything after Process you can see all your searchable options.  > wmic Process |more  or

Dr. Eric Cole will be presenting July 20th at the ITC building in Charlotte for Charlotte ISSA

Dr. Eric Cole, Ryan Linn, and JP Dunning are schedule to speak on July 20th at the ITC building (200 N. College, Charlotte, 28202). This will be a half day event starting at 9:00am going a little past lunch

For more information check out the Charlotte ISSA site here

Myrtle Beach Techno Security Conference is free to Charlotte ISSA members

For those Charlotte ISSA members that attended the 2010 ISSA Summit in April remember that the Myrtle Beach Techno Security Conference is free. This is a $1495 dollar value for free. I am going to try and go but I do not think my schedule will permit. The dates for this event is June 6th to the 9th. You can register for the event by emailing the following:

Registration:
Contact us at sh-admin@securityhorizon.com
or call 719-488-4500.

Download the registration form at http://www.securityhorizon.com/ISAM-Reg.pdf