[-] Exploit exception: Permission denied - bind(2) in Ubuntu for Metasploit

If you get this error in Ubuntu for Metasploit you need to run msfconsole as root.

so....
sudo msfconsole

The reason for this error is because you need root-permissions to bind to a port that is less than 1024.

Natting Cisco with IOS 8.3.1

I have a situation where we merged with another institution and they use the same RFC 1918 network as we do.  We both use 172.16.x.x, subnets are a little different but the issue they need access to our network and our 172.16 will not route back to them.  

Plan:  We will use a 10 network that both institutions do not use, both parties will have a cisco 5520 running 8.3.1 code.  The reason for this write up is because the new IOS code is completely different for writing nat rules.

Access Cisco's ASDM via Linux Ubuntu

First you need to install the following if its not already installed 

sudo apt-get install gcj openjdk-6-jre cacao gij jamvm 

Now go to the management interface 192.168.1.1 or whatever you re-ip'ed it to. 

Click Run ASDM - if OpenjDK is not in the Open With then save the asdm.jnlp to your home directory. 

After that downloads you can 

chmod +x asdm.jnlp 

javaws asdm.jnlp

Thank You Firefox for letting me know of Adobe's vulnerable Flash

I upgraded Firefox and they let me know Adobe Flash needed to be updated.  Very Cool.  Thanks Firefox.

 

Removing a Bad Windows Dll that is used by many processes

So I found this bad okajocetuwe.dll (window essentials says its a Trojan:Win32/Hiloti.gen!D) on this remote machine. So to start the removal process. For one the dll was used by almost every process running on the box. Take a look. I used psexec, wmic, tasklist, taskkill for this exercise.

psexec \\ipaddress cmd.exe

C:\WINDOWS\system32>tasklist /m okaj*

Image Name PID Modules
========================= ====== ==================
explorer.exe 1656 okajocetuwe.dll
Apoint.exe 1380 okajocetuwe.dll

Quick Windows Script to get IP addresses from known computer names

1.  Create a file name computernames.txt and place your computer names in that file.   

2.  Create a file named findips.bat in the same directory as the computernames.txt and paste the the highlighted contents below in that file and save.

Since there is no awk for windows I decided to use powershell.  So basically the powershell command acts as my awk equivalent for windows.

An Index for SANs 560

I created an index for san's 560. It maybe helpful to others as well that have taken the course and have the books. You must have the books or this index is obviously useless. I used gedit to create it but you should be able to open it with notepad.

What is this - MLB.com not operating SSL?

Unless I am not understanding how flash works when taking in credit card information from a site but it sure does appear that mlb.com is taking credit cards in an unsecured fashion.  Some one please explain this?

How to change Terminal Services Port Via the Command line

Say we want to make Terminal Services listen on port 2222

 

Use a decimal to hex editor for your port choosing.  I am using 2222.  The hexadecimal value is 8ae for 2222.

You can also drop into powershell and use the Convert command at the command  prompt by typing

>powershell

>[Convert]::ToString(2222, 16)

This will display 8ae.

How to find strange Windows executables running via WMIC

C:\wmic PROCESS GET ExecutablePath, Commandline, ProcessID, ParentProcessID

If you leave off everything after Process you can see all your searchable options.  > wmic Process |more  or