justhink
MemberAbout justhink
justhink's Achievements
0
Reputation
-
Sure, that's the same link. jaclaz I am extremely sorry for doing so, I was i hurry to solve the problem, and after it solved, i was busy with another problem. So sorry again, and in future i will not do the same.. JusTy
-
Solved!!
-
Hi All, I have created following batch file which will read value from a text file and set a variable. But somehow it's not working, to debug, i have added several pause on the file, and found that it's automatically closing after executing FOR statement. But if i execute the for statement on direct command line it's working and also it's setting the variable. Please help me to fix this @echo off pause FOR /F "tokens=2" %a in (C:\chk.txt) do set _port=%a pause ::set _reg=open if "%_port%" == "open" ( echo : True : pause exit) echo : False : pause exit Content of the chk.txt is: 25/tcp open smtp After executing FOR statement directly on command prompt. C:\>FOR /F "tokens=2" %a in (C:\chk.txt) do set _port=%a C:\>set _port=open C:\>echo %_port% open C:\>
-
This 1 works fine but after few little modification, but thank you.. Option Explicit Dim objItem, colItems, objWMIService, strComputer, objShell strComputer = "." Set objShell = CreateObject("WScript.Shell") Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48) For Each objItem in colItems If InStr(objItem.Caption,"2000") Then objShell.Run "secedit /refreshpolicy", 1, True End If If InStr(LCase(objItem.Caption),Lcase("XP")) Then objShell.Run "gpupdate", 1, True End If Next
-
Nedd to run a vbs script on logon, which update group policy, but there are few clients are using 2000 professional, so GPUPDATE won't use, hav to use SECEDIT so, can some 1 tell me how to determin OS via VBS so it can run GPEDIT on XP clients and SECEDIT on 2000 clients, Please help me, urgent, Script is >
-
2003 Server Attack by Unknown Hacker, need help
justhink replied to justhink's topic in Malware Prevention and Security
System Rebuild complete, rebuild in offiline, then fully patched, also blocked all direct internet access... Till now no more hack, If there is any new vulnerability on 2003 server, then i am sure they will hack again, coz our external ip are same.. Now we just ahv to wait untill next attack.. Thanks for your kind help.. JusThinK Are these proxy servers behind a firewall at all? Yea, all are behind PIX Firewall, but allowed to access direct internet using DNS ip of ISP. -
2003 Server Attack by Unknown Hacker, need help
justhink replied to justhink's topic in Malware Prevention and Security
System Rebuild complete, rebuild in offiline, then fully patched, also blocked all direct internet access... Till now no more hack, If there is any new vulnerability on 2003 server, then i am sure they will hack again, coz our external ip are same.. Now we just ahv to wait untill next attack.. Thanks for your kind help.. JusThinK -
2003 Server Attack by Unknown Hacker, need help
justhink replied to justhink's topic in Malware Prevention and Security
thanks, Added Scren shoot and netstat -
Hi All, Today 3 Proxy server in on my workplace attacked by some hacker, Server running Windows 2003 Std Edition(Service Pack 2). Attack Details, A account created with administrative privilege and while we checked, it 's logged on with that account, strange thing is, it's showing built in account, also a exe file called AutoSQL and it started scanning lot's of Public IP's, looks like it broadcasting, created account is hackp13$, and on event log, it showing following successful logon. Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 551 Date: 25/04/2008 Time: 6:25:01 PM User: AFT-PROXY\hackp13$ Computer: AFT-PROXY Description: User initiated logoff: User Name: hackp13$ Domain: AFT-PROXY Logon ID: (0x0,0x3b7fec) After initial shock, we did scan with Microsoft Baseline Security Analyzer, it's showing 3 critical update, and 2 important update reqd. and most interesting part is when I was installing update via Windows update, suddenly hacker take my full desktop control, accessing my mouse, keyboard, and cancel update, then open Internet Explorer, open a site, Service Window. AutoSql IP Scan Netstat 1 Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\Documents and Settings\hackp13$>netstat Active Connections Proto Local Address Foreign Address State TCP asdf:1047 asdf:ms-sql-s ESTABLISHED TCP asdf:1048 asdf:ms-sql-s ESTABLISHED TCP asdf:1050 asdf:ms-sql-s ESTABLISHED TCP asdf:1051 asdf:ms-sql-s ESTABLISHED TCP asdf:1052 asdf:ms-sql-s ESTABLISHED TCP asdf:1053 asdf:ms-sql-s ESTABLISHED TCP asdf:1054 asdf:ms-sql-s ESTABLISHED TCP asdf:ms-sql-s asdf:1047 ESTABLISHED TCP asdf:ms-sql-s asdf:1048 ESTABLISHED TCP asdf:ms-sql-s asdf:1050 ESTABLISHED TCP asdf:ms-sql-s asdf:1051 ESTABLISHED TCP asdf:ms-sql-s asdf:1052 ESTABLISHED TCP asdf:ms-sql-s asdf:1053 ESTABLISHED TCP asdf:ms-sql-s asdf:1054 ESTABLISHED TCP asdf:2602 asdf:7000 ESTABLISHED TCP asdf:3103 asdf:7000 CLOSE_WAIT TCP asdf:5001 asdf:1088 CLOSE_WAIT TCP asdf:7000 asdf:2602 ESTABLISHED TCP asdf:7000 asdf:3103 FIN_WAIT_2 TCP asdf:1637 222.76.64.57:8000 ESTABLISHED TCP asdf:2603 207.46.110.40:http ESTABLISHED TCP asdf:8080 192.168.16.29:1529 ESTABLISHED TCP asdf:8080 192.168.33.75:4849 TIME_WAIT TCP asdf:8080 192.168.33.75:4854 TIME_WAIT ^C C:\Documents and Settings\hackp13$>netstat -n Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:1047 127.0.0.1:1433 ESTABLISHED TCP 127.0.0.1:1048 127.0.0.1:1433 ESTABLISHED TCP 127.0.0.1:1050 127.0.0.1:1433 ESTABLISHED TCP 127.0.0.1:1051 127.0.0.1:1433 ESTABLISHED TCP 127.0.0.1:1052 127.0.0.1:1433 ESTABLISHED TCP 127.0.0.1:1053 127.0.0.1:1433 ESTABLISHED TCP 127.0.0.1:1054 127.0.0.1:1433 ESTABLISHED TCP 127.0.0.1:1433 127.0.0.1:1047 ESTABLISHED TCP 127.0.0.1:1433 127.0.0.1:1048 ESTABLISHED TCP 127.0.0.1:1433 127.0.0.1:1050 ESTABLISHED TCP 127.0.0.1:1433 127.0.0.1:1051 ESTABLISHED TCP 127.0.0.1:1433 127.0.0.1:1052 ESTABLISHED TCP 127.0.0.1:1433 127.0.0.1:1053 ESTABLISHED TCP 127.0.0.1:1433 127.0.0.1:1054 ESTABLISHED TCP 127.0.0.1:2602 127.0.0.1:7000 ESTABLISHED TCP 127.0.0.1:3175 127.0.0.1:7000 ESTABLISHED TCP 127.0.0.1:5001 127.0.0.1:1088 CLOSE_WAIT TCP 127.0.0.1:7000 127.0.0.1:2602 ESTABLISHED TCP 127.0.0.1:7000 127.0.0.1:3103 TIME_WAIT TCP 127.0.0.1:7000 127.0.0.1:3175 ESTABLISHED TCP 192.168.33.3:1637 222.76.64.57:8000 ESTABLISHED TCP 192.168.33.3:2603 207.46.110.40:80 ESTABLISHED TCP 192.168.33.3:3176 74.54.68.215:80 ESTABLISHED TCP 192.168.33.3:8080 192.168.16.29:1529 ESTABLISHED TCP 192.168.33.3:8080 192.168.33.75:4849 TIME_WAIT TCP 192.168.33.3:8080 192.168.33.75:4854 TIME_WAIT TCP 192.168.33.3:8080 192.168.44.22:2778 TIME_WAIT TCP 192.168.33.3:8080 192.168.44.22:2779 TIME_WAIT TCP 192.168.33.3:8080 192.168.44.22:2780 TIME_WAIT TCP 192.168.33.3:8080 192.168.44.22:2782 ESTABLISHED TCP 192.168.33.3:8080 192.168.44.22:2783 TIME_WAIT TCP 192.168.33.3:8080 192.168.44.22:2784 TIME_WAIT TCP 192.168.33.3:8080 192.168.90.60:1746 FIN_WAIT_2 TCP 192.168.33.3:8080 192.168.90.60:1747 FIN_WAIT_2 C:\Documents and Settings\hackp13$> Netstat 2 Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\Documents and Settings\hackp13$>netstat -nr Route Table =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x1000003 ...00 11 11 5f 28 60 ...... Intel(R) PRO/1000 CT Network Connection 0x1000004 ...00 11 11 5f 28 62 ...... Intel(R) PRO/100 VE Network Connection =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.33.154 192.168.33.3 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 172.0.0.0 255.0.0.0 192.168.33.154 192.168.33.3 1 192.168.10.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.11.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.12.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.14.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.16.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.18.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.20.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.22.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.23.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.24.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.25.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.31.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.33.0 255.255.255.0 192.168.33.3 192.168.33.3 1 192.168.33.3 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.33.255 255.255.255.255 192.168.33.3 192.168.33.3 1 192.168.36.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.37.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.38.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.39.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.44.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.45.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.60.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.61.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.64.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.65.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.66.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.67.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.68.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.70.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.80.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.88.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.90.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.100.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.140.0 255.255.255.0 192.168.33.154 192.168.33.3 1 192.168.171.0 255.255.255.0 192.168.33.154 192.168.33.3 1 224.0.0.0 224.0.0.0 192.168.33.3 192.168.33.3 1 255.255.255.255 255.255.255.255 192.168.33.3 192.168.33.3 1 Default Gateway: 192.168.33.154 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 192.168.22.0 255.255.255.0 192.168.33.154 1 192.168.23.0 255.255.255.0 192.168.33.154 1 192.168.11.0 255.255.255.0 192.168.33.154 1 192.168.14.0 255.255.255.0 192.168.33.154 1 192.168.24.0 255.255.255.0 192.168.33.154 1 192.168.16.0 255.255.255.0 192.168.33.154 1 192.168.12.0 255.255.255.0 192.168.33.154 1 192.168.44.0 255.255.255.0 192.168.33.154 1 192.168.45.0 255.255.255.0 192.168.33.154 1 192.168.88.0 255.255.255.0 192.168.33.154 1 192.168.38.0 255.255.255.0 192.168.33.154 1 192.168.31.0 255.255.255.0 192.168.33.154 1 192.168.37.0 255.255.255.0 192.168.33.154 1 192.168.39.0 255.255.255.0 192.168.33.154 1 192.168.36.0 255.255.255.0 192.168.33.154 1 192.168.100.0 255.255.255.0 192.168.33.154 1 192.168.20.0 255.255.255.0 192.168.33.154 1 192.168.80.0 255.255.255.0 192.168.33.154 1 192.168.10.0 255.255.255.0 192.168.33.154 1 192.168.140.0 255.255.255.0 192.168.33.154 1 172.0.0.0 255.0.0.0 192.168.33.154 1 192.168.25.0 255.255.255.0 192.168.33.154 1 192.168.90.0 255.255.255.0 192.168.33.154 1 192.168.60.0 255.255.255.0 192.168.33.154 1 192.168.61.0 255.255.255.0 192.168.33.154 1 192.168.66.0 255.255.255.0 192.168.33.154 1 192.168.67.0 255.255.255.0 192.168.33.154 1 192.168.64.0 255.255.255.0 192.168.33.154 1 192.168.65.0 255.255.255.0 192.168.33.154 1 192.168.68.0 255.255.255.0 192.168.33.154 1 192.168.70.0 255.255.255.0 192.168.33.154 1 192.168.18.0 255.255.255.0 192.168.33.154 1 192.168.171.0 255.255.255.0 192.168.33.154 1 C:\Documents and Settings\hackp13$> We hav PIX in our workplace.. We hav Trend Micro office scan.. Using Trend Micro Proxy Server.. Is there any new vulnerability on 2003 server?? Please help....
-
yea, my exception list is really too big.. Running morethan 40 Website, internal cum external.. It's tough to add all of there info in exception list.... it's really mixture list. having .com,.co.in and .in I think i must try first solution.. Thanks
-
is there any way to increase the limitation of exception list in IE proxy TAB (in Group Policy), coz it's already full, but i still need to add 1 or 2 intranet website info in there, **I am already using wild character. OS: Windows 2000 Advance Server.. Please help me.. Thanks.
-
what is the silent installation switch of opera9 Final version..
-
Delete Folder End Install ( Help )
justhink replied to AHRIMANSEFID's topic in Unattended Windows 2000/XP/2003
Make a "Remove.cmd" for removing folder with subfolder.. RD /S /Q "Folder Path" DEL /Q /F %systemdrive%\Remove.cmd Example Of RunOnceEX.CMD REG ADD %KEY%\095 /VE /D "Removing Temporary Files and Restarting Computer" /f REG ADD %KEY%\095 /V 1 /D "%systemdrive%\WINDOWS\System32\Remove.cmd" /f [color=#FF0000]REG ADD %KEY%\095 /V 2 /D "psshutdown -t 40 -r -f" /f[/color] --- If You use PSSHUTDOWN tool for Restart your computer..