justhink
Content Type
Profiles
Forums
Events
Posts posted by justhink
-
-
Solved!!
0 -
Hi All,
I have created following batch file which will read value from a text file and set a variable. But somehow it's not working, to debug, i have added several pause on the file, and found that it's automatically closing after executing FOR statement.
But if i execute the for statement on direct command line it's working and also it's setting the variable.
Please help me to fix this
@echo off
pause
FOR /F "tokens=2" %a in (C:\chk.txt) do set _port=%a
pause
::set _reg=open
if "%_port%" == "open" ( echo : True :
pause
exit)
echo : False :
pause
exitContent of the chk.txt is:
25/tcp open smtp
After executing FOR statement directly on command prompt.
C:\>FOR /F "tokens=2" %a in (C:\chk.txt) do set _port=%a
C:\>set _port=open
C:\>echo %_port%
open
C:\>0 -
Try this you will have to add the code you want it to run.
Option Explicit
Dim Act :Set Act = CreateObject("WScript.Shell")
Dim objItem, colItems, objWMIService, strComputer
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
If InStr(objItem.Caption,"2000") Then
WScript.Echo objItem.Caption
End If
If InStr(objItem.Caption,"2003") Then
WScript.Echo objItem.Caption
End If
If InStr(LCase(objItem.Caption),Lcase("XP")) Then
WScript.Echo objItem.Caption
End If
NextThis 1 works fine but after few little modification, but thank you..
Option Explicit
Dim objItem, colItems, objWMIService, strComputer, objShell
strComputer = "."
Set objShell = CreateObject("WScript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
If InStr(objItem.Caption,"2000") Then
objShell.Run "secedit /refreshpolicy", 1, True
End If
If InStr(LCase(objItem.Caption),Lcase("XP")) Then
objShell.Run "gpupdate", 1, True
End If
Next0 -
To determine the Windows version:
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSettings = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each OS In colSettings
Wscript.Echo OS.Caption
WScript.Echo OS.Version
NextFor XP for example, it will give this output:
Microsoft Windows XP Professional
5.1.2600You can put the output in a variable and make a Select Case to execute te gpupdate or secedit, dependig on the Windows version.
Happy coding.
I can do this much..
On Error Resume NextSet objShell = CreateObject("WScript.Shell")
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
If InStr(1,objItem.Caption,"Server") Then objShell.Run "notepad.exe", 1, True
Next
objShell.Run "calc.exe", 1, True
This script can detect and run specific file for on specific os, there is a problem, when i run it on Windows 2003 it's opening both notepad and calculator, but on XP it opens calculator only,
so how do i add stop execution after it open notepad on 2003..
Thanks..
0 -
Nedd to run a vbs script on logon, which update group policy, but there are few clients are using 2000 professional, so GPUPDATE won't use, hav to use SECEDIT so, can some 1 tell me how to determin OS via VBS so it can run GPEDIT on XP clients and SECEDIT on 2000 clients,
Please help me, urgent,
Script is >
Set objShell = CreateObject("WScript.Shell");this will run on XP
objShell.Run "gpupdate /force", 1, True
;But i don't know how...
;This will for 2000
objShell.Run "SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE", 1, True
0 -
I've not seen that particular one before - looks like some sort of remote hack though. Again, I'd rebuild those boxes, but cleaning them offline might be sufficient if you can't afford the downtime associated with a rebuild (although, you'll never be sure they're completely clean without rebuilding...).
System Rebuild complete, rebuild in offiline, then fully patched, also blocked all direct internet access... Till now no more hack,
If there is any new vulnerability on 2003 server, then i am sure they will hack again, coz our external ip are same..
Now we just ahv to wait untill next attack..
Thanks for your kind help..
JusThinK
Are these proxy servers behind a firewall at all?
Yea, all are behind PIX Firewall, but allowed to access direct internet using DNS ip of ISP.
0 -
I've not seen that particular one before - looks like some sort of remote hack though. Again, I'd rebuild those boxes, but cleaning them offline might be sufficient if you can't afford the downtime associated with a rebuild (although, you'll never be sure they're completely clean without rebuilding...).
System Rebuild complete, rebuild in offiline, then fully patched, also blocked all direct internet access... Till now no more hack,
If there is any new vulnerability on 2003 server, then i am sure they will hack again, coz our external ip are same..
Now we just ahv to wait untill next attack..
Thanks for your kind help..
JusThinK
0 -
thanks,
Added Scren shoot and netstat
0 -
Hi All,
Today 3 Proxy server in on my workplace attacked by some hacker, Server running Windows 2003 Std Edition(Service Pack 2).
Attack Details,
A account created with administrative privilege and while we checked, it 's logged on with that account, strange thing is, it's showing built in account, also a exe file called AutoSQL and it started scanning lot's of Public IP's, looks like it broadcasting,
created account is hackp13$, and on event log, it showing following successful logon.
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 551
Date: 25/04/2008
Time: 6:25:01 PM
User: AFT-PROXY\hackp13$
Computer: AFT-PROXY
Description:
User initiated logoff:
User Name: hackp13$
Domain: AFT-PROXY
Logon ID: (0x0,0x3b7fec)After initial shock, we did scan with Microsoft Baseline Security Analyzer, it's showing 3 critical update, and 2 important update reqd. and most interesting part is when I was installing update via Windows update, suddenly hacker take my full desktop control, accessing my mouse, keyboard, and cancel update, then open Internet Explorer, open a site,
Service Window.
AutoSql
IP Scan
Netstat 1
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\hackp13$>netstat
Active Connections
Proto Local Address Foreign Address State
TCP asdf:1047 asdf:ms-sql-s ESTABLISHED
TCP asdf:1048 asdf:ms-sql-s ESTABLISHED
TCP asdf:1050 asdf:ms-sql-s ESTABLISHED
TCP asdf:1051 asdf:ms-sql-s ESTABLISHED
TCP asdf:1052 asdf:ms-sql-s ESTABLISHED
TCP asdf:1053 asdf:ms-sql-s ESTABLISHED
TCP asdf:1054 asdf:ms-sql-s ESTABLISHED
TCP asdf:ms-sql-s asdf:1047 ESTABLISHED
TCP asdf:ms-sql-s asdf:1048 ESTABLISHED
TCP asdf:ms-sql-s asdf:1050 ESTABLISHED
TCP asdf:ms-sql-s asdf:1051 ESTABLISHED
TCP asdf:ms-sql-s asdf:1052 ESTABLISHED
TCP asdf:ms-sql-s asdf:1053 ESTABLISHED
TCP asdf:ms-sql-s asdf:1054 ESTABLISHED
TCP asdf:2602 asdf:7000 ESTABLISHED
TCP asdf:3103 asdf:7000 CLOSE_WAIT
TCP asdf:5001 asdf:1088 CLOSE_WAIT
TCP asdf:7000 asdf:2602 ESTABLISHED
TCP asdf:7000 asdf:3103 FIN_WAIT_2
TCP asdf:1637 222.76.64.57:8000 ESTABLISHED
TCP asdf:2603 207.46.110.40:http ESTABLISHED
TCP asdf:8080 192.168.16.29:1529 ESTABLISHED
TCP asdf:8080 192.168.33.75:4849 TIME_WAIT
TCP asdf:8080 192.168.33.75:4854 TIME_WAIT
^C
C:\Documents and Settings\hackp13$>netstat -n
Active Connections
Proto Local Address Foreign Address State
TCP 127.0.0.1:1047 127.0.0.1:1433 ESTABLISHED
TCP 127.0.0.1:1048 127.0.0.1:1433 ESTABLISHED
TCP 127.0.0.1:1050 127.0.0.1:1433 ESTABLISHED
TCP 127.0.0.1:1051 127.0.0.1:1433 ESTABLISHED
TCP 127.0.0.1:1052 127.0.0.1:1433 ESTABLISHED
TCP 127.0.0.1:1053 127.0.0.1:1433 ESTABLISHED
TCP 127.0.0.1:1054 127.0.0.1:1433 ESTABLISHED
TCP 127.0.0.1:1433 127.0.0.1:1047 ESTABLISHED
TCP 127.0.0.1:1433 127.0.0.1:1048 ESTABLISHED
TCP 127.0.0.1:1433 127.0.0.1:1050 ESTABLISHED
TCP 127.0.0.1:1433 127.0.0.1:1051 ESTABLISHED
TCP 127.0.0.1:1433 127.0.0.1:1052 ESTABLISHED
TCP 127.0.0.1:1433 127.0.0.1:1053 ESTABLISHED
TCP 127.0.0.1:1433 127.0.0.1:1054 ESTABLISHED
TCP 127.0.0.1:2602 127.0.0.1:7000 ESTABLISHED
TCP 127.0.0.1:3175 127.0.0.1:7000 ESTABLISHED
TCP 127.0.0.1:5001 127.0.0.1:1088 CLOSE_WAIT
TCP 127.0.0.1:7000 127.0.0.1:2602 ESTABLISHED
TCP 127.0.0.1:7000 127.0.0.1:3103 TIME_WAIT
TCP 127.0.0.1:7000 127.0.0.1:3175 ESTABLISHED
TCP 192.168.33.3:1637 222.76.64.57:8000 ESTABLISHED
TCP 192.168.33.3:2603 207.46.110.40:80 ESTABLISHED
TCP 192.168.33.3:3176 74.54.68.215:80 ESTABLISHED
TCP 192.168.33.3:8080 192.168.16.29:1529 ESTABLISHED
TCP 192.168.33.3:8080 192.168.33.75:4849 TIME_WAIT
TCP 192.168.33.3:8080 192.168.33.75:4854 TIME_WAIT
TCP 192.168.33.3:8080 192.168.44.22:2778 TIME_WAIT
TCP 192.168.33.3:8080 192.168.44.22:2779 TIME_WAIT
TCP 192.168.33.3:8080 192.168.44.22:2780 TIME_WAIT
TCP 192.168.33.3:8080 192.168.44.22:2782 ESTABLISHED
TCP 192.168.33.3:8080 192.168.44.22:2783 TIME_WAIT
TCP 192.168.33.3:8080 192.168.44.22:2784 TIME_WAIT
TCP 192.168.33.3:8080 192.168.90.60:1746 FIN_WAIT_2
TCP 192.168.33.3:8080 192.168.90.60:1747 FIN_WAIT_2
C:\Documents and Settings\hackp13$>Netstat 2
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\hackp13$>netstat -nr
Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 11 11 5f 28 60 ...... Intel(R) PRO/1000 CT Network Connection
0x1000004 ...00 11 11 5f 28 62 ...... Intel(R) PRO/100 VE Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.33.154 192.168.33.3 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.0.0.0 255.0.0.0 192.168.33.154 192.168.33.3 1
192.168.10.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.11.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.12.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.14.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.16.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.18.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.20.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.22.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.23.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.24.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.25.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.31.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.33.0 255.255.255.0 192.168.33.3 192.168.33.3 1
192.168.33.3 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.33.255 255.255.255.255 192.168.33.3 192.168.33.3 1
192.168.36.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.37.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.38.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.39.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.44.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.45.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.60.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.61.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.64.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.65.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.66.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.67.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.68.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.70.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.80.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.88.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.90.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.100.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.140.0 255.255.255.0 192.168.33.154 192.168.33.3 1
192.168.171.0 255.255.255.0 192.168.33.154 192.168.33.3 1
224.0.0.0 224.0.0.0 192.168.33.3 192.168.33.3 1
255.255.255.255 255.255.255.255 192.168.33.3 192.168.33.3 1
Default Gateway: 192.168.33.154
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.22.0 255.255.255.0 192.168.33.154 1
192.168.23.0 255.255.255.0 192.168.33.154 1
192.168.11.0 255.255.255.0 192.168.33.154 1
192.168.14.0 255.255.255.0 192.168.33.154 1
192.168.24.0 255.255.255.0 192.168.33.154 1
192.168.16.0 255.255.255.0 192.168.33.154 1
192.168.12.0 255.255.255.0 192.168.33.154 1
192.168.44.0 255.255.255.0 192.168.33.154 1
192.168.45.0 255.255.255.0 192.168.33.154 1
192.168.88.0 255.255.255.0 192.168.33.154 1
192.168.38.0 255.255.255.0 192.168.33.154 1
192.168.31.0 255.255.255.0 192.168.33.154 1
192.168.37.0 255.255.255.0 192.168.33.154 1
192.168.39.0 255.255.255.0 192.168.33.154 1
192.168.36.0 255.255.255.0 192.168.33.154 1
192.168.100.0 255.255.255.0 192.168.33.154 1
192.168.20.0 255.255.255.0 192.168.33.154 1
192.168.80.0 255.255.255.0 192.168.33.154 1
192.168.10.0 255.255.255.0 192.168.33.154 1
192.168.140.0 255.255.255.0 192.168.33.154 1
172.0.0.0 255.0.0.0 192.168.33.154 1
192.168.25.0 255.255.255.0 192.168.33.154 1
192.168.90.0 255.255.255.0 192.168.33.154 1
192.168.60.0 255.255.255.0 192.168.33.154 1
192.168.61.0 255.255.255.0 192.168.33.154 1
192.168.66.0 255.255.255.0 192.168.33.154 1
192.168.67.0 255.255.255.0 192.168.33.154 1
192.168.64.0 255.255.255.0 192.168.33.154 1
192.168.65.0 255.255.255.0 192.168.33.154 1
192.168.68.0 255.255.255.0 192.168.33.154 1
192.168.70.0 255.255.255.0 192.168.33.154 1
192.168.18.0 255.255.255.0 192.168.33.154 1
192.168.171.0 255.255.255.0 192.168.33.154 1
C:\Documents and Settings\hackp13$>We hav PIX in our workplace..
We hav Trend Micro office scan..
Using Trend Micro Proxy Server..
Is there any new vulnerability on 2003 server??
Please help....
0 -
yea, my exception list is really too big.. Running morethan 40 Website, internal cum external..
It's tough to add all of there info in exception list....
it's really mixture list. having .com,.co.in and .in
I think i must try first solution..
Thanks
0 -
is there any way to increase the limitation of exception list in IE proxy TAB (in Group Policy), coz it's already full, but i still need to add 1 or 2 intranet website info in there,
**I am already using wild character.
OS: Windows 2000 Advance Server..
Please help me..
Thanks.
0 -
what is the silent installation switch of opera9 Final version..
0 -
Make a "Remove.cmd" for removing folder with subfolder..
RD /S /Q "Folder Path"
DEL /Q /F %systemdrive%\Remove.cmdExample Of RunOnceEX.CMD
REG ADD %KEY%\095 /VE /D "Removing Temporary Files and Restarting Computer" /f
REG ADD %KEY%\095 /V 1 /D "%systemdrive%\WINDOWS\System32\Remove.cmd" /f
[color=#FF0000]REG ADD %KEY%\095 /V 2 /D "psshutdown -t 40 -r -f" /f[/color] --- If You use PSSHUTDOWN tool for Restart your computer..0 -
Thank for uploading to MSFN server...
0 -
lol, quite old topic...
0 -
PEBuilder Tool Kti for PEBuilder...
Cuttent version : 1.02
Now AdminPrivilegesRequired for InstallationPEBuilder Tool-Kit v1.02 By JusThinK_Update
Collection of Useful tools for PEBuilder..
List of tools:
- Sysinternals - junction(Location : Sys32)
- Redcl0ud's PEreg
- DEKO's Reg2PE
- Sherpya's RegHives(Location : Sys32)
- RegShot 1.7
- ResHacker 3.4
- UPX With Context Menu Extention(Location : Sys32)
- Nir Sofer Icons Extractor
- Added-Royalbox-bazz's Plugin Creator v4.1.2
- Added-Double Driver v1.0 For Drivers
- Added-ContextMenu
Command Prompt Here > Extention
DLL and OCX File Registration(REGSVR32)
Download link :
0 -
Few days ago i download **** Smal lLinux 2.1 Rc1. It just beyound my imagination...
It has very good loock with so many utilities..
After downloading i try to put it into my own customize Multiboot CD using EasyBoot Software....
I extract the boot image file from the CD(Using ISO-Blaster) and put it into my run menue...but there is a problem, when i select the DSL boot menu, it wont boot and Displayes "Image Checksum Error"...
I also try it with "CD Shell 2.1.6" to boot the full ISO file...Now it boot, but after detecting USB, It shows the following massage...
"Can't find KNOPPIX filesystem,sorry Dropping you to a (very limited) shell...."
I also try it with "isolinux" command i CD-Shell...Initially it shows startup menu and then stop responding.
Is there any way to fix this problem....???
Plz help me.
0 -
I know.....
But in the parent site, original sof comes with no installer/uninstaller..
I just packed it....and that i mention in my topic....*"Virtual Floppy Drive with Installer(Packed)"
0 -
Hi All,
Use this..
Virtual Floppy Drive with Installer..
This is a very good tools for creating and editing flopy images.........
0 -
Hi all,
I face some problem in ERD Commander 2005. When i access any other computer via network in ERD commander, den i got two problem....
1st one is.............
2nd one is............
Plz help me to solve the problem............
0 -
hi All,
I have some problem in ERD Commander 2005..
When i try to access other computer from ERD Commander via network a error occour.
1st it shows "ERROR 5" and Then "Access Denied".. If there is any solution then plz tell me........
0 -
Hi all,
In windowsXP,
when i connected to internet via my ADSL broadband modem, the upload and download automatically started. I manualy stop "windows automatic updated". I also installed "McAfee AntiSpyware",and removed the listed item which is detected by the spyware, but the problem is still on.
Please help me to solve this problem,cause my broadband connection has upload and download limitation and i don't want to weast my limited account.
0 -
Hi,
All
Is there any way to add Bart PE and ERD Commander In One CD......
If so then help me to make the CD.
0 -
Hi All,
Is there any way to add serial mouse support in ERD Commander 2005....
Plz Help me
0
Need help on creating a batch file.
in Windows XP
Posted
I am extremely sorry for doing so, I was i hurry to solve the problem, and after it solved, i was busy with another problem.
So sorry again, and in future i will not do the same..
JusTy