Peter Van Eeckhoutte's Blog

Archive for the ‘My Free Tools’ Category

A couple of days ago, I have released a small perl script to back up Cisco IOS based switches via telnet.

I know there are a couple of similar scripts available on the internet, but most of them either use the “expect” functionality (which does not work all the time), or use SendKeys (which only works when the application has the ‘focus’, and thus cannot be safely scripted.), or are commercial tools.

So I decided to write a quick and dirty (free) script myself, which is purely based on a basic tcp socket connection.

I know, this script only works with telnet (clear text), but at least you can backup your switches (and if you have a dedicated management network, it may be ok to use telnet after all). Furthermore, you can safely schedule the script to run in the background, lean back, …

Just wanted to drop a quick note about the release of another free script. This time I’ve written a simple FTP fuzzer (with a little help from HDMoore) in Metasploit. You can read more about it (and download the script) at http://www.corelan.be:8800/index.php/my-free-tools/security/metasploit/simple-ftp-fuzzer-metasploit-module/

This is why I like Metasploit so much… :-)

Update : after running some fuzzing instances against a couple of FTP servers (Win32), I have noticed that some odd folders were created in my ftp root folder, and that these folders cannot be renamed or removed anymore

(Error message : “Cannot read from the source file or disk”)

Solution : the rmdir command allow you to remove these folders using a \\?\ reference

Let’s say the ftp root is located at ftp, and the folder that cannot be removed looks like a bunch of A’s, with spaces in between, then …

Hi, I decided to release another free utility I wrote a while ago. This small command-line utility can be used to find out where Active Directory users are logged on into, and/or to find out who is logged on on specific machines.  This should include local users, users that are logged in via RDP, user accounts that are used to run services and scheduled tasks (only when the task is running at that time).  I have not fully tested all scenario’s yet, but the first results look quite ok. You can download the utility from http://www.corelan.be:8800/index.php/my-free-tools/ad-cs/pve-find-ad-user/. You need .Net framework 2.0 on the machine that you are running the tool off, and you also need to have admin access on the computers you are running the utility against. The tool is compiled on a 32bit …

It may sound a bit extraordinary, but I needed to have the ability to change attachment filenames while they were being processed by the transport service on Exchange. I can’t really tell you why I needed this functionality, but I guess there could be many reasons to do so. (e.g. zip files should be renamed to .zip.renamed  so they need to be saved to disk first, renamed and then opened, and so on).  Anyways, I could not find a way to do this with the Exchange built-in features, so I had to write my own custom transport agent to do this.

The agent is written in C#, uses .Net Framework 3.5, uses the native MS Exchange API’s and works fine with Exchange 2007 (I’ve only tested SP1) and 2010 (beta 1). The dll has been compiled for x64 (64bit) systems only.
Putting …

In one of my earlier posts, I have talked about setting up a Windows 2008 based Certificate Authority/PKI. Once your Windows 2008 CA setup is in place and configured, you can go ahead and starting issuing certificates. But at the same time, you need to put a maintenance/management procedure in place so you can stay on top of certain tasks, such as processing pending certificate requests or identify certificates that will expire and need manual renewal.  Unfortunately there is no easy way to get notified when new requests are pending, or certificates will expire somewhere in the future. I wrote a small script that will help you putting in place this maintenance process. This free utility requires .Net framework and requires proper permissions to connect to the CA admin interface.  It uses the Windows Server 2003, …

ike-scan is a great tool to audit VPN/IPSec implementations.  This tool, which runs under Lunix, Unix, MacOS and Windows, can be found at www.nta-monitor.com/tools/ike-scan/ (Latest version at time of writing is 1.9). My Nessus ike-scan NASL wrapper may or may not work with earlier versions or newer versions, so test test test)

Some of the great features of ike-scan include extracting the PSK, or transform attributes to find all algorithms that are enabled on a device. Especially this last function may require some scripting and lots of time to go through the log files in order to see whether your solution is configured the way it should be configured.

So I decided to write a nessus nasl plugin to run ike-scans.

The plugin is in fact a wrapper around ike-scan and will parse the output, looking for specific settings :

Does the VPN …

I have written a small powershell script that will help you to monitor various hosts on your network.   Instead of using ping to see if a host is alive, this script will connect to tcp ports, so you can also monitor hosts behind firewalls (or hosts that cannot be pinged).  In addition to this, you can also test that a port is closed (and report that this is ok if that is what you want); and only report a problem when the port is found open (instead of closed)

The script can be downloaded from the link at the bottom of this post.
This is how it works
1. Download the script, unzip it, and put it in a folder on a machine that

has Powershell installed
has access to the hosts you want to monitor

2. Create a text file in the same folder, containing …