Install Telnet Client from Command Prompt Windows 10

This post covers how to install the telnet client from the command prompt on Windows 10.

Run the following command:

pkgmgr /iu:”TelnetClient”

Jenkins Cleanup Old Builds

I wrote a quick shell script to cleanup old Jenkins builds. This will delete any build older than 30 days.

#!/bin/bash # jenkins_delete_old_builds.sh # Author: Steve Stonebraker # Date: 8/5/2019 # Description: Deletes any build older than 30 days # Place in crontab # @daily /bin/bash -x /root/scripts/jenkins_cleanup.sh > /root/scripts/jenkins_cleanup.log find /var/lib/jenkins/jobs/*/builds/ -maxdepth 1 -mindepth . . . → Read More: Jenkins Cleanup Old Builds

Detecting Windows Lateral Movement

I came across a great article on detecting windows lateral movement and wanted to share it with everyone:

CERT-EU Security Whitepaper 17-002

“Detecting Lateral Movements in Windows Infrastructure”

https://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf

Install Chrome using PowerShell

To install Google Chrome using Powershell (headless install) run the following command from and Administrative PowerShell Prompt:

$LocalTempDir = $env:TEMP; $ChromeInstaller = “ChromeInstaller.exe”; (new-object System.Net.WebClient).DownloadFile(‘http://dl.google.com/chrome/install/375.126/chrome_installer.exe’, “$LocalTempDir\$ChromeInstaller”); & “$LocalTempDir\$ChromeInstaller” /silent /install; $Process2Monitor = “ChromeInstaller”; Do { $ProcessesFound = Get-Process | ?{$Process2Monitor -contains $_.Name} | Select-Object -ExpandProperty Name; If ($ProcessesFound) { “Still running: $($ProcessesFound -join ‘, ‘)” . . . → Read More: Install Chrome using PowerShell

Sublime Text 3 – Select Entire Column (Mac)

Column Selection – Sublime Text 3

Selecting an entire column of text using Sublime Text 3 on a Mac can be frustrating.

Here is how to do it the easy way!

Legend ⌘ – Command ⇧ – Shift ⌃ – Control <- – Left Arrow -> – Right Arrow Instructions

Follow these steps:

⌘ + . . . → Read More: Sublime Text 3 – Select Entire Column (Mac)

Finding the Source of Windows Password Spraying Attacks

Password Spraying

Finding the source of Windows password spraying attacks can be daunting as the Event log does not provide the source IP of the machine making the calls.

Windows Event Logs

Ideally all of your Windows Event logs from your domain controllers should be going in to some type of SIEM. I will be . . . → Read More: Finding the Source of Windows Password Spraying Attacks

MISP Diagnostics internal error has occurred

Problem

You are using the MISP cloud base image and receive error “Error: an internal error has occurred” when trying to access diagnostics from “administration -> server settings -> diagnostics”

Solution

As root run the following commands

pear install /var/www/MISP/INSTALL/dependencies/Console_CommandLine/package.xml pear install /var/www/MISP/INSTALL/dependencies/Crypt_GPG/package.xml

Windows Batch Programming Notes and Examples

Recently I’ve been writing a lot of windows batch files that need to be compatible with both Windows 7 and Windows 10. I’ve decided to document some of what I have learned below.

Check if .bat file was ran with elevated privileges WHOAMI /Groups | FIND “12288” >NUL IF ERRORLEVEL 1 ( ECHO This batch . . . → Read More: Windows Batch Programming Notes and Examples

vmfusion cannot write to new drive windows 10

Recently I added a new drive to my Windows 10 VM using VMFusion 10.0.

I was unable to write to it even after making myself owner of it.

After digging in this for a while it appears that VMWare is treating new SCSI drives as USB devices and blocking writing (even though I can format . . . → Read More: vmfusion cannot write to new drive windows 10

Disabling Internet Explorer Security Mode from PowerShell

Internet Explorer Enhanced Security mode can be frustrating to disable. Here is a fast way to disable it.

First open an Administrative PowerShell Window.

Next run the following:

$AdminKey = “HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}” $UserKey = “HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}” Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0 Set-ItemProperty -Path $UserKey -Name “IsInstalled” -Value 0 Stop-Process -Name Explorer . . . → Read More: Disabling Internet Explorer Security Mode from PowerShell