The example below simply deletes any files older than 2 days from the root of the F:\Files directory.

Dim Fso
Dim Directory
Dim Modified
Dim Files
 
Set Fso = CreateObject("Scripting.FileSystemObject")
Set Directory = Fso.GetFolder("F:\Files")
Set Files = Directory.Files
 
For Each Modified in Files
 
If DateDiff("D", Modified.DateLastModified, Now) > 2 Then Modified.Delete
 
Next

From: http://remstate.com/2008/06/13/sysinternals-suite/

More, more, more little tools. The Sysinternals Suite is a large collection of handy little tools — including such famous tools as PsExec. It’s just a zip file, so it’s easy to install.

First grab the zip file from the Microsoft Sysinternal web site: http://download.sysinternals.com/Files/SysinternalsSuite.zip

Assuming you have 7-zip's Command Line Version (http://www.7-zip.org/download.html) you can type the following:

7za x -o"D:\program files\sysinternals\" SysinternalsSuite.zip

You can also use whichever compression utility you please.

Then, simply add it to the path.

PATH %PATH%;D:\Program Files\sysinternals
SETX PATH “%PATH%” -m

Done. :)

This is very simple but effective script. It list all the table names.

USE DatabaseName;
GO
SELECT SCHEMA_NAME(schema_id) AS SchemaName,name AS TableName
FROM sys.TABLES
ORDER BY SchemaName, TableName;
GO 

This is in response to Mike D's Blog post:
http://www.mikedipetrillo.com/mikedvirtualization/2008/10/building-a-500-vmware-esxi-host.html

In Mike's post he builds a computer for about $500. In as little as a few months the costs of many parts have decreased in price. I wanted Quad-core and 8 GB of RAM for my rig. This is what I came up with for a bit over $600.

Here is a case study of how stunnel can be used to test an SSL based protocol. We will create an stunnel configuration that reroutes the IMAP port (TCP 143) to the Secure IMAP port (TCP 993) on GMail's IMAP server (imap.gmail.com). We will than test the setup by using telnet.

I will be using Ubuntu 8.10 (Intrepid Ibex).

First, let's install stunnel.

sudo apt-get install stunnel

Edit /etc/default/stunnel4, change ENABLED=0 to ENABLED=1

UPDATED: Installing THC-Hydra 5.7 on Ubuntu Lucid Lynx 10.04
UPDATED:HOWTO: Install THC-Hydra 5.4 in Ubuntu Karmic Koala 9.10

Wikipedia describes THC-Hydra as "... software ... that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services." Its useful for doing quick tests against your servers to make sure that your users are not using simple passwords. In pen tester speak, this is called a brute-force attack.

I had a hard time installing THC-Hydra on Ubuntu Intrepid Ibex. Here is how I finally did it.

First installed dependencies. Note: I couldn't compile xhydra but I am including libgtk2.0 anyway. Maybe someone can post a solution.

sudo apt-get install libssl-dev libgtk2.0-dev

Next, grab the Hydra source code.

wget -c http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz

Today I bumped into an interesting application called pmdump (http://www.ntsecurity.nu/toolbox/pmdump/).

According to the website "PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process."

So how is this useful you may ask? Well, let me show you.

For my test case I decided to look at Google's Chrome Browser since I know I use passwords to log into web sites like my bank's site.

I looked up the PID (process Identification number) of the browser by using Microsoft Sysinternal's pslist command line tool.

C:\hacktools>pslist chrome
...
Name Pid Pri Thd Hnd Priv CPU Time Elapsed Time
chrome 2440 8 28 582 34892 0:02:13.609 7:59:29.048

UPDATED: Installing Metasploit on Ubuntu Lucid Lynx 10.04

Metasploit is another one of those best of breed applications found in many computer security experts' tool shed. Metasploit.com has instructions for installing Metasploit on Ubuntu/Kubuntu/Debian Linux on their website (http://trac.metasploit.com/wiki/Metasploit3/InstallUbuntu). I find that there are a lot of forums trying to get through the vague instructions.

Here are my steps for getting metasploit installed on Ubuntu Intrepid Ibex. Even the GUI works, which seems to be one of the biggest challenges.

First, install all the dependencies, Ruby on Rails and subversion.

sudo apt-get install build-essential ruby libruby rdoc libyaml-ruby libzlib-ruby libopenssl-ruby libdl-ruby libreadline-ruby libiconv-ruby libgtk2-ruby libglade2-ruby subversion sqlite3 libsqlite3-ruby irb

Port scanners allow you to scan a network and collect information quickly. NMap (http://insecure.org/) is probably the most used port scanner. The reason for this is that 1) its free as in beer and 2) its a REALLY good product. That being said, you will find a plethora of guides and forum discussion all over the internet.

Getting to know your network is easy with nmap. Need to find all the hosts on your network:

nmap -sP 192.168.1.0/24

What if an IIS worm is creating crazy traffic on your network, locate all the web servers on the network:

nmap -p80 192.168.1.0/24

The FOR command is one of those commands that can save you hours of repetitive work. As a sysadmin its important to look for easy ways to get rid of repetitive tasks like renaming files or copying a select number of files. I recently had to retrieve 3,000+ files from a folder containing over 3,000,000 files. Imagine how long it would take to selectively find these files. The benefit of the FOR command is that it is a "looping" command. In other words, it will do a given task over and over until a given condition is met.