On the Summary page of the Active Directory Domain Services Installation Wizard, you can click Export settings to save the settings that you specified in the wizard to an answer file. You can then use the answer file to automate subsequent installations of Active Directory Domain Services (AD DS).
The answer file is a plain text file with a [DCInstall] header. The answer file provides answers to the questions that are asked by the Active Directory Domain Services Installation Wizard. Using the answer file eliminates the need for an administrator to interact with the wizard. The Active Directory Domain Services Installation Wizard adds text to the answer file that explains how to use it, such as how to invoke it with the dcpromo command and which settings must be updated to use it.
During an unattended operation, a return code indicates whether or not the operation was successful. For information about return codes, see Unattended Installation Return Codes.
To use an answer file to install AD DS, type the following command at a command prompt, and then press ENTER:
dcpromo /answer[:filename]
Where filename is the name of your answer file.
Monthly Archives: May 2011
Best security vids in town
And some fun challenges and tutorials from Vivek
Sony Fails Again
Classic. So their systems got hacked. Then when they come back on, their offers are shit (the free games that is), takes a day to get the password reset e-mail. Then you click the link and get this
What a fuck up.
This is why
http://www.bit-tech.net/news/gaming/2011/05/18/psn-password-reset-vulnerability-uncovered/1
Fools.
“We want you to ID you are who you say you are, on the very information that was stolen”.
Classic.
What a dickhead
http://www.bit-tech.net/news/gaming/2011/05/18/sony-we-can-t-guarantee-security/1
If my house had been broken into, I wouldn’t inventory everything that maybe missing before calling the Fuzz!
XP Profile migration to new machine
To copy profiles from one machine to another machine on a domain and have it so XP carries on using those profiles on the new machine instead of it creating a new profile like jdoe.DOMAINNAME. Extract the key below from the registry of the old machine
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\ProfileList
Copy the profiles over to the new machine.
Once copied you may need to set the permission up again on their profile folder. You may need to add the user back in and give them full control.
Broken DNS?
Run DCDiag /test:dns to test and see what errors it shows.
Even after clearing out DNS some entries might not be showing there but still be in AD so run ADSI Edit and look through the System section for errors. Mine was old DC entries appearing in MicrosoftDNS section.
GPU Password Cracking – Bruteforceing a Windows Password Using a Graphic Card
GPGPU computing is getting lots of attention these days. GPGPU computing simply means doing general calculations on graphic cards (GPUs) rather than CPUs. Traditionally, GPUs were used only for getting graphical output, rendering frames in games and other purposes related to graphics. Lately, people started realizing that GPUs are far more efficient at handling highly parallel tasks and that there should be a way to code graphic cards. Though GPGPU computing is still at its infancy, a lot of progress has been made toward this direction. For example GPUs are used to speed up video conversion, video processing, doing scientific calculations, folding and password hash cracking.
The last one – password cracking looks very interesting and we are going to discuss about just that. Recently I came across a free password hash cracker called ighashgpu. This tool is developed by a guy called Ivan Golubev. It’s a command-line utility meaning, there is no GUI. Though allergic to command-line utilities, curiosity made me to meddle with the tool to see how fast my Radeon 5770 would crack passwords and the results are simply amazing.
Computer Name appear under My Computer-XP only
Just double click the file and say yes to merge to reg. Adds the Computer Name to appear under My Computer.
Fails on Windows 7 because the part of the reg that is edited in Windows 7 needs admin rights and even the admin doesn’t have rights, so you have to manually edit it. Annoying!
You can run the .reg above or if you don’t trust it, then edit the reg manually as shown below
Change Computer Name Text
Go to regedit
First go to
Delete the entry in (Default)
Rename LocalizedString just in case. Create a new “Expandable String Value” and rename it LocalizedString
Put in it
My Computer %COMPUTERNAME%
http://imageshack.us/photo/my-images/839/mycomp1.png/
Then it appears you have to go to (although not all the time. Sometimes just the first above edit works)
http://imageshack.us/photo/my-images/62/mycomp2.png/
And remove the txt in (Default)
Create a new “Expandable String Value” and rename it LocalizedString and put
%COMPUTERNAME%
Close regedit and press F5 and should update, if not reboot, if still doesn’t work then check over the reg changes again.
You can try and edit the keys in Windows 7 or Server 2008 but you’ll need to take control of those specific keys in the permissions tab or you’ll get access denied and won’t even be able to give yourself permissions to change the permissions to that key.
EDIT-Just tried in Server 2008 R2 and appears it doesn’t know what the %COMPUTERNAME% tag is so just shows %COMPUTERNAME% oh well.
(I think I need to look at a site redesign as the small area means having problems adding images hence the external image links above)
For The Love of Music
For The Love of Music
Wonderland Models Security Issue
http://www.youtube.com/watch?v=wSlHEKQAQ04
I’d avoid shopping at their online store until they fix HTTPS. Neither their registration page uses HTTPS nor does the login box. So user names and passwords are sent over in plain text. Makes you wonder what sort of security they have on the customer database. I bet that’s not even encrypted.
The issue is if anyone is sniffing the traffic on the network you’re on, they’ll be able to get your login details and password for that site. If you use the same password on othersites then they’d be able to gain access to that as well.
Reported it almost a week ago to them and their website devs. Both have ignored the e-mails. And their contact e-mail in fact fails. I had to use their online form.
UPDATE- They have finally contacted me and said they are working on fixing security across the whole site.
UPDATE 2 -This has now been fixed. I’ve tested and all now fine so I removed the video.