Help capture SSH Honeypot details and valid username and passwords used

Standard

Using this post, http://edgis-security.org/honeypot/kippo-01-getting-started/ , I have setup a SSH Honeypot with Kippo.
If you want, you can forward traffic from your own servers to mine and see the results of the SSH capture @ http://info.sethleedy.name/kippo/

Use this in your IPTables to forward your own port 22 traffic to mine @ IP 74.219.241.248 4.49.115.54.

Change ethernet device to match yours.

Remember to save your iptables for after reboot. iptables-save
Also, you better set this: sysctl net.ipv4.ip_forward=1 OR echo “1” > /proc/sys/net/ipv4/ip_forward

You can achive the same forwarding results by using
redir ( http://linux.die.net/man/1/redir )
or
socat ( http://linux.die.net/man/1/socat )
without making use of ip_forward, NAT and masquerading.

1,056 total views, no views today

PowerShell script to change administrator password on a list of machines – Ying LiMVP at myITforum.com

Standard

From: PowerShell script to change administrator password on a list of machines – Ying LiMVP at myITforum.com.

PowerShell script to change administrator password on a list of machines

Here is a PowerShell script to change local administrator (or any account interested) password on a list of remote machines. I am using my friend Don Hite’s VB Script as a starting point. So as always my hat off to Don!

$erroractionpreference = “SilentlyContinue”

$a = New-Object -comobject Excel.Application
$a.visible = $True

$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)

$c.Cells.Item(1,1) = “Machine Name”
$c.Cells.Item(1,2) = “Password Changed”
$c.Cells.Item(1,3) = “Report Time Stamp”

$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True

$intRow = 2

foreach ($strComputer in get-content C:\MachineList.Txt)
{
$c.Cells.Item($intRow,1)  = $strComputer.ToUpper()

# Using .NET method to ping test the servers – This is very cool!
$ping = new-object System.Net.NetworkInformation.Ping

$Reply = $ping.send($strComputer)
if($Reply.status -eq “success”)
{
# This is the Key Part
$admin=[adsi](“WinNT://” + $strComputer + “/administrator, user”)

$admin.psbase.invoke(“SetPassword”, “Whatever1”)

#$admin.psbase.CommitChanges() – I am surprised that I don’t have to do this!

# If this is for AD account, we could use PasswordLastchanged attribute. But WinNT provider does not #support the PasswordLastChanged attribute!

# I was trying to use passwordage attribute value but somehow I found it give you the value for last time, #may be because there is a delay for this attribute to propagate. So I made an “executive” decision to test #if passwordage is $null – so this may not be 100% accurate.

$pwage = $admin.passwordage

If($pwage -ne “0”)
{
$c.Cells.Item($intRow,2).Interior.ColorIndex = 4
$c.Cells.Item($intRow,2) = “Yes”
}
Else
{
$c.Cells.Item($intRow,2).Interior.ColorIndex = 3
$c.Cells.Item($intRow,2) = “No”
}
}
Else
{
$c.Cells.Item($intRow,2).Interior.ColorIndex = 3
$c.Cells.Item($intRow,2) = “Not Pingable”
}

$c.Cells.Item($intRow,3) = Get-Date

$Reply = “”
$pwage = “”
$intRow = $intRow + 1
}
$d.EntireColumn.AutoFit()

cls

Posted: Aug 23 2007, 11:23 AM by yli628 | with 3 comment(s)

Filed under: 

515 total views, no views today