Check the up/down status of servers and services with a batch file

Here is a template for a batch file you can run on demand to check the up/down status of servers and services using the command prompt.

Most companies will be using some sort of automated tool for monitoring the status of their servers however if you don’t have the budget or want something quick to use here is something you can setup which pings as many servers or services as you want and outputs their status to a text file which can quickly be scanned to find out if any have gone down unexpectedly.

Or maybe you pushed out a windows patch to all your machines and want to check everything has come back up after reboots?

Instructions:

  • Copy and Paste the below script into a text file and save it using any name but with a .bat extension
  • Place it in c:\X\       (if needed you can change this location in the script)
  • Edit the bat file and replace #SERVER and #SERVICENAME with whatever you are checking. The service name can be found in the properties 1
  • It should look like this:2
  • When you run the batch file it will output all the raw data into a file called servicestatus.txt then clean it up and place the final output into a file called FinalReport.txt which you can easily scan to see which servers either haven’t responded to ping or which services are showing as stopped.34

 

:

REM ———————–SECTION 1————————————–

REM This checker has 4 sections

REM Section 1 = Version details and notes

REM Section 2 = Pings a list of servers to ensure they are up

REM Section 3 = Contacts a list of services to ensure they are up

REM section 4 = Gets the raw output of sections 2+3 and removes unwanted lines, then outputs the results to finalreport.txt

REM ———————–SECTION 2————————————-

ping #SERVER1 >> c:/x/servicestatus.txt

ping #SERVER2 >> c:/x/servicestatus.txt

ping #SERVER3 >> c:/x/servicestatus.txt

REM ———————–SECTION 3—————————————-

sc \\#SERVER1 query #SERVICENAME >> c:/x/ServiceStatus.txt

sc \\#SERVER1 query #SERVICENAME >> c:/x/ServiceStatus.txt

sc \\#SERVER2 query #SERVICENAME >> c:/x/ServiceStatus.txt

sc \\#SERVER3 query #SERVICENAME >> c:/x/ServiceStatus.txt

sc \\#SERVER3 query #SERVICENAME >> c:/x/ServiceStatus.txt

REM ———————–SECTION 4———————————————–

findstr /v “statistics Packets Approximate Minimum TYPE WIN32 STOPPABLE SERVICE_EXIT_CODE CHECKPOINT WAIT_HINT” c:/x/servicestatus.txt > c:/x/FinalReport.txt

del “C:\X\servicestatus.txt” /f /q

Remove IP addresses from multiple log files

Log files can grow as large as you let them and if for any reason you need to redact the IP addresses they hold it’s often impractical to do it manually.

It can be automated using Notepad++ (A free text editor Notepad++ Download link) with some clever regex.

There are 2 different methods, one using simple regex which will do the job but will also remove some non-IP numbers which look similar in format to an IP address.

Quick and dirty method

Here are some demo log files with thousands of IP addresses inside:

regex1

Launch Notepad++ and select search >> find in files >>

regex2

The quick and dirty regex is : (\d{1,3}\.){3}\d{1,3}

set some replacement text or leave blank if you want to just delete the entries.

set the directory which contains your log files, and most importantly set the search mode to “regular expression”. It’s set to “Normal” by default.

regex3

When you press “Replace in Files” you’ll turn this:

regex4

Into :

regex6

As you can see it’s also gone through all of the log files and saved you a lot of manual time and effort:

regex5

Regex explained:

(\d{1,3}\.){3}\d{1,3}

(\d{1,3}\.) finds any set of numbers 1-3 digits in length with a full stop at the end.

{3} repeats the previous regex 3 times.

\d{1,3} is similar to the first part and searches for a set of numbers 1-3 digits in length but with no full stop at the end.

The reason you cannot simply use (\d{1,3}\.){4} is because the last octet of an IP address doesn’t end with a full stop.

The problem with this quick regex is that it will also pick up numbers such as:

999.999.999.999 which is not a valid IP. Depending on the contents of your log files this might not be a problem.

IP Specific regex

If the quick and dirty method doesn’t do exactly what you need you can use this much longer regex to specify the numbers which can appear in an IP address:

(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)

It will do mostly the same as the previous regex but is smart enough to not remove 999.999.999.999

regex8regex7regex9

How to add a custom module to Metasploit

Metasploit comes with thousands of modules preinstalled but there is nothing stopping you from adding some brand new ones from the internet or altering existing ones.

Here is the method for taking an existing exploit and adding your own custom version of it to Metasploit, the same instructions can be adapted for adding a brand new exploit from the internet.

  • By default in Kali the modules are all stored in /usr/share/metasploit-framework/modules it’s worth checking yours are here before we continue.

1

  1. Open up msfconsole and navigate to your modules folder2
  2. In this example we will be making a custom version of the ms02_056_hello.rb mssql exploit. Use the mkdir command to create a custom folder in a sensible location and copy the exploit into it using cp.3
  3. navigate to your custom folder and confirm the exploit copy is there:4
  4. Open up the exploit using any editor (Ignore this if you don’t intend on making any changes and have found a module from the internet:5
  5. Make the changes you want. In the screenshot below we have just changed the description to as a demonstration. Save your new exploit.6
  6. Use the mv command to give your exploit a custom name, this stops you accidentally confusing it with the original code in the future.7
  7. Metasploit won’t be able to find your exploit until it after you exit and reopen msfconsole. You’ll see a search error if you try: 8
  8. After closing and reopening msfconsole your code should be visible within Metasploit to use just like the preinstalled ones.9
Happy laptop serial number

Find Lenovo serial number using WMIC

 

It can be very annoying to try and find the serial number of your laptop only to realise its on a little sticker somewhere inaccessible, requiring you to hunt for a screwdriver to remove a panel, or forcing you to power down to remove the battery.

If you’ve had your machine for a while its possible the numbers on it have faded or the sticker has partly come off, forcing you to play a vague form of hangman to figure it out.

The serial number isn’t something most people care about, unless the laptop gets stolen or they are trying to check warranty online. Trying to find the serial after you’ve lost your laptop isn’t going to be too successful so its recommended to find it and make a note just in case.

If you do find yourself struggling to get the serial by looking at the sticker this might save you some frustration:

  1. open up an elevated command prompt
  2. Type “Wmic bios get serialnumber” and press enter

if the serial is registered in the BIOS it should get displayed on screen. I’ve tested the command successfully on various Lenovo laptops, and both HP and Dell desktops.

If you are on a network you can query the serial of a remote machine using:

  • wmic /node:NameOfRemoteMachine bios get serialnumber

If you don’t have the correct permissions to the other machine, or have mistyped the computers name you can expect to see this error:

WMIC error for no access or incorrect computer name
WMIC error for no access or incorrect computer name

If you get unlucky and the serial isn’t in the BIOS you’ll get this error and start swearing as you head back to Google to find another method:

wmic-error-2
WMIC error for no entry in BIOS

 

 

Hiding the author name in WordPress

Following on from the previous article about not making the admin account easy to spot we can apply the same train of thought to a WordPress blog. The majority of blogs on this site have a single author (this blog included). That means it’s safe to assume that the author of all the articles is the user who has admin rights to the blog.

WordPress used to force people to manually add code to the functions.php file, which is attached to every theme, however they must have noticed a lot of people doing it as they’ve now added a nifty toggle switch on the site which you can use to hide the author’s name. Heres how to find it:

  1. Once logged in to WordPress select “My Site” then “Customize”.
    Hiding the author name on blogposts
    Hiding the author name on blogposts

    2. Select “Content Options”.

    3. Untick the “Display author” box.

 

Display author checkbox

Your posts should now have a blank space where the author used to be shown:

no-author
Author info hidden

Little tips/tricks like these won’t stop any determined attacker, but remember. The longer someone has to spend getting access to somewhere, the more likely they are to give up before getting what they want.

 

ID tag - tagged photos

Untagging your tagged photos on Facebook, Instagram and Twitter

With the popularity of camera phones in recent years its very likely that anything you do on a night out with friends gets documented by someone else in either a photo or a video. Whilst your drunken dancing might be funny at the time and entertain all your friends it might not make you look like a good candidate for a job in the future (unless that job is a sloppy backup dancer).

If friends have uploaded the photos and tagged you in them it makes an interviewers life much easier when they search for your name to see what comes up.

The social sites don’t always make it obvious how to remove your tag from something so heres a how-to guide for Facebook, Instagram and Twitter.

How to Untag yourself from a photo on Facebook

  1. Log into Facebook and visit your activity log (little triangle in the top right corner).
    facebookactivitylog
    Facebook activity log

    2. Select “photos”, then browse the results and check any media you want to untag yourself from.

    how to untag yourself from facebook photos
    how to untag yourself from facebook photos

    3. Select “Report/Remove Tags”.

    4.Select “I want the photo untagged” and then”Untag photos”.

    Remove tag from facebook photo
    Remove tag from facebook photo

    How to untag yourself from an Instagram photo

Untagging yourself in Instagram is slightly more hassle as you need to be logged into the app on your phone or tablet, you cannot do it from their website.

  1. Open the app and go to your page by selecting the head and shoulders icon.
    instagram-iphone-untag-yourself-photo-1
    Instagram head and shoulders icon

    2. Select the clipboard in the top right.

    instagram-iphone-untag-yourself-photo-2
    Instagram clipboard Icon

    3. This should bring up a page with all the photos you have been tagged in, Browse through them and tap on the one you would like to remove yourself from.

    4.Select the 3 dots near the bottom of the photo.

    3 dots, instagram untag
    3 dots, instagram untag

    5. Select “photo options” and then “Hide from profile”.

Note: This doesnt remove the tag from the picture but it does remove it from your profile so people will have a harder time searching for it.

How to remove tagged photo from twitter

Now that twitter is about more than just 140 characters you might find yourself tagged in a tweeted photo. Praise goes to the twitter devs for making this one of the easiest sites to untag yourself from

  1. Log into your twitter account and navigate to the photo you are tagged in.
  2. Select the 3 dots at the bottom of the photo and select “Remove my tag from photo”.
    removetagfromtwitter
    Remove yourself from tagged twitter photo

    Note:This doesn’t remove the photo, it just removes your tag which makes it more difficult for people to find it associated with your account.