Using the command line tool, ldapquery, the command is this:
ldapsearch -h myldapserver uid=myloginname mailserver
That returns a line like this:
mailserver=CN=mymailserver/OU=xxx/O=xxxx
I've tried every variation I can think of using VBS and I can query and get results returned from many other available properties, but some fail including most importantly this one, with a method not supported error. I know it is there, because I can use the command line tool to get it, but I can't figure out how to cleanly do it in VBS.
Anyone have any ideas? Thanks!!
I just wanted to close this up, it had been a while since I've been on. Basically it turned out that my query was good, but that the server I was interacting with had been improperly setup so there were a lot of inconsistencies resulting in what seemed like a coding error. In the end, what was required was a shell out to the ldapsearch program, clunky, but functional.
Related
I have several flows. I want to save result of these flows (succes, faile or something else) into MS SQL table. I cannot find how I can achive that.
Maybe we can save output result into file (not manually). I never worked with Caligo before. I just trying to find some options. Or maybe we don't have logging at all?
Can you please help me insert my bash script into freeradius. I would like to start my script each time a user is allowed access via freeradius to my network.
I tried to insert my script into queries (/etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf), but the script is not invoked.
If you have any idea on how to do this please let me know.
Thank you in advance!
Adding random things to the SQL configuration isn't going to help here.
You need to configure the exec module, the best example is in mods-enabled/echo (though also see mods-enabled/exec). There are examples in that file on how to point to the script that you want to run, and what it should return.
Then to ensure that it is run after a successful authentication, make sure that echo (or whatever instance name you gave to the module configuration) is listed in the post-auth{} section of the correct virtual server, most likely sites-enabled/default.
Note that calling out to external scripts is nearly always a bad idea, it will cause performance to drop significantly. There is usually a better way to solve the problem.
I'm trying to get the user's last logon in some Windows machines using WMI, but for some reason, this information is different for different commands when I think they should be the same.
The first command that I'm using is : PATH Win32_NetworkLoginProfile WHERE "Name='DOMAIN\\fakeuser'" GET LastLogon. The result for it is like below:
LastLogon
20181206093540.000000-480
The second command is: PATH Win32_NTLogEvent WHERE "(EventIdentifier =4648 OR EventIdentifier = 4647 OR EventIdentifier = 4634)" GET CategoryString, TimeGenerated, InsertionStrings
The result is like below (after some processing to find the last entry of category "Logon" linked to the "fakeuser", since the command returns a lot of information):
CategoryString
Logon
InsertionStrings
{"S-1-5-21-3457937927-2839227994-823803824-1104","DOMAIN$","DOMAIN","0x3e6","{00000000-0000-0000-0000-000000000000}","fakeuser","DOMAIN","{00000000-0000-0000-0000-000000000000}","localhost","localhost","0x64c","C:\Windows\System32\svchost.exe","999.999.99.999","0"}
TimeGenerated
20181206173540.580545-000
For what I understand for these two commands, the LastLogon in the first result should be the same of TimeGenerated in the second one. Am I misunderstood something?
In my preliminary research, I found a possible bug in the WMI Timestamps, but I don't know if it is the same problem.
Some additional information:
These commands are executed using a script that make a remote connection using WinRM connection (ports 5985 and 5986) and then executes the commands to get the info, but I also tried to connect in the machine using RDP and execute it in Powershell with wmic PATH.... The result is the same.
I tested it in Windows 10 and also in Windows Server 2012, but the scripted will be used in some other Windows versions.
To get the Event numbers for the log class, I used this link
After first comment, I noticed that the problem is in time zones. Are there any way to set timezone direct in these commands or convert timezones between them?
I have a situation where I need to give a bunch of administrators a command to run from a Windows command line that contains a password. There is no workaround for this application to avoid having a password on the command line.
For example:
c:>mycommand -P mypassword
I just want to give them an encrypted string that decrypts to "mycommand -P mypassword" and executes that command with its parameters without displaying the unencrypted text.
Say like this:
c:>mycommanddecoder efouhpefibhusdvn,iu3r3ksjdfdfbpisiegf
I've googled but results tend to come up with PGP command line utilities and the like.
I could just write a custom executable to do the job but that wouldn't stop a savvy operator from viewing the object code. I could encrypt it internally but then there would still be a visible key unless I used a certificate ... and you get the idea. It quickly becomes a mission!
Any thoughts?
Thanks,
Mark
Your problem is that in the end you want the script / program / command line to result in a system call that spawns the mycommand executive with the password as a parameter. And this syscall can be observed. Whatever you do beforehand you will not get around this attack point. You probably should look for a solution where the password never needs to be stored on the computer at all, maybe outsource the functionality into a service running somewhere else.
I want to run a windbg script that will accomplish the following:
I want to track certain registers the moment an API is hit, without stopping due to timing issues. So , the moment the API is called, I want the script to open a logfile, echo the fact that the api is hit with the details of the parameters, and let it run till it hits the conditional brkpoint I've put at the API end, which simply closes the open logfile.
Now , the problem is, I want to do this multiple times, w/o the previous logfile getting overwritten. Ideally, if there is some command which lets me specify that the name of the logfile (.logfile file) by the timestamp of that moment, my problem is solved.
Can anyone help?
Pretty easy:
I'll have to use .logopen /t filename - what a no-brainer :)