Archive for the ‘Windows 2008’ Tag

Myth or True SMB BOSD

 

Today there is this story about the SMB BOSD is it true ?

first here is the full story http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html

My Windows Versions.

image image

I run the exploit and yes there is a BSOD 

image but there is no firewall on and everything is wide open. This is on my windows 2008 R2 RC build 7100

even with the Firewall on it still gets a BSOD the only thing you can do is block port 445. And I did a test on Windows 7 in my domain with the BSOD DC ;-( and no BOSD my Windows 7 is secure !!

image

 

image image On the left windows 7 <> right Windows 2008 r2 RC build 7100

After replacing the srv2.sys file and a reboot I did the test again and no more BOSD

image  but where did I find this new srv2.sys file <> yes in windows 7

Story confirmed partly true. but it can be fixed. when I do not know. but remember changing this file is not supported.

and you need to bypass the NT SERVICETrustedInstaller security rights.

You must remember turn your firewall on does not always help you port 445 ,138,139 are open if you make a block rule 445

image but maybe you need 445 ;-)

No I’m not gona help you to test this or tell you where to find the tools to do this.

Posted September 10, 2009 by Robert Smit in Windows 2008

Tagged with

Microsoft Network Monitor 3.3.1641

 

For troubleshooting you can use several tools. This time I used the microsoft network monitor 3.3 tool for network sniffing.

no not wireshark first I had to update I used an old version so after I installed 3.3 I’m ready to go. But after a “binging” I found extra updates and tools for the MNN3.3 Below is Info I grabed to get you started. Source info : Network Monitoring Team

Updated Parsers:

As you probably already know, we release new parsers on CodePlex every month. In these updates we’ve included updates for Windows 7 protocols. We also have support for Remote Windows Sockets (RWS) which is used to proxy TCP and UDP traffic from Winsock applications. Check out this blog for more information.

We post all the source code for the parsers, and you are free to look at the code, file bugs, request we take your parser code etc. This is a fully open-source parser project!

New Experts:

TCP Analyzer – TCP Analyzer lets you view TCP traffic visually and determine performance issues. This blog has more information.

Top Users – Top Users is an expert that lets you view the heaviest talkers on your network. This allows you to get a high level view and narrow down on machines that could be expectedly consume network bandwidth.

If you would like to create your own expert feel free to contacts us for information. http://nmexperts.codeplex.com has more details on how to submit a project for consideration.

New Public Forums:

The forums on Connect are normally for supporting our betas, though we’ll answer any question you have. However we now have public forums here, which is geared towards supporting the currently released version. Please post your Network Monitor 3.3 questions there so all users can learn from each other and feel free to answer question as well to help others out.

Hopefully this quick note will help you keep in touch with everything that is going on with Microsoft Protocols and Network Monitor 3.

Enjoy,

Network Monitor Team

Posted August 6, 2009 by Robert Smit in Windows 2008

Tagged with

Windows 2008 R2 RC File Server and print server

 

Below are the few steps to use a cluster as file server or as print server. These are just the basic’s

Start the wizzard choose the file server option and add a IP to the netbios name

clip_image002 clip_image004 clip_image006

select the disk that you want to use for file sharing

clip_image008 clip_image010 clip_image012

Now I make a share in this cluster , select the disk and if you want to change the permissions do this here. because I had the quorum disk on this disk the cluster folder is on the data disk.

clip_image014 clip_image016 clip_image018

clip_image020 clip_image022 clip_image024

This I like a lot below is the enable access based enumeration I made a post on how to do this in windows 2003.

Clustering Access-based Enumeration (ABE) – Windows Live

and now it is just a setting clap

clip_image026 clip_image028 clip_image030

You can create a DFS link if you want. This will I do in a next session.

clip_image032 clip_image034 clip_image036  

As you can see it is much next next I agree just the basics are easy to do. the next blog items are all about R2 RC.

I have almosted everything clusterd , so get some hardware and use R2 !

Posted May 20, 2009 by Robert Smit in Windows 2008

Tagged with

  • Tag