Security

Very simple encryption example with VBScript

I previously mentioned a routine that I wrote to encrypt a string. Now, before the security folks look at the code… understand this:

This is intended only to obscure a string from a casual prying eye. It is NOT intended to be a replacement for true encryption like 3DES and RSA encryption. Please do NOT assume this routine is in any way secure or uncrackable. It is intended to only be an exercise in working with strings and is only as secure as the price you have paid for it. Nothing. Furthermore, it is provided as-is without warranties and by using it you agree that all risk from it’s use is transferred to you.

….Now that we’ve gotten the unpleasant legal disclaimer out of the way… Lets discuss the code!

Essentially, The code uses a variable length key to obscure the original string by iterating through the string you want obscured and adding the ASCII value of the character at each position of the original string with the ASCII value of a rotating “key character” in the key provided to generate a new ASCII value. This new ASCII value is then converted to a character and added to the newly encrypted string. The obscured string is further obscured by the fact that the original string is reversed prior to being changed. 

This key position changes after each character in the original string is obscured. The result is the key is iterated through sequentially as the original string is encrypted and when the end of the key string is encountered the iteration through the key string is started again from the beginning of the key string until the original string is completely encrypted.

This process works because the ASCII values in the typical string and the typical key string when added together do not exceed 255. (The highest possible ASCII character) Essentially, Strings and Keys with ASCII values higher than 126 should not be used or the result could be unpredictable– or worse yet, an unencryptable string.

Now that I’ve explained a bit about the premise… Lets look at the code!

Option Explicit

Dim temp, key

temp = “Now is the time for all good men To come To the aid of their fellow countrymen.”
key = “huasHIYhkasdho1″

temp = Encrypt(temp,key)
WScript.Echo temp
temp = Decrypt(temp,key)
WScript.Echo temp

Function encrypt(Str, key)
 Dim lenKey, KeyPos, LenStr, x, Newstr
 
 Newstr = “”
 lenKey = Len(key)
 KeyPos = 1
 LenStr = Len(Str)
 str = StrReverse(str)
 For x = 1 To LenStr
      Newstr = Newstr & chr(asc(Mid(str,x,1)) + Asc(Mid(key,KeyPos,1)))
      KeyPos = keypos+1
      If KeyPos > lenKey Then KeyPos = 1
 Next
 encrypt = Newstr
End Function

Function Decrypt(str,key)
 Dim lenKey, KeyPos, LenStr, x, Newstr
 
 Newstr = “”
 lenKey = Len(key)
 KeyPos = 1
 LenStr = Len(Str)
 
 str=StrReverse(str)
 For x = LenStr To 1 Step -1
      Newstr = Newstr & chr(asc(Mid(str,x,1)) - Asc(Mid(key,KeyPos,1)))
      KeyPos = KeyPos+1
      If KeyPos > lenKey Then KeyPos = 1
      Next
      Newstr=StrReverse(Newstr)
      Decrypt = Newstr
End Function

Encryption and Decryption with VBScript

I’ve always been somewhat interested in encryption, but never been terribly good at understanding the math behind it and couldn’t find any example code for doing encryption and decryption with VBScript… so I thought I’d write something that would atleast shield characters in a document from a prying eye. It’s not your true encryption like RSA or 3DES, but I think it would thwart a typical prying eye.

 I’ll place the code itself in a post later this week, but wanted to give everyone a chance at cracking it. So here it is… my “ecrypted” sentance:

-aÆàA»IÖàDÖ,ß_?OUÇ”º²_Dß?UO^OsÉÆU¼iE¼<ÆàOE? ¼IOµi½xUE”DODQUäÇ”-¶AÜ<ÆUO^âs^ìDA

Did you crack it? Let me know by posting a comment with the sentance in it. If you’d like post your comment along with your suggestions for improving it, if you’d like.

Pinging a remote computer from another remote computer using the WMI Win32_PingStatus class in VBScript

I recently began working on trying to figure out ways to troubleshoot real problems with a VBScript and give me some diagnostic information about the current state of the environment. As I build this script I plan on sharing pieces of it bit by bit with you, my readers. I also wanted to get back to writing some WMI scripts that will help you all do your jobs more efficiently. Lastly, I wanted to begin building a “toolbox” script that you could use to write your own scripts. These are the goals I’m tracking toward in my next series of posts that contain VBScript code. Now onto this script…

The first piece of troubleshooting a problem, in my opinion, is ensuring that a communication path exists between two systems. Duh! However, simply pinging the systems individually from your desktop isn’t a good test… it only tests the your computer can communicate with the two systems, not that they can communicate with each other!

This script simply uses our friend WMI to make a call a remote computer requesting that computer ping another computer. Simple enough, but invaluable because how many times have you had to login to a remote computer to check if it can connect to a system? Now you don’t have to… you can do it from a script!

The script uses the Win32_PingStatus class in WMI. Essentially, it will only work on Windows XP and newer (Sorry, Windows 2000 and older doesn’t support the WMI class we need.) and the user executing the script will likely need to be an administrator on the system that is being called (but not necessarily being pinged). For further information on this class you can reference the Win32_PingStatus documentation.

Now lets get to the script!

 ‘Use a remote computer to ping another remote computer
Option Explicit 
‘Change the SourceServer and RemoteServer Strings below to servernames or IP addresses for you.
wscript.Echo RemotePing(”SourceServer”, “RemoteServer”)
wscript.Echo “Done!”

Function RemotePing( SourceComputer, DestinationComputer)

 Dim strComputer1, strComputer2
 Dim objWMIService, colItems, objItem

 strComputer1 = SourceComputer
 strComputer2 = DestinationComputer

 On Error Resume Next
  ’ error control block
  Set objWMIService = GetObject(”winmgmts:{impersonationLevel=impersonate}//” & strComputer1 & “\root\cimv2″)
  Set colItems = objWMIService.ExecQuery (”Select * from Win32_PingStatus ” & “Where Address = ‘” & strComputer2 & “‘”)
  For Each objItem in colItems
      If objItem.StatusCode = 0 Then
          RemotePing = strComputer1& “: Reply received from ” & strComputer2 & ” in ” & objItem.ResponseTime & ” ms.”         
      Else
       RemotePing = “Error pinging ” & strComputer2 & ” from ” & strComputer1 & “. The status code returned was :” & objItem.StatusCode
      End If
  Next
 On Error GoTo 0
End function

As always, this code works perfectly. However, sometimes the formatting of the blog breaks the code if you copy and paste it into your editor. So, if you’d like to not type or troubleshoot any syntax errors due to the copy and paste problems– I’ve provided the code for download, plus example output files  from my final tests for you. You’ll find the code and other files available for download from my website’s (www.websystemsadministration.com) File Depot under the ITKE Blog Scripts category. Enjoy and happy scripting!

Essential Tools: A free tool to mount an ISO cdrom or DVD image as a Virtual CDROM drive

We’ve all had times when we needed a file from an installation CD or DVD, but only had an ISO image available on the network. So, we have to copy the image to our machine then burn the image to media– just to get the file.

There are utilities out there that do this, like Alcohol 120%, but none seem to be free and free from ads or “Value add toolbars”. (Alcoholsoft makes Alcohol 52%, but it has toolbars). I’ve recently found a free utility that does fit the bill for my free essential tools series!

The tool is Virtual CloneDrive from Slysoft. Virtual CloneDrive delivers all the functionality you need to mount an ISO as a virtual CD/DVD Drive in a small (1.86Mb for a full install) FREE package! (As a added benefit, it appears to have multi-language support as well)

Once installed it adds a Virtual CDROM drive to your system that has a menu context “Virtual CloneDrive” that gives you the Mount and unmount options, just like Alcohol 120% does. And it keeps track of your recent ISO’s like Alcohol 120% as well.

It also registers .ISO files with itself and simply double clicking on the file automatically mounts the image in your virtual drive, a nice touch.

All in all, the performance is good and the integration with windows is top notch. Give it a shot, I’m sure you’ll find it to be one of your essential tools.

Know of a tool that you think is essential? Post a comment here and if I don’t already have it in my tool belt, I’ll add it and give it a shot. If it makes the grade– I’ll add it to the list of tools to review. The only criteria are:

1. The tool must be free, or inexpensive with a “Per User” or “site” type license. (No pay per installation licenses, please)
2. The tool (or it’s installation file) must be small enough to fit on a 256Mb flash drive for portability.
3. Command line run time options are beneficial, but not required.
4. If it has ads… it needs be truly INVALUABLE.
5. It should make the user’s job easier by gathering information or preforming a task that a typical Network or Systems Administrator would preform.

Enjoy!

How to associate specific WWW w3wp.exe process ID’s with a IIS application

One of the most difficult problems with troubleshooting a web application on a server that has many applications on it is determining which one of the applications is causing an issue. Sometimes that is easy because you see an error message or, in those rare cases where you get an actual screenshot, a URL is given to you to go on. However, often you don’t get such useful information! Most times you just notice a w3wp.exe process either taking up to much memory or using to many CPU cycles (or in some cases none at all), but there’s a vbscript solution for this!

The best part is that you don’t have to write a single line of VBScript code! It’s already been written for you my Microsoft! The only thing you need to do is be sure the applications have a different pool name from one another—which is always a good idea.At a command prompt you can run iisapp.vbs to get application pool information associated with a specific w3wp.exe process, like so:cscript c:\WINDOWS\system32\iisapp.vbsThis will return output similar to the following:

W3WP.exe PID: 17632   AppPoolId: Application-1
W3WP.exe PID: 17532   AppPoolId: Application-2
W3WP.exe PID: 5748   AppPoolId: Application-2
W3WP.exe PID: 14040   AppPoolId: Application-1

That’s it… easy as pie!

How to find a lost router password for most routers

In this installment, I thought I’d take a quick break from VBScript and give you a little networking information I stumbled upon.

Recently, at my current job site we had a situation where the client didn’t know the router password because a series of network administrators had left and the password was simply “lost in the shuffle”. Of course, you all know this is not a good situation to be in if you need to preform network maintenance or want to upgrade a portion of the network somehow.

Of course the only thing we could hope for was that the previous network administrators had NOT been security minded and left the router passwords blank, or that there had not been a console password configured… so started off with trying to figure out what the factory default passwords were for the particular router we were working with at the moment. In our search I found a really awesome resource, that will be invaluable if this ever happens to you here. This site has all the major player’s factory default router passwords in a database, simply select your manufacturer and click find password. Where you are then presented with the known factory default router passwords for specific models from the manufacturer! Awesomeness!

Well, as luck would have it, the last guy didn’t follow standard security practices and this site had the default router password we needed. We were able to get in and get the job done– and change the password when we were done. Plus, after such a scare, the client is sure to not let this happen again.

Now, we got lucky (and so did the client after years of service from the router with default passwords), but what if you need to get into a router and the password has been set to something other than default? Well, this situation is a bit harder– but not impossible. You need to see if you can get onto the console of the router, most major manufacturers have a mechanism for you to plug directly into a router with a serial cable and change settings. Hopefully, this will NOT have a console password– if it does try the defaults, just in case.

Once in, get a dump or output of the configuration. Then you will need to follow the manufacturers method to change the password. Should the console connection not have enough security to change the passwords– you may have to set the router to factory defaults. Be sure if you do this you have the configuration completely and you are prepared to rebuild it. I would not recommend you do this unless you have either done this before or you have 24/7/365 support and have the support folks on the phone while you do it.

Here is my recommendation (and I’ll probably get many security folks commenting differently) , but assuming the router is in a secured place, (a hall closet or the CEO’s office does not count) and locked away so only authorized people can get to it, I almost always leave no password on the console for cases just like this one I’ve mentioned.

Hopefully this helps someone out there and good luck!

Rant: Anyone else dislike those “enter the letters you see below” confirmation pages?

Ok, you guys know I try to at least stay on topic with respect to systems administration… but this time, as a systems administrator, I have to just share my complete frustration with a technology in use these days entirely to much, in my opinion.

That technology is the use of the automated images that are shown on pages that you have to enter the text shown in the image. I can never get them right the first time, but this one takes the cake!

 This has simply got to be the WORST one I have ever seen! I mean, I see gsp there– but what are those other letters? tun? tia? tian?tim? lun? I gave up.

Most sites do this so that scripters will not be able to write scripts that automatically post comments to discussion boards, like spam e-mails, with no real person actually doing the posting. It’s supposed to “verify your humanity”– however, you’ll have to take my word for it– I am human! If your reading this and you own a  site that does this to us or are considering it– please find a better way to protect us from the spam bots!

 Some other ways they do this is with multi colored text. And while I’m not color blind, they generally do it with reds, greens, and blues– three colors that are hard to see if you are color blind.

All this trouble simply because some yahoo thinks he’s going to get rich by posting comments and sending e-mails about prescription drugs, a stock tip, or some other stuff. (We’ve all seen them, so I don’t have to go into detail here. Thankfully.)

At any rate, thank you for listening… back to your regularly scheduled systems administration duties. If get a chance post a comment with your favorite experiences with this frustration, I’m sure we’d all love to read them!

Found discount: 50% off Kaspersky Antivirus Products

I don’t normally think enough about a product to pass these things on, or the discount isn’t real enough to warrant my bugging you with the information– but I recently found a link to Kaspersky Anti-Virus Products where they are offering almost 50% off your entire purchase of their antivirus products.

Thier products are pretty good, offering both home and business Antivirus solutions, and they are inexpensive enough to warrant a look if your in the market for antivirus software.

As I understand it, the offer is until March 31st and you enter the code 50KMS into the cart on checkout and the cost of the order is cut in about half. That’s substantial. When I tried it, the code wasn’t needed it looked like it was already discounted through the link I found above when I compared the shown prices with the website’s prices.

 Essentially, it ended up being $39.95 for a year of their latest antivirus application and only $20 for their newest mobil security product for smartphones and PDAs.

If your in the market for antivirus software– or looking to upgrade your current version of their product you might check it out.

Recently Updated:

Since the links above have expired, below is a link that is current for discounts to Kaspersky antivirus products:

Receive a discount on Kaspersky Lab products

Eventlog search tool — Find quick help with windows event log entries

While not VBScript related, I found this Microsoft Eventlog and Error Message Search a few days ago as I stumbled around looking for tools that I thought network administrators would need on my site that I’ve been toying with– I had to share the tool with you as well!

 The tool itself is an awesome resource, similar to EventID.net– except it’s FREE and it comes from Microsoft themselves providing links to Microosft content about the event entry or error message.

 You can search for any combination of the following:

Microsoft Product|
Version
Message ID
Event Source
File Name
Language

When you do it takes you to a search result page that lists the available results for your specific search, each seem to have not only an example of the message, but also an explanation of what the event means…. and the best part a section entitled User Action that gives a possible solution for the problem!

 Enjoy the tip!