Disable SSL/TLS Diffie-Hellman Modulus 1024 Bits

When a SSL/TLS connection is established using DH <=1024 bits, an attacker could find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plain text or potentially violate the integrity of connections.

How to detect vulnerability?

Use nmap

nmap -Pn -p 443 –script ssl-dh-params <IP-address>

nmap DH 1024

 

How to fix vulnerable systems?

  1. Navigate to following path in Registry.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
\SChannel\KeyExchangeAlgorithms

2. Create new sub key named Diffie-Hellman, if it didn’t already exists.

DH 1024 Bits

3. Create DWORD called Enabled and set 0 value.

Disable SSL RC4 Cipher Suits on Windows Server

Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features. SSL/TLS protocols use ciphers such as AES, DES, 3DES and RC4 to encrypt the content of the higher layer protocols. However, RC4 is considered as practically vulnerable and RC4 is recommended to be disabled on Server.

How to detect Vulnerability?

Download and use testssl.sh

.testssl.sh –rc4 <ip-address>

testssl.sh rc4

 

How to fix Vulnerable Systems?

  1. Navigate to following path in regedit.

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
\SecurityProviders\SCHANNEL\Ciphers

2. Create following RC4 sub keys if they do not exists already.

Disable RC4 Cipher on Windows Server

3. Create REG_DWORD called Enabled and set as 0 value for all the 3 RC4 folders.

 

Windows User Must Tool – WhoCrashed

Are you Windows user? Do you face blue screen of death or auto restart issue? Just come and get this, WhoCrashed downloaded. It’s all free for home users.

What it does?

Whenever a computer running Windows suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, most computers running Windows do not show a blue screen unless they are configured to do so. Instead these systems suddenly reboot without any notice.

WhoCrashed shows the drivers which have been crashing your computer with a single click. In most cases it can pinpoint the offending drivers which have been causing misery on your computer system in the past. It does post-mortem crashdump analysis and presents all gathered information in a comprehensible way.

Lets move on with a sample report of my laptop.

Got the WhoCrashed downloaded (Download Here) and I followed simple and quick steps of installation. Pretty fine so far, because it works in Windows 7 Ultimate. Cheers! I opened the software, clicked on Dump Files and then ‘Analyze’ to let it analyze dump files in the default location c:\Windows\Minidump of Windows OS and other dmp files (You no need to specify any file path, it just picks from default location).

Amazing! so it runs so fast and quickly tell me that all my windows crashes are because of ‘Power State’. It’s true my laptop power is giving me really hard time and I need to fix it with new battery.

It is not stopped here, you still get additional details of your problem in ‘Report’ menu.

Download Windows 8 Consumer Preview

It’s Windows reimagined and reinvented from a solid core of Windows 7 speed and reliability. It’s an all-new touch interface. It’s a new Windows for new devices. And it’s your chance to be one of the first to try it out.

Client Version:

Windows 8 Consumer Preview works great on the same hardware that powers Windows 7:

  • Processor: 1 gigahertz (GHz) or faster
  • RAM: 1 gigabyte (GB) (32-bit) or 2 GB (64-bit)
  • Hard disk space: 16 GB (32-bit) or 20 GB (64-bit)
  • Graphics card: Microsoft DirectX 9 graphics device or higher
  • To use touch, you need a tablet or monitor that supports multitouch
  • To access Windows Store and to download and run apps, you need an active Internet connection and a screen resolution of at least 1024 x 768
  • To snap apps, you need a screen resolution of at least 1366 x 768

English

Download: 64-bit (x64)  – 3.3 GB Size

Download: 32-bit (x86) – 2.5 GB Size

Product Key: DNJXJ-7XBW8-2378T-X22TX-BKG7J

You can find additional  details here in Microsoft – Windows 8 Consumer Preview.

Server Version:

Download: 64-bit (x64)

Download: VHD

You can find more details here in Microsoft – Windows 8 Server Beta.

Script to retrieve members of local administrator group from LAN computers

The script enumerates members of local administrator group of all network machines specified in clientcomputers.txt and gives output in txt/html.

Requirements for running below script:
a. Administrative privilege on all machines to be enumerated
b. RPC (Remote Procedure Call) service should be running on all machines to respond to the query.

‘Enumerating members of local administrator group in all client machines
‘WMIC script written as batch file

‘Copyright(c) 2008 SKAP
‘Version 1.0 – 24/09/2008
‘This script enumerates members of local administrator group in all client machines.
‘Create a clientcomputers.txt file containing computer names of all machines on which you want to run this script
‘The script should run with administrative privilege on all client machines listed in clientcomputers.txt
‘rename file from txt to bat file to run

‘Output file is created as text file, output.txt
‘BEGIN
echo off
for /f %%i in (clientcomputers.txt) do wmic /failfast:ON /node:%%i /append:output.txt path win32_groupuser where (groupcomponent = “win32_group.name=\”administrators\”,domain=\”%%i\””)
pause
‘END

‘Output file is created as html file, output.html
‘BEGIN
echo off
for /f %%i in (clientcomputers.txt) do wmic /failfast:ON /node:%%i /append:output.html path win32_groupuser where (groupcomponent = “win32_group.name=\”administrators\”,domain=\”%%i\””) get /format:htable.xsl
pause
‘END