I had a client with a huge list of hostnames that they needed to convert to IP addresses so they could scan them. That’s common. I used to have a Windows batch file to convert a list of hostnames to a list of IP addresses, so I dug it out of my archives. This isn’t like a ping sweep; they knew the machine names but their tool needed IPs.
I used the file to resolve lists of machines so I could load them into a centralized logging or vulnerability management system. This client had the same need and nobody there had a similar tool. So I shared mine with them. And I present it here so I won’t lose it again, and if you need it, you can use it too.
Sometimes you need to check your network speed in Windows 10. The information buried a bit but you can get there in about three clicks. When you need to know the raw specs of your network connection, here’s how to do it.
Depending on your network driver, it was sometimes easier to get this in previous versions of Windows. Sometimes all you had to do was hover over your network connection icon. But this method also works in Windows 7, even if you have a featureless network driver.
I had a Java app pointing at a Forcepoint (formerly known as Websense) proxy server. The proxy server wasn’t working, and the app was giving me a 407 error.
We had Websense set to require NTLM authorization, but it turns out Java won’t do NTLM, so the Java traffic wasn’t even showing up in the monitor.
My workaround was to have users open a browser, then go to any web page immediately before opening the app. By letting the browser authenticate for it, the Java app worked thanks to Websense having the credentials cached.
If you want, you can launch the applet with a batch file that uses IEcapt to hit any web page, then starts the applet.
The most infamous Microsoft patch of all time, in security circles at least, is MS08-067. As the name suggests, it was the 67th security update that Microsoft released in 2008. Less obviously, it fixed a huge problem in a file called netapi32.dll. Of course, 2008 was a long time ago in computing circles, but not far enough. I still hear stories about production servers that are missing MS08-067.
Last week, Microsoft took a look back at MS08-067, sharing some of its own war stories, including how they uncovered the vulnerability, developed a fix, and deployed it quickly. It’s unclear who besides Microsoft knew about the problem at the time, but one must assume others were aware of it and using it. They certainly were after the fall of 2008.
“So did you know there’s a Windows version of Shellshock?” a coworker asked the other day.
“What, Cygwin’s bash?” I asked.
“No, in CMD.EXE.”
I thought for a second, back to some really nasty batch files I’ve seen that do goofy stuff with variables and parenthesis and other reserved characters. Suddenly it made sense. Those cryptic batch files are exploiting the command interpreter to do things that shouldn’t be done. Then I smiled.
My tips for using Sysinternals’ Du.exe were well received last week, and my former coworker Charlie mentioned a GUI tool called Windirstat that I had completely forgotten about. For the command-line averse, it’s an incredibly useful tool.
But there’s one thing that Du.exe does that makes the CLI worthwhile. It will output to CSV files for further analysis. Here’s the trick.
DU -L 1 -Q -C \\SERVERNAME\C$\ >> servers.csv
Sub in the name of your server for servername. You have to have admin rights on the server to run this, of course.
For even more power, run this in a batch file containing multiple commands to query multiple servers, say, in your runup to Patch Tuesday. Open the file in your favorite spreadsheet, sort on Directory Size, and you can find candidates for cleanup.
Yesterday when performing a routine server inventory, I received a Windows 317 error, aka a Windows 0x13d error, when I tried to view some directories remotely from a batch file.
The exact text of the error message: The system cannot find message text for message number 0x13d in the message file for System.
If you’ve received a 0x13d error and you’re wondering what it means, it seems to be an unhealthy system’s way of saying “file not found.” In my case that’s what it appeared to be. If the lack of a human-readable error message bothers you, I found two possible culprits: One is system hardening–perhaps you’ve applied the recommendations from CIS, USGCB/NIST, or the DISA STIGs to the system–or the more likely culprit, services not running that need to be. Start with some very routine maintenance. Check the remote machine to make sure all the services that are set to start automatically are indeed running, and you might want to think about rebooting.
When researching the error code, I found an interesting scam—tons of sketchy web sites, some that did a decent job of impersonating Microsoft, offer programs to fix the issue. Microsoft doesn’t offer downloadable fix-its for error messages like this because these are the kinds of problems that require some human intelligence to resolve.
I use WMIC a lot to gather data in my job. Querying computers that have dashes (a.k.a. the minus sign, the “-” character) in the names cause an error message that says “invalid global switch.” Microsoft operating systems use the dash as a reserved character to indicate command options. Here’s how to get rid of the WMIC invalid global switch problem.
After a bad day at work last week, I went home and ordered The Phoenix Project (or here it is on Amazon), started reading it, and felt better. Like Office Space, but there’s more to learn from it.
Phoenix is more realistic. Every problem every shop I’ve ever worked in is in that shop, plus some I’ve (luckily) only heard about. But unlike Office Space, it has solutions beyond burning the building down. Read more
Here’s an old, old, but still useful tip that works on all NT-based versions of Windows (including Windows 7 and Windows 10). I wrote about this years ago but longtime reader Jim couldn’t find it here anymore, and I can’t either, so I’ll repost it for posterity. This is the clear print queue command line sequence for Windows. It works from the standard Windows CMD prompt.