Wednesday, December 23, 2009

Backtrack 4 Beta in Windows with VmWare Workstation

This is a tutorial on how to install and set up backtrack 4 beta using vmware.

Steps to log into Backtrack 4 beta:
  1. hit "play" button
  2. boot into backtrack 4 beta
  3. bt login: root
  4. password: toor
  5. startx
Steps for setting up your network card:
  • type in "/etc/init.d/networking start" before typing in "startx"
  1. open terminal
  2. ifconfig eth0 up
  3. dhclient eth0

CamStudio - Free Streaming Video Software for Windows

CamStudio is able to record all screen and audio activity on your computer and create industry-standard AVI video files and using its built-in SWF Producer can turn those AVIs into lean, mean, bandwidth-friendly Streaming Flash videos (SWFs)
Here are just a few ways you can use this software:
  • You can use it to create demonstration videos for any software program
  • Or how about creating a set of videos answering your most frequently asked questions?
  • You can create video tutorials for school or college class
  • You can use it to record a recurring problem with your computer so you can show technical support people
  • You can use it to create video-based information products you can sell
  • You can even use it to record new tricks and techniques you discover on your favourite software program, before you forget them
More on CamStudio | Download CamStudio

Monday, December 21, 2009

FLV Player for Windows 7 and Vista - VLC media player

VLC media player is a highly portable multimedia player supporting most audio and video formats (H.264, Ogg, DivX, MKV, TS, MPEG-2, mp3, MPEG-4, aac, ...) from files, physical media (DVDs, VCD, Audio-CD), TV capture cards and many network streaming protocols.

More info & download VLC Media Player.

Snowman - Snowwoman Snow Job (Blow Job)

Sunday, December 20, 2009

Use Google to find FREE music on the web

Use Google operators to find unprotected directories of audio files or files of type .mp3.
-inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(wma|mp3) "Nickelback"
This will turn up several directory listings of Nickelback MP3's. Replace "Nickelback" with the artist, genre or keyword of your liking.

Note: this is not intended to be used to download mp3's illegally.


Download mp3 (music) files with wget

wget -nd -r --no-parent -A.mp3 -A.wma http://www.domain.com/music/
Brief explanation of wget options:
-nd - don't create directories
-r - recursively download
--no-parent - don't ascend to the parent directory
-A - allows you to specify which types of accepted files should be downloaded. In this case, all files with the .wma and .mp3 file extension will be downloaded.


Saturday, December 19, 2009

Bundling and Uploading an Amazon EC2 Windows AMI

Bundle the AMI
Log in to the Windows instance and customize it as desired.

In order to reduce the startup time, delete any temporary files on the instance using the Disk Cleanup tool, defragment your system using Disk Defragmenter, and zero out free space using sdelete -c C:\.

On a computer where the API tools are installed, enter the following command:
ec2-bundle-instance <instance_id> -b <bucket_name> -p <bundle_name> -o <access_key_id> -w <secret_access_key>
<instance_id> is the name of the instance, <bucket_name> is the name of the bucket in which to store the AMI, and <bundle_name> is the common name for the files to store in Amazon S3.

Amazon EC2 shuts down the instance, saves it as an AMI so you can launch at any time in the future, then restarts it.

ec2-bundle-instance i-69e8bc83 -b ami_images -p Web_Server_v3.5 -o W83UL9G462ZN7EAK -w S8QDx7zT6j5J2sM3fwG4v3=+=xq7sg5AeDzQ2rtZ4bW
Monitoring AMI Bundling
Bundling the AMI can take up to 30 minutes so be patient.  You can view the status with:
Registering the AMI
Once the bundling is complete you must register the AMI, so Amazon EC2 can locate it and run instances based on it.

Note: If you make any changes to the source image stored in Amazon S3, you must re-register the image.
ec2-register ami_images/Web_Server_v3.5.manifest.xml
Amazon EC2 returns an AMI identifier, the value next to the IMAGE tag (ami-e597b4382 in the example) that you can use to run new instances with this new AMI.

More info

Thursday, December 17, 2009

Wednesday, December 16, 2009

How to Enable or Disable Hibernate in Windows 7

The hibernate feature allows operating system to save and write the running state and contents of RAM as a file (c:\hiberfil.sys) or partition to non-volatile storage such as a hard disk, before powering off the computer. Hibernation allows system to quickly restart and restore to the previous state when hibernation was invoked, instead of having to shut down, then restart applications.

In Windows 7, the hibernate option should be enabled by default, However, if you can’t find Hibernate option in the Start menu / power button, it can easily be enabled.  This works in Windows Vista, Windows 2008, 2003, etc.

How to Turn On or Enable Hibernate in Windows 7
  1. Open an elevated Command Prompt with administrator rights by typing cmd in Start / Search, and then hit Ctrl + Shift + Enter keyboard shortcut.  Or, select Run as Administrator from the cmd in search results or Start, Programs, Accessories, cmd.
  2. Type the following command, and hit Enter:
powercfg /hibernate on
The hibernate option should now be available in the Start menu, power button.

How to Turn Off and Disable Hibernate in Windows 7
  1. Open an elevated Command Prompt with administrator rights by typing cmd in Start / Search, and then hit Ctrl + Shift + Enter keyboard shortcut.  Or, select Run as Administrator from the cmd in search results or Start, Programs, Accessories, cmd.
  2. Type the following command, and hit Enter:
powercfg /hibernate off
Note: Windows does not support hibernation on system with 4GB or more RAM memory.


Installing EC2 Command Line Tools on Windows

UPDATE (12-2016): See HowTo: Install AWS CLI on Both Windows and Linux for updated information on installing, configuring and using the AWS CLI unified tools.

NOTE: This tutorial contains information for both AMI and API command line tools along with ELB tools. Most users will need the API tools, some the ELB tools, and not many will need the AMI tools.

There are a number of GUI tools for working with Amazon EC2 services such as ElasticFox, RightScale and AWS Management Console.  However often you need to use the command line tools because you want to script a task, or access features that a GUI tool doesn’t provide.

There are several guides and tutorials on installing and configuring the command line tools on Linux, but not much for Windows.  So this aims to be THE GUIDE to setting up the EC2 API, ELB and EC2 AMI command line tools on Windows.

The first requirement is to have Java 5 or later installed.  If you don’t already have it download and install from here.

AWS Command Line Tools Directory
I like to organize my programs a certain way so I installed the tools to c:\admin\aws.  You can install the tools wherever you like.  Note, this is where you may store your certificates, the services API files, etc.

Download Amazon command line tools
I used wget (for Windows) to download the files:
wget http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip
wget http://ec2-downloads.s3.amazonaws.com/ElasticLoadBalancing-2009-05-15.zip
wget http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.zip
Alternatively you could download one or both directly from your browser.  EC2 API Tools.  ELB Tools.  EC2 AMI Tools.

Unzip all three files. Each will unzip to separate directories, usually including the version number of the tool.  To simplify things I moved all files from their respective locations to the following directories:

Retrieve and Store AWS Certificates
Authentication to AWS uses a certificate and private key.  You will have to retrieve these files from AWS.

Logon to the AWS Console and scroll down to the X.509 area.  You may have to create a new certificate.  Once you do Amazon will provide you a Private Key File (pk-.pem) and a Certificate (cert-.pem).

KEEP THESE FILES PRIVATE.  Possession of these two files give you (or anyone else with them) access to your AWS account.

Configure Environment Variables
You need to configure your command line environment with a few environment variables. 

Method 1
This method is used to launch a command prompt with required settings.  These settings are available only for this session.  If you'd like to configure your system to have these settings available always and system-wide use method 2.

Create a batch file in c:\admin\aws called awsTools.bat.  Edit this file with the following text:
REM Path should contain bin\java.exe
set JAVA_HOME="C:\Program Files (x86)\java\jre6"

REM Path to Primary Key and Certificate retrieved from AWS
set EC2_PRIVATE_KEY=C:\Admin\AWS\pk-<Insert your key name here>.pem
set EC2_CERT=C:\Admin\AWS\cert-<Insert your key name here>.pem

REM Path to EC2 API, subfolders of bin and lib
set EC2_HOME=C:\Admin\AWS\ec2-api-tools
set PATH=%PATH%;%EC2_HOME%\bin

REM Path to ELB API, subfolders of bin and lib
set AWS_ELB_HOME=C:\Admin\AWS\ec2-elb-tools

REM Path to EC2 AMI, subfolders of bin and lib
set AWS_AMI_HOME=C:\Admin\AWS\ec2-ami-tools


Note: Make sure none of the path statements in this file end with a trailing slash.

Configure Environment Variables - Method 2
This method adds the necessary system variables to either your profile or system-wide and makes them available anytime you launch a command prompt.  Open the environment variables dialogue (right-click on My Computer, select System Properties, click Advanced tab, then Environment Variables button).  Add the following to either your user account or system variables section depending on your needs.
  • JAVA_HOME - C:\Program Files (x86)\java\jre6
  • EC2_PRIVATE_KEY - C:\Admin\AWS\pk-<Insert your key name here>.pem
  • EC2_CERT - C:\Admin\AWS\cert-<Insert your key name here>.pem
  • EC2_HOME - C:\Admin\AWS\ec2-api-tools
  • AWS_ELB_HOME - C:\Admin\AWS\ec2-elb-tools
  • AWS_AMI_HOME - C:\Admin\AWS\ec2-ami-tools
  • Add ;C:\Admin\AWS\ec2-api-tools\bin;C:\Admin\AWS\ec2-elb-tools\bin;C:\Admin\AWS\ec2-ami-tools\bin to your path

Explanation of System Variables
JAVA_HOME needs to be set to the appropriate path for your machine.

For example on my (64-bit Window 7) system java.exe is located at “C:\Program Files (x86)\java\jre6\bin\java.exe” so I set JAVA_HOME to “C:\Program Files (x86)\java\jre6”

EC2_Private_Key and EC2_Cert both are the location of the private key and certificate that you retrieved from the AWS website in the previous step.  You could rename the key and certificate for simplification.  If you have multiple AWS accounts all you need to do is modify these lines to switch between accounts.

EC2_HOME and AWS_ELB_HOME both point to the folders you unzipped the API into.  Both folders should have two subdirectories called bin and lib.  Bin will contain the cmd files of the different commands for that API.  You set the path variable to include these cmd files in your path so that you do not have to be in that directory to run them.

Now you only need to run the batch file to get a command line with the environmental variables set.  You also could permanently set these variables and have them available in any command window if you choose.  If you want to get fancy you could even put in the logic to set the paths based on the current directory of the batch file, and then put the folder on a thumb drive and carry it around.

Testing Your Setup
If you run awsTools.bat you should have a command prompt where you can run the EC2 tool.  A simple command to test is “ec2-describe-regions”:
REGION  eu-west-1       ec2.eu-west-1.amazonaws.com
REGION  us-east-1       ec2.us-east-1.amazonaws.com
REGION  us-west-1       ec2.us-west-1.amazonaws.com

If you receive an error running this command then you need to go back and verify your installation.

UPDATE: Recently I had to change my Amazon access credentials and created a new X.509 certificate.  When I tried to run any commands from the command line I received the message, "Client.AuthFailure: AWS was not able to validate the provided access credentials."  So I just downloaded my new Private Key File (pk-.pem) and Certificate (cert-.pem) file replacing my existing ones, and, viola, I was back in action.

UPDATE (12-2016): See HowTo: Install AWS CLI on Both Windows and Linux for updated information on installing, configuring and using the AWS CLI unified tools.

Commands Documentation
Amazon documentation.


Add "Open with Notepad++" to the Context Menu for All Files in Windows 7

Having the context menu option, “Open with Notepad++” (my favorite FREE Windows text editor) is invaluable, making it easy to quickly and easily open files with just a (right) mouse click or two.

This registry hack is nothing new, it’s been around forever… think of this as a refresher course. Also note that you can use this same technique to substitute any other application that you’d like by adjusting the path in the registry to point to the different editor or to add other "open with" Context Menu options.

Registry Hack
Open regedit.exe and navigate to the following key:
  • Right-click on “shell” and choose to create a new key, calling it “Open with Notepad++”. 
  • Create a new key below that one called “command”.
  • Double-click on the (Default) value in the right-hand pane and enter in the following:
C:\Program Files (x86)\Notepad++\notepad++.exe %1

NOTE: your path may be different.

The change should take effect immediately.  Now you can right-click on any file and you’ll see the new "Open With Notepad++" menu entry.

Download Registry Hack
Just copy the following and save it to a file with a .reg extension.  Double-click the file and import to your registry.
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\Open With Notepad++]

[HKEY_CLASSES_ROOT\*\shell\Open With Notepad++\command]
@="C:\\Program Files (x86)\\Notepad++\\notepad++.exe %1"
NOTE: This will work on previous Windows versions as well - Vista, Windows 2008, Windows 2003, etc.

Tuesday, December 15, 2009

Windows 2008 Server on Amazon's EC2 - a First Look

Within a couple hours of Amazon's announcement of the availability of Windows 2008 machine images (AMI's) on their EC2 (Elastic Compute Cloud) platform a few days ago I had to give it a try - see my previous post, "Amazon EC2 Now Offers Windows Server 2008 - Finally!"

I used RightScale to locate and launch a Windows 2008 instance.

Now that I know the AMI (ami-5a07e533) I can easily launch instances in the future from the command line using Amazon's command line tools:
ec2-run-instances ami-5a07e533 -n 1 -g <group1> -g <group2> -g <group3> -k <My AWS Key> -t m1.small -z us-east-1a
Once it was up and running I got the administrator password in ElasticFox, launched RD & went to work checking it out and setting it up to suit my needs.

Here are a couple things I noticed:
  • I knew the 10GB "C" drive partition Windows 2003 instances have wouldn't be big enough for Windows 2008 so I started there. I was pleasantly surprised to see a 30GB partition, however that's all, it didn't have a "D" drive like with other instances (both Linux and Windows 2003 have a 340GB partition, at least on m1.small instances, larger instances have larger data drives). Needless to say I was a little disappointed the Windows 2008 instance didn't have an additional drive for data. Guess I'll just have to use EBS (Elastic Block Storage) volume(s).
  • Looks like the Windows 2008 instances are priced the same as the Windows 2003 instances, albeit a with a little disk space - probably have to squeeze a little more $$$ out of us to pay the mighty Microsoft. When you break it down it could actually cost you quite a bit more for Windows 2008 than 2003.
Windows 2003 small instance: 720 hour/mo. * $.12 = $86.40 per month.
Windows 2008 small instance: 720 hour/mo. * $.12 = $86.40 per month + $36 (to make up for the lost disk space) = $122.40 per month, or 30% more.
Of course I had to check the Windows Update status & found it needed 14 "recommended" or critical updates, which I promptly installed. Probably 1/2 of these were release two days ago by Microsoft on Patch Tuesday. But even still I hoped the image would have been a little more up-to-date.

While the updates were downloading and installing I tweaked my desktop a little so it would be setup the way I like.

Another feature Amazon announced recently, "Booting From Amazon EBS," is being used by the Windows 2008 instances. This is what enables the larger system partition, or "C" drive. This also enables the ability to "shutdown" the instance, then you can start it back up at a later time & it will pick up where it left off. While the machine is shutdown you won't be charged for computing resources time, but you will still be charged for the EBS volume(s) on which the server is based.

Bundling an Instance Backed by Amazon EBS
One common use case is the desire to make a point‐in‐time copy of the contents of the root device so that another instance could boot off of that image. Images are typically created for backup purposes or to make clones of the existing instance. Previously, this process on Linux required you to create an image of your instance on the instance itself and no APIs were available to assist. On Windows, there was an API that you could call to create an image of the instance, but had to make another subsequent call to register the AMI. Now, there is one API for both Linux/UNIX and Windows that allows you to bundle your AMI backed by Amazon EBS and register it.

After setting up and playing with my new EC2 Windows 2008 server for a while I shut it down so I could start it up in the future when I'm ready to dive a little deeper into it. Right now it's costing me $3 a month to sit there - not bad.

All in all I'm glad Amazon finally supports Windows 2008 & it seems to function just fine. My existing tools, from ElasticFox, to RightScale, to Amazon Command Line Tools, all work with Windows 2008 without any upgrade or modification, which is a definite plus. I was a little disappointed my small instance has 320GB less storage than a small Linux or Windows 2003 instance, which means I'll have to pay $32/mo. more to get that back - the more I think about it I'm a lot disappointed about the hidden price increase.

How to start a YouTube video at a certain point

In order to start a YouTube video at a certain point you would add this to the video URL:
Where “2m” indicates 2 minutes and the “25s” indicates 25 seconds. So, the following will cause the video to begin playing at 2:25 of the video:


This method only works for directly linking to YouTube videos.  But, what if you want to start an embeded YouTube video at a certain point?  That's simple as well.

First, grab the video embed code after specifying your desired settings.

It will look something like this:
<object width="480" height="385"><param name="movie" value="http://www.youtube.com/v/dMH0bHeiRNg&hl=en_US&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/dMH0bHeiRNg&hl=en_US&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed></object>
You need to add the command &start=145 (for this example we are using 145 seconds, which is the same as 2 minutes, 25 seconds) to the end of both URLs in the embed code.  It will look like this:
<object width="480" height="385"><param name="movie" value="http://www.youtube.com/v/dMH0bHeiRNg&hl=en_US&fs=1&rel=0&start=145"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/dMH0bHeiRNg&hl=en_US&fs=1&rel=0&start=145" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed></object>
Don't believe me?  Just click the embeded video below and see for yourself.

"Well that's just great!" By Nikki of Nikki and Jon, AKA Pranksters In Love.

"Evolution of Dance." One of the most popular YouTube videos ever.

Web-based ping, traceroute and DNS lookup

Today I ran across three useful online tools to do a quick test from multiple locations worldwide of ping, traceroute and DNS lookup.
  • just-ping.com - Online web-based ping: remote ping a server or web site using our network with 40 checkpoints worldwide.
  • just-traceroute.com - Online traceroute from 4 locations worldwide.
  • just-dnslookup.com - Remote DNS lookup (nslookup/dig) from 30+ locations worldwide.

CDN Performance Comparison

Here is a great CDN comparison of performance (latency) from Mudy's Blog.  Visit the original post for more information and supporting documentation.

Result Summary:

Network Average Median

Akamai 9.67 2.9

Aol CDN 9.22 4

Panthercdn 62.36 12.7

LimeLight 58.04 13.2

Mosso Cloud Files 56.81 13.5

Amazon Cloudfront 62.82 18.6

Google Homepage 53.53 23.15

Cachefly 54.57 28.2

Google Ajax Library 54.96 28.5

Homemade CDN 76.31 29

Yahoo Homepage 82.77 38.4

Google App Engine 76.03 42.8

US East 130.11 96.9

SimpleCDN 142.84 100.8

US West 156.32 165.4


Comparison of CDN's used by major websites

Comparison of CDN's (Akami, Limelicht and SAVVIS) used by Amazon.com, Yahoo.com, Wikipedia.org, MySpace.com, MSN.com, Google.com, CNN.com, eBay.com, AOL.com and YouTube.com.

Big Websites and CDN comparison by Narabe
Akamai Limelight SAVVIS

Sunday, December 13, 2009

Building the Perfect Backtrack 4 USB Thumb Drive

This post will show you how to build a USB thumb drive with the following features:
  • Persistent Changes
  • Nessus and NessusClient installed
  • Encryption configured for storing data
Tools and Supplies
  1. USB thumbdrive – minimum capacity 4GB
  2. BackTrack 3 CDROM, BackTrack 4 DVD or an additional USB thumbdrive (minimum 2GB) – Used to partition the thumbdrive.
  3. Optional: UNetbootin – A tool to transfer an iso image to a USB drive.
Download the BackTrack ISO (BackTrack 4 Pre Release is the latest as of this posting)

This tutorial is based commands executed from BackTrack, so you will have to boot BackTrack 4 first. The easiest way to do this is to boot from the BackTrack 4 DVD, which is a live CD.

Partition the USB thumbdrive
First, boot to BackTrack 4. You will have to figure out which drive is the target drive. The following command will show the drives available and you can determine from that which is the new USB drive:
dmesg | egrep hd.\|sd.
Partition and format the drive as follows:
  1. The first partition needs to be a primary partition of at least 1.5 GB and set to type vfat. Also remember to make this partition active when you are creating it. Otherwise you might have some boot problems.
  2. The second Partition can be the rest of the thumb drive.
Below are the steps to take to get the drive partitioned and formatted, and were taken from this video on the Offensive Security website. A ‘#‘ indicates a comment and is not part of the command and user typed commands are blue bold. Note, make sure to delete any existing partitions on the drive first.
fdisk /dev/sda # use the appropriate drive letter for your system
# delete existing partitions, of which there may be more than one. 

Command (m for help): d
Partition number (1-4): 1 

# create the first partition 
Command (m for help): n
Command action
e extended
p primary partition (1-4)
Partition number (1-4): 1
First cylinder (1-522, default 1): <enter>
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-522, default 522): +1500M 

#create the second partition 
Command (m for help): n
Command action
e extended
p primary partition (1-4)
Partition number (1-4): 2
First cylinder (193-522, default 193): <enter>
Using default value 193
Last cylinder, +cylinders or +size{K,M,G} (193-522, default 522): <enter>
Using default value 522

# Setting the partition type for the first partition to vfat/fat32 
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): b
Changed system type of partition 1 to b (W95 FAT32) 

# Setting the partition type for the second partition to Linux 
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 83 

# Setting the first partition active 
Command (m for help): a
Partition number (1-4): 1 

Command (m for help): w 
# now it is time to format the partitions 
mkfs.vfat /dev/sdb1
mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2

Two things to notice above in the format commands:
  1. We are using ext3 instead of ext2
  2. You must include the -L casper-rw portion of the command.
Being able to use ext3 is great because of journaling. The -L casper-rw option helps to get around the problem where we had to enter the partition name in order to get persistence working.

Partition and format the drive according the layout above.

Make it a bootable BackTrack 4 USB thumb drive
These steps are also taken from the Offensive Security video mentioned above.  They are:
  1. Mount the first partition
  2. Copy the BackTrack files to it
  3. Install grub
Execute the following commands.
# mount the first partition, sda1 in my case. 
mkdir /mnt/sda1
mount /dev/sda1 /mnt/sda1

# copy the files, you will need to find where the ISO is mounted on your system. 
cd /mnt/sda1
rsync -r /media/cdrom0/* .

# install grub 
grub-install --no-floppy --root-directory=/mnt/sda1 /dev/sda
Now you have a bootable BackTrack 4 USB thumb drive. Next let's configure persistent changes.

Persistent Changes
This is done much differently and more easily than it was in BackTrack 4 Beta or BackTrack 3. First of all, for basic persistence, no configuration is required. There is already a menu option for this, however, it is only for console mode so you will have to make a couple changes:
  1. Change the default boot selection to persistent
  2. Set the resolution for the GUI
cd /mnt/sda1/boot/grub
vi menu.lst 

# change the default line below to ‘default 4' and append ‘vga=0×317' (that’s a zero) to the kernel line to set the resolution to 1024×768 

# By default, boot the first entry.
default 4
title Start Persistent Live CD
kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0×317
initrd /boot/initrd.gz

Reboot and either select “Start Persistent Live CD” or just wait since we set it to auto-boot to persistent mode. To testit, create a file and reboot again. If your file is still there, everything is working.

Install Nessus
Download the Ubuntu Nessus and NessusClient packages from nessus.org.

Again, with BackTrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.
dpkg --install Nessus-4.0.2-ubuntu810_i386.deb
Things used to be a little bit more complicated for the client, but with the release of the pre-final version, it is just as easy as installing as the server.
dpkg --install NessusClient-4.0.2-ubuntu810_i386.deb
Finally it’s time to configure Nessus. Execute each of the following and follow the prompts.
#create server certificate 
This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]:<enter>
Server certificate life time in days [365]:<enter>
Your country (two letter code) [FR]:US
Your state or province name [none]:State
Your location (e.g. town) [Paris]:City
Your organization [Nessus Users United]:<enter>
Congratulations. Your server certificate was properly created.

# add user 
Login :Admin
Authentication (pass/cert) : [pass]<enter>
Login password :
Login password (again) :
Do you want this user to be a Nessus ‘admin’ user ? (can upload plugins, etc…) (y/n) [n]:y
User rules
nessusd has a rules system which allows you to restrict the hosts
that Me has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login : Admin
Password : ***********
This user will have ‘admin’ privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y]y
User added
We want to disable Nessus starting at boot. We are going to do some things a little later than require that Nessus not be running at boot. 

/usr/sbin/update-rc.d -f nessusd remove
This command does not remove the Nessus start scripts. It only removes the links that cause Nessus to start at boot time.

The next thing to do is register the installation so you can get the plugin feed. You need to go here and request
a key.

Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.
/opt/nessus/bin/nessus-fetch --register [your feed code here]
When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.0, while the command to start returns quickly, the actual starting of the service may take a minute or two. You may have to reboot before Nessus will work. You can use netstat -na to check that the
server is listening on port 1241.
/etc/init.d/nessusd start

Time to find those vulnerabilities.

Configure Encryption
Since BackTrack will be used to poke at peoples networks and systems, with permission of course, it is very important that the information we find be protected. To do this, we are going to setup an encrypted volume that will eventually become our home directory.

This can be done with the GUI or via command line. We will be using the gui because we need to be able to format the volume with ext3 and, as yet, I have not been able to figure out how to do that via the command line on linux.
  • Launch truecrypt from a terminal window.  
  • When truecrypt opens click the "Create Volume" button.  
  • In the Volume Location field enter the path to your volume, like /work_dir, click next.  
  • Leave the default Encryption Options & click next.  
  • Enter the volume size, say 1GB or so.  
  • Enter and confirm your desired password. 
  •  Select ext3 for the file system type, click next.  
  • Click next on the Cross-Platform Support page leaving the default values.  
  • Click format - you should move your mouse to create randomness for higher security.
You will get a message that the volume was successful created. Click on the ‘OK’ button, then exit the Truecrypt gui, both the ‘Create Volume’ windows and the main windows, going back to your terminal (command line) window.

To test the filesystem, execute the following, note the -k ” is two single quotes, not a double quote:
truecrypt -t -k ” --protect-hidden=no /work_dir /media/truecrypt1
cd /media/truecrypt1
df .

This will show that the volume is mounted and the amount of disk space you have left. The next step is to have this volume mounted when you log in. This can be done by editing the root user’s .profile file. Add the truecrypt command above to root’s .profile so it looks like this:
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1
mesg n

The next time you reboot you will be asked for the password for the volume and it will be mounted for you.

Now let's tweak a few tings
The first thing we are going to do is configure networking to start at boot time. It’s convenient and easy to
disable later if necessary. All you have to do is execute the following command.
/usr/sbin/update-rc.d networking defaults
Next, make sure all the BackTrack tools and the system itself is up-to-date. First execute the following:
apt-get update
This is update the software repository information. Next, execute:
apt-get upgrade
The system will determine if there is anything that needs to be updated and then prompt you to continue. Individual packages can be updated by including the package name after upgrade.

Next reset the root user’s home directory during the login process to the mounted truecrypt volume. This will ensure that anything written to the home directory will be encrypted. Enter the following commands:
cd /media/truecrypt1
rsync -r –links /root/ .

# add the bold lines below 
vi /root/.profile 
# ~/.profile: executed by Bourne-compatible login shells. 
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1 

export HOME=/media/truecrypt1
export HISTFILE=/media/truecrypt1/.bash_history

mesg n 
The next time you reboot, when you are finally in the system, your home directory will be /media/truecrypt1.
There is one last thing we should do - change nessus to log to the encrypted volume. This is very easy. The
file that controls this is /opt/nessus/etc/nessus/nessusd.conf. We need to create a place for the log files to go. Execute the following:
cd /media/truecrypt1
mkdir -p nessus/logs

Once you have done that, edit the /opt/nessus/etc/nessus/nessusd.conf file and change this:
# Log file :
logfile = /opt/nessus/var/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /opt/nessus/var/nessus/logs/nessusd.dump

to this:
# Log file :
logfile = /media/truecrypt1/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /media/truecrypt1/nessus/logs/nessusd.dump

That’s it. Now you have the Perfect Backtrack 4 USB Thumb Drive.

More BackTrack:

Shortcut to Lock the Windows Desktop

Do you lock your Windows desktop every time you walk away? In Windows 7 (Vista, XP, 2008, 2003 too) you can do this by pressing Windows Key + L. However, to make it easier you should create a shortcut on your desktop, or better yet one in your Quick Launch toolbar.  Start by creating a new shortcut on your Windows desktop & enter the following in the field, "Type the location of the item":
rundll32.exe user32.dll,LockWorkStation
Name it as desired and change the icon if you'd like.  Then you can copy or move it anywhere you'd like - to the Quick Launch toolbar for example.

Note: to view a list of Windows icons enter shell32.dll in the "Look for icons in this file" field of the "Change Icon" dialog box of the shortcut properties.

Saturday, December 12, 2009

Bypass Windows or Linux Logon With Kon-Boot

Kon-Boot is an prototype piece of software which allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as 'root' user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password. It was acctually started as silly project of mine, which was born from my never-ending memory problems :) Secondly it was mainly created for Ubuntu, later i have made few add-ons to cover some other linux distributions. Finally, please consider this is my first linux project so far :) Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0.
Additional notes:
Tested Windows versions
Windows Server 2008 Standard SP2 (v.275)
Windows Vista Business SP0
Windows Vista Ultimate SP1
Windows Vista Ultimate SP0
Windows Server 2003 Enterprise
Windows XP
Windows XP SP1
Windows XP SP2
Windows XP SP3
Windows 7

Aircrack-ng - WEP and WPA-PSK keys cracking program

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. Aircrack-ng is a set of tools for auditing wireless networks - not for WiFi hacking.  Make sure you use this on your own network or one where you have permission to test.

Aircrack-ng is the next generation of aircrack with lots of new features:

How to Create bootable Windows CD Easily with nLite

nLite is a deployment tool for the bootable unattended Windows ISO.  With it you can remove components, integrate hotfixes, drivers and themes, tweaks, patches and more. . .

  • nLite allows you to customize your installation of Windows XP, Windows 2000, or Windows 2003. You can integrate service packs and hotfixes from Microsoft directly into your windows distribution files without having to re-download and install them every time you need to re-install windows. 
  • There is also the option to remove unwanted components from within Windows. Many applications are automatically included every time Windows is installed. Not every person needs or even wants all of these applications which Microsoft considers necessary. By removing these unwanted components you can free up space within your setup and ultimately save space on your hard drive after installation.
  • nLite also provides a way to customize your installation by allowing numerous tweaks to the way windows looks and operates after it has been installed. You can even bypass Microsoft's bulky unattended setup instructions and do it the easy way - he nLite way!

Download nLite & give it a try.

Friday, December 11, 2009

How to Start Networking in BackTrack 4

Since BackTrack 4 (Pre-Release and Beta) doesn't start networking by default you have to manually start it.  Here's how to start it manually:
/etc/init.d/networking start

If you have installed BackTrack 4 to disk you can enable networking to start at boot using:
update-rc.d networking defaults
And finally, you can start wireless networking in BackTrack 4 using:
/etc/init.d/NetworkManager start
* Make sure the 'N' and 'M' in NetworkManager are capitalized.

Don't forget the basic Linux command to view your IP address and network Status in BackTrack:
And for wireless networking:
More BackTrack:

Thursday, December 10, 2009

How to Set a static IP address in Backtrack 4

First, start networking in BackTrack 4:
/etc/init.d/networking start
Next, set the static IP address:
ifconfig eth0 netmask up
Next, set the default gateway:
route add default gw
Finally, set DNS servers and search suffixes:
nano /etc/resolv.conf
Add the following lines for your environment:
domain internaldomain.local
search internaldomain.local
Now you should have network connectivity with your desired static IP address in BackTrack 4.

How To: Create A Show Desktop Shortcut on Windows 7 and Vista

While Windows 7 (and Vista, if I remember right) does have a "Show Desktop" shortcut - it's in the system tray, to the right of the clock - you may long for the days when it was in the Quick Launch toolbar like in XP or Windows 2003.

Not to fear.  You can easily create a show desktop shortcut and place it anywhere you'd like.

Open your favorite text editor and type the following code:

Save the file as 'Show Desktop.scf' and make sure theat 'All Files' is selected in the File Type list.  Save this file on your desktop, then drag it to the Quick Launch toolbar.

If you want to customize the icon and use your own Icon instead of using the Windows default, put the path of the icon next to 'IconFile=' as follows:

See also Create Windows Shortcuts With a Script at the Command Line.

Securely delete files in Windows

The only way to ensure that deleted files, as well as files that you encrypt with EFS, are safe from recovery is to use a secure delete application. Secure delete applications overwrite a deleted file's on-disk data using techiques that are shown to make disk data unrecoverable, even using recovery technology that can read patterns in magnetic media that reveal weakly deleted files. SDelete (Secure Delete) is such an application.

You can use SDelete both to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted). SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give you confidence that once deleted with SDelete, your file data is gone forever. Note that SDelete securely deletes file data, but not file names located in free disk space.

Using SDelete
SDelete is a command line utility that takes a number of options. In any given use, it allows you to delete one or more files and/or directories, or to cleanse the free space on a logical disk. SDelete accepts wild card characters as part of the directory or file specifier.

Usage: sdelete [-p passes] [-s] [-q]
sdelete [-p passes] [-z|-c] [drive letter]

Zero free space (good for virtual disk optimization).
-p passes
Specifies number of overwrite passes.
Recurse subdirectories.
Don't print errors (quiet).
Cleanse free space.

How SDelete Works

Securely deleting a file that has no special attributes is relatively straight-forward: the secure delete program simply overwrites the file with the secure delete pattern. What is more tricky is securely deleting Windows NT/2K compressed, encrypted and sparse files, and securely cleansing disk free spaces.

Compressed, encrypted and sparse are managed by NTFS in 16-cluster blocks. If a program writes to an existing portion of such a file NTFS allocates new space on the disk to store the new data and after the new data has been written, deallocates the clusters previously occupied by the file. NTFS takes this conservative approach for reasons related to data integrity, and in the case of compressed and sparse files, in case a new allocation is larger than what exists (the new compressed data is bigger than the old compressed data). Thus, overwriting such a file will not succeed in deleting the file's contents from the disk.

To handle these types of files SDelete relies on the defragmentation API. Using the defragmentation API, SDelete can determine precisely which clusters on a disk are occupied by data belonging to compressed, sparse and encrypted files. Once SDelete knows which clusters contain the file's data, it can open the disk for raw access and overwrite those clusters.

Cleaning free space presents another challenge. Since FAT and NTFS provide no means for an application to directly address free space, SDelete has one of two options. The first is that it can, like it does for compressed, sparse and encrypted files, open the disk for raw access and overwrite the free space. This approach suffers from a big problem: even if SDelete were coded to be fully capable of calculating the free space portions of NTFS and FAT drives (something that's not trivial), it would run the risk of collision with active file operations taking place on the system. For example, say SDelete determines that a cluster is free, and just at that moment the file system driver (FAT, NTFS) decides to allocate the cluster for a file that another application is modifying. The file system driver writes the new data to the cluster, and then SDelete comes along and overwrites the freshly written data: the file's new data is gone. The problem is even worse if the cluster is allocated for file system metadata since SDelete will corrupt the file system's on-disk structures.
The second approach, and the one SDelete takes, is to indirectly overwrite free space. First, SDelete allocates the largest file it can. SDelete does this using non-cached file I/O so that the contents of the NT file system cache will not be thrown out and replaced with useless data associated with SDelete's space-hogging file. Because non-cached file I/O must be sector (512-byte) aligned, there might be some left over space that isn't allocated for the SDelete file even when SDelete cannot further grow the file. To grab any remaining space SDelete next allocates the largest cached file it can. For both of these files SDelete performs a secure overwrite, ensuring that all the disk space that was previously free becomes securely cleansed.

On NTFS drives SDelete's job isn't necessarily through after it allocates and overwrites the two files. SDelete must also fill any existing free portions of the NTFS MFT (Master File Table) with files that fit within an MFT record. An MFT record is typically 1KB in size, and every file or directory on a disk requires at least one MFT record. Small files are stored entirely within their MFT record, while files that don't fit within a record are allocated clusters outside the MFT. All SDelete has to do to take care of the free MFT space is allocate the largest file it can - when the file occupies all the available space in an MFT Record NTFS will prevent the file from getting larger, since there are no free clusters left on the disk (they are being held by the two files SDelete previously allocated). SDelete then repeats the process. When SDelete can no longer even create a new file, it knows that all the previously free records in the MFT have been completely filled with securely overwritten files.

To overwrite file names of a file that you delete, SDelete renames the file 26 times, each time replacing each character of the file's name with a successive alphabetic character. For instance, the first rename of "foo.txt" would be to "AAA.AAA".

The reason that SDelete does not securely delete file names when cleaning disk free space is that deleting them would require direct manipulation of directory structures. Directory structures can have free space containing deleted file names, but the free directory space is not available for allocation to other files. Hence, SDelete has no way of allocating this free space so that it can securely overwrite it.

Download SDelete
(47 KB)

Amazon EC2 Now Offers Windows Server 2008 - Finally!

I opened my email this morning and much to my pleasure I found this announcement from Amazon:

Amazon EC2 Now Offers Windows Server 2008
Starting today, Amazon EC2 now offers Microsoft Windows Server 2008 and Microsoft SQL Server® Standard 2008 instances in all Amazon EC2 Regions. This new announcement extends Amazon EC2's existing Microsoft-based offerings that include Windows Server 2003 and SQL Server 2005 instances. Like all services offered by AWS, Amazon EC2 running Windows Server or SQL Server offers a low-cost, pay-as-you-go model with no long-term commitments and no minimum fees. Please visit the Amazon EC2 service page for more information on using Amazon EC2 running Windows

It's about time!

Of course, I had to give it a try.  I accessed my account with Elasticfox and browsed through the images, but didn't immediately find a Windows 2008 image, so I headed over to RightScale, found what I was looking for and immediately launched an instance.  I launched it through RightScale (which I do sometimes anyway) because I was in a hurry to get to a meeting and didn't see the AMI ID.  So I started it and headed to my meeting while it spun up.

Now that I know the AMI (ami-5a07e533) I can launch instances in the future from the command line using Amazon's command line tools:

ec2-run-instances ami-5a07e533 -n 1 -g <group1> -g <group2> -g <group3> -k <My AWS Key> -t m1.small -z us-east-1a

Once it was up and running I got the administrator password in ElasticFox, launched RD & went to work checking it out and setting it up to suit my needs.

Here are some of the things I noticed:
  • I knew the 10GB "C" drive partition Windows 2003 instances have wouldn't be big enough for Windows 2008 so I started there.  I was pleasantly surprised to see a 30GB partition, however that's it.  No "D" drive like with other instances (both Linux and Windows 2003 have a 340GB partition, at least on m1.small instances, larger instances have larger data drives.)  Needless to say I was a little disappointed the 2008 instance didn't have an additional drive for data.  Guess I'll just have to use EBS (Elastic Block Storage).
  • Looks like the Windows 2008 instances are priced the same as the Windows 2003 instances, albeit a with a little disk space - probably have to squeeze a little more $$$ out of us to pay the mighty Microsoft.  When you break it down it could cost you quite a bit more for Windows 2008 than 2003.
    • Windows 2003 small instance: 720 hour/mo. * $.12 = $86.40 per month.
    • Windows 2008 small instance: 720 hour/mo. * $.12 = $86.40 per month + $36 (to make up for the lost disk space) = $122.40 per month, or 30% more.
Of course I had to check the Windows Update status & found it needed 14 "recommended" or critical updates, which I promptly installed.  Probably 1/2 of these were release two days ago by Microsoft on Patch Tuesday.  But even still I hoped the image would have been a little more up-to-date.

While the updates were downloading and installing I tweaked my desktop a little so it would be setup the way I like.

Next I bundled the instance and shut it down.  I used RightScale for the bundling because their interface is easy to use and does it all in one step.  Now I have my own "customized" image to start from when I'm ready to work with Windows 2008 on Amazon EC2 in the future.

All in all I'm glad Amazon finally supports Windows 2008 & it seems to function just fine.  My existing tools, from ElasticFox, to RightScale, to Amazon Command Line Tools, all work with Windows 2008 without any upgrade or modification, which is a definite plus.  I was a little disappointed my small instance has 320GB less storage than a small Linux or Windows 2003 instance, which means I'll have to pay $32/mo. more to get that back - the more I think about it I'm a lot disappointed about the hidden price increase.

Wednesday, December 9, 2009

Install Windows Server 2008 Features with servermanagercmd.exe at the Command Prompt

Although Microsoft continues to expand PowerShell with more capability, the command prompt has not been left behind in Windows Server 2008. In fact, with this latest Windows Server release, the command prompt gains some capability, including a tool that allows administrators to add or remove features on a Windows Server 2008 installation with servermanagercmd.exe, which replicates some of the functionality from the Windows Server 2008 Server Manager. Through the use of various command line options, you can quickly and easily add or remove features and roles to or from your server.

The command requires a parameter indicating the action that you wish to perform and, for some parameters, additional information such as which features you want to manage. The list below outlines some of the parameters available with servermanagercmd.
  • -query: Output a list of the roles and features currently installed on your server. This command also shows you the roles and features that are available, but not yet installed.
  • -install: Installs the roles or features that you specify on the command line. Add -allSubFeatures to the command line when using -install in order to add the supporting roles/features to a specified parent role/feature. As you are well aware some components require a server reboot in order to complete. To automate a server restart that takes place after the installation of a role/feature requiring a restart, use -restart.
  • -remove: This is the opposite of the install command and removes the specified roles or features.

The table below provides you with a complete list of the components installable using the servermanagercmd command. The first column is the overall feature name. For some features, roles, or services, there are multiple components available. The second column of the table gives you a complete list of all subcomponents while the third column is the identifier to use with the -install or -remove parameter.

Role / Service or Main Feature
R/S/F Name
Installatiom command
DHCP Server
DHCP Server
Print Services
Print Server
Internet Printing
LPD Service
Terminal Services
Terminal Services
Terminal Server
TS Licensing
TS Gateway
TS Web Access
TS Session Broker
Active Directory Domain Services
Active Directory Domain Controller
Identity Management for UNIX
Server for Network Information Service
Password Synchronization
DNS Server
File Services
File Services
Distributed File System (DFS)
DFS Namespace
DFS Replication
File Server Resource Manager
Services for Network File System
Windows Search Service
Windows Server 2003 File Services
File Replication Service
Indexing Service
Web Server
Web Server (IIS)
Internet Information Services
Common HTTP Features
Static Content
Default Document
Directory Browsing
HTTP Errors
HTTP Redirection
Application Development
.NET Extensibility
ISAPI Extensions
ISAPI Filters
Server Side Includes
Health and Diagnostics
HTTP Logging
Logging Tools
Request Monitor
Custom Logging
ODBC Logging
Basic Authentication
Windows Authentication
Digest Authentication
Client Certificate Mapping Authentication
IIS Client Certificate Mapping Authentication
URL Authorization
Request Filtering
IP and Domain Restrictions
Static Content Compression
Dynamic Content Compression
Management Tools
IIS Management Console
IIS Management Scripts and Tools
Management Service
IIS 6 Management Compatibility
IIS 6 Metabase Compatibility
IIS 6 WMI Compatibility
IIS 6 Scripting Tools
IIS 6 Management Console
FTP Publishing Service
FTP Server
FTP Management Console
Active Directory Federation Services
Federation Service
Federation Service Proxy
Web Agents
Claims-aware Agent
Windows Token-based Agent
Active Directory Lightweight Directory Services
Formerly ADAM
Application Server
Application Server
Application Server Core
Web Server Support
COM+ Network Access
TCP Port Sharing
Windows Process Activation Service Support
HTTP Activation
Message Queuing Activation
TCP Activation
Named Pipes Activation
Distributed Transaction Support
Incoming Remote Transactions
Outgoing Remote Transactions
WS-Atomic Transaction Support
Active Directory Certificate Services
Active Directory Certificate Services
Certification Authority
ADCS-Cert-Authority or AD-Certificate
Online Certificate Status Protocol
Fax Server
Fax Server
Network Policy and Access Services
Network Policy and Access Services
Network Policy Server
NPAS Routing and Remote Access Services
Remote Access Service
Health Registration Authority
Windows Deployment Services
Windows Deployment Services
Failover Clustering
Failover Clustering
Network Load Balancing
Network Load Balancing
Desktop Experience
Desktop Experience
.NET Framework 3.0 Features
.NET Framework 3.0 Features
.NET Framework 3.0
.NET Framework 3.0
XPS Viewer
XPS Viewer
Windows Communication Foundation Activation Components
Windows Communication Foundation Activation Components
HTTP Activation
HTTP Activation
Non-HTTP Activation
Non-HTTP Activation
Windows System Resource Manager
Windows System Resource Manager
Wireless Networking
Wireless Networking
Windows Server Backup
Windows Server Backup
WINS Server
WINS Server
Remote Assistance
Remote Assistance
Simple TCP/IP Services
Simple TCP/IP Services
Telnet Client
Telnet Client
Telnet Server
Telnet Server
Subsystem for UNIX-based Applications
Subsystem for UNIX-based Applications
RPC over HTTP Proxy
RPC over HTTP Proxy
SMTP Server
SMTP Server
LPR Port Monitor
LPR Port Monitor
Storage Manager for SANs
Storage Manager for SANs
BITS Server Extensions
BITS Server Extensions
Message Queuing
Message Queuing
Message Queuing Services
Message Queuing Server
Directory Service Integration
Message Queuing Triggers
HTTP Support
Multicasting Support
Routing Service
Windows 2000 Client Support
Messaging Queue DCOM Proxy
Windows Process Activation Service
Windows Process Activation Service
Process Model
.NET Environment
Configuration APIs
Windows Internal Database
Windows Internal Database
BitLocker Drive Encryption
BitLocker Drive Encryption
Multipath I/O
Multipath I/O
Internet Storage Naming Server
Internet Storage Naming Server
Removable Storage Manager
Removable Storage Manager
TFTP Client
TFTP Client
SNMP Services
SNMP Services
SNMP Service
SNMP WMI Provider
Services for Network File System
Services for Network File System
Internet Printing Client
Internet Printing Client
Peer Name Resolution Protocol
Peer Name Resolution Protocol
Connection Manager Administration Kit
Connection Manager Administration Kit
Remote Server Administration Tools
Remote Server Administration Tools
Role administration tools
Active Directory Certificate Services Tools
Active Directory Domain Services Tools
Active Directory Domain Controller Tools
Server for NIS Tools
Active Directory Lightweight Directory Services Tools
Active Directory Rights Management Services (AD RMS) Tools
DHCP Server Tools
DNS Server Tools
Fax Server Tools
DFS Management Console Tools
File Server Resource Manager Management Console Tools
Hyper-V Tools
Services for Network File System Tools
File Services Tools
Network Policy and Access Services Tools
Health Registration Authority Tools
Network Policy Server Tools
Print Services Tools
Web Server (IIS) Tools
Terminal Services Tools
TS RemoteApp Tools
TS Gateway Tools
TS Licensing Tools
UDDI Services Tools
Feature administration tools
BitLocker Drive Encryption Tools
BITS Server Extensions Tools
Failover Clustering Tools
Network Load Balancing Tools
SMTP Server Tools
Windows Deployment Services Tools
WINS Server Tools
Hyper-V Tools
Windows PowerShell
Windows PowerShell
Group Policy Management
Group Policy Management
Quality Windows Audio Video Experience
Quality Windows Audio Video Experience

  • Using servermanagercmd to activate terminal services
You can selectively enable terminal server services with:
servermanagercmd -install TS-TerminalServer
Terminal Services options
[ ] Terminal Services  [Terminal-Services]
    [ ] Terminal Server  [TS-Terminal-Server]
    [ ] TS Licensing  [TS-Licensing]
    [ ] TS Session Broker  [TS-Session-Broker]
    [ ] TS Gateway  [TS-Gateway]
    [ ] TS Web Access  [TS-Web-Access]