Top
JohnKlann / networking

Basic Powershell DNS Enumeration Module

This one will allow you too enumerate dns and filter by exclusion or inclusion of different record types.

<# 
    .SYNOPSIS simplifies dns enum and record type filtering 
    .EXAMPLE Ex1: (use default zone and server, return all records found) .\Get-DNSEnum.ps1 or 
            Ex2: (specifiy zone and server, return all except SVR and NS Records) .\Get-DNSEnum.ps1 -Zone domain.local -dc DomainControllerName -Exlcude 'SVR','NS' 
    .DESCRIPTION Detailed Syntax: .\Get-DNSEnum.ps -[Zone|z] dnszone -[Domain|dc] dns or domaincontroller -[ExcludeList|e] 'record','type(s)','to','exclude' -[IncludeList|i] 'record','type(s)','to','include' 
    .NOTES Author: John Klann 
#>
[cmdletbinding()]
Param
(
    [Parameter(Mandatory=$False, HelpMessage='Dns Zone aka domain' )]
    [Alias('z')]
    [string]$Zone = 'default zone / domain',
    [Parameter(Mandatory=$False, HelpMessage='Domain Controller')]
    [Alias('dc')]
    [string]$Domain = 'default domain controller',
    [Parameter(Mandatory=$False, HelpMessage='Record Type Include list')]
    [Alias('i')]
    [string[]]$IncludeList,
    [Parameter(Mandatory=$False, HelpMessage='Record Type Exclude List')]
    [Alias('e')]
    [string[]]$ExcludeList
)

if ($ExcludeList.Count -gt 0)
{
    Get-DnsServerResourceRecord -ZoneName $Zone -ComputerName $Domain | Where-Object { $_.RecordType -notin $ExcludeList }
}
elseif ($IncludeList.Count -gt 0)
{
    Get-DnsServerResourceRecord -ZoneName $Zone -ComputerName $Domain | Where-Object { $_.RecordType -in $IncludeList }
}
else
{
    Get-DnsServerResourceRecord -ZoneName $Zone -ComputerName $Domain
}

 

jklann

How to Forward Ports and Use Port Proxies

So I came across a need to Forward a port from one windows machine to another windows machine and found a nice solution using netsh and port proxies. In this example I will use port proxies to forward a Remote Desktop Port  3389 (RDP)  from one  server to another to allow access to this  server via RDP by connecting to a local port like localhost:5000.

  1. Create the Port Proxy
    1. Open Admin Command Prompt:
      netsh interface portproxy add v4tov4 listenport=freeport listenaddress=localip connectport=rdpport(default rdp is 3389) connectaddress=remoteip 
    2. Example:
      netsh interface portproxy add v4tov4 listenport=5000 listenaddress=192.168.1.25 connectport=3389 connectaddress=192.269.1.57
  2. Create the Firewall Rule:
    1. You will need to choose a local port that is not in use. If  you need to know how to check if a port is in use check out my Quick Tip Post on how to do that here: How to check if a port is in Use and What Process is running on it
    2. Command:
      netsh advfirewall firewall add rule name="Custom Port Rule" dir={in |out} action={allow | block} localport={number| n-n} protocol={TCP | UDP} remoteip={any | ip | range} profile={any | domain | public | private }

      Example:

      netsh advfirewall firewall add rule name="Custom Port Forward 5000" dir=in action=allow localport=5000 protocol=TCP remoteip=any profile="Domain"
  3. Output:

Windows_command_prompt_cmd_add_firewall_rule

  • Use the Port Proxy:
    1. Syntax:
       {localhost | ip or hostname you created the rule on}:{port number you chose} 
    2. Example:
       mstsc locahost:5000 /admin 
  • Delete the Port Proxy:
    1. Syntax:
      netsh interface portproxy delete v4tov4 listenport=portyouchose listenaddress=localip
      Example:
      
      
      
      netsh interface portproxy delete v4tov4 listenport=5000 listenaddress=192.168.1.25
  • Delete the Firewall Rule:
    1.  Syntax:
      netsh advfirewall firewall delete rule name="firewall rule name"
    2. Example:
      netsh advfirewall firewall delete rule name="Custom Port Forward 5000"
    3. Output:

Windows_command_prompt_cmd_delete_firewall_rule

jklann

How to check if a port is in Use and What Process is running on it

So really simple way to check if a port is in use and by what process.

  1. Method 1 CMD:
  2. Open Admin Command Prompt:
    netstat -ano | findstr "portnumber"
    

     

  3. Example using default rdp port:
    netstat -ano | findstr "3389"
    
  4. Output:
    windows_command_prompt_netstat_ano_rdp_port

 

Method 2 PowerShell:

  1. Open Admin PowerShell Prompt:
    1. Command:
      &amp;nbsp;netstat -ano | findstr "portnumber" | Select-String -Pattern "\d+$" -AllMatches | % {$_.Matches } | foreach { tasklist |select-string -Pattern $_.Value } | Get-Unique
      
    2. Example using port 80:
      1. Note: this could probably be a lot cleaner but hey i did it in 5 minutes in 1 oneline :) !
         netstat -ano | findstr "80" | Select-String -Pattern "\d+$" -AllMatches |  % {$_.Matches } | foreach { tasklist |select-string -Pattern $_.Value } | Get-Unique
        
    3. Output:
      windows_powershell_netstat_ano_port_number_tasklist_processname_process_stats

Method 3 CMD with Cygwin:

  1. This will get all of the process running on a particular port.
    1. Note: you will need (Cygwin bin directory pathed in your environment See how to do this here: How to add environment Paths via command line (cmd, powershell) )
      1. Open Admin cmd Prompt:
        1. Command:
           for /f "delims=" %a in ('netstat -ano ^| grep "portnumber" ^| grep -m1 -oP "[\d]{1,6}$"') do @set pid=%a | tasklist | grep %a 
      2. Example using port 80:
         for /f "delims=" %a in ('netstat -ano ^| grep "80" ^| grep -m1 -oP "[\d]{1,6}$"') do @set pid=%a | tasklist | grep %a 
      3. Output:
        windows_command_prompt_cygwin_netstat_ano_grep_port_number_tasklist_processname
jklann

Easily Manage a Service on a Remote Machine

For this example I will use Windows Remote Desktop Services and their ever needing service restart.

  1. Remote Restart Service
    1. Syntax
    2. Get-Service -ComputerName yourremotecomputername -Name servicename | Restart-Service
      
    3. Example (Restart Remote Desktop Services)
    4. Get-Service -ComputerName server1.domain.local -Name TermService | Restart-Service -Force
      
    5. The “-Force” is added to the end as TermSerivce has dependent services and this flag is required to restart TermSerivce as well as its depedencies
  2. From here you can explore other Service commands and options using this base syntax to get the service object on a remote machine.

 

jklann
speed_and_duplex_values_advanced_tab_adapter_configurations

How to tell if a NIC is using full or half duplex

  1. Open windows Network and Sharing Center.  My favorite way to do this in Windows 7 is to right click on the network icon in the right system try and select “Open Network and Sharing Center”. If you are using Windows 8 press the windows key and search for Network and Sharing Center.
    1. tray_open_network_and_sharing
  2. Once in the Network and Sharing Center in the left menu select the “Change adapter settings” link.
    1. change_adapter_settings_network_and_sharing
  3. Now in the “Network Connections” Window Select the NIC that you want to check the duplex on. Normally this is the Local Area Connection unless you have multiple NICs then choose the one you want to check, right click and select properties
    1. adapter_properties_network_connections
  4. In the new Window click configure 
    1. configure_adapter_properties
  5. In the new Windows select the Advanced tab. Then in the Property box scroll down and find the list item Speed & Duplex  then click it. In the right drop down labeled Value  you will see what the NIC is set too. By Default it is Set to Auto Negotiation. From here you can drop down and select your speed and duplex for that NIC.
    1. speed_and_duplex_values_advanced_tab_adapter_configurations

 

 

jklann
remote_desktop_connection_setup

How To: RDP Over SSH

So I have been using RDP over SSH for about the last year and I have found its stability to be much better than Logmein, teamviewer, VNC, and many others. While this method may not have all the fancy features that these other tools have, there is less lag, better performance overall, its free, its secure, and there is no middle server its direct point to point!

Requirements:

  1. SSHD server running on the windows machine you would like to RDP into. I would suggest using Cygwin rather than FreeSSHD due to security exploits.
  2. RDP/Remote Desktop Connections enable on this server. (This will be covered)
  3. The ability to setup port forwarding on your external router. Setup Forwarding
  4. The external IP Address of the network your server is connected to. Your IP
  5. Putty Client

Part One: Setting up the Windows Server.

Once you have a ssh server up and configured the next step is to enable RDP on your windows server.

  1. Open the start menu , right click on computer and select properties.
    start_menu_computer_properties

    start_menu_computer_properties

     

  2. In the properties window in the top left pane select remote settings.
  3. In the new “System Properties” window under the Remote tab check the box labeled “Allow Remote Assistance connections to this computer”
  4. Next in the same window  under the Remote Desktop section, select  “Allow connections from computers running any version of Remote Desktop” option.
  5. Then click “apply” , then “ok”.
    enable_remote_control

    enable_remote_control

     

Part Two: Setting up the Client machine for connection.

Once you have downloaded and opened the putty client it is time to set up the ssh session and tunnels.

  1. One the main putty page enter the external IP Address of your windows server the box labeled “Host Name (or IP address)”.
    putty_home_setup

    putty_home_setup

     

  2. In the left pane of the putty utility expand the SSH node and select Tunnels.
  3. In the box labeled “Source Port” enter a free port on your local system. For this I will use port 1234 as it is normally free.
  4. In the box labeled “Destination” enter the local IP address of your windows server followed by “:3389” the port for RDP.
  5. Leave the default settings below this set to “local” and “Auto”.
  6. Then Select “Add”.
    putty_rdp_tunnel_setup

    putty_rdp_tunnel_setup

     

  7. Now select the main putty page in the left pane at the very top labeled “Session”.
  8. In the “Saved Sessions” box enter a name you would like to save your configuration. as so you do not have to set this up again.
  9. Then press “Save”.
    putty_save_profile

    putty_save_profile

     

  10. Note: To open this session in the future select it from the list and select “Load”
  11. Then Select “Open” This will start the SSH session.
  12. Now for the final steps to open the RDP session. Open the start menu and search for “Remote Desktop Connection” and then open it.
    find_remote_desktop_connection

    find_remote_desktop_connection

     

  13. Then in the box labeled “Computer” enter Localhost: followed by the port selected to use in the putty configuration. In this case port 1234.
  14. Then Select Connect.
    remote_desktop_connection_setup

    remote_desktop_connection_setup

     

  15. Now it will prompt you with a credentials box. Just enter your account information and select “OK”.
    enter_remote_desktop_credentials

    enter_remote_desktop_credentials

     

  16. And Now you have a RDP Session over SSH!
    emote_desktop_connection_complete

    emote_desktop_connection_complete

 

 

jklann
port forward config router

How to: Setup Port Forwarding For SSH

Port forwarding will allow you to connect to your SSH server from anywhere, and it is really easy to do.

Requirements:

Administrator access to your router
Putty client

Step 1: Login to router

Login to your router via a web browser using its IP address (default is 192.168.1.1)

router browser login

Next you locate where you can setup port forwarding. In my case it is under  Applications & Gaming sub tab Single Port Forwarding.

Once located create a custom forward with the following settings:

Internal port: 22
IP address of your SSH server.

Save the settings.

port forward config router

Step 2: Get your external IP address

You can find your external IP address by visiting http://johnklann.com/getmyip.php

 *Note: Unless you have a static IP provisioned by your ISP, your external IP address will most likely change often. There are several services that allow you to track the change, and assign a domain name to it (Never had much luck with them). I went with a much more simple approach. View the article here.

Step 3: Creating your first external connection

From computer outside your LAN open your putty client.
Enter your external IP address into the Hosts field and click open.

putty setup ext ssh session
If you receive a popup box like the following select yes to continue:

rsa key working ssh
Enter your username and password:

ssh login
Then you will receive a shell on the SSH server:

secure shell on remote ssh server

Related Articles:

jklann

How to: Setup a SSH Server on Windows

This How to will walkthrough the steps to setting up an free ssh server on Windows operating systems. The will allow ssh access (secure shell access) to windows command prompt, and provide you with the ability to utilize other tools like Putty(tunneling), and WinSCP(file transfers). This walk through will show you how to set this up within your LAN (Local Area Network).

Requirements:

SSH server software — For the use of this tutorial, freesshd will be used.
Putty client — ssh client

Step 1: Install freesshd

freesshd installer

Step 2: Configure freesshd

Once you have finished installing the ssh server, run the application. You will want to edit the settings:

Right click on the freesshd icon in the taskbar and select settings

freesshd taskbar settings

You may see that the ssh server is not running and it may not start when you attempt to start it. Do not fret your machine probably needs a reboot. However ever this can wait until after the configuration has finished. For the next steps we want the SSH server to be stopped.

freesshd server status

Most of the defaults are effective there is only one last thing to configure.

Select the Users tab and click add user:

freesshd add user

Add your windows user account name under login. If you are not attached to a domain just leave the domain field blank.
Then select the user permissions. (personally I selected them all.)
Select ok.

Now start your SSH server on the Server status tab. Reminder if it will not start remember to reboot your machine and try to start it again.

Step 3: Create your first SSH session.

Collect you computers ip address:
Press windows key + r.
Type cmd into the run dialogue box and hit enter.

run dialogue command prompt

In the command prompt type ipconfig and press enter. Your ip address will be listed under your adapter.

finding your ip address cmd ipconfig

From another computer on your LAN (local area network) download and run the putty client.

Type in your ip address of the SSH server then select open

putty setup for simple ssh session to windows

This will then prompt you for your user name and password. *Note: it will show nothing when you type your password in. Once complete this will open a Command Prompt Shell on the remote system.

ssh windows command prompt shell

Related articles:

How to transfer files to and from a windows server using ssh with WinSCP

How to setup port forwarding for ssh

jklann