Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.computer.security
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-27-2009, 06:07 PM
~BD~
Guest
 
Posts: n/a
Default OT - From Peter Foldes to me - Comments requested please

Enjoy

Wrote it for you especially and yes you are welcome.

Note : See instructions at bottom


[01] '---------------------------------------------
[02] 'Send a message when EventID 7036 is recorded.
[03] '5.2.2009 FNL
[04] '---------------------------------------------
[05] iEventID = "'7036'"
[06]
[07] Set objWMIService =
GetObject("winmgmts:{(Security)}\\.\root\cimv2")
[08] Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
[09] ("Select * from __InstanceCreationEvent Where " _
[10] & "TargetInstance ISA 'Win32_NTLogEvent' " _
[11] & "and TargetInstance.EventCode = " & iEventID)
[12]
[13] Do
[14] Set objLatestEvent = colMonitoredEvents.NextEvent
[15] SendMessage objLatestEvent.TargetInstance.Message
[16] Loop
[17]
[18]
[19] Sub SendMessage (sText)
[20] WScript.Echo sText
[21] schema = "http://schemas.microsoft.com/cdo/configuration/"
[22] Set objEmail = CreateObject("CDO.Message")
[23] cdoBasic=1
[24] With objEmail
[25] .From = "Joe@company.com"
[26] .To = "Jack@company.com"
[27] .Subject = "RAID disk failed"
[28] .Textbody = Now & ": " & sText
[29] With .Configuration.Fields
[30] .Item (schema & "sendusing") = 2
[31] .Item (schema & "smtpserver") = "mail@company.com"
[32] .Item (schema & "smtpserverport") = 25
[33] .Item (schema & "smtpauthenticate") = cdoBasic
[34] End With
[35] .Configuration.Fields.Update
[36] .Send
[37] End With
[38] End Sub

Instructions:
- Save the above code as c:\windows\alerter.vbs.
- Unwrap any lines that your newsreader might have wrapped around.
- Modify lines 2, 5, 25, 26 and 31 to suit your environment.
- Invoke it like so:
cscript //nologo c:\windows\alerter.vbs

*****************************

Is this just a joke? TIA
--
Dave



Reply With Quote
  #2 (permalink)  
Old 06-28-2009, 10:32 PM
~BD~
Guest
 
Posts: n/a
Default Re: OT - From Peter Foldes to me - Comments requested please

Subject : Additional present (28 June)

Can anyone explain what he's trying to help me achieve? <grin>


"Peter Foldes" <okf22@hotmail.com> wrote in message
news:e9MF1q49JHA.1252@TK2MSFTNGP04.phx.gbl...
>
> Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE
> strComputer = "."
> strKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\"
> strEntry1a = "DisplayName"
> strEntry1b = "QuietDisplayName"
> strEntry2 = "InstallDate"
> strEntry3 = "VersionMajor"
> strEntry4 = "VersionMinor"
> strEntry5 = "EstimatedSize"
>
> Set objReg = GetObject("winmgmts://" & strComputer & _
> "/root/default:StdRegProv")
> objReg.EnumKey HKLM, strKey, arrSubkeys
> WScript.Echo "Installed Applications" & VbCrLf
> For Each strSubkey In arrSubkeys
> intRet1 = objReg.GetStringValue(HKLM, strKey & strSubkey, _
> strEntry1a, strValue1)
> If intRet1 <> 0 Then
> objReg.GetStringValue HKLM, strKey & strSubkey, _
> strEntry1b, strValue1
> End If
> If strValue1 <> "" Then
> WScript.Echo VbCrLf & "Display Name: " & strValue1
> End If
> objReg.GetStringValue HKLM, strKey & strSubkey, _
> strEntry2, strValue2
> If strValue2 <> "" Then
> WScript.Echo "Install Date: " & strValue2
> End If
> objReg.GetDWORDValue HKLM, strKey & strSubkey, _
> strEntry3, intValue3
> objReg.GetDWORDValue HKLM, strKey & strSubkey, _
> strEntry4, intValue4
> If intValue3 <> "" Then
> WScript.Echo "Version: " & intValue3 & "." & intValue4
> End If
> objReg.GetDWORDValue HKLM, strKey & strSubkey, _
> strEntry5, intValue5
> If intValue5 <> "" Then
> WScript.Echo "Estimated Size: " & Round(intValue5/1024, 3) & "
> megabytes"
> End If
> Next
>
> --
> Peter





Reply With Quote
  #3 (permalink)  
Old 06-29-2009, 05:34 AM
Todd H.
Guest
 
Posts: n/a
Default Re: OT - From Peter Foldes to me - Comments requested please

"~BD~" <BoaterDave@hotmail.co.uk> writes:

> Subject : Additional present (28 June)
>
> Can anyone explain what he's trying to help me achieve? <grin>


All depends, what question did you ask, where, and which forum is he a
frequenter of?

I don't see anything nefarious in a cursory look at the vbscript code.
Sounds like he may be helping you solve some problem you may have
posted about somewhere. This code looks like it's a relatively simple
script to simply echo out all the the stuff that's installed on your
machine visible in add/remove programs including install date,
versions, and size. To visualize what it'd do, open up regedit, click
your way to the
HKEYLocalMachine\SOFTWARE\Microsoft\Windows\Curren tVersion\Uninstall\
hive, click through each key there and see the various fields there,
and I bet it'll look a whole lot like your add/remove program list in
a much more copy/pasteable form.

So...curious...did you email him back to inquire what post he was
following up to, or was your first instinct to post the contents of
personal email to alt.computer.security assuming the worst? If the
latter, on behalf of the community, may I inquire "Just *** is wrong
with you?"


>"Peter Foldes" <okf22@hotmail.com> wrote in message
>news:e9MF1q49JHA.1252@TK2MSFTNGP04.phx.gbl...
>>
>> Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE
>> strComputer = "."
>> strKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\"
>> strEntry1a = "DisplayName"
>> strEntry1b = "QuietDisplayName"
>> strEntry2 = "InstallDate"
>> strEntry3 = "VersionMajor"
>> strEntry4 = "VersionMinor"
>> strEntry5 = "EstimatedSize"
>>
>> Set objReg = GetObject("winmgmts://" & strComputer & _
>> "/root/default:StdRegProv")
>> objReg.EnumKey HKLM, strKey, arrSubkeys
>> WScript.Echo "Installed Applications" & VbCrLf
>> For Each strSubkey In arrSubkeys
>> intRet1 = objReg.GetStringValue(HKLM, strKey & strSubkey, _
>> strEntry1a, strValue1)
>> If intRet1 <> 0 Then
>> objReg.GetStringValue HKLM, strKey & strSubkey, _
>> strEntry1b, strValue1
>> End If
>> If strValue1 <> "" Then
>> WScript.Echo VbCrLf & "Display Name: " & strValue1
>> End If
>> objReg.GetStringValue HKLM, strKey & strSubkey, _
>> strEntry2, strValue2
>> If strValue2 <> "" Then
>> WScript.Echo "Install Date: " & strValue2
>> End If
>> objReg.GetDWORDValue HKLM, strKey & strSubkey, _
>> strEntry3, intValue3
>> objReg.GetDWORDValue HKLM, strKey & strSubkey, _
>> strEntry4, intValue4
>> If intValue3 <> "" Then
>> WScript.Echo "Version: " & intValue3 & "." & intValue4
>> End If
>> objReg.GetDWORDValue HKLM, strKey & strSubkey, _
>> strEntry5, intValue5
>> If intValue5 <> "" Then
>> WScript.Echo "Estimated Size: " & Round(intValue5/1024, 3) & "
>> megabytes"
>> End If
>> Next
>>
>> --
>> Peter





Sincerely,
--
Todd H.
http://www.toddh.net/

Reply With Quote
  #4 (permalink)  
Old 06-29-2009, 05:39 AM
Todd H.
Guest
 
Posts: n/a
Default Re: OT - From Peter Foldes to me - Comments requested please

"~BD~" <BoaterDave@hotmail.co.uk> writes:
> Enjoy
>
> Wrote it for you especially and yes you are welcome.
>
> Note : See instructions at bottom
>
>
> [01] '---------------------------------------------
> [02] 'Send a message when EventID 7036 is recorded.
> [03] '5.2.2009 FNL
> [04] '---------------------------------------------
> [05] iEventID = "'7036'"
> [06]
> [07] Set objWMIService =
> GetObject("winmgmts:{(Security)}\\.\root\cimv2")
> [08] Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
> [09] ("Select * from __InstanceCreationEvent Where " _
> [10] & "TargetInstance ISA 'Win32_NTLogEvent' " _
> [11] & "and TargetInstance.EventCode = " & iEventID)
> [12]
> [13] Do
> [14] Set objLatestEvent = colMonitoredEvents.NextEvent
> [15] SendMessage objLatestEvent.TargetInstance.Message
> [16] Loop
> [17]
> [18]
> [19] Sub SendMessage (sText)
> [20] WScript.Echo sText
> [21] schema = "http://schemas.microsoft.com/cdo/configuration/"
> [22] Set objEmail = CreateObject("CDO.Message")
> [23] cdoBasic=1
> [24] With objEmail
> [25] .From = "Joe@company.com"
> [26] .To = "Jack@company.com"
> [27] .Subject = "RAID disk failed"
> [28] .Textbody = Now & ": " & sText
> [29] With .Configuration.Fields
> [30] .Item (schema & "sendusing") = 2
> [31] .Item (schema & "smtpserver") = "mail@company.com"
> [32] .Item (schema & "smtpserverport") = 25
> [33] .Item (schema & "smtpauthenticate") = cdoBasic
> [34] End With
> [35] .Configuration.Fields.Update
> [36] .Send
> [37] End With
> [38] End Sub
>
> Instructions:
> - Save the above code as c:\windows\alerter.vbs.
> - Unwrap any lines that your newsreader might have wrapped around.
> - Modify lines 2, 5, 25, 26 and 31 to suit your environment.
> - Invoke it like so:
> cscript //nologo c:\windows\alerter.vbs
>
> Is this just a joke? TIA


No, doesn't look like a joke. It looks like a relatively
straightforward visual basic script that sends an email to a
configurable email address, via a configurable smtp server if and when
a windows system writes a given eventid to the system log.

Did you ask a question somewhere about "How do I get an email when X
happens to my system?" If so, seems like he may have provided you a
very good/free solution that you haven't bothered to look through
enough to try to understand.

--
Todd H.
http://www.toddh.net/

Reply With Quote
  #5 (permalink)  
Old 06-29-2009, 08:33 AM
~BD~
Guest
 
Posts: n/a
Default Re: OT - From Peter Foldes to me - Comments requested please


"Todd H." <comphelp@toddh.net> wrote in message
news:84ab3rmzek848wjbmzek__847hyvmzek@yahoo.com...
> So...curious...did you email him back to inquire what post he was
> following up to, or was your first instinct to post the contents of
> personal email to alt.computer.security assuming the worst? If the
> latter, on behalf of the community, may I inquire "Just *** is wrong
> with you?"



This query had no connection with *email* ......
.......... - it comes from the 'microsoft.public.test.here' newsgroup!

This is the answer to *your* query, Todd - posted by Mr Foldes today!
<vbg>

"Peter Foldes" <okf22@hotmail.com> wrote in message
news:ujQaR6E%23JHA.4168@TK2MSFTNGP05.phx.gbl...
> BD's time of the month. Been taking hormone treatments lately ?
> Sanitary pads are on
> sale this week at Harrods.
> Just in case you need their address
> Harrods Knightsbridge, London SW1X 7SL Store
> Tel: 020 7730 1234
>
> BTW: The sale for those pads are on the 5th floor just beside the
> Georgian
> Restaurant and hurry up and get there because they are in a great
> demand.


It is not, of course, true!

Seriously, thank you for taking the time and trouble to respond to my
query.
I'll answer the main parts of your answers separately.

--
Dave



Reply With Quote
  #6 (permalink)  
Old 06-29-2009, 08:52 AM
~BD~
Guest
 
Posts: n/a
Default Re: OT - From Peter Foldes to me - Comments requested please


"Todd H." <comphelp@toddh.net> wrote in message
news:84ab3rmzek848wjbmzek__847hyvmzek@yahoo.com...
<snip>
> I don't see anything nefarious in a cursory look at the vbscript code.
> Sounds like he may be helping you solve some problem you may have
> posted about somewhere. This code looks like it's a relatively simple
> script to simply echo out all the the stuff that's installed on your
> machine visible in add/remove programs including install date,
> versions, and size. To visualize what it'd do, open up regedit, click
> your way to the
> HKEYLocalMachine\SOFTWARE\Microsoft\Windows\Curren tVersion\Uninstall\
> hive, click through each key there and see the various fields there,
> and I bet it'll look a whole lot like your add/remove program list in
> a much more copy/pasteable form.

<snip>

I know nothing about 'code' so I posted here because I know that there
are some wise and clever folk who frequent this community. I had/have no
wish or intention to aggravate anyone here. I appreciate the response
from Todd.

I found my way to the 'hive' mentioned and did, indeed, find information
on all the programmes installed on this laptop. A very interesting
exploration and something I have rarely done before. Thank you for the
guidance. :)

Had I had any notion of just *how* to activate the code supplied I might
have tried to do so at home (where I could reinstall Windows or use an
Acronis image) but here aboard my narrowboat I do not have that luxury,
so I wondered if someone else might experiment on my behalf. Do you know
how I could have 'made it work' so to speak? What would it have done to
my computer? Any thoughts welcomed. Thanks.
--
Dave



Reply With Quote
  #7 (permalink)  
Old 06-29-2009, 09:02 AM
~BD~
Guest
 
Posts: n/a
Default Re: OT - From Peter Foldes to me - Comments requested please


"Todd H." <comphelp@toddh.net> wrote in message
news:84vdmflkm184tz1zlkm1__84skhjlkm1@yahoo.com...
> "~BD~" <BoaterDave@hotmail.co.uk> writes:
>> Enjoy
>>
>> Wrote it for you especially and yes you are welcome.
>>
>> Note : See instructions at bottom
>>
>>
>> [01] '---------------------------------------------
>> [02] 'Send a message when EventID 7036 is recorded.
>> [03] '5.2.2009 FNL
>> [04] '---------------------------------------------
>> [05] iEventID = "'7036'"
>> [06]
>> [07] Set objWMIService =
>> GetObject("winmgmts:{(Security)}\\.\root\cimv2")
>> [08] Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
>> [09] ("Select * from __InstanceCreationEvent Where " _
>> [10] & "TargetInstance ISA 'Win32_NTLogEvent' " _
>> [11] & "and TargetInstance.EventCode = " & iEventID)
>> [12]
>> [13] Do
>> [14] Set objLatestEvent = colMonitoredEvents.NextEvent
>> [15] SendMessage objLatestEvent.TargetInstance.Message
>> [16] Loop
>> [17]
>> [18]
>> [19] Sub SendMessage (sText)
>> [20] WScript.Echo sText
>> [21] schema = "http://schemas.microsoft.com/cdo/configuration/"
>> [22] Set objEmail = CreateObject("CDO.Message")
>> [23] cdoBasic=1
>> [24] With objEmail
>> [25] .From = "Joe@company.com"
>> [26] .To = "Jack@company.com"
>> [27] .Subject = "RAID disk failed"
>> [28] .Textbody = Now & ": " & sText
>> [29] With .Configuration.Fields
>> [30] .Item (schema & "sendusing") = 2
>> [31] .Item (schema & "smtpserver") = "mail@company.com"
>> [32] .Item (schema & "smtpserverport") = 25
>> [33] .Item (schema & "smtpauthenticate") = cdoBasic
>> [34] End With
>> [35] .Configuration.Fields.Update
>> [36] .Send
>> [37] End With
>> [38] End Sub
>>
>> Instructions:
>> - Save the above code as c:\windows\alerter.vbs.
>> - Unwrap any lines that your newsreader might have wrapped around.
>> - Modify lines 2, 5, 25, 26 and 31 to suit your environment.
>> - Invoke it like so:
>> cscript //nologo c:\windows\alerter.vbs
>>
>> Is this just a joke? TIA

>
> No, doesn't look like a joke. It looks like a relatively
> straightforward visual basic script that sends an email to a
> configurable email address, via a configurable smtp server if and when
> a windows system writes a given eventid to the system log.


Thank you. I regret that I have no knowledge of how to write or use such
scripts. I have no idea what impact this would have on my computer or
why Peter Foldes provided same.


> Did you ask a question somewhere about "How do I get an email when X
> happens to my system?" If so, seems like he may have provided you a
> very good/free solution that you haven't bothered to look through
> enough to try to understand.



No - I didn't ask for such help. I believe Mr Foldes was up to mischief!
Do you think I should be learning about visual basic scripts? If so,
why?

--
Dave



Reply With Quote
  #8 (permalink)  
Old 06-29-2009, 09:10 AM
~BD~
Guest
 
Posts: n/a
Default Re: OT - From Peter Foldes to me - Comments requested please


"Todd H." <comphelp@toddh.net> wrote in message
news:84vdmflkm184tz1zlkm1__84skhjlkm1@yahoo.com...
> Did you ask a question somewhere about "How do I get an email when X
> happens to my system?" If so, seems like he may have provided you a
> very good/free solution that you haven't bothered to look through
> enough to try to understand.
>
> --
> Todd H.
> http://www.toddh.net/


Your web site says "Contact: If you'd like to contact me or shower me
with money, please send email to: todd then put that @ sign thingee in
followed by this domain."

I tried and my message was bounced back. Please would you clarify for
me, Todd?

Viz:-

Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following
addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<todd@toddh.net/>:
Sorry, I couldn't find any host named toddh.net/. (#5.1.2)

--
Dave



Reply With Quote
  #9 (permalink)  
Old 07-04-2009, 09:02 AM
~BD~
Guest
 
Posts: n/a
Default Re: OT - From Peter Foldes to me - Comments requested please

"Peter Foldes" <okf22@hotmail.com> wrote in message
news:OgSfr7f%23JHA.1376@TK2MSFTNGP02.phx.gbl...
> Am I deleting too fast ?? Advise
>


Hello Peter! :)

Interesting question - one you have asked before! I seem to recall
Andrew saying that you couldn't *possibly* control what I see on *my*
screen - but I have a hinky feeling that he might be incorrect! You
obviously think you can!

It doesn't matter a great deal, because Eternal-September (was
Motzarella) has all messages on this test group going back to April.

I'd prefer the msnews server to keep the test messages for longer than
at present. Please adjust matters if you can. Thank you.

Whist writing, do you have any view on this item:-

A news release dated last week, says this:

BIOS Vulnerable to Modern Malware Attacks
'Basic Input/Output System', a firmware run by a PC at the time of
boot-up,
is increasingly targeted by malware attacks as modern hackers having
administrative OS rights are effectively conducting BIOS updates or BIOS
on
the Internet to load customized low-level firmware.

Recently, experts have shown how BIOS malware could be used to attack
multiple operating systems and infect different kinds of motherboards.
According to them, BIOS-based malicious software can disseminate not
just on
various OSs, but also by a number of hardware. These attacks are hard to
identify and block.

Earlier during March 2009 at the Vancouver CanSecWest security
conference,
researchers Anibal Sacco and Alfredo Ortega of Core Security
Technologies
Inc. performed a general BIOS attack that could push malware inside
various
BIOS types, as reported by search security on June 18, 2009.

A hacker who hijacked the BIOS in the above manner could gain complete
control over the basic firmware irrespective of the OS.

Even if all browser applications and OS patches are put in place, it is
still possible to fully compromise computers at a very low level without
any
vulnerability exploitation. Evidently, the BIOS malware has been
effectively
utilized on both OpenBSD and Windows platforms as well as on virtual
machines
through the VMware Player program.

Sacco and Ortega emphasized that for carrying out the attacks, one needs
to
either directly access the target computer or obtain the root privileges
of
the same, which restricts the scope. In any case, the techniques are
extremely workable and the two researchers are presently experimenting
with a
BIOS rootkit that might help to execute the attack.

Following the experiments by the Core researchers, John Heasman at Next
Generation Security Software performed another research on stubborn
rootkits
and was successful in creating a technique for planting them on
computers
utilizing 'Peripheral Component Interconnect' (PCI) cards.

Previously during 2007, Heasman at Black Hat DC demonstrated a fully
functional technique for installing rootkits on a PCI card through the
device's flashable ROM. He also showed how bogus stack pointers could be
built through the circumvention of Windows NT kernel.

http://www.spamfighter.com/News-1262...re-Attacks.htm

--
Dave








Reply With Quote
  #10 (permalink)  
Old 07-06-2009, 09:25 AM
~BD~
Guest
 
Posts: n/a
Default Re: OT - From Peter Foldes to me - Comments requested please


"Peter Foldes" <okf22@hotmail.com> wrote in message
news:Ou%2368Vd$JHA.1252@TK2MSFTNGP04.phx.gbl...
> Dave
>
> You posted the below today in the OE newsgroup in the IE8 post
>
>>I was also banned from posting on the Annexcafe newsgroups - to which
>>I
>>was once enticed by Peter Foldes. I'm quite certain all is not as it
>>seems on the surface on the computer help site there - User2User.
>>Proof
>>is another matter though! :(

>
> I have your post on my server where you stated the Kuay Tim enticed
> you to come to U2U. I have all your posts (831of them in total up to
> today)) from u2u,msnew servers,Ahuma and from Jen's group also from
> among others since you started posting going back 4 yrs. I do not want
> to put back that post on the server to show everyone how you make
> things up or shall I say how you fib. I even have the one where you
> said you were stationed on a ship and not as you sometimes say RCAF
> and as a air traffic controller. (which you stated today) . Dave
> something is wrong and you should really look after it before it
> becomes more of a problem . You have also stated in one of your posts
> that you were banned by your ISP and PA Bear is not lying when he
> posts that. He was nice enough not to put that post out to the public
> to embarrass you.
> So Dave please watch what you say or stick always to the same (your
> history) or you will discredit yourself which BTW has already started.
>
> And if you would like to know how I know the amount of posts (I have
> them all) all I can and will tell you that running a server and
> knowing your IP even when changed can follow you through out
> cyberspace. As can any legitimate agency.
>
> --
> Peter
>
> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>




Reply With Quote
Reply


« Secure Tool to manage passwords | hacking through a mail server? »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
I've finally decided my phone, (I think) - Nokia E71 - Any comments ?? -= Kevin Cole =- uk.telecom.mobile 8 04-04-2009 02:47 AM


All times are GMT. The time now is 02:07 AM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45