Create a local administrator account on every computer of the domain

I've recently implemented a Active Directory domain controller and wanted to get rid of local users ... turns out it's not such a great idea since sometimes you'll need a local admin to fix the AD connectivity... So, I wrote a little script that runs every now and then and create a local user with admin rights for debugging and such... It iterates over all the computer object it will find under the root of the AD and create the user. Beware that it only works if the machines are online, so you'll have to run it often enough to make sure every laptop has been hit at least once.
I hope you'll find it useful.

' This is a script to add local user accounts and add them to the local admin group
' Author: JBANIER Date: 28/10/2013

on error resume next

Const ADS_SCOPE_SUBTREE = 200
Const FOR_READING = 1
Const strUser = "localadmin"
Const strPassword = "localpa$$w0rd"
Dim objConnection, objCommand, objFile, strFile, strLDAP, strSelectAttr

Set objNet = WScript.CreateObject( "WScript.Network" )
Set objRootLDAP = GetObject("LDAP://rootDSE")
strPathToDomain = "LDAP://" & objRootLDAP.Get("defaultNamingContext")
strSelectAttr = "cn, operatingSystem"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select " & strSelectAttr & " from '" & strPathToDomain _
        & "' Where objectClass='computer'"
Wscript.Echo objCommand.CommandText
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst

Do Until objRecordSet.EOF
    ' Create user
    strComputer = objRecordSet.Fields("cn").Value
    Set colAccounts = GetObject("WinNT://" & strComputer & "")
    Set objUser = colAccounts.Create("user", strUser)
    objUser.SetPassword strPassword
    objUser.SetInfo
    Wscript.Echo "Added user " & strUser & " to " & strComputer
    ' add user to admin group
    Set objLocalUser = GetObject("WinNT://" & strComputer & "/" & strUser)
    Set objLocalAdmGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
    objLocalAdmGroup.Add(objLocalUser.AdsPath)
    Wscript.Echo "Added user " & strUser & " to " & strComputer & "'s local admin group"
    objRecordSet.MoveNext
Loop

Set objConnection = Nothing
Set objCommand = Nothing
Set objFile = Nothing
Set strFile = Nothing
Set strLDAP = Nothing
Set strSelectAttr = Nothing

Brucon 2013, scapy or The internet in god mode.

This year I was lucky enough to be able to attend Brucon (courtesy of my employer) , my favorite workshop was this one, I've been wanting to dive into scapy but ... things kept getting in the way :-) the introduction was soft enough not to be disgusted and the challenge slowly grow to something taking a bit of work and trial and error... the final challenge was to download a file hosted on the @undeadsecurity's blog. As it turns out implementing wget in raw socket was good fun :-) Anyway for the curious here's my code:

#! /usr/bin/env python
#vim: set fileencoding=latin-1
# Author: Jérémie Banier
# Date: Oct. 1 2013
# Purpose: implement wget using scapy :-)
# Based on test add-ons sample 
# usage:
# sudo python wget.py
# a, u = wget()

import logging
# Set log level to benefit from Scapy warnings
logging.getLogger("scapy").setLevel(1)

from scapy.all import *

seq = 666

def connect_syn():
    return IP(dst='173.255.253.196')/TCP(dport=80, flags="S", seq)

def connect_ack(p):
    ack = p[TCP][0][1][TCP].seq + 1
    seq = seq + 1
    return IP(dst='blog.zonbi.org')/TCP(dport=80, flags="AP", ack=ack, seq=seq)/"GET /key.txt HTTP/1.0\r\n\r\n"

def data_ack(p):
    ack = p[TCP][0][1][TCP].seq + 1
    seq = seq + 1  
    return IP(dst='blog.zonbi.org')/TCP(dport=80, flags="A", ack=ack, seq=seq)

def disconnect_fin(p):
    ack = p[TCP][0][1][TCP].seq + 1
    seq = seq + 1  
    return IP(dst='blog.zonbi.org')/TCP(dport=80, flags="F", ack=ack, seq=seq)

def disconnect_ack(p):
    ack = p[TCP][0][1][TCP].seq + 1
    seq = seq + 1  
    return IP(dst='blog.zonbi.org')/TCP(dport=80, flags="A", ack=ack, seq=seq)

def wget():
    a, u = sr(connect_syn())
    da, du = sr(connect_ack(a))
    a, u = sr(data_ack(da)$
    a, u = sr(disconnect_fin(a))
    a, u = sr(disconnect_ack(a))
    return (da, du)

if __name__ == "__main__":
    interact(mydict=globals(), mybanner="scaget?")

When run it will launch the python/scapy shell do wget() while running wireshark to see the download taking place ... I'm sure my code isn't so robust and will fail with large file so ...

CentOS package management rollercoaster

Just a quick one liner to recover from a not so sucessfull upgrade on CentOS ...

for p in $(yum update | grep "is a duplicate"  | awk ' { print $6 }'); do rpm -e 

--nodeps --justdb  $p ; done

The package were effectively upgraded but the previous version of the package was still in the rpm database for some reason, this one liner take the duplicate (old one) and remove it's definition from the DB.