Penetration Testing mailing list archives
Checking - will this Windows audit-tool be useful?
From: Petr.Kazil () eap nl
Date: Tue, 13 Jun 2006 17:44:55 +0200
I'm working on a Windows audit tool. I will probably build it anyway, because I can use it myself and it's a fun project. But to be sure, I would like to check if it's not already out there somewhere. A longish explanation: I do a lot of Windows / Active Directory audits. Until now I used the traditional tools like Dumpsec, Hyena, pstools and a lot of the built in Windows commands. But a lot of the information that I need, is already present in one single file. If I run “csvde -f outputfile.txt” then I have the core data of Active Directory in my hands. Almost all the data in Dumpsec (and much more) is present in the csvde-file. The charm of using this file, is that you don’t need to run any tools on the client’s infrastructure. In a few cases an admin was willing to send the (strongly encrypted) file by e-mail and I could start my audit right away without taking much of his time. I have written a set of scripts in VBScript that parse and analyze the csvde file and produce interesting data like: statistics, “dead” accounts, administrator groups and memberships, OU-trees and policies, domain policies, computer OS-versions, account settings, etc. At the moment I’m rewriting the scripts into a decent application in Visual Basic 2005, as an exercise with this language. My question: Do you think anyone will be interested in this tool when I’m finished? I know I’m reinventing the wheel a bit - but I’ve successfully used csvde-file data in the past, so I hope others might be interested too.
Current thread:
- Sniffing USB-Datastream thomas springer (Jun 12)
- Re: Sniffing USB-Datastream Jon R. Kibler (Jun 12)
- Re: Sniffing USB-Datastream Scott C. Kennedy (Jun 12)
- Re: Sniffing USB-Datastream Jonathan (Jun 12)
- Re: Sniffing USB-Datastream Jonathan (Jun 12)
- Re: Sniffing USB-Datastream David Hogue (Jun 12)
- Checking - will this Windows audit-tool be useful? Petr . Kazil (Jun 13)
- <Possible follow-ups>
- Re: Sniffing USB-Datastream mozilla (Jun 13)
- Re: Sniffing USB-Datastream Jon R. Kibler (Jun 12)