Caveman's Blog

My commitment to learning.

Sql Server: How to list all the database names

Posted by cavemansblog on November 6, 2009

There are two ways of listing the available database names in SQL Server, using T-SQL


select name from master..sysdatabases

EXEC sp_msForEachDB 'PRINT ''?''';

Posted in Sql Server | Tagged: , | Leave a Comment »

Prevent Internal IP address disclosure

Posted by cavemansblog on November 4, 2009

One of the vulnerability that we had to fix on a recent project was the disclosure of the IP address when IIS had to redirect a web request to another page and here is how it got fixed.

Based on the following Microsoft support article: “FIX: IP address is revealed in the content-location field in the TCP header in IIS 6.0” [1]; follow these steps to set the SetHostName property in IIS, so that the System Admin defined hostname is revealed in the response header as opposed to the internal IP address..

  1. Click Start, click Run, type cmd, and then click OK to open a command prompt.
  2. Change to the folder where the Adsutil.vbs tool is located. By default, this folder is the following:
    • %SYSTEMROOT%\Inetpub\AdminScripts
  3. Type the following command, where x is your site identifier and hostname is the alternate host name that you want to use:
    • cscript adsutil.vbs set w3svc/x/SetHostName hostname
    • X can be looked by from IIS mmc. Click here [2] to know to look up the site identifier.

    If this does not fix the problem then try installing the latest service pack for Windows Server 2003 and then restart your computer

    References:

    1. Microsoft Support: FIX: IP address is revealed in the content-location field in the TCP header in IIS 6.0
    2. Chris Crowe’s Blog – IIS Web Site Identifiers.

Posted in IIS | Tagged: , | 1 Comment »

Differential Gears

Posted by cavemansblog on September 19, 2009

I have always wondered how the (differential) gear system in a car works.  I have studied a little about this in school, which was way over my head at that time. I realized and was amazed at how stuff works after watching this video. It seems to be a very old and lengthy, yet is a very detail oriented video. It cannot get better than this, watch, learn and enjoy:

Following is a very nice animation of how manual transmission works.

Posted in Sudheer Reddy Battula | Leave a Comment »

PSExec: Remote command execution

Posted by cavemansblog on September 15, 2009

Ever wondered how to remotely execute a command on a remote machine. Here is what I had to deal with, leading to my research and a subsequent discovery of this powerful utility. We have this ASP.Net project that was getting deployed to the various in-house environments using Hudson, a continuous deployment tool. There was this requirement that the web.config had to be encrypted. In our project configuration setup, the files from the build (CI) server will be deployed/coped to various environments, however the web.config cannot be pre-encrypted, rather it has to be encrypted in the hosting environment.

I have created a batch file  that has to be executed on the deployed environment to be able to encrypt the web.config file. PSExec came to my rescue by being able to execute the batch file on the host environments from the continuous integration server. The account that is used to run Hudson should also have rights on the host machines to be able to run PSExec.

PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. PsExec’s most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems. [1]


psexec \\MACHINE_NAME c:\temp\encrypt.bat

I hope I made my point in showcasing a capability of this tool.

Reference:
1. PSExec – by Mark Russinovich

Posted in Tools | Leave a Comment »

Screen saver timeout

Posted by cavemansblog on September 11, 2009

The wait time for a screen saver specifies how much user idle time must elapse before the it is launched. This can be changed by accessing the property pages of the desktop, in the Screen Saver tab. How ever when a group policy is set to not editable on this setting, one cannot edit this setting using the property pages, even if the user has administrator right on that computer.

The work around for this is to directly edit the value of the “ScreenSaveTimeOut” key at the following location. The value is represented in seconds, the setting below has  a time out of 30 mins.


[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop]
"ScreenSaveTimeOut"="1800"

Posted in Sudheer Reddy Battula | 1 Comment »