Showing posts with label Windows. Show all posts
Showing posts with label Windows. Show all posts

2023-06-10

Windows Network - Common Protocols

In a typical Microsoft Windows network environment, you would expect to see a range of protocols that facilitate network communication, resource sharing, authentication, and management. Here are some protocols commonly used in a Windows network:

1. **Server Message Block (SMB)**: SMB is a protocol used for file and printer sharing, as well as accessing shared resources on Windows-based systems. It allows clients to connect to file servers, access shared folders, and perform file operations such as reading, writing, and file locking.

2. **Active Directory (AD)**: Active Directory is a directory service that stores information about network resources and enables centralized management of user accounts, groups, and network resources. It uses the Lightweight Directory Access Protocol (LDAP) for communication.

3. **Domain Name System (DNS)**: DNS is used for name resolution in Windows networks. It translates domain names into IP addresses and vice versa, allowing clients to locate domain controllers, servers, and other network resources.

4. **Dynamic Host Configuration Protocol (DHCP)**: DHCP is commonly used in Windows networks to automatically assign IP addresses, subnet masks, and other network configuration parameters to client devices when they connect to the network.

5. **NetBIOS (Network Basic Input/Output System)**: NetBIOS is an API used by applications for network communication in Windows environments. It allows applications to send and receive data over the network and provides services like name resolution and session management.

6. **Remote Desktop Protocol (RDP)**: RDP enables remote access to Windows-based systems. It allows users to connect to a remote desktop and interact with the desktop environment as if they were sitting in front of the physical machine.

7. **Simple Mail Transfer Protocol (SMTP)**: SMTP is used for sending and receiving email in Windows networks. It facilitates the communication between email clients (such as Microsoft Outlook) and email servers (such as Microsoft Exchange).

8. **Windows Internet Name Service (WINS)**: WINS is a legacy NetBIOS name resolution service used in older Windows networks. It translates NetBIOS names to IP addresses, helping clients locate resources.

9. **Kerberos**: Kerberos is a network authentication protocol used in Windows networks to verify the identities of users and services. It provides secure authentication and supports features like single sign-on.

10. **Remote Procedure Call (RPC)**: RPC is a protocol used for communication between applications and services running on different systems in a Windows network. It allows applications to request services from remote systems and exchange data.

These protocols form the foundation for network communication, authentication, and resource sharing in a Windows network environment. It's important to note that the specific protocols and their usage can vary depending on the version of Windows, network configuration, and services deployed within the network.

================

Here's an elaboration on each protocol mentioned, along with the port numbers commonly associated with them in a Microsoft Windows network:

1. **Server Message Block (SMB)**

   - Description: SMB is a protocol used for file and printer sharing, as well as accessing shared resources on Windows-based systems. It allows clients to connect to file servers, access shared folders, and perform file operations.

   - Port Numbers: 

     - SMB over NetBIOS: Port 139 (TCP/UDP)

     - SMB over IP (direct-hosted SMB): Port 445 (TCP/UDP)


2. **Active Directory (AD)**

   - Description: Active Directory is a directory service that stores information about network resources and enables centralized management of user accounts, groups, and network resources. It provides authentication and authorization services.

   - Port Numbers: 

     - LDAP: Port 389 (TCP/UDP)

     - LDAPS (LDAP over SSL/TLS): Port 636 (TCP)


3. **Domain Name System (DNS)**

   - Description: DNS is used for name resolution in Windows networks. It translates domain names into IP addresses and vice versa, allowing clients to locate domain controllers, servers, and other network resources.

   - Port Numbers: 

     - DNS: Port 53 (TCP/UDP)


4. **Dynamic Host Configuration Protocol (DHCP)**

   - Description: DHCP is commonly used in Windows networks to automatically assign IP addresses, subnet masks, and other network configuration parameters to client devices when they connect to the network.

   - Port Numbers: 

     - DHCP server: Port 67 (UDP)

     - DHCP client: Port 68 (UDP)


5. **NetBIOS (Network Basic Input/Output System)**

   - Description: NetBIOS is an API used by applications for network communication in Windows environments. It allows applications to send and receive data over the network and provides services like name resolution and session management.

   - Port Numbers: 

     - NetBIOS Name Service (NBNS): Port 137 (UDP)

     - NetBIOS Datagram Service: Port 138 (UDP)

     - NetBIOS Session Service: Port 139 (TCP)


6. **Remote Desktop Protocol (RDP)**

   - Description: RDP enables remote access to Windows-based systems. It allows users to connect to a remote desktop and interact with the desktop environment as if they were sitting in front of the physical machine.

   - Port Numbers: 

     - RDP: Port 3389 (TCP/UDP)


7. **Simple Mail Transfer Protocol (SMTP)**

   - Description: SMTP is used for sending and receiving email in Windows networks. It facilitates the communication between email clients (such as Microsoft Outlook) and email servers (such as Microsoft Exchange).

   - Port Numbers: 

     - SMTP: Port 25 (TCP)


8. **Windows Internet Name Service (WINS)**

   - Description: WINS is a legacy NetBIOS name resolution service used in older Windows networks. It translates NetBIOS names to IP addresses, helping clients locate resources.

   - Port Numbers: 

     - WINS: Port 137 (TCP/UDP)


9. **Kerberos**

   - Description: Kerberos is a network authentication protocol used in Windows networks to verify the identities of users and services. It provides secure authentication and supports features like single sign-on.

   - Port Numbers: 

     - Kerberos: Port 88 (TCP/UDP)


10. **Remote Procedure Call (RPC)**

    - Description: RPC is a protocol used for communication between applications and services running on different systems in a Windows network. It allows applications to request services from remote systems and exchange data.

   

Here is an expanded list of common protocols in a Windows network environment:

1. **Server Message Block (SMB)**

2. **Active Directory (AD)**

3. **Domain Name System (DNS)**

4. **Dynamic Host Configuration Protocol (DHCP)**

5. **NetBIOS (Network Basic Input/Output System)**

6. **Remote Desktop Protocol (RDP)**

7. **Simple Mail Transfer Protocol (SMTP)**

8. **Windows Internet Name Service (WINS)**

9. **Kerberos**

10. **Remote Procedure Call (RPC)**

11. **Internet Protocol (IP)**

12. **Transmission Control Protocol (TCP)**

13. **User Datagram Protocol (UDP)**

14. **Hypertext Transfer Protocol (HTTP)**

15. **Secure Shell (SSH)**

16. **File Transfer Protocol (FTP)**

17. **Simple Network Management Protocol (SNMP)**

18. **Internet Group Management Protocol (IGMP)**

19. **Border Gateway Protocol (BGP)**

20. **Open Shortest Path First (OSPF)**

21. **Internet Control Message Protocol (ICMP)**

22. **Virtual LAN (VLAN)**

23. **Secure Sockets Layer/Transport Layer Security (SSL/TLS)**

24. **Internet Group Management Protocol (IGMP)**

25. **Network Time Protocol (NTP)**

26. **Simple Network Time Protocol (SNTP)**

27. **Post Office Protocol (POP3)**

28. **Internet Small Computer System Interface (iSCSI)**

29. **Point-to-Point Protocol (PPP)**

30. **Spanning Tree Protocol (STP)**


These protocols cover various aspects of network communication, services, management, and security within a Windows network. Each protocol serves a specific purpose and plays a crucial role in enabling effective network operations.


Certainly! Here's a short description of each protocol from the expanded list:


1. **Server Message Block (SMB)**: File and printer sharing protocol for accessing shared resources on Windows systems.

2. **Active Directory (AD)**: Directory service for storing and managing network resources, user accounts, and groups.

3. **Domain Name System (DNS)**: Resolves domain names to IP addresses and vice versa for network communication.

4. **Dynamic Host Configuration Protocol (DHCP)**: Automates the assignment of IP addresses and network configuration to client devices.

5. **NetBIOS (Network Basic Input/Output System)**: Legacy API for network communication, including name resolution and session management.

6. **Remote Desktop Protocol (RDP)**: Allows remote access to Windows-based systems and interaction with the desktop environment.

7. **Simple Mail Transfer Protocol (SMTP)**: Protocol for sending and receiving email messages between email clients and servers.

8. **Windows Internet Name Service (WINS)**: Legacy name resolution service for NetBIOS names in older Windows networks.

9. **Kerberos**: Network authentication protocol providing secure verification of user and service identities.

10. **Remote Procedure Call (RPC)**: Facilitates communication between applications and services running on different systems.

11. **Internet Protocol (IP)**: Protocol for logical addressing and routing of data packets across network devices.

12. **Transmission Control Protocol (TCP)**: Reliable, connection-oriented protocol ensuring error checking and sequencing of data transmission.

13. **User Datagram Protocol (UDP)**: Connectionless protocol for sending datagrams without error checking and sequencing.

14. **Hypertext Transfer Protocol (HTTP)**: Protocol for transferring data between web clients and servers, enabling web browsing.

15. **Secure Shell (SSH)**: Cryptographic network protocol for secure remote access and administration of network devices.

16. **File Transfer Protocol (FTP)**: Protocol for transferring files between a client and a server over a network.

17. **Simple Network Management Protocol (SNMP)**: Protocol for managing and monitoring network devices.

18. **Internet Group Management Protocol (IGMP)**: Used for managing multicast group memberships in IP networks.

19. **Border Gateway Protocol (BGP)**: Routing protocol used for exchanging routing information between different autonomous systems on the internet.

20. **Open Shortest Path First (OSPF)**: Interior gateway routing protocol for efficient exchange of routing information within an autonomous system.

21. **Internet Control Message Protocol (ICMP)**: Used for diagnostic and error reporting purposes in IP networks, including ping requests and responses.

22. **Virtual LAN (VLAN)**: Network virtualization technique for logically separating network devices into separate broadcast domains.

23. **Secure Sockets Layer/Transport Layer Security (SSL/TLS)**: Protocols for securing communication channels over the internet, commonly used for secure web browsing (HTTPS).

24. **Internet Group Management Protocol (IGMP)**: Used for managing multicast group memberships in IP networks.

25. **Network Time Protocol (NTP)**: Synchronizes the time of network devices in a distributed system.

26. **Simple Network Time Protocol (SNTP)**: Lightweight version of NTP used for time synchronization in network devices.

27. **Post Office Protocol (POP3)**: Protocol for retrieving email from a mail server to a client device.

28. **Internet Small Computer System Interface (iSCSI)**: Protocol for accessing remote block-level storage over IP networks.

29. **Point-to-Point Protocol (PPP)**: Data link layer protocol for establishing a direct connection between two network nodes.

30. **Spanning Tree Protocol (STP)**: Protocol for maintaining a loop-free logical topology in Ethernet networks.


These protocols cover a wide range of network functions, including communication

Posted by at
Labels: , ,

2014-09-26

Unlocking and Rooting Your Nexus Under Windows

Unlocking and Rooting Your Nexus Under Windows

CREDITS: This whole post was lifted from nethunter.com (a.k.a. Kali NetHunter)

  1. On a Windows machine, download and install the Nexus Root Toolkit, which can be found at http://www.wugfresh.com/nrt/.
  2. Ensure the model type is set correctly for your device. You can find your build number by going to Settings, “About Phone/Tablet” and then scroll to the bottom.
  1. In the NRT app, click on the “Full driver installation guide” button, and read steps 1-3. Click on the Step 3 tab, then download and install Windows drivers for your Nexus device. The “Google drivers” worked for us. Click on Step 4 and confirm the drivers were installed successfully. This process will reboot your Nexus as part of the check.
  2. Once the check completes successfully, proceed to click the “Unlock” button on the Nexus Root Toolkit interface, to unlock your boot loader. Again, be aware this will completely wipe your device. Ensure you have backups of your data as needed. Follow the Nexus Toolkit prompts carefully. On the next boot, you should see an open padlock together with the Google logo.

Rooting Your Nexus Device

Once unlocked, you can now proceed to root your device and install a custom recovery using the Nexus Root Toolkit. To begin the rooting process, follow these steps:
  1. As the device has been wiped, you must re-do the process of Enabling Developer mode and Disabling Storage MTP instructions from previous. You will need to accept the computer RSA fingerprint once again.
  2. Still in the Nexus Root Toolkit, click the Root button, ensuring the Custom Recovery checkbox is checked.
Once the device has rebooted, and the rooting process complete, we need to install some core Android Applications for the NetHunter image to work properly.

Install BusyBox Free Stephen (Stericson)

The first application to install once rooted is Busybox Free (Stephen Sericson). The NetHunter image will fail to function without a proper installation of this app. Once downloaded from the App store, open up BusyBox and grant it root privileges. Wait until the “gathering information” stage completes, and press “install”. Exit the Busybox app.

Install the TWRP Boot Manager Application

To ease the process of booting your Nexus into fastboot and recovery mode (normally done by powering down the Nexus, then booting it by pressing both the power button and volume down), we can install the TWRP boot manager application through the Google play store. This will allow us to boot into recovery mode with a single press of the touchscreen.

Now your Nexus device is successfully unlocked and rooted.
Posted by at
Labels: , , , , , , ,

2011-10-07

Victimized by an Anti-Virus Trojan


A non-techie friend approached me with an laptop issue.  This is your typical common internet surfer problem,”My laptop is just so slow all of a sudden, I think something is wrong with it.  I let my 5 yr old nephew play with it.”

Long story short – it was an Core i3 and processor activity was pegged at 100%, and an annoying “OpenCloud AV” was reporting it found 6 trojans on it!!  Yeah right 6, how about 200 or more.  This OpenCloud AV is the culprit, and this are the steps I took to try and get rid of it.  Mind you, I didn’t really want to spend time doing this, so this is the most minimal steps.  Oh BTW, I didn’t see any legitimate AV running to protect the laptop.  This is probably how it got infected in the first place.

This is a Windows 7 Home Premium Toshiba Laptop.

Here’s the simple game plan:
1.        Google info about the suspected culprit - In this case “OpenCloud AV” – as it turned out, it surely is an open cloud since it sends info to internet. Free info for all!
2.       Boot to Safe Mode – delete, clean-up, kick, shout do whatever you have to catch all the files in there.  They will be hidden or disguised as legitimate files.  Through my search I ended up in a website that offers an automatic tool to remove it! Hahaha! Nice try! I wasn’t born yesterday.  It actually also offered manual removal instructions, but warned extensively of the dangers of doing so. Here’s an excerpt.

“Please, note that manual removal of OpenCloud AV virus is a procedure with high complexity and can not always guarantee a full removal of the virus, due to the fact that some objects can stay hidden or may become reanimated automatically after incomplete removal. What’s more, lack of the required skills and even the slightest deviation from the removal guides may result in irreparable system corruption. That’s the reason it’s strongly advised automatic removal of OpenCloud AV virus, which will save your time and avoid any system corruptions and ensure the desired result.”

BTW, I checked the manual instructions against the infected laptop, none of the instructions applied to the problem.  By default, Windows will hide system files and folders from view.  You have to change your settings to show all that.  Also double check the contents of %AppData%,  %Programs% and %Temp% . Delete any unknown or junk looking files.  If you are not sure, save them somewhere else just in case you need them back. 

3.       Double check your “RUN” registry entry and Startup folder – The registry is a good source to find where those hidden files are on your system drive.   If original RUN hive on the registry clean of any Trojan looking files, fire up “msconfig” and look in there.  Sometimes the Trojan is smart enough to hide somewhere else.  Clean up the registry and startup last, as I mentioned above, they are a very good source of information as were the nasty files are.
4.       Install an Anti-Virus and scan - Twice! A full hard drive scan.  Let it run take all day.  Then defrag the hard drive, delete any system dumps and delete the pagefile.
5.       Windows Update and Patch -  This is very basic folks.  You change oil and check your car every so often right? Pilots run pre-flight checks right? The Internet net is crawling with bad things out to get you than your highways and airways.   There should be a web surfing license just like a driver’s license and a pilot’s license.
6.       Prevention   - turn on your automatic updates for both Windows and Anti-Virus.

I have a laptop I use on the Internet with absolutely no malware protection.  I just keep it fully updated, prevent going anything I did not personally solicit and use a web browser with appropriate add-ons to prevent code running without me knowing about it.  I have not been infected.  The point is, with anything that you decide to do, acquire enough information before doing it.   You don’t have to be an expert race car driver to drive a car, but you just enough skill to keep yourself and others safe.

Additional notes: 
It is possible that Windows 7's Licensing Store may be corrupt or unreadable.  If it is,ou might get a "This copy of Windows is not genuine" message above your system tray, even if you know you have a legit copy.  You will need your Activation Key for the steps below.  They are usually located on the green Microsoft license stickers found on workstations or at the bottom of a laptop.  Try the below steps to recreate the Store.

1) Open an Internet Browser
2) Type: %windir%\system32 into the browser address bar.
3) Find the file CMD.exe
4) Right-Click on CMD.exe and select 'Run as Administrator'
5) Type: net stop sppsvc   (It may ask you if you are sure, select yes)
Note: the Software Protection service may not be running, this is ok.
6) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
7) Type: rename tokens.dat tokens.bar
8) Type: cd %windir%\system32
9) Type: net start sppsvc
10) Type: slui.exe
11) After a couple of seconds Windows Activation dialog will appear. You may be asked to re-activate and/or re-enter your product key or Activation may
occur automatically.

If you have a product key, then you can reactivate Windows 7.
1. Click the Start button2. Type: slui.exe 3 and hit the Enter key3. Type in the Product key from the sticker on your computer4.  Click the Next button.5. You will be asked if want to Activate, click ok

You can also activate by phone  by following these steps.
1. Click the Start button2. Type: slui.exe 4 and hit the Enter key3. Select your location in the drop down menu and click the Next button4. The next screen provides the number to call to Activate by Phone
How to contact a Microsoft Product Activation Center:
http://support.microsoft.com/default.aspx/kb/950929/en=us
Posted by at
Labels: , ,
Subscribe to: Posts (Atom)