Dump DHCP Leases with PowerShell

This PowerShell script will dump all of the leases from a Windows DHCP server. From there you can output them to a file if you need to.

$Scopes = netsh dhcp server show scope
$LeaseReport = @()
foreach ($Scope in $Scopes)
    $Leases = (netsh dhcp server scope $Scope.split("-")[0].trim() show clients 1) | Select-String "-D-" 
    foreach ($Lease in $Leases) 
        If ($Lease -notmatch "NEVER EXPIRES")
            $Info = New-Object -type System.Object
            $Hostname = $Lease.tostring().replace("-D-",";").Split(";").Trim()
            $Info | Add-Member -MemberType NoteProperty -name Hostname -Value $Hostname[1]
            $IP = $Hostname[0].replace(" - ",";").Split(";") 
            $Info | Add-Member -MemberType NoteProperty -name IPAddress -Value $IP[0]
            $Info | Add-Member -MemberType NoteProperty -name SubnetMask -Value $IP[1]
            $Info | Add-Member -MemberType NoteProperty -name MACAddress -Value $IP[2].replace(" -",";").Split(";")[0].Trim()
            $LeaseReport += $Info
            $Info | ft -AutoSize

$LeaseReport | ft -AutoSize

Fake Access Point with BT5/Kali Linux

I’m not sure who to credit with the writing of the script below. It’s all over the Internet and I haven’t been able to determine with any certainty who originally wrote it.

While technically a way to attack wireless clients, I just wanted a quick way to set up and access point. This worked out well since I had a BackTrack 5 VM, a USB wireless NIC, some familiarity with the Aircrack suite, and a bit of free time.

This post assumes that you already have the Aircrack tools installed. You will also have to install and configure DHCP. Continue reading “Fake Access Point with BT5/Kali Linux”

Delegate DNS Zone in BIND

The following will delegate a zone file for a sub-domain, “sub”, under the “example.com” parent domain.

Edit the “/etc/named.conf” file on “ns1.example.com” by adding a block for the parent domain:

zone "example.com" IN {
        type master;
        file "db.example.com";
        allow-update { none; };
        notify no;
        forwarders { };

Continue reading “Delegate DNS Zone in BIND”

Windows 8.1 EventID 10016 DistributedCOM

Taken from a blog post.


1. Open Regedit.
2. Go to HKEY_Classes_Root\CLSID\*CLSID*.
Note: *CLSID* stand for the ID that appears in your event viewer error. In your case, it’s {C2F03A33-21F5-47FA-B4BB-156362A2F239}.
3. Right click on it then select permission.
4. Click Advance and change the owner to Administrators. Also click the box that will appear below the owner line.
5. Apply full control. Continue reading “Windows 8.1 EventID 10016 DistributedCOM”

Cisco AnyConnect Reconnecting Errors

On a new Windows 8 desktop I started seeing the Cisco AnyConnect client display a message telling me that it is reconnecting. It would continue to do this and never really connect. In the message logs in the client I found the following entry.

"A VPN reconnect resulted in different configuration settings. The VPN network interface is being re-initialized. Applications utilizing the private network may need to be restarted."

Continue reading “Cisco AnyConnect Reconnecting Errors”

Reverse SSH Tunnel

I have a new Raspberry Pi that I want to access when it’s far away and behind a firewall or NAT device. The solution will be to have it call home to my Linux VPS with a reverse SSH tunnel.

On the remote client enter the following command:

ssh -qNR 10000:localhost:22 user@home-server

“-qNR” – will create the reverse tunnel without and interactive session
“10000” – Will be the local port that you will use when connecting to the remote host
“localhost” – The hostname that you will use when connecting to the remote host
“22” – The port that SSHD is listening to on the server end
“user@home-server” Your user and hostname for the SSH server

Now on the server end enter the following command:

ssh -p 10000 user@localhost

“-p 10000” – The port that was created on the server end by the remote connection
“user@localhost” – Your user and hostname for the remote connection

If the command to connect to the reverse shell hangs and times out you might be blocking the connection with the firewall. Make sure that iptables allows the port that you’re creating on the server.

Tunneling with SSH

You’re in a coffee shop and want to access your bank over public wifi or you’re stuck behind a firewall/content filter that keeps you from getting to the sites you desire. In order to connect securely or get around those restrictions you can use SSH to tunnel your way out.

NOTE: Use SSH to bypass technical controls put in place for security (i.e. firewalls or content filters) at your own risk. Only do what you think your career can handle! Continue reading “Tunneling with SSH”

Configure SSH for Public Key Login

Some quick notes on creating and using a key pair for SSH logon.

1. Generate key pair on the client.

ssh-keygen -t rsa -b 2048

2. Enter a passphrase when prompted. If you do not want a password so that you can use this key pair for automating logons just press Enter twice.
3. Copy the public key from the client to the server

scp ./ssh/id_rsa.pub username@server:.ssh/authorized_keys

The ssh-copy-id command, if it is available, can be used to copy the public key to the server as well.

ssh-copy-id username@server

4. Secure the .ssh folder on the server

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys


Some time ago I had to teach myself DMVPN so that I could troubleshoot and manager the current system. If I remember right, I got a lot of the information and text from somewhere. I’m just not sure where I got it from and what I wrote myself.


Configure interfaces with “public” IP addresses.

interface FastEthernet1/0
ip address
duplex auto
speed auto

interface FastEthernet1/1
ip address
duplex auto
speed auto Continue reading “DMVPN Lab”