깡민쓰~IT Story

Update 2021-12-18 – This looks like a much more competent script for detecting this vulnerability and there is a python version for Linux: https://github.com/CERTCC/CVE-2021-44228_scanner

Updated 2021-12-17 – Script is v1.4 and looks for .war files now too

Original post below

Inspired by the one-liner here: https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b#find-vulnerable-software-windows

I wrote a script to expand on the command, support Windows Server 2008 onward and to be more automated.

This script is basically the one liner with a bit of logic to get all the local fixed disks on a server and iterate through them all looking for Log4j jar file:

Sample output with nothing found:

Sample output with something found:

Good luck everyone.

We’ve run into a strange problem with our Windows Server 2019 VMs where sometimes when we clone a new VM from our template it works perfectly fine and sometimes it won’t let you install any new Roles and throws a 0x80073701 error. Better still, sometimes it lets you install a new Role and then months later when you go to add something else it fails also with a 0x80073701.

For the longest time the only solution I was able to find online was nuke it and start over which is typically what we did. That or to manually dig through registry keys for packages installed in Windows with a different language than that of your operating system. I never was able to get that suggestion to work because I couldn’t gain the permissions I needed to delete the registry keys. We also had zero luck running DISM with it’s variety of flags.

At some point a co-worker of mine stumbled across a PowerShell script that solved the problem for us and saved us having to rebuild a few more complicated VMs.

I had to use that script tonight on a VM but this time it didn’t work. I tried to see if I could find a new version but I couldn’t even find the original script. With some fiddling I eventually got the script to work but it dawned on me that lots of people might have having this problem and the script to fix it with out wiping/reloading might not be easily found anymore.

Full Disclosure. I did not write this script, I’ve only used it a few times with success. I searched for the authors name to see if they had a Github repo or something out there and found nothing other than a LinkedIn.

Near as I can tell this script does the following:

1. Elevates its privileges in a very specific looking way. I did not dig much into it since the rest of the script does not appear to do anything malicious and you should run this “As an administrator” anyway I just went with it
2. It then asks you for the location of your CBS log file, if none is provided it uses the default location
3. It then parses the CBS log file for any instances of ERROR_SXS_ASSEMBLY_MISSING and then parses those lines to pull out the specific package names that are causing problems
4. Using it’s elevated privileges it takes ownership of that packages registry keys and changes the ‘Currentstate’ key to ‘0’ which I assume means not installed or ignored
5. It does some checks to make sure the ‘Currentstate’ was successfully changed and then completes

Once the script has run you do not need to reboot. You should be able to start adding Roles to the server right away.

I have found that running the script against “C:\Windows\Logs\CBS\CBS.log” does not always solve the problem. Tonight I went into “C:\Windows\Logs\CBS\” and had to run it against the second newest log “CbsPersist_20230310065917.log”. After doing that the issue was resolved for me.

In our case it appears the issue is with KB4598230 which has been pulled from the Microsoft Update Catalogue and can no longer be downloaded. I have seen plenty of form posts involving other KBs causing the exact same error though.

Sorry, that was a lot of reading. Here is what you are after:

Abhinav Joshi, whoever you are. Thank you very much for this script. It’s saved us a ton of time and headache.

System Administrator command line shortcuts to popular Microsoft Management Consoles (MMCs).

Admin Snap-inCommandCategory

The commands above can be entered from START ➞ Run, or from the command line.
Availability will vary by OS and by the features installed.

“I don’t do anything in order to cause trouble. It just so happens that what I do naturally causes trouble.
 I'm proud to be a troublemaker” ~ Sinead O'Connor

Related commands

How-to: ms-settings - Shortcuts to settings.
How-to: Run Commands
How-to: Keyboard shortcuts For CMD, PowerShell and Windows.

So you’ve got some DNS Zones on your Domain Controllers and you’re building a test lab or another domain that you want to copy these to. Easy right – not so easy if they are AD integrated zones. This means the files for these zones are not stored in C:\Windows\System32\dns an normal, they are actually stored and replicated to all DCs inside AD.

I had a requirement to move an integrated forward lookup zone from one domain to another so I’m sharing what I did below.

Logon to your DC with the integrated zone and fireup our friend Powershell.

Get-DNSServerZone

You’ll see your zones listed out.

You’ll see here which zones are integrated and which are not.

The ZoneName column is key for the next bit, make a note of the ZoneName you want to export.

Export-DNSServerZone -Name <ZoneName from the above> -Filename <Yourzone.dns>

There’s no confirmation for this command, but this will export the zone to a file that can be resuable.

Open up C:\Windows\System32\dns in explorer.

You’ll see here you DNS zone file. Take a copy of this and place it somewhere.

Log in to your new DNS server where the zone will be imported.

Open up C:\Windows\System32\dns in explorer and copy the file you just exported into this folder.

Now open the DNZ Management Console.

Right click “Forward Lookup Zones” and select “New Zone”, Select “Next” to get started.

Select the zone type and remember to untick the “Store the zone in Active Directory” option.

I know, I know, we want it to be in AD; don’t worry. It will still be once we are done.

Select “Next”.

Populate the Zone Name and select “Next”.

Select “Use the existing file” and enter the name of the file you copied into “C:\Windows\System32\dns”, select “Next”.

Select “Next” on the dynamic update options. Note: The secure option will be available once we convert this zone to an AD integrated zone.

The zone should now appear fully populated in the DNS console. Now time to convert this zone back to an AD integrated zone.

Right click the zone and select “Properties”.

Select “Change” on the right of “Type”.

You might recognise this screen, Select “Store the zone in Active Directory” and click “OK”. Confirm you want to move the zone to AD.

You now have the option to change the dynamic updates to this zone, select as per your preference.

This wraps up the zone import, the whole process could be easily scripted with Powershell. Happy to take a crack at it if anyone is interested.

wuauclt.exe  커맨드 옵션...

/DetectNow
/ReportNow
/RunHandlerComServer
/RunStoreAsComServer
/ShowSettingsDialog
/ResetAuthorization
/ResetEulas
/ShowWU
/ShowWindowsUpdate
/SelfUpdateManaged
/SelfUpdateUnmanaged
/UpdateNow
/ShowWUAutoScan
/ShowFeaturedUpdates
/ShowOptions
/ShowFeaturedOptInDialog
/DemoUI

Windows Server 평가판 다운로드 Url

https://www.microsoft.com/ko-kr/evalcenter/evaluate-windows-server-2019?filetype=ISO

@echo off

 set/p host=host Address: 

 set logfile=Log_%host%.log

 echo Target Host = %host% >%logfile%

 for /f "tokens=*" %%A in ('ping %host% -n 1 ') do (echo %%A>>%logfile% && GOTO Ping)

 :Ping

 for /f "tokens=* skip=2" %%A in ('ping %host% -n 1 ') do (

     echo %date% %time:~0,2%:%time:~3,2%:%time:~6,2% %%A>>%logfile%

     echo %date% %time:~0,2%:%time:~3,2%:%time:~6,2% %%A

     timeout 1 >NUL 

     GOTO Ping)

특정단어찾기


[파일명찾기. 제목찾기]

특정 문자열이 존재하는 행 찾기
dir /s /b | find /i "원하는문자열입력"
-> C:\Users\TY\Desktop\log>dir /s /b | find /i "원하는문자열입력" C:\Users\TY\Desktop\log\원하는문자열입력.txt

dir /s /b | find /i "원하는문자열입력"
-> 해당사항없음

dir /s | find "원하는문자열입력"
-> C:\Users\TY\Desktop\log>dir /s | find "원하는문자열입력"
2019-05-20 오전 11:03 3 원하는문자열입력.txt

dir /s | find "원하는문자열입력"
-> 해당사항없음

[파일내용찾기. 원하는문자열찾기]

findstr /s "원하는문자열입력" *.txt
-> C:\Users\mani4u\log>findstr /s "원하는문자열입력" *.txt
a\zzz.txt:123

findstr /s "원하는문자열입력" *.*
-> /s가 하위경로까지 찾으므로 매우많이나옴. 특정 경로에 들어가서 입력 시 조금 나음
findstr "원하는문자열입력" *.*

findstr /n "원하는문자열입력" *mobile.log*
-> /n을 붙이면 라인수가 같이 표기됨
mobile.log:874736:DEBUG|2019-06-11,14:41:41.973|mobile|원하는문자열입력|어쩌구저쩌구

ex)
findstr /s "원하는문자열입력" frameplus.log
findstr /n "원하는문자열입력" *mobile.log*

findstr /s "원하는문자열입력" *.xml

wmic process get caption, creationdate | findstr 프로세스명

wmic process get caption, creationdate | findstr excel.exe

excel.exe 20200206073039.779888+540

1. Command 창을 띄웁니다.

2. wmic 입력

3. "memorychip"  또는 "wmic memorychip" 입력

아래와 같이 나옵니다.

Attributes BankLabel Capacity Caption ConfiguredClockSpeed ConfiguredVoltage CreationClassName DataWidth Description DeviceLocator FormFactor HotSwappable InstallDate InterleaveDataDepth InterleavePosition Manufacturer MaxVoltage MemoryType MinVoltage Model Name OtherIdentifyingInfo PartNumber PositionInRow PoweredOn Removable Replaceable SerialNumber SKU SMBIOSMemoryType Speed Status Tag TotalWidth TypeDetail Version
1 BANK 0 8589934592 실제 메모리 2400 1200 Win32_PhysicalMemory 64 실제 메모리 ChannelA-DIMM0 12 Samsung 0 0 0 실제 메모리 M471A1K43BB1-CTD 00000000 26 2667 Physical Memory 0 64 128
1 BANK 2 8589934592 실제 메모리 2400 1200 Win32_PhysicalMemory 64 실제 메모리 ChannelB-DIMM0 12 Samsung

윗 방법이 귀찮을 경우

1. Command 창을 띄움니다.

2. "wmic memorychip get capacity" 입력

아래와 같이 나옵니다.
Capacity
8589934592
8589934592

감사합니다.