UBERsec - When efficiency & smart cyber security collaborates together.

UBERHARVEST 2.97 STABLE is out!

nospam@example.com (Jacob Goldberg) — Wed, 04 Apr 2012 17:44:04 -0600

I am happy to announce that a newer version of uberharvest is out!

UBERHARVEST 2.97 STABLE is out!

- Bug fixes
- Enumerate Wordpress Usernames

THE CURRENT UBERHARVEST VERSION CAN BE DIRECTLY DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest.tar.bz2
MD5 Hash = dd694a472d7f9213b47ad56d8e9f8952

OR,

Users can update uberharvest directly from your command line by typing,

root@ubuntu:~/uberharvest#./uberharvest --update

NEW FEATURE

EXAMPLE OF USE,

root@ubuntu:~/uberharvest#./uberharvest -w OR --wordpress AND –v OR --verbose

- -wordpress (or -w) will get uberharvest to fingerprint a target website to discover whether the site is Wordpress or not. If the target website is Wordpress, uberharvest will try to guess the version of Wordpress.

- -verbose (or -v) by adding the verbosity option, you can learn the steps that uberharvest has taken to fingerprint the target website. If you are a Wordpress owner, this option can help you find out all the weaknesses of your Wordpress and what you must do to protect your website from being easily fingerprinted.

THE RESULTS

Uberharvest will enumerate the first 10 users by default. Next the user should see the following

In the results, uberharvest presents a table with the first 10 user enumeration process. Uberharvest will present the findings to the user

In addition, users can also increase the amount of user enumeration. For example,

root@ubuntu:~/uberharvest#./uberharvest -w OR --wordpress 25 AND –v OR --verbose

Uberharvest will enumerate the first 25users by default. Next the user should see the following

For more information, please go to our tutorial page.

Please report any errors by emailing to support@ubersec.com

UBERHARVEST 2.95 STABLE is out!

nospam@example.com (Jacob Goldberg) — Mon, 26 Mar 2012 08:08:05 -0600

I am happy to announce that a newer version of uberharvest is out!

UBERHARVEST 2.95 STABLE is out!

- Bug fixes
- Fingerprint Wordpress Blogs

THE CURRENT UBERHARVEST VERSION CAN BE DIRECTLY DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest.tar.bz2
MD5 Hash = a29671ec1f439998cee057b9438fff4e

OR,

Users can update uberharvest directly from your command line by typing,

root@ubuntu:~/uberharvest#./uberharvest --update

NEW FEATURE

EXAMPLE OF USE,

root@ubuntu:~/uberharvest#./uberharvest -w OR --wordpress

root@ubuntu:~/uberharvest#./uberharvest -w OR --wordpress AND –v OR --verbose

- -wordpress (or -w) will get uberharvest to fingerprint a target website to discover whether the site is Wordpress or not. If the target website is Wordpress, uberharvest will try to guess the version of Wordpress.

- -verbose (or -v) by adding the verbosity option, you can learn the steps that uberharvest has taken to fingerprint the target website. If you are a Wordpress owner, this option can help you find out all the weaknesses of your Wordpress and what you must do to protect your website from being easily fingerprinted.

THE RESULTS

NOTE!

If you already familiar with the functionality of uberharvest, the Wordpress option can be combined with the menu option (-m) or with the load option (-l) as well. You can run the Wordpress option by itself or as a unified fingerprinting process.

For more information, please go to our tutorial page.

Please report any errors by emailing to support@ubersec.com

UBERHARVEST 2.90 STABLE is out!

nospam@example.com (Jacob Goldberg) — Tue, 28 Feb 2012 16:23:14 -0700

I am happy to announce that a newer version of uberharvest is out!

UBERHARVEST 2.90 STABLE is out!

- Bug fixes
- Improved functionality
- New get SSL certificate information function

THE CURRENT UBERHARVEST VERSION CAN BE DIRECTLY DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest.tar.bz2
MD5 Hash = 670033a732e59fbf7d5c596f87754909

OR,

Users can update uberharvest directly from your command line by typing,

root@ubuntu:~/uberharvest#./uberharvest --update

New Features

NEW FEATURE

EXAMPLE OF USE,

root@ubuntu:~/uberharvest#./uberharvest -m OR -l and –s OR - -ssl

- -ssl (or –s) will get uberharvest to also harvest the SSL certificate information of the target website(s)

THE RESULTS

For more information, please go to our tutorial page.

Please report any errors by emailing to support@ubersec.com

Windows Registry Forensics

nospam@example.com (Jacob Goldberg) — Thu, 26 Jan 2012 18:59:23 -0700

Document created by Yakov Goldberg
UBSERC TEAM
Our website: http://www.ubersec.com
Follow Us in Twitter: http://twitter.com/#!/ubersec

Windows Registry Forensics

BACKGROUND

Most of Windows Operating Systems (OS) contain a database called the Windows registry. The Windows registry consists of Windows data files that contain imperative information about the Windows Operating System (OS), software applications that are installed in Windows, hardware information and various system components. The registry is designed with folders called keys and values that contain specific information about the keys which they represent. By browsing through the keys and reading the values, users can find information about applications that have been installed in the system, files that were used recently and applications and services that are running throughout the Windows start-up process. The information in this article will present some interesting locations within the Windows registry. That information can be viewed by all users and help them to learn and understand the registry and also realize what is getting logged by Windows inside the registry. Likewise, the information in this article can help users to perform some simple forensics analysis of their Windows registry for learning purposes or for troubleshooting purposes as needed.

THE REGISTRY HIVES

To load the Windows registry editor, type the following:

click on the START button ► the click on RUN ►and then type regedt32

And now you should see the following,

As you can see, the registry shows five different registry hives. Keep in mind however, that Windows Vista and Windows 7 also include an additional registry hive files besides those that are loaded by the registry editor.

- HKEY_CLASSESS_ROOT (HKCR): this hive contains configuration information that specifies which applications are used to open each file format within the system.

- HKEY_CURRENT_USER (HKCU): this hive contains information about the current user that is currently logged on to the system and information about the current user profile of that user as well.

The HKCU folder is actually corresponding to the NTUSER.dat file located in the following location in your hard-drive,

For Windows XP users,

C:\Documents and Settings\username\NTUSER.dat

For Windows Vista and 7 users,

C:\Users\username\NTUSER.dat

Note that there are some open-source tools on the Internet that can allow you to view the information within the NTUSER.dat file without having to logon as each user and then access that registry hive. However, if you are a professional forensics analyst, login in to an OS that is used as evidence in criminal investigation under the criminal’s Windows profile only to collect artifacts from the registry pertain to the crime is NOT a GOOD idea because you will contaminate the timelines stored within the NTUSER.dat file (or HKCU) and the evidence will not be admissible in court. The information within that NTUSER.dat must only be viewed by booting up an external OS (such as Linux) on a CD or USB and then mounting to the local drive and then viewing the information in each file. Backtrack distribution consist some great tools that can help user to do this task. In addition, you may choose to download a demo of AccesData Registry viewer and/or purchase that application for helping you to collect information from other users’ NTUSER.dat files without having to worry about contaminating the integrity of the evidence.

- HKEY_LOCAL_MACHINE (HKLM): this hive by far contains a lot of information regarding the OS configuration state and the hardware and software settings as well.

Upon expanding the HKLM tree, you should see the following sub-folders,

These folders are actually corresponds to data files that are located in the following location in your hard-drive,

%WINDIR%\system32\config

Note that there are some open-source tools on the Internet that can let you to view the information within each file without having to use the registry. However, since these files are protected by the OS once the OS is loaded to the system, the information within each file can only be viewed by booting up an external OS (such as Linux) on a CD or USB and then mounting to the local drive and then viewing the information in each file. Backtrack distribution consist some great tools that can help user to do this task.

- HKEY_USERS (HKU): this hive contains information about the settings that apply to all the users that logged on into the system. In addition, it contains the default profile configuration for new user profiles.

- HKEY_CURRENT_CONFIG (HKCC): this hive contains information about the hardware profile the OS uses throughout the start-up process.

WARNING

Before attempting to view the registry or change any values in any of the hives, it is a good idea to back-up the registry to your local drive. Often people change values and key within the registry and that result their OS to crash and Windows to fail booting and so on. To back-up the registry to a file you can use the export option located in the File tab within the registry editor. Once you click on export, save the file to your local C: drive root folder. If after changes to the registry you have realized that you need to restore the registry to a state prior of the changes that you have made, you can always import that file back to your registry.

INSTRUCTIONS

First let’s start with key and values that exist in the HKEY_LOCAL_MACHINE (HKLM) location.

Listing applications that are lunched throughout OS boot process:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

That location in the HKLM,

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\

And that location in the HKCU,

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\

The following location specifies all the services that are loaded to the Windows OS system.

HKLM\System\CurrentControlSet\Services

Alternatively, to see all services NOT using the registry type the followings,

click on the START button ► the click on RUN ►and then type services.msc

Then you should see the following,

Under the Services key, you should see more sub-folders corresponding to each service that is loaded to the Windows system. Upon clicking on the desired key, you should see the values pertaining to the key on the right pane of your registry screen. One of these values is the start value. Look below,

If that start value is set to 0x02 it means that the particular service starts once the Windows OS is booting up.

In the following location you can find the computer’s name,

HKLM\CurrentControlSet\Control\ComputerName\ActiveComputerName

In the following location you will find the OS Product-ID, Product-Name, System Root, etc.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion

In the following location you can find the time and date in which the OS was last shut down,

HKLM\System\CurrentControlSet\Control\Windows

After clicking on the Windows key, you should see the value ShutdownTime on the right pane. However, you cannot read this information unless you know how to convert a REG_BINARY key to readable value. Yet, you can download the script LastShutDown.bvs script below and run it on the system.

root@ubersec$ sudo wget http://www.ubersec.com/downloads/LastShutDown.vbs

The results should look like the following,

In the following location you can find information about the systems such as the BIOS and product information. The information includes the BIOS versions and release date.

HKLM\HARDWARE\DESCRIPTION\System\BIOS

In the following location you can find a list of registered applications with Windows,

HKLM\SOFTWARE\RegisteredApplications

In the following location you can find time-zone information about the system:

HKLM\System\CurrentControlSet\Control\TimeZoneInformation

In the following location you can find information about the system network cards. Once you expends the NetworkCards tree you should see a key for each corresponding network card in the system,

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards

In the following location you can find information about all the Internet Protocol (IP) addresses that were assigned or are assigned to the network interface,

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\IntranetAuth

In the following location you can find information about all the printer drivers that are currently exist in the system. Forensics analysts can find information such as a model value that indicate the printer name and driver that was installed and the installdate value which represents the date which the printer drive was installed,

HKLM\SYSTEM\ControlSet001\Control\Print\Printers

In the following location you can find out whether the TimeStamp feature for NFS is disabled or enabled. The TimeStamp feature is a timelog that tells the user when a folder was last accessed.

HKLM\SYSTEM\CurrentControlSet\Control\FileSystem

And now look for the value NtfsDisableLastAccessUpdate. If the value is set to 0 then this feature is disabled. However, you can choose to set the value to 1 and then the feature will be enabled.
0 = NTFS updates the last-accessed timestamp of a file whenever that file is opened.
1 = NTFS does not update the last-access timestamp of a file when that file is opened.
The results should look like the following,

For more information about this features, check out the NtfsDisableLastAccessUpdate article at Technet.

TO BE CONTINUED…

UBERHARVEST 2.86 STABLE is out!

nospam@example.com (Jacob Goldberg) — Thu, 26 Jan 2012 13:05:54 -0700

I am happy to announce that a newer version of uberharvest is out!

UBERHARVEST 2.86 STABLE is out!

- Bug fixes with updates
- Added security controls
- Improved functionality
- Now printing an entire header string information
- Added new phone option [Look below in example]
- Functionality improvement
- Added logo
- Improved proxy functionality
- Added more email harvesting rules

THE CURRENT UBERHARVEST VERSION CAN BE DIRECTLY DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest.tar.bz2
MD5 Hash = aa959ffaee3e7957774e438c3f1800f1

OR,

Users can update uberharvest directly from your command line by typing,

root@ubuntu:~/uberharvest#./uberharvest --update

New Features

FEATURE 1

EXAMPLE OF USE,

root@ubuntu:~/uberharvest#./uberharvest -m OR -l and –phone –random -xml

- phone : This option will harvest for phone number from the main page of your target website. Then the harvested phone numbers will be checked with yellowpages.com for phone listing information

- xml : This option will create an XML report along with XSL style-sheet which then the user can take and visually read through a web browser such as Firefox, Internet Explorer, etc.

- random : This option will get uberharvest to always use a different user-agent every time a target website is scanned. That option should help with evasion as possible.

THE RESULTS

Keep in mind that –xml option may slow down the scan process. In addition, the –xml option cannot be included with verbosity option (-v or –verbose).

I had to erase target information for privacy purposes.

For more information, please go to our tutorial page.

Please report any errors by emailing to support@ubersec.com

Use netcatpro and otp.py to transfer files using encryption

nospam@example.com (Jacob Goldberg) — Fri, 20 Jan 2012 15:20:30 -0700
Document created by Yakov Goldberg
UBSERC TEAM
Our website: http://www.ubersec.com
Follow Us in Twitter: http://twitter.com/#!/ubersec

Use netcatpro and otp.py to transfer files using encryption!

Background

This article can be used by network administrators, security administrator and anyone that desires to transfer files from one Linux/Unit systems to another using crypcat or netcat (also known by many security professionals as the Swiss Army Knife). Yet, most importantly, the goal of this article is to take the reader through the steps of transferring files from one system to another using encryption algorithm known as one-time pad to encrypt the transferred files by creating a one-time session key (which also must be used to decrypt the encrypted files). Likewise, the goal of this article is to get the user to use cryptcat for creating an encrypted tunnel while transferring any encrypted files that were encrypted by the one-time pad encryption algorithms.

Encryption

Cryptcat tool – uses twofish encryption algorithm to create the encrypted tunnel between the source and target Linux systems.

Otp.py open-source Python tool – to encrypt the desired file using one-time pad encryption. In reality a one-time pad must only be used once. Hence, it is called one-time pad. With one time pad there should be high entropy (or randomness) to the point that no one that gets a hold of the encrypted file(s) can actually perform cryptanalysis to break the encryption algorithm. With that being said, while you go through the instructions below you will have to create a session key (also known as private key). That session key is used to encrypt a text file and then decrypt that text file with the same session key after the file has been successfully transferred to the target system. Thus, key management is imperative since if the key gets to the wrong hands, it can be used to decrypt any encrypted file(s) that was/were encrypted using the same session key. If that situation ever occurs, the parties whom are using that compromised session key must create a new key and use it instead.

Credits

-Thank you for the Nectcat and cryptcat creators.

- Thanks to my friend @MarioVilas at Twitter for crating this great one-time pad generator tool open-source tool called otp.py. More information about the tool can be found at http://breakingcode.wordpress.com/2010/02/17/one-time-pad-encryption-in-python/

Tested on the following Operating Systems (OS)

Distributor ID: Ubuntu
Description: Ubuntu 10.04.2 LTS
Release: 10.04
Codename: lucid

Distributor ID: Ubuntu
Description: Ubuntu 10.10
Release: 10.10
Codename: maverick

Distributor ID: BackTrack
Description: BackTrack 4 R2
Release: 4 R2
Codename: Nemesis

Distributor ID: Ubuntu
Description: Ubuntu 11.10
Release: 11.10
Codename: oneiric

And Backtrack 5

Instructions

The following steps must be done on the sender (source) PC:

Do the following steps:

$su root

Log in as root user to your terminal

root@ubersec:~/#wget http://www.ubersec.com/wp-content/files/netcatpro_v1.tar.bz2

MD5 Hash = b91cd513f05dcd68fd61b83ff56de5f4

root@ubersec:~/#md5sum netcatpro_v1.tar.bz2

Now compare the MD5sum value with the value provided above to ensure they are accurate

root@ubersec:~/#bzip2 -cd netcatpro_v1.tar.bz2| tar xvf –

root@ubersec:~/#cd [to the extracted folder location]

OR,

root@ubersec:~/#cd netcatpro/

#wget http://winappdbg.sourceforge.net/blog/otp.py

Now change the permissions to the otp.py file so you can execute the file

#chmod 755 otp.py

# touch test_current.txt

#echo ‘Hello World!’ > test_current.txt

#cat test_current.txt

Look below,

Now that the file was created, we need to encrypt the file with a one-time pad using the otp.py script. Do the following,

#./otp.py generate session.key -s 1024

#./otp.py generate session.key test_current.txt –f

OR

#./otp.py generate session.key test_current.txt –f -p

Features

-f using that tag will cause otp.py to force overwriting of any output file. In the case it will be the test_current.txt

-p using that tag will cause opt.py to use the paranoid option which uses the /dev/random module to produce random steams of numbers. That will allow creating even stronger one-time pad.

Let’s keep on going. Do the following,

#./otp.py encrypt test_current.txt session.key test_current.crypto

Now that we are done creating the encrypted file test_current.crypto let’s create the sender.py and receiver.py files using the nc_generate tool. For that process you will need the name of the encrypted file, the ports numbers (chosen by the user) for the sender and receiver PCs and the target file name that will be received by the receiver PC over the network. Do the following,

#./nc_generate -sf test_current.crypto -tf test_new.crypto -p 4444 -e -v -h 192.168.111.141

Features

- sf : The source file name that you want to send

- tg : The target file name that you want to receive. That can be a different name than that current name of the source file.

-p : port number. It is recommended to select ports that are bigger than 1024 and smaller than 65535 (1024 < port number < 65535)

-e : Use cryptcat for encrypted tunnel using twofish encryption algorithm. Not using this command will default to use netcat which does not provide encrypted tunnel and the files will get transferred from source to destination in clear-text.

-v : add verbosity to netcat or cryptcat

-h : Add the target host name IP address

Look below in the picture,

In the image above you can see that nc_generate has created two files. The first file sender.py must be used on the sender (source) PC and the receiver.py file must get copied or moved to the receiver (target) PC. In addition, you must also copy the session.key file to the receiver (target) PC so you can decrypt that transferred file once the transfer process has been completed.

However, before you copy the receiver.py file and the session.key file to the target PC, it is a good time to perform MD5SUM to the source file test_current.crypto. The reason that you would want to do it is so you can ensure that once the target PC has received the file after the transfer process has been completed, the receiver (either it is you on target PC as well or someone else) can also run MD5SUM on the received file and then compare the two hash functions of each files together. Doing so, will allow you and the receiver to check that integrity was not compromised and the file was not corrupted or compromised and modified throughout the transfer. Therefore, the MD5 hash must match on both hands. First, let’s run md5sum to the test_current.crypto on the sender PC.

#md5sum test_current.crypto

MD5=1571825247ab7145316d933193159850

Look below in picture,

Now copy both the receiver.py and the session.key files to the receiver PC.

WARNING!!!

Throughout the transfer of the session.key file from the source PC to the target PC the user(s) must ensure that the file does not get compromised by a malicious entity. Since the file can be used to encrypt and decrypt files, if that file gets compromised throughout the process of giving it to the receiving entity, the malicious entity that now have that session.key file in his/her possession can now also decrypt the encrypt the file test_current.crypto. Even though we have used the otp.py file to generate a one-time pad encryption key (which is impossible to defeat if used once hence, one-time pad), if the key gets compromised neither the sender or receiver should use that key again. Rather, the sender must re-generate a new key using the otp.py file and then encrypt that source file once again. Key management is by far the most important thing to think about while dealing with private and/or session keys.

The following steps must be done on the receiver (target) PC:

Below you can see that I have copied the receiver.py and the session.key files to the target PC (IP address 192.168.111.141).

Now you will need to download the otp.py file from http://breakingcode.wordpress.com/2010/02/17/one-time-pad-encryption-in-python/ to target PC since you will need to use that file along with the session.key file to decrypt the transferred file.

#wget http://winappdbg.sourceforge.net/blog/otp.py

Change permissions to the file so you can execute the file

#chmod 755 otp.py

Now you (or the receiving entity) needs to execute the receiver.py file on the target PC. Be advised that you will only have about 30 seconds before that session dies and you will be required to execute the receiver file once again.

#./receiver.py

Look below in image,

Now go back to the sender PC and execute the sender.py file.

#./sender.py

Once the process is completed, you should now have the file test_new.crypto in your receiving (target) PC. It is now also a good time to execute md5sum to the transferred file to assure that it was transferred completely with no errors.

#md5sum test_new.crypto

MD5=1571825247ab7145316d933193159850

Look below in the picture,

Now compare the hashes between the test_current.crypto file and the test_new.cryptofile. If all is good, you should be able now to decrypt the file using otp.py file and the session.key file.

#./otp.py decrypt test_new.crypto session.key test_new.txt

#ls –al

#cat test_new.txt

Look below in image,

Remember,

You can try to use regular netcat excluding the (–encrypt) option while creating the sender and receiver files with the nc_generate tool. Since your file is encrypted with a one-time pad session (private) key, in reality that should suffice security and encryption. However, it never hurts to take extra step of precaution and also create an encrypted tunnel with cryptcat while transferring the file from source to destination and vice versa. The more security layer that you add the better it is to help decrease the likelihood that someone may compromise your information or in this particular case, that file. Thus, adding layer upon layer of security is always good and that process is called in the cyber world as defense-in-depth.

And there you have it!

You are all done!

As always, if you find grammar problem or any technical errors with this article, please report it to us at support@ubersec.com

UBERHARVEST 2.84 STABLE is out!

nospam@example.com (Jacob Goldberg) — Tue, 17 Jan 2012 11:00:57 -0700

I am happy to announce that a newer version of uberharvest is out!

UBERHARVEST 2.84 STABLE is out!

- Bug fixes with updates
- Improved functionality
- Now printing an entire header string information
- Added new phone option [Look below in example]
- Functionality improvement
- Added logo
- Improved proxy functionality
- Added more email harvesting rules

THE CURRENT UBERHARVEST VERSION CAN BE DIRECTLY DOWNLOADED FROM:

root@ubersec$ sudo wget http://www.ubersec.com/wp-content/files/uberharvest.tar.bz2
MD5 Hash = 19a9b40e49a3477af0b34c7ff619ca46

OR,

Users can update uberharvest directly from your command line by typing,

root@ubuntu:~/uberharvest#./uberharvest --update

New Features

FEATURE 1

EXAMPLE OF USE,

root@ubuntu:~/uberharvest#./uberharvest -m OR -l and –phone –random -xml

- phone : This option will harvest for phone number from the main page of your target website. Then the harvested phone numbers will be checked with yellowpages.com for phone listing information

- xml : This option will create an XML report along with XSL style-sheet which then the user can take and visually read through a web browser such as Firefox, Internet Explorer, etc.

- random : This option will get uberharvest to always use a different user-agent every time a target website is scanned. That option should help with evasion as possible.

THE RESULTS

Keep in mind that –xml option may slow down the scan process. In addition, the –xml option cannot be included with verbosity option (-v or –verbose).

I had to erase target information for privacy purposes.

For more information, please go to our tutorial page.

Please report any errors by emailing to support@ubersec.com

UBERHARVEST 2.82 STABLE is out!

nospam@example.com (Jacob Goldberg) — Mon, 09 Jan 2012 14:39:59 -0700

I am happy to announce that a newer version of uberharvest is out!

UBERHARVEST 2.82 STABLE is out!

- Bug fixes with updates
- Improved functionality

THE CURRENT UBERHARVEST VERSION CAN BE DIRECTLY DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest.tar.bz2
MD5 Hash = 14809d8f99b0ea2db4b9d2b0d78a9a8f

Please report any errors by emailing to support@ubersec.com

WSUS server clients troubleshoot techniques

nospam@example.com (Jacob Goldberg) — Thu, 05 Jan 2012 09:05:38 -0700
Document created by Yakov Goldberg
UBSERC TEAM
Our website: http://www.ubersec.com
Follow Us in Twitter: http://twitter.com/#!/ubersec

WSUS server clients troubleshoot techniques

Background

The following information should help System Administrators (SAs) to determine why client Personal Computers (PCs) do not communicate with Windows Server Update Services (WSUS) server. Likewise, the following information may assist SAs to reset/repair client PCs that cannot receive updates from WSUS server properly or fail to install updates once the synchronization process with WSUS server is completed between the PCs and WSUS server.

The information in this article was written with the perception that SAs already have WSUS server working and functioning properly and is a part of their domain environment. Likewise, the article also assumes that the WSUS server is also set to enforce clients PCs to synchronize with the server through GPO or registry settings server (look below in the picture). And finally, the article also assume that all client PCs receive their updates for Windows (and any other Microsoft products) from WSUS server rather than receiving updates from Microsoft’s website as usual.

This article assumes that a GPO that enforces the synchronization of client PCs with the WSUS server was created by downloading the wuau.adm template file from Microsoft’s Group Policy ADM Files website. Then the wuau.adm template should have been added to the GPO (look below in the picture) under the Administrative Template in Computer Configuration.

Once that process has been completed, the Windows updates section (look below) should have been modified to direct all client PCs to WSUS server for getting their updates. In addition, setting up updates time and the process that updates are downloaded and installed on all clients PCs should have been also determined and configured.

Then that GPO should have been applied to the Organizational Unit (OU) that contain all the client PCs (or at the root OU since some organizations divide their client PCs via branches, department, etc).

Operating Systems:

The script has been tested in the following OS:

- Windows XP
- Windows Vista
- Windows 7

And with:

- WSUS version 2 and 3

Instructions

PROBLEM 1

When I look at my computer list in WSUS under the “All Computers” I cannot see some client PCs in the list. Yet, I know that the WSUS GPO has been applied to all my client PCs so they are all must be seen in that “All Computer” container. What can I do? Or what was possibly done wrong?

ANSWER 1

If you use some sort of a ghost application to image your client PCs in your organization, then your client PCs’ Windows Operating Systems (OS) are probably having the same SusClientID registry value (look below) across your entire imaged client PCs. Hence, WSUS server can only recognize one OS that corresponds with one SusClientID value and all other identical PCs that contain the same value cannot register with WSUS. To fix that issue, you must remove that value from your registry on each client machine.

You can choose to remove the SusClientId value by opening your regedit and browse to Computer\HKEY_LOCAL_MACHINE_SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate and then remove that value manually.

OR,

You can download the following VBScript and add it to the same GPO that you initially created for enforcing your client PCs to synchronize (look in background section) with your WSUS server.

http://ubersec.com/downloads/WSUS/Wsus_ID_cleanup.vbs

That script must get added to your Startup Scripts under Computer Configuration (look below).

Once you have completed that process, assure that you restart the client PCs that are not seen by the WSUS server. Once the value has been removed by the execution of that VBscript file upon restart, WSUS server should now start registering each PC one at the time. You may want to be patient since that process takes some time to occur.

Be advised that removing that value from the registry is none invasive and does not cause any functional issues to the OS whatsoever.

PROBLEM 2

What is the most effective way to know whether a client PC registers properly with WSUS without having to look and read big logs and what not?

ANSWER 2

For that process you can download and use the clientdiag.exe tool from the following link:

http://ubersec.com/downloads/WSUS/ClientDiag.exe

Once the file has been downloaded, copy the file to the system drive windows system32 folder location (usually at C:\Windows\System32\) of any given client PC that you wish to check. Then go to the command line on that PC and type ClientDiag.exe

If all things are good, you should see the PASS value across the report. However, if you see that few things have failed rather than passed then the problem can vary. You will have to troubleshoot that problem based on that problem.

However, if you wish to push this executable across your entire client PCs rather than having to copy the file individually to each PC, then you can download the following VBScript:

http://ubersec.com/downloads/WSUS/CopyFile.vbs

And then place it along with the clientdiag.exe in your Startup Scripts under Computer Configuration (look below) under the same WSUS GPO that you use to enforce WSUS synchronization to your client PCs with WSUS server.

The only thing that you MUST modify within that script is the SourceLocation value for the location of the clientdiag.exe file. Hence, search for the following line and change it in accordance:

SourceLocation = "Change me"

My clientdiag.exe and the Copyfile.vbs files are located in:

SourceLocation = \\ubersec.com\SysVol\ubersec.com\Policies\{4D1A508B-47ED-4B40-86A4-123FA5EBAF4C}\Machine\Scripts\Startup\

Thus, your files may be located in a different location. So adjust the location within that script before you add it to your GPO.

Once you were successfully able to perform these steps, upon restarting each client PC, the script should copy the file clientdiag.exe to the system32 folder and then you can choose to run that script on any given PC to check whether that PC communicates with WSUS server or not and then troubleshoot as needed.

PROBLEM 3

My client PCs receives their updates from WSUS server but the updates keep failing upon installation. What should I do?

ANSWER 3

Well in that case the problem can vary from WSUS delivering updates that do not match the current OS in use or any Microsoft applications that are in use. Believe me when I say it, but I already have seen some crazy stuff like that happening once before. In addition, there can also be a problem with the OS itself that can cause these issues. For the most part you will have to check on Microsoft’s website for the solution. However, you can always download the following scripts and run each one (depending on the problem and the OS version) against any given PC that is having issues installing updates.

Scripts for Windows XP:

http://ubersec.com/downloads/WSUS/Remove&ReinstallAutoUpdates_WinXP.bat

http://ubersec.com/downloads/WSUS/RepairAutoUpdates_WinXP.bat

http://ubersec.com/downloads/WSUS/ResetAutoUpdates_WinXP.bat

Scripts for Windows 7:

http://ubersec.com/downloads/WSUS/Remove&ReinstallAutoUpdates_Win7.bat

http://ubersec.com/downloads/WSUS/RepairAutoUpdates_Win7.bat

http://ubersec.com/downloads/WSUS/ResetAutoUpdates_Win7.bat

If you have any other questions or if you came across some other scripts or cool ways to troubleshoot WSUS related problems, please feel free to email me at support@ubersec.com

WSUS server database cleanup Powershell script

nospam@example.com (Jacob Goldberg) — Wed, 04 Jan 2012 07:16:46 -0700
Document created by Yakov Goldberg
UBSERC TEAM
Our website: http://www.ubersec.com
Follow Us in Twitter: http://twitter.com/#!/ubersec

WSUS server database clean-up Powershell script

Background

Many organizations utilize Windows Server Update Services (WSUS) server to centralize Windows updates and distribute them to all client machines that run Windows Operating Systems (OS) accordingly. On many occasions however, WSUS server will keep downloading updates from Microsoft for a variety of products and keep these updates in the hard-drive until the administrator decides to run the Server Cleanup Wizard manually from the Options tab in Update services. Yet, the administrator must always remember to execute that option manually or otherwise, WSUS server will keep downloading new updates while keeping older updates in the system. Thus, the server will get filled up with more and more updates until the hard-disk have reached full capacity. To help and reduce the likelihood for something like as such to occur, administrator can utilize Powershell WSUS clean-up script to clean older updates from WSUS server automatically. The following instructions will show administrator how to create a Powershell script that cleans up older updates (older than 30 day or unapproved updates) and then send the recipient (usually the administrator) an email with the results.

Keep in mind that for the script to work properly you will need your email server (usually exchange) to be an open-relay server. From a security perspective, this is not an always a good thing to have an email open-relay server since malicious attackers can find out the Internet Protocol (IP) of your email server and use it to send emails on the behalf of your company since your email server is open-relay server. My script is basic and doesn’t contain any security features in mind. Feel free to tweak or modify the script to enforce more security and authentication to your email server by creating a special account for that script in Active Directory (AD).

Operating Systems:

The script has been tested in the following OS:

- Windows 2003
- Windows 2008
- Windows 2008 R2

With

- WSUS version 2 and 3

Instructions

First and foremost you must assure that PowerShell 2.0 is installed and running on your WSUS Server. To do that, please go to your command line and type: powershell

If you windows have lunched Powershell you should see the letters PS next to the prompt line (look above). If Windows does not recognize the command “powershell”, you will have to download the Windows Management Framework Core (WinRM 2.0 and Windows Powershell 2.0) and install is on your Wsus server from the following link:

http://support.microsoft.com/kb/968929

Once you have downloaded and completed the Powershell (PS) installation on your wsus server, you will need to set Powershell restriction policy level to Unrestricted. To do that, type the followings Set-ExecutionPolicy Unrestricted in your command line:

PS C:\> Set-ExecutionPolicy Unrestricted

Setting the execution policy level to unrestricted allow the user to execute Powershell scripts on the system. Keep in mind that setting the policy to unrestricted is not always a good idea since you allow your server to execute any PS script. Thus, attackers could run their scripts on that server as well if they were ever successful gaining access to the server. For more information about the PS Execution policy please refer to the following link:

http://technet.microsoft.com/en-us/library/ee176961.aspx

Now you should be able to copy and paste the following script to your notepad and change server variables such as the From and To addresses and your Fully Qualified Domain Name (FQDN) of your WSUS server and your Exchange server (or any other email server you may be using).

#Region VARIABLES

# WSUS Connection Parameters:
## Change settings below to your situation. ##

# Enter your FQDN of the WSUS server
[String]$parentServer = "wsusserver.ubersec.com"

# Use secure connection $True or $False
[Boolean]$useSecureConnection = $False
[Int32]$portNumber = 80

# From address for email notifications. You can name it to whatever you want.
[String]$emailFromAddress = WsusAdmin@ubersec.com

# To address for email notifications. The recipient whom needs to receive emails upon the cleanup completion.
[String]$emailToAddress = uberadmingroup@ubersec.com

# Subject of email notification
[String]$emailSubject = "WSUS Cleanup Results"

# Enter your FQDM for Exchange server
[String]$emailMailserver = "emailmxsrv.ubersec.com"

# Cleanup Parameters:
## Set to $True or $False ##
# Decline updates that have not been approved for 30 days or more, are not currently needed by any clients, and are superseded by an approved update.
[Boolean]$supersededUpdates = $True
# Decline updates that aren't approved and have been expired my Microsoft.
[Boolean]$expiredUpdates = $True
# Delete updates that are expired and have not been approved for 30 days or more.
[Boolean]$obsoleteUpdates = $True
# Delete older update revisions that have not been approved for 30 days or more.
[Boolean]$compressUpdates = $True
# Delete computers that have not contacted the server in 30 days or more.
[Boolean]$obsoleteComputers = $True
# Delete update files that aren't needed by updates or downstream servers.
[Boolean]$unneededContentFiles = $True

#EndRegion VARIABLES

#Region SCRIPT

# Load .NET assembly
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration");

# Connect to WSUS Server
$wsusParent =
[Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($parentServer,$useS
ecureConnection,$portNumber);

# Log the date first
$DateNow = Get-Date

# Perform Cleanup
$Body += "$parentServer ($DateNow ) :" | Out-String
$CleanupManager = $wsusParent.GetCleanupManager();
$CleanupScope = New-Object
Microsoft.UpdateServices.Administration.CleanupScope($supersededUpdates,$expiredUpdates
,$obsoleteUpdates,$compressUpdates,$obsoleteComputers,$unneededContentFiles);
$Body += $CleanupManager.PerformCleanup($CleanupScope) | Out-String

#Get list of downstream servers
$wsusDownstreams =
[Microsoft.UpdateServices.Administration.AdminProxy]::DownstreamServerCollection;
$wsusDownstreams = $wsusParent.GetDownstreamServers();

#Clean each downstream server
$wsusDownstreams | ForEach-Object {
$ping = New-Object System.Net.NetworkInformation.Ping
$DSServer = $_.FullDomainName
Try{
$Reply = $ping.send($DSServer)
$ReplyStatus = $Reply.Status
Write-Host $ReplyStatus
}
catch{
$ReplyStatus = "False"
Write-Host $ReplyStatus
}
if ($ReplyStatus -eq "Success")
{
# Log the date first
$DateNow = Get-Date
$Body += $DSServer + " ($DateNow ) : " | Out-String
$wsusReplica =
[Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($_.FullDomainName,
$useSecureConnection,$portNumber);
$CleanupManager = $wsusReplica.GetCleanupManager();
$CleanupScope = New-Object
Microsoft.UpdateServices.Administration.CleanupScope($supersededUpdates,$expiredUpdates
,$obsoleteUpdates,$compressUpdates,$obsoleteComputers,$unneededContentFiles);
$Body += $CleanupManager.PerformCleanup($CleanupScope) | Out-String
}else{
# Log the date first
$DateNow = Get-Date
$Body += $DSServer + " ($DateNow ) : not pingable`n" | Out-String
}
}

# Send the results in an email
#Send-MailMessage -From $emailFromAddress -To $emailToAddress -Subject $emailSubject -Body $Body -SmtpServer $emailMailserver

# Mail the report...
$message = new-object Net.Mail.MailMessage
$mailer = new-object Net.Mail.SmtpClient($emailMailserver)

# From address for email notifications. You can name it to whatever you want.
$message.From = wsusadmin@ubersec.com
# To address for email notifications. The recipient whom needs to receive emails upon the cleanup completion.
$message.To.Add("uberadmingroup@ubersec.com ")
$message.Subject = "Windows Update - Server Clean-Up Wizard"
$message.Body = ($Body)

$mailer.Send($message)

#EndRegion SCRIPT
#You are done!

Don't forget that you will have to change the MX server FQDN and the WSUS server FQDN in the lines at the top of the script. In addition, you will also have to add the [TO] and [FROM] email addressees.

You can also download the script and modify the lines that say ”Change me” for your convenience from the following link:

http://www.ubersec.com/downloads/Wsus_script.ps1

Now you can setup a scheduled job on your WSUS server to run that script once a week. Keep in mind that if you have Windows 2003 server you may not be able to run a Powershell scripts directly as a scheduled tasks. Rather, you will need to create a batch file that execute that script and then run that batch file in the schedule. The content of the batch file should look as the followings:

@echo off
cls
powershell c:\>Wsus_script.ps1

Once the batch file is executed, it will execute the Powershell script and once this process is completed, your Admin group should receive an email that looks as the followings:

wsusserver.ubersec.com (01/01/2012 02:01:39 ) :

SupersededUpdatesDeclined : 0
ExpiredUpdatesDeclined : 0
ObsoleteUpdatesDeleted : 0
UpdatesCompressed : 79
ObsoleteComputersDeleted : 0
DiskSpaceFreed : 0

If successful, you are done!

UBERHARVEST 2.80 STABLE is out!

nospam@example.com (Jacob Goldberg) — Mon, 02 Jan 2012 06:13:13 -0700

I am happy to announce that a newer version of uberharvest is out!

UBERHARVEST 2.80 STABLE is out!

- Added XML report feature. Look below for example
- Removed all broken proxy server and added new working proxies to anonymous.txt file
- Added more user-agents for (--random) option
- Bug fixes
- Now working with Python 2.52 and UP
- Improved functionality
- Added new setup file for automatic installation of perquisites packages
- Application have been tested and is stable with the following Ubuntu/Backtrack distributions:

Distributor ID: Ubuntu
Description: Ubuntu 10.04.2 LTS
Release: 10.04
Codename: lucid

Distributor ID: Ubuntu
Description: Ubuntu 10.10
Release: 10.10
Codename: maverick

Distributor ID: BackTrack
Description: BackTrack 4 R2
Release: 4 R2
Codename: Nemesis

Distributor ID: Ubuntu
Description: Ubuntu 11.10
Release: 11.10
Codename: oneiric

And Backtrack 5

THE CURRENT UBERHARVEST VERSION CAN BE DIRECTLY DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest_2_80.tar.bz2
MD5 Hash = 90f16241b80c371d722f4450d89e9cb7

Please go to the downloads page to get directions about some modules that are required to be installed prior to using uberharvest.

OR,

Users can update uberharvest directly from your command line by typing,

root@ubuntu:~/uberharvest#./uberharvest --update

New Features

FEATURE 1

For users’ convenience I added another option for creating XML reports after scans. The option can be used along with –m option (for scanning on target website) or –l option (for loading text file to scan multiple targets). To create the XML report, please add the following option to the scan (--xml or –xml). Look below for example.

EXAMPLE OF USE,

root@ubuntu:~/uberharvest#./uberharvest -m OR -l and -xml

Keep in mind that –xml option may slow down the scan process. In addition, the –xml option cannot be included with verbosity option (-v or –verbose).

For more information, please go to our tutorial page.

Please report any errors by emailing to support@ubersec.com

THE CURRENT uberharvest VERSION CAN BE DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest_2_80.tar.bz2
MD5 Hash = 90f16241b80c371d722f4450d89e9cb7

Installing Python version manager for quick python version switch

nospam@example.com (Jacob Goldberg) — Fri, 23 Dec 2011 12:49:46 -0700
Document created by Yakov Goldberg
UBSERC TEAM
Our website: http://www.ubersec.com
Follow Us in Twitter: http://twitter.com/#!/ubersec

Installing Python version manager for quick python version switch

Background

Often many Linux users having to either upgrade their current Python engine version or use another Python version in parallel to the current one that is in the system. However, many Linux users (n00bs and professional users alike) don’t know or cannot find sufficient documents online to show them the best way to do download and install another Python engine. In addition, many users may need to use a newer version of Python while still having the current Python version running on their Linux Operating Systems (OS). Therefore, the pythonbrew application can be downloaded and configured to help all users to download any version of Python they desire and providing them the ability to quickly switch from one Python version to another on the fly. Feel free to follow the next steps to learn how to do just that.

Operating systems:

The tool was installed and tested in the following Operating System (OS):

root@ubersec$ sudo lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 11.10
Release: 11.10
Codename: natty

Instructions

Open you terminal console and then switch user to root user by typing,

$su root

Now download python-setuptools by typing,

#apt-get -y install python-setuptools build-essential

Once you are done downloading python-setuptools, download the Python version manager by typing,

#easy_install pythonbrew

Once pythonbrew has been downloaded, type the following to complete he installation process,

#pythonbrew_install

Now you will need to add the following line source /home/user/.pythonbrew/etc/bashrc to the very end of your ~./bashrc file. For that purpose, please edit the file by using nano, vim, vi or gedit. For the purpose of this paper I have used the GNU editor.

#gedit ~/.bashrc

Now scroll all the way down and type (or copy and paste) the following line

source /home/user/.pythonbrew/etc/bashrc

Now exit and save the file and close out of your terminal windows. Now restarts you Linux OS by typing,

#shutdown –r now

Now open your terminal windows again and then logon as root once again. Then you are ready to use the pythonbrew command to download and install a new Python version. To do that, please type the following:

#pythonbrew install 2.7.2

That download and installation process should take for a while. However, if through that installation you receive an error message of any kind, please type the following and try that download and installation once again by forcing it,

#pythonbrew install --force 2.7.2

If everything has been installed as planned, type the following command to switch your python version,

#pythonbrew switch 2.7.2

In addition, you can keep downloading to your Linux OS as sorts of Python version and then switch in between each one of them as needed. If you want to see the current Python version that you have downloaded thus far, please type the following,

#pythonbrew list

If you want to see all available Python version that you can download with Pythonbrew, type the following command,

#pythonbrew list –k

To uninstall a Python that is already installed in your Linux OS use the following command,

#pythonbrew uninstall [version]

For example, to uninstall Python version 2.7.2 please type,

#pythonbrew uninstall 2.7.2

To update pythonbrew please type the following command,

#pythonbrew update

Use the below command to disable the Pythonbrew and to activate the default version of Python you Linux OS is currently use,

#pythonbrew off

You are done!

You can also download my PDF document for your record from:

http://www.ubersec.com/downloads/Switch_python_version.pdf/

UBERHARVEST version 2.75 STABLE is out!

nospam@example.com (Jacob Goldberg) — Fri, 23 Dec 2011 12:11:11 -0700

I am happy to announce that a newer version of uberharvest is out!

UBERHARVEST 2.75 STABLE is out!

- Bug fixes
- Now working with Python 2.52 and UP
- Improved functionality
- Added new setup file for automatic installation of perquisites packages
- Application have been tested and is stable with the following Ubuntu/Backtrack distributions:

Distributor ID: Ubuntu
Description: Ubuntu 10.04.2 LTS
Release: 10.04
Codename: lucid

Distributor ID: Ubuntu
Description: Ubuntu 10.10
Release: 10.10
Codename: maverick

Distributor ID: BackTrack
Description: BackTrack 4 R2
Release: 4 R2
Codename: Nemesis

Distributor ID: Ubuntu
Description: Ubuntu 11.10
Release: 11.10
Codename: oneiric

And Backtrack 5

THE CURRENT uberharvest VERSION CAN BE DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest_2_75.tar.bz2

Please go to the downloads page to get directions about some modules that are required to be installed prior to using uberharvest.

OR update uberharvest directly from your command line by typing,

root@ubuntu:~/uberharvest#./uberharvest --update

Please report any errors by emailing to support@ubersec.com

THE CURRENT uberharvest VERSION CAN BE DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest_2_75.tar.bz2

UBERHARVEST version 2.69 is out!

nospam@example.com (Jacob Goldberg) — Sun, 04 Dec 2011 07:32:02 -0700

I am happy to announce that a new version of uberharvest is out!

UBERHARVEST 2.69 is out!

- Bug fixes

THE CURRENT uberharvest VERSION CAN BE DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest_2_69.tar.bz2

Please go to the downloads page to get directions about some modules that are required to be installed prior to using uberharvest.

OR update uberharvest directly from your command line by typing,

root@ubuntu:~/uberharvest#./uberharvest --update

Bug fixes

Uberharvest required to have Python version 2.7 and higher to work. Therefore, please assure that your Ubuntu or Backtrack distributions have at least python 2.7.2+ as the current language.

To check the current Python language version please type in your terminal:

root@ubuntutest:~/uberharvest#python –version

If your python version is less than 2.7, please type:

root@ubuntutest:~/uberharvest#apt-get install python2.7

To update your current python version.

Uberharvest requires to have the newer version of libssl1.0.0 and libcrypto1.0.1 libraries. So, if you receive the following error while trying to run uberharvest:

root@ubuntutest:~/uberharvest# ./uberharvest
./uberharvest: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory

Please download the newer version of uberharvest provided in the link above. Then do the followings:

1) Extract the tool and access the uberharvest folder.
2) Then copy libcrypto.so.1.0.0 and libssl.so.1.0.0 files to the /lib folder.

root@ubuntutest:~/uberharvest#cp libssl.so.1.0.0 /lib
root@ubuntutest:~/uberharvest#cp libcrypto.so.1.0.0 /lib

Now you should be okay!

Please report any errors by emailing to support@ubersec.com

THE CURRENT uberharvest VERSION CAN BE DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest_2_69.tar.bz2

UBERHARVEST version 2.67 is out!

nospam@example.com (Jacob Goldberg) — Mon, 07 Nov 2011 10:01:08 -0700

I am happy to announce that a new version of Uberharvest is out!

UBERHARVEST 2.67 is out!

- Bug fixes
- Added history option for more efficiency.
- Added another domain(s) search through Google.
- Improved functionality

THE CURRENT uberharvest VERSION CAN BE DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest_2_67.tar.bz2

Please go to the downloads page to get directions about some modules that are required to be installed prior to using Uberharvest.

OR update Uberharvest directly from your command line by typing,

root@ubuntu:~/uberharvest#./uberharvest --update

New Features

FEATURE 1

The new Google feature allows the user to receive results about other domains (and their IP addresses) corresponds with the target website. For instance, if your target website is ubersec.com then Uberharvest will search through Google for other domains that belong to ubersec.com. Look in the picture below inside the red box for an example.

EXAMPLE OF USE,

root@ubuntu:~/uberharvest#./uberharvest -m

FEATURE2

Uberharvest is now saving records of all user input and history while entering data to uberharvest. The folder location that records are stored is [uberharvest/History]. The user can simply use the UP ARROW (in his/her keyboard) to use previous inputs in order to increase time and efficiency. In addition, users can now have a record of what they have been typing from the moment they started using this new Uberharvest version.

The threshold of the history file is 10MB. At 10MB and up, Uberharvest will overwrite the log file. Users can remove the older file to a different location if they wish to save history for their convenience.

Please report any errors by emailing to support@ubersec.com

THE CURRENT Uberharvest VERSION CAN BE DOWNLOADED FROM:

root@ubersec$ sudo wget http://ubersec.com/downloads/uberharvest_2_67.tar.bz2