How to Find S/MIME Certificates of the Users in Internal Network

I am engaged with a mission to detect digital signatures on the client computers. Then, I decided to write a script to search for client computers in the internal network using WMI.

For anyone who would like to use it, here is the script. Save it as a search.vbs, and run as CScript search.vbs.

arrEtensions = Array("cer","pfx","p12","p7b")
AdminUsername = "Administrator"
AdminPassword = "AdminPassword"
UserSegment = "172.16.1."
WorkingDir = "C:\Users\pen\Desktop\PenTest\script\"
Const OverwriteExisting = True

On Error Resume Next

'Search for computers to
For comp=29 To 29 : Do

strComputer = UserSegment & comp
Wscript.Echo "Searching for: " & strComputer

Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator") 
Set objWMIService = objSWbemLocator.ConnectServer(strComputer, _
		    "root\cimv2", AdminUsername, AdminPassword)

if Err.Number <> 0 Then
	Wscript.Echo "Error: " & Err.Number & Err.Description

	Exit Do
End If

strSearch="Select * from CIM_DataFile where "

For Each Extension In arrEtensions
	strSearch = strSearch & "Extension = '"& Extension & "' OR "
'Delete last OR
strSearch = Left(strSearch, Len(strSearch) - 4) 
Wscript.Echo strSearch
Set colFiles = objWMIService.ExecQuery(strSearch)
Wscript.Echo colFiles.Count

If colFiles.Count > 0 Then

	Set oFSO = CreateObject("Scripting.FileSystemObject")
	If Not oFSO.FolderExists(strComputer) Then
		oFSO.CreateFolder strComputer
	End If

'Write the results file
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.CreateTextFile(strComputer & "\files.txt " , True)

objTextFile.Write(strSearch & vbCrLf)

filecount = 0

	Set WshShell = CreateObject("WScript.Shell")

	mountLine = "net use w: \\" & strComputer & "\c$ /user:" & _
		    AdminUsername & " " & AdminPassword

	Set oExec = WshShell.Exec(mountLine)

	Do While oExec.Status = 0
	      WScript.Sleep 100
For Each objFile in colFiles

    filecount = filecount + 1
	sourceFile = objFile.FileName & "." & objFile.Extension
	sourceDir = objFile.Drive & objFile.Path
	netDir = "w:" & objFile.Path
	strLine = _
			objFile.Extension & vbTab & _	
			sourceDir & sourceFile & vbTab & _
			Round(objFile.FileSize /1024, 2) & "Kb" & vbCrLf
	WScript.Echo oExec.Status

	copyLine = "xcopy " & """" & netDir &  sourceFile & _
		   """" & " " & "" & WorkingDir & strComputer & _
		   "\" & objFile.FileName & "-" & filecount & _
		   "." & objFile.Extension & "*""" & " /Z /C"

	Wscript.Echo "Copying... " & copyLine
	Set oExec = WshShell.Exec(copyLine)

	Do While oExec.Status = 0
	     WScript.Sleep 100

	Set oExec = WshShell.Exec("net use * /delete /y" )

	Do While oExec.Status = 0
	     WScript.Sleep 100

End If

Wscript.Echo "Completed: " & strComputer

Loop While False: Next


Adding an oddly recurring event to your Google Calendar

Well, it is all started that I wanted to add a recurring event for the world famous La Tomatina of Spain, where people throw tomatoes to each other in a sunny day of Valencia. The event is held on the last Wednesday of August, during the week of festivities of Buñol. Unfortunately, there is no way to add a recurring action like this on the website of Google.

However, the Google Calendar can read and understand successfully the iCalendar format, not to be confused with Apple iCal, so you can make use of it to achieve what you want. All you need to do is to create an iCalendar event with the below recurrence rule. The term -1WE, means last Wednesday of the month, and the rest is self-explanatory. You can find more information in the related RFC.


You can paste the below text into a new text file and save it as latomatina.ics. Then, you can go Settings page of Google Calendars, click on Calendars, and then click on import. You will need to select the latomatina.ics, and the calendar you want this event to appear. Now, it is done. You can edit this event on your calendar. However, you should not edit the recurrence part on the web interface of Google Calendar.

DESCRIPTION: La Tomatina Festival
LOCATION:Buñol\, Valencia\, Spain
SUMMARY:Spanish Tomato Festival

Best way to prevent SQL Injection Attacks on MySQL / PHP Environment

If you don’t know what is SQL injection, you should read this first.

However,  if you authenticate users in a similar approach as below, you have already met with it, but you are not yet aware of it.

mysql_query(&amp;amp;quot;SELECT * FROM users WHERE

username='&amp;amp;quot; .$_POST['username'].

&amp;amp;quot;' AND '&amp;amp;quot; .

&amp;amp;quot; password='&amp;amp;quot;.$_POST['password'].&amp;amp;quot;'&amp;amp;quot;;);

Well, these are old school tricks and old fashion attacks, therefore, I will not digg into the attack side.

Quick and Dirty Prevention

Simply escape the user inputs with built-in mysql function mysql_real_escape_string. Something like below:

mysql_query(&amp;amp;quot;SELECT * FROM users WHERE username='&amp;amp;quot;. mysql_real_escape_string($_POST['username']).
&amp;amp;quot;' AND password='&amp;amp;quot;. mysql_real_escape_string($_POST['password']) .&amp;amp;quot;'&amp;amp;quot;;);

A tool for reporting external IT Audit findings to BRSA

BRSA (Banking Regulation and Supervision Agency), the primary regulatory body of Financial Sector in Turkey, has developed a promising system named BADES for the reporting of the findings which are determined by the external auditors during the course of application controls and general IT controls audit engagements. The BADES system has also capable of importing and exporting XML files which have detailed information about the findings and remediation plans.

Thanks for the openness of BADES system, I decided to write a desktop application, which is roughly a specifically formatted XML editor, to accelerate the inputting process of findings and automate the most of the work. You can see the full feature list below. Continue reading

Protecting audit evidences from prying eyes of Auditees

If you are working on a highly-critical engagement or a maganizish investigation you have to be sure that the information you have gathered or your audit program should be kept confidential. Otherwise, it would hurt you or the ones who are affected with your work. However, it might be quite though when all your data “belongs” to your company, and the “data custodians” of your company can easily browse your files even you will not notice whatsoever. I will tell you, how I cope with this situation.

One day, I heard an auditor colleague of mine suspiciously “lost” some of his audit evidences in the mid of his work. He was completely sure that he took the related evidences and put them all in that folder, which is not there at the moment. He was suspicious about some IT guys had deleted that folder from his computer. I took some measures to protect myself after hearing this story. Continue reading