Use Powershell to Find Adobe Flash Version

Hello all!! Wanted to put up a post about a quick and dirty script that I wrote to check the Flash version on machines in a domain.

This can be run on all computers in the domain or you could specify the OU to search. This script will output to a tab delimited file named get_flash_version_output.txt by default but you can specify your own output file if desired. Here's the code:

 
[CmdletBinding()]  
   
 param(  
 $searchbase = $null,  
 $output = ".\get_flash_version_output.txt"  
 )  
   
 # if the searchbase isn't specified then use the default domain of the user  
 if($searchbase -eq $null)  
 {  
   $searchbase = ([adsi]'').distinguishedName.ToString()  
 }  
   
 #load all computer objects into a variable  
 $computers = Get-ADComputer -SearchBase $searchbase -Filter * -SearchScope Subtree  
   
 #iterate through each computer object  
 foreach($computer in $computers)  
 {  
   $name = $computer.name  
   
   # test to be sure you can communicate with the machine, ignoring any errors  
   if(Test-Connection $name -count 1 -ErrorAction SilentlyContinue)  
   {  
     # file that we will be querying for the version  
     $filename = "\\$name\c$\windows\system32\macromed\flash\flash*.ocx"  
       
     # test the path to be sure it exists before trying to check the version  
     if(Test-Path $filename)  
     {  
       $file = get-item $filename  
       $version = $file.versionInfo.fileversion -replace ",", "."  
     }  
     else  
     {  
       $version = "Not Installed"  
     }  
     write-verbose "$name`t$version"  
     "$name`t$version" | out-file -append $output  
   }  
   else  
   {  
     write-verbose "$name`tOffline"  
     "$name`tOffline" | out-file -Append $output  
   }  
 }  

Generic execution which will iterate through your whole domain and output to get_flash_version_output.txt

PS C:\> .\get_flash_version.ps1


Execution specifying a specific searchbase within Active Directory

PS C:\> .\get_flash_version.ps1 -searchbase "dc=Your,dc=Domain"


Put it all together -> use searchbase, verbose output, and write to a different output file

PS C:\> .\get_flash_version.ps1 -searchbase "dc=Your,dc=Domain" -verbose -output test.txt


Another feature I'd like to add is maybe have it grab the current version of Flash from HERE and let you know if you need to upgrade or not.

But that is for another time….

Disable SSLv2 on Windows 2008

Recently I was tasked with disabling SSLv2 on a few Windows 2008 servers that are Internet-facing due to SSLv2 vulnerabilities. I have performed this change in the past but did not really use any tool to confirm my change worked at the time. This time I decided to poke around the Internet and see if there were any tools that I could run before and after the change to ensure SSLv2 wasn't "listening" anymore.

I eventually came across a great and simple to use perl script named CryptoNark. This tools was easy to get running on my Backtrack R3 box I have hanging around my desk. I did have to install a few dependencies first to get it running. I had to run the following 3 commands to install the dependencies.

• cpan Modern::Perl
• Cpan Tie::Hash::Indexed
• Cpan Mozilla::CA

After completing those commands I was able to run the script with the following syntax:

./cnark.pl -h "Hostname/IP" -p 443 --insecure

The --insecure is used to ignore self-signed certs. The result will look similar to this.



Now that we have confirmed that SSLv2 is alive and kicking on our server we need to disable it. I found the following page on an MSDN blog that did the trick for me. It is a simple registry change:

Open the registry and find:

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server

I believe I may have had to create the Server key.

Then add a new REG_DWORD with a name of DisabledByDefault. Give it a value of 0x1 to disable SSLv2 by default.

Once this was done I tried to just reset IIS to see if the change would be effective without a reboot but it did not work. After rebooting the system I ran the cnark.pl script again and the result looked like:



And there you have it, SSLv2 is disabled. This would definitely be something that could easily be added to a server build script or added to a base image so you don't have to do this every time.

Adios!!