need different wireless channel?

If you are dropping connections and cant get the app to work, check your ping. If ping is lost, try forcing the wireless driver to use 5ghz (instead of 2ghz).   Or the 2ghz if using 5ghz.  Usually can do that in driver parameters/settings under the NIC.

This will show channels and frequencies available:    C:\Users\rod_deluhery>netsh wlan show all

For example,  I can see that my output shows that the wireless that I use at home,  it does offer two (2) different channels:

SSID 2 : SpectrumSetup-F8

    Network type            : Infrastructure

    Authentication          : WPA2-Personal

    Encryption              : CCMP

    BSSID 1                 : 44:ad:b1:56:36:ff

         Signal             : 40%

         Radio type         : 802.11ac

         Channel            : 157

         Basic rates (Mbps) : 6 12 24

         Other rates (Mbps) : 9 18 36 48 54

    BSSID 2                 : 44:ad:b1:56:36:fe

         Signal             : 67%

         Radio type         : 802.11n

         Channel            : 1

         Basic rates (Mbps) : 1 2 5.5 11

         Other rates (Mbps) : 6 9 12 18 24 36 48 54

Copyright 2021 Rod Deluhery

windows server on AWS

Confused on AWS? Need a microsoft server on AWS with massive storage? Search various topics on aws with these free videos. Also I just went through a class on AWS. Pretty good class, mine was on Saturday and Sunday morning (7am pst). If you afford the Edureka training, go for it. Its worth it.

malicious software – ryuk

Hi server admins. Don’t let your server get compromised, or your clients!  Here is a good write up on trickbot malware servers.  I think this is a good thing,  that the courts allowed the team (including Microsoft) to take control of the servers.  That is how it reads to me.   This may lead to better process of dealing with malicious servers on the internet.  There is too many bad servers out there!  We need to process to stop them!  By allowing the team to take control of the servers,  they do more offensive work against the bad guys.

And check this link.  Is your infrastructure blocking these IPv4 addresses?  If not,  you better start!

Copyright 2020 Rod Deluhery

Windows eval

It is September 2020 and good old windows2012 is still there to be downloaded from Microsoft. It is true! Nice code and still running well.

I put on my curious nature and checked out some code samples. For security on windows systems, how does it work? It’s pretty complicated for sure. Check out some of the security methods Microsoft uses to protect the system. One place to look is “hacker challenge sites”. These sites have code samples and challenges on how to exploit computer security weaknesses. Of course, there are sites related to computer security, specifically. One that I found was on If you think you know your stuff with server code, check it out. I was surprised to read up on ‘token stealing’ on Windows.  Token stealing allows one to run scripts with root (system privilege).  I didn’t know it was so well documented,  how these exploits work.  Root-me has challenges organized pretty well, but they are not grouped into “easy” or “difficult” ratings that are easy to sort out. They do have ratings and such, but just not easy to find the ones that may suit your skill level. ?    For,  look at how they organize the challenges:

##—–start of list  

App – Script

Exploit environment weaknesses, configuration mistakes and vulnerability patterns in shell scripting and system (…)

App – System

These challenges will help you understand applicative vulnerabilities.


Reverse binaries and crack executables.


Break encryption algorithms


Train digital investigation skills by analyzing memory dumps, log files, network captures…


Networks challenges where you have to deal with captured traffic, network services, packet analysis, (…)


Automate tasks and build shellcodes.


Realistic challenges.


Whereas cryptography concern the art of secret, steganography is the art of hidding: the object of steganography is to (…)

Web – Client

At first you will be faced with problems that will require little to no knowledge of web scripting language. Pretty soon (…)

Web – Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse it!

##—–end of list  

Check out the challenges and get yourself some self-esteem. You get no certification. You get no appreciation. You just get pride and confidence that you can tackle these things. Just do it!

Copyright 2020 Rod Deluhery

And finish up with a link to the MS downloads, to get server 2012:

smb, server message block. You rock

Recently I did some work troubleshooting a SMB problem.  I used wireshark packet capture,  the firewall packet capture,  and also Microsoft message analyzer packet captures.  Microsoft message analyzer was pretty easy to use,  as it has a SMB view/filter that allows you to show the SMB traffic.  Now if it was really awesome,  it could ask if there was a problem with any SMB sessions, and an expert system would identify problems.  Well that doesn’t exist,  that I know of.  Wireshark does not have it either,  maybe Omnipeek or some other high end tool.

If you have issues with SMB,  check out the link below to disable or enable SMB versions.  You may have Windows issues with compatibility,  either forward or reverse functions that maybe the root cause.  Kill the SMB except for the one you are working with.


Windows support. You are not ashamed.

Do you really need windows support?  Many use unsupported and custom built systems,  including very large companies.  Google is known for using unbranded network switches,  custom built for them.  Not everyone needs to call support,  and few will admit they have had to call for support.  I will admit that I have called tech support.  I have no problem with it.  I still have confidence in my capabilities.   I am not ashamed.  I called tech support.  😉

Note, from Microsoft:  On January 14, 2020, support for Windows Server 2008 and 2008 R2 will end. 

And a quick powershell bit.  For super security on your machines,  remove dns quickly using this powershell command.  then put DNS back when you need it!  Good for child-proofing computers.

Unlock DNS:

Set-DnsClientServerAddress -InterfaceIndex 20 -ServerAddresses “”

Lock DNS so dns does not work!  Use hosts file to add any DNS name you might need:

Set-DnsClientServerAddress -InterfaceIndex 20 -ResetServerAddresses

And use this for running via batch file (.bat)

powershell Set-DnsClientServerAddress -InterfaceIndex 20 -ResetServerAddresses

Copyright 2019 Rod Deluhery



Always worth a bit of time to automate a repetitive process,  and I so here I go again.  Here is a automation tool using windows shell.

Goal –  go through two large firewall configs,  and find every spot where the IP addresses show up.  End result is data processed from the files,  and results put into another file, only matching the strings I am looking for.

So, how does it work?

It is a single line command using FOR.  The input into the for command, the switches and tokens=2,3*  means take the second data field in each line of the file.  See a part of fire.txt here:




So that means process the second field, which is the IP address,  assign to variable %i.   also third field, it will assign the next letter variable (%j in this case). %j never got used, as there is no third field (per line).   Delims=,  means look for comma as the separator,  and indeed there is a comma separator.  I could have used a period . separator,  and then it would get a certain part of the ip address,  say I only wanted the third octet of the IP address to get listed in a file.

You can see ‘fire.txt’ is specified as the file to work on, and also running_config_ext.   The work comes at the @ sign,  so @find is the thing that is ran for each line.


find “%i” running_config_ext >> ext_rules.txt    does basically run the find command on each line of text,  then output the results to ext_rules.txt


Here is the for command I used.  I ran it twice,  one for each file.

C:\sysinternals>FOR /F “eol=; tokens=2,3* delims=, ” %i in (fire.txt) do @find “%i” running_config_ext >> ext_rules.txt

C:\sysinternals>FOR /F “eol=; tokens=2,3* delims=, ” %i in (fire.txt) do @find “%i” running_config_int >> int_rules.txt

To get help on “for” command, use below switch.  Bonus, it also has example.  The example,  I end up using all the time. . .so lame,  I can’t remember the syntax. Even though I have used the stupid thing for over 15 years!  I do know it pretty well though after using it so often.  🙂

C:\sysinternals>for /?

Runs a specified command for each file in a set of files.


FOR %variable IN (set) DO command [command-parameters]


  %variable  Specifies a single letter replaceable parameter.

  (set)      Specifies a set of one or more files.  Wildcards may be used.

  command    Specifies the command to carry out for each file.


             Specifies parameters or switches for the specified command.


To use the FOR command in a batch program, specify %%variable instead

of %variable.  Variable names are case sensitive, so %i is different

from %I.


If Command Extensions are enabled, the following additional

forms of the FOR command are supported:


FOR /D %variable IN (set) DO command [command-parameters]


    If set contains wildcards, then specifies to match against directory

    names instead of file names.


FOR /R [[drive:]path] %variable IN (set) DO command [command-parameters]


    Walks the directory tree rooted at [drive:]path, executing the FOR

    statement in each directory of the tree.  If no directory

    specification is specified after /R then the current directory is

    assumed.  If set is just a single period (.) character then it

    will just enumerate the directory tree.


FOR /L %variable IN (start,step,end) DO command [command-parameters]


    The set is a sequence of numbers from start to end, by step amount.

    So (1,1,5) would generate the sequence 1 2 3 4 5 and (5,-1,1) would

    generate the sequence (5 4 3 2 1)


FOR /F [“options”] %variable IN (file-set) DO command [command-parameters]

FOR /F [“options”] %variable IN (“string”) DO command [command-parameters]

FOR /F [“options”] %variable IN (‘command’) DO command [command-parameters]


    or, if usebackq option present:


FOR /F [“options”] %variable IN (file-set) DO command [command-parameters]

FOR /F [“options”] %variable IN (‘string’) DO command [command-parameters]

FOR /F [“options”] %variable IN (`command`) DO command [command-parameters]


    file-set is one or more file names.  Each file is opened, read

    and processed before going on to the next file in file-set.

    Processing consists of reading in the file, breaking it up into

    individual lines of text and then parsing each line into zero or

    more tokens.  The body of the for loop is then called with the

    variable value(s) set to the found token string(s).  By default, /F

    passes the first blank separated token from each line of each file.

    Blank lines are skipped.  You can override the default parsing

    behavior by specifying the optional “options” parameter.  This

    is a quoted string which contains one or more keywords to specify

    different parsing options.  The keywords are:


        eol=c           – specifies an end of line comment character

                          (just one)

        skip=n          – specifies the number of lines to skip at the

                          beginning of the file.

        delims=xxx      – specifies a delimiter set.  This replaces the

                          default delimiter set of space and tab.

        tokens=x,y,m-n  – specifies which tokens from each line are to

                          be passed to the for body for each iteration.

                          This will cause additional variable names to

                          be allocated.  The m-n form is a range,

                          specifying the mth through the nth tokens.  If

                          the last character in the tokens= string is an

                          asterisk, then an additional variable is

                          allocated and receives the remaining text on

                          the line after the last token parsed.

        usebackq        – specifies that the new semantics are in force,

                          where a back quoted string is executed as a

                          command and a single quoted string is a

                          literal string command and allows the use of

                          double quotes to quote file names in



    Some examples might help:


FOR /F “eol=; tokens=2,3* delims=, ” %i in (myfile.txt) do @echo %i %j %k


    would parse each line in myfile.txt, ignoring lines that begin with

    a semicolon, passing the 2nd and 3rd token from each line to the for

    body, with tokens delimited by commas and/or spaces.  Notice the for

    body statements reference %i to get the 2nd token, %j to get the

    3rd token, and %k to get all remaining tokens after the 3rd.  For

    file names that contain spaces, you need to quote the filenames with

    double quotes.  In order to use double quotes in this manner, you also

    need to use the usebackq option, otherwise the double quotes will be

    interpreted as defining a literal string to parse.


    %i is explicitly declared in the for statement and the %j and %k

    are implicitly declared via the tokens= option.  You can specify up

    to 26 tokens via the tokens= line, provided it does not cause an

    attempt to declare a variable higher than the letter ‘z’ or ‘Z’.

    Remember, FOR variables are single-letter, case sensitive, global,

    and you can’t have more than 52 total active at any one time.


    You can also use the FOR /F parsing logic on an immediate string, by

    making the file-set between the parenthesis a quoted string,

    using single quote characters.  It will be treated as a single line

    of input from a file and parsed.


    Finally, you can use the FOR /F command to parse the output of a

    command.  You do this by making the file-set between the

    parenthesis a back quoted string.  It will be treated as a command

    line, which is passed to a child CMD.EXE and the output is captured

    into memory and parsed as if it was a file.  So the following



      FOR /F “usebackq delims==” %i IN (`set`) DO @echo %i


    would enumerate the environment variable names in the current



In addition, substitution of FOR variable references has been enhanced.

You can now use the following optional syntax:


    %~I         – expands %I removing any surrounding quotes (“)

    %~fI        – expands %I to a fully qualified path name

    %~dI        – expands %I to a drive letter only

    %~pI        – expands %I to a path only

    %~nI        – expands %I to a file name only

    %~xI        – expands %I to a file extension only

    %~sI        – expanded path contains short names only

    %~aI        – expands %I to file attributes of file

    %~tI        – expands %I to date/time of file

    %~zI        – expands %I to size of file

    %~$PATH:I   – searches the directories listed in the PATH

                   environment variable and expands %I to the

                   fully qualified name of the first one found.

                   If the environment variable name is not

                   defined or the file is not found by the

                   search, then this modifier expands to the

                   empty string


The modifiers can be combined to get compound results:


    %~dpI       – expands %I to a drive letter and path only

    %~nxI       – expands %I to a file name and extension only

    %~fsI       – expands %I to a full path name with short names only

    %~dp$PATH:I – searches the directories listed in the PATH

                   environment variable for %I and expands to the

                   drive letter and path of the first one found.

    %~ftzaI     – expands %I to a DIR like output line


In the above examples %I and PATH can be replaced by other valid

values.  The %~ syntax is terminated by a valid FOR variable name.

Picking upper case variable names like %I makes it more readable and

avoids confusion with the modifiers, which are not case sensitive.

Windows 10 wireless hacking

Windows has some built in wireless tools that can help you figure out wireless.  On a windows server or windows 7,8 or 10 machine, type this at a command prompt:

netsh wlan show networks mode=bssid

You get a list of nearby networks,  the current channel they are operating at, supported speeds also.  And details of the encryption, if any.  This is a bit of a weakness with wireless encryption,  I don’t know why the industry agreed to display details of the encryption method!  If you don’t know the network,  you have no business connecting with a secure net.  Why show that it uses WPA2-enterprise,  or just WPA?  Good for tech support people that were left in the dark and have no documentation on their network.

Need to know wireless signal strength?  The NETSH command will show you.  Note it seems to read the cache of networks and maybe a few seconds or even over a minute old,  so the NETSH command does NOT appear to refresh the list of available networks.  Or if it does,  you will have to run it again to see the updated list.

Wireless survey?  Cut below and save as survey.bat.  Run as survey.bat %name% to identify the survey area.  Here is a shell script for windows that will output a basic wireless survey data as you drive around (or walk around) your survey area:

REM loops netsh command for basic wireless survey. Run with
REM >survey.bat hallway to make a survey of hallway. Then hit ctrl C, then
REM do next survey with >survey.bat arena. The files data_arena and data_hallway are created 
REM with wireless data. Ping with payload checks for network connection, if you have one. Drops in
REM pings with payload show weak signal to associated network SSID.
REM Rod Deluhery 2019
netsh wlan show networks mode=bssid >> data_%1.txt
ping -l 500 >> data_%1.txt
echo "Hit control c" to stop survey. Survey data will be in data_%option%.txt 
goto loop

Example netsh output.  Notice this public wifi has four BSSID mac addresses,  which probably means there is four (4) access points.  Or maybe two access points with dual radios. . . but why different BSSID but all on the same channel (channel 11)??  Interference!!  Actually channel 11 is 2.4 ghz and travels farther than 802.11a radio signals at 5 gigahertz.   NETSH simply was not showing the 802.11a radio signals as they were too weak.   Another scan, done when closer to the venue,  shows 802.11 channels on both spectrum (2.4 gigahertz frequency and 5 gigahertz frequency).

Network type : Infrastructure
Authentication : Open
Encryption : None
BSSID 1 : 3a:18:0a:28:0c:ae
Signal : 31%
Radio type : 802.11n
Channel : 11
Basic rates (Mbps) : 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54
BSSID 2 : 3a:18:0a:28:0f:e2
Signal : 35%
Radio type : 802.11n
Channel : 11
Basic rates (Mbps) : 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54
BSSID 3 : 3a:18:0a:28:0c:22
Signal : 31%
Radio type : 802.11n
Channel : 6
Basic rates (Mbps) : 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54
BSSID 4 : 3a:18:0a:28:0f:ce
Signal : 31%
Radio type : 802.11n
Channel : 11
Basic rates (Mbps) : 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54

Note that the BSSID listed here do not equate to any specific vendor.  Several wireless devices do this, they create random MAC addresses.  I noticed my iPhone hotspot also does this, creates a random MAC address.  Why?  This prevents one from doing a lookup on the electronic vendor.  You can lookup vendor using the mac address, using a website like this:

Hope this makes you awesome.   Now that you have some deep technical skills.    You go. Go deep.

Copyright 2019 Rod Deluhery