Recently had a customer on Small Business Server think someone might be logging into the server as him. To check logs in IIS for a user : 

1 )Download and install Log Parser 2.2

2 ) Copy the logs from the default Location 

C:\inetpub\logs\LogFiles\W3SVC1 

to C:\Temp\Logs\

3) Save the following as query.sql in C:\Temp\Logs\

SELECT cs-username, date, time, c-ip, cs-uri-stem, cs(User-Agent) FROM C:\Temp\Logs\*
WHERE cs-method LIKE ‘%get%’ and cs-uri-stem LIKE ‘%owa%’

Run : 

Logparser.exe file:C:\Temp\Logs\query.sql -i:IISW3C -o:CSV

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
'---pin and unpin: taskbarpin.vbs [fullpath]------
'---Example: taskbarpin.vbs "C:\Windows\notepad.exe"
If WScript.Arguments.Count < 1 Then WScript.Quit
'----------------------------------------------------------------------
Set objFSO = CreateObject("Scripting.FileSystemObject")
objFile    = WScript.Arguments.Item(0)
sKey1      = "HKCU\Software\Classes\*\shell\{:}\\"
sKey2      = Replace(sKey1, "\\", "\ExplorerCommandHandler")
'----------------------------------------------------------------------
With WScript.CreateObject("WScript.Shell")
    KeyValue = .RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" & _
        "\CommandStore\shell\Windows.taskbarpin\ExplorerCommandHandler")

    .RegWrite sKey2, KeyValue, "REG_SZ"

    With WScript.CreateObject("Shell.Application")
        With .Namespace(objFSO.GetParentFolderName(objFile))
            With .ParseName(objFSO.GetFileName(objFile))
                .InvokeVerb("{:}")
            End With
        End With
    End With

    .Run("Reg.exe delete """ & Replace(sKey1, "\\", "") & """ /F"), 0, True
End With
'----------------------------------------------------------------------
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

List the permissions on all the folders

$OutFile = "C:\temp\Permissions.csv"
Remove-Item $OutFile -ErrorAction SilentlyContinue
$Header = "Folder Path,Exception,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Add-Content -Value $Header -Path $OutFile 

$RootPath = "D:\Shares\Users$"

try
{
#to add subfolders add - Recurse after $RootPath
    $Folders = dir $RootPath 2>&1 | where {$_.psiscontainer -eq $true} 
}
catch [System.Exception]
{
    $_.Exception.Message
}

foreach ($Folder in $Folders){
    
    try
    { 
        $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
        $Exception = $false 
      }
    catch [System.Exception]
    {
        $Exception = $true
        $SystemMessage = $_.Exception.Message 
    }
    Finally
    {
        Foreach ($ACL in $ACLs)
        {
             if ($Exception -eq $false) {
            $OutInfo = $Folder.Fullname + "," + $Exception  + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
             }
           else {
            $OutInfo = $Folder.Fullname + "," + $Exception  + "," + $SystemMessage
           }
           Add-Content -Value $OutInfo -Path $OutFile
       }
    }
}

Change the permissions

#######################################################
# 
# I put this script together to fix the permissions on users' home folders
# that had gotten messed up when they were moved to a new fileserver
# cluster.  After many attempts that 'almost' worked, I incorporated scripts
# from fellow SpiceHeads, most notably Martin Pugh (Martin9700).  An 
# edit or two from others, (Simon Matthews helped with the Set-ACL syntax 
# and Martin Boyle contributed the Set-Strictmode line for debugging), and
# I fixed up the logging output.
# 
# There's a couple of comments in the script that I left in but really only apply
# to the limited type of environment I was dealing with (2003 functional domain 
# with no access to the ActiveDirectory module).  (I figure I can't be the only 
# with overlords stuck in the past.)
# 
# Mike Schulman (s31064) 11/19/2015
# 
#######################################################

#Set-Strictmode -Version Latest -Verbose	##### Uncomment for configuring to your situation, then comment out again when you've got it right.

$Path = "D:\Shares\Users$"

##### Permissions adds the users/groups and the permissions they should have.  The actual User should not be added here.  
##### What's on the line below is an example only.  The format is domain\user-group:Permission.  
##### Separate additional users/groups with a comma and enclose the list in "".

$Permissions = "%yourdomainname%\Domain Admins:FullControl"

# Setup Access Rules
# $Domain = (Get-ADDomain).NetBIOSName	##### Need to set statically on next line because of 2003 limitations.
$Domain = 'ENCOM'
$AccessRules = @()
ForEach ($Perm in $Permissions.Split(","))
{	$Group = $Perm.Split(":")[0]
	$Level = $Perm.Split(":")[1]
	$AccessRules += New-Object System.Security.AccessControl.FileSystemAccessRule($Group,$Level, "ContainerInherit, ObjectInherit", 

"None", "Allow")
}

##### Setup Logging
##### Pasting this script as text into a PS command line causes the line below to throw an error and place the log file in the C:\ folder.  The script still works.

$Log = "$(Split-Path $MyInvocation.MyCommand.Path)\Set-UserACL-$(Get-Date -format 'MMddyy-hhmm').log"
Add-Content -Value "$(Get-Date): Script begins" -Path $Log
Add-Content -Value "$(Get-Date): Processing folder: $Path" -Path $Log

##### This is where it all starts to happen.
##### You can also modify the -Path in the Get-ChildItem line to limit the number of folders affected during testing.

$Dirs = Get-ChildItem -Path "$Path\*" | Where { $_.PSisContainer }
$UserError = @()
ForEach ($Dir in $Dirs)
{	$User = Split-Path $Dir.Fullname -Leaf
	Try
	{	Add-Content -Value "-----------------------------------------------" -Path $Log
	 	Add-Content -Value "$(Get-Date): Testing $($User): $($Dir.Fullname)" -Path $Log

##### The next line should be        $Test = Get-ADUser $User -ErrorAction Stop
##### It will test for the existence of the user before looping through the script.  I had to take it out because of the limitations of my environment.

	 	$ACL = Get-Acl $Dir -ErrorAction Stop
        
        ##### Set inheritance to no
		#$ACL.SetAccessRuleProtection($true, $false)
        #Add-Content -Value "$(Get-Date): Inheritance for $User set successfully" -Path $Log
        
        ##### Set owner to user
		#$ACL.SetOwner([System.Security.Principal.NTAccount]$User)
        #Add-Content -Value "$(Get-Date): Owner $User set successfully" -Path $Log
        
        ##### Remove old permissions
		$ACL.Access | ForEach { [Void]$ACL.RemoveAccessRule($_) }
        Add-Content -Value "$(Get-Date): Old permissions for $User removed successfully" -Path $Log
        
        ##### Set new permissions
		ForEach ($Rule in $AccessRules)
		{	$ACL.AddAccessRule($Rule)
		}
		$UserRule = New-Object System.Security.AccessControl.FileSystemAccessRule("$Domain\$User","Modify", "ContainerInherit, 

ObjectInherit", "None", "Allow")
		$ACL.AddAccessRule($UserRule)
		Set-Acl -Path $Dir -AclObject $ACL -ErrorAction Stop
        Add-Content -Value "$(Get-Date): New permissions for $User set successfully" -Path $Log
	}
	Catch

##### This is where the errors get logged.  The first line logs them to the console, and the next two lines add them to the log file.

	{	Write-Host "Unable to process $($Dir.Fullname) because $($Error[0])" -ForegroundColor Red
		Add-Content -Value "-----------------------------------------------" -Path $Log
        		Add-Content -Value "$(Get-Date): Unable to process $($Dir.Fullname) because $($Error[0])" -Path $Log
	}
}

##### This just closes the log file.

Add-Content -Value "-----------------------------------------------" -Path $Log
Add-Content -Value "$(Get-Date): Script completed" -Path $Log
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
import boto3

def lambda_handler(event, context):
# TODO implement
userID='%%%%%%%' # redundancy user account ID
ec2 = boto3.client('ec2')
volumes = ec2.describe_volumes()
ec2Resource=boto3.resource('ec2')
for volume in volumes['Volumes']:
for attachment in volume['Attachments']:
instance=ec2Resource.Instance(attachment[u'InstanceId'])
instanceName=instance.tags[0][u'Value']
print "Backing up %s in %s" % (volume['VolumeId'], volume['AvailabilityZone'])
break
snapshots = ec2.describe_snapshots(Filters=[{ 'Name': 'owner-id','Values':[userID] }])
for snapshot in snapshots['Snapshots']:
print "Backing up %s in %s" % (instanceName, snapshot['SnapshotId'], volume['AvailabilityZone'])
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Looks like the main scrapers I found are Import.io and Octoparse

import.io gives you a free 7 day account with 500 Requests

  1. ) Get a list of all products
    Navigating around the site it looks like all their products are put on pages like this : https://www.ikea.com/au/en/catalog/categories/departments/outdoor/17893/ so we need to find a list of departments and their  , Ikea actually list them here : https://www.ikea.com/au/en/catalog/allproducts/

    Enter this URL in an import.io extraction service

    Voila
  2. Create a new extractor and enter one of the products pages then choose the Edit and select the products images and other info




    Now use the other extractor from Part 1 as an input to part 2


  3. Voila
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Get a list of programs currently install 

wmic /node:<REMOTE HOSTNAME> product get name, version, vendor

How to uninstall the Program

wmic /NODE:<REMOTE HOSTNAME> product where (name=”Windows Agent”) call uninstall
 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
  1. Install : Xdebug 

Can be done by install then entering the following :  /etc/php/7.1/fpm/php.ini:

zend_extension = /usr/lib/php/20160303/xdebug.so
xdebug.profiler_enable = 0
xdebug.profiler_output_name = cachegrind.out.%t
xdebug.profiler_enable_trigger = 1
xdebug.profiler_output_dir = /tmp
xdebug.profiler_enable_trigger_value = "<super secret key>"

In order, the configuration goes as follows: load the module, disable profiling be default, set the filename, enable triggering via GET/POST parameter, output in /tmp and only profile when given the key.

Restart php-fpm and you should be good to go.

2) Use the ?XDEBUG_PROFILE=<super secret key> appended to any page you want to debug and the debug file will be put in /tmp.

3) Open the debug file using something like : https://github.com/jokkedk/webgrind  For Analysis specifically for reducing 

Invocation Count is how many times that function was called. A simple tip for reducing this is to pull out any repetitive function calls from a for-loop into a single variable.

 Total Self Cost is the total percentage or time that the function is responsible for. You can improve this by reducing code complexity, using built-in native functions or removing unused variables.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)