Archive for June, 2007


iPhone Reviews

June 28, 2007

Haven’t heard about the iPhone yet? Or just haven’t had the time to keep up with all the hype? The iPhone will be released this Friday. Here’s some reviews to fill you in on what some people are thinking about this revolutionary device!


How To: Find an e-mail address in Active Directory

June 28, 2007

I used this technote today when creating a mailbox for a user then getting an error saying the email address was used in the organization. I thought, “WTF?”. Anyways, thanks to the Exchangepedia blog for this useful tip!

Every once in a while you try to assign a particular address to a recipient in AD Users & Computers, only to be told someone already has that address!

Here’s how you can find out whether an email address is assigned, and the recipient it belongs to.

– In AD Users & Computers (on Windows Server 2003), right-click Saved Queries container | New | Query.
– Enter a name for the query, and click the Define Query button
– From the Find drop-down – select Custom Search | go to Advanced tab
– In the Enter LDAP Query text box, enter the query:

This returns recipients of all types – users, mail-enabled contacts, public folders, and groups that have the address

Click here to see a Flash demo.


MCSA is my goal!

June 23, 2007

Certifications are a beast. Especially if you work long hours, have a life, have a wife and/or kids, and like to have time for yourself.

It’s not easy studying, I can attest. But my next certification that I want to attain, based on my career track, is the Windows 2003 MCSA.

I currently have the 270 exam already taken and passed, making me a MCP. I’m currently working on 290, and then just have one more elective and I will be MCSA.

Here is some more information on the MCSA.

Not sure if you want to go MCSE or MCSA? Here’s the breakdown of the two commonly confused certifications.

Here is a great certification site I’ve been visiting and posting on for years.


So a user deletes their inbox… now what?

June 21, 2007

Alot of this is taken from Daniel Petri. I’m simply reposting much of it because it’s simply perfect!

A user uses Outlook. They call you and say “I just deleted my entire inbox”. You may ask “how the hell did you do that?” – but more often than not you should start asking the basic questions. Do you have Outlook? And most of the time, you will need to find out if they use Exchange as their mail server, because alot of times, end users simply don’t know.

Well, first things first… if they’re using PST’s… you better hope you have a backup of the PST.

However, this post is strictly about Exchange Server and an Outlook client.

If a user deletes their entire inbox, for example, it may be recoverable.

First, lets see how long an item is kept in the store after a user deletes it:

  1. On your Exchange server open Exchange System Manager (ESM) and navigate to your server object.
  2. Right-click the server object and select Properties.

In the Limits tab notice the value in the “Keep Deleted Items” box.

In our case it’s 7 days. This means that a user has 7 days to recover his or her deleted items. After that – it’s restore from media time!

Note that the higher you make this value, the bigger the store gets, as deleted items take a longer time to be purged from the store.

Note: Purging deleted items from the store does NOT make the store any smaller. For that you need to Defragment Exchange 2000/2003 Server Databases Offline.

Use Outlook to recover deleted items

The good news is that you can recover deleted items both from the regular Outlook client and from OWA.

In order to recover a deleted item via Outlook we need to first open Outlook (Duh). Then, click on the Deleted Items folder.

Click on Tools, and then the Recover Deleted Items icon (which looks like the recycle bin, lookout not to click on the left icon – that’ll empty your deleted items folder).

You’ll get a new window, where you’ll be able to browse to the item(s) you want to recover, and then press the Recover button.

The recovered items will return to the Deleted Items folder, where you can read, reply or move to their original location.

How do I recover hard-deleted items via Outlook?

Hard-deleted items are items that have been deleted by using SHIFT+DEL, thus the item avoided landing in the Deleted Items folder, and because of that, it cannot be simply recovered.

There is a registry hack for this to work on Outlook (MS KB 178630).

To show you the trick we will first hard-delete an item from the user’s Inbox by clicking on the item and pressing SHIFT+DEL on the keyboard. You will be prompted to accept the action. Do so.

Now, lets see if we can normally recover this item.

No, the Recover Deleted Items folder is empty because the item was hard-deleted from the Inbox.

To enable hard-deleted items recovery in Outlook follow these steps:

Open Registry Editor.

In Registry Editor, navigate to the following registry key:


Create the following value (DWORD):


and give it a value of 1.

Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you’re supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

Close Registry Editor, re-open Outlook for settings to take place.

After you add this value, the Recover Deleted Items option becomes available for the Sent Items folder, the Drafts folder, the Outbox folder, and the Inbox folder. You can recover deleted items from these folders.

As you can clearly see, the Inbox has the Recover Deleted Items option enabled, and so does each and every folder in the user’s mailbox.


Hacking 101: Cain & Abel

June 20, 2007

I came across this awesome utility at work today. Someone needed to desperately crack a Word document for a customer. So he sent out an email to all of the engineers asking if we had any tools (preferably free) to help him crack this document.

A few ideas came up – but by far, this has been the best idea. It may have not helped him out in his case, and that I’m not sure of. But I became curious and checked this tool out myself.

Cain & Abel is a free password recovery tool for Microsoft OS’s.

From their website:

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.

Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons. The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it.

The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and  some not so common utilities related to network and system security.

Some of the new features of this release are:

– Automatic Certificate Collector for FTPS (implicit), IMAPS and POP3S protocols.
– FTPS Man-in-the-Middle Sniffer and password collector.
– POP3S Man-in-the-Middle Sniffer and password collector.
– IMAPS Man-in-the-Middle Sniffer and password collector.
– Added Windows Mail (Vista) Password Decoder for POP3, IMAP, NNTP, SMTP and LDAP accounts.
– Added PTW WEP cracking attack.
– Added Windows Vista support in Wireless Password Decoder.
– Wireless Password Decoder now uses DLL injection under XP.

Download Cain & Abel v 4.9.4 today (works on NT, 2000, and XP). Not sure if Vista is supported, according to the website, it’s not listed so I’m not sure.


Examining Disk Space on Servers

June 16, 2007

Need some nice free tools to see exactly what’s taking up all that space on the server your working on? Well… here you go! Here are some free tools that can help.


Very flashy but also very useful.  Those blocks represent single files, so the larger the block, the larger the file.  I found a whole season of Thomas the Tank Engine on one my client’s user shares with this.  Sorry Thomas is no longer available.


DFolder – (

It’s a shell extension for when you hit the properties of any folder or hard drive. DFolder’s been sitting at this website for years.  Apparently it was made by someone in France somewhere along the line.  It’s reliable nonetheless and it’s a feature that really should have been in Windows at some point.  When you fire it up go to Options and check “By Size” and then Check “Descending”.


Grand Perspective – (For the Mac)

It’s like WinDirStat but better because it’s on the Mac.


Default Passwords

June 15, 2007

This is great. I don’t have to explain how great this is, do I?