SS3 commands or functions related to TDS available?

Discussion in 'Trojan Defence Suite' started by DolfTraanberg, Dec 17, 2002.

Thread Status:
Not open for further replies.
  1. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Are there any SS3 commands or functions related to TDS available?
    I don’t want to turn TDS into a coffee machine or a jukebox, just want to be able to create a script telling TDS to scan where, when and what, and tell it to blow a whistle when it finds something.
    Thanks,
    Dolf
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    We all are waiting for the SS3 manual, and lack of this has for most people slowed down the scripting hobby.
    There is just a little hope, which is hunting for the VBS help manual on the MS site.
    SS3 is related to VBS, in fact an enhanced kind and so rare that either we all think Wayne created it himself or too difficult even though powerful so people turn to other languages.
    Unfortunately........
    So using the VBS and in the examples seeing a lot of how to and ever in the private forum Jazzie posted in the SS3 part a full list of possible commands, but not what they do or how to use them but we might find out with those tools...

    TDS can be configured to voice alert on connection requests, btw and will send you a warning email if you configured that too.
    For the scanning tasks you'll need to set timers and all that, many people have been sweating on that part so we'll all be really grateful if somebody brings a workable solution.


    Because of the scripting i came to the MSAgents, which are relatively easy to work with and so i came to the fun scripts, not the opposite way, and from there with the examples was able to create some working things.
    I made them some (using MASH) in exe format to run from everywhere in the system and voice controlled if necessary so i could call "update!" or "go to the Forum!" or "Send email!" but would have preferred to do that all via TDS of course, complete with the scan options, as we need to go via TDS to start an SS3 script, and to choose TDS menu options for instance.
    I expect things being possible like menu=&Full System Scan
    and whatever scans you created in the Edit Scans etc.
    In the private forum i ever posted a (msagent based -but i think useable without them too) time script which can be used in a timer for instance day this hour that etc.
    Hope you find some useful info in the private forum in the area mentioned.
     
  3. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Thank you Jooske for your reply
    It should be wonderful for now to have an option to have TDS send mail when it is finds a baddy.
    It should convince my boss to choose for TDS and and have (at least ) a bit of protection, while waiting for TDS-4, which will have more possibilities, so I was told.
    Dolf.
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Yes, at the moment it sends default alerts for intruders/ connection requests which pass your firewall to the email address you specify in Configuration > Servers
    And it gives a voice alert on that.

    Do test if you have the voice with typing in the TDS console bottom something like
    speak "Hello!"
    and listen if you hear it. If not, the speech part is not properly installed on your system and needs attention.

    It should need a script which makes the scans you like, copy the results from the rightclick menu in the alerts screen to the scandump.txt automatically and email those results to you so you can decide if something needs more attention.
    And of course you like that email and attachment scanned as well, i remember :)

    Have your employer know that TDS-3 is very useful to have now and can give some time to experiment with it; for private users the upgrading to TDS-4 is free, can imagine for corporations there will be other attractive arrangements in price and certainly not to forget the necessary WormGuard on every pc.
    From your central server you can scan all other logical drives in the LAN, not the memories on other pc's which need for that their own local installed TDS.
    Would enable you to send people warnings via the UDP broadcast or TCP connect, etc.
    Are you the person on the central server ?
     
  5. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Thanks Jooske,
    I've tried that one, still waiting for an alert
    Sorry, no soundcard on the server :doubt:
    With the logfiles I could do something, but the fact that it changes the filename each day, and the folder each month isn't very helpful, besides that, it tells you there are some detections but no filename's something like this:
    btw where can I find the scandump.txt and when is it created?
    Yes I am, but a very lazy one :D
    thanks,
    Dolf
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Only Wayne can tell if TDS would work on a server, (might though) or needs a pc connected to that.
    So this is why you prefer the bell/sound in stead of the voice.
    Did you install a TDS trial version to see if it works there?

    In your TDS-3 directory you'll see a file Scandump.txt.
    I'm not aware scanresults are saved there automatically (might by now) as that would really be nice.
    At the moment i right click on one of the finds, save to scandump.txt which is confirmed to read it immediately so in stead of reading it should be possible to copy it's content into an email and send out to you.
    I'm thinking......... in emails in OE i made a message rule if an email comes from sender X or has content X reply or forward to address Y with file Z.
    If it's a TXT file (like scandump.txt is) it's content is pasted inside that email and send out in txt format too.
    The name of Scandump.txt is always the same, never changes, it's content is overwritten each time when you dump a new scan alert inthere.
    So if this is possible with the messagerules of OE, it must be possible with scripts or other email clients too.
    The console log file has today's date real time, but that is not the one you want for this matter.

    When you try backdoor knocks or other scans on yourself 127.0.0.1 or 0.0.0.0 depending on your localhost's IP and all sockets up for instance you would get at least a few connection requests and emails sent to you.

    Hope this helps your creativity.
     
  7. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    tried the sample smtp script:
     
  8. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    the backdoor plugin didn't give me any alerts
    We use Windows 2000 Advanced Server Sp3 and Exchange 2000
    TDS-3 works well, for I can see with limited functions (trial)

    For the scripting part we use Macro Express
    http://www.macros.com/

    I am not able to locate any scandump.txt

    Dolf
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If you try in the Configuration > Servers, testing to send yourself an email, does that work properly?
    See it asks for a hello first, isn't that a code 200 or 250?
    Should go automatically.

    Nothing against it to make an empty Scandump.txt yourself with notepad and save it by that name there. Maybe it's created automatically when saving your first alerts, not sure.
     
  10. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    so this works.
    Will TDS use this empty file to store data in it o_O
     
  11. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    I'll have to go into that sample script to see, I also thought that it was HELO instead of hello :D
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Yes, HELO, sorry, it should just work.
    I have such a thing in the plugins too, does the same, but a script might be easier to use for your goal, although......

    Yes, the empty Scandump.txt will be used to overwrite each time you store your alerts there.
    Unless your script has a command to copy it to a new name or you might use your emails for that to make your library that way (easier)
    Aha, so now you want an email to be sent to you, on which receipt the email message rules copy the existing scandump.txt inside and either forward it to X either store it in folder Y with that content.
    Nice.
    So now you want to make a chain of scripts:
    form1 to see what is the time and at time X update Radius
    After that do full system scan.
    Now you want the trigger when there is in the console log of today the line [scan] finished to copy the alerts in the scandump.txt.
    Then there that smpt email sending to your mailbox which replies with the scandump content to wherever you want it.
    Maybe it's possible to have that scandump sent immediately with that smpt script, but i guess that's getting complicated.
    In your trial version you can use only max 5k scripts btw, so you have two options, registering the software or cut your script in such small pieces as i'm describing to start with, but once using this nice stuff i'm sure you get more happy by the day and will go for the whole ActionPack!
    None of us beta testers knows yet how tds-4 will be, so i can't promise that it will be more easy.
     
  13. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    I ran the smtp script with the TDS TCP traffic bridge in between and this is what happened:
    this time the mail did arrive!
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hmmmm that is realy great, congratulations with successfully running your first script!
    So your line 1 could contain "scan is ready" :)!
     
  15. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    first I've to take care of this:
     
Thread Status:
Not open for further replies.