jw0rd.net » Server 2003

Visual Studio as a powerful search and replace tool

admin — Sun, 15 Feb 2009 02:36:00 +0000

Recently at work I was dealing with a server-wide compromise on a web server. A specific injection was appended to over 2000 files *.cfm files. Once getting permissions in order (the root issue) I was trying to figure out how to remove the injections. We have a very strong Storage Operations team and we make backups daily, however restores tend to scare customers. Since the injections were all appended and none of the legitimate data was overwritten, it just needed to be removed.

Open Visual Studio and press ctrl+f. “Quick Replace” -> “Replace in Files”.

The injection we want to remove for this example is as follows:

Notice the multiple line breaks and special characters, this is where Visual Studio regular expressions become handy.

http://msdn.microsoft.com/en-us/library/2k3te2cs(VS.80).aspx

For this situation this we need to understand how to use these expressions:

Any character   .     Matches any single character except a line break.
Zero or more     *    Matches zero or more occurrences of the preceding expression, making all possible matches.
Line break        \n   Matches a platform-independent line break. In a Replace expression, inserts a line break.
Escape             \     Matches the character that follows the backslash (\) as a literal. This allows you to find the characters used in regular expression notation, such as { and ^. For example, \^ Searches for the ^ character.

Here is the final search string:

\\<\!\-\-\n.*\"\\<\/i\"\;\n.*frame\>\"\;\n.*applstrna4\)\;\n.*\<\/script\>

Be sure to select “Use: Regular Expressions” , then “Replace all”. If you’re on an internal network you can just use a UNC path in the “Look in:” input.

Once it completes it will tell you how many occurrences were replaced and it will actually make a log of it in your find results pane window.

Replace all "\\<\!\-\-\n.*\"\\<\/i\"\;\n.*frame\>\"\;\n.*applstrna4\)\;\n .*\<\/script\>", "", Regular expressions, Find Results 1, "C:\", "*.aspx" C:\Default.aspx(32,1): Total replaced: 1 Matching files: 1 Total files searched: 1

ADODB.Field error ‘800a0bcd’

admin — Wed, 24 Dec 2008 17:22:31 +0000

ASP connecting with MySQL throws the following error:
ADODB.Field error ‘800a0bcd’

Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

Based on the error returned it sounds like an empty recordset however it wasn’t. I wasted a lot of time debugging when in fact the problem was the MySQL ODBC driver. If you see a similar error be sure to update the driver to the latest version (3.51.27.00)

http://www.mysql.com/products/connector/odbc/

Impersonate XP

admin — Tue, 21 Oct 2008 23:49:42 +0000

If you’re like me and you like using your server as a desktop you have probably run into the issue where an installer won’t initialize in Server 2003 even though you are sure it would run just fine. If so all you need is Application Verifier from Microsoft to trick the executable.

http://www.microsoft.com/downloads/details.aspx?FamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&displaylang=en

Use is fairly simple, add the installer .exe and change the following attributes under Compatibility -> High VersionLie

Major Version: 5

Minor Version: 1

Build number: 2600

Service pack major: 2

Service pack minor: 1

Suite Mask: 0

Product Type: 0

CSD Version: