Morpheus

Administrators
 View profile  See their activity

  • Content count

    600

  • Joined

  • Last visited

  • Days Won

    101

Everything posted by Morpheus

  1. I'm out of suggestions? Might try looking for the error through Google and see if something there helps.
  2. It won't hurt to run it again. It could take up to 10 min. to automatically reboot. Don't intervene.
  3. Did you run the modder.vbs file, and allow it to reboot by itself?
  4. Zip up everything in the \inetpub\logs\LogFiles folder and attach.
  5. I only found one small item. I'm not sure because it appears that PHP is working because the test.php file runes as expected. You might try renaming the base folder, extracting the base program using administrator privileges, extract the signatures to the base folder per the tutorial, and copy the new config to the base folder. base_conf .php
  6. Attach the base_conf.php file.
  7. What happens when you type from the URL: http://winids/base_main.php
  8. At this point in the tutorial you should be finished. To test php at this point the test.php file needs to be copied to the d:\winids\inetpub\wwwroot\base\ folder. From the URL type: http://winids/test.php What kind of response are you getting?
  9. The majority of MySQL commands end with a ; Follow the tutorial carefully.
  10. Yes, bypass that if it's not installed it will create an error later on. I'll see if I can find a command to run that will verify its actually installed. 2008 may install it by default.
  11. I just checked my 2008 and there is also no folder. Just bypass that and make SURE you update using Microsoft update until there is nothing left to update. Let us know if it works for you. It's possible that updating will add the needed software?
  12. I appears to be a problem with pre existing software that may be still installed, or possibly installed but removed. If this is system that is unknown to you then a fresh install of one of the support OS's will need to be done, and then restart the tutorial.
  13. Is this a Fresh install of the OS? Was the modder.vbs file ran? Was the modder.vbs allowed to reboot the OS on its own? Was the original path followed or was it changed? Did you follow the tutorial to manually install PHP or did you use the Web Installer to install PHP?
  14. You line 413 is: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile {\portscan.log} Line 413 should be: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { \portscan.log }
  15. All the riles are now compiled into a single winids.rules file. If you are not catching events then there are a few reasons why. 1) HOME_NET is not set correctly 2) The '-ix' switch in the run line is pointing to the wrong interface 3) The Windows Intrusion Detection System is plugged into a switch that either is not capable of mirroring. or mirroring is not setup.
  16. From the command prompt type d:\winids\snort\bin\snort -v -i1 What is the result?
  17. Did you try rebooting? From the CMD prompt type 'd:\winids\snort\bin\snort /SERVICE /SHOW' (less the outside quotes), and tap the 'Enter' key. What does the above show?
  18. I don't see any result?
  19. It appears you added a step. Go back and follow the directions.
  20. Open a CMD window and type 'cd /d d:\winids\snort\bin' (less the outside quotes), and tap the 'Enter' key. At the CMD prompt type 'snort /SERVICE /UNINSTALL' (less the outside quotes), and tap the 'Enter' key. At the CMD prompt type 'snort /SERVICE /INSTALL -c d:\winids\snort\etc\snort.conf -l d:\winids\snort\log -ix' (less the outside quotes), and tap the 'Enter' key. Note: Make SURE the x above reflects your interface number. At the CMD prompt type 'sc config snortsvc start= auto' (less the outside quotes), and tap the 'Enter' key. At the CMD prompt type 'net start snort' (less the outside quotes), and tap the 'Enter' key. The service should now start...
  21. The above xxxx needs to be 2973​ and it gets set in the pulledpork.conf file. snort_version=2.9.7.3 Note: UNIX uses 'uname' to extract the version from Snort, but in Windows 'uname' is not available so they have added the 'snort_version=' in case 'uname' is not available.
  22. Where exactly are you at in the tutorial? What happens: From a open CMD window type 'd:\winids\Snort\bin\snort /SERVICE /SHOW' (less the outside quotes), and tap the 'Enter' key.
  23. Your run line is wrong: perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledport\etc\pulledpork.conf -T Run line should be: perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T
  24. No problem, happy you got it all going.
  25. Sure use user root and you can change anything. It's better to just create new users with new passwords. Use the tutorial and create new users with new passwords, and make sure they have the appropriate permissions. After you have them created go in and change the authentication for the snort run line and the Windows Intrusion Detection Systems security console. Once the new authentications are verified, the old users can be dropped.