Configure Encrypted Cisco Enable Password

cisco_logo-1000px

There are two ways to configure an enable password on a Cisco device, the unsecured way or the encrypted way. Obviously one is also associated with the wrong way and the other isn’t!

Add Encrypted Enable Password

  1. Log into your device prior to running these commands
enable
configure terminal
enable secret PASSWORD

Remove Plain Text Enable Password

enable
configure terminal
no enable password

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Creating volumes with GPartd on Linux

linux-logo-300x300

There is a simple way of creating partitions on a Linux server if you have the option to turn the server off during the process.
GPartd can be booted to give you a simple GUI interface to manage all disks attached to the Linux server in either a physical or virtual capacity.

Download GPartd from here: http://gparted.sourceforge.net/download.php

For this example I am going to do this to a virtual machine (SLES 11 x64)

  1. Copy the gpartd live ISO to an accessible datastoreGpartd ISO
  2. Attach the ISO to the serverAttach Gpartd to VM
  3. Power on the virtual machine
  4. Open the console (if virtualised)Gpartd Start Screen
  5. Press enterGPartd Keymap
  6. Don’t change the keymap unless you need to so press enter past thisGPartd Language
  7. Change your language to your preferred language or press enter for the default (33 English)GPartd XServer Start
  8. Press enter to start X Server
  9. Select disk on top right of windowGPartd Select Disk
  10. Click on Device -> New Partition Table
  11. Click OK
  12. Drag the slider to the desired size or enter required amount in fields and press AddGPartd Create Partition
  13. Click Apply
  14. Click Apply if you want to accept the pending operationsGPartd ApplyGPartd Creating PartitionGPartd Created Partition
  15. Take a note of the location of the disk, in this case it is /dev/sdb1
  16. Reboot
  17. Remove ISO from virtual CD-ROM drive or eject media from physical server.
  18. Log in
  19. Create the mount point folder eg: mkdir /mnt/disk1
  20. Type “mount /dev/sdb1 /test”
  21. Type “df -h” to see the volume

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Forward all traffic on Linux

linux-logo-300x300

Turning on IP forwarding can be useful if you want to pass traffic through a server such as a firewall Linux server. To turn on IP forwarding run the following commands:

Temporary Enable

echo "1"> /proc/sys/net/ipv4/ip_forward

Permanently Enable

vi /etc/sysctl.conf
uncomment out the following line
#net.ipv4.ip_forward=1

Example Disabled
IP forward hashed out

Example EnabledIP forward unhashed

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

X Server Forwarding with Putty on Windows

X.Org_Logo

Introduction

Unix machines have been able to run software on remote devices and display the GUI locally for almost two decades, Linux and Mac OS X support X Forwarding with no extra software. Any terminal on Linux show do X Forwarding, Mac users need to run XTerm.

Prerequisites

  • Putty for SSH
  • Xming for the XServer client
  • Xorg and Openbox for X11 on Linux Server

Configuring Putty

  1. Add hostname
  2. Switch protocol to SSH if not already selected
  3. Type a name to save the sessionPutty X11 Session
  4. Go to Connection -> SSH -> X11
  5. Check “Enable X11 forwarding”
  6. Type “localhost:0” in X display location
  7. Putty X11Go back to Session on the left hand side
  8. Click Save to save the session

Install and starting Xming

  1. Install Xming with default settings
  2. Start by running “All Programs -> Xming -> Xming”

You will be presented with a X in the system tray

Xming Service

Run X Windows Applications

Log into the saved session in Putty and execute the application you want to run

Advanced Settings

I wanted to run X Server applications through Citrix XenApp so I had to install Xming on the XenApp Application server and then hand craft some Putty switches to log into the box and execute a command. I won’t go into the Citrix XenApp configuration but I will touch on the Putty command line.

The whole command line I used was:

D:\Programs\Putty\putty.exe -l root -pw password 123.456.789.101 -X -m d:\Programs\Putty\armitage.txt

Where

  • -l root = login to use
  • -pw password = the password to the login
  • 123.456.789.101 = the IP address of the server
  • -X = Enable X11 forwarding
  • -m d:ProgramsPuttyarmitage.txt = the command I want to run in a text file

The code in armitage.txt is the following:

armitage

I found the Putty documentation to be sort of useful in finding the correct switches to run

http://the.earth.li/~sgtatham/putty/0.63/puttydoc.txt

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Restarting Management Agents on ESX Physical Hosts

VMware_logo

Management services on physical hosts that are running VMware ESX can fail causing the following results:

  • You cannot connect ESX/ESXi to VirtualCenter /vCenter Server
  • You cannot connect directly to the ESX/ESXi host from the VMware Infrastructure Client / vSphere Client
  • You cannot stop or start a virtual machine
  • A virtual machine is shown as running in vCenter Server when it is not
  • vCenter Server shows the error:
    • Virtual machine creation may fail because agent is unable to retrieve VM creation options from the host

There are multiple ways to restart the management agents:

Direct Console

  1. Connect to the console of your ESXi host
  2. Press F2 to customise the system
  3. Log in as root
  4. Use the Up/Down arrows to navigate to “Restart Management Agents”
  5. Press Enter
  6. Press F11 to start the services
  7. When the service has been restarted, press Enter
  8. Press Esx to log out of the system

From a Shell

  1. Log in to SSH
/etc/init.d/hostd restart
/etc/init.d/vpxa restart

Note: In ESX 4.x, run this command to start the vpxa agent:

/etc/opt/init.d/vmware-vpxa restart

Alternatively, to restart all management agents on the host, run the command:

services.sh restart

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to install Webmin on Debian or Ubuntu

Webmin-Logo-600

Sometimes you just need to have a more simple approach to managing a Linux server and this is where Webmin can help, by installing this package you get a web console to configure everything from system configuration to application and services.

There are two ways you can install, first is by getting the DEB version from Webmin themselves or by using aptitude (apt)

Install using DEB

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.660_all.deb
dpkg --install webmin_1.660_all.deb

The install will be done automatically to /usr/share/webmin, if Debian complains about missing dependencies, you can install using the following command:

apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python

Install using Apt Repository

If you would like to install and update Webmin via APT, edit the /etc/apt/sources.list file on your system and add the lines:

deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

You should be able to install with the following commands:

apt-get update
apt-get install webmin

All dependencies should be resolved automatically, if they aren’t run the following command

apt-get -f install

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Generate Custom Password Lists with Common User Passwords Profiler (CUPP)

If getting massive word lists and spending days if not weeks or months running attacks on targets isn’t your thing (not that I endorse this type of behaviour) then you can try a more defined approach if you know a little information about your specific target using common user passwords profiler (CUPPS). Most people generate passwords based on things in their lives like peoples names and birthdates, with the help of a simple question based form requesting information on the target you can generate 200,000+ personally generated passwords based on the targets life. The tool is written for Linux and installed by default in Backtrack 5 (maybe other previous versions too?) in the /pentest/passwords/cupps location.CUPP Files

CUPP Help

By running the Custom User Passwords Profiler with the “-i” switch you will enter the interactive mode of the script which will ask you the following questions:

  • Name
  • Surname
  • Nickname
  • Wife/Husbands name
  • Wife/Husbands nickname
  • Wife/Husbands birthdate
  • Child’s name
  • Child’s nickname
  • Child’s birthdate
  • Pet’s name
  • Company name
  • Add additional words?
  • Add special characters?
  • Add random numbers?
  • Leet mode?
CUPP Interactive

Above is just an example of the input that can be entered

Once the questions are complete the script will generate a file with the person’s first name and a word count of how many passwords were generated and placed in the folder you ran the script from (in this case /pentest/passwords/cupp).

From there you can run your favourite tool against a target with the wordlist such as Medusa.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to Setup Log Rotation of Apache Logs

apache-logo

If you have a Apache hosting server with a log of traffic you might find your logs grow over time even to the point of filling up the whole volume and causing a system outage. One way around this is to set up log rotation on the log files so that (depending on your settings) will compress the log file to reduce the size.

First step is to edit the /etc/logrotate.d/apache file and append the log file location with the options you desire:

vi /etc/logrotate.d/apache
/var/log/apache2/domain.com-access_log {
 compress
 dateext
 maxage 365
 rotate 99
 size=50M
 notifempty
 missingok
 create 644 root root
 postrotate
 /etc/init.d/apache2 reload
 endscript
}

Note: Change path of first line to reflect the location of the log file

Options

  • compress = Old versions of log files are compressed with gzip by default. See also nocompress.
  • compresscmd = Specifies which command to use to compress log files. The default is gzip. See also compress.
  • uncompress = Specifies which command to use to uncompress log files. The default is gunzip.
  • compressext = Specifies which extension to use on compressed logfiles, if compression is enabled. The default follows that of the configured compression command.
  • compressoptions = Command line options may be passed to the compression program, if one is in use. The default, for gzip, is “-9” (maximum compression).
  • copy = Make a copy of the log file, but don’t change the original at all. This option can be used, for instance, to make a snapshot of the current log file, or when some other utility needs  to truncate or pare the file. When this option is used, the create option will have no effect, as the old log file stays in place
  • copytruncate = Truncate  the  original log file in place after creating a copy, instead of moving the old log file and optionally creating a new one,  It  can be used when some program can not be told to close its logfile and thus might continue writing (appending)  to  the previous log file forever.  Note that there is a very small time slice between copying the file and truncating it, so  some  log-ging  data  might be lost.  When this option is used, the create option will have no effect, as the old log file stays in  place.
  • create mode owner group = Immediately after rotation (before the postrotate script is run) the log file is created (with the same name as the log file just rotated). mode specifies the mode for the log file in octal (the same as chmod(2)), owner specifies the user name  who  will own the log  file, and group specifies the group the log file will belong to. Any of the log file attributes may  be  omitted, in which case those attributes for the new file will use the same values as the original log file for the omitted attributes. This option can be disabled using the nocreate option.
  • daily = Log files are rotated every day
  • delaycompress ext = Postpone  compression of the previous log file to the next rotation cycle. This has only effect when used in combination  with compress. It can be used when some program can not be told to close its logfile and thus might continue writing to the  previous log file for some time.
  • extension = Log  files  are given the final extension ext after rotation. If compression is used, the compression  extension  (normally  .gz) appears after ext.
  • ifempty = Rotate  the  log  file  even  if  it  is  empty,  overiding  the notifempty option (ifempty is the default).
  • include file_or_directory = Reads the file given as an argument as if it was included inline where  the  include  directive appears. If a directory is given, most of the files in that directory are read in alphabetic order before  processing  of  the  including  file continues. The only files which are ignored are files which are  not  regular  files (such  as directories and named pipes) and files whose names end with one of the taboo extensions, as specified by  the  tabooext directive.  The include directive may not appear inside of a log file definition.
  • mail address = When a log is rotated out-of-existence, it is mailed to address. If  no  mail should be generated by a particular log, the nomail directive may be used.
  • mailfirst = When using the mail command, mail the just-rotated file, instead of the about-to-expire file.
  • maillast = When  using  the  mail  command,  mail the about-to-expire file, instead of the just-rotated file (this is the default).
  • missingok = If the log file is missing, go on to the next one without  issuing an error message. See also nomissingok.
  • monthly = Log files are rotated the first time logrotate is run in a month (this is normally on the first day of the month).
  • nocompress = Old versions of log files are not compressed with gzip. See also compress.
  • nocopy = Do  not copy the original log file and leave it in place.  (this overrides the copy option).
  • nocopytruncate = Do not truncate the original log file in place after creating  a copy (this overrides the copytruncate option).
  • nocreate = New  log  files  are  not  created  (this  overrides  the create option).
  • nodelaycompress = Do not postpone compression of the previous log file to the next rotation cycle (this overrides the delaycompress option).
  • nomail = Don’t mail old log files to any address.
  • nominningok = If  a  log  file  does  not  exist,  issue an error. This is the default.
  • noolddir = Logs are rotated in the same directory the log normally  resides in (this overrides the olddir option).
  • nosharedscripts = Run  prerotate  and postrotate scripts for every script which is rotated (this is the default, and  overrides  the  sharedscripts option).
  • notifempty = Do not rotate the log if it is empty (this overrides the ifempty option).
  • olddir directory = Logs are moved into directory for rotation. The  directory  must be  on  the  same physical device as the log file being rotated,  and is assumed to be relative to the directory holding  the  log file unless an absolute path name is specified. When this option is used all old versions of the log end up in  directory.   This option may be overriden by the noolddir option.
  • postrotate/endscript = The  lines  between postrotate and endscript (both of which must appear on lines by themselves) are executed after the  log  file is  rotated.  These  directives  may only appear inside of a log file definition.  See prerotate as well.
  • prerotate/endscript = The lines between prerotate and endscript (both  of  which  must appear  on lines by themselves) are executed before the log file is rotated and only if the log will actually be  rotated.  These directives may only appear inside of a log file definition.  See postrotate as well.
  • firstrotate/endscript = The lines between firstaction and endscript (both of which  must appear  on lines by themselves) are executed once before all log files that match the wildcarded pattern are rotated, before pre-rotate  script is run and only if at least one log will actually be rotated. These directives may only appear  inside  of  a  log file definition. See lastaction as well.
  • lastaction/endscript = The  lines  between lastaction and endscript (both of which must appear on lines by themselves) are executed once after  all  log files  that  match  the  wildcarded  pattern  are rotated, after postrotate script is run  and  only  if  at  least  one  log  is rotated.  These  directives may only appear inside of a log file definition. See lastaction as well.
  • rotate = Log files are rotated <count>  times  before  being  removed  or mailed to the address specified in a mail directive. If 0, old versions are removed rather then rotated.
  • size = Log files are rotated when they grow bigger then size bytes.  If size  is  followed by M, the size if assumed to be in megabytes. If the k is used, the size is in kilobytes. So  size  100,  size 100k, and size 100M are all valid.
  • sharedscripts = Normally,  prescript and postscript scripts are run for each log which is rotated, meaning that a single script may be run multiple  times for log file entries which match multiple files (such as the /var/log/news/* example). If sharedscript  is  specified, the scripts are only run once, no matter how many logs match the wildcarded pattern.  However, if none of the logs in the pattern require  rotating,  the  scripts  will  not  be run at all. This option overrides the nosharedscripts option and  implies  create option.
  • start count = This is the number to use as the base for rotation. For example, if you specify 0, the logs will be created with a  .0  extension as they are rotated from the original log files.  If you specify 9, log files will be created with a  .9,  skipping  0-8.   Files will  still  be  rotated  the number of times specified with the count directive.
  • tabooext = The current taboo extension list is  changed  (see  the  include directive  for information on the taboo extensions). If a + precedes the list of extensions, the current taboo  extension  list is  augmented,  otherwise  it is replaced. At startup, the taboo extension list contains .rpmorig, .rpmsave, ,v,  .swp,  .rpmnew, and ~.
  • weekly = Log  files  are  rotated if the current weekday is less then the weekday of the last rotation or if more then a week  has  passed since  the  last rotation. This is normally the same as rotating logs on the first day of the week, but it works better if logrotate is not run every night.

Force Manual Logrotate

Once you have all the files you wish to rotate, you can run logrotate manually to start rotating the files. This is non disruptive but before you do this, ensure you have enough space available as it will start writing .gz files to disk!

  • logrotate -v -f /etc/logrotate.d/apache2

-v is verbose mode

-f is to force the logrotate

Other Logs to Rotate

This is an example for Apache however there are other logs that can fill up, the procedure is exactly the same except the log rotate configuration file is different, they are held at the same location as the Apache configuration file is. There are standard ones that come with Linux and very dependant on distribution, an example of the configuration files on a Debian Squeeze (6) server are:

  • apache2
  • apt
  • aptitude
  • dpkg
  • exim4-base
  • exim4-paniclog
  • rsyslog

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Specifies which command to use to compress log files. The default is gzip. See also compress.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Securely Wipe Hard Drives with DBan

DBAN_Logo

Okay so you have some data on a drive that needs to be wiped, simply right clicking and selecting delete isn’t going to cut the mustard for you as you don’t want someone to “un-delete” the data.
There is a free, open source bootable image called Darik’s Boot and Nuke (DBAN), it will securely wipe all data you specify on a disk to remove all known techniques of hard disk forensic analysis.
I am going to give a quick how-to guide on how to run the tool against a disk (in this case a virtual machine) of 5 gigabytes in total.

  1. First, download the latest version from http://www.dban.org/download
  2. You will need to install the ISO image to a USB key if running on a physical machine. I recommend using a tool called Linux Live USB Creator found at http://www.linuxliveusb.com/
  3. Plug in the USB to the physical machine you want to nuke
  4. Go into the BIOS and change the boot order or when prompted at the BIOS screen you can select a device to boot (manufacture dependant)
  5. You will be presented with the following screenDBAN Boot Inital Screen
  6. Press enter to go into the interactive modeDBan Nuke Page
  7. After a reasonable amount of time (be patient) you will be presented with the following screen, you are presented with options at the bottom of the page
    • I recommend changing the wipe method, you are presented with the following options
      • Quick Erase (Not recommdend)
      • RCMP TSSIT OPS-II (Security Level Medium – 8 passes)
      • DoD Short  (Security Level Medium – 3 passes)
      • DoD 5220.22-M  (Security Level Medium – 7 passes) Recommended
      • Gutman Wipe  (Security Level High – 35 passes) It will take a long time!
      • PRNG Stream (Security Level depending on passes 4=Medium 8=High)
  8. Select the disk you would like to nuke by hitting the space bar and press F10 to startDBan Prestart
  9. Once you have started you should be presented with progress on the wipeDBan In Progress
  10. Completion and status of the wipe is when it gets to 100%DBan Complete

That is pretty much it, press enter, you will be presented with some advertising. Turn the machine off, remove the USB key and bin the box.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to identify disks in Linux when virtualised through VMware

linux-logo-300x300

 

How to identify volumes in Linux when virtualised through VMware

Recently I came upon a problem when expanding a volume on a Linux Suse distribution, when you have two disks of the same size it is hard to identify within VMware what disk is actually is.

It is easy if all the disks are a different size attached to the Linux machine but if you have two more more of the same size then it makes it a lot harder, my formula is as follows:

Match up the /dev/sd# to the SCSI target eg: 0:2 which can be matched up in the VMware vSphere console.

linux, df -h, filesystem, layout

 

Note: The disk highlighted in yellow is the disk I want to manage

The one above (sdb1) is the disk that is also the same size

Running the “ls -lash” command within the folder /sys/dev/block will give you output of the SCSI address

/sys/dev/block, ls

 

As I am trying to find the SCSI target of sdc, the way to interpret the data is:

../host0/target0:0:2/0:0:2:0/block/sdc = SCSI target 2

Note: SCSI targets start at zero, don’t forget this!

Now look for a disk attached as SCSI target 2 in vSphere for that virtual machine

vsphere

 

Highlighted in yellow is the information on the disk relating to SCSI disk 2.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.