Advertisements

ALFA AWUS036H with Kali Linux 1.0.9 & vmware Player

I got an ALFA AWUS036H for some wireless testing. I had trouble getting deauthentication to work. Eventually I ran across this post

http://forum.backbox.org/software-support/aireplay-ng-ignore-negative-one/

I’ve encountered this error in the past many times. I own four different Alfa wireless NICs, and to get around this problem all I have to do is:
service network-manager stop
airmon-ng check kill && airmon-ng start wlan0
ifconfig wlan0 down
airodump-ng -f 1000 mon0 (as an example)

I usually double check wpa_supplicant is not running as it does seem to affect monitor mode.

killall wpa_supplicant

You’re monitor interface (eg mon0) will still be available even after putting your primary wireless interface (eg wlan0) down. This fixes the -1 channel issue for me without patching any drivers.

This made it work for me

Also, to bump the trsx http://fl3x.us/blog/2013/01/12/setting-alfa-awus036h-to-30-dbm-1w-in-backtrack-5-r3/

Also, this command is useful after a capture

wpaclean <What you want the output cap file to be called> <cap file to clean>

Advertisements

Bizlink install process part 1

The Bizlink install was a very straightforward process and it took me about an hour to complete. Go to the download site

Install1

 

I choose the 64bit version. It was pretty much a next, next, next install. I choose BizLink, New Installation, and installed onto a single machine. If you were going distributed I think the install could get much more complicated 🙂 I accepted all of the default ports. I made a quick MS SQL database for it as well.

Next you need to install all of the various parts to run as a service, this is pretty easy you just go into the dir you installed bizlink, then app3.3.0\bin then do the below

install2

 

Next, I had to license it. To do so you go to Setup > Licenses, Click Add, choose upload license file, and then give it a name.

One slightly tricky thing was I wanted to patch 3.3.0 to current. So I clicked on Software Patches, hmmm I see BizManager_3.3.0_CumulativePatch_17.zip I think that’s what I want. I can never figure out if I have Bizlink or BizManager or whatever… anyways… hmm how to install. Oh yeah if I download BM_33017_Release_Notes.pdf  (that BM stands for BizManager and not bowel movement I guess) there are the instructions. Unzip the patch to /app3.3.0 and the go into /app3.3.0/bin/ and Run as Administrator on the installpatch.bat

Easy peasy. Next post, how to get AS2 up and running

Where in I install graylog2 as a linux newb

Or just watch the video 🙂 https://everythingshouldbevirtual.com/ubuntu-graylog2-auto-install-script-video

First download Ubuntu

http://releases.ubuntu.com/13.04/

Use the 64-bit PC (AMD64) server install image I’m installing inside vmware so I choose Ubuntu 64bit as the vm type. The AMD64 might throw you off, it just means 64bit.

Mount and boot the .iso. Install using defaults. Done.

Next, try to get vmware tools installed.

I followed these instructions -> from here http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1022525

And it looks like they actually worked!

—-

Ubuntu Server with only a command line interface

  1. Go to Virtual Machine > Install VMware Tools (or VM > Install VMware Tools).Note: If you are running the light version of Fusion, or a version of Workstation without VMware Tools, or VMware Player, you are prompted to download the Tools before they can be installed. Click Download Now to begin the download.
  2. In the Ubuntu guest, run these commands:
    1. Create a directory to mount the CD-ROM by running the command:sudo mkdir /mnt/cdromWhen prompted for a password, enter your Ubuntu admin user password.Note: For security reasons, the typed password is not displayed. You do not need to enter your password again for the next five minutes.
    2. Mount the CD-ROM by running the command:sudo mount /dev/cdrom /mnt/cdrom or sudo mount /dev/sr0 /mnt/cdrom
    3. The file name of the VMware Tools bundle varies depending on your version of the VMware product. Run this command to find the exact name:ls /mnt/cdrom
    4. Extract the contents of the VMware Tools bundle by running the command:tar xzvf /mnt/cdrom/VMwareTools-x.x.x-xxxx.tar.gz -C /tmp/Notex.x.x-xxxx is the version discovered in the previous step.
    5. Change directories into the VMware Tools distribution by running the command:cd /tmp/vmware-tools-distrib/
    6. Install VMware Tools by running the command:sudo ./vmware-install.pl -dNote: The -d switch assumes that you want to accept the defaults. If you do not use -d, press Return to accept each default or supply your own answers.
  3. Run this command to reboot the virtual machine after the installation completes:sudo reboot

Assign a static ip using instructions here ->https://help.ubuntu.com/10.04/serverguide/network-configuration.html

Static IP Address Assignment

To configure your system to use a static IP address assignment, add the static method to the inet address family statement for the appropriate interface in the file /etc/network/interfaces. The example below assumes you are configuring your first Ethernet interface identified as eth0. Change the addressnetmask, and gateway values to meet the requirements of your network.

auto eth0
iface eth0 inet static
address 10.0.0.100
netmask 255.255.255.0
gateway 10.0.0.1

By adding an interface configuration as shown above, you can manually enable the interface through the ifup command.

sudo ifup eth0

--- OK now to install. taken from here -> http://everythingshouldbevirtual.com/ubuntu-12-04-graylog2-installation

The salient point of the install is

Installation steps
------------------
sudo apt-get -y install git
cd ~
git clone https://github.com/mrlesmithjr/graylog2/
chmod +x ./graylog2/install_graylog2_20_ubuntu.sh

Now enter the following to start running the script.
cd ~
sudo ./graylog2/install_graylog2_20_ubuntu.sh
---
That will take a while, I don't know how long since I went home and it was done when I got back.

--tada it worked

---now setup the redirect Rsyslog is listening on UDP/514 and forwarding to Graylog2 which is listening on UDP/10514

Open your browser of choice and connect to http://ip.or.nameofgraylog2server:9000

Login with username admin and password is password123

16-14-48

Click on system

16-06-32

Click on nodes

16-06-45

Select action and then manage inputs

16-06-57

Select Syslog UDP from dropdown

16-07-16

Give it a name of syslog redirect and port 10514 and then click launch and close. (Rsyslog is listening on UDP/514 and forwarding to Graylog2 which is listening on UDP/10514)

16-07-52

You should now see your new input created and accepting traffic.

16-08-34

--- Ok, now to get our ESX traffic in. Taken from -> https://everythingshouldbevirtual.com/collecting-vsphere-syslog-data-with-graylog2

Now assuming that you have Graylog2 up and running let’s configure our ESXi hosts to send their syslogs to our new Graylog2 server.

Open your vSphere Client and select your host from vCenter or connect directly to your host. Select configuration and then advanced settings under the software section. Scroll down and expand Syslog and select global. Now underSyslog.global.loghost fill in udp://ipaddressofgraylog2:514 then click ok.

11-59-45

 

Now you have to allow syslog data to be sent from your host. In order to do this you must configure the firewall on the host to allow this. So on the configuration page select security profile under the Software section. Scroll down to syslog and enable the checkbox and click ok.

13-16-34

Once that is done you should start to see syslog data showing up in Graylog2. The only other thing you might want to do is make sure that each of your hosts are showing up as unique hosts within Graylog2. Other than that you are good to go. You can also configure other devices in your environment to send their syslog data back to your Graylog2 server.

OK, now I see stuff flowing in but I need to make some sort of dashboard! I'll figure that out next!


		

	

However, our old VB 6.0 app continued to fail with the message “Run time error ‘339’ Component ‘MSCOMCTL.OCX’ or one of its dependencies is not correctly registered; a file is missing or invalid.” solved

Solution from here

Windows 2008 R2 Datacenter Edition.  Running regsvr32 mscomctl.ocx in C:\Windows\SysWOW64 resulted in success message “DllRegisterServer in mscomctl.ocx succeeded”.

However, our old VB 6.0 app continued to fail with the message “Run time error ‘339’ Component ‘MSCOMCTL.OCX’ or one of its dependencies is not correctly registered; a file is missing or invalid.”

The error was user-specific.  The user who performed the install was able to execute the application, but other users were not.  Ironically, running the application as administrator also failed.

Action:  Unregistered mscomctl.ocx in SysWOW64, made a copy in C:\Windows, and registered the copy using the version of regsvr32 in SysWOW64.  E.g., from a command line or batch file, running as administrator:

C:\Windows\SysWOW64\regsvr32 C:\Windows\mscomctl.ocx

Works.

I also had to copy MSCOMCT2.ocx to the windows folder and register it and now my terminal server is working fine.

 

Super simple yet very #useful tool

http://www.intelliadmin.com/index.php/2013/05/a-simple-utility-to-help-users-print-system-information/

An icon in the tray so users can tell you their computer name/ ip addy

Using a WAN emulator inside vmware ESXi

So I needed to stress test our WMS system, apparently there’s a hard to replicate bug when the network goes screwy so I wanted to see if I could cause it. At first I ran across dummycloud… but didn’t get very far with it. Next, I thought I would try wanem since I had used it before on a physical box. So I downloaded the wanem virtual appliance http://wanem.sourceforge.net/ and then used vmware converter to bring it into vcenter (since it was throwing a A SparseVer2BackingInfo disk is found error)

Converter sort of got it working, but they way they packaged the vm is basically a simple vm that boots off an .iso so I set it to boot off the .iso.

So I went with the one nic configuration. I set it to 10.55.55.56, subnet 255.255.0.0 and gateway 10.55.55.56 (looks like you must set a gateway!,even if bogus)

Then I did my route adds (completely wrong over and over again) on PC1 you want to use a route add to set the route how to get to PC2 and vice versa i.e.

PC1 – route add PC2addy mask 255.255.255.255 10.55.55.56 (your wanem addy)

PC2 – route add PC1addy mask 255.255.255.255 10.55.55.56 (your wanem addy)

Then your tracert will actually work!

Another lame problem, the resolution of my VM was too small so the settings bar wouldn’t show i.e. Basic mode etc… when I upped the resolution, problem fixed!

A good post on this is here http://vninja.net/network/using-the-wanem-wan-emulator-virtual-appliance/

sp_repldone/sp_replcounters solution!

Here is the text

From http://mattslocumsql.blogspot.com/2012/04/replication-troubleshooting-how-to-deal.html

Replication Troubleshooting – How to deal with out of sync publications

Transactional Replication and nasty errors that cause out of sync publications.

The other day we had an issue on our distributor that caused deadlocks on the Distribution database.  Several of the Log Reader Agents suffered fatal errors due to being chosen as the deadlock victim.  This caused the following error to occur:

  • The process could not execute ‘sp_repldone/sp_replcounters’ on ‘MyPublisherServer’

When I drilled in to view the detail, I found this error:

  • The specified LSN (%value) for repldone log scan occurs before the current start of replication in the log (%newervalue)

After much searching on the error, I came across several forum posts that indicated I was pretty well up a creek.  I then found this post on SQLServerCentral.  Hilary Cotter’s response was the most beneficial for devising a recovery plan and Stephen Cassady’s response helped me refine that plan.

Hilary Cotter (Blog) is an expert when it comes to SQL replication.  He certainly knows his stuff!

The Recovery Plan
Recovering from this issue involves several steps.

For small databases or publications where the snapshot to reinitialize the publication will be small and push quickly, it’s simplest and best to just reinitialize the entire publication and generate/push a new snapshot.

For larger publications (my publication contained almost 1,000 tables) and situations where pushing the snapshot will take an inordinate amount of time (24+ hours in my case) the following process can be used to skip the missing transactions and identify the tables that are now out of sync:

  • Recover the Log Reader Agent by telling it to skip the missing transactions
  • Recover the Distribution Agent by configuring it to ignore data consistency issues
  • Validate the publication to determine which tables are out of sync
  • Drop and republish out of sync tables


Log Reader Agent Recovery
The simplest way to recover the Log Reader Agent is to run the following command against the published database:

  • sp_replrestart
This effectively tells SQL to restart replication NOW, thus ignoring all transactions that have occurred between the time of the failure and the time you run the command.  The longer you wait to run this command, the more activity in the database that gets ignored, which likely results in more tables that fall out of sync.
Distribution Agent Recovery

Now that the Log Reader Agent is capturing transactions for replication, the Distribution Agent will likely get upset because there are transactions missing.  I specifically received the following error:

  • The row was not found at the Subscriber when applying the replicated command

This error causes the Distribution Agent to fail, but there is a system profile for the Distribution Agent that you can select to bypass the data consistency errors.

  • Launch Replication Monitor
  • In the left-hand column
    • Expand the DB server that contains the published database
    • Select the Publication
  • In the right-hand pane
    • Double-click the Subscription
  • In the Subscription window
    • Go to the Action menu and select Agent Profile
    • Select the profile: Continue on data consistency errors. and click OK
      • Be sure to note which profile was selected before changing it so that you can select the appropriate option once recovery is complete
  • If the Distribution Agent is currently running (it’s likely in a fail/retry loop), you’ll need to:
    • Go to the Action menu and select Stop Distribution Agent
    • Go to the Action menu and select Start Distribution Agent
  • If there is more than one subscription, repeat these steps for any additional subscriptions


Subscription Validation
Validating the Subscription(s) is a fairly straightforward task.
  • Launch Replication Monitor
  • In the left-hand column of Replication Monitor
    • Expand the DB server that contains the published database
    • Right-click the Publication and select Validate Subscriptions…
    • Verify Validate all SQL Server Subscriptions is selected
    • Click the Validation Options… button and verify the validation options – I recommend selecting the following options:
      • Compute a fast row count: if differences are found, compute an actual row count
      • Compare checksums to verify row data (this process can take a long time)
    • Once you are satisfied with the validation options, click OK and then click OK to actually queue up the validation process
      • Please note: for large databases, this process may take a while (and the Validate Subscriptions window may appear asNot Responding)
For my publications (~1,000 tables and DB was ~100GB) the validation process took about 20 minutes, but individual results will vary.
If you wish to monitor the validation progress
  • In the right-hand pane of Replication Monitor
    • Double-click the Subscription
  • In the Subscription window:
    • Go to the Action menu and select Auto Refresh


Identify out of sync tables
I created the following script that will return the tables that failed validation:

— This script will return out of sync tables after a Subscription validation has been performed
— Set the isolation level to prevent any blocking/locking
SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED;

SELECT
mda.publication [PublicationName],
mdh.start_time [SessionStartTime],
mdh.comments [Comments]

FROM distribution.dbo.MSdistribution_agents mda
JOIN distribution.dbo.MSdistribution_history mdh ON mdh.agent_id = mda.id

— Update Publication name as appropriate
WHERE mda.publication = ‘My Publication’
AND mdh.comments LIKE ‘%might be out of%’
— This next line restricts results to the past 24 hours.
AND mdh.start_time > (GETDATE() – 1)
— Alternatively, you could specify a specific date/time: AND mdh.start_time > ‘2012-04-25 10:30’
— View most recent results first
ORDER BY mdh.start_time DESC

The Comments column will contain the following message if a table is out of sync:
  • Table ‘MyTable’ might be out of synchronization.  Rowcounts (actual: %value, expected: %value).  Checksum values  (actual: -%value, expected: -%value).
Make a list of all tables that are returned by the aforementioned script.
Now the determination needs to be made as to the level of impact.
  • The Reinitialize All Subscriptions option should be used if the following is true:
    • Large number of tables affected (majority of published tables)
    • Unaffected tables are small in size (if the snapshot for the unaffected tables is going to be very small, it’s much easier to just reinitialize everything)
  • Dropping and re-adding individual tables should be used if the following is true:
    • The number of tables affected is far less than the total number of tables
    • The tables that are unaffected are very large in size and will cause significant latency when pushing the snapshot
The latter was the case in my scenario (about 100 out of 1,000 tables were out of sync, and the ~900 tables that were in sync included some very large tables).
Reinitialize All Subscriptions
Follow this process if the determination has been made to use the Reinitialize All Subscriptionsoption:

  • In the left-hand column of Replication Monitor
    • Expand the DB server that contains the published database
    • Right-click the Publication and select Reinitialize All Subscriptions…
    • Verify Use a new snapshot is selected
    • Verify Generate the new snapshot now is NOT selected
    • Click the Mark For Reinitialization button
      • Please note: for large databases, this process may take a while (and the Replication Monitor window may appear as Not Responding)
  • In the right-hand pane of Replication Monitor
    • Select the Agents tab (in SQL 2005 select the Warnings and Agents tab)
    • Right click the Snapshot Agent and select Start Agent
      • The reason for performing this manually is that sometimes when you select the Generate the new snapshot now option, it kicks off the Snapshot Agent before the reinitialization is complete which causes blocking, deadlocks and major performance issues.

Recover out of sync tables
If the determination has been made to recover the individual tables, use the list of tables generated from the validation process and follow this process:

  • In the left-hand column of Replication Monitor
    • Expand the DB server that contains the published database
    • Right-click the Publication and select Properties
    • Select the Articles page in the left-hand column
    • Once the center page has populated, expand each table published to determine if the table is filtered (i.e. not all columns in the table are published).
      • If tables are filtered, make a note of the columns that are not pushed for each table
    • Once review of the tables is complete, click Cancel
      • If you click OK after expanding tables, it will invalidate the entire snapshot and you will end up reinitializing all articles in the publication
    • Right-click the Publication and select Properties
    • Select the Articles page in the left-hand column
    • Clear the check boxes for all out of sync tables and click OK
    • Right-click the Publication and select Properties
    • Select the Articles page in the left-hand column
    • Select the affected tables in the center pane
      • If any tables were not completely replicated, be sure to reference your notes regarding which columns are replicated
    • Click OK when table selection is complete
      • Note: If you receive an error that the entire snapshot will be invalidated, close the Publication Properties window and try adding in a few tables at a time until all tables are selected.
    • In the right-hand pane of Replication Monitor
      • Select the Agents tab (in SQL 2005 select the Warnings and Agents tab)
      • Right click the Snapshot Agent and select Start Agent
    • Double-click the Subscription
    • Go to the Action menu and select Auto Refresh
 
Final cleanup
Once the snapshot has been delivered and replication has caught up on all queued transactions, perform the following to return replication to a normally running state.
    • In the left-hand column of Replication Monitor
      • Expand the DB server that contains the published database
      • Select the Publication
    • In the right-hand pane of Replication Monitor
      • Double-click the Subscription
    • In the Subscription window
      • Go to the Action menu and select Agent Profile
      • Select the profile that was configured before you changed it (if unsure, the Default agent profile is typically the default) and click OK
    • If there is more than one subscription, repeat these steps for any additional subscriptions

I hope this helps if you run into the same situation.  I would like to especially thank Hilary Cotter forsharing his knowledge with the community as his forum and blog posts really helped me resolve the issue.