09.07.2015

Nmap/Hping3 [Scan tips]

[Dumb scan]

Hping3:
#hping3 192.168.1.254 -r
#hping3 192.168.1.1 -a 192.168.1.254 -p 3306 -S

//192.168.1.254 - подставной хост
//192.168.1.1 - таргет

----> id=n+1[open] , id=+1 [close]

Nmap:
#nmap -Pn -sI 192.168.1.254 192.168.1.1

// -sI - idle scan

2-3x раз, сверить результаты.

Nmap скрипты:

nmap -n -P0 -p80,443 -iL hostNP.lst --script=\
http-apache-server-status,\
http-auth-finder,\
http-backup-finder,\
http-comments-displayer,\
http-default-accounts,\
http-devframework,\
http-enum,\
http-headers,\
http-mobileversion-checker,\
http-php-version,\
http-robots.txt,\
http-svn-info,\
http-useragent-tester,
http-vhosts,\
http-webdav-scan,\
http-xssed\
-oA script_scan_np

Nmap exploits:
nmap -n -P0 -p80,443 -iL hostNP.lst --script=\
http-csrf,\
http-dombased-xss,\
http-fileupload-exploiter,\
http-shellshock,\
http-stored-xss,\
http-vuln-cve-2006-2293,\
http-vuln-cve-2009-3960,\
http-vuln-cve-2012-1823,\
http-vuln-cve-2013-0156,\
http-vuln-cve-2013-6786,\
http-vuln-cve-2013-7091,\
http-vuln-cve-2014-3704,\
http-vuln-cve-2014-8877,\
 -oA nmap_plus

08.07.2015

Eset Nod32 Smart Security Server Update

настроить бесплатный сервер обновления:

HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info меняем значение параметра PackageFeatures на 0х0000003d


http://nod32.genesis.ua/nod326/  Eset Smart Security 4, 5, 6, 7, 8 и 9
http://www.ut21.ru/v7/ резервный сервер для всех версий

Unified Networking Lab vMX/VSRX

this is how to import vMX.ova in unetlab, it's working for me :
Upload the downloaded image : vMX.ova to the UNetLab
# mv vMX.ova vmx-14.1R1.10-domestic.ova
# mkdir tmp
# cd tmp
# tar xf ../vmx-14.1R1.10-domestic.ova
# mkdir -p /opt/unetlab/addons/qemu/vmx-14.1R1.10-domestic
# mv hda.qcow2 /opt/unetlab/addons/qemu/vmx-14.1R1.10-domestic
# cd ..
# rm -rf tmp
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
login : root
pass : root123
and this is all, enjoy !!!

IMPORTING JUNIPER VSRX IMAGES
The following procedure refers to the most recent and supported image only. Older images should work too. Remember that UNetLab image names are strongly suggested for lab portability.
Upload the downloaded image to the UNetLab master node using for example FileZilla or WinSCP. Then login as root using SSH protocol and uncompress it:
mkdir tmp
cd tmp
tar xf ../junos-vsrx-12.1X44-D10.4-domestic.ova
Then convert the disk to the qcow2 format:
/opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 junos-vsrx-12.1X44-D10.4-domestic-disk1.vmdk hda.qcow2
Create the UNetLab image:
mkdir -p /opt/unetlab/addons/qemu/vsrx-12.1X44-D10.4-domestic
mv hda.qcow2 /opt/unetlab/addons/qemu/vsrx-12.1X44-D10.4-domestic
Clean and fix permissions:
cd ..
rm -rf tmp
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Default username is admin without password.

07.07.2015

BCC. Postfix / MS Exchange + Fireeye EX

Postfix

always_bccAdd the following entry in /etc/postfix/main.cf to forward all mails in the server to fireeyebcc@fireeye.mycorp.com.

always_bcc = fireeyebcc@fireeye.mycorp.com

sender_bcc_maps and recipient_bcc_maps

..........................................
(Вариант с Postfix. BCC)

DNS server (внутренний/внешний, который используется как основной dns для Postfix):

;$TTL 86400
$ORIGIN mycorp.com.
$TTL 3D
...
fireeye         A       192.168.1.116

После чего, Postfix будет копировать мыла на ip 192.168.1.116(адрес на интерфейсе patch3,Fireeye EX, который стоит в режиме BCC, (action - DROP, в настройках))

MS Exchange

Go To Organization Configuration > Hub Transport and select the Send Connectors tab

· Right-click to create a new send connector

· On the ‘Address Space’ page of the wizard, add your BCC domain (fetest.com in this example)

· On the ‘Network Settings’ page, choose ‘Route mail through the following smart hosts’ and

define a new smart host with the IP address of the FireEye (BCC) MTA

· Follow

On the ‘Network Settings’ page, choose ‘Route mail through the following smart hosts’ and
define a new smart host with the IP address of the FireEye (BCC) MTA


Follow the defaults to complete the rest of the wizard

Go To Organization Configuration > Hub Transport and select the Transport Rules tab
· Right-click to create a new transport rule
· On the ‘Conditions’ page of the rule wizard, do not select any conditions (so that the rule
applies unconditionally). You should get a warning that the rule will be applied to every
message
· On the ‘Actions’ page of the wizard, select ‘Blind Carbon Copy…’ and enter the BCC address
· Follow the defaults to complete the wizard and create the rule


06.07.2015

Увеличение LVM диска в виртуальной машине на лету

Гипервизор сервер Supermicro с KVM и libvirt на Ubuntu.
Гости — Ubuntu с LVM2.
Задача:
Увеличить размер системного дисков без выключения/перезагрузки гостевой ОС.

Коротко это было так:
На гипервизоре:

  • virsh list
  • virsh qemu-monitor-command vm-db --hmp «info block»
  • virsh qemu-monitor-command vm-db --hmp «block_resize drive-virtio-disk0 1000G»
На госте:
  • df -h
  • parted /dev/vda
  • print
  • resizepart 2
  • 1000GB
  • resizepart 5
  • 1000GB
  • q
  • pvresize /dev/vda5
  • lvscan
  • lvextend /dev/vm-db-vg/root -l +100%FREE
  • resize2fs /dev/vm-db-vg/root
  • df -h