Monday, December 27, 2010 is Brilliant

As the Chief Information Officer for my family and friends, I'm always looking for easy ways to get onto their computers to help them fix whatever is broken. I've been a HUGE fan of for years now but even getting that client software installed on their machines over the phone can be difficult sometimes :) To the rescue is the remote access site

This service is brilliant, and free. You tell the person that wants to share their screen to navigate to and click on the "Share" button. They download a 1mb client and as soon as it runs it brings up a link that they can copy and email to you. Or they can just read the code to you and you punch it into the same interface under the "Join" option. It's that simple. There is even chat and remote control in the free version.

My only gripe is that it does not work with Linux. I tried running it with wine and it runs but I cant see the Linux desktop. However, as long as you're not trying to share a Linux desktop it should work just fine to view either Windows or Mac computer. Bravo to the LogMeIn folks, this service is great!

Friday, December 24, 2010

Ubuntu Wont Let Me Login?

I was minutes a way from reinstalling Ubuntu on my home machine because it wouldn't let me log in all of a sudden. I saw the GNOME login screen which looked different than normal but all my user accounts were still in the list. I tried every account and their passwords but none of them would let me in. The login screen would go away like it wanted to log in but then just bring me back to my login screen, like it was caught in a loop. I never got the incorrect password prompt so I figured maybe I had to reset the password.

My grub menu screen wouldn't come up during boot so I instead booted from the Ubuntu installation media and followed this tutorial which worked great except when I rebooted I had the same problem. Ugh. I was still able to log into the terminal with CTRL+ALT+F1 and could see that all my data was there. Strange. Maybe a problem with the nvidia drivers or ubuntu desktop? I tried reinstalling all of that, same exact problem.

Then it dawned on me that maybe the hard drive was full? Not likely, but possible. A  df -h from the terminal showed me that there was 0% available on my HD. I removed a couple large folders and viola, back in business on a reboot.

Tuesday, December 14, 2010

Offensive Security Certified Professional

For the last 70ish days I've been actively hacking away in a lab environment, preparing for the Offensive Security Certified Professional (OSCP) exam. This was one of the hardest, yet most rewarding things I've ever done both academically and professionally. This course is not for the faint of heart and requires a lot of self discipline, perseverance and a very understanding wife. I highly recommend it if you're interested in penetration testing or would like to understand how the bad guys think. With this new way of thinking, you can begin to understand how to protect your network.

If you're wondering if the OSCP is for you, let me give you a little of my background. I've been in network/systems administration for about 10 years. I have in depth knowledge of protocols/routing/switching/enterprise applications and TCP/IP in general. My Windows skills are advanced but my Linux skills going into the course were weak. I run Linux at home and have had some exposure to different flavors but by no means, was I an expert in Linux. I am a terrible programmer, but can understand some C and enough scripting languages to get by. You need to bring all these skills and more to the course because you wont be taught these things - you will be expected to use them while you're hacking the lab and practicing the new concepts that "mutts" teaches you.

I have always been interested in security but outside of general metasploit usage, I wasn't very well versed in any of the popular open source security tools. This isn't a necessity because you will be come a whiz at them as you work the course. The course can be taught live or online. I chose the online portion and was given a set of videos and a 300 page lab guide. The videos are incredibly useful and extremely well put together. The lab guide is equally as useful. I will continue to reference both of these resources in the future. These two guides are simply that, they teach you the concepts but you really have to teach yourself how to apply them. You need to be able creatively think about applications, networks and protocols to understand how to apply the concepts you've learned.

This is where the perseverance and hard work comes in. No one is going to show you what to do in the labs, the administrators are not helpful and the IRC channel is full of people who just brag or talk about other things not related to the course. Do not assume you'll receive outside help when you get stuck. I believe this was done by design, it teaches you to be self sufficient and resourceful. The idea is that if you cant help yourself you wont ever be good at this. There are options for help, you just have to find them. There were many times where I would hit a wall, thought I couldn't penetrate any more servers and thought I hit my technical abilities but stepping away or reading additional resources would often help.

The lab consists of numerous hosts that are also connected to other networks. There are very easy servers and very difficult servers. As you start to penetrate these networks you run into fun things like fake bank databases, usernames/passwords and often the Offensive Security guys taunting you through funny website graphics or smiley faces. These "nuggets" made it fun to work the labs.

They sell the course in blocks of time. I highly, highly recommend getting at LEAST 60 days in the lab. The progress I made throughout the process was a roller coaster. I would go a week without any progress and then get on a hot streak and nail 5 servers in a night. Looking back, my knowledge at 30 days was not even half of what I ended up learning after the 75 days (I bought an additional 15 days). The more time in the labs, the better.

You're required to pass the "exam challenge" to obtain your certification. The exam is a new lab that you've never seen before and you have 24 hours to exploit the servers in that lab. My test started at 7am and I finished about 14 hours later. You have to submit all your documentation to them within 24 hours of the end of your exam. I read horror stories about this exam, people taking all 24 hours to complete the exam, others taking the exam 3 and 4 times. I believe with my additional lab time, I was better tuned to take the exam. I put an incredible amount of time into this, probably an additional 30-40 hours a week in addition to my full time job. It wasn't like work though, it was extremely fun.

I took the exam on Saturday and have been anxiously awaiting my results. Today I found out that I passed the exam and received my OSCP.

If you're interested in what you'll learn, check out the course syllabus here.

Bravo to the Offensive Security crew for a brilliant course. I learned more than I ever thought possible.
After 4 months - I decided to take the OSCE challenge and documented that here.

Tuesday, August 17, 2010

SSRS ReportServer 403 Login Required

Our SSRS reporting server broke while troubleshooting another application. .NET was uninstalled and reinstalled which made SSRS very upset.

When browsing the ReportServer website I was getting a 403 Forbidden "This website requires you to login." The problem had nothing to do with what the error eludes to. The resolution was to re-align a couple things in IIS.

First, in the IIS manager go down to Web Service Extensions and make sure that ASP .NET is set to "Allowed."

Then, I had a missing entry in the virtual directory I needed to put back. Go to the ReportServer virtual directory under Web Sites. Right click -> properties -> configuration button. At the bottom, under "Wildcard application maps" make sure you have C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll set (if you're using asp .net 2.0). The path will be different for 1.1.

You may have to restart SSRS and IIS but that is what fixed it for me.

Tuesday, June 15, 2010

Setting Up an Avaya VPN Phone

I recently had to setup a satellite office to use a VPN phone that would operate as an extension off of our IP Office. The documentation was limited but I eventually got it working. The idea is the phone operates a software VPN client that completes an IPSec VPN with the perimeter networking equipment and then communicates with the PBX. The benefit is that the phone can be used securely, from any internet connection.

First of all, the phone has to have the required VPN firmware on the phone for this to work. If you don't have the proper files in the Manager directory of the IP Office server, you can get them here. The MD5 hash of this file is 9E7916FC8E253F8D7BB9FF0AABDEF112, check that to make sure the files have not been altered. After you unzip the files to the IP Office\Manager directory, follow the directions below.
  1. Purchase a VPN IP Phone extension license for the IP Office system.
  2. Install it on the IP Office.
  3. Create an IP extension.
  4. Enable the “VPN Phone Allowed check box” on the VOIP tab of the extension you’re working with. This tells the phone system to give the VPN phone the necessary firmware when it boots up.
  5. Turn on the phone and tell it what extension to use.
  6. I set the VPN profile to use Cisco Xauth.
  7. Set the server name (or ip), user account information and password, group vpn name and password.
  8. The rest of the settings can be set to auto - my equipment negotiated automatically.
  9. There is one more setting on the phone to change. Press * when the phone is booting up. The setting that needs to be changed is the “Call Server” option. It needs to be set to the IP Office's IP address. This can also be done with DHCP options.
The phone should negotiate and complete the VPN, then communicate with the IP Office. From here, you should have dial tone and can make and receive calls from the VPN phone.

Tuesday, April 27, 2010

421 and 451 Exchange 2007 Errors

Our company was having issues sending emails to certain domains. Everything was fine except for a few of these problematic domains. These emails were just sitting in my Exchange edge server's outbound queue...

The error message I was getting in the Exchange 2007 queue was this:

"451 4.4.0 Primary target IP address responded with: "421 4.4.2 Connection dropped." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternates."

After troubleshooting the issue for a while, I determined that my email server and the problematic domains were not talking nicely with EHELO. The resolution was to created a send connector that forced HELO for the problematic domains. From the exchange management shell, run the following to create the special send connector:

New-SendConnector -Name ForceHelo -AddressSpaces -ForceHELO $true

After you create this connector, you can always add other problematic domains to the connector which will force HELO.

Friday, April 16, 2010

Max Upload Size Limit on SharePoint

I recently had a SharePoint issue that required a call to Microsoft PSS. We are running MOSS 2007 SP1 on a Windows 2008 Server. Problem was, we were unable to upload files larger than 28 MB to a document library, regardless of file type. I followed all of the steps posted in this article:

However, we were still not able to upload large files.

I called Microsoft and they confirmed that the the steps listed in the link above should be all we need, but there are cases where another minor change in the site's web.config file is necessary. Go to your site in IIS and explore to it (right click -> explore in IIS 7.0). Find the web.config file and make these changes at the bottom. Sorry for the image but doesn't like these characters and I'm not going to escape them all out!

I did not have to reboot the server or even cycle IIS, it worked the next time I tried to upload a file. Apparently Sharepoint was configured correctly but IIS still would not recognize the new settings so we had to change it manually.