A Bunch of Linux Baloney: September 2014

Wednesday, September 17, 2014

VFAT is patented??

I just found that the VFAT "file system" has a patent. Is there anything Microsoft can't do? It makes we wonder that they haven't they patented using consecutive memory address locations for arrays.

The surprising thing is that all of the articles I seem to come across discussing this, none of them include reactions such as WTF???

First of all it sucks, and its only in use now because its already in use now.

http://www.linux-mag.com/id/7325/

Friday, September 12, 2014

Scapy's send vs sendp

From secdev.org I found the difference in Scapy's various send methods.

In scapy, the send() function will send packets at layer 3. That is to say it will handle routing and layer 2 for you.

>>> send(IP(dst="1.2.3.4")/ICMP())

The sendp() function will work at layer 2. It's up to you to choose the right interface and the right link layer protocol.

>>> sendp(Ether()/IP(dst="1.2.3.4",ttl=(1,4)), iface="eth1")

More information:

>>> lsc()
sr               : Send and receive packets at layer 3
sr1              : Send packets at layer 3 and return only the first answer
srp              : Send and receive packets at layer 2
srp1             : Send and receive packets at layer 2 and return only the first answer
srloop           : Send a packet at layer 3 in loop and print the answer each time
srploop          : Send a packet at layer 2 in loop and print the answer each time
sniff            : Sniff packets
p0f              : Passive OS fingerprinting: which OS emitted this TCP SYN ?
arpcachepoison   : Poison target's cache with (your MAC,victim's IP) couple
send             : Send packets at layer 3
sendp            : Send packets at layer 2
traceroute       : Instant TCP traceroute
arping           : Send ARP who-has requests to determine which hosts are up
ls               : List  available layers, or infos on a given layer
lsc              : List user commands
queso            : Queso OS fingerprinting
nmap_fp          : nmap fingerprinting
report_ports     : portscan a target and output a LaTeX table
dyndns_add       : Send a DNS add message to a nameserver for "name" to have a new "rdata"
dyndns_del       : Send a DNS delete message to a nameserver for "name"

TCPDump Primer

I can never remember all the options for tcpdump, the always impressive blog from Daniel Miessler has this excellent primer.

For example, -s is the "snaplength" which determines the number of bytes per packet to capture. By default tcpdump only gets like 96 bytes. Using -s0 will cause it to capture all packets and -X will output hex and ASCII.

# tcpdump -s0 -X

Tuesday, September 9, 2014

Mindblowingly insecure SuperMicro remote management interface

This is somewhat mind boggling to me, maybe its because I'm not a professional system adminstrator, but I had no idea that this existed. I maintain a proxmox VM server running on a SuperMicro server mostly for my own use.

What happened

Our IT department told me a machine in my area was participating in a DDOS and gave me the MAC address. I couldn't find the MAC anywhere on my internal network but the manufacturer was SuperMicro.

I asked for the offending IP, and was given an external (public) IP. Now I had turned my SuperMicro off, but when I entered the given IP I was greeted with a SuperMicro login page. I noticed my server's network lights were blinking...

It turns out that SuperMicro comes with something called IPMI or Intelligent Platform Management Interface that has the following properties:

On by default.
Obtains dynamic IP by default.
Default username/password is DEFAULT/DEFAULT
The IP/Mac address is not visible to the booted operating system, at least not with netstat etc...
No option to disable.

A little searching reveals pages such as:

Its always great to see your server on the metasploit website.

I disabled this temporarily by setting a static IP/gateway using invalid values.

Thursday, September 4, 2014

The only proper way to vote in the USA

There is only one proper way to vote in the US if you want any non-weasel to get into office: Vote for anyone you have never heard of.

If you have heard of them, they have connections and/or money and want something out of the job. If people do it enough all the ridiculous campaign contributions / TV and social media ads in the world won't matter.

Sure, a wacko may get elected here and there, but a wacko would do far less damage than a political cronie with an agenda. This is how I've voted for years, and it means nothing until it gets adopted by the masses.

How to print to an active directory printer

I don't really know how to get this to work exactly, but what I do know is that after an ungodly amount of screwing around with cups, samba and kerberos to no avail, I finally deleted the printer and re-added it and VOILA!
Before I would not get prompted for authentication (in most programs, but some WOULD), and when re-adding the printer I was allowed to enter the auth information.

Wednesday, September 3, 2014

Finding failed services with systemctl

Just found a very handy command:

  # systemctl -t service --failed

Outputs services that failed to load.

KDE Printer Configuration and the Authentication Dialog

When managing printers via KDEs print settings, any change requires a root enabled password. However the dialog that asks for it is unable to be focused and sits in the background until you cancel it. The amazing thing is I have had this issue for YEARS and it has yet to be fixed. MANY TIMES have I tried to find the problem with no luck, unsure of exactly which search terms to use.
I finally found a bug report that addresses this, starting in 2012 (its now the 9th month of 2014).

Basically, the workaround is to run:

  $ kdesu kcmshell4 kcm_printer_manager

to start the printer config as root, which in itself is not an easy thing to figure out. Which is why I am documenting it here.