Category Archives: Miscellaneous

Anything and Everything

Microsoft, Miscellaneous

Citrix Licensing Issues

Leave a comment

It’s been a while since I had to deal with Citrix – metaframe 3.5 was the last I had used. Now they’re on XenApp 6, XenDesktop 5, and Xenserver something or other. But this problem has to do with the Citrix Licensing server

Version according to Citrix’s website: 11.6.1 for Windows
Version according to Add Remove Programs: 7.1.10007
Meh.

Anyway, after a forced reboot of the server, it looked like the SQL table/database for the licensing server was corrupted. The Citrix Licensing server would not start and it was throwing off an error 1067:
Error 1000 in the eventviewer - Faulting application name: lmadmin.exe, version:0.0.0.0, time stamp: 0x4a01594d.
Could not start the Citrix Licensing Service on Local Computer. Error 1067: The process terminated unexpectedly

I tried the “remove all of your license files and try to start the service” technique. I also tried re-downloading the citrix_startup.lic file and the opt file. No dice.

Uninstall and reinstall the License server. It even leaves your licenses in place. Then it worked like magic.

Linux, Miscellaneous, Troubleshooting

Error in SQL syntax

Leave a comment

Man, I’m not very good at this PHP stuff in terms of starting from scratch. I can decipher what is going on, but my troubleshooting skills for editing my own work… suck.

I put up a survey site with very simple post of data into a mysql database from a PHP front-end. My boss tried it out and put an apostrophe in his comments section, which threw up the standard:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'm working hard')' at line 37

Ut oh. Showing SQL errors can lead to problems – injections, giving away data, etc. Since this was an internal-only site, it didn’t really matter quite as much, but I’d still like to allow people to utilize the apostrophe.

Add this into the inserting php page:

 foreach ($_POST as $key => $value) {
    $_POST[$key] = mysql_real_escape_string($value);
  }

It is right after my “mysql_select_db(“dbname”, $con); statement.

Linux, Miscellaneous

Image For Linux

Leave a comment

We’re using a utility called Image for Linux (IFL) to image systems (ghost/backup/whatever). It’s not free, but it’s not expensive either – and it works pretty well.

However, IFL uses nmblookup to connect to network shares. So, if you’re on a separate VLAN or network as your destination, you will not be able to find the storage device.

In my case I have a NAS on a 10.1.0.0/24 and the end users are on a 10.2.0.0/24 – with Layer 3 switches.

Boot off of IFL
Alt + F2
mkdir /mnt/share
/sbin/mount.cifs //servername_orip/sharename /mnt/share

Miscellaneous

Firefox Saved Password Retrieval

Leave a comment

I sometimes save my password into firefox to make my life easier. Opera has a much better system for saving passwords, but I like my FF better.

I had a saved password and needed to retrieve the password (unmask it) for some documentation. Unfortunately I couldn’t remember which password I had used previously. Then I remembered a handy javascript that allows me to show the saved password.

Go to the site you want to retrieve the password
DO NOT login yet
Up at the address bar, overwrite what is there with:
javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j

Miscellaneous

What Do You Use?

Leave a comment

A lot of people ask what I use to protect my systems. I remember back a few years ago when I could say “nothing, I just don’t infect my machines by clicking ‘yes’ to everything on the web”. Unfortunately those days are long gone. Java, Flash, PDF, Operating System, Cross Site Cookies, and the like are all able to infect your system with potential “baddies” without any user input.

So, the question remains: what do I use?

It depends on what I’m going. But, from the internet on, let me lay it out for you.

I start with firewall rules. I allow, but log, everything outgoing, so long as it comes from the firewall box. If the router receives any requests from an internal IP other than the firewall box, it will log it and then deny the packets. The firewall box is a simple machine running only one item: untangle (7.4 at time of this writing). Untangle is an IPS/IDS solution that’s from open source software with a nice GUI interface.

After that, I have a wireless network and a wired network. They’re both on the same VLAN on the switch, so they can access almost anything. I had been running my wireless network on a separate VLAN, but transferring files between systems was becoming rather difficult. My wireless settings utilize a WPA2-Personal AES encryption algorithm. I also have implemented SSID hiding and MAC address filtering.

All DNS requests first hit my internal DNS server, and, if not found, are forwarded to the router. The router will only utilize OpenDNS DNS servers – any other requests on TCP or UDP 53 are dropped. So even IF you have your own DNS servers setup, you won’t be bypassing mine. OpenDNS is set to not allow for any malicious sites. Untangle is also set to IPS any malicious requests in quarantine and email me the results. If the Untangle box ever is compromised, I am also running a virtual machine Snort variant (snorby) with another system running syslog requests from all network devices. That way I can at least check what happened for later.

If any user wants to download something utilizing bittorrent (I use TED to download TV episodes I may have missed), I use a Virtual Machine running on top of Linux (or just Linux itself) to test out the products. It’s much easier to “fix” a virtual machine than it is to fix a real system (Delete!).

Each linux system is running ClamAV of some kind. Each Windows system is running Nod32.

Each windows client is also running the following software:
Threatfire
Secunia PSI
Malwarebytes

The one open system that anyone who visits can use is running Windows XP SP3 with SteadyState set to wipe everything after a reboot.

Paranoid? Sometimes. But there’s always a way to get into any system. I’m just trying to make it more difficult.

So what do you use? Comment and let me know.

Microsoft, Miscellaneous

LDAP Testing

Leave a comment

Sometimes I forget how much we actually use LDAP in our daily lives. Active Directory is based on LDAP. Linux can use LDAP. Same for Mac. Cisco. Lots of stuff.

In the process of upgrading from a managed call center to an in-house Cisco call manager system, we find that we need to add a Unity user account and type in the LDAP path to this user (along with the path to the users we want to import).

Being as forgetful as I usually am, I had to open up adsiedit to find out the exact paths required.

OBJECT CLASS:
User, Group, Computer, or Container are all CN (Common Name)
Organizational Unit is OU
Domain is DC

So, in our case, I had to input “cn=Unity User,ou=Service Accounts,dc=domain,dc=com”

In order to test out if this works, as well as if a user actually has rights to see the LDAP information, I found a handy program called LDAP Administrator (or Viewer)
http://www.ldapadministrator.com/download.htm

Just feed that the information and it does the rest. It reminds me of a better ADSIedit program.

Linux, Miscellaneous

Decode eval gzinflate base64_decode

Leave a comment

I had to install a wordpress theme for a customer. I’m not a web developer by any means, so lucky for me wordpress is pretty straight forward. The theme they wanted to use was “free”, but had a footer with links to the theme’s developer site. Unfortunately the developer’s site was no longer functioning. A brief search for their company yielded similar results – all landing website pages or 404 error sites.

The terms and conditions for the theme stated that you could remove the footer only if you paid $29.95 to the company. As there was no company to pay, a “gray area” was presented. Should I just remove the footer and be done with my day? The customer requested that I adhere to the terms and conditions but make sure that the links would not go to unknown websites for fear that a malicious link could be used. They also requested that an RSS feed link be removed from the footer.

I go to edit the footer and notice the following PHP code:
gzinflate(base64_decode('bVJRa9swEH4P5D9cTTrZEKdjG3tYbIeydexlfUhgMMYQtnWxRWTJk+RkWcl/n2S7bUirB+t8p/u+u+9ulSWM76EUuTFp8FUpizrIphNw52Uk5lI+x89PkkOtcZsGyaqtWyiE+qrjcqpBoY97RTgsSLWGVBY94zh3bvIp5qWQAlluBabDe$
Well how do I know this obfuscated PHP script isn’t going to send customers to malicious sites? I need to see the decoded PHP!

Scripting to the rescue!

Easiest way is to have a linux server laying around. I have a fully patched 10.04LTS Ubuntu server just for this purpose (VMWare Server).

Make the following PHP file:

< ? php /* Taken from http://www.php.net/manual/de/function.eval.php#59862 Directions: 1. Save this snippet as decrypt.php 2. Save encoded PHP code in coded.txt 3. Create a blank file called decoded.txt (from shell do CHMOD 0666 decoded.txt) 4. Execute this script (visit decrypt.php in a web browser or do php decrypt.php in the shell) 5. Open decoded.txt, the PHP should be decrypted */ echo "\nDECODE nested eval(gzinflate()) by DEBO Jurgen \n\n";
echo "1. Reading coded.txt\n";
$fp1 = fopen ("coded.txt", "r");
$contents = fread ($fp1, filesize ("coded.txt"));
fclose($fp1);
echo "2. Decoding\n";
while (preg_match("/eval\(gzinflate/",$contents)) {
$contents=preg_replace("/< \?|\?>/", "", $contents); eval(preg_replace("/eval/", "\$contents=", $contents)); } echo "3. Writing decoded.txt\n"; $fp2 = fopen("decoded.txt","w"); fwrite($fp2, trim($contents)); fclose($fp2);
?>

Then follow the directions in the script. Or, if you’re like me, just create the following:
coded.txt (this file will have the ENTIRE PHP portion – everything from “eval(gzinflate” to the last “);”)
decoded.txt (make sure it’s writeable – either 0666 or 0777)
Run the script
Open the decoded.txt file