Microsoft

PSExec

2 Comments

In case you haven’t noticed, I like to use free tools that allow me to manage systems remotely. I also ran an internal forum board with this exact information. But due to potential problems, I am disbanding the internal and only relying on this site.

MMC is built into Windows
SSH is mostly built into Linux
SSH is mostly built into Macintosh

PSTools Suite is probably the best I’ve come across – free and is now updated by Microsoft.

Pslist and Pskill are both very useful, but Psexec takes the cake. Pslist shows all running programs on a system:
pslist \\computername
Pskill will kill remote programs (or PIDs) on any system assuming the system isn’t locked up beyond the system services functionality.
pskill \\computername PID_or_Processname

Here are some simple commands I use every day:
Analyze remote system’s HD to see if it needs to be defragged
psexec \\somemachine -s -d defrag.exe c: -a
Force remote system’s HD to defrag
psexec \\somemachine -s -d defrag.exe c: -f
Run Internet Explorer and open it.thelibrarie.com website
psexec \\somemachine -i -d "C:\program files\internet explorer\iexplore.exe" http://it.thelibrarie.com
Install an MSI program
psexec -s -i \\somemachine msiexec -i c:\locationofmsi.msi
Open the Add/Remove Programs Applet
psexec -i -s \\somemachine control.exe appwiz.cpl

***EDIT***
Looks like this really doesn’t work much on Windows 7 due to security restrictions. I end up using pslist \\computername to list the running processes, and then taskkill /S computername /PID processID /F to actually kill the running process.

Linux

GD, Apache, Captcha, PHP, Error

1 Comment

I had to setup a captcha on someone’s website. The captcha refused to load. The easiest way to get the error (since, by default, PHP will not list out all the problems when called from another page) is to call the script directly.
Say your site is http://www.mysite.net. You’ll want to go to http://www.mysite.net/CaptchaSecurityImages.php. You can do the website math.

I had apache installed, GD installed, PHP installed.

This is the error I was receiving:
Warning: imagettfbbox() [function.imagettfbbox]: Could not find/open font in /var/www/sitehere/CaptchaSecurityImages.php on line 60

Error in imagettfbbox function, eh? That’s none too helpful. Good thing I can read: Could not find/open font. That’s all I need to know.

If you were to open up CaptchaSecurityImages.php and change the location of monofont.ttf to a debian/ubuntu file location, everything would probably end up working correctly.

SSH to your machine
nano CaptchaSecurityImages.php
Search for:
var $font = 'monofont.ttf'
and replace with:
var $font = './monofont.ttf'
Reload your script on your web browser

Linux

AWStats on Apache

Leave a comment

If you’ve ever seen an Apache log file, you’ll notice that it’s rather long to read. It’s not that the log is hard to read, it’s just full of a lot of useless information. If you view a website with a browser, the log will show that you connect and retrieve every single file (images are included). Ouch.

I installed Debian 5.0 Server on an HP DL380 G4 server. I then did all the updates etc. I’m assuming you know how to install apache and how to “su” to root.

apt-get install awstats
nano /etc/apache2/awstats.conf
This creates a new file called awstats.conf

Alias /awstatsclasses “/usr/share/awstats/lib/”
Alias /awstats-icon/ “/usr/share/awstats/icon/”
Alias /awstatscss “/usr/share/doc/awstats/examples/css”
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
ScriptAlias /awstats/ /usr/lib/cgi-bin/
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch

Save this file and exit back to the shell.

nano /etc/apache2/apache2.conf

Add this to the end of the conf file:

Include /etc/apache2/awstats.conf

Save and exit apache.conf.

apache2ctl restart

cd /etc/awstats
cp awstats.conf awstats.www.mysite.org.conf
nano awstats.www.mysite.org.conf

Search for and edit the following:

LogFile=”/var/log/apache2/access.log”
SiteDomain=”mysite.org”

Save the file and exit to the shell.

Now we need to run the script to parse the log files into a stats page:
perl /usr/lib/cgi-bin/awstats.pl -update -config=www.mysite.org

If it fails due to permissions:
chmod -R 777 /var/log/apache2
Then re-run the script

Now check your stats at http://www.mysite.org/awstats/awstats.pl

As long as everything went to plan, the script should also automatically install a cron job to update the stats every 10 minutes.

You can find out by typing the following:
dpkg -L awstats | grep cron
Which shows the following:

/etc/cron.d
/etc/cron.d/awstats

If you nano the awstats cron, you can edit the times and locations of the scripts.

EDIT!!!

If you’re using virtual hosts (like I am) and you want each site to have its own stats:

Edit your sites-available default:
nano /etc/apache2/sites-available/default

Add the following in your VirtualHost:

NameVirtualHost 192.168.1.4

DocumentRoot “/var/www/web123”
ServerName web123.com
ServerAlias *.web123.com
CustomLog /var/log/apache2/web123.com.log combined

Then you’ll have to create the awstats.web123.com.conf file in /etc/awstats
cp /etc/awstats/awstats.conf /etc/awstats/awstats.web123.com.conf
nano /etc/awstats/awstats.web123.com.conf

Change the following:

LogFile=”/var/log/apache2/web123.com.log”
LogFormat=1
SiteDomain=”web123.com”
HostAliases=”web123.com www.web123.com localhost 127.0.0.1″

This will allow you to use the browser to update the stats if your CRON job is set for long periods of time:

AllowToUpdateStatsFromBrowser=1

And I set this up because I have apache do a DNS lookup on its own:

DNSLookup=0

Then restart apache:
apache2ctl restart

Linux

LAMP on Debian

Leave a comment

LAMP is Linux Apache MySQL PHP. Debian is the primary for Ubuntu.

Tried to install Ubuntu server 8.10 on an HP DL380 G4 with mixed results. Grub was failing on me. Instead of trying to fix it I just took a Debian 5 CD and wrote it over. Only problem is no LAMP – Ubuntu is much better for setting up initially, but both OSes are basically the same.

nano /etc/apt/sources.list
remove the cdrom

apt-get update
apt-get upgrade
apt-get install ssh-server

apt-get install apache2
apt-get install apache2-mpm-prefork
apt-get install php5

apt-get install mysql-server php5-mysql
apt-get install phpmyadmin
apt-get install webmin
apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi

nano /etc/apache2/apache2.conf
AddType application/x-httpd-php .php
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.shtml index.htm

I installed SSH so I could remotely do the rest of the work.

At this point, you should be able to go to http://youripaddress and see a generic “IT WORKS!” apache page.
You can also go to http://youripaddress/phpmyadmin and load up the phpmyadmin page. I suggest prohibiting this from being viewed outside your internal subnet using access rules in apache.
Then you can go to http://youripaddress:10000 and view the webmin page

Potential Problems:
Your repository list is incorrect.
nano /etc/apt/sources.list
deb ftp://ftp2.fr.debian.org/debian/ stable main contrib non-free
deb-src ftp://ftp2.fr.debian.org/debian/ stable main

You can not apt-get webmin:
wget http://voxel.dl.sourceforge.net/sourceforge/webadmin/webmin_1.460_all.deb
dpkg -i webmin-1.460_all.deb
apt-get install -f

You want ASP support on this Linux Box:
apt-get install libapache-asp-perl

You want to edit the sudoers list:
apt-get install sudo
visudo
Uncomment the following line:
%sudo ALL=NOPASSWD: ALL

Microsoft

Install XP From USB Key

Leave a comment

I say USB Key, but there are a number of other buzzwords you can use: key fob, flash drive, thumb drive… the list goes on for a little while.

Things you need:
Computer that allows booting via USB/removable drives
USB Key with at least 1GB of free space – your key will be erased during the steps, so make sure nothing important resides on your device
A copy of Windows XP

After searching for a little bit on how to install XP from an external source, I found this script suite:
USB_MultiBoot_10.rar (10.9MB RAR format). Obviously you’ll need a program like WinRAR to open it.

How to run the script:

1.) Open USB_MultiBoot_10.cmd
2.) Press any key to pass the instructions
3.) Press P – this will load up the PeToUSB.exe (Preinstallation Environment To USB) that will format your USB key to allow it to be bootable. Make sure Quick Format and Enable LBA (FAT16X) are checked. Then press Start.
4.) When you close out of PeToUSB.exe, the command script will continue.
5.) Options – press the option number or letter and then hit enter:
Option 0 should already be set to USB-stick
Option 1 should be setup to point to your XP CD
The other options generally will not be needed/do not apply.
6.) When finished, press C and enter. This will add all the files needed to the USB key.
7.) When finished, try it out on your laptop/desktop
8.) My installation actually had an error – it was missing a flash file DLL, I skipped the error and everything else worked just fine.

I also recommend using nLite or another program to slipstream all necessary files on your Windows Disk BEFORE going through all these steps. But that is not a necessary step.

Microsoft

PDF Exploits

Leave a comment

I usually don’t do this, but since not all the information seems to be in a single spot I’m compiling a bit.

Adobe released the following:
http://www.adobe.com/support/security/advisories/apsa09-01.html

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.

All documented security vulnerabilities and their solutions are distributed through the Adobe security notification service. You can sign up for the service at the following URL: http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert

It affects all versions of Adobe’s Acrobat (Pro, Standard, and Reader) version 9, 8, 7, and potentially 6/5. Currently the exploit uses JavaScript to call on memory that hasn’t been allocated properly and causes exceptions and an application failure. So, at a minimum, this exploit will crash out your Adobe Acrobat. At a maximum, it can open up your entire system to “bad things”. The exploit in the wild, as of right now, only uses javascript. Therefore, one can simply follow these steps:

Open Adobe Acrobat Reader (version 8 or 9)
Click Edit >> Preferences
Scroll down to JavaScript and uncheck Enable Acrobat JavaScript
Click OK

Or if you would prefer to use registry keys (and if you’re like me and use GPO’s to deploy the registry key imports at startup) here they are:

Add the key HKCU\software\adobe\acrobat reader\x.0\JSPrefs
Add a DWORD "bEnableJS", set value to 0
also make sure you look in HKCU\software\adobe\adobe acrobat\.. as well. The same thing applies to all versions.

It should be noted that JavaScript is merely used as the compiling tool in this case. Without JS enabled, the exploit STILL EXISTS, it’ll just be harder (in theory) to write for.

Linux

ESXi Enable SSH

Leave a comment

This is one of those topics that is very easy to find on google, but I’m posting anyway.

Go to the console of your VM ESXi machine
Press Alt + F1
The password is “unsupported”
vi /etc/inetd.conf
Find the #SSH, and move the cursor over the #
x
X will delete the character under the cursor. i for insert before cursor. r for replace the current character with the character typed next.
:wq
: puts the vi editor into the command mode, w for write, q for quit.
Reboot your server

Ramblings Of An IT Person