Archive

Port exhaustion

Recently I’ve been playing with mobil application, and after the last update of android studio, my system start acting up. No more ports. All new connection where denied, and the system just hang.

So first i tried to look what pid and what process that was clogging all the ports.

And just to confirm that this was an issue with port exhaustion, I check the eventviewer as well. You can search for event for 4227.

And the quick fix, was to restart the LxssManager. You can fix the issue by rebooting, but how wants to do that every 5 min.

When your device is getting old…

That’s a new one. The certificate on my old old WLC is expired.
So last night, after a power outage, none of my access points were able to rejoin the controller.

So after some debug, the following error showed up on the access point.

Google is your friend, and I found a Cisco Field Notice: FN – 63942
And after turning of NTP, change the date/clock back in time, the AP start joining again, and to keep it a bit more permanent the following config was added to the WLC config.

 

Maybe it’s time change out my wireless setup, but not yet, It is still working as a charm. 🙂

Dot1X Kali Linux

I need to remember this for next time I’m faced with a dot1x authentication on wired connection.

Add the following to /etc/wpa_supplicant/wpa_supplicant.conf

And then run
[bash]
wpa_supplicant -i eth2 -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired
[/bash]

Wait for it to generate a sucess message, and run dhcpclient or set a static ip .. 🙂

L2 Network Attacks – HSRP / DTP

Lately I’ve been playing around with Layer 2 attacks, usually yerisina is my go to tool, but during a HSRP attack, it was not behaving the way I wanted. So I did some research, and remember scapy can generate any packets you want. While playing around, I came across /usr/sbin/hsrp a tool from the irpas packaged.

A simple attack would be:

It worked, but was sending more packets than was actually needed.
Why the need to send the Coup packet?

So back to scapy again.
There are some excellent guides out out there, Like

But following the guides, it should be pretty simple getting the attack working, but it did not.
I didn’t even see it wireshark, so it didn’t look like it was sending the attack out on the wire… time to debug.

BIG laughs… I had the “hsrp” filter in wireshark, and due to some strange behavior the packets that I was sending was not reconised as HSRP packets.

By looking at the packet that I was sending, the dport is not what it is suppose to be. 2029 vs 1985. And by adding the dport in the UDP in line 3 of the script, the attack worked perfect.

 

And since we are into L2 Attack, Attacking DTP is always fun.
Launch dtp attack with yersinia

Get a working interface up and running, here I’m using static IP, and connecting to vlan 666

 

 

ESXi cheetcheat

It’s not everyday you work on a Vmware Esxi platform, and I now felt the need to collect some of the quick fix that I keep forgetting. Most of the issues are with the new Esxi 6,5 on a “none-supported” platform.

esxi 6.5 angular js error on login with chrome (You can’t log in with chrome)

Fix: ssh/consol to host:
esxcli software vib install -v http://download3.vmware.com/software/vmw-tools/esxui/esxui-signed-latest.vib
 “Failed to power on the virtual machine, The attempted operation cannot be performed in the current state(Powered Off)” error
You can’t turn on a vm, even if it’s turned off. The VM is stuck in state you can’t recover from. I’ve now recreated the issue, and happens when you try to edit (remove ISO from cdrom) when the server is still running.


Fix

Unregistered the VM
Register a VM
Pick the vmx from the datastore

Extrem low performance with m2 ssd disk

The follow keep apperaing in the log, clearly stating that we are having a problem with the datastore.
ESXi 6.5 is using a new ahci driver, and in it’s current state sux big time.


[root@esxi:/vmfs/volumes/../] time sh -c "dd if=/dev/zero of=testfile bs=100k count=1k && sync"
1024+0 records in
1024+0 records out
real 0m 54.17s
user 0m 0.00s
sys 0m 0.00s

Fix: ssh/consol to host:
esxcli system module set –enabled=false –module=vmw_ahci

and then you have better performance
[root@esxi:/vmfs/volumes/../] time sh -c "dd if=/dev/zero of=testfile bs=100k count=1k && sync"
1024+0 records in
1024+0 records out
real 0m 0.44s
user 0m 0.00s
sys 0m 0.00s

From 50sec to under 1 sec, I would say that’s quick an performance boost! 🙂