When your device is getting old…

That’s a new one. The certificate on my old old WLC is expired.
So last night, after a power outage, none of my access points were able to rejoin the controller.

So after some debug, the following error showed up on the access point.

Google is your friend, and I found a Cisco Field Notice: FN – 63942
And after turning of NTP, change the date/clock back in time, the AP start joining again, and to keep it a bit more permanent the following config was added to the WLC config.


Maybe it’s time change out my wireless setup, but not yet, It is still working as a charm. 🙂

Dot1X Kali Linux

I need to remember this for next time I’m faced with a dot1x authentication on wired connection.

Add the following to /etc/wpa_supplicant/wpa_supplicant.conf

And then run
wpa_supplicant -i eth2 -c /etc/wpa_supplicant/wpa_supplicant.conf -D wired

Wait for it to generate a sucess message, and run dhcpclient or set a static ip .. 🙂

L2 Network Attacks – HSRP / DTP

Lately I’ve been playing around with Layer 2 attacks, usually yerisina is my go to tool, but during a HSRP attack, it was not behaving the way I wanted. So I did some research, and remember scapy can generate any packets you want. While playing around, I came across /usr/sbin/hsrp a tool from the irpas packaged.

A simple attack would be:

It worked, but was sending more packets than was actually needed.
Why the need to send the Coup packet?

So back to scapy again.
There are some excellent guides out out there, Like

But following the guides, it should be pretty simple getting the attack working, but it did not.
I didn’t even see it wireshark, so it didn’t look like it was sending the attack out on the wire… time to debug.

BIG laughs… I had the “hsrp” filter in wireshark, and due to some strange behavior the packets that I was sending was not reconised as HSRP packets.

By looking at the packet that I was sending, the dport is not what it is suppose to be. 2029 vs 1985. And by adding the dport in the UDP in line 3 of the script, the attack worked perfect.


And since we are into L2 Attack, Attacking DTP is always fun.
Launch dtp attack with yersinia

Get a working interface up and running, here I’m using static IP, and connecting to vlan 666



ESXi cheetcheat

It’s not everyday you work on a Vmware Esxi platform, and I now felt the need to collect some of the quick fix that I keep forgetting. Most of the issues are with the new Esxi 6,5 on a “none-supported” platform.

esxi 6.5 angular js error on login with chrome (You can’t log in with chrome)

Fix: ssh/consol to host:
esxcli software vib install -v http://download3.vmware.com/software/vmw-tools/esxui/esxui-signed-latest.vib
 “Failed to power on the virtual machine, The attempted operation cannot be performed in the current state(Powered Off)” error
You can’t turn on a vm, even if it’s turned off. The VM is stuck in state you can’t recover from. I’ve now recreated the issue, and happens when you try to edit (remove ISO from cdrom) when the server is still running.


Unregistered the VM
Register a VM
Pick the vmx from the datastore

Extrem low performance with m2 ssd disk

The follow keep apperaing in the log, clearly stating that we are having a problem with the datastore.
ESXi 6.5 is using a new ahci driver, and in it’s current state sux big time.

[root@esxi:/vmfs/volumes/../] time sh -c "dd if=/dev/zero of=testfile bs=100k count=1k && sync"
1024+0 records in
1024+0 records out
real 0m 54.17s
user 0m 0.00s
sys 0m 0.00s

Fix: ssh/consol to host:
esxcli system module set –enabled=false –module=vmw_ahci

and then you have better performance
[root@esxi:/vmfs/volumes/../] time sh -c "dd if=/dev/zero of=testfile bs=100k count=1k && sync"
1024+0 records in
1024+0 records out
real 0m 0.44s
user 0m 0.00s
sys 0m 0.00s

From 50sec to under 1 sec, I would say that’s quick an performance boost! 🙂

Redmine Turnkey to Debian Stretch Stable

This has been way overdue, but when I start to use redmine it was such as hassle getting it up and running. So turning to a turnkey appliance was a easy fix, but as time goes by… and new version are released. Upgrading a turnkey wasn’t easy. But now it was time to try a redmine upgrade, and move to new server approach. I’ve tried it before, but failing hard. But this time around it was quite easy. Since I’m not doing any fancy stuff in redmine, no repositories, plugins etc. I only need to convert the database.

Here are my quick notes to convert from turnkey redmine (old version) to a fresh Debian stretch setup.

## Get info on current installation

root@redmineOLD ~# cat /var/www/redmine/config/database.yml|grep “username:\|password:\|database:”
database: redmine_development
username: redmine
password: xxxxxxxxxxxxxxx
database: redmine_test
username: redmine
password: xxxxxxxxxxxxxxx
database: redmine_production
username: redmine
password: xxxxxxxxxxxxxxx

## Dump the database

root@redmineOLD ~# mysqldump -u redmine -p redmine_production > redmine-dump.sql

Do a clean install of Debian debian-9.1.0-amd64-netinst.iso
With only ssh enabled as default.

Pro-Tip, install mysql (Mariadb) before trying to install redmine.

root@redmine:~# apt-get install mysql-server

Next up is install redmine.

root@redmine:~# apt-get install redmine-mysql

Do the default, but make sure you pick mysql as database

I’ve got an error when it tried to set up the redmine instance, but don’t care about that, we are rebuilding it anyway.

Now let’s setup apache and passenger

root@redmine:~# apt-get install apache2 libapache2-mod-passenger

Now you need to deactivate the default website, and enable redmine

root@redmine:~# cp /usr/share/doc/redmine/examples/apache2-passenger-host.conf /etc/apache2/sites-available/redmine.conf
root@redmine:~# a2ensite redmine.conf
Enabling site redmine.
To activate the new configuration, you need to run:
systemctl reload apache2
root@redmine:~# a2dissite 000-default.conf
Site 000-default disabled.
To activate the new configuration, you need to run:
systemctl reload apache2
root@redmine:~# systemctl reload apache2

Drop the current DB, and create a empty database.

root@redmine:~# mysqladmin drop redmine_default -u root -p
Enter password:
Dropping the database is potentially a very bad thing to do.
Any data stored in the database will be destroyed.

Do you really want to drop the ‘redmine_default’ database [y/N] y
Database “redmine_default” dropped

root@redmine:~# mysqladmin create redmine_default -u root -p
Enter password:

Get the password for the redmine db username

root@redmine:~# cat /etc/redmine/default/database.yml
adapter: mysql2
database: redmine_default
host: localhost
port: 3306
username: redmine/instance
password: xxxxxxxxxxxxxxxxxxxxx
encoding: utf8

Upload your redmine mysql db file and fill the new db with it. (Use the password found in the previous step)

root@redmine:~# mysql -u redmine/instance -p redmine_default < /root/redmine-dump.sql

No go to the redmine directory and rebuild/upgrade the db

root@redmine:~# cd /usr/share/redmine/
root@redmine:/usr/share/redmine# bundle exec rake db:migrate RAILS_ENV=production

All done 🙂

And if you care anything about security, please set a root password for your mysql server!
Run : mysql_secure_installation