This is a quick tech note for myself.
1) download the flash 10.2 preview 3 build from here:
http://labs.adobe.com/downloads/flashplayer10_square.html
2) follow install instructions from here:
http://fedoraproject.org/wiki/Flash
3) watch out for MP3 audio bug (usually seen with YouTube vids)
http://fedoraproject.org/wiki/Common_F14_bugs#flash-64-sound
Workaround (thanks Linus!) here: https://bugzilla.redhat.com/show_bug.cgi?id=638477#c55
These install instructions work. Happily, they also get Flash to work in Chrome on Fedora 14.
TAG
Monday, January 24, 2011
Wednesday, January 19, 2011
ubuntu vm networking weirdness
Over the past week, I've been working quite a bit with Ubuntu 10.04 and VMware. Two problems confronted me:
1) /etc/resolv.conf was getting overwritten
2) /etc/network/interfaces was missing my eth0 network interface
Number One
The first problem was more easily solved than the second issue. What I did to resolve this issue was to edit /etc/dhcp3/dhclient.conf and add the following line:
supersede domain-name-servers [server1],[server2],etc;
(yes, supersede is misspelled)
Number Two
The second problem was a little more esoteric. What I found was that the network interface of my Ubuntu VM kept getting renamed (from eth0 to eth1 and then eth2). The cycling interface names may be caused by moving the VM to different machines. This is because Ubuntu will remember the MAC address of the first machine it was installed on. Ifconfig can see the newly named interfaces, but the ifup and ifdown commands to start and stop the network interfaces cannot see the new names. Ifup and ifdown rely upon entries in /etc/network/interfaces.
In order for ifup and ifdown to see eth0, I added the interface back into /etc/network/interfaces with the following lines:
auto eth0
iface eth0 inet dhcp
By the way, you can use a second command to restart a network interface:
sudo invoke-rc.d networking restart
Back to the original problem, that of the switching network interface names. Ubuntu uses the udev service to detect hardware. So, the solution was to either edit /etc/udev/rules.d/70-persistent-net.rules or delete it and have udev the system regenerate the file. As deleting the file was easier, I opted for that method. After deleting the file, I reboot the vm and voila, my eth0 interface was back.
all in a good days work,
TAG
Reference
http://serverfault.com/questions/63103/newsid-program-for-linux
http://en.wikipedia.org/wiki/Udev
1) /etc/resolv.conf was getting overwritten
2) /etc/network/interfaces was missing my eth0 network interface
Number One
The first problem was more easily solved than the second issue. What I did to resolve this issue was to edit /etc/dhcp3/dhclient.conf and add the following line:
supersede domain-name-servers [server1],[server2],etc;
(yes, supersede is misspelled)
Number Two
The second problem was a little more esoteric. What I found was that the network interface of my Ubuntu VM kept getting renamed (from eth0 to eth1 and then eth2). The cycling interface names may be caused by moving the VM to different machines. This is because Ubuntu will remember the MAC address of the first machine it was installed on. Ifconfig can see the newly named interfaces, but the ifup and ifdown commands to start and stop the network interfaces cannot see the new names. Ifup and ifdown rely upon entries in /etc/network/interfaces.
In order for ifup and ifdown to see eth0, I added the interface back into /etc/network/interfaces with the following lines:
auto eth0
iface eth0 inet dhcp
By the way, you can use a second command to restart a network interface:
sudo invoke-rc.d networking restart
Back to the original problem, that of the switching network interface names. Ubuntu uses the udev service to detect hardware. So, the solution was to either edit /etc/udev/rules.d/70-persistent-net.rules or delete it and have udev the system regenerate the file. As deleting the file was easier, I opted for that method. After deleting the file, I reboot the vm and voila, my eth0 interface was back.
all in a good days work,
TAG
Reference
http://serverfault.com/questions/63103/newsid-program-for-linux
http://en.wikipedia.org/wiki/Udev
Tuesday, January 18, 2011
fun with nmap
I left a Linux virtual machine on at work, but forgot to write down the IP address. So I thought I'd use nmap to figure out what IP the machine had based upon the services running on it. First though, I wanted to familiarize myself with the basic nmap commands.
The -A option seemed the best choice for a first time user. -A enables host operating system and version detection, script scanning and a traceroute. For my local machine, the output looks like this:
[sodo@ogre ~]$ nmap -A localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 18:23 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00053s latency).
rDNS record for 127.0.0.1: ogre
Not shown: 993 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
ssh-hostkey: 1024 a3:bd:bf:bd:bd:6a:64:1a:f8:2d:11:56 (DSA)
_2048 77:8d:ab:86:98:30:05:28:41:53:30:78:db:a2:f7:9c (RSA)
80/tcp open http Apache httpd 2.2.15 ((Fedora))
_html-title: Test Page for the Apache HTTP Server on Fedora
111/tcp open rpcbind
rpcinfo:
100000 2,3,4 111/udp rpcbind
100024 1 34022/udp status
100000 2,3,4 111/tcp rpcbind
_100024 1 58402/tcp status
443/tcp open ssl/http Apache httpd 2.2.15 ((Fedora))
_html-title: Test Page for the Apache HTTP Server on Fedora
631/tcp open ipp CUPS 1.4
888/tcp open ssl/http 3ware 3DM2 Serial RAID http config 2.0
_sslv2: server still supports SSLv2
_html-title: 3ware 3DM2 - ogre - Summary
3306/tcp open mysql MySQL 5.1.47
mysql-info: Protocol: 10
Version: 5.1.47
Thread ID: 16
Some Capabilities: Long Passwords, Connect with DB, Compress, ODBC, Transactions, Secure Connection
Status: Autocommit
_Salt: i:$CfYg}]azzsSZ1(;1#
Service Info: Device: storage-misc
Not that I didn't know this information, but it is interesting that you can find out quite a bit about a machine just by doing a portscan with nmap. In the example above, I can see that I have the following ports open and available (at least to the localhost):
-port 22 (SSH)
-port 80 (HTTP or the apache daemon)
-port 111 (RPC)
-port 443 (HTTPS via apache again)
-port 631 (CUPS, the linux printing system)
-port 888 (3Ware RAID web configuration tool)
-port 3306 (mysql web-based configuration utility)
Cool. Now if I change nmap to use the IP of my workstation instead of the loopback (localhost) address, you'll see that some of the information that was available at the localhost is not available at the proper IP of the box:
[sodo@ogre ~]$ nmap -A 192.168.1.8
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 18:49 EST
Nmap scan report for ogre (192.168.1.8)
Host is up (0.00055s latency).
Not shown: 994 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
ssh-hostkey: 1024 a3:d6bf:bd:bd:6a:64:1a:f8:2d:11:56 (DSA)
2048 77:8d:ab:86:98:30:05:28:41:53:30:78:db:a2:f7:9c (RSA)
80/tcp open http Apache httpd 2.2.15 ((Fedora))
_html-title: Test Page for the Apache HTTP Server on Fedora
111/tcp open rpcbind
rpcinfo:
100000 2,3,4 111/udp rpcbind
100024 1 34022/udp status
100000 2,3,4 111/tcp rpcbind
_100024 1 58402/tcp status
443/tcp open ssl/http Apache httpd 2.2.15 ((Fedora))
_html-title: Test Page for the Apache HTTP Server on Fedora
888/tcp open ssl/http 3ware 3DM2 Serial RAID http config 2.0
_html-title: 3ware 3DM2 - ogre - Summary
_sslv2: server still supports SSLv2
3306/tcp open mysql MySQL (Host blocked because of too many connections)
Service Info: Device: storage-misc
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 26.12 seconds
Here is another device on my network, a Motorola NIM 100 ethernet over cable bridge that actually has telnet and a web service up and available:
[sodo@ogre ~]$ nmap -A 192.168.1.3
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 18:00 EST
Nmap scan report for 192.168.1.3
Host is up (0.00070s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
23/tcp open telnet Linux telnetd
80/tcp open http Boa httpd
robots.txt: has 1 disallowed entry
_/
_html-title: Ethernet Coax Bridge - Login
Service Info: OS: Linux
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.39 seconds
Note that only two ports are open and available on the real IP of the box. Also, it is interesting that nmap shows "Service Info: OS: Linux" on the real IP address. You can use the -p switch to scan for a particular port on a device:
[sodo@ogre ~]$ nmap -p 80 -A 192.168.1.3
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 19:12 EST
Nmap scan report for 192.168.1.3
Host is up (0.0015s latency).
PORT STATE SERVICE VERSION
80/tcp open http Boa httpd
robots.txt: has 1 disallowed entry
_/
_html-title: Ethernet Coax Bridge - Login
The verbose (-v) switch to that last command will display exactly what nmap is doing..ping, DNS lookup, port connections, service scanning, script scanning, latency, count of closed ports and a summary of how many hosts nmap scanned and how long the scan took:
[sodo@ogre ~]$ nmap -v -A 192.168.1.3
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 18:00 EST
NSE: Loaded 36 scripts for scanning.
Initiating Ping Scan at 18:00
Scanning 192.168.1.3 [2 ports]
Completed Ping Scan at 18:00, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 18:00
Completed Parallel DNS resolution of 1 host. at 18:00, 0.03s elapsed
Initiating Connect Scan at 18:00
Scanning 192.168.1.3 [1000 ports]
Discovered open port 80/tcp on 192.168.1.3
Discovered open port 23/tcp on 192.168.1.3
Completed Connect Scan at 18:00, 1.11s elapsed (1000 total ports)
Initiating Service scan at 18:00
Scanning 2 services on 192.168.1.3
Completed Service scan at 18:00, 6.06s elapsed (2 services on 1 host)
NSE: Script scanning 192.168.1.3.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 18:00
Completed NSE at 18:00, 0.04s elapsed
NSE: Script Scanning completed.
Nmap scan report for 192.168.1.3
Host is up (0.00098s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
23/tcp open telnet Linux telnetd
80/tcp open http Boa httpd
robots.txt: has 1 disallowed entry
_/
_html-title: Ethernet Coax Bridge - Login
Service Info: OS: Linux
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.88 seconds
With this basic information about a single host, I graduated to scanning the network using the CIDR notation for network subnetting. I left out the above machines in the output below. Also, before I did the nmap, I started a Mac and an old XP box that I had in the environment, just to see what a really insecure Windows machine looks like.
[sodo@ogre ~]$ nmap -A 192.168.1.0/24
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 18:46 EST
Nmap scan report for mac (192.168.1.12)
Host is up (0.0085s latency).
Not shown: 500 closed ports, 494 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.2 (protocol 1.99)
_sshv1: Server supports SSHv1
ssh-hostkey: 2048 c:c4:b6:69:6c:4e:27:5c:5a:fe:fe:09 (RSA1)
2048 f1:ce:c0:3c:a0:83:db:24:0c:7d:8a:ca:48:41:ea:44 (DSA)
_2048 db:20:90:c5:5a:bc:3d:ea:cd:12:7b:17:03:79:6b:ad (RSA)
88/tcp open kerberos-sec Mac OS X kerberos-sec
548/tcp open afp Apple AFP (name: MACLTSODO; protocol 3.3; Mac OS X 10.5)
2170/tcp open tcpwrapped
49152/tcp open tcpwrapped
Service Info: OS: Mac OS X
Nmap scan report for xp (192.168.1.89)
Host is up (0.050s latency).
Not shown: 990 closed ports
PORT STATE SERVICE VERSION
25/tcp open smtp Microsoft ESMTP 6.0.2600.2180
80/tcp open http Microsoft IIS webserver 5.1
_html-title: Site doesn't have a title (text/html).
_http-favicon:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1026/tcp open msrpc Microsoft Windows RPC
1027/tcp open msrpc Microsoft Windows RPC
3389/tcp open microsoft-rdp Microsoft Terminal Service
Service Info: Host: computer; OS: Windows
Host script results:
smb-os-discovery:
OS: Windows XP (Windows 2000 LAN Manager)
Name: WORKGROUP\COMPUTER
_ System time: 2011-01-18 18:43:07 UTC-5
_nbstat: NetBIOS name: COMPUTER, NetBIOS user:, NetBIOS MAC: 0d:0c:11:a4:23:4a
_smbv2-enabled: Server doesn't support SMBv2 protocol
You can see that the XP box has its pants down, so to speak. Lots of insecure services running..even the MAC address..eesh. (The names have been changed to protect the innocent.) Better turn that puppy off. So, you can see that we can gather quite a bit of information just by doing a portscan using nmap. Beware, people!
Rounding out the post, I was able to discover my new server at work using the -O switch. Not surprisingly, my Linux box at work was the most secure among all the Windows boxes nmap found with only one port open. Though, nmap did a good job at guessing the OS.
[sodo@computer ~]$ nmap -A 192.168.113.0/24
Interesting ports on 192.168.113.25:
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: D8:CA:2F:8E:FB:26 (Unknown)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purposefirewallWAProuter
Running (JUST GUESSING) : Linux 2.6.X (94%), Check Point Linux 2.4.X (87%), D-Link embedded (87%), Linksys embedded (87%), Peplink embedded (87%), Linksys Linux 2.4.X (86%)
Aggressive OS guesses: Linux 2.6.9 - 2.6.18 (94%), Linux 2.6.9 - 2.6.26 (94%), Linux 2.6.22 (Fedora Core 6) (92%), Linux 2.6.18 (CentOS 5, x86_64, SMP) (90%), Linux 2.6.17 - 2.6.28 (89%), Linux 2.6.18 (CentOS 5) (89%), Linux 2.6.18 (Centos 5.3) (89%), Linux 2.6.23 (89%), Linux 2.6.24 - 2.6.28 (89%), Linux 2.6.9 - 2.6.27 (89%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
Compare those results to the very revealing XP box:
[sodo@computer ~]$ nmap -A 192.168.113.2
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-19 10:12 EST
Nmap scan report for SODOWORK (192.168.113.2)
Host is up (0.0016s latency).
Not shown: 984 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
_ftp-anon: Anonymous FTP login allowed
22/tcp open ssh SCS sshd 5.3.2.10 (protocol 2.0)
_ssh-hostkey: 1536 cc:f7:a1:be:d8:c8:ed:f0:08:c0:3d:fc:bc (RSA)
25/tcp open smtp Microsoft ESMTP 6.0.2600.5512
80/tcp open http Microsoft IIS webserver 5.1
_html-title: Under Construction
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1074/tcp open msrpc Microsoft Windows RPC
2030/tcp open oracle-mts Oracle MTS Recovery Service
3389/tcp open microsoft-rdp Microsoft Terminal Service
5000/tcp open tcpwrapped
5631/tcp open pcanywheredata?
8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
8222/tcp open http VMware Server 2 http config
_html-title: VMware Server 2
8333/tcp open ssl/http VMware Server 2 http config
_html-title: VMware Server 2
Service Info: OS: Windows
Host script results:
_nbstat: NetBIOS name: SODOWORK, NetBIOS user:, NetBIOS MAC: 0d:0e:9c:96:96:29
smb-os-discovery:
OS: Windows XP (Windows 2000 LAN Manager)
Name: CORP\SODOWORK
_ System time: 2011-01-19 10:12:35 UTC-5
_smbv2-enabled: Server doesn't support SMBv2 protocol
Hope you enjoyed this exploration of nmap basics. It certainly was revealing for me!
TAG
Reference
http://nmap.org/
The -A option seemed the best choice for a first time user. -A enables host operating system and version detection, script scanning and a traceroute. For my local machine, the output looks like this:
[sodo@ogre ~]$ nmap -A localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 18:23 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00053s latency).
rDNS record for 127.0.0.1: ogre
Not shown: 993 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
ssh-hostkey: 1024 a3:bd:bf:bd:bd:6a:64:1a:f8:2d:11:56 (DSA)
_2048 77:8d:ab:86:98:30:05:28:41:53:30:78:db:a2:f7:9c (RSA)
80/tcp open http Apache httpd 2.2.15 ((Fedora))
_html-title: Test Page for the Apache HTTP Server on Fedora
111/tcp open rpcbind
rpcinfo:
100000 2,3,4 111/udp rpcbind
100024 1 34022/udp status
100000 2,3,4 111/tcp rpcbind
_100024 1 58402/tcp status
443/tcp open ssl/http Apache httpd 2.2.15 ((Fedora))
_html-title: Test Page for the Apache HTTP Server on Fedora
631/tcp open ipp CUPS 1.4
888/tcp open ssl/http 3ware 3DM2 Serial RAID http config 2.0
_sslv2: server still supports SSLv2
_html-title: 3ware 3DM2 - ogre - Summary
3306/tcp open mysql MySQL 5.1.47
mysql-info: Protocol: 10
Version: 5.1.47
Thread ID: 16
Some Capabilities: Long Passwords, Connect with DB, Compress, ODBC, Transactions, Secure Connection
Status: Autocommit
_Salt: i:$CfYg}]azzsSZ1(;1#
Service Info: Device: storage-misc
Not that I didn't know this information, but it is interesting that you can find out quite a bit about a machine just by doing a portscan with nmap. In the example above, I can see that I have the following ports open and available (at least to the localhost):
-port 22 (SSH)
-port 80 (HTTP or the apache daemon)
-port 111 (RPC)
-port 443 (HTTPS via apache again)
-port 631 (CUPS, the linux printing system)
-port 888 (3Ware RAID web configuration tool)
-port 3306 (mysql web-based configuration utility)
Cool. Now if I change nmap to use the IP of my workstation instead of the loopback (localhost) address, you'll see that some of the information that was available at the localhost is not available at the proper IP of the box:
[sodo@ogre ~]$ nmap -A 192.168.1.8
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 18:49 EST
Nmap scan report for ogre (192.168.1.8)
Host is up (0.00055s latency).
Not shown: 994 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
ssh-hostkey: 1024 a3:d6bf:bd:bd:6a:64:1a:f8:2d:11:56 (DSA)
2048 77:8d:ab:86:98:30:05:28:41:53:30:78:db:a2:f7:9c (RSA)
80/tcp open http Apache httpd 2.2.15 ((Fedora))
_html-title: Test Page for the Apache HTTP Server on Fedora
111/tcp open rpcbind
rpcinfo:
100000 2,3,4 111/udp rpcbind
100024 1 34022/udp status
100000 2,3,4 111/tcp rpcbind
_100024 1 58402/tcp status
443/tcp open ssl/http Apache httpd 2.2.15 ((Fedora))
_html-title: Test Page for the Apache HTTP Server on Fedora
888/tcp open ssl/http 3ware 3DM2 Serial RAID http config 2.0
_html-title: 3ware 3DM2 - ogre - Summary
_sslv2: server still supports SSLv2
3306/tcp open mysql MySQL (Host blocked because of too many connections)
Service Info: Device: storage-misc
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 26.12 seconds
Here is another device on my network, a Motorola NIM 100 ethernet over cable bridge that actually has telnet and a web service up and available:
[sodo@ogre ~]$ nmap -A 192.168.1.3
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 18:00 EST
Nmap scan report for 192.168.1.3
Host is up (0.00070s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
23/tcp open telnet Linux telnetd
80/tcp open http Boa httpd
robots.txt: has 1 disallowed entry
_/
_html-title: Ethernet Coax Bridge - Login
Service Info: OS: Linux
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.39 seconds
Note that only two ports are open and available on the real IP of the box. Also, it is interesting that nmap shows "Service Info: OS: Linux" on the real IP address. You can use the -p switch to scan for a particular port on a device:
[sodo@ogre ~]$ nmap -p 80 -A 192.168.1.3
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 19:12 EST
Nmap scan report for 192.168.1.3
Host is up (0.0015s latency).
PORT STATE SERVICE VERSION
80/tcp open http Boa httpd
robots.txt: has 1 disallowed entry
_/
_html-title: Ethernet Coax Bridge - Login
The verbose (-v) switch to that last command will display exactly what nmap is doing..ping, DNS lookup, port connections, service scanning, script scanning, latency, count of closed ports and a summary of how many hosts nmap scanned and how long the scan took:
[sodo@ogre ~]$ nmap -v -A 192.168.1.3
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 18:00 EST
NSE: Loaded 36 scripts for scanning.
Initiating Ping Scan at 18:00
Scanning 192.168.1.3 [2 ports]
Completed Ping Scan at 18:00, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 18:00
Completed Parallel DNS resolution of 1 host. at 18:00, 0.03s elapsed
Initiating Connect Scan at 18:00
Scanning 192.168.1.3 [1000 ports]
Discovered open port 80/tcp on 192.168.1.3
Discovered open port 23/tcp on 192.168.1.3
Completed Connect Scan at 18:00, 1.11s elapsed (1000 total ports)
Initiating Service scan at 18:00
Scanning 2 services on 192.168.1.3
Completed Service scan at 18:00, 6.06s elapsed (2 services on 1 host)
NSE: Script scanning 192.168.1.3.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 18:00
Completed NSE at 18:00, 0.04s elapsed
NSE: Script Scanning completed.
Nmap scan report for 192.168.1.3
Host is up (0.00098s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
23/tcp open telnet Linux telnetd
80/tcp open http Boa httpd
robots.txt: has 1 disallowed entry
_/
_html-title: Ethernet Coax Bridge - Login
Service Info: OS: Linux
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.88 seconds
With this basic information about a single host, I graduated to scanning the network using the CIDR notation for network subnetting. I left out the above machines in the output below. Also, before I did the nmap, I started a Mac and an old XP box that I had in the environment, just to see what a really insecure Windows machine looks like.
[sodo@ogre ~]$ nmap -A 192.168.1.0/24
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-18 18:46 EST
Nmap scan report for mac (192.168.1.12)
Host is up (0.0085s latency).
Not shown: 500 closed ports, 494 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.2 (protocol 1.99)
_sshv1: Server supports SSHv1
ssh-hostkey: 2048 c:c4:b6:69:6c:4e:27:5c:5a:fe:fe:09 (RSA1)
2048 f1:ce:c0:3c:a0:83:db:24:0c:7d:8a:ca:48:41:ea:44 (DSA)
_2048 db:20:90:c5:5a:bc:3d:ea:cd:12:7b:17:03:79:6b:ad (RSA)
88/tcp open kerberos-sec Mac OS X kerberos-sec
548/tcp open afp Apple AFP (name: MACLTSODO; protocol 3.3; Mac OS X 10.5)
2170/tcp open tcpwrapped
49152/tcp open tcpwrapped
Service Info: OS: Mac OS X
Nmap scan report for xp (192.168.1.89)
Host is up (0.050s latency).
Not shown: 990 closed ports
PORT STATE SERVICE VERSION
25/tcp open smtp Microsoft ESMTP 6.0.2600.2180
80/tcp open http Microsoft IIS webserver 5.1
_html-title: Site doesn't have a title (text/html).
_http-favicon:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1026/tcp open msrpc Microsoft Windows RPC
1027/tcp open msrpc Microsoft Windows RPC
3389/tcp open microsoft-rdp Microsoft Terminal Service
Service Info: Host: computer; OS: Windows
Host script results:
smb-os-discovery:
OS: Windows XP (Windows 2000 LAN Manager)
Name: WORKGROUP\COMPUTER
_ System time: 2011-01-18 18:43:07 UTC-5
_nbstat: NetBIOS name: COMPUTER, NetBIOS user:
_smbv2-enabled: Server doesn't support SMBv2 protocol
You can see that the XP box has its pants down, so to speak. Lots of insecure services running..even the MAC address..eesh. (The names have been changed to protect the innocent.) Better turn that puppy off. So, you can see that we can gather quite a bit of information just by doing a portscan using nmap. Beware, people!
Rounding out the post, I was able to discover my new server at work using the -O switch. Not surprisingly, my Linux box at work was the most secure among all the Windows boxes nmap found with only one port open. Though, nmap did a good job at guessing the OS.
[sodo@computer ~]$ nmap -A 192.168.113.0/24
Interesting ports on 192.168.113.25:
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: D8:CA:2F:8E:FB:26 (Unknown)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purposefirewallWAProuter
Running (JUST GUESSING) : Linux 2.6.X (94%), Check Point Linux 2.4.X (87%), D-Link embedded (87%), Linksys embedded (87%), Peplink embedded (87%), Linksys Linux 2.4.X (86%)
Aggressive OS guesses: Linux 2.6.9 - 2.6.18 (94%), Linux 2.6.9 - 2.6.26 (94%), Linux 2.6.22 (Fedora Core 6) (92%), Linux 2.6.18 (CentOS 5, x86_64, SMP) (90%), Linux 2.6.17 - 2.6.28 (89%), Linux 2.6.18 (CentOS 5) (89%), Linux 2.6.18 (Centos 5.3) (89%), Linux 2.6.23 (89%), Linux 2.6.24 - 2.6.28 (89%), Linux 2.6.9 - 2.6.27 (89%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
Compare those results to the very revealing XP box:
[sodo@computer ~]$ nmap -A 192.168.113.2
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-19 10:12 EST
Nmap scan report for SODOWORK (192.168.113.2)
Host is up (0.0016s latency).
Not shown: 984 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
_ftp-anon: Anonymous FTP login allowed
22/tcp open ssh SCS sshd 5.3.2.10 (protocol 2.0)
_ssh-hostkey: 1536 cc:f7:a1:be:d8:c8:ed:f0:08:c0:3d:fc:bc (RSA)
25/tcp open smtp Microsoft ESMTP 6.0.2600.5512
80/tcp open http Microsoft IIS webserver 5.1
_html-title: Under Construction
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1074/tcp open msrpc Microsoft Windows RPC
2030/tcp open oracle-mts Oracle MTS Recovery Service
3389/tcp open microsoft-rdp Microsoft Terminal Service
5000/tcp open tcpwrapped
5631/tcp open pcanywheredata?
8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
8222/tcp open http VMware Server 2 http config
_html-title: VMware Server 2
8333/tcp open ssl/http VMware Server 2 http config
_html-title: VMware Server 2
Service Info: OS: Windows
Host script results:
_nbstat: NetBIOS name: SODOWORK, NetBIOS user:
smb-os-discovery:
OS: Windows XP (Windows 2000 LAN Manager)
Name: CORP\SODOWORK
_ System time: 2011-01-19 10:12:35 UTC-5
_smbv2-enabled: Server doesn't support SMBv2 protocol
Hope you enjoyed this exploration of nmap basics. It certainly was revealing for me!
TAG
Reference
http://nmap.org/
digging down into a linux process
So I inadvertantly exited out of my Fedora X server without saving or exiting my VMware Player's open virtual machine:
This left my vm in an unknown state. You could still see the lock files in the Virtual Machine's directory:
[sodo@ogre ~]$ ll Virtual\ Machines/Windows\ 7\ x64/
total 10976188
drwxrwxr-x 3 sodo 4096 2011-01-07 12:53 caches
-rw-r--r-- 1 sodo 320659 2011-01-18 14:41 vmware-0.log
-rw-r--r-- 1 sodo 359599 2011-01-18 14:14 vmware-1.log
-rw-r--r-- 1 sodo 565465 2011-01-08 00:14 vmware-2.log
-rw-r--r-- 1 sodo 317488 2011-01-18 17:33 vmware.log
-rw-rw---- 1 sodo 8684 2011-01-18 14:42 Windows 7 x64.nvram
-rw------- 1 sodo 2103836672 2011-01-18 17:35 Windows 7 x64-s001.vmdk
-rw------- 1 sodo 2121203712 2011-01-18 17:35 Windows 7 x64-s002.vmdk
-rw------- 1 sodo 2145255424 2011-01-18 17:35 Windows 7 x64-s003.vmdk
-rw------- 1 sodo 2145976320 2011-01-18 14:49 Windows 7 x64-s004.vmdk
-rw------- 1 sodo 955 2011-01-18 14:41 Windows 7 x64.vmdk
drwxrwxrwx 2 sodo 4096 2011-01-18 14:41 Windows 7 x64.vmdk.lck
-rw-rw---- 1 sodo 1073741824 2011-01-08 00:14 Windows 7 x64.vmem
-rw-rw---- 1 sodo 0 2011-01-07 12:37 Windows 7 x64.vmsd
-rw-rw---- 1 sodo 182610705 2011-01-18 10:18 Windows 7 x64.vmss
-rwxrwxr-x 1 sodo 2477 2011-01-18 14:42 Windows 7 x64.vmx
-rw-rw-r-- 1 sodo 1645 2011-01-07 12:53 Windows 7 x64.vmxf
drwxrwxrwx 2 sodo 4096 2011-01-18 14:41 Windows 7 x64.vmx.lck
But after some Googling, there seemed to be no way to restart the orphaned vm without killing the process that was hanging out there. Before I killed the vm process, I researched it to find out more about it. First, I did a search on the process:
[sodo@ogre ~]$ ps -ef | grep vmx
sodo 4629 1 13 10:18 ? 00:31:48 /usr/lib/vmware/bin/vmware-vmx -ssnapshot.numRollingTiers=0 -sRemoteDisplay.vnc.enabled=FALSE -s vmx.stdio.keep=TRUE -# product=8;name=VMware Player;version=3.1.3;buildnumber=324285;licensename=VMware Player;licenseversion=6.0; -@ pipe=/tmp/vmware-sodo/vmxb90ce351150180d7;readyEvent=90 /home/sodo/Virtual Machines/Windows 7 x64/Windows 7 x64.vmx
I saw that the process number was 4629. The command that started the process was vmware-vmx:
[sodo@ogre ~]$ ps -p 4629
PID TTY TIME CMD
4629 ? 00:31:48 vmware-vmx
Digging into the process directory, I saw the status of the process was sleeping:
[sodo@ogre ~]$ cat /proc/4629/task/4629/status
Name: vmware-vmx
State: S (sleeping)
Tgid: 4629
Pid: 4629
PPid: 1
TracerPid: 0
Uid: 500 500 0 500
Gid: 500 500 500 500
Utrace: 0
FDSize: 256
Groups: 500
VmPeak: 3281396 kB
VmSize: 3131036 kB
VmLck: 0 kB
VmHWM: 1409588 kB
VmRSS: 1343972 kB
VmData: 2727812 kB
VmStk: 288 kB
VmExe: 6784 kB
VmLib: 134888 kB
VmPTE: 3212 kB
Threads: 1
SigQ: 0/80092
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: fffffffe7ffbfeff
SigIgn: 0000000000301000
SigCgt: 0000000193c9eeef
CapInh: 0000000000000000
CapPrm: ffffffffffffffff
CapEff: 0000000000000000
CapBnd: ffffffffffffffff
Cpus_allowed: ff
Cpus_allowed_list: 0-7
Mems_allowed: 00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list: 0
voluntary_ctxt_switches: 4744582
nonvoluntary_ctxt_switches: 7620
Alas, the vmware service offered no consolation..I could not shutdown the daemon gracefully:
[sodo@ogre ~]$ sudo /etc/init.d/vmware restart
Stopping VMware services:
VMware USB Arbitrator [ OK ]
At least one instance of VMware Player is still running.
Please stop all running instances of VMware Player first.
VMware Authentication Daemon [FAILED]
And so, good readers, I was forced to kill the process. And hard, as I had to add the -9 switch to kill, which effectively says "kill the process and don't do any cleanup". "Kill that sucker, but good!"
Yes, this harsh kill command did the trick. And then I had to explain to my poor Win7 vm why I had pulled the plug so harshly:
Oh cruel fate, why dost thou mock me?
TAG
Reference
http://aplawrence.com/SCOFAQ/FAQ_scotec6killminus9.html
This left my vm in an unknown state. You could still see the lock files in the Virtual Machine's directory:
[sodo@ogre ~]$ ll Virtual\ Machines/Windows\ 7\ x64/
total 10976188
drwxrwxr-x 3 sodo 4096 2011-01-07 12:53 caches
-rw-r--r-- 1 sodo 320659 2011-01-18 14:41 vmware-0.log
-rw-r--r-- 1 sodo 359599 2011-01-18 14:14 vmware-1.log
-rw-r--r-- 1 sodo 565465 2011-01-08 00:14 vmware-2.log
-rw-r--r-- 1 sodo 317488 2011-01-18 17:33 vmware.log
-rw-rw---- 1 sodo 8684 2011-01-18 14:42 Windows 7 x64.nvram
-rw------- 1 sodo 2103836672 2011-01-18 17:35 Windows 7 x64-s001.vmdk
-rw------- 1 sodo 2121203712 2011-01-18 17:35 Windows 7 x64-s002.vmdk
-rw------- 1 sodo 2145255424 2011-01-18 17:35 Windows 7 x64-s003.vmdk
-rw------- 1 sodo 2145976320 2011-01-18 14:49 Windows 7 x64-s004.vmdk
-rw------- 1 sodo 955 2011-01-18 14:41 Windows 7 x64.vmdk
drwxrwxrwx 2 sodo 4096 2011-01-18 14:41 Windows 7 x64.vmdk.lck
-rw-rw---- 1 sodo 1073741824 2011-01-08 00:14 Windows 7 x64.vmem
-rw-rw---- 1 sodo 0 2011-01-07 12:37 Windows 7 x64.vmsd
-rw-rw---- 1 sodo 182610705 2011-01-18 10:18 Windows 7 x64.vmss
-rwxrwxr-x 1 sodo 2477 2011-01-18 14:42 Windows 7 x64.vmx
-rw-rw-r-- 1 sodo 1645 2011-01-07 12:53 Windows 7 x64.vmxf
drwxrwxrwx 2 sodo 4096 2011-01-18 14:41 Windows 7 x64.vmx.lck
But after some Googling, there seemed to be no way to restart the orphaned vm without killing the process that was hanging out there. Before I killed the vm process, I researched it to find out more about it. First, I did a search on the process:
[sodo@ogre ~]$ ps -ef | grep vmx
sodo 4629 1 13 10:18 ? 00:31:48 /usr/lib/vmware/bin/vmware-vmx -ssnapshot.numRollingTiers=0 -sRemoteDisplay.vnc.enabled=FALSE -s vmx.stdio.keep=TRUE -# product=8;name=VMware Player;version=3.1.3;buildnumber=324285;licensename=VMware Player;licenseversion=6.0; -@ pipe=/tmp/vmware-sodo/vmxb90ce351150180d7;readyEvent=90 /home/sodo/Virtual Machines/Windows 7 x64/Windows 7 x64.vmx
I saw that the process number was 4629. The command that started the process was vmware-vmx:
[sodo@ogre ~]$ ps -p 4629
PID TTY TIME CMD
4629 ? 00:31:48 vmware-vmx
Digging into the process directory, I saw the status of the process was sleeping:
[sodo@ogre ~]$ cat /proc/4629/task/4629/status
Name: vmware-vmx
State: S (sleeping)
Tgid: 4629
Pid: 4629
PPid: 1
TracerPid: 0
Uid: 500 500 0 500
Gid: 500 500 500 500
Utrace: 0
FDSize: 256
Groups: 500
VmPeak: 3281396 kB
VmSize: 3131036 kB
VmLck: 0 kB
VmHWM: 1409588 kB
VmRSS: 1343972 kB
VmData: 2727812 kB
VmStk: 288 kB
VmExe: 6784 kB
VmLib: 134888 kB
VmPTE: 3212 kB
Threads: 1
SigQ: 0/80092
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: fffffffe7ffbfeff
SigIgn: 0000000000301000
SigCgt: 0000000193c9eeef
CapInh: 0000000000000000
CapPrm: ffffffffffffffff
CapEff: 0000000000000000
CapBnd: ffffffffffffffff
Cpus_allowed: ff
Cpus_allowed_list: 0-7
Mems_allowed: 00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list: 0
voluntary_ctxt_switches: 4744582
nonvoluntary_ctxt_switches: 7620
Alas, the vmware service offered no consolation..I could not shutdown the daemon gracefully:
[sodo@ogre ~]$ sudo /etc/init.d/vmware restart
Stopping VMware services:
VMware USB Arbitrator [ OK ]
At least one instance of VMware Player is still running.
Please stop all running instances of VMware Player first.
VMware Authentication Daemon [FAILED]
And so, good readers, I was forced to kill the process. And hard, as I had to add the -9 switch to kill, which effectively says "kill the process and don't do any cleanup". "Kill that sucker, but good!"
[sodo@ogre Windows 7 x64]$ kill 4629
[sodo@ogre Windows 7 x64]$ ps -ef | grep 4629
[sodo@ogre Windows 7 x64]$
Yes, this harsh kill command did the trick. And then I had to explain to my poor Win7 vm why I had pulled the plug so harshly:
Oh cruel fate, why dost thou mock me?
TAG
Reference
http://aplawrence.com/SCOFAQ/FAQ_scotec6killminus9.html
Labels:
linux,
processes,
vmware,
vmware player,
vmware-vmx,
windows 7
Friday, January 07, 2011
creating ISO file from bootable install media
As our company's secure VPN software doesn't work on my Linux box, I decided to install an XP VM to use as a launchpad to my corporate network. Unfortunately, VMware Player failed to install my XP with the message:
An error has been encountered that prevents Setup from continuing
One of the components that Windows needs to continue setup could not be installed.
The parameter is incorrect.
Press OK to view the Setup log file
The Main Issue
This indicated that either my media or the DVD drive was bad. To find out which one was the true culprit, I used my Macbook's Disk Utility to convert the XP installer CD to an ISO. You want to select an Image Format of "DVD/CD master", as shown in the graphic below:
As is my open source bent, I'd rather be using mkisofs, but I was under some time pressure to get some videos out the door. In any case, I scp'd the ISO version of the install CD over to my main box with VMware Player and low and behold, the ISO version worked just fine. So it looks like my bloody DVD drive is going! Off to Newegg..
In retrospect, the occasional problems I've been experiencing over the last two years with my bootable installs were now probably due to the DVD drive having trouble reading ISOs! Argh. I tell you, its tough being an idiot. Still odd, as the DVD burner works fine for recording and reading DVDs. It just doesn't seem to like booting install media. Ah well.
Another Problem Creeps Up on The Guy
While I was successful in installing the XP OS into a VM, once I started the VM and used it for its intended purpose, that of logging into my corporate network, up crops a problem with the Juniper client:
dshostchecker.exe has exited unexpectedly
logged to eacHttpNar.dmp
Double Yarg! This time, in order to resolve the issue, I decided to use a new OS as basis for a VM: Win7. I should have used in the first place, but the Win7 install takes 7GB and the XP install only takes 1.5GB, so I opted for the lighter XP.
Win7 to the Rescue!
As before, I converted the Win7 install media (a DVD) to ISO file using the Mac's Disk Utility. I copied the ISO to my main rig and lo and behold, the ISO installed perfectly into VMware Player. Lastly, I had no issues with my secure VPN installation.
Moral of the story: don't disregard a problem! It will bite you in the rear later!
Things I learned along the way
1) mounting a UDF disk
mount -t udf /dev/dvd /mnt/dvd
2) interesting scheme to use VMware as a host for Windows XP Linux Application
http://www.stat.ufl.edu/system/vmware.html
3) haven't tried this, but this link has a way to create a Windows bootable CD/DVD using mkisofs
http://hints.macworld.com/article.php?story=20080416134218704
4) Windows System Assessment Tool for Win7 comes on when the box is idle and consumes a shitload of CPU
- disable that f*ckr by following these directions
Tally Ho!
TAG
An error has been encountered that prevents Setup from continuing
One of the components that Windows needs to continue setup could not be installed.
The parameter is incorrect.
Press OK to view the Setup log file
The Main Issue
This indicated that either my media or the DVD drive was bad. To find out which one was the true culprit, I used my Macbook's Disk Utility to convert the XP installer CD to an ISO. You want to select an Image Format of "DVD/CD master", as shown in the graphic below:
As is my open source bent, I'd rather be using mkisofs, but I was under some time pressure to get some videos out the door. In any case, I scp'd the ISO version of the install CD over to my main box with VMware Player and low and behold, the ISO version worked just fine. So it looks like my bloody DVD drive is going! Off to Newegg..
In retrospect, the occasional problems I've been experiencing over the last two years with my bootable installs were now probably due to the DVD drive having trouble reading ISOs! Argh. I tell you, its tough being an idiot. Still odd, as the DVD burner works fine for recording and reading DVDs. It just doesn't seem to like booting install media. Ah well.
Another Problem Creeps Up on The Guy
While I was successful in installing the XP OS into a VM, once I started the VM and used it for its intended purpose, that of logging into my corporate network, up crops a problem with the Juniper client:
dshostchecker.exe has exited unexpectedly
logged to eacHttpNar.dmp
Double Yarg! This time, in order to resolve the issue, I decided to use a new OS as basis for a VM: Win7. I should have used in the first place, but the Win7 install takes 7GB and the XP install only takes 1.5GB, so I opted for the lighter XP.
Win7 to the Rescue!
As before, I converted the Win7 install media (a DVD) to ISO file using the Mac's Disk Utility. I copied the ISO to my main rig and lo and behold, the ISO installed perfectly into VMware Player. Lastly, I had no issues with my secure VPN installation.
Moral of the story: don't disregard a problem! It will bite you in the rear later!
Things I learned along the way
1) mounting a UDF disk
mount -t udf /dev/dvd /mnt/dvd
2) interesting scheme to use VMware as a host for Windows XP Linux Application
http://www.stat.ufl.edu/system/vmware.html
3) haven't tried this, but this link has a way to create a Windows bootable CD/DVD using mkisofs
http://hints.macworld.com/article.php?story=20080416134218704
4) Windows System Assessment Tool for Win7 comes on when the box is idle and consumes a shitload of CPU
- disable that f*ckr by following these directions
Tally Ho!
TAG
Labels:
disk utility,
iso,
iso file,
mac,
macbook pro,
mkisofs,
vmware,
vmware player,
windows system assessment tool
Subscribe to:
Posts (Atom)
Feel free to drop me a line or ask me a question.