Sunday, October 30, 2011

Wireless Attack on Microsoft Peap - Part 1 of 3

Overview of Wireless Standard

In the standard security industry, we have heard about attack against WEP which I have discuss in my previous article WEP Hacking, WPA and WPA2 attack and also PEAP. Peap also known as Protected Extensible Authentication protocol protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel. It  was jointly developed by Cisco Systems, Microsoft, and RSA Security. You can find more information regard to PEAP here.

On this article, I am going to share with you on how to prepare a base attack machine against PEAP which use Microsoft Challenge Handshake Authentication Protocol V2 aka MSCHAPV2.

Before we start take a look at the picture below. The picture show where is the boundary and area that the attacker can launch the attack. This is a distance vector attack. You must have a very strong antenna or your physical location is close to the users.

Wireless Peap
1)Extract free radius by typing the following command tar -jxvf freeradius-server-2.1.7.tar.bz2
Extract Free Radius

2)Copy the patch free radius to the extracted folder by typing the following command mv freeradius-wpe-2.1.7.patch freeradius-wpe-2.1.7.patch/
Copy the patch free radius

3)You can start patch the server by typing patch -p1 < freeradius-wpe-2.1.7.patch
patch the server
4)After you have completed all the steps, you may start configure the free radius by issuing the following command .\configure && make && make install && ldconfig
Installing Crack version of freeradius
Configure bootstrap
Output of bootstrap
Copy certificate

You can also view my video channel @ Wireless Lan Attack.

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.

Saturday, October 29, 2011

Security Concern on Windows XP

Windows XP which it is a favorite operating system now have been become a decade old operating system. Windows XP have reach 10 years old and it is pretty long to carry an old technology. The security and vulnerability of the Windows XP increase year by years.As mention by Brandon's blog here, the software soon going to reach the EOS at 2014 and it is time to perform an upgrade to the latest version of the Windows operating system to meet the security compliance in the organization.

A recent security newsletter by Microsoft it show that Windows XP contribute more infection in malware, virus and worms than the rest of the operating system.It would be recommend to upgrade to the latest version.

So is it time to switch or do you plan on running Windows XP until your machine finally gives out and sputters its last blue screen of death? 

Overview of Windows XP Security threat

Malware Infection Rate

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.

Friday, October 28, 2011

Change Windows Server 8 to Old Desktop environment

As on previous blogs regard on Window Server 8 at New Windows Server Release by Microsoft article. I do have problem to find the shutdown button on the operating it self on the metro UI. But do you that we can do some minor changes on the registry and get back the old desktop windows environment?. After the changes, you can see the different on your task manager and also your windows desktop. This would be the exactly the same as you found in the Windows 7 environment.

Steps to change windows 8 setting:

1)in the registry, navigate to the path "HKEY_CURRENT_USER \Software \ Microsoft \ Windows CurrentVersion \ " and click on" Explorer ".On the right you will see the entry "RPEnable" and change the value to 0. You will notice an immediate effect on the server.There is no need to shutdown the windows server 8 to take effect.

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.

Thursday, October 27, 2011

Windows 7 Vs Windows 8 Memory Usage

I see there is slightly more memory usage on Windows 7 and Windows 8, but by the market price of today. I don't think that will be an issue. Anyway I have compare the 2 operating system as below.Click the picture above to see the difference.

Windows 7 vs Windows 8 Memory Usage
I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.

Wednesday, October 26, 2011

Packet Lost in Hyper-V VM

Hyper-V Server Overview

Part of the checklist implementation,the TCP Large Send Offload need to be set to disabled. It is not something new, everyone is writing and testing.Maybe the term you will see might not applicable when you are trying to transfer small files. You can test some of this behavior like in accessing the file and print services on the VM or you simulate a test to join the VM to the machine. You will see some packet lost during the period. If you do use wireshark to monitor the packet, you will see some of the packet is been alter with new information which mean data corruption. The feature can be disable in the device manager.

Monday, October 24, 2011

Ipad 2 Smart Cover Vulnerabilities

We all get excited when the IOS 5 release with new feature and also enhancement on the product. In the "I" family, each of the product is protected by the 4 digit number. You can set the configuration to erase any data upon 10 invalid logon. In the previous physical hijacking, we can reset the password with some tools for ipad1, but now seem we just need to invest on the Smart Cover.

The vulnerabilities which was found 3 days back, we can logon to any iPad 2 devices with some steps.You can test this on your own Ipad 2.

How to re-create the issues:

1) Lock a password protected iPad 2

2) Hold down power button until iPad 2 reaches turn off slider

3) Close Smart Cover

4) Open Smart Cover

5) Click cancel on the bottom of the screen

There is some mitigation plan to secure the devices by disabling Smart Cover unlocking in the iPad 2 settings menu under the General tab.I will keep you guys posted if there is a permanent fix from apple.

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you

Microsoft Hyper-V 3.0

I have re-blog the above article from Michael Otey. I see the content is pretty good for you guys to know what you are going to expect from the Microsoft Hyper-V 3.0.

"At the recent Windows Server Workshop at the Microsoft campus in Redmond Washington Jeff Woolsey, Principle Program Manager Lead for Windows Virtualization in the Windows Server and Cloud division presented the new features in the next version of their Hyper-V virtualization platform. In the introduction to the workshop Jeffery Snover, Distinguished Engineer and the Lead Architect for the Windows Server Division made the bold statement that with Microsoft it’s the third release is where Microsoft really gets it right and with regard to what Microsoft demonstrated in the next version of Hyper-V this is definitely true. The upcoming Hyper-V 3.0 release that’s included in the next version of Windows Server has closed the technology gap with VMware’s vSphere.

Hyper-V 3.0 Scalability
The days when Hyper-V lagged behind VMware in terms of scalability are a thing of the past. The new Hyper-V 3.0 meets or exceeds all of the scalability marks that were previously VMware-only territory. Hyper-V 3.0 hosts support up to 160 logical processors (where a logical processor is either a core or a hyperthread) and up to 2 TB RAM. On the VM guest side, Hyper-V 3.0 guests will support up to 32 virtual CPUs with up to 512 GB RAM per VM. More subtle changes include support for guest NUMA where the guest VM has processor and memory affinity with the Hyper-V host resources. NUMA support is important for ensuring scalability increases as the number of available host processors increase. 

Multiple Concurrent Live Migration and Live Storage Migration
Perhaps more important than the sheer scalability enhancements are the changes in Live Migration and the introduction of Storage Live Migration. Live Migration was introduced in Hyper-V 2.0 which came out with Windows Server 2008 R2. While it filled an important hole in the Hyper-V feature set it wasn’t up to par with the VMotion capability provided in vSphere. Live Migration was limited to a single Live Migration at a time while ESX Server was capable of performing multiple simultaneous VMotions. In addition, vSphere supported a similar feature called Storage VMotion which allowed a VM’s storage to be moved to new locations without incurring any downtime. Hyper-V 3.0 erases both of these advantages. Hyper-V 3.0 supports multiple concurrent Live Migrations. There are no limits to the number of concurrent Live Migrations that can take place with Hyper-V 3.0. In addition, Hyper-V 3.0 also provides full support for Live Storage Migration where a virtual machine’s files ( the configuration, virtual disk and snapshot files) can be moved to different storage locations without any interruption of end user connectivity to the guest VM.
Microsoft also threw in one additional twist that vSphere has never had. Hyper-V 3.0 has the ability to perform Live Migration and Storage Live Migration without the requirement of a shared storage on the backend. The removal of this requirement really helps bring the availability advantages of Live Migration to small and medium sized businesses that came afford a SAN or don’t want to deal with the complexities of a SAN. The ability to perform Live Migration without requiring shared storage really sets Hyper-V apart from vSphere and will definitely be a big draw – especially for SMBs that haven’t implemented virtualization yet.

VHDX, ODX, Virtual Fiber Channel & Boot from SAN
Another important enhancement with Hyper-V 3.0 was the introduction of a new virtual disk format called VHDX. The new VHDX format breaks the 2TB limit that was present in the older VHD format and pushes the maximum size of the virtual disk up to 16 TB per VHDX. The new format also provides improved performance, support for larger block sizes and is more resilient to corruption.
Hyper-V 3.0 also supports a feature called Offloaded Date Transfer (ODX). ODX enables Hyper-V to take advantage of the storage features of a backend shared storage subsystem. When performing file copies on an ODX enabled SAN the OS hands off all of the data transfer tasks to the SAN providing much high file copy performance with zero to minimal CPU utilization. There is no special ODX button. Instead ODX works in the backend. ODX requires the storage subsystem to support ODX.
Companies that use fiber channel SANs will appreciate the addition of the virtual Fiber Channel support in the Hyper-V guests. Hyper-V 3.0 guests can have up to four virtual fiber channel host bus adapters. The virtual HBAs appear in the VMs as devices very like virtual NICs and other virtual devices.
In another storage related improvement Hyper-V VMs will also be able to boot from iSCSI SANs.

Extensible Virtual Switch & NIC Teaming
In keeping par with the sweeping changes in Hyper-V’s compute capabilities and storage Microsoft also made a some of significant enhancements to Hyper-V’s networking capabilities. First, they updated the virtual switch that’s built into the Hyper-V hypervisor. The new virtual switch has a number of new capabilities multi-tenant capability as well as the ability to provide minimum and maximum bandwidth guarantees. In addition to these features the new virtual switch is also extensible. Microsoft provides a API that allows capture, filter and forwarding extensions. To ensure the high quality of these virtual switch extensions Microsoft will be initiating a Hyper-V virtual switch logo program.
Another overdue feature that will be a part of Windows Server 8 is the built-in ability to provide NIC teaming natively in the operating system. VMware’s ESX Server has provided NIC teaming for some time. Prior to Windows Server 8 you could only get NIC teaming for Windows via specialized NICs from Broadcom and Intel. The new NIC teaming works across heterogonous vendor NICs and can provide support for load balancing as well as failover.

The Magic Number 3
As Jeffery Snover pointed out three does seem to be the magic number – at least for Hyper-V. Hyper-V 3.0 brings Microsoft’s virtualization on par with VMware’s vSphere. Businesses that are just getting into to virtualization or those businesses that may be bulking at VMware’s latest price increases will find Hyper-V to be a very cost effective and highly competitive alternative."

Sunday, October 23, 2011

Window Server 8 Performance Improvement

It is been a while the product have been release for a test, but have you ever thought what are the improvement have on the latest version they have?. Look at the graph that have been presented during the buildwindows conference. The cpu and memory have been increase on each of the product release.

One of the screenshot that I had was, how it look like if you have a lot of logical processor in your windows server.

There are also a demand on the vCPU for the guest operating system where by it utilize 4 of the vCPU in the previous version. But don't worry in the latest version they do support more than enough for your VM to sustain and this is also mean that you can reduce the number of windows licenses needed to host for another VM.

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.

Thursday, October 20, 2011

Overview Of Hyper-V Patches Update

Have you wonder how many patches have been release since 1st October2009 till today 14th September 2011? You be quite surprise with the number patches they have till now. The most patches they have will be hotfix and mostly of them we don't install if we don't hit to the specific error. The chart below show the number of analysis of the patches that have been released. If you notice, there is quite a minimum patches for security vulnerabilities. 

Summary of Microsoft Patches

You can find more information regard to the patches on what it does and what it fix at

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.

Tuesday, October 18, 2011

Task Manager improvement in Windows Server 8

Although this is not a big topic, but I see it is good to be shared. Task manager is the most common application that is use for the system administrator to check for server performance, hung process and etc. But in the previous version on Windows 7 it is much better than the previous version.

But it is still a bit complicated to use when you will like to check which application that use a lot of CPU, memory , disk and network. Although it is embedded into the task manager which we call resource monitor.

This is what it look like in resource monitor and it contain too much detail. On the latest enhancement on the task manager Microsoft have change the UI to have a better user experience.

In the latest version of Window Server 8, the UI change.The objective will be always to target what you want to view.
If you click on the more details it will bring you to another screen.

Processes Tab

Performance Tab
1)It sure have a neat interface and if you see on the left hand bottom, launch resource monitor. This is the same as on the previous windows server version.

Users Tab

Detail Tab

 Services Tab

Windows Authorization Manager in Hyper-V using Active Directory

As per mention in my earlier port, we can use  AZMAN as base to control user access base on the requirement, however if your have a lot of team member that need to manage the server you have a nightmare in managing different authorization store.

In Windows 2008, we can store authorization store into Active Directory Database. Before this can be implemented, you must make sure the active directory must be at least at windows 2003 functional level.

Before you do so, you will need to download the sample script Authorization Store Script.Once you have download it, store into c:\.

Now we are ready to install the component
1)Open cmd and type the following command as below. The command will create a store inside active directory database.
2)If the command successful, you will get the following screen.
3)To make sure, the data have been created inside Active directory, open the Active Directory user & computers (dsa.msc) and click view and enable advanced feature. You shall see what you have just created.
4)In order to configure the hyper-V server to use the role base access control, you need to configure the path into the virtualization keys as shown as below. The path of regedit is at HKLM\Software\Microsoft\Window NT\Currentversion\Virtualization and modify the value in the storelocation key.Please take note , wrongly configuration will cause VM can't be started

5)Now should be able to see the configuration inside the azman. You can open the azman and verify the configuration by typing azman.msc. Now you will need to open the authorization store inside the active directory as what you have configure.
6)In the previous example, I have show you the local store and this example will be from active directory.There is also option for MSSQL, but I think this option will use a lot of network traffic.

7)Now you will need to configure the azman to let the user computer to have a read access to your active directory. To do that, you will need to open the security tab from the azman property.

the computer name will be the hyperv server name that you will like the azman feature to be effective.

8)The next step will be restarting the hyper-v services as shown as below.

In the next article I will show you how to configure the roles to be given to the administrator team. Overall I see the azman is a good feature, but then again , if your infrastructure is not been secure it might become a nightmare for you. In this cases, Active Directory need to be properly manage, if there is corruption into it, your hyper-v services might be interrupted. From security standpoint, I won't be recommend this as there is dependency on the Active Directory. But I am not saying we can't use it, we just need to have a better planning in term of securing the AD.

Saturday, October 15, 2011

Removing / Adding GUI from Windows Server 8

As feedback from all of IT users all over the world, we know that in the previous version of Windows Server 2008/ 2008 R2 it does provide full installation mode and also core system. However, they are some weakness in term of both installation mode. The weakness will be, if we choose the wrong installation mode, we have no way to change it unless we reinstall the entire operating system.

In the latest beta version of Windows Server 8, it does provide the ability to change between core and full GUI.

The screen below is shown on a operating system which have been installed with "On Demand Feature". You have 2 ways to remove the GUI , either by using server manager or powershell.

Result of removing GUI from the system, you will find the following:
1)Servermanager.exe can't be executed on on demand feature operating system
2)Metro UI will be removed
3)Explorer and internet explorer will be remove
4)Patching will be 50% lesser
5)Surface attack will be minimize

On my personal preference, I will prefer to use the powershell as it offer a limited steps to achieve the results.

Removing GUI using Server Manager 

Removing GUI using POWERSHELL

1)import-module servermanager
2)remove-windowsfeature server-gui-shell

3)Once you hit enter, you will see the removing screen

4)Upon completion of the process, you will be ask to restart the server as shown as below. You can issue the command shutdown -r -f -t 0

Now what you have learn is to remove the GUI using server manager & powershell, the above steps will teach you how to activate back the GUI Shell.

1)The step is similar to removing steps, please make sure you restart the server for it to take effect.

2)import-module servermanager

3)add-windowsfeature server-gui-shell

4)Reboot the server by typing the command shutdown -f -r -t 0

Stay tune with my next articles. Let us know what you though , learns and hope for next articles!. Connect with us on GOOGLE+ , TWITTER and FACEBOOK.