Tuesday, July 25, 2017

before you go crazy check dnstracer

 # dnstracer -v old-releases.ubuntu.com  

don't forget the -v

 Tracing to old-releases.ubuntu.com[a] via 127.0.0.1, maximum of 3 retries  
 127.0.0.1 (127.0.0.1) IP HEADER  
 - Destination address: 127.0.0.1  
 DNS HEADER (send)  
 - Identifier:      0x3808  
 - Flags:        0x00 (Q )  
 - Opcode:        0 (Standard query)  
 - Return code:     0 (No error)  
 - Number questions:   1  
 - Number answer RR:   0  
 - Number authority RR: 0  
 - Number additional RR: 0  
 QUESTIONS (send)  
 - Queryname:      (12)old-releases(6)ubuntu(3)com  
 - Type:         1 (A)  
 - Class:        1 (Internet)  
 DNS HEADER (recv)  
 - Identifier:      0x3808  
 - Flags:        0x8080 (R RA )  
 - Opcode:        0 (Standard query)  
 - Return code:     0 (No error)  
 - Number questions:   1  
 - Number answer RR:   0  
 - Number authority RR: 4  
 - Number additional RR: 0  
 QUESTIONS (recv)  
 - Queryname:      (12)old-releases(6)ubuntu(3)com  
 - Type:         1 (A)  
 - Class:        1 (Internet)  
 AUTHORITY RR  
 - Domainname:      (6)ubuntu(3)com  
 - Type:         2 (NS)  
 - Class:        1 (Internet)  
 - TTL:         25923 (7h12m3s)  
 - Resource length:   6  
 - Resource data:    (3)ns1(3)p27(6)dynect(3)net  
 AUTHORITY RR  
 - Domainname:      (6)ubuntu(3)com  
 - Type:         2 (NS)  
 - Class:        1 (Internet)  
 - TTL:         25923 (7h12m3s)  
 - Resource length:   6  
 - Resource data:    (3)ns3(3)p27(6)dynect(3)net  
 AUTHORITY RR  
 - Domainname:      (6)ubuntu(3)com  
 - Type:         2 (NS)  
 - Class:        1 (Internet)  
 - TTL:         25923 (7h12m3s)  
 - Resource length:   6  
 - Resource data:    (3)ns4(3)p27(6)dynect(3)net  
 AUTHORITY RR  
 - Domainname:      (6)ubuntu(3)com  
 - Type:         2 (NS)  
 - Class:        1 (Internet)  
 - TTL:         25923 (7h12m3s)  
 - Resource length:   20  
 - Resource data:    (3)ns2(3)p27(6)dynect(3)net  
   
  |\___ ns1.p27.dynect.net [ubuntu.com] (No IP address)  
  |\___ ns3.p27.dynect.net [ubuntu.com] (No IP address)  
  |\___ ns4.p27.dynect.net [ubuntu.com] (No IP address)  
  \___ ns2.p27.dynect.net [ubuntu.com] (No IP address)  
   
   

Thursday, July 20, 2017

discover axis webcams when you're clueless

 AXIS cameras have a severe remote compromise bug. I guess the cameras need to be found and patched. But, you know, I don’t recall where they’re at.  
 Let’s find them.  
   
 I do not remember, off the top of my head, all the subnets around. Happily, I'm in a mixed shop and Active Directory Sites and Services tells me what subnets are which. Cool.  
   
 On an AD controller, run PowerShell and enable script execution.  
   
 > Set-ExecutionPolicy RemoteSigned  
   
 Run the following cmdlet:  
   
 [cmdletbinding()]  
 param()  
   
 $Sites = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites  
 $obj = @()  
 foreach ($Site in $Sites) {  
 foreach($sub in $site.subnets){  
   
  $obj += New-Object -Type PSObject -Property (  
   @{  
   "site" = $site.Name  
   "subnet" = $sub.name  
   }  
   )}  
    
  }  
 $obj | Export-Csv 'ADsites.csv' –NoType  
   
 The csv output shows:  
   
 "subnet","site"  
 "6.6.66.0/24","HELL"  
 "6.7.67.0/24","PANDEMONIUM"  
 "6.8.68.0/24","HELLS-GATE"  
   
 2. AXIS cameras have the following ports open by default:  
 TCP 21,80,554,49152  
   
 We can use nmap to discover and filter hosts that have the above:  
 $ nmap -p 21,80,554,49152 10.97.232.* -oG - | grep open | awk '!/closed/ && !/filtered/' >> axis  
   
 However, scanning UPnP port 49152 is unreliable. We could then narrow the ports, but we would be left with a guessing game as to whether or not the system is an Axis camera.  
   
 Luckily, Axis cameras all have a banner on FTP 21. It is either Axis or AXIS. This works better:  
 $ nmap -sS -sV -p 21 -n -Pn --script banner IPRANGE/CIDR -oG - | grep -i axis >> axis  
   
 To scan all the ranges, all we need to do is create a file and feed it the CIDR notated networks. I'm only concerned about my isolated networks, HELL and HELLS-GATE:  
   
   
 $ vi axis.subnet  
   
 6.6.66.0/24  
 6.8.68.0/24  
   
 Now, the completed command would be:  
   
 $ nmap -sS -sV -p 21 -n -Pn --script banner -iL axis.subnet -oG - | grep -i axis >> axis  

Wednesday, July 19, 2017

discover axis webcams

i'm just going to leave this here.

 nmap -sS -sV -p 21 -n -Pn --script banner -iL subnet.list -oG - | grep -i Axis > axis  

Wednesday, June 21, 2017

arg list too long. come on.

 bash-3.00# rm -rf *  
 bash: /usr/bin/rm: Arg list too long  
   
 what? 1000 entries is too much?  
   
 bash-3.00# find . -name '*' | xargs rm  
   

zgrep them all

 grep recursively through a whole lot of gz'd files.  
   
 # find -name \*.gz -print0 | xargs -0 zgrep "\<6.1.1.15>\"  
   

Tuesday, May 16, 2017

no studio 12.5 for you

The situation can be summarized as "you have installed Solaris Studio 12.5 on a platform, T1000, that is not supported". 

To give you a more detailed explanation of what is happening, everything starts from 

Bug 26080816 - "Backport 25993568 - man page for -xarch=generic is wrong for SPARC to 12.5" 

which has as base bug 

Bug 25993568 - man page for -xarch=generic is wrong for SPARC 

This last bug basically says that the man page for "CC", "cc" and "f90" compilers is wrong as it says that they have been compiled with the flag "-xarch=generic" while in the reality it has been compiled with "-xarch=sparcvis2". The usage of this last flag means that the aforementioned binaries coming with the Solaris Studio 12.5 installation need that the HW system they run on MUST advise VIS instruction set to be able to run on the system. 

After an internal discussion with Solaris OS and HW Support, it seems that T1 systems (so T1000 and T2000) do not advise VIS 

=============== 
The use of VIS instructions for Niagara is deprecated, the performance of even the implemented VIS instructions will often be below a comparable set of non-VIS instructions. so intentionally VIS was not enabled/advertised for T1 in hwcaps/isalist. 
T1 supports a subset of VIS1 and only the siam instruction from VIS2. And the OS fills in the gaps via software emulation for the rest. Those platforms are quite a bit past their "use by" date. And I've found that the very latest compilers don't even run on older versions of Solaris any more. 
=============== 

From Solaris Studio Support there was lack of information in the product release notes, therefore the following bug has been filed to document that T1000 and T2000 are not supported by Solaris Studio 12.5+ 

Bug 26080849 - Backport 26052198 - release notes need to warn about UltraSPARC T1 to 12.5 docs 

runas someone else

 runas /user:domain\username cmd.exe