Samsung S6 won’t charge – Only white lighting bolt battery symbol, no charge light!

Posted by Rob on 15 October 2017, 10:34 pm

So I had a Samsung S6 that would not charge, when you plugged it in, the white lighting bolt battery symbol came on but no charge led light. I suspected the charger or cable, but that didn’t help. I fast came to the conclusion it could be the USB port.

Reset Keys!
I then found some posts about ‘hard restarting’ the phone, by holding the home and power buttons together, it seems to work for some, but not me.

Factory Reset
Next was factory resetting the phone, by holding the home, volume up and power buttons together, no luck with this either. By this point the phone had no charge left at all, so it could be this may have helped but it was too little too late.

Wireless Charging
Next up was to try a wireless charger, yay! The phone started charging and is now working once more!

CLICK HERE for list of compatible Genuine Samsung and 3rd Party chargers for the Samsung S6 and similar phones on Amazon.

Hope this helps you!

Cisco ASA Unicast Reverse Path Forwarding Verification Was Disabled

Posted by Rob on 13 October 2017, 10:54 pm

If you have had a firewall audit, and your report states that ‘Unicast Reverse Path Forwarding Verification Was Disabled’ on your Cisco ASA then read on.

“Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the reachability of the source address in packets being forwarded. This capability can limit the appearance of spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. ” Cisco – https://www.cisco.com/c/en/us/about/security-center/unicast-reverse-path-forwarding.html#1

Within the Cisco ASDM, Unicast Reverse Path Forwarding Verification is referred to as Anti-Spoofing / IP Spoofing.

Unicast RPF can be configured on the ASA Security Appliance on a per-interface basis, in ASDM:

Or with the following command:

ip verify reverse-path interface interface_name

Enjoy.

Security Hardening – Apache and PHP Information Disclosure

Posted by Rob on 12 October 2017, 10:55 pm

Do you want to reduce the version information that Apache and PHP are providing in the HTTP headers? This may help.

/etc/apache2/conf-available/security.conf

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#ServerTokens Minimal
#ServerTokens Full
ServerTokens Prod

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#ServerSignature Off
ServerSignature Off

/etc/php5/apache2/php.ini

;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = Off

Formatting JSON with the Python JSON Tool

Posted by Rob on 11 October 2017, 9:39 pm

When working with web server JSON responses, if they span several lines with no ‘new line’ formatting they can be difficult to read. When JSON responses end up on the command line, it is possible to format them for easier reading.

Here I use a short output from the jsontest.com site as an example.

Copyable commands:

curl http://ip.jsontest.com/
curl -s http://ip.jsontest.com/ | python -m json.tool

For this, you will need python and mjson installed. Assuming you have python, you can check and install mjson as follows:

~$which mjson
~$

~$pip install mjson
--snip--

~$which mjson
/usr/local/bin/mjson

Hope this is of use!

Building a UK Street / Road Name Wordlist

Posted by Rob on 11 October 2017, 6:35 am

If you need to create custom dictionaries or wordlists, there are many options, in this case we were looking for UK specific street / road names.

You do not need to ‘scrape’ open street map for data, it is not ideal from their point of view or yours. As the data is open, they do actively provide downloadable exports (i.e an ‘.osm.pbf’ file) for different data sets.

Looking at a page of export data such as (http://download.geofabrik.de/europe.html) will enable you to find and download the correct file for your needs, and it can then be processed offline.

On Kali (or similar) you should have the osmosis package available which can be used to process Open Street Map data exports, filtering out only highways. Then with a little grep, these can be used to create steet / road name lists.

The same idea can be used for counties, towns, citys etc.

#Install tools
apt-get install osmosis

# Download a '.osm.pbf' file for your area: http://download.geofabrik.de/europe.html
wget http://download.geofabrik.de/europe/great-britain-latest.osm.pbf

# use a program like Osmosis to filter out only highways
osmosis --read-pbf file.osm.pbf --tf accept-ways highway=\* --write-xml myfile.osm

# From the resulting XML file, extract all names
grep 'k="name"' myfile.osm | cut -d\" -f4

You will likely find some slightly poor data within the file (at the time of writing), this is essentially down to user supplied data to the open street map project.

This however does not worry me overly for this usage case. You will find that some extracted data files are quite large, so remember to clean up when your done.

With thanks to: https://help.openstreetmap.org/questions/12121/scraping-open-street-map-for-uk-street-names

Monitoring network traffic with port mirroring

Posted by Rob on 10 October 2017, 11:10 pm

If you would like to monitor the traffic between two network devices or network segments, you will need to obtain access to the packet flow between the two hosts or network segments. In a virtual lab environment we have a number of options, and normally the opportunity to reconfigure things to get access.

In a production or more a physical environment, we may need to insert a network tap (however this would require disconnection of the link to connect the tap, and also an expensive tap) or configure the production switch to mirror traffic to an available socket on the switch.

Alternatively it is possible to configure a spare low cost switch such as the Netgear ProSAFE GS105E v2 to mirror a port, and then insert it like a tap. This process is also similar to what you would need to complete on a production switch.

First find the IP address of the switch. If you use a new ProSAFE GS105E, you may need to use the utility on a new switch, or configure your machine to access the default subnet 192.168.0.0/24 and connect to http://192.168.0.239 (the default ‘off network’ address of this switch).

Next, navigate to the “System” > “Monitoring” > “Mirroring”. Here we can define a ‘source port’ (1) where we want to monitor all traffic, next we select a destination port (5) that all traffic on source port (1) will be mirrored to. On the Netgear we also need to change the ‘Mirroring’ drop down to ‘enabled’.

If this was a production switch, we would be monitoring an already active port and using a spare (5) as the mirror for monitoring, in this case, I will connect ports 1 and 2 to a test network and an internet of things (IoT) device bridge that we are interested in monitoring. I will then connect my laptops network interface to port 5, the mirrored interface. (Remember, you are not connecting to the network here, you are monitoring a copy of the traffic flowing through port 1.

We therefore fire up Wireshark, selecting the correct physical interface that connects into port 5, and then monitor the network link with the promiscuous option selected.

Wireshark should show you the packets passing through port1, in this test environment you can see source address x.x.79.35 with packets heading to 192.168.3.10, and also 192.168.3.10 sending packets to x.x.79.35.

We can now happily inspect the traffic between this device and the network, we can see traffic flowing in both directions and at a high level see the two main IP addresses of interest, along with a data flow on UDP/2011 that can be further inspected.

Enjoy.

Firefox Captive Portal Detection and Burp Suite

Posted by Rob on 3 October 2017, 7:10 am

If you get requests like this in Burp, and you don’t need or want them…… you need to disable captive portal detection.

Eg:
GET /success.txt HTTP/1.1
Host: detectportal.firefox.com

There isn’t a easy checkbox to configure this, however it is possible to disable using about:config.

In a new tab, type about:config in the address bar and press Enter.
In the search box above the list, type captive.
Double-click the network.captive-portal-service.enabled preference to switch the value from true to false.

How to list a range of IP addresses with the Linux seq command

Posted by Rob on 1 June 2016, 8:55 pm

Ever needed to convert IP addresses that someone has written down into a list?
eg: 10.0.0.47 to 52 and 192.168.243.5 to 12

Try seq, as follows:

$seq -f "10.0.0.%g" 3 6
10.0.0.3
10.0.0.4
10.0.0.5
10.0.0.6

Or for my example:

$seq -f "10.0.0.%g" 47 52 ; seq -f "192.168.243.%g" 5 12
10.0.0.47
10.0.0.48
10.0.0.49
10.0.0.50
10.0.0.51
10.0.0.52
192.168.243.5
192.168.243.6
192.168.243.7
192.168.243.8
192.168.243.9
192.168.243.10
192.168.243.11
192.168.243.12

You could then redirect the output too:

$seq -f "10.0.0.%g" 47 52 ; seq -f "192.168.243.%g" 5 12 > ips.txt

Hope this is useful.

Viewing HTTP Headers on Linux with curl

Posted by Rob on 27 April 2016, 8:17 pm

If you want to identify the configuration options for STS etc, you will need to look at HTTP Headers. From Linux you can use curl. For HTTPS sites, you may want to consider the –insecure option if you have other cert issues to contend with.

~$curl -I https://jervis.ws/
HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 20:43:16 GMT
Server: Apache
Link: ; rel="https://api.w.org/"
Content-Type: text/html; charset=UTF-8

Testing for SMB null session

Posted by Rob on 26 April 2016, 7:15 pm

This affects older systems, however I needed this for a Windows 2000 system the other day. Yep, they are still about.

Here is a quick command line to create a null session:

net use \\IP_ADDRESS\ipc$ "" /user:""

How to access shares after creation of null session:

net view \\IP_ADDRESS

A little more info here if your interested.

JERVIS DOT WS

A techie’s thoughts and opinions on anything & everything that comes to mind, with a lean towards security