HVAC System that was not patched - Exploitable via ms08_067_netapi

This HVAC system is vulnerable. It controls the entire data centers servers and networks. This is controlled by an outside vendor.

Determining OS type with a Ping

TTL=64 = *nix - the hop count so if your getting 61 then there are 3 hops and its a *nix device. Most likely Linux.

TTL=128 = Windows - again if the TTL is 127 then the hop is 1 and its a Windows box.

TTL=254 = Solaris/AIX - again if the TTL is 250 then the hop count is 4 and its a Solaris box.

 

 

Be Careful filling out Domain Registration information

I just updated my information at Register.com and now I am getting phone phishing attacks. I used my cell phone initially but then change to my home phone. Guess what? I am now getting the phishing attacks on my house phone. Looks like I will be transferring or paying for the additional security.

Using OSSEC for HIPS solution

OSSEC is a Host-based Intrusion Detection System (HIDS) however when using it with iptables I have been able to make it work like a Host-based Intrusion Prevention System (HIPS). A foreign address can scan my server and the OSSEC software will detect it and place the ip address into the iptables for a period of time. When no more scan activity is present the iptables will drop the ip address from the table and will allow that foreign host to communicate to the server. I like this method however you have to be careful not to promote your own denial of service with this.

Create MySQL database and assign grant privledges

Log into mysql
We are going to create the database named ISinfo with a username of ISinfo

mysql> mysql> create database ISinfo;
mysql> CREATE USER 'ISinfo'@'localhost' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'ISinfo'@'localhost'WITH GRANT OPTION;
mysql> CREATE USER 'ISinfo'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'ISinfo'@'%'WITH GRANT OPTION;

% means all machines.
localhost means the user can only log in from the mysql server

MySQL Change root Password

mysqladmin command to change root password

If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. To setup root password for first time, use mysqladmin command at shell prompt as follows:

$ mysqladmin -u root password NEWPASSWORD

However, if you want to change (or update) a root password, then you need to use following command

$ mysqladmin -u root -p'oldpassword' password newpass

For example, If old password is abc, and set new password to 123456, enter:

$ mysqladmin -u root -p'abc' password '123456'

How to remove a dll like ddnsfilter.dll

First its handy to have pstools installed but not necessary.

Bring up a command shell -> Start -> Run -> cmd

type> tasklist /m ddnsfilter.dll

or
C:\WINDOWS\system32>tasklist /m ddns*

Image Name PID Modules
========================= ====== =============================================
svchost.exe 1548 ddnsfilter.dll

Second find the path of the file through windows explorer so you can highlight and delete after killing the 1548 process id or PID
Now if you have pstools

>pskill 1548
or
>taskkill /PID 1548 /F

How to spot bad dll files in the Windows/system32 file structure

First make sure you can view all files by going to Tools and Folder Options, View and Select Show hidden files and folders.

Apache VirtualHost tip

I found this the hard way but when you create your virtual host and you want to point actually to the ip address of your network for security purposes us a name because when you go to upgrade to another box you can copy your config and then just change the host name in /etc/hosts

i.e.
http.conf file
VirtualHost webserver:80

/etc/hosts

10.2.2.1 webserver