network-manager only works with systemd

I still resist to systemd because initd just works great, i consider it mature enough and more secure, and i got a surprise when i wanted to keep initd with network-manager because it seems that network-manager now only works with systemd…. sad sad news.

But well, who knows, destiny calls.

Investigating a little i found another alternative network manager which looks pretty nice (for me), it is called wicd.

To add wicd to the fluxbox try:

vi ~/.fluxbox/startup

Add:

wicd-client -t &

 

 

 

 

Advertisements

Puppet agent: Exiting; no certificate found and waitforcert is disabled – Solution

After installing a brand new puppet master and client you may want to test the communication between them.  First you setup variable “server” in /etc/puppet/puppet.conf

Screenshot from 2017-09-21 16-19-34

You should have the puppetmaster or puppetserver up, in the same or other machine.  In this case i have setup a second independent server called “puppet01”.  If in doubt, you can test the connection to the default puppet port TCP 8140.

Screenshot from 2017-09-21 16-21-03

And it could happen that you get this error:

Screenshot from 2017-09-21 16-19-13

This happens because the puppet agent tries to reach the puppet master to receive the catalog which is later applied.  But this can happen if the master allows the certificate from the agent (client), the solution is to query the Puppet Server and see which certificates are pending to be approved:

puppet cert list

Screenshot from 2017-09-21 16-27-56

Your output may be slightly different, but the idea is the same.  If you want to allow this agent to get the catalog then you can accept this certificate.  Notice that the servername should be the same.

puppet cert sign <servername>
puppet cert sign puppet02.argentina

Or you could just accept all the certificates at once:

puppet cert sign --all

Screenshot from 2017-09-21 16-40-17

 

Installation script to add packages from Cran R

If you use the free software cran R to do data analysis and you are also that kind of person that likes to have the last version then you may be interested in this.  Many times i compile the last version of Cran R from scratch but have the problem that many packages are not automatically available for that version yet, the only solution is to download and compile them manually which is a lot of effort given all the dependencies.

I know that this is not a great solution, but it saved me a lot of time, it can be improved.

First you will need an index from the packages, you can create it so:

wget "https://cran.r-project.org/src/contrib/" -O pkgs.txt

And then you will have to run these lines a few times until all the dependencies are installed:

INSTALAR="ggplot2_2.2.1.tar.gz";
R CMD INSTALL ${INSTALAR} 2> /tmp/err
while [[ `cat /tmp/err | grep ERRO | wc -l` -ne 0 ]]; do
 i=`cat /tmp/err | grep "ERROR" | sed 's/.*dependenc[a-z]\{1,4\} //g' | sed 's/’ [are |is ].*//g' | sed 's/[,’‘]//g' | cut -f1 -d" "`;
 echo "Installing dependency $i";
 PP=`cat pkgs.txt | grep "^${i}_"`;
 if [ ! -e $PP ]; then wget "https://cran.r-project.org/src/contrib/$PP" -O $PP; fi;
 echo "Installing ${PP}";
 R CMD INSTALL ${PP} 2> /tmp/err;
done

If you want to install the “ggplot2” package, just put the package name in the variable “INSTALAR” and run the script.

 

Basic windows 7 exploitation analysis

As a System Administrator i realized that we can move through different specializations even it is not our primary role, that is interesting because one can never say that is bored!

I have seen many tutorials about exploit analysis, more about linux and less about windows but all of them very good.  I have studied this subject for a long time but only now i will share some words which may probably have been already said, but i hope this post helps somebody to understand with another example.  In the other hand, i share how i did things (which compiled i used, debugger)  there are many ways to do the same and that is not teached in books.

  1. Get a Windows 7 Professional.
  2. Get a ansi c compiler: Dev-Cpp but can also be Visual Studio 2017.
  3. A debugger (Ollydbg or Immunity).

Create a vulnerable program in C:

Screenshot from 2017-08-10 14-55-59

This is the source, you can copy and paste it:

#include <stdio.h>
#include <string.h>
void doit(char *buffer) {
 int i = 0;
 for(i = 0; i < 30; i++) {
 buffer[i] = 'A';
 }
 printf("Done doit %s !\n", buffer);
}
void main() {
 char buffer[10];
 doit(buffer);
 printf("Done main!\n");
}

Now if you compile and test it the program will crash:

Screenshot from 2017-08-10 14-58-51

Lets debug the program and see how this bug can be exploited:

Open the test2.exe file with the debugger of your choice, i will show the examples with Immunity Debugger.  Then step forwared with F8, the .exe will do some initial stuff:

Screenshot from 2017-08-10 15-16-23

The debugged program is displayed in Assembler.  When a function is called in Assm, this is done with the “CALL” instruction, when a Call instruction is executed then the Next line of the code (the next one after the function call) will be stored in the Stack.  This is done so the program can keep from the point where it left, when the function call finishes its work.  This step in particular is done automatically, i guess it is done by the CPU but i am not sure.

When a function is called, the Stack is used to store:

  1. Internal buffers and variables
  2. Saved EBP
  3. The return address

Our stack looks like this in this moment:

Screenshot from 2017-08-10 15-30-14

Then this function doit() is called:

Screenshot from 2017-08-10 15-36-36

Again, the “call” instruction automatically stores the Return Address and the Stack looks like this:

Screenshot from 2017-08-10 15-45-10

As told before, the function saves the Return Address into the STACK, then it saves the EBP (Base Pointer) and space for the variables.  Look that the Stack is a FIFO (First In First Out) Stack.

Screenshot from 2017-08-10 15-58-47

In this function, 30 characters ‘A’ (0x41 in hex) are stored into a variable of size 10, this causes the out of bounds overwrite.  Look the previous picture, where the return address was located in SP:28FECC now it says 41414141 (these are the ‘A’s) and this will cause the program to try to jump to that address and an error.

Screenshot from 2017-08-10 16-01-53

But not so fast, when the function ends, the “LEAVE” instruction is executed and the control of the program returns to the place it came from (Stack Pointer: 28FE9C) this is done by the RET instruction that takes the address in the SS:SP (Stack Segment:Stack Pointer) and continues there.  In this case it is 0040155A.

Screenshot from 2017-08-10 16-11-33

Finally, once in the Instruction Pointer 0040155A the instructions are a LEAVE and finally a RETN.  The LEAVE at 00401566 expects a return address at 0028FEC8 but there we wrote illegally a lot of ‘A’ (0x41 hex) which will exploit the program.

Screenshot from 2017-08-10 16-17-04

Like before, the RET instruction says “where should i go now ?”  It knows that the address should be in SS:SP but our SS:SP is contaminated with noice…. so occurs a Stack Based Buffer overflow.

Compiling CRAN R from scratch (and possible workarounds)

Download the CRAN R source here.

Just compile it:

cd R-3.4.0/
./configure
make

Now the possible workarounds:

Problem #1
configure: error: No F77 compiler found
Solution: apt-get install gfortran
Problem #2
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
apt-get install g++
Problem #3
configure: error: --with-readline=yes (default) and headers/libs are not available
apt-get install libreadline-dev
Problem #4
configure: error: --with-x=yes (default) and X11 headers/libs are not available
apt-get install xorg-dev
Problem #5
checking whether bzip2 support suffices... configure: error: bzip2 library and headers are required
apt-get install libbz2-dev
Problem #6
configure: error: "liblzma library and headers are required"
apt-get install liblzma-dev
Problem #7
checking whether PCRE support suffices... configure: error: pcre >= 8.10 library and headers are required
apt-get install libpcre++-dev
Problem #8
configure: error: libcurl >= 7.22.0 library and headers are required with support for https
apt-get install libcurl-dev
Problem #9
make[4]: *** No rule to make target '/usr/include/pango-1.0/pango/pango.h', needed by 'devX11.o'. Stop
apt-get install libpango1.0-dev
Problem #10 - Obtain jdk from the Oracle Website
*** Please make sure 'java' is on your PATH or set JAVA_HOME correspondingly
export JAVA_HOME="/opt/java/jre/"
export PATH=$PATH:$JAVA_HOME/bin

 

 

Deploying an application in shinyapps.io

Once you have tested the application locally, you can deploy it to shinyapps.io.

library(rsconnect)
> rsconnect::setAccountInfo(name='twilightzone',
 +   token='A257B319BB30EC2A77556E2062387E43',
 +   secret='<secret>')
deployApp('/home/walter/github/viz1/shiny3')

And then you can access the application through a browser.

Installing R Shiny on Linux

After opening and making free some data i wanted to visualize it with R Shiny.  But i had to manage with some errors, here i share the errors and how i fixed them. First, i need the rsconnect package, but i get this error message:

package ‘rsconnect’ is not available (for R version 3.1.1)

So i will do it from scratch:

wget https://cran.r-project.org/src/contrib/RCurl_1.95-4.8.tar.gz
wget https://cran.r-project.org/src/contrib/rsconnect_0.8.tar.gz
wget https://cran.r-project.org/src/contrib/PKI_0.1-3.tar.gz
wget https://cran.r-project.org/src/contrib/base64enc_0.1-3.tar.gz
wget https://cran.r-project.org/src/contrib/RCurl_1.95-4.8.tar.gz
wget https://cran.r-project.org/src/contrib/bitops_1.0-6.tar.gz
wget https://cran.r-project.org/src/contrib/RJSONIO_1.3-0.tar.gz
wget https://cran.r-project.org/src/contrib/yaml_2.1.14.tar.gz
wget https://cran.r-project.org/src/contrib/rstudioapi_0.6.tar.gz

Installing the packages:

R CMD INSTALL RCurl_1.95-4.8.tar.gz
R CMD INSTALL base64enc_0.1-3.tar.gz
R CMD INSTALL PKI_0.1-3.tar.gz
R CMD INSTALL bitops_1.0-6.tar.gz
R CMD INSTALL RJSONIO_1.3-0.tar.gz
R CMD INSTALL packrat_0.4.8-1.tar.gz
R CMD INSTALL yaml_2.1.14.tar.gz 
R CMD INSTALL rstudioapi_0.6.tar.gz
R CMD INSTALL rsconnect_0.8.tar.gz

Here you may get this error:

pki.h:11:25: fatal error: openssl/err.h: No such file or directory
 #include <openssl/err.h>

Solution:

apt-get install libssl-dev