Round up to Fall

I don’t know about you, but it has been pretty damn warm around here lately. In respect to Fall, Southern Tier: Pumking is out again. I have bought a few 4 packs and enjoyed them rapidly. The Mrs had a few but I kicked the last 4 pack solo in the night, last week.

Haha. So yeah when not working, I have been playing a few games and flying a DJI Spark drone. I have about 4 hours of flight time and am having fun dabbling with recording video, taking pictures, testing range and flight maneuvers. Game wise, I fly my drone like I’m playing Watchdogs 2. Granted I have not strapped a Wifi Pinapple to it (yet).

Captain Toad: Treasure Tracker is awesome. I love that game and I think I made that apparent in it’s thread. I also have about 9 hours into Octopath Traveler. I got it a few weeks after it released but I am enjoying it so far. Good story, each character has their quest line / initial meet sequence, the battle system is pretty good with it’s accrued tactical points and well, I was impressed and liked it much more than I did the demo.

I heard Diablo III / Diablo 3 is coming to Switch. I’m a sucker for portable dungeon crawling so count me in there. Rumor has it you can play local multiplayer without an internet connection too. If I come to your house to visit you, get a Switch lol we can slay some demons and shit.

Reminder I still have HouseOfPlus.com thanks to ImmortalBob scoring the domain back. If anyone is playing games and wants to network it up, go nuts those forums are all you. You are welcome to post here too, obviously if you have an account still but I know it’s wild here.

I’m chilling for now but may have some more content going up soon. Mostly random stuff I wish I saw around more. I gotta finish this beer since the cat almost knocked it over. We might get around to watching John Wick tonight. Netflix horror movie selection, kind of sucks.

Original Thread

Make a VM Lab for Active Directory

Ad Build Guide:
Primer:  I see quite a few people talk about wanting to do vulnerability research, yet not having much Windows exposure.   It could be heavy bias on my part but for the roles i have seen, Windows is pretty dominant in the wilds of the business world.  The intent here is to learn more about Windows domain environments by building a test environment of our own to test on.  Disclaimers apply to why we want to make a test environment: I really really really do not want to read about you getting arrested for poking a stick at some Windows environment you found in the wild, without having been granted permission to do so.  It is really minor effort to find a server with Remote desktop protocol port open to the internet.  Granted at this point in time, that should be considered negligence on the part of sites with that port open, but alas, that would not work as a defense for your sake.
I have intended to write this guide with a minimal technical background being required, for the sake of welcoming more people to utilize it.

Now that we got out of the way, let us start with the hardware and software used to build your Virtual Machine lab.
+ A modern desktop or laptop running an x64 processor.  You can be running Windows, Linux or OS X for your desktop operating system, as we are going to use VirtualBox to build the VMs.  The following guidelines can be applied to your Virtualization platform of choice, but I like VirtualBox for sake of cross-OS Virtual Machine migration and price point for running VirtualBox.
+ 16 GB RAM or more is preferable.  You could get by with less but may find your VMs running low for resources and have less options for multiple, concurrent running VMs.
+ A SSD drive.  Running on an SSD will greatly speed up time to copy an existing VM and also improve desktop performance of the VMs.  You can get by on a HDD, but you will wait much longer to clone a virtual disk image and your virtualized desktop OS might be laggy.

Getting started, we want to install VirtualBox, make sure VT-x support is enabled (likely a BIOS setting you can set when your PC is booting up) and to download Windows Server 2016.  We could go with older versions of Windows and poke those with a security stick, but if you are trying to get some viable business experience, I would jump into the more recent OS, particularly as many businesses have been lagging on their migrations from older Windows Server versions.  There is no shame in learning and trying to also be marketable at the same time.

  • VirtualBox:

https://www.virtualbox.org/wiki/Downloads

  • Windows Server 2016

Download the ISO image. https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016/
This will give you a 180 day trial install.  So long as not doing so on the Domain Controller server with that role active, you can Sysprep the install to reset the timer and OS back to it’s initial state.  More on that further in this guide.

While those download and you install VirtualBox, let’s step back to overview your intent with this test lab.  We are installing an initial Windows Server 2016 virtual machine.  Once that is up, we will clone that image so we have a master control image.  For the sake of this lab, let’s leave the Master image intact then create 4x master clones.  I’m going with 40 GB disk size for the VM, so roughly 200 GB will be used.

  • Master Image (Do not change once all patched)
  • Windows Domain Controller
  • Microsoft SQL Server
  • AppServer.  This is optional if you want to save space and piggy-back your potential test application from the SQL VM.
  • Client machine.  Not necessarily on the domain.  This will be your client device / scan box / non-domain network sniffer.

Let’s get started:
From VirtualBox, click the New button to create a new Virtual Machine.  Type: Microsoft Windows, Version: Windows 2016 (x64).  Name this initial VM ‘masterControlImg’ for sake of reference.  Click the box for ‘Create a virtual hard disk now’.  Let’s set the Memory option to ‘2048’ AKA 2 GB. Then click ‘Create’.  I want to add a note that the virtual machine name you enter here will also be the subfolder in your VMs folder for VirtualBox on your storage drive (on your actual main machine).  You will get weird errors if you try to make a VM the name of a folder that already is in that folder.  FYI to save you headaches on that note.
Next will be the Create Virtual Hard Disk screen.  Leave the path as-is since it will match the prior line about being in a folder named to your VM, ‘File size’ of 32 GB is fine (but I suggest 40 GB for when you start adding Active Directory services and Replication), ‘Hard disk file type’ to the default of VDI (VirtualBox Disk Image) is good, as is the ‘Storage on physical hard disk’ remaining set to Dynamically allocated.  Good, now we can press ‘Create’ on the virtual hard disk screen.

Now that VM is created, let’s go into it’s settings then onto the Storage tab.  The second drive should be a CD icon and on the right side you will see a drop-down when you click the CD icon.  Select ‘Virtual Optical Disk File…’ then browse on your local computer to where you saved that Windows Server 2016 ISO, click OK until you are back to your VMs listed on the ‘Oracle VM VirtualBox Manager’.

With the ISO mounted for Windows Server 2016, boot your VM to install.  Hurry up and wait.  Follow the prompts (you want Server 2016 with desktop experience) and select an Administrator password.  For the sake of this lab, we can use ‘Babydonthurtm3!’ without the quotes.
You will want to take note of this for later use, as this is the local administrator account for this install and your cloned virtual machines.  Wait for the installer to finish and when done, it will let you login and see your desktop.

0A01-VB_MakeVM_Template.png

0A02-VB_CreateVirtHD.png

0A03-VB_VMSettingsMenuDrop.png

0A04-VB_StorageSettingsCD.png

0A05-Mount_ISO.png

0A06_ISO_Mounted.png

0A07-StartVM_forOSInstall.png

Now the install process for Windows begins.

0A08-VM_Win2016Inst_01.png

0A09_VB_SelectOSInstall.png

0A10_WinInstallType_Custom.png

0A11_WhereInstallDriveSelect.png

0A12_InstallerProgressDetails.png

0A13_AfterReboot-SetLocalAdminPass.png

End of the Windows install process.  Let us login to this VM.

0A14_WindowsLogin_LocalAdmin.png

Minimize Server Manager for now.  We do not want to add any roles or features yet.

0A15_ServerManagerConsole.png

0A16_Desktop_LE-Version.jpg

Clicking the Settings Gear, we want to install Updates for our Template OS.

0A17_WindowsUpdates_Server2016.png

This will likely take quite some time.  Better to do it now than to need patching every other machine we make as well.

0A18_PatchesInstallingWinUpdates.png

Install the most recent windows update patches, reboot and log back in.  Once the patches finish, shut this VM down.  Avoid booting this VM into windows, since it will be our Source VM for new instances.
Then back on the Oracle VirtualBox VM Manager, go to Settings for your VM, then Network.  Change the Attached to from NAT to ‘Internal Network’.  You can make a custom name for ‘intnetLab01’ for ease of reference later, if you expand your VM labs.  This setting will allow all the other VMs we spawn to communicate with each other.  If you forget to do this step later for other VMs, come back here if you wonder why your VM cannot see the Active Directory Domain Controller.

Clone machine image prompts:

01-VB_CloneVM.png

01-VB_CloneVM_MenuDrop.png

02-VB_formCloneVM.png

03-VB_NamedClone.png

04-VB_FullCloneOpt.png

05-WaitCloning_Progress.png

With all of this done, let’s make a clone of this VM.  We will name this Clone ‘WinDC01_testFTB’ or the like, as it will be the Primary Domain Controller for our Windows Domain.  Be sure to check the ‘Reinitialize the MAC address of all network cards’ because you do not want the same MAC address trying to talk to another computer.  That would also cause issues with DHCP and all sorts of networking issues you do not want.

You do want to make it a Full Clone instead of a linked clone.  Wait for the clone process to finish, then boot up your newly spun ‘WinDC01_testFTB’ VM.

Log in to the desktop.  Before you get started making this a domain controller, we want to SysPrep this machine.  The action of this command will make it seem like a new windows install with the most important result being it will have a new SID / Windows Install ID.  As you dig into active directory, you will see AD links the machine name to it’s install ID / SID as a unique identifier.  If that didn’t make a lot of sense, know that running Sysprep will allow us to join each of our copied VMs into this test domain, without machine conflict issues.

Click Start and then Run cmd.exe.  If it’s not prefixed with ‘Administrator: Command Prompt’ in the title bar, click Start, type cmd then right-click to Run As Administrator.
In this prompt type:

cd %systemroot%\system32\sysprep

then type:

sysprep /generalize /oobe

A brief prompt will come up as it prepares your install then it will shut down the VM.  Once that happens, start the VM back up and it will take you through a prompt similar to when you installed the OS.  Once done, you will be back at the desktop.  If it asks for an Administrator password again, take note of what you use and write it down.  You are welcome to use the Haddaway example from above again.
Jumping back to the Sysprep process, you will need to do this for each image you clone from your VM template.  I also wanted to mention %systemroot% that is an environmental variable in Windows.  If you get to writing scripts, environmental variables are quite the blessing to your sanity.  You can use them in powershell to some extent also, so the fun pays off there.
Final ramble about SysPrep.  If you try to do this on an Image that had AD Roles and Features installed, it will likely not re-activate the 180 day trial for Windows Server and if it was an AD services image, it will likely error on the sysprep process.  That’s why we have our base image 🙂

Let’s wrap this up getting you a domain created.  Starting off, let’s set this machine to have a Static IP Address.  In the TaskBar down in the lower right by the Time, right-click the Network icon and then click ‘Connections’: Ethernet.  On the Ethernet status page, click Properties then Internet Protocol Version 4 (TCP/IPv4)  In the screencap you can see I went with:
10.0.2.10 on a /24 Subnet (AKA 255.255.255.0)
20-NetworkSettings_Ethernet.png

Pick a default gateway that will be the same for all other VMs made, intended to connect to this AD setup.
For the DNS, I put it’s own IP but 127.0.0.1 (loopback) works too.  If and when you add a second DNS and AD Server, I highly advise making your second DNS server be the IP of that other DC.  It will make domain fail-over really easy and reliable if you shut down your primary DC or practice a patching cycle like as would be done in a production setting.
21-IPSettings_Ethernet.png

Another good thing to do, is Changing the Computer Name.  By default it will be something like ‘WIN-StringofTextandNumbers’.  For sanity’s sake you can rename this to ‘WinDC01FTB’ or something more descriptive.  To change the computer name, bring up an Explorer window then right-click on ‘This PC’ then select Properties.  Click Change Settings to change the Computer name, then reboot as it will ask you to do.

22-SystemPCName.png

When you run the AD wizard without setting a static IP address, it will give you a warning about resolution issues.  So that’s why we took care of that before using the Server Manager to add roles and features.  Take my word on it being annoying to change a computer name, once you add roles and services.  Planning to do the PC name change before adding roles will save you headaches.

Since we are in VirtualBox, select Devices menu then the ‘Insert Guest Additions CD Image’ if you would like to use options such as ‘Shared Clipboard’ and ‘Drag and Drop’ files.  Once the image is mounted in your VM, run the installer from it’s CD drive then reboot when it’s finished as it will prompt.  This is helpful for when you want to get or send files and text to the VM and your actual desktop machine.  Unless you like manually retyping scripts, I’d suggest adding these Guest Addons.

Wrapping this guide up, I am pivoting to a helpful guide for Installing AD Services:
http://www.rebeladmin.com/2016/10/step-step-guide-setup-active-directory-windows-server-2016/
Jump to Step 4 and it will show you click for click on adding the Active Directory Domain Services under Server Manager | Roles and Features.

I am going to present a bit of a shortcut / cheat.  Instead of clicking lots of next boxes, we can supply the config options by use of Powershell.  The below is the script I saved from the Wizard when it presented ‘Export Configuration Settings’.  You can run this in a Powershell ISE window or save it to a text file and add a .ps1 on the name to make it a powershell script.

#
# Windows AD DS Deployment
#
Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "WinThreshold" `
-DomainName "hivelan.int" `
-DomainNetbiosName "HIVELAN" `
-ForestMode "WinThreshold" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true

This should let you spawn your Domain as if you entered these values in the Wizard.  In this setup we are calling the domain ‘Hivelan.int’, with a classic domain name of just Hivelan (for Window NT level old support).  On a reboot you should be able to login to the Domain you just created.

From here, the virtual domain is your oyster.  You can make another clone of your Template machine, sysprep it, then join it to the domain.  Since we didn’t add the DHCP Server role to the current DC, go into your IP options and set all the IP info the same, except the IP address where you want the last octet (4th block of 3 digits) to be different than .10.
Then once on the same IP Space (your 255.255.255.0 subnet, means you can have an IP of 10.0.2.1 – 10.0.2.254).  Go into System Properties on this new VM.  Change your Computer name if you wish but the real objective is to change from a Workgroup to a Domain.  Enter ‘Hivelan.int’ as your domain and it should prompt for the Administrator account and Password.  You can always make a second domain admin account if you wish, but that boils into using Active Directory Users and Computers in Administrative Tools.

Once you add this machine to the domain and reboot, jump back into the Server Manager to add the Active Directory Domain Services on this machine, but we will say ‘Add to an existing domain’.  Click Next until it’s finished.

This guide got a little longer than I intended but I will stop here for the time being.  You can then make another clone of your Template VM and use that as a machine not on the domain.  Give it an IP address in the allotted space and you can use that for running Wireshark to see what kind of traffic you see.  You can then add that machine to the domain or make another VM clone to see how the traffic differs for a machine that is added to the domain.

Hopefully that helped get you into a test Windows environment and gave some help on getting started with VirtualBox.  If you have the funding and another Virtual Machine platform you like more (like XenServer or VMware), most of the concepts and options should be transferable and have similar naming.

Original Thread here

July greetings

As usual I have been slacking on posting to the front page of the site.  The forums are the active place for newer content.  Some threads of interest so far this year are:

New year Eighteen

Reporting in for another year of computer stuff, video games and general contemplation and rambling. Holy shit though, the whole Spectre and Meltdown turned into more than just an Intel issue and they even got the branded vulnerability treatment. Patches continue to release and be tested, while it looks like you can count on some performance hits in the mitigation of these flaws.

If you have read some of my recent benchmark review threads, you will notice I used the Final Fantasy XIV Benchmark utilities for a couple of years. My laptop seems to have taken a score hit of about 2000 points / 20 FPS but I also have to make sure that’s not just the Oculus 2.0 Beta killing my GPU.

Even stepping aside of the CPU issues, patching has been getting way more rapid. Looking back on 2017, I can remember when devices like QNAP storage servers semi-rarely having firmware updates, to having a new firmware drop monthly. Between all the vulns at *nix kernel levels and core software packages last year, it has been an intensifying ride. Getting all armchair here, but it seems like the days of your biggest concern being default passwords, are getting side–stepped by core component flaws. Not saying default passwords are not still an awful practice, but more that the level of these core vulnerabilities are making the passwords irrelevant in scope.

Other than that, I keep reading tech and various other articles and books when I can. I’m also a big fan of trying to relax in the world of games. I have been spending most of that time on Nintendo titles, Indie Games and VR Content.
I also caught that crazy cold that was going around this week and it had my sinus’ in a knot for at least 2 days straight.

If you work in tech, be sure to take care of yourself. Speaking as someone in a role with limited funding for obsolete equipment, I can say I feel the trying pinch of keeping legacy gear spinning.
Enjoy the new year!

Red Faction

I’m putting a front page post up from tOucan’s post a few months ago.  He is playing on PS4 and presumably PC as well.  Jump in the thread and suggest times you would like to meet up for some games.

Front page back up

I rolled back to WordPress.  Largely for the sake of prior post content and not needing to manually redesign the wheel from scratch.

Here’s hoping it can be viable without add-on plugins installed.  I will back fill some forum posts of interest, since the host migration and rollback from this summer.

15 years

If you check the whois for the site, you may notice it has been around now for 15 years.  If you have old links, they may and should very well still work.

Heart of the site is the forums but I still have content write ups buried away from clickable links.  Most of those are ported PHPNuke or straight up html pages.

Happy 15th to the site!  Thanks to old school visitors and new ones too.

Here are a few oldies.

ATI 9700 vs Nvidia 6800LE graphic card review.
Coldstone’s GTA Vice City Mod Pack.
t0ucan’s Cookies 4 CuBa story.
Ancient forum archive restored <-+ This is where most of the old reviews came from, when I launched the site on PHPNuke, having admin’d the House Of +PLuS+ running the same platform back in 2002-ish.

I have some info from an old Vidomi dvd encoder guide, but that is ancient and kind of useless, compared to using mencoder to convert ripped VOB files to AVI, then merging them.  The Vidomi app was glitchy, at best.
Mencoder bash syntax below for conversation’s sake.

cd /media/user/SourceDisk/Vobs/Cosmos_Disc01/FullDisc/DVD_VIDEO/VIDEO_TS
mencoder 'VTS_01_1.VOB' -ovc xvid -xvidencopts bitrate=1800 -o 'Cosmos_Disc01 1 of 5.avi' -oac mp3lame -lameopts abr:br=192 -sid 1000
mencoder 'VTS_01_2.VOB' -ovc xvid -xvidencopts bitrate=1800 -o 'Cosmos_Disc01 2 of 5.avi' -oac mp3lame -lameopts abr:br=192 -sid 1000
mencoder 'VTS_01_3.VOB' -ovc xvid -xvidencopts bitrate=1800 -o 'Cosmos_Disc01 3 of 5.avi' -oac mp3lame -lameopts abr:br=192 -sid 1000
mencoder 'VTS_01_4.VOB' -ovc xvid -xvidencopts bitrate=1800 -o 'Cosmos_Disc01 4 of 5.avi' -oac mp3lame -lameopts abr:br=192 -sid 1000
mencoder 'VTS_01_5.VOB' -ovc xvid -xvidencopts bitrate=1800 -o 'Cosmos_Disc01 5 of 5.avi' -oac mp3lame -lameopts abr:br=192 -sid 1000
mencoder -oac copy -ovc copy 'Cosmos_Disc01 1 of 5.avi' 'Cosmos_Disc01 2 of 5.avi' 'Cosmos_Disc01 3 of 5.avi' 'Cosmos_Disc01 4 of 5.avi' 'Cosmos_Disc01 5 of 5.avi' -o '/media/user/OutputDisk/Vobs/Cosmos_Disc01.avi'

Pi-Hole config guide

Pi Rasperry Pi-Hole config quide:
Howdy and welcome to another thread.  I have a history of not being a fan of advertisements and do not run those banners on this site.  Besides a security concern, I think advertisement gets really creepy online.
Pi-Hole is an Operating System with dns capabilties and use of adblocking lists.  The added benefit of the request being denied even without plugin-based web browsing, is pretty handy.

Before you install, be sure if you are using a RaspberryPi or whatever device, that your user password is one of your own.  You do not want to go default with your LAN traffic.  If you wanna log a fun time, you can use one of these for short-term logging a little CTF monitoring style.  Logs are configured to purge after a few days on your standard Pi-Hole install. Please be sure to update your OS image with latest patches via said package manager.  In my case I set the primary network connection to a static address.  I have the service connection IP address details to use the actual router as DNS server.  Since all your other network DNS will be set to the fixed IP Address you bound to your Pi-Hole installed device.
SSH is likely disabled.  I like to administer my SSH session by serial to usb in the case of my Raspberry Pi installs.

Follow the install guide and advisory on their site about the bash | pipe install.  Quick comes at a trade off when you do not review the install process part for part.  If you go for the easy install and read the disclaimer, you can run the single line install:

curl -sSL https://install.pi-hole.net | bash

This thread is for administering and keeping yours updated, as with my configuration I ran into update issues using just the one connection.  Details ahead cover enabling a second connection to fetch updates, since you will have the primary network connection with a set IP address that handles DNS requests handed off from your router / main DNS device on your network.

To do updates to the OS and Pi-Hole local web services device / OS, I disable the service network connection to resolve conflicts of web requests to get out locally.  All the LAN clients will be fine getting pages.  In this case, I suspect the localhost calls in the Pi-Hole logs relate to my network layout and the device being bound to serve back to itself.  When logged into the [deviceIP]/admin configuration page I would also get failures to resolve list update servers.

Having plugged in a second USB NIC or using Wireless as an update connection, I ran the following commands to handle my network adapters.  Turning off the static address service NIC. In most cases likely eth0 as shown below

sudo ifconfig eth0 down

Do some pings and the like to see they should now resolve.  Do your updates etc for the OS.  In my case, Raspbian on a Pi 3.

Once those finish, load up the Web Admin panel for your Pi-hole install. Get your ip address for the active network connection with:

ifconfig

Connect to that IP address in a web browser and add ‘/admin’ into the address bar at the end of the IP Address without the quotes around the path.

Login with your admin password to the admin panel and you should now be able to see updates are pending.  You need to start with the FTL update.  To do this, return to your SSH session.  As I mentioned I am working with serial over USB, but you can enable SSH over network if you so desire.  One more service for a network heavy component, so choose of your own accord in concern to security to conveinence.
On that SSH console, run:

pihole -up

Wait for the updater to get and deploy the new FTL version.  You will likely also be treated to the Web Interface and Pi-Hole version also being to current revisions.  Great!  Almost updated and running live AdBlocking again.
Still on your console, seeing the update completed you want to turn back on the main network connection we disabled for updating.

sudo ifconfig eth0 up

Overviewing network setup above:
Main Internet router will be your DNS server on the Pi-Hole device.  Manually set client DNS or change your DHCP server to set client DNS to the static address of your Pi-Hole install. (192.168.0.1 default-ish router)  Check your current IP config to get details if you do not know current network base configuration.
On the Pi-Hole install, set the primary network adapter to an address in that subnet (say 192.168.0.10)  Make sure DHCP server /or/ router will not also try to assign that address in it’s pool.  The Pi-Hole DNS primary will be set to your local router (as above default-ish router 192.168.0.1)

I hope to have avoided huge gaps or inflected confusion in this thread. Jolly adblocking.  Even if you like making money from it, you have to know it is a vulnerable vector and kind of a shaky market.  I’m not here to tell you what to do, I’m sharing details to help block them on places that run them without respect to visitors.

Migration and downtime

Heads up the site may be down, as I’m flipping hosts.

I have to re-upload stuff, so it will be a little bit before I change my dns info to the new host.  Email will be in limbo for a little bit, so by odd chance you are trying to drop me a line, hit me on twitter, my DMs are open (until I get sick of it)

Updates

If you are looking for new post content, you want to browse the forums.  I have to wrangle up a better rss plugin since I push content from the forums to this front page.

Some projects and security chat, a little gaming and some hardware reviews / usage are some of what has been up since November of 2016.  It is also starting to get warmer here locally, so I can look forward to reading some books outside.