Archive for category Technik

reddot rql release page

Set objIO = Server.CreateObject("RDCMSASP.RdPageData")
objIO.XmlServerClassName = "RDCMSServer.XmlServer"
Function release_page(thispageGuid)
 dim xmlString 
 dim resXML
 xmlString = "" _
 & "<IODATA loginguid=""" & Session("LoginGuid") & """ sessionkey=""" & Session("SessionKey") & """>" & Vbcrlf _
 & "  <PAGE action=""save"" actionflag=""4096"" guid=""" & thispageGuid & """ globalrelease=""0"" languagevariantid=""" & Session("LanguageVariantId") & """/>" & VbCrLf _
 & "</IODATA>" & Vbcrlf
 resXML = objIO.ServerExecuteXml(XMLString, sError)
 If sError <> "" Then
     Response.Write "<span style='color:red'>" & sError & "</span><br />"
 End If
End Function

Tags: , , ,

SSH Tunnel Bypassing Transparent proxy using apache

A feature of the apache webserver is that it allows to to create a SSH connection through a transparent proxy / firewall. This is a stealth technic so no one will see it even in a large company network. Only IPoAC is able to interference this.

If you have internet access to port 80 (http) or 443 (https) you can establish a SSH connection to one of that ports. Proxys want the users to surf the web. most of the proxyes will only let their users through the paths they know safe (or whatever filtering their administrators may have set). In the best scenario, the proxy will not allow one particular HTTP method called CONNECT. This method is the one used for SSL / TLS protocol. It establishes a tunneled connection between the client and a remote server, through the proxy server. Since it is used by SSL / TLS, some proxys will let the CONNECT method free to certain sites, and most probably only on port 443.

Apache plus mod_proxy module will let us set up an HTTP server listening on port 80, and at the very same time an HTTP proxy. The proxying part is done by mod_proxy. This module turns Apache into a fully functional HTTP forward-proxy and reverse-proxy. the exciting feature of mod_proxy is its ability to handle the CONNECT method. It will even handle it if the transparent proxy, at the boundaries of our enterprise network, does not allow the CONNECT method. This, because we will talk GET and POST with Apache, the CONNECT thing happens inside Apache, and outside of the control of the enterprise proxy. The end result: we can use the CONNECT method.

Client side

  • SSH Client
  • Proxyclient

server side

  • apache webserver 2.x

This is an example virtual host configuration which I used for testing this implementation.

<VirtualHost *:80>
ServerName proxy.mydomain.com
ProxyRequests On
AllowCONNECT 22

<Proxy *>
Order deny,allow
Deny from all
</Proxy>

<ProxyMatch (host1|host2)\.mydomain\.com>
Order deny,allow
Deny from all
#Now we allow only our IP to access. Note that this IP must be the  public IP address of the enterprise proxy:
Allow from 222.22.22.100
</ProxyMatch>

# This directive enables DNS lookups so that host names can be logged. The  value Double refers to doing double reverse DNS lookup.
#That is, after a  reverse lookup is performed, a forward lookup is then performed on that  result. At least one of the IP addresses in the forward lookup must  match the original address. It is paranoid but is a good security  measure

HostnameLookups Double

ErrorLog /var/log/apache2/proxy.error.log
CustomLog /var/log/apache2/proxy.access.log common
</VirtualHost>

And now, the final step: configure our browser to use 127.0.0.1 on port 8080 as proxy. Finally we can login to our SSH server and try pointing our browser to any website we know blocked by the enterprise transparent proxy!

I know I left the part setting up apache and proxy, but this isn’t a tutorial for noobs ;-)

This is the BEST part of using Apache. You can set it up as normal web server, serving some webpage. This way whoever point to mydomain.com will see a normal and harmless website, and won’t be able to distiguish it from a non-proxying server.

Tags: , , , , , ,

reverse proxy for utorrent

Using the web UI for utorrent is a fine thing. But the webserver from utorrent is not secure. So it is recommend to use apache as reverse proxy. I tried to change the url, but I wasn’t successful.

Here the set up of cause inside a vhost.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so

ProxyPass /gui/ http://localhost/gui/
ProxyPassReverse /gui/ http://localhost/gui/

Tags: , , , , , , ,

roundcube dislikes PHP 5.3

The current stable version ( 0.3) and the latest beta (0.4 beta) of roundcube dislike my upgrade tp PHP 5.3 All other applications run fine, but roundcube. Searching in the logs showed me that there are some PHP 4 code is used and often PHP 4 coding style. The manual says that at least PHP 5.2 must be used or greater. Super, since it does work with 5.3

Good that I’m a PHP developer myself and I found the places in the code I had to change. I had no fun to rewrite the whole code to PHP 5 style. So I just fixed it.What I have changed?

program/lib/MDB2.php on line 392
program/lib/MDB2.php on line 2614
program/lib/PEAR.php on line 563
program/lib/PEAR.php on line 566

By removing the “&”. I also searched for “=&” and replaced it with “=”. Quick and maybe dirty, but now I can check my mails again. I wonder how say you have to use PHP 5.2 or greater and still using that crap code?

Tags: , , , , , ,

neues DVD-Rom neue Aktivierung

Heute habe ich bei meinem Media PC mit XP Pro der an dem schönen 32″ Monitor angeschlossen ist das alte IDE DVD-Rom gegen einen SATA DVD Brenner getauscht. Dank des guten Gehäuses eine Sache von maximal 30 Sekunden. Jedoch bekam ich dann die Meldung von Windows, dass sich die Hardware grundlegend geändert hätte und ich solle Windows innerhalb der nächsten 3 Tage bitte neu aktivieren. Ich weiß zwar, dass XP nicht mehr das neuste Betriebssystem ist, aber für 20 Euro immer noch deutlich besser als Windows Virus und deutlich billiger als Fenster 7. Zum Filme gucken vollkommen ausreichend.

Jetzt frage ich mich allerdings, was M$ sich dabei denkt, dass wenn ich nur das DVD Laufwerk tausche ich den PC grundlegend geändert hätte. Hoffentlich wird das wenn ich Fenster 7, dass ich bis jetzt nur auf dem Laptop habe, auch auf dem PC installiere nicht so penetrant, wenn ich mal etwas auswechsel. ARGH!

Tags: , , , , , , ,

Apache windows win64 x64 win32 x86 vc9 download

Apache binaries for windows in 64 bit and 32 bit can be found at apachehaus. I think here is a benefit using Visual Studio 9 aka Visual Studio 2008 instead of VS6. I use Visual Studio 2008 to obtain higher performance and better stability than the binaries built by the Apache Software Foundation.

Binaries are built using the latest versions of the Apache Portable Runtime, OpenSSL and Zlib compression library. OpenSSL and Zlib are built using the optional assembly routines for added performance in the SSL and deflate modules.

Different to other pages for apache on windows apachehaus also offers the httpd with IPv6.

Tags: , , , , ,

Win7: Office 2000 geht, aber Word 2000 nicht

Da installiert man Office 2000 weil die Lizenz vorhanden noch ist. Alles geht, nur Word will partou nicht laufen. Entweder sind alle Navigationleisten blank / weg oder das Dokument lädt sich nicht. Aber es gibt eine Lösung! Office LiveAddIn deinstallieren. Office reparieren und voila: Word geht und das OHNE Kompatibilitätsmodus!

Tags: , , , , ,

Datum in batch umformatieren

Ein einfaches echo %date% gibt zwar das Datum aus, aber nicht gerade in einer schönen Formatierung, vorallem wenn damit Ordner oder Dateien automatisch erstellt werden. Da sortieren der Dateien nach Namen verursacht dann ein ziemliches chaos. Deshalb sollte das Datum eine andere Reihenfolge haben wie: YYYYMMDD

FOR /F "tokens=1,2,3 delims=/. " %%a in ('date /T') do set datum=%%c%%b%%a
echo %datum%

Gleich ein wenig schöner :-)

Tags: , , ,

Ubuntu WOL

Ubuntu Wake on LAN

1. If you havent already, go to your BIOS, and turn on WakeOnLAN (it varies, look for it.) If your network card is onboard, your set for step 2, otherwise there is probably a cable that should go from your network card to your motherboard, though this is not always the case.

2. Back in ubuntu, kubuntu, xubuntu, w/e, we now need to make a script that will run every time the computer is started, because this command only lasts until the computer is turned on again once.

2a. Find out what network device you want to have the computer wake-able from, usually all, which is just one. If you have more network devices in your system, 9 chances out of 10, you already know what they are called. You can NOT wake up a laptop or computer that is only connected via wireless with wake-on-lan, unless the bios has a method for this, this is very rare, and I do not garuntee this howto will work in such cases. In your terminal, type: Code:

ifconfig

You’ll get something like: (I have removed my mac address for security)

eth0      Link encap:Ethernet  HWaddr 01:23:45:67:89:ab
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::215:f2ff:fe6f:3487/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:71495 errors:0 dropped:0 overruns:0 frame:0
          TX packets:76190 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:23164212 (22.0 MiB)  TX bytes:7625016 (7.2 MiB)
          Interrupt:217 Base address:0xd400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1290 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1290 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:161182 (157.4 KiB)  TX bytes:161182 (157.4 KiB)

So, I want this system to be wake-able from eth0.

2b. Now we create the script. Note: you must be an administrator on the system you are doing this to.

sudo -i

Enter your password at the prompt. Change to the startup script directory and start editing a new file:

cd /etc/init.d/
nano wakeonlanconfig

Paste, or type this into the file, replacing eth0 with your network device, repeat the ethtool line as many times for your devices before the exit line:

#!/bin/bash
ethtool -s eth0 wol g
exit

Set the permissions of the file:

chmod a+x wakeonlanconfig

Make the script run on startup:

update-rc.d -f wakeonlanconfig defaults

You should see something like:

 Adding system startup for /etc/init.d/wakeonlanconfig ...
   /etc/rc0.d/K20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc1.d/K20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc6.d/K20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc2.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc3.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc4.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc5.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig

Now we finish by running it, and making sure there are no errors.

/etc/init.d/wakeonlanconfig

This should produce no output and put you right back at the prompt you started at.

3. Use it. you’ll need something to send wake-on-lan packets with, „wakeonlan“ is in the repos. And you’ll need the mac address of the system.

To get your MAC address, on the same system you just enabled WOL on, type: Code:

ifconfig | grep HW

its the thing that looks like 01:23:45:67:89:ab , write it down. turn off that system:

sudo halt

if your using wakeonlan from the repos, and you are on the same network as the computer your tying to wake up, replace 01:23:45:67:89:ab with your mac address and do, from another computer:

wakeonlan 01:23:45:67:89:ab

In MOST cases, you CAN SEND wake on lan packets from a wireless connected computer. If that doesnt work, its likely the port on the system your trying to wake up isnt the default (9), try 7, or if your BIOS settings or book told you one, use that one.

wakeonlan -p 7 01:23:45:67:89:ab

Tags: , , , ,

social engineering leicht gemacht mit dem MAC und einem USB Stick

Es ist in einer Firma in der die meisten einen MAC benutzen sehr leicht an Daten heranzukommen. Einfach mal dem Mac Kollegen den USB Stick für ausleihen. Wenn der jenige dann die Daten auf dem USB Stick löscht, aber den Mülleimer nicht leert, dann findet man später auf dem Windows / Linux PC, vorausgesetzt man lässt sich versteckte und Systemdateien anzeigen, auf dem USB Stick einen Ordner mit dem Namen .Trashes . Da vorneweg ein “.” ist, ist der Ordner auf dem MAC nicht zu sehen. Und genau in diesem Ordner finden man dann die gelöschten Daten ;-)

Tags: , , , , ,

Archives by Subject:

Archives by Month: