Archive for December, 2008

0

Linux Super Villains Take Over the World

0

Have Rick Astley spread holiday cheer to your office printer

Want to spread some holiday Rick Rolling cheer to your office printer? Use hpnt to change the lcd display on most printers.  Hpnt.exe was made to work with HP printers but I’ve found that it works with most any printer with an lcd.

Download hpnt from here http://www.boreditguy.com/blog/data/hpnt.zip.

Extract, open a command prompt, and change directories to the location of hpnt.exe.  Typical command syntax is:

hpnt <ip> <message>

One of my favorites is to run hpnt <ip> “Insert Coin”, and watch your co-workers search for the coin slot.

To upgrade the fun, copy hpnt.exe to your windows directory.  Then copy the text from this txt file to notepad and save it as rickroll.bat.  http://www.boreditguy.com/blog/data/rickroll.txt The localhost pings are used as a pause between lyrics.

Change directories to the location of the bat file and run this…

rickroll.bat <printer ip>

Run to printer and watch the ensuing hilarity.  The messages are stored in the printer’s RAM, so just restart the printer to clear the message.

0

Apparently all TrueCrypt volumes are not created equal.

So I moved a few of my truecrypt volumes over from my laptop running Ubuntu 8.10 to my Server 2008 workstation thinking I could just mount them and all would be well.  Well…that wasn’t the case.

Why the hell would I want to format my truecrypt volume filled with all my protected data?

Well I thought maybe I formatted the volume as ext3.  So I tried mounting it with Ext2IFS…still no luck.  Move it back to the laptop and BAM, there are my files.

Both machines are running truecrypt 6.1a.  I’ll have to investigate this one further…

0

A Better Proxy with SOCKS and SSH

I previously wrote a blog post on creating a proxy server at home using iis7 using nph-proxy.cgi, located here http://boreditguy.com/blog/?p=8. I’ve used mine pretty religiously to conceal my web traffic from potential prying eyes. Well I’ve had a few things that I haven’t been happy with when using it. It doesn’t work with ssl traffic without a pretty invasive change to your proxy server. Speed and Viewing flash videos were also problematic. This led me to research alternative options.

What I came up with was using a local SOCKS proxy through an SSH connection to home. This is actually a far more simple solution to set up, and I’ll show you how to do it in both Linux and Windows.

What you’ll need at home:

An SSH Server and a decent internet connection. Ports forwarded to your SSH server so you can access it from the outside world. Dynamic DNS set up.

Windows: Download and install CopSSH http://www.itefix.no/i2/node/27. Once installed just go to start -> programs -> CopSSH -> activate a user. Activate the user you’d like to connect with. Make sure that your local firewall is allowing port 22 traffic.

Linux: Install OpenSSH. On Ubuntu

sudo apt-get install openssh-server

This is optional, but to restrict connection to a specific set of users

sudo gedit /etc/ssh/sshd_config

Add the following line

AllowUsers $USER_1 $USER_2 … $USER_N

Restart the service

sudo /etc/init.d/ssh restart

What you’ll need away from home:

An SSH client on your computer, and a web browser.

Windows: Download putty’s CLI alternative, plink from here. http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe No install necessary.  Open a command prompt and change directories to where you saved plink and run this command:

plink.exe -N -D 999 username@yourdynamicdnsrecord.com

Linux/Mac: SSH client is built in.

ssh -N -D 999 username@yourdynamicdnsrecord.com

After executing this command, you’ll be prompted for your password. After authentication, The console will just sit here. That’s what we want. The -N is an interactive prompt, so leave it open.

From firefox, go to tools -> preferences. (edit -> preferences in linux), advanced, network tab, and click settings. Click the manual proxy configuration radio button, and for SOCKS host enter localhost and port 999.

That’s it. You can verify it by going to http://whatismyip.com with it on and off to see the different ip address you’re connecting with. SSL sites work perfectly. All your web traffic will be encrypted by the ssh tunnel. If you happen to be being hit by a man in the middle attack all they’re going to see is the hieroglyphics of the encrypted ssh tunnel.

This also works for having ssh access to your webhost if you have one, which most likely has better bandwidth than you do at your house. 😉

0

Windows workgroup account management with psexec

164. One hundred sixty four. That’s the current number of Windows servers that I manage without such luxuries as Active Directory. All of these servers are in a workgroup with accounts spread across all over the place. An environment such as this will make a bored IT guy become a not-so-bored IT guy pretty quickly. I had to come up with a way to manage local accounts across all of these things and make it….well, manageable.

For this I’m assuming that your administrative accounts have an identical account/pw combo across all workgroup systems you want to use this approach on.

Download pstools and extract.

http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx

Resetting the password for a local account that exists on multiple computers:

-Create a txt file in that directory called servers.txt, and put the dns names or IP addresses in it, one on each line. Save servers.txt to the directory you extracted pstools to.

-Open a cmd prompt and cd to your pstools directory.

-Run this command editing it to your situation:

<blockquote><code>Psexec @servers.txt -u administrator -p password net user ServerUser password</code></blockquote>

The output should look similar to this:

Error code 0 is a good thing, it means it was successful.

Creating new accounts on multiple computers:

<blockquote><code>Psexec @servers.txt -u administrator -p password net user ServerUser2 password /add</code></blockquote>

And to add users to local groups…

<blockquote><code>Psexec @servers.txt -u administrators -p password net localgroup administrators ServerUser2 /add</code></blockquote>

Obviously there are many other things you can do with psexec. Also lookup the other net user options to take user account management even further. However, this will not work for changing accounts on Server 2008 and I have not attempted it against a Vista machine.

2

Symbolic Links in Windows Server 2008 and Vista

Windows has always lacked more advanced file system utilities such as the ability to create symbolic links. This is something I use constantly in Linux. An example of symbolic links I’ll use is in my local profile of /home/boreditguy where I’ll create a directory under it as /home/boreditguy/WindowsShares. Under there I’ll mount various Windows shares that I use often. To me it looks as if that data exists in my local profile without having to fool with things like finicky mapped drives in Windows. I do this in Ubuntu by editing the fstab file where I can also specify credentials to connect with.

Well the lack of this ability always bothered me with Windows and thought it was something I’d always have to go without. Microsoft has been quiet about it, but in 2008 and Vista they created the ability to do this in Windows, although it won’t work in 2003 and earlier. The utility is called mklink and it’s installed in 2008/Vista out of the box.

A typical syntax to use it is… “mklink /d e:\WindowsShare \\WindowsServer\WindowsShare\

All available syntax is…

<blockquote><code>mklink [[/d] | [/h] | [/j]] (Link) (Target)</code></blockquote>

/d        Creates a directory symbolic link. By default, mklink creates a file symbolic link.

/h        Creates a hard link instead of a symbolic link.

/j        Creates a Directory Junction.

(Link)        Specifies the name of the symbolic link that is being created.

(Target)Specifies the path (relative or absolute) that the new symbolic link refers to.

/?        Displays help at the command prompt.

When you do this it actually looks like you are in the path of e:\WindowsShare\data… instead of a redirected UNC path.

Now, it still lacks the ability to specify credentials to use and pass-through authentication is the only option. So your AD account has to have permissions to the share and data. If your organization is without AD (sadly I’m in those ranks) you’ll have to have the same account/password on the sharing server and the machine you’re making the symbolic link on.

3

The Website is Down

On rare occasions I still have to deal with end users for applications that run on the servers that I manage. It’s definitely not my favorite thing to do and I tend to get irritated at them pretty quickly even when I know I shouldn’t. I call it my Nick Burns syndrome.

If there’s any one thing that can immediately put me in a better mood it’s the brilliance that is “The Sales Guy vs The Web Dude” from thewebsiteisdown.com. It’s always worthy of a repost.