Archive for June, 2009


How to find your server’s model and serial number in ESX

I was on the phone with IBM support the other day and I was entirely too lazy to walk into the data center to find the model and serial number one of my ESX blades.  So this is how I got both of them with ssh from the comfort of my office chair…

For the serial number:

#esxcfg-info |grep Serial

|—-Serial Number……………………………………..RJTLKQN

Server type:

#esxcfg-info |grep Product

|—-Product Name………………………………………IBM System x3655 -[7979xxx]-

Laziness at its finest…


Finding Sharepoint’s central administration portal

Sharepoint uses a randomly chosen high port number for its central administration page.  My assumption is this is for “security by obscurity” reasons.  Well I decided to see just how easily I could find that port on my WSS server as if I were doing a real live pen test.  Just because…..well, it’s not like I had anything better to do at that moment.

So using nmap I hunted down all the open high level ports.

~$ sudo nmap -r -p1025-65535 sharepointserver

Starting Nmap 4.76 ( ) at 2009-06-23 14:16 CDT
Interesting ports on
Not shown: 64487 closed ports

1025/tcp  open  NFS-or-IIS
1433/tcp  open  ms-sql-s
3389/tcp  open  ms-term-serv
12770/tcp open  unknown
35574/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 17.30 seconds

Two high ports that don’t have any known service or protocol associations running on them.  12770 didn’t tell me much but 35574 wants authentication.

~$ sudo nmap -A -p 35574 sharepointserver

Interesting ports on
35574/tcp open http Microsoft IIS webserver 6.0
|_ HTML title: You are not authorized to view this page
| HTTP Auth: HTTP Service requires authentication
| Auth type: Negotiate
|_ Auth type: NTLM

Running: Microsoft Windows 2003
OS details: Microsoft Windows Server 2003 SP1 or SP2

Now wearing an attacker hat I see a box with sql because of port 1433 and a high level port that wants me to authenticate.  Immediately I think that it could possibly be sharepoint.

Just to verify that it indeed was the administration portal.

C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN>stsadm.exe -o getadminport
Operation completed successfully.

The SharePoint administration port is “:35574:”.

So, what’s the point of not having a standard fixed port for the sharepoint central administration page?


SSH Logins without passwords on Ubuntu Linux

From the steps that I’m outlining you can ssh from a client to a server without using a password.  The computer that you execute the ssh command from is the client, and the computer you are connecting to is the server.  We’ll be creating a set of signed keys that will eliminate the need to log in with a password with ssh protocol 2.

On the client, run the following command to create the protocol 2 key.  This will create the files id_dsa and inside $HOME/.ssh.

ssh-keygen -t dsa

You should be able to just press enter through all the questions.

Then we’ll use ssh-copy-id to copy the key to the remote server.

ssh-copy-id -i .ssh/ boreditguy@server

That’s it, you should be able to ssh to your server without having to use a password.