Archive for August, 2011

hack.image.php

Hack Attempt on Pinchii.com

So today someone tried to hack my blog.  I guess some people are just bored and need something to do.

 

Anyway, here is what they tried to do, I got this in my “hack prevention” scripts that I have running on the site

And also

The content of the File “images.php” is

Looks like they are trying to gain CMD on my Apache server

If you guys are getting the same, I suggest you block PHP files in your wp-content folder

Oh, and for those of you that are curious, this is what the “binary payload” looks like

Stay Safe!!

 

P.S. I posted it on wordpress.org to warn others a well (http://wordpress.org/support/topic/new-hack-attempt-on-self-hosted-wordpress-site)

Facebook Twitter Email Linkedin Digg Delicious
cert1

How to add a trusted root certificate to your Java Keystore

Had a small Issue with a few Java apps that I run.  The apps connect to MS Exchange and download attachments from emails, send out emails, create calendar entries, etc.

The problem was that this past weekend I updated my Exchange certs to use my Microsoft Certificate Server Certs, which of course, is not part of the default “Trusted Root Cert keystore”, so I had to add it.

So in order to add your MS Root Cert, you need to (By the way, this will work with any other 3rd party CA certs)

  1. Point your browser to your root certificate server
  2. Click on the link “Download a CA certificate, certificate chain, or CRL”
  3. Download the CA cert (DER format is fine)
    (I saved the CA certificate as “C:\certnew.cer”, remember the location because you will need it in for the import command)
  4. Open up a command windows and type the following command

    C:\Java\jre1.5.0_06\bin\keytool.exe -import -keystore C:\Java\jre1.5.0_06\lib\security\cacerts -file “C:\certnew.cer”

    When it prompts for a password, enter your keystore password (note that in this example im using the default password for java keystores which is “changeit”)

    The output of the command should look like this

  5. Test out your java application now, you should be OK with certificates signed by your Microsoft Root Certificate Server from now on.
Facebook Twitter Email Linkedin Digg Delicious
nspol4

How to Grant your HelpDesk Limited Access to your NetScaler CLI Shell

If you ever needed to troubleshoot login issues with the Netscaler, you know that you have to drop down to the Command Line Interface (shell) in order to trace the aaad.debug log.

But what if you need to give your helpdesk access to the same logs so that they can troubleshoot login issues?  Well, that requires that you give them shell access.

But, as per Citrix, “If a user goes to the shell,  that user is already a root user”, and we sure wouldnt want our helpdesk techs having root access to our Netscalers.  So how do we give them enough access to troubleshoot but not have root, we can create a “Command Policy”

A “Command Policy” is what tells the Netscaler what a user can and cant do, for example, the command policy for “superuser” is “ALLOW .*” (that’s a period and  an asterisk which is Regular Expression for “Any Character”), that means the user with the command policy of superuser can execute any command.

Now to create the command policy for the Helpdesk

  1. Log in to our NetScaler using a superuser account
  2. Under the System Folder, select “Command Policies”
  3. Click the “Add” button and name your new policy “HelpDesk”, make sure that the “Action” is set to “Allow” and enter the following expression under “Command Spec”

    When you are done, it should look like this (you dont need to put text in test command, I only put that there as an example)

 

Now we have to assign our new policy to our Helpdesk group.  Since my NetScaler is “LDAP enabled” for login in, all I have to do is create a group, assign my new policy, and done. (If your Netscaler is not LDAP enabled, then you will have to go and create users manually and assigning them to the group we are going to create bellow)

  1. Under the same “System” folder, Select “Groups”
  2. Click the “Add” button and name your new group “NetScaler-HelpDesk” (It has to match exactly what your helpdesk group is called in LDAP, in my case I have a group called “NetScaler-HelpDesk”)
  3. Under the “command policies” window, pick your newly created “HelpDesk” Policy, then hit the “Create” and then the “Close” button
  4. Now Fire up putty and try to login with one of your HelpDesk user ID’s, you will see that you can only trace “log” or “debug” files and only in the “/var/log” and “/tmp” directories

    Thats all there is to it.  Now your Helpdesk can troubleshoot NetScaler log in issues while you concentrate on fixing other things

 

Facebook Twitter Email Linkedin Digg Delicious
nsldap9

How to Enable Active Directory Logon into Citrix NetScalers GUI

When using the Citrix Netscalers, you can find yourself login in to the management gui a few times a week to do some sort of maintenance task or just to monitor whats going on.  I dont know about everyone else, but to me it is pretty annoying having to remember a different password for every appliance that I have running, so here is how to use LDAP to login to the management gui of the netscalers.

 

  1. Log in to thet NetScaler GUI with local Root credentials (preferably nsroot)
  2. Expand the “System” Folder and click on “Authentication”
  3. Click on the “Servers” tab and click the “Add” button
  4. Enter your Authentication server settings and Click “Create” then “Close”
  5. Now click on the “Policies” tab and click the “Add” button
  6. Enter a simple expression of “ns_true” (you must choose “Advanced Free-form” from the dropdown) and click”Create” then “Close”
  7. Right click your Newly created LDAP Authentication Policy and choose “Global Bindings”
  8. Click the “Insert Policy” button and from the drop down pick your LDAP authentication policy.
  9. Click OK and once you return to the Authentication Screen, you should see a green check mark under the column “Globally Bound?”

Now we have to let the NetScaler know whos going to be login in, and in order to do that we must create either a user account or a group, so lets create a group called “NetScaler-Admins”

  1. In “Active Directory Users and Computers” make sure that there is a group called “NetScaler-Admins”
  2. In the Netscaler gui, expand the “System” folder and pick “Groups”
  3. Click “Add” and type in a name for the group, the name must be exactly the same as the group in AD so we call this group “NetScaler-Admins”
  4. Assign the privileges that you want to give this group, in this case “superuser” and click the “Create” Button then the “Close” button
  5. Thats all there is to it, now have someone who is a member of the AD group “NetScaler-Admins” attempt to login to the NetScaler gui with their AD credentials, and it should let you right in

If you find that the login is not working, putty into the NetScaler and tail the /tmp/aaad.debug log, alot of times the issue is as simple as not being a member of the correct AD group, or our LDAP Policy/Server config not being setup correctly.

Also, these same procudures can be done for Individual user accounts as well, so if your user in ldap is jsmith, then create the user jsmith under the “Users” page instead (the password wont matter, just make it hard enough so no one will be able to guess it)

Facebook Twitter Email Linkedin Digg Delicious
nsvm4

Running NetScaler VPX in VMWare Desktop 7

I have production NetScalers, but I also wanted to have a NetScaler on my desktop that I could quickly jump into, make changes, and not worry about breaking something.

Citrix offers a NetScaler Image for ESX, the problem is that the image wont work / load correctly in VMWare Desktop 7, but with a few steps you can have NetScaler running on VMware Desktop in no time.

 

Before I begin, I’m assuming that you have VMWare Desktop 7 already Installed, and that you have a login to Citrix.com, also, I’m working with NSVPX-ESX-9.2-50.4

 

  1. Go to Citrix.com and Download the NetScaler VPX for ESX (If you dont see any downloads, you must login first)
  2. Unzip the file using your favorite utility, Once done you should be left with 3 files (.vmdk, .mf, and .ovf)
  3. Create another folder where your “Converted” VM will go
  4. Open up the command prompt (Start -> Run -> CMD) and CD over to the OVFtool folder (for me located at C:\Program Files\VMware\VMware OVF Tool)
  5. Run this command

  6. Now that the command completed, look in your “converted” folder and you should see 2 files (.vmx, .vmdk)
  7. Using your favorite editor, open up the .VMX file and find the line that reads

    Replace that line with
  8. Save the .VMX file, and Move your newly created “converted” folder to wherever it is that you keep your VM machines
  9. Open VMWare Desktop 7, click on File -> Open, find your “converted” folder and select the .VMX file (its probably the only file you can see in the folder)
  10. Now click the Green Start button and off you go, you should end up in a prompt for  asking you for the NetScalers IPv4 address.
  11. Make sure to setup your IP based on the type of Networking you have setup for your VM, if you are using bridged, pick an IP from your routers range, if using NAT assing a 192.168.26.x IP (VMWare Default Range for NAT) and forward port 80 to that IP, if using host only, you dont need to forward port 80 but just make sure you know which IP range it uses
  12. Setup your IP’s any way you want, point your browser over to “http://ipyouchosetouse” and enjoy using your NetScaler on VMWare Desktop 7
Facebook Twitter Email Linkedin Digg Delicious
ctxdomain

Show Domain and Username On Citrix Web Interface 5.4

I have a few domains I log in to for Citrix, but the Web Interface only shows you the username that you are logged into, not the domain.  With this hack that I came up with, you will be able to show the domain and username of the logged in user in the “Domain\Username” format with Citrix Web Interface 5.4, it may work on other versions, but I haven’t tested it, so I dont know.

 

  1. Navigate to your Inetpub folder, and under the folder for your web interface search for the file “StandardLayout.java”, for me it was located at “Inetpub\wwwroot\Citrix\XenApp\app_code\PagesJava\com\citrix\wi\pages”
  2. Open the file “StandardLayout.java” and find the line that shows

    Comment out the line, so it looks like
  3. Under our commented line above paste this code
  4. Now find the line that shows

    This is the function above that we just commented out
  5. Right bellow that function, paste this function
  6. That’s all there is to it, now when you log in to your web interface, instead of just showing the user name, it will show the domain as well

 

 

Facebook Twitter Email Linkedin Digg Delicious

Go Straight to the Hotmail Inbox

I’m tired of always clicking the “Hotmail” link after I log in to Hotmail.  I decided to try my hand at a user Script that will detect when you are at the Hotmail / Windows Live mail “Home” and automatically forward you to the inbox.

This worked for me on Firefox with the Greasemonkey add-on and it will work on Internet Explorer with the Trixie add-on

So let me show you the script:

Give it a try and let me know if it works for you too!!

Facebook Twitter Email Linkedin Digg Delicious

Updated: How to Fail Over Crystal Reports Server 2008

So,

I have been getting emails asking me questions on my post how-to-failover-crystal-reports-server-2008 so I thought I’d update the post and also add a few images to make the procedure simpler to follow.  Please drop a comment and let me know if the update helped.

Hope you all enjoy!!

 

Facebook Twitter Email Linkedin Digg Delicious
Go to Top