Windows Server 2012 is coming!

A week from today Microsoft releases Windows Server 2012. For ordinary computer users this release may not mean a lot, but for us working with running large server systems it will be a game changer.

Fundamental parts of the Windows Server operating system have been changed. Some changes are visible such as the lack of a graphical user interface on a standard server. Other changes are less visible; new storage options, filesystems etc.

A very big change for operations is that PowerShell really have moved into the core of managing Windows. This will allow us to automate more than before, with ease!

I won’t go into all the details here but if you want to be part of the launch event for Windows Server 2012, setup a reminder here.

High Risk Java vulnerability

There is currently an extremely high risk Java vulnerability out in the wild that can potentially cause havoc for a lot of users and systems. All someone has to do is get you to visit a site with the bad code, which can then run an exploit kit on your system under the same user as the Java process, which means they’ll most likely be taking over your entire system.

This is not only relevant for sysadmins, but for anyone being connected to the internet. A website you open could potentially have the code on it, and the person would then have access to your PC to install key loggers, or whatever they want – which could be used to breach not only your own PC but your corporate network.

There is currently no fix for this issue, which is why it’s highly recommended to disable the Java plugin in your browsers. If you need to use Java Applets, then it’s suggested to use NoScript with Firefox as you can then whitelist sites you wish to use Java on, and block it on the rest.

You can find more information here:
https://www.us-cert.gov/cas/techalerts/TA12-240A.html
http://www.kb.cert.org/vuls/id/636312

High Risk Java Vulnerability

There is an extremely high risk exploit out that can potentially cause havoc for a lot of users/systems. All someone has to do is get you to visit a site with the bad code, which will then run an exploit kit under the same user as the Java process which means they’ll most likely be taking over your entire system.
This is not only relevant for sysadmins, but for anyone being connected to the internet. A website you open could potentially have the code on it, and the person would then have access to your PC to install key loggers, or whatever they want.

There is currently no fix for this issue, which is why it’s highly recommended to disable Java in your browsers. If you need to use Java Applets then it’s suggested to use a secondary browser or virtual environment to be used only with this.

You can find more information here:
https://www.us-cert.gov/cas/techalerts/TA12-240A.html
http://www.kb.cert.org/vuls/id/636312

Generate passwords using PowerShell

The other day I needed to generate some 1400+ new user passwords. Being a lazy person I figured that PowerShell could rescue me. This is what I did to check that my idea worked:

PS C:\> Add-Type -AssemblyName "System.Web"
PS C:\> [System.Web.Security.Membership]::GeneratePassword(10,2)
35&OjFtM^k

As you can see this generates a password that is 10 characters in length and contains at least 2 non-alphanumeric characters.  Now all I needed was to iterate this 1400 times and then output the result to the clipboard, simple as pie:

PS C:\> 1..1400 | % { [System.Web.Security.Membership]::GeneratePassword(10,2) } | clip

And that is a 1400 new passwords stored in the clipboard. I can now paste these or pipe them into a set password routine.

Configuring Windows Server 2008 R2 Features

At Basefarm we frequently need to ensure that many Windows servers are identical in terms of the roles and features they have installed. Adding features can be done in a number of ways. Mostly the graphical userinterface (Server Manager) is used. Or for large operations System Center or similar. I will show you how this can be done more easily using the command line. This method doesn’t require anything beyond Windows Server 2008 R2 (or later) and PowerShell.

The Server Manager module

The Server Manager module (introduced with Windows Server 2008 R2) has three very useful commands, they are:

  • Add-WindowsFeature
  • Get-WindowsFeature
  • Remove-WindowsFeature

Using these is simple. Start a PowerShell session with administrative privileges (Run As…) . Then check that the Servermanager module is available in your server:

PS C:\> Get-Module -ListAvailable

Get-Module -ListAvailable

This shows that the Server Manager module is available on our server but that it is not yet loaded into the PowerShell session. To load it (and make its commands available):

PS C:\> Import-Module Servermanager

Now the commands of the Server Manager module are available to you. Check which commands are exposed by the module:

PS C:\> Get-Command -Module Servermanager

Ok, we’re all set. Let’s use these commands!

HOWTO: Document what is installed

To see what is installed in a server use:

PS C:\> Get-WindowsFeature

Get-WindowsFeature

ooops, that’s a lot of text flying by on the screen! As you probably can guess only lines with [X] are installed. So we need to filter the list to only show what is actually installed, try this instead:

PS C:\> Get-WindowsFeature | ? { $_.Installed }

Get-WindowsFeature-installed

A nice clean list showing which features are installed on the server ;-), perfect for documenting your server(s)

HOWTO: Clone installed features to another server

As shown above it’s easy to list what is installed. But just having this list on the screen doesn’t make much sense, we need to be able to store this in a structured way so that we can use the list on another server to install the same features. PowerShell makes this very simple. We use the Export-CliXml cmdlet to save the information in a structured XML file:

PS C:\> Get-WindowsFeature | ? { $_.Installed } | Export-Clixml .\features.xml

The output from the Get-WindowsFeature cmdlet is saved in a structured way in the XML file features.xml. This file can now shared to other servers and used as input for the Add-WindowsFeature cmdlet!

HOWTO: Add features from another server (using XML file)

Start PowerShell with administrative privileges.  Now try this:

PS C:\> Import-Module Servermanager
PS C:\> Import-Clixml .\features.xml

Now you have the same list of installed features on the new server. But… this is simply a list in memory and on screen. The features haven’t been added yet. In order to do that we need to pipe the information into the Add-WindowsFeature cmdlet.

Before I show you how to do that there is one important thing I need to explain. When we exported the list of installed features we included all features that were marked as installed. As you saw in the output this resulted in a tree like structure where “[X] Web Server (IIS)” was on the top followed by “[X] Web Server” and so on.

That looks fine but if we use this as input for the Add-WindowsFeature cmdlet we will end up with more than we asked for. The reason is that when the top level feature such as “Web Server (IIS)” is choosen everyting underneath it will also be installed. And in order to keep our servers a lean as possible we do not want this! We need to go back and filter the output of Get-WindowsFeatre a little more. Try this instead of what I showed you earlier:

PS C:\> Get-WindowsFeature | ? {$_.Installed -AND $_.SubFeatures.Count -eq 0 }

Now the output will only contain information from the bottom-up so to speak. This works fine as input for the next server we want to make identical. Save the new list to a file:

PS C:\> Get-WindowsFeature | ? {$_.Installed -AND $_.SubFeatures.Count -eq 0 } | Export-Clixml .\features.xml

Now we can finally install these features in the new server:

PS C:\> Import-Clixml .\features.xml | Add-WindowsFeature

Est Voilá! The two servers now have the same Windows features installed.

As always with PowerShell, if your environment enables PowerShell remoting these commands could be executed on any number of servers from a single commandline. A Power(full)Shell that is!

Summary

This became a longer post than I intended simply because I wanted to explain the details about filtering the export. Here’s a Quick summary of the commands you use to export what is installed:

PS C:\> Import-Module Servermanager
PS C:\> Get-WindowsFeature | ? {$_.Installed -AND $_.SubFeatures.Count -eq 0 } | Export-Clixml .\filename.xml

Copy the file ‘filename.xml’ to a network share or other location where the next server can reach it, then do this on the other server:

PS C:\> Import-Module Servermanager
PS C:\> Import-Clixml .\filename.xml | Add-WindowsFeature

All features are installed on the new server without having to click-around in the graphical server manager! To verify what is installed quickly use:

PS C:\> Get-WindowsFeature | ? { $_.Installed }

I hope I have showed you that PowerShell is much better than giving your arms RSI using the mouse to handle feature installations!

Defcon 20

Wednesday

Flight over Greenland

Flight over Greenland

This year, my colleague Jens and I were given the opportunity to visit Defcon 20 (https://www.defcon.org/html/defcon-20/dc-20-index.html) in Las Vegas. It was my first time visiting the US, so I was obviously very excited about it!

We started off around noon on Wednesday, and after having a transfer at Heathrow, London, we arrived to Las Vegas at 7 PM on the same Wednesday (due to Las Vegas being 9 hours earlier compared to Sweden).

Inside the terminal, the AC made it seem almost chilly at times, but once you went out to the taxi queue, you were greeted by a 45 degrees heat wave. The first thing that came to mind when going towards the hotel was how extremely big everything was, even compared to cities such as Shanghai. Once checked in at the hotel, I quickly drifted off to sleep as I had forced myself to stay awake on the plane in order to avoid as much jet lag as possible.

Las Vegas

Las Vegas

Thursday

Defcon Queue

Defcon Queue

Thursday morning, around 40 degrees outside at 8 AM when we made our way to the convention. Felt quite lucky in the cab when I saw actually walking the trek towards the convention in the blistering heat. When we arrived, we noticed that the queue started outside, not so good. The queue moved forward though, so we assumed we’d be able to pay the entrence fee once we got roof over our heads. Bad assumption. Once inside, the queue went on for about 2,5 hours more, and that’s when we were there 30 minutes prior to the desks opening. Lesson learned for next time.

 

Defcon Badge

Defcon Badge

Once we had paid the entrance fee, we were given the badges for the 20th Defcon, and they were mighty impressive. Rather than having a normal badge (which is never the case for Defcon, but still), you were given a badge containing a multi-core processor, IR transmitter, LEDs, usb-mini port, PS2/VGA ports that can be soldered on and open source software that contained a good variety of competitions for those who wanted to play around with cryptos. Certain badges could also ”infect” other badges, making the LEDs blink differently if you came in contact with them.

The amount of text you could write about these badges are probably enough to fill a book, but I suggest you check out the following resources for more information about the badges:
http://www.wired.com/threatlevel/2012/07/defcon20-badge/
http://forums.parallax.com/showthread.php?141494-Article-Parallax-Propeller-on-DEF-CON-20-Badge-Start-Here
!

Next in line was getting some food, and there was a nice ”chill out zone” where you could buy hot and cold food, drinks, breakfast and other vital things for your every day life.

Having refuled, we decided to get some swag to bring home. This turned out to be another 2 hour long queue to the single only shop they had for official merchendise. Eventually I ended up getting two t-shirts as a memory.

Defcon Merchendise

Defcon Merchendise

Later on we got into the first conference, which was the starting ceremony where everyone was welcomed to the 20th Defcon!

Since it was the registration day, we managed to get out earlier than usual, and used the time for a trip to the Grand Canyon, which has been one of my most wanted locations to see for quite a while. Due to the large time contraints, we had to take a helicopter ride, which in itself was quite an adventure!

At Grand Canyon

At Grand Canyon

Helicopter over Hoover Dam

Helicopter over Hoover Dam

 

Once back, we decided to do some sightseeing in the area next to the hotel.

Jens in front of the Bellagio Fountains

Jens in front of the Bellagio Fountains

Walking on the strip

Walking on the strip

Friday

One of the talks

One of the talks

First ”real” day of the conference! I started off with some talks about the badge and the history of Defcon to get some further ideas about how things had progressed. I found it very interesting and that it had a lot of ”unofficial information” about how things had been, even though I have wanted to go to Defcon for a long time and read a lot about it throughout the years. There was also the talk with General Keith B. Alexander (US Cybercom director and NSA Director) which proved well interesting to hear, as he talked about how important it is to secure the country as a whole from outside attacks. The talk after that was called ”Owning One to Rule Them All”, where the talker went through Microsoft SCCM and how it was possible to compromise it and make it send a payload decided by you to all clients that’s connected to it (which means by adding your trojan or whatever you’d be able to very quickly infect an entire network of computers).

Also, as you walked around, you noticed more and more competitions around the place. On the floor, there were multiple puzzles and crypto challanges, and others could be found on posters etc.

One of the puzzles

One of the puzzles

During the evening we went out to have another look at the surrounding area, and ended up eating at a place, called Johnny Rockets, that had amazing burgers. We also went to check out the opening ceremony of the Olympics!

Outside the Hotel

Outside the Hotel

On the strip!

On the strip!

 

Olympic Games Opening Ceremony

Olympic Games Opening Ceremony

On the strip!

On the strip!

Saturday

Defcon talks

Defcon talks

Today was a mix of talks concerning the future of the net and what limitations should or should not be in place, how government agencies operate, and how attacks on our infrastructure are being done. The more ”practical” talks were regarding botnets and how they are being operated through webpages or irc servers, and various ways of how DDoS are being done on companies and how it can be mitigated.

Today I also walked around a bit on the other parts of the convention! For example, I visited the CTF area where teams are competing against each other for securing their own servers in order to prevent other teams to compromise their running services, but they are also supposed to take over other teams servers in order to gain points. There was also the wall of sheep area, where traffic that had been sniffed on the network (non-SSL-traffic) were posted on a a big screen for shame and for others to see.

Competition room

Competition room

Competition room

Competition room

 

The vendor area on the other hand was a place of business where people gathered up to buy and sell various merchandise, ranging from t-shirts to satellite transmitters. It was also a book signing area with people such as Bruce Schneider, and an area where you could view things as actual Enigma machines.

Bruce Schneider signing books

Bruce Schneider signing books

Enigma Machine

Enigma Machine

There was also the hardware hacking area, an area where you could learn how to create robots, learn how to solder, learn how to make your badge do things it couldn’t when you got it, and a lot of other things.

Hardware Hacking Area

Hardware Hacking Area

Afterwards we went out for some sightseeing and visited the Venitian as well as Treasure Island!

The Venitian

The Venitian

The strip

The strip

Sunday

Metasploit talks

Metasploit talks

Sunday was the last day of the conference, and it contained a variety of talks ranging from new generation port scanners, metasploit examples, how easily certain Huawei routers can be hacked, and Kevin Poulsen talking about his previous experience as well as his book. It was also the closing ceremony with all the contestants getting their prices, with some getting the all-mighty black badge that gives you a life-time free entrence fee to Defcon.

As we hadn’t have time to eat much other than sandwiches or the quick burrito, we decided to hit the buffet at the Bellagio for our last conference evening. The queue took quite a while to process, but it was well worth it with a lot of really great food. Also took a quick stroll down the south of the strip.

Closing Ceremony

Closing Ceremony

Bellagio Buffet!

Bellagio Buffet!

 

Hotel entrance

Hotel entrance

In front of Paris Paris!

In front of Paris Paris!

Monday

Mandalay Bay

Mandalay Bay

Monday was the last day in Las Vegas, as we were supposed to leave for Stockholm again at 8.45 PM. For once, we decided to take a long morning rather than getting up at 7.30 AM, so we met up at 11.00 for checking out and having something to eat. Once that had been sorted, we decided to take a stroll down through all the Casinos south of Bally’s to see what each of them offered. We ended up visiting each one, and also went into the Aquarium of Mandalyn Bay to see some sharks. Once at the airport, we found out that the plane was 3 hours delayed. That in turn, meant we missed our connecting flight in Heathrow which meant we got home after 00:00, which kind of made the next work day feel ”so so” considering the time difference etc. All in all I’d definitely rate this convention the best one I’ve been at! Some of the talks were not very interesting at all, while some were very very good. The two I liked the most were: ”Black Ops” and ”How to Hack All the Transport Networks of a Country”.

You can find the full schedule here: https://www.defcon.org/html/defcon-20/dc-20-schedule.html

The main thing I feel I gained though was ”getting back to basics” rather than being so emerged in the commercial aspect of the IT industry. The experience gave me a lot of reminders about why I started loving computers in the first place!

At the Luxor Entrance

At the Luxor Entrance

Hotel New York New York

Hotel New York New York