Category: Network

XModem Flash Recovery of new c3560, c3560e, c3750, c3750e, etc...

Right at the moment I'm sitting in one of our wireclosets, watching an c3750 (hopefully) recovering its mind to its old function and behavior - through an XModem transfer of its current IOS. Because of an power failure on our campus the unit actually "bricked" - the flash system became corrupted and the unit did end up in the ROMMON Mode "switch:".

Thats pretty bad - but not as bad as we couldn't fix it.

1. Connect to the console port with the usual settings of 9600 Baud, 8 Bit, No Control, 1 Parity.

2. Power up the switch and hold the mode button until it comes to the ROMMON - and yeah, if you did delete the IOS or your switch is bricked like mine, it does come to this point by its own - no need to do that.

3. Before doing anything, check the file system with fsck flash:  - if that gives error you should really format the flash - as it is corrupted and theres no need in flashing it a second time - because the new IOS will become bricked as well (I figured that out myself some minutes ago...). So if you don't have any important data like an non-saved config on that flash, erase it with format flash: and reboot the switch with reset. Test again with fsck, if there are still errors: Forget the switch, send it to Cisco. If not, we're going on with our mission:

4. set BAUD 115200
After that you will see nice looking stuff. Set your console to 115200 BAUD as well. Its important to do that as the download of the IOS will take 2-4 hours otherwise. But don't forget to set it back after everything is done with set BAUD 9600

5. flash_init
init the flash

6. load_helper
does load the helper. sometimes useful.

7. copy xmodem: flash:IOSFILENAME
That will start the xmodem download. In Tera Term, klick File, Transfer, Xmodem, Sene and choose the IOS binary. Yes, important: Not an tar File, only the IOS bin.

8. The Download begins, that will take 20 Minutes or so... Some sweet time, but as we know it could be really worse. So kick back, do something useful - like writing this tutorial ;-)...

9. Its done. Enter boot and it will boot. If not its bricked. Don't forget to set back with set BAUD 9600

Cisco AP1231 Autonomous LWAPP to Auto Downgrade

Downgrading an LWAPP Cisco Access Point which was used with this Wirless Controll System can be very time consuming. Can. Doesn't need to. Cisco did some nice stuff to make life easier: An auto "downgrade" function. To use this you need to get following:

- Tftpd32 Server or similar tftp Server
- An autonomous IOS File for your Access Point (i.e. for the 1231 the file c1200-k9w7-tar.123-8.JEC.tar)

1. Setup your tftpserver and give it an ip out of the range 10.0.0.2 - 10.0.0.30 with the Subnetmask 255.0.0.0
2. Copy the IOS File to the tftpserver root, mostly called tftpboot in Linux
3. Rename the file from - for example c1200-k9w7-tar.123-8.JEC.tar to c1200-k9w7-tar.default
4. Plug in the Ethernet Port on your Access Point (direct Connection from PC to AP needs an Crossover Cable!), connect the AP also to the serial console if you want.
5. Press and hold the "Mode" Button on the AP and plug in power.
6. Wait until the orange blinking middle led turns solid red (ca. 30 sec) and then release the "Mode" Button
7. The AP will start downloading the firmware and reflash itself. DO NOT TURN IT OFF OR KILL THE CONNECTION!

Quick'n Dirty Moodle Learning Platform Setup

Download and Install TurnKey LAMP (Vmware Appliance)
http://www.turnkeylinux.org/redir.php?url=http%3A%2F%2Fswitch.dl.sourceforge.net%2Fproject%2Fturnkeylinux%2Fturnkey-lamp%2F2009.10-hardy-x86%2Fturnkey-lamp-2009.10-hardy-x86.zip

go to http://IP

go to Webmin (https://IP:12321)
change root pw
change root pw in mysql
create mysql table utf8-unicode "moodle"
mkdir /var/moodledata
chown nobody /var/moodledata
chmod 777 /var/moodledata

root@lamp:/var# apt-get update
root@lamp:/var# apt-get install wget
root@lamp:/var# apt-get install php5-gd
root@lamp:/var# apt-get install php5-curl
root@lamp:/var# apt-get install php5-xmlrpc

cd /var/www
wget http://download.moodle.org/download.php/direct/stable19/moodle-weekly-19.zip
unzip moodle-weekly-19.zip

Access http://ip/moodle

(create config.php in /var/www/moodle)

change pwd,
user admin, pw admin

upload user.csv as iso8859-1 (if you're using öüä!) batch import

setting up firewall
setting up nat
setting up dyndns server for dyndns adress

with phpmyadmin moodle`.`mdl_mnet_host` change to:
Bearbeiten       Löschen       1      0      http://DYNDNSADRESS/moodle      CORRECTDNSADRESS.COM                    0      0      0      0      0      0      NULL      1

$ apt-cache search php | grep gd
php5-gd - GD module for php5

Remote Desktop with XDMCP on Ubuntu 9.10

To access the unsecured(!) Remote Desktop of an Ubuntu 9.10 installation, you need following:

First, install the openssh-server:

sudo apt-get install openssh-server

Then, you need to enable the XDMCP Server.

That became a bit tricky on that Installation, as the "Point 'n Click" enabling has been removed.

Dunno why. So, thats how it works. First we copy over the "empty" custom.conf for gdm:

sudo cp /usr/share/doc/gdm/examples/custom.conf /etc/gdm/

Then we edit it:

sudo vi /etc/gdm/custom.conf

It should look like this in the end:

# GDM configuration storage

[xdmcp]
Enable=true
DisplaysPerHost=2

[chooser]

[security]

[debug]

After that, we need to restart gdm:

sudo restart gdm

And thats it, the XDMCP is running. To access it on Windows i.E., you have to download Xming ( http://sourceforge.net/projects/xming/ )

Download and install the Windows Client, start the XLaunch Tool. Choose One window, Next, Open Session via XDMCP, Next, Enter the IP of the Ubuntu Server under "Connect to Host" and Press Next, Press Next, Save the Config were you want to have it and Finish.

Thats it, an X Window with the Login to your Server will open. Please bare in mind that this XDMCP Session is NOT encrypted. You should Tunnel it via SSH...

// Big Parts were taken from http://www.peppertop.com/blog/?p=690

SSH Tunneling

One of the most important things by working in "dangerous" Networking Enviroments is protection.

And by that I don't mean the usual (and important!) Anti Virus, Anti Malware and Firewall Software, but Traffic Tunneling, meaning VPN or SSH.

SSH is the secure equivalent to the good old (and Plaintext transmitted) Telnet. And its also more powerful: Its use is not limited to remote Control, but can also provide an secured Datatunnel through which all your Traffic to your Remote Location (i.e. an Mysql Database, Web- or Mailserver or the Web itself) is tunneld - and encrypted. Giving therefore little to no chance to "Wiresharkes" and other Cable Tappers or Span Users.

So lets go:

1. Setting up the SSH Server
Setting up an ssh Server is as simple as:
apt-get install openssh-server
if you're running Debian or Ubuntu.

Optional you can configure that the "root" Account
won't be able to access via ssh and you can configure that
Plaintext Passwords aren't allowed. We will go for an Keybased Setup here,
but I would recommend not shutting down this Plaintext Password Authentification
if you can't access the machine physically easily (as the Certifactes are only valid
for one year...).

2. Configuring the SSH Server
vi /etc/ssh/sshd_config

- change Port to 18000
Port 18000
// Thats an must!

- deactivate root access
PermitRootLogin yes
// Thats optional, it does NOT allow your root Account to login via SSH.
// Only set that if you know what you're doing!

- deactivate password login
PasswordAuthentication no
// Thats optional as well, you can set that after this whole thing,
// as you have working SSH Key Authentification - but beware,
// you won't be able to login via an Password then!
// ( And that will hurt if your Keys are expired and don't work anymore... )

3. Configure Router (NAT and Firewall) to Allow Access to your SSH Server.
Use Dynamic DNS (i.E. DynDNS.org) to get an Dynamic DNS Adress.
( Means that an adress like myserver.dyndns.org will always point to
your dynamically changing IP Adress of your Router. Most Routers have an
DynDNS Client built in, so they update the DynDNS Account on every IP Change -
look it up in the Handbook / Config Menu)

4. Setting up an SSH User with Restricted Shell Access
sudo apt-get install rssh
// Installs the restricted shell
sudo useradd tunnel -m -s /usr/bin/rssh
// Creates an User named tunnel with the Restricted Shell
sudo passwd tunnel
// Enter the Password you want for the User

5. Setting up Squid HTTP Proxy
sudo apt-get install squid

6. Creating the Connection using Putty and Setting up the Clients
Download the Putty installer from
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
and install. Then open Putty:

Session -> Hostname and Port: Enter your DynDNS Adress and the Port you chose for SSH
Connection -> Enable TCP Keepalives
Connection -> SSH -> Don't start a shell or command at all
Connection -> SSH -> Enable compression
Connection -> SSH -> Tunnels: Source Port you can choose i.E. 20000
// Source Port is the Port the Tunnel will end on your "Client PC"
Connection -> SSH -> Tunnels: Destination Port localhost:3128
// Destination Port is in that Case the Server (localhost) and Port 3128
// which is the Squid Proxy. But it could also be something like
// IPofyourRouter:21 to forward the Telnet of your Router to Port 20000 on
// the Remote PC, or IporNameofyourHomePc:3389 to forward the Windows
// Remote Desktop - or anything else. You would then connect with the
// Remote Desktop Tool to "localhost:20000" to Access your PC at Home.
Session -> Press Save and Save the Session
Session -> Press Open and Enter your Login, i.E. tunnel and password

You won't see anything as it stays open and "nothing happens".

Go to your Internet Explorer \ Firefox and enter as Proxy localhost, Port 20000

Internet Explorer:
Extras, Internetoptions, Lan Settings, Choose Proxy Server for Lan
Enter localhost, Port 20000

Firefox:
Extras, Settings, Advanced, Network, Settings
Manual Proxy Configuration, HTTP Proxy: localhost, Port 20000
For all Protocols

And now you'll be able to surf the Web Securely from everywhere through your
secured Tunnel!

WARNING: ONLY the Traffic is secured. Your DNS Lookups STILL go to your local
DNS Server. So i.e. the Local DNS Admin can see that you were surfing on
i.e. Google, Facebook or so - but can't see what you did transmit there.
To change that and to do DNS also tunneled via SSH do this:.

Internet Explorer:
don't know, isn't working

Firefox:
// Enter in the URL Bar:
about:config
// Look for this string and set it to "true"
network.proxy.socks_remote_dns

Only one thing to do left:
Set Keybased Authentification.
Keybased Authentification has two main Advantages:
a) You can use it allow scripts to identify themselfes via the key and use ssh
b) Its more secure as the Key does check its Serverpart and tells you if you're
connection has been redirected or intercepted. Its the way to go.

Creating keys:
su
// Enter password for root Access
ssh-keygen -t rsa -b 2048
Just "enter" through everything

Installing keys:
cd /home/tunnel/
mkdir .ssh
chmod 700 .ssh/
cd .ssh/
touch authorized_keys
cat ~/.ssh/id_rsa.pub > authorized_keys
chmod 600 authorized_keys
cd ..
chmod 700 .ssh/
chown tunnel -R .ssh/
exit

Download the key id_rsa in /root/.ssh/ via WinSCP to your PC
Startup puttygen which you did gain with the Putty installer.
Load the id_rsa in Putty and press on "Save Private Key"

Using key based Authentification with Putty:
Open Putty and load your Preset
Connection -> SSH -> Auth
And use the "Private Key File for Authentification" to point to your previously
set Private Key (wheter encrypted or not isn't important at this Point).
Go again to Session and Save again. Press Open.
You'll be asked to enter your Username and Passphrase (if you got one).
If you want to really automate that, you can even specify your Username in
Putty under SSH -> Connection -> Data "Auto Login Name"

[Eee901] Create an Backtrack 3 Eee901 Usb Stick

There are dozend Situations in which Backtrack 3 comes in handy.
Backtrack 3 is an special Linux Suite of Security Auditing Tools which allow i.e. WEP Cracking, Network Security Checking, Sniffing, and so on.
To make this nice Suite a bit more portable, we will put it onto an Usb Stick and customize it with Eee901 Drivers, persistent Changes and Nessus 4!

Download:
Backtrack 3 USB Version: http://www.remote-exploit.org/backtrack_download.html
unetbootin Windows: http://unetbootin.sourceforge.net
Partiton Tool, like partedmagic: http://partedmagic.com
Eee901 Pack: 901_net_gfx.lzm (you'll find it in google)
Nessus 4.0.2: http://www.nessus.org/download/
( We need the 4.0.2 as Nessus-4.0.2-linux-generic32.tar.gz and the Graphical Linux Interface for nessusd NessusClient-4.0.2-es4.i386.rpm )
And you should help yourself to an free personal key under http://www.nessus.org/plugins/?view=register-info

Preparation:
First thing is you need to prepare the Usb Stick. For Backtrack 3, an 2 GB Stick should be ok. For Backtrack 4, you would need an 4 GB Stick at least.
1) Get your stick and partedmagic CD
2) Plug it in and boot to partedmagic
3) Create with the Partitioneditor 2 Partitions
- 1) fat32, 900mb
- 2) ext2, 1100mb
-> write down if your usb stick is sda1, sdb1, or what.
4) Reboot - again to partedmagic
Now create an folder called changes to the second partition.
Should look somehow like this (not nice, but should work if you're on sda2...):

mount /dev/sda2 /mnt
cd /mnt
mkdir changes
cd /
umount /mnt

5) Done, boot to Windows

Installation of Backtrack 3:
1) Start unetbootin
2) Choose Disk Image, ISO and as file the Backtrack3 USB
3) Check wheter the destination drive is correct (your usb stick, fat32 partition) - CHECK TWICE! And Error would kill your System!
4) Press Ok and wait until its done, do NOT reboot
5) Copy 901_net_gfx.lzm to your usb stick, folder BT3\optional
6) Open syslinux.cfg in boot\syslinux\ and add following lines, which will be your new menu entrys for booting from the usb stick - with eee901 drivers.

label eee901save
menu label BT3 Graphics mode (Eee901) - Save Changes
kernel /boot/vmlinuz
append vga=785 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw load=901_net_gfx autoexec=kdm changes=/dev/sda2

label eee901
menu label BT3 Graphics mode (Eee901)
kernel /boot/vmlinuz
append vga=785 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw load=901_net_gfx autoexec=kdm

WARNING! changes=/dev/sda2 MUST be changed to what you saw on the partition - and maybe you still need to try it out.
2 means second partiton and thats right - ext2 partition. This changes tells Backtrack where it should save the changes you make while working in it.
the changes could be sda2 or sdb2 or sdc2. But mostly its sda2.

Save after you're done

7) Open cmd and access your usb stick, cd to boot\syslinux\ and execute this:
syslinux.exe -ma -d \boot\syslinux H: (H: should be your usb drive letter... will be different!)
This will write the bootmanager to the usb stick with the settings you entered in 6).
After changing for example the changes line there, you will need to repeat this again, also.

8) You're done. Boot from the stick, it should work.

Insallation of Nessus 4:
Nessus is an auditing tool which is really strong - but is not complete opensource - so you need to install it manually.
Boot onto your Backtrack 3...

Install NessusServer
Nessus-4.0.2-linux-generic32.tar.gz
gunzip Nessus-4.0.2-linux-generic32.tar.gz
tar -xvf Nessus-4.0.2-linux-generic32.tar
cd Nessus-4.0.2
install.sh

Follow the install instructions

/opt/nessus/sbin/nessus-mkcert
/opt/nessus/sbin/nessus-adduser
cd /opt/nessus/etc/nessus
nessus-fetch --register XXX-YYY-ZZZ-VVV (Serial you obtained)

Launch the Server:
/opt/nessus/sbin/nessus-service -D

Install NessusClient
NessusClient-4.0.2-es4.i386.rpm
rpm2tgz NessusClient-4.0.2-es4.i386.rpm
pkgtool (Select NessusClient-4.0.2-es4.i386)
cp /usr/lib/libssl.so.0.9.8 /lib
cp /usr/lib/libcrypto.so.0.9.8 /lib
cd /lib
ln -s libcrypto.so.0.9.8 libcrypto.so.4
ln -s libssl.so.0.9.8 libssl.so.4

Launch the Client:
/opt/nessus/bin/NessusClient

Nessus Install taken from: http://forums.remote-exploit.org/backtrack3-howtos/22031-backtrack3-nessus-4-0-install.html
Rest from Remote Exploit and others / google

c3560 Cheat

Hostname:
hostname test

Image Upgrade:
del /r /f flash:c3560-ipbase-mz.122-35.SE5
copy tftp://192.168.2.1/images/c3560-ipbasek9-mz.122-46.SE.bin flash:

del - File
rm - Folder

Boot with other Image:
boot system c3560-advipservicesk9-mz.122-46.SE.bin

Portfast (on dhcpd Problems):
spanning-tree portfast

Switchport with Vlan 10:
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
description nativ
macro description NATIV
spanning-tree portfast

Description Vlan 10:
vlan 10 name testvlan

Trunkport:
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
ip dhcp snooping trust

DHCP Snooping:
Global Activate:
ip dhcp snooping vlan 1-4094
no ip dhcp snooping information option
ip dhcp snooping

Allow DHCP on Port:
ip dhcp snooping trust

ESXi Trunking:
ip dhcp snooping vlan 1-4094
no ip dhcp snooping information option
ip dhcp snooping

these are the vlans, one main, one “test” for the vm
vlan 1
name main
vlan 999
name test

normal client port
interface FastEthernet0/1
switchport access vlan 1
spanning-tree portfast

vm client port which does access vlan 999
interface FastEthernet0/3
switchport access vlan 999
spanning-tree portfast

vm server port, which does access normal vlan 1, and does trunk the rest
” ip dhcp snooping trust” means, that this port is allowed to answer dhcp requests
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1,999
switchport mode trunk
ip dhcp snooping trust
end

Routing with c3560-advipservicesk9-mz.122-46.SE.bin:
( Every Net needs a own Vlan! )
( The Vlan Ip is the Gateway )

ip routing

interface FastEthernet0/1
switchport access vlan 2
switchport mode access

interface FastEthernet0/8
switchport access vlan 3
switchport mode access

interface Vlan2
ip address 134.96.10.1 255.255.255.0

interface Vlan3
ip address 192.168.2.1 255.255.255.0

c3560 Routing with Advanced IP Services

Problem: You got serval networks, you got an c3560 but no Router.
Solution: Get an c65e VSS
Following Problem: Insufficient Money, Power, Space,....
Solution: Get your c3560 to route these Networks with an Advanced IP Services Firmware
YOU DO NEED AN "advipservices" FIRMWARE ON YOUR c3560!

Assumption:
On f0/1 PC with 134.96.10.2 -> We want the Gateway to be 134.96.10.1
On f0/8 PC with 192.168.2.2 -> We want the Gateway to be 192.168.2.1

How to:
Easy Idea - for an normal routing process you need an Interface in the "to be routed" net.
And there for the Solution lies in the usage of vlans.
Every port that uses one net is bound to the vlan of that net.
Every net get its own vlan.
Every vlan gets an ip (the gateway ip thats entered into the pcs of this net).
Activate routing.
Done.

Configuration:

interface FastEthernet0/1
switchport access vlan 2
switchport mode access

interface FastEthernet0/8
switchport access vlan 3
switchport mode access

interface Vlan2
ip address 134.96.10.1 255.255.255.0

interface Vlan3
ip address 192.168.2.1 255.255.255.0

ip routing

[ESXi 3.5] PXE Boot to working ESXi 3.5 Hypervisor

Need:
- ESXi 3.5 Iso File
- http://www.accessdata.com/downloads/current_releases/imager/Imager%20Lite%202.6.1.zip to open Iso and extract Files
- 7zip, WinRar, or whatever to unzip Files (7zip Recommended)
- http://syslinux.zytor.com/wiki/index.php/PXELINUX

ESXi 3.5 Extract:
1.) Extract the install.tgz from \CDROM\Sessions 1\Track 01\CDROM.
Its the Rock Ridge (RR in Isobuster) Session. Do NOT choose the one from the ISO / Boot part!

2.) Unzip the install.tgz.

3.) Extract the VMware-VMvisor-big-3.5.0_Update_4-153875.i386.dd.bz2 from the path install\usr\lib\vmware\installer to an directory of your choice.

4.) Unzip the VMware-VMvisor-big-3.5.0_Update_4-153875.i386.dd.bz2

5.) Open the File with FTK Imager.

6.) Extract the files of in Partition4\root (4 Files ldlinux.sys, mbootc32, safeboot.c32, syslinux.cfg - which are the bootloaders)

7.) Extract the files of in Partition5\root (7 Files bindmod.tgz, boot.cfg, cim.tgz, environ.tgz, license.tgz, oem.tgz, vmkernel.tgz - which are the ESXi Program Files)

PXELinux Extract:
- com32/mboot/mboot.c32
- com32/menu/menu.c32
- core/pxelinux.0

TFTP
- Create root Folder
- Copy all files from partition5\root Section within that Folder
- Copy all files from PXELinux Extract Section within that Folder
- Create Folder "pxelinux.cfg" within the root Folder
- Create an text file "default" (with NO File Ending or such) in that folder, with following text:

default menu.c32
menu title PXE Boot VMware ESXi
timeout 100

label ESXi
menu label Boot VMware ESXi
kernel mboot.c32
append vmkernel.gz --- binmod.tgz --- environ.tgz --- cim.tgz
ipappend 2

label Hard
menu label Boot from local drive
localboot 0

- Setup your tftp Server as you normally would and PXE Boot!
(For example see my PXE Boot Bart PE Post for setting up Tftpd32 for Windows)

Taken from: http://docs.google.com/View?docid=ddcwgcd6_4fs6s7jcf

[ESXi 3.5] PXE Boot to Install

Easy as Cake:
Copy these files from the install CD:
BINMOD.TGZ, CIM.TGZ, IENVIRON.TGZ, LICENSE.TGZ, MBOOT.C32, MENU.C32, OEM.TGZ and VMKERNEL.GZ into your tftpboot Directory.

Insert the normal needed pxelinux.0 File, as well as the pxelinux.cfg Folder which contains following File called "default":

default menu.c32
menu title PXE Boot VMware ESXi
timeout 100

label ESXi3.5U4 Install
kernel mboot.c32
append vmkernel.gz --- binmod.tgz --- ienviron.tgz --- cim.tgz --- oem.tgz --- license.tgz --- install.tgz
ipappend 2

label Hard
menu label Boot from local drive
localboot 0

Have fun!

Taken from: http://www.vm-help.com/esx/esx3i/ESXi_PXE_install.html