Posts

How to get list of Azure service tags and IP ranges using az cli

Microsoft provides weekly updated list of IP addresses used by various Azure features as downloadable JSON file on their webpage. Automating download of it is however not supported and prone to breakage. Same information is now also available via Azure Service Tag Discovery API. New API is still in public preview state and list of IPs it provides is far less than downloadble file contains. So either list of IPs from API is tailored for your particular subscription or it is incomplete. Discovery API requires authenticated session to Azure so we need to create service principal and custom RBAC role to keep things secure. See you for more after the break.

RHEL7 / CentOS7 network interface going down once per hour

There's really bizarre bug in RHEL7 / CentOS7. Once per hour NetworkManager will remove IP addresses from ethernet interface after hitting some bug and triggering "link loss" action. Interface may come back by itself or may not. It does come back when you login as root on console as login triggers some repair action part via systemd...

Migrating user accounts from older Linux to RHEL7 / CentOS7

Another pointless change just to break backwards compatibility - RHEL7 and CentOS7 prevent users with uid lower than 1000 from logging in. This is bad when you're migrating accounts from existing Linux server where uids start at 500.

RHEL7 / CentOS7 with sshd on ports 22 and 443

Short version: Not as simple as you thought.

Tracking wired client behind Aruba AP

So you have setup with Aruba RAPs that bridge their wired ports to VLAN on controller. Web interface only tracks wireless clients so you have no idea what AP client with particular IP is connected to.

Scan Intranet for Windows PCs missing MS17-010 / WannaCry / NSA ETERNALBLUE patches

So you have used all you tricks to get MS17-010 fix deployed but how to confirm that every forgotten PC on your network is actually patched? We'll scan our intranet using Metasploit checking for this particular vulnerability. PCs with local firewall blocking SMB traffic will be missed, but those are not exploitable anyway due same firewall.

Backdoor and root shell on ZTE MF286

ZTE MF286 has built-in factory backdoor allowing root shell access on embedded Linux running inside router. However since we don't know RSA-2048 private key used for encrypting device specific password we're not able to use this. Which doesn't mean we won't have other means to gain root shell.