DATAPUISTOKEMISTI

Netdisco is neat tool to collect layer-2 forwarding database from switches, match MACs with layer-3 ARP table from router and present it over searchable webui. Old "Netdisco 1" was quite horrible to setup, but it did still do its job. Recently "Netdisco 2" was released making admins life much easier and also bringing fancy new look for webui. So here's my notes about installing new virtual machine with Netdisco 2.

Public Huawei document I linked couple days ago mentioned factory diagnostics tool called  " Huawei deviceLocker V0.1" that will grant access to root shell on router. I got curious on how this would actually work and came to conclusion it must be something extremely simple and insecure, it IS Huawei after all. Did some poking around /bin/web process I figured this out - it's all there in clear-text for anyone to read. And that admin password is in Huawei docs, not exactly secret either. In case you didn't realize there's no need for authentication to exploit this. Protip: Try to hide you backdoors a bit better next time.

Perhaps you're fairly satisfied with Huawei stock firmware but would like to fix some security problems and remove spyware installed by factory. There's fairly easy way to do this.

Sorry, one more B593u post but felt this is worth documenting. While hacking my way into Huawei B593u I had big problem with Huawei crippled CFE bootloader. It was not talking to me and when I finally did get it to talk to me it was only one way. All I could see was CFE> prompt after smashing ^C but nothing else.

Latest modem.bin firmwares currently available are T-Mobile customized 11.533.03.03.748 (2013-09-30) from SP105 and generic 11.433.61.00.00 (2012-12-04) from Polkomtel SP103. While these are customized for EM920u according to few forum posts I've found they work equally with Huawei USB LTE dongles such as E392 part of same MDM9200 family.

I got few B593u models and it's pretty straight forward Broadcom BCM5358 based router with Linux. As usual GPL sources were never published by Huawei crooks. LTE modem side is simply Qualcomm MDM9200 based Huawei USB dongle connected internally to Broadcom SoC over USB.

Found this document on Huawei webpage you might be interested. It's in Microsoft Word .docx format. http://www.huawei.com/ecommunity/3msimage/download-10060827-10000297-9bca6ae8ffa54796a5245e6650b0e607.bin?type=bbs

Here's location of Huawei B593u TTL serial console. Settings are usual 115200 8N1.

There ain't many pictures showing innards of B593u around and even less ones with any details. This obviously needs to be fixed.

I think ethernet switch and wireless aren't supported by opensource drivers so even with OpenWrt booting on Huawei B593u-12 it's not much use. USB connected LTE module is not detected, my guess is that some GPIO needs to be toggled to enable it. PCA9555 GPIO expander would need some work too. Also 256MB NAND-flash is missing, only 16MB SPI flash is found.

CFE> boot -elf -tftp 192.168.1.100:openwrt-brcm47xx-mips74k-vmlinux.elf

Open new excel sheet. Select desired paper size (A4 or A3... of course), orientation and set margins. Open View tab. Click Page Layout under Workbook Views. Press Ctrl+A. Open Home tab. Click Format under Cells. Select Row height and enter desired size with mm suffix (or "in" for rednecks) Click Format under Cells Select Column width and enter desired size. Open View tab. Click Normal under Workbook Views. Done.

Last steps with fixing SID history.

File servers are easy thanks to Microsoft tool.

SQL server logins may have old SIDs. This doesn't fix them (because we didn't have this particular problem at work) but shows if there's any that need to be fixed.

Dumping my notes about fixing SID history at work. Use at your own risk. These worked for me but won't work for you without some adjustments.

Adding aufs support to 3.16-rc5 is little different than what is was for older kernels. Below works for Ubuntu LTS 14.04.

This post is just to let everyone know old process described here in my earlier post still works and also survives upgrade from older Ubuntu version to 14.04 LTS.

This exports list of BitLocker recovery keys from AD. Found it somewhere from web.

Quick and very dirty export out-of-office (OOF) autoreplies from Exchange 2010 with Powershell.  get-mailbox -resultsize unlimited | get-mailboxautoreplyconfiguration | where {$_.autoreplystate -ne "disabled"} | select identity,autoreplystate,starttime,endtime,@{NAME='InternalMessage';Expression={$_.InternalMessage -replace ("`n") -replace("</p","/<") -replace("<.*?>") -replace("&nbsp;","") }},@{NAME='ExternalMessage';Expression={$_.InternalMessage -replace ("`n") -replace("</p","/<") -replace("<.*?>") -replace("&nbsp;","") }} | Export-Csv -Encoding unicode -NoTypeInformation outofoffice.csv

Many vbscripts use old Outlook / Exchange CDO components for MAPI access. Without CDO you'll get "ERROR: ActiveX component can't create object (MAPI.Session)" error message. Unfortunately CDO works only with 32-bit Outlook 2007. If you're running 32-bit Outlook 2010 or 2013 in either 32-bit or 64-bit OS following might come handy.

You're supposed to be able to use "BBB-eMMC-flasher" images to flash new OS directly from SD card. For whatever reason this sometimes fails to work. People blame power supplies which probably is one reason but not this time. In my case when trying to use BBB-eMMC-flasher image BBB started flashing all four user leds in sync without ever even attempting to flash image to eMMC.

How would FEC (Forward Error Correction) enabled TCP/IP stack for Linux sound like? Yep, I know you're interested and want it. Start by checking these two links. http://www.ietf.org/proceedings/87/slides/slides-87-tcpm-8.pdf http://tools.ietf.org/html/draft-flach-tcpm-fec-00

There's annoying problem with Digi RS232 - Ethernet products (also sold BlackBox branded). Many if not most telnet clients are incompatible with their server implementation and treat single enter press as two enter presses. Incompatible clients are at least SecureCRT, Putty and one Microsoft includes with Windows. Teraterm works ok.

I'm using OpenWrt with following customizations to send temperature readings to EmonCMS. Hardware is noname Ralink RT3052 router (WR512-3GN) and Dallas DS9097U compatible USB 1-wire adapter. Main reason for going with Image Generator instead of compiling custom firmware was to keep binary and API compatibility with packages from stock OpenWrt repository. Package selection below leaves 168kB free on JFFS2 filesystem. Drop editor, Luci etc. and you'll have a lot more free. If you don't need to patch init scripts like I did due bug in WR512-3GN support you can simply install packages and apply scripts over top of official OpenWrt release flashed to your router.