Yesterday (Jun 20, 2017),
Cyber Security and Technology Crime Bureau (CSTCB) of Hong Kong Police Force announced a
Cyber Security Campaign 2017 for a year in order to kill all botnets in Hong Kong. They build a website for Hong Kong citizens to download 3 famous Anti-Virus scanners (Kaspersky, Symantec and Trend Micro). The campaign commenced today. (SCMP news) However, the site could not be accessed until 1500 hours today due to too busy or something else.
I conducted a quick test on the website when the news was announced yesterday. This article is about the not professional test result.
The website is running on Windows Server 2012 and hosting at Alchemy. It is not sure that it is a dedicated server or a shared hosting server. It is possibly that it may be a dedicated server. The IP address of the server is 205.144.171.79.
Meanwhile, I find out that the server is also hosting another website Cyber Security Professional Awards which is also hosted by CSCTB.
The Server
The website is running on Microsoft IIS 8.5 with ASP.NET (Version 4.0.30319 and ASP.NET MVC version is 5.2). Ports 80, 135, 443, 445, 5666 and 49159 are opened on the Windows Server 2012. There is no Web Application Firewall (WAF) on the Microsoft IIS Web Server.
SSL Certificate
Since there is no data exchange between users and web application, the SSL certificate for the website is not required in general. However, it is equipped. It is compatible to TLS 1.0, 1.1 and 1.2. It used a weak cipher suites for the encryption (TLS_RSA_WITH_3DES_EDE_CBC_SHA) in the certificate. Meanwhile, it has a mismatched SSL certificate of www.fishingmilitia.com. In addition, there is no security headers for the website. The grading of the website is A only.
Later learnt that the mismatched SSL certificate of Fishing Militia is pointed to "Cyber Security Professional Awards" website. The SSL certificate of "Fishing Militia" is expired on Jun 16, 2017. However, the "Cyber Security Professional Awards" website is running on Port 80. It is very weird.
Web Application
It is a single page web application mainly running JavaScript. It stores all the images, including background image, on https://storage.googleapis.com. The size of the images is from 58kB to 2.7MB. That is why the website may not be accessed and displayed "Service Unavailable. HTTP Error 503. The service is unavailable." There is no database and no data exchange between users and web application.
When "Cyber Security Campaign 2017" website is loading slow or cannot be accessed, the "Cyber Security Professional Awards" website has the same response.
Conclusion
The Windows Server 2012 is hosting 2 websites, "Cyber Security professional Awards" and "Cyber Security Campaign 2017" on Pot 80 and 443 respectively. If there is a proxy server, both websites can use port 80 instead.
The response time of "Cyber Security Campaign 2017" is slow mainly because of the images are large in size and they are fetched from storage.googleapis.com. The googleapis.com is hosting JavaScript only and the upload speed may not be very high. Therefore the bottleneck is at the size of images and slow external storage.
It is very weird that the SSL certificate of "Cyber Security Professional Awards" website is pointed to another domain.
In conclusion, the website is mis-configured and it is not good in design.
That's all! See you.
Wednesday, June 21, 2017
Monday, June 19, 2017
HOWTO : Lower CPU Loading With ulimit on Ubuntu 16.04 LTS
ulimit can change the number of process on Linux. One of the features is to lower the CPU loading with it when you have a low end CPU. The lower the CPU loading the lower the CPU temperature.
Append the following lines at the end of the file.
You can replace "10240" up to "65535".
That's all! See you.
sudo nano /etc/security/limits.confAppend the following lines at the end of the file.
* soft nproc 10240
root soft nproc 10240You can replace "10240" up to "65535".
That's all! See you.
Sunday, June 04, 2017
HOWTO : Update Ubuntu 16.04 LTS
sudo nano ~/update_ubuntuAppend the following lines to the file :
export DEBIAN_FRONTEND=noninteractive
sudo apt update
sudo apt -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o APT::Get::Assume-Yes="true" -y dist-upgrade
sudo apt -y autoclean
sudo apt -y --purge autoremoveSave it and make it executable.
chmod +x ~/update_ubuntuTo run it :
sudo ~/update_ubuntuThat's all! See you.
Saturday, June 03, 2017
HOWTO : Apache Guacamole Remote Desktop Gateway On Ubuntu 16.04 LTS
Apache Guacamole is a HTML5 remote desktop gateway. It supports VNC, RDP and SSH protocols. You can access your remote desktop or server by using standard browser. You are required a dedicate computer or virtual machine to setup the Guacamole server. This guide will use database authentication for the operation.
Step 1 :
Install Ubuntu Server 16.04.2 LTS as usual. It is recommended to install OpenSSH also.
Step 2 :
Step 3 :
Append the following lines at the end of the file :
Step 4 :
Step 5 :
Step 6 :
Step 7 :
Step 8 :
The content of the file is :
Step 9 :
Step 10 :
Step 11 : (The following Step 11 to 14 are for setting up VNC server on Ubuntu Desktop)
The Ubuntu Desktop will be accessed via VNC. Therefore, we need to install related packages on Ubuntu Desktop.
The file content will be looking like :
Reconfigure the session manager :
Select :
Step 12 :
The file content will be looking like below. Making sure to replace "samiux" to your username :
Step 13 :
Enter the password of VNC server when prompt and then answer "n" to the last question.
To start VNC server at port 5901 :
Step 14 :
For streaming audio from Ubuntu Desktop :
Append the following line at the end of the file :
To restart PulseAudio :
Port 4713 should be listening for connection. However, it is not very stable at my side.
Step 15 : (The following Step 15 is for setting up RDP on Kali Linux Xfce)
Install Kali Linux Xfce version, Gnome does not work. Lxde may works.
Make sure it is selected :
Step 16 :
To access the Guacamole, you point the browser to the Guacamole box, e.g. http://192.168.20.99:8080. The username and password are both "guacadmin".
When accessing the remote desktop or server, you can launch the submenu by pressing :
Reference
Apache Guacamole Manual
How to install SSH ( secure shell ) service on Kali Linux
That's all! See you.
Step 1 :
Install Ubuntu Server 16.04.2 LTS as usual. It is recommended to install OpenSSH also.
sudo apt-get -y install libcairo2-dev libjpeg-turbo8-dev libpng12-dev libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libssh2-1-dev libvorbis-dev libwebp-dev autoconf autotools-dev libtool build-essential maven default-jdk mysql-common mysql-server mysql-client mysql-utilities tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-user ghostscript gsfonts gsfonts-otherStep 2 :
sudo mkdir -p /etc/guacamole
sudo mkdir -p /etc/guacamole/lib
sudo mkdir -p /etc/guacamole/extensionsStep 3 :
sudo nano /etc/default/tomcat8Append the following lines at the end of the file :
# GUACAMOLE ENV VARIABLE
GUACAMOLE_HOME=/etc/guacamoleStep 4 :
cd ~
git clone git://github.com/apache/incubator-guacamole-server.git
cd incubator-guacamole-server
autoreconf -fi
./configure --with-init-dir=/etc/init.d
make
sudo make install
sudo ldconfigsudo systemctl enable guacdStep 5 :
cd ~
git clone git://github.com/apache/incubator-guacamole-client.git
cd incubator-guacamole-client
mvn package
sudo cp ~/incubator-guacamole-client/guacamole/target/guacamole-0.9.12-incubating.war /etc/guacamole/
sudo ln -s /etc/guacamole/guacamole-0.9.12-incubating.war /var/lib/tomcat8/webapps/
sudo cp ~/incubator-guacamole-client/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/target/guacamole-auth-jdbc-mysql-0.9.12-incubating.jar /etc/guacamole/extensions/Step 6 :
wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.42.tar.gz
tar -xvzf mysql-connector-java-5.1.42.tar.gz
sudo cp mysql-connector-java-5.1.42/mysql-connector-java-5.1.42-bin.jar /etc/guacamole/lib/sudo mkdir -p /usr/lib/x86_64-linux-gnu/freerdp
sudo ln -s /usr/local/lib/freerdp/* /usr/lib/x86_64-linux-gnu/freerdp/Step 7 :
sudo mysql -u root -p
CREATE DATABASE guacamole_db;
CREATE USER 'guacamole_user'@'localhost' identified by '[GUACAMOLE_USER_PASSWORD]';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';
flush privileges;
quitcd ~
cat ~/incubator-guacamole-client/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/*.sql | mysql -u root -p[MYSQL_ROOT_PASSWORD] guacamole_dbStep 8 :
sudo nano /etc/guacamole/guacamole.propertiesThe content of the file is :
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port: 4822
# MySQL Authentication
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: [GUACAMOLE_USER_PASSWORD]Step 9 :
sudo ln -s /var/lib/tomcat8/webapps/guacamole-0.9.12-incubating.war /var/lib/tomcat8/webapps/ROOT.warStep 10 :
sudo systemctl restart guacd
sudo systemctl restart tomcat8Step 11 : (The following Step 11 to 14 are for setting up VNC server on Ubuntu Desktop)
The Ubuntu Desktop will be accessed via VNC. Therefore, we need to install related packages on Ubuntu Desktop.
sudo apt-get install ubuntu-desktop gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal tightvncservernano ~/.vnc/xstartupThe file content will be looking like :
#!/bin/sh
xrdb $HOME/.Xresources
xsetroot -solid grey
#x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &
# Fix to make GNOME work
export XKL_XMODMAP_DISABLE=1
/etc/X11/Xsession
unset SESSION_MANAGER
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
x-window-manager &
gnome-panel &
gnome-settings-daemon &
nautilus &
metacity &
gnome-session-flashback &Reconfigure the session manager :
sudo update-alternatives --config x-session-managerSelect :
/usr/lib/gnome-flashback/gnome-flashback-metacityStep 12 :
sudo nano /lib/systemd/system/vncserver@.serviceThe file content will be looking like below. Making sure to replace "samiux" to your username :
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target
[Service]
Type=forking
User=samiux
PAMName=login
PIDFile=/home/samiux/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.targetStep 13 :
vncserverEnter the password of VNC server when prompt and then answer "n" to the last question.
vncserver -kill :1sudo systemctl daemon-reload
sudo systemctl enable vncserver@1.serviceTo start VNC server at port 5901 :
sudo systemctl start vncserver@1Step 14 :
For streaming audio from Ubuntu Desktop :
sudo nano /etc/pulse/default.paAppend the following line at the end of the file :
load-module module-native-protocol-tcp auth-anonymous=1To restart PulseAudio :
pulseaudio -kPort 4713 should be listening for connection. However, it is not very stable at my side.
Step 15 : (The following Step 15 is for setting up RDP on Kali Linux Xfce)
Install Kali Linux Xfce version, Gnome does not work. Lxde may works.
apt-get xrdp
systemctl enable xrdp
systemctl enable xrdp-sesman
systemctl start xrdp
systemctl start xrdp-sesmanupdate-alternatives --config x-session-managerMake sure it is selected :
/usr/bin/startxfce4Step 16 :
To access the Guacamole, you point the browser to the Guacamole box, e.g. http://192.168.20.99:8080. The username and password are both "guacadmin".
When accessing the remote desktop or server, you can launch the submenu by pressing :
ctrl+alt+shiftReference
Apache Guacamole Manual
How to install SSH ( secure shell ) service on Kali Linux
That's all! See you.
Subscribe to:
Posts (Atom)