Wednesday, June 21, 2017

[REVIEW] Cyber Security Campaign 2017 (Hong Kong)

Yesterday (Jun 20, 2017), Cyber Security and Technology Crime Bureau (CSTCB) of Hong Kong Police Force announced a Cyber Security Campaign 2017 for a year in order to kill all botnets in Hong Kong. They build a website for Hong Kong citizens to download 3 famous Anti-Virus scanners (Kaspersky, Symantec and Trend Micro). The campaign commenced today. (SCMP news) However, the site could not be accessed until 1500 hours today due to too busy or something else.

I conducted a quick test on the website when the news was announced yesterday. This article is about the not professional test result.

The website is running on Windows Server 2012 and hosting at Alchemy. It is not sure that it is a dedicated server or a shared hosting server. It is possibly that it may be a dedicated server. The IP address of the server is

Meanwhile, I find out that the server is also hosting another website Cyber Security Professional Awards which is also hosted by CSCTB.

The Server

The website is running on Microsoft IIS 8.5 with ASP.NET (Version 4.0.30319 and ASP.NET MVC version is 5.2). Ports 80, 135, 443, 445, 5666 and 49159 are opened on the Windows Server 2012. There is no Web Application Firewall (WAF) on the Microsoft IIS Web Server.

SSL Certificate

Since there is no data exchange between users and web application, the SSL certificate for the website is not required in general. However, it is equipped. It is compatible to TLS 1.0, 1.1 and 1.2. It used a weak cipher suites for the encryption (TLS_RSA_WITH_3DES_EDE_CBC_SHA) in the certificate. Meanwhile, it has a mismatched SSL certificate of In addition, there is no security headers for the website. The grading of the website is A only.

Later learnt that the mismatched SSL certificate of Fishing Militia is pointed to "Cyber Security Professional Awards" website. The SSL certificate of "Fishing Militia" is expired on Jun 16, 2017. However, the "Cyber Security Professional Awards" website is running on Port 80. It is very weird.

Web Application

It is a single page web application mainly running JavaScript. It stores all the images, including background image, on The size of the images is from 58kB to 2.7MB. That is why the website may not be accessed and displayed "Service Unavailable. HTTP Error 503. The service is unavailable." There is no database and no data exchange between users and web application.

When "Cyber Security Campaign 2017" website is loading slow or cannot be accessed, the "Cyber Security Professional Awards" website has the same response.


The Windows Server 2012 is hosting 2 websites, "Cyber Security professional Awards" and "Cyber Security Campaign 2017" on Pot 80 and 443 respectively. If there is a proxy server, both websites can use port 80 instead.

The response time of "Cyber Security Campaign 2017" is slow mainly because of the images are large in size and they are fetched from The is hosting JavaScript only and the upload speed may not be very high. Therefore the bottleneck is at the size of images and slow external storage.

It is very weird that the SSL certificate of "Cyber Security Professional Awards" website is pointed to another domain.

In conclusion, the website is mis-configured and it is not good in design.

That's all! See you.

Monday, June 19, 2017

HOWTO : Lower CPU Loading With ulimit on Ubuntu 16.04 LTS

ulimit can change the number of process on Linux. One of the features is to lower the CPU loading with it when you have a low end CPU. The lower the CPU loading the lower the CPU temperature.

sudo nano /etc/security/limits.conf

Append the following lines at the end of the file.

* soft nproc 10240
root soft nproc 10240

You can replace "10240" up to "65535".

That's all! See you.

Sunday, June 04, 2017

HOWTO : Update Ubuntu 16.04 LTS

sudo nano ~/update_ubuntu

Append the following lines to the file :

export DEBIAN_FRONTEND=noninteractive
sudo apt update
sudo apt -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o APT::Get::Assume-Yes="true" -y dist-upgrade
sudo apt -y autoclean
sudo apt -y --purge autoremove

Save it and make it executable.

chmod +x ~/update_ubuntu

To run it :

sudo ~/update_ubuntu

That's all! See you.

Saturday, June 03, 2017

HOWTO : Apache Guacamole Remote Desktop Gateway On Ubuntu 16.04 LTS

Apache Guacamole is a HTML5 remote desktop gateway. It supports VNC, RDP and SSH protocols. You can access your remote desktop or server by using standard browser. You are required a dedicate computer or virtual machine to setup the Guacamole server. This guide will use database authentication for the operation.

Step 1 :

Install Ubuntu Server 16.04.2 LTS as usual. It is recommended to install OpenSSH also.

sudo apt-get -y install libcairo2-dev libjpeg-turbo8-dev libpng12-dev libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libssh2-1-dev libvorbis-dev libwebp-dev autoconf autotools-dev libtool build-essential maven default-jdk mysql-common mysql-server mysql-client mysql-utilities tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-user ghostscript gsfonts gsfonts-other

Step 2 :

sudo mkdir -p /etc/guacamole
sudo mkdir -p /etc/guacamole/lib
sudo mkdir -p /etc/guacamole/extensions

Step 3 :

sudo nano /etc/default/tomcat8

Append the following lines at the end of the file :


Step 4 :

cd ~
git clone git://
cd incubator-guacamole-server
autoreconf -fi
./configure --with-init-dir=/etc/init.d
sudo make install
sudo ldconfig

sudo systemctl enable guacd

Step 5 :

cd ~
git clone git://
cd incubator-guacamole-client
mvn package

sudo cp ~/incubator-guacamole-client/guacamole/target/guacamole-0.9.12-incubating.war /etc/guacamole/
sudo ln -s /etc/guacamole/guacamole-0.9.12-incubating.war /var/lib/tomcat8/webapps/
sudo cp ~/incubator-guacamole-client/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/target/guacamole-auth-jdbc-mysql-0.9.12-incubating.jar /etc/guacamole/extensions/

Step 6 :

tar -xvzf mysql-connector-java-5.1.42.tar.gz
sudo cp mysql-connector-java-5.1.42/mysql-connector-java-5.1.42-bin.jar /etc/guacamole/lib/

sudo mkdir -p /usr/lib/x86_64-linux-gnu/freerdp
sudo ln -s /usr/local/lib/freerdp/* /usr/lib/x86_64-linux-gnu/freerdp/

Step 7 :

sudo mysql -u root -p
CREATE DATABASE guacamole_db;
CREATE USER 'guacamole_user'@'localhost' identified by '[GUACAMOLE_USER_PASSWORD]';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';
flush privileges;

cd ~
cat ~/incubator-guacamole-client/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/*.sql | mysql -u root -p[MYSQL_ROOT_PASSWORD] guacamole_db

Step 8 :

sudo nano /etc/guacamole/

The content of the file is :

# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port: 4822

# MySQL Authentication
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user

Step 9 :

sudo ln -s /var/lib/tomcat8/webapps/guacamole-0.9.12-incubating.war /var/lib/tomcat8/webapps/ROOT.war

Step 10 :

sudo systemctl restart guacd
sudo systemctl restart tomcat8

Step 11 : (The following Step 11 to 14 are for setting up VNC server on Ubuntu Desktop)

The Ubuntu Desktop will be accessed via VNC. Therefore, we need to install related packages on Ubuntu Desktop.

sudo apt-get install ubuntu-desktop gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal tightvncserver

nano ~/.vnc/xstartup

The file content will be looking like :


xrdb $HOME/.Xresources
xsetroot -solid grey
#x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &
# Fix to make GNOME work

vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
x-window-manager &
gnome-panel &
gnome-settings-daemon &
nautilus &
metacity &
gnome-session-flashback &

Reconfigure the session manager :

sudo update-alternatives --config x-session-manager

Select :


Step 12 :

sudo nano /lib/systemd/system/vncserver@.service

The file content will be looking like below. Making sure to replace "samiux" to your username :

Description=Start TightVNC server at startup

ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
ExecStop=/usr/bin/vncserver -kill :%i


Step 13 :


Enter the password of VNC server when prompt and then answer "n" to the last question.

vncserver -kill :1

sudo systemctl daemon-reload
sudo systemctl enable vncserver@1.service

To start VNC server at port 5901 :

sudo systemctl start vncserver@1

Step 14 :

For streaming audio from Ubuntu Desktop :

sudo nano /etc/pulse/

Append the following line at the end of the file :

load-module module-native-protocol-tcp auth-anonymous=1

To restart PulseAudio :

pulseaudio -k

Port 4713 should be listening for connection. However, it is not very stable at my side.

Step 15 : (The following Step 15 is for setting up RDP on Kali Linux Xfce)

Install Kali Linux Xfce version, Gnome does not work. Lxde may works.

apt-get xrdp
systemctl enable xrdp
systemctl enable xrdp-sesman
systemctl start xrdp
systemctl start xrdp-sesman

update-alternatives --config x-session-manager

Make sure it is selected :


Step 16 :

To access the Guacamole, you point the browser to the Guacamole box, e.g. The username and password are both "guacadmin".

When accessing the remote desktop or server, you can launch the submenu by pressing :



Apache Guacamole Manual
How to install SSH ( secure shell ) service on Kali Linux

That's all! See you.