Category Archives: Networking

AVI Networks Header

How to generate self-signed certificates in AVI Networks for use with Windows Services

Note: AVI Networks is also referenced as NSX Advanced Load Balancer as the product is absorbed into the VMware Solutions

The AVI Vantage controller has the ability to generate self-signed certificates for use with your services. As Self-Signed will not be trusted by your browser, it is recommended that you only use these for testing your environments.

Generating a Self-Signed certificate with an exportable private key in the UI is quite simple.

1. Go to the Templates view

2. Select the Security tab

3. Select the SSL/TLS Certificates tab

4. Click the green Create button, and select your type of certificate. (in my example I am creating an application certificate)

AVI Networks Create SSL Certificate

Filling out the forms, the options are as you would expect when working with generating a CSR and CAs.

Fill in your details and click Save.

AVI Networks Add Certificate

Once you have a SSL generated, the next step is downloading for use with your servers.

AVI Networks - Download SSL Certificate

As you can see, clicking download doesn’t give you a usable SSL file with the private key, so you need to use a tool such as OpenSSL to take the output and convert it into a usable format. Continue reading for the steps.

AVI Networks Self Signed Certificate

Note: Viewing or exporting the private key generates a system event, tracking the administrator’s export action. Avi Networks recommends using role-based access to control which users are allowed to use a certificate versus export the key.

You can see this below.

AVI Networks SSL Export logged in events

Using OpenSSL to convert the CSR into a PFX file

Download OpenSSL if you do not already have it.

Save the above SSL outputs from AVI Networks interface to two files;

  • Key > certficate.key
  • Certificate > certificate.crt

Next we will run the following command which will create a single PFX file that contains the exportable key.

openssl pkcs12 -export -out {file_name.pfx} -inkey {private key file} -in {CRT file}

After entering the command, you will be prompted to enter and verify an export password to protect the PFX file. You will use this to export the certificates and key.

Breakdown of the command;

openssl – the command for executing OpenSSL
pkcs12 – the file utility for PKCS#12 files in OpenSSL

-export -out certificate.pfx – export and save the PFX file as certificate.pfx

-inkey privateKey.key – use the private key file privateKey.key as the private key to combine with the certificate.

-in certificate.crt – use certificate.crt as the certificate the private key will be combined with.

(Source)

For me, I needed this for us with VMware Horizon, if you hadn’t already realised from the earlier screenshots. So to complete my use case, its a case of opening up the MMC and Certificates snap-in, import the PFX file and input the password.

Regards

pentest left1

Notes from the field – Penetration tests

This blog post is by no means a comprehensive guide from an expert in the cyber security area. However my previous role meant I had the pleasure of reviewing a number of customer penetration tests and from this, pretty much all of them were all exploited in the same way. So I put together some basic information for any of my customers to review and think about before they had a penetration booked.

After all, might as well make it a challenge for the people you are hiring to hack your network 😉

Methodology

Ok, so I’m only going to cover the basics, as there are far better articles out there on this.

  • Reconnaissance
    • Information gathering before attending the targets site
      • IP addresses of websites and MX record details
      • Details of email addresses (shared mailboxes, employees direct)
      • Social networks (details shared on LinkedIn by Employees, the companies twitter posts etc)
        • Consider the below twitter post by a company, what information can you glean from seeing a picture of their racks and other equipment.
        • If we know the company name, we can enumerate the various domain names they own to public IP addresses, and just plug that into a website like http://shodan.io and maybe look for that Sonicwall and find out if its running the latest firmware.
        • Below when zooming in on the image, we can find details of an ADSL line
        • twitter post edited
      • Job websites; are they hiring, especially in IT, what skills do they want? Looking for an engineer that knows a particular accountancy package?
  • Enumeration/Identification
    • Assessment of devices found and the search for vulnerabilities
      • Tools in use such as, but not limited to; nmap, Nessus, Metasploit, unicornscan, nikto, dotdotpwn, gobuster.
  • Exploitation
    • Create a plan of action/attack based on the information gathered.
    • Perform the attack/exploitation itself to achieve the end goal, usually access to systems from zero, escalation with the end goal being access to private/sensitive/restricted systems and data.
    • Tools in use such as, but not limited to; Kali Linux (OS and contains a lot of tooling), Nmap, Metasploit, BurpSuite, SQLMap, padbuster, custom exploit scripts
Common exploits to gain access

Ok so first, lets review how multiple networks were exploited or hacked.

Below is the common summary of issues found at many sites I reviewed, and this is what I will cover in this blog post ;

  • Null session authentication on Domain Controllers
  • Devices configured to use NBT-NS / LLMNR
  • SMB Signing
  • NTLMv1 in use for network authentication
  • Domain Users have Local Admin permissions to their machines
  • Poor password policy
  • No split accounts for Domain Admins
  • Poor patching on systems
Null Session Authentication

By default null sessions (unauthenticated) are enabled on Windows 2000 & 2003 servers. Therefore anyone can use these NULL connections to enumerate potentially sensitive information from the servers, read this as information from your Active Directory.

Therefore anyone with a legacy domain which has been upgraded through the years, will find that Null Session Authentication is enabled on their environments.

Seeing it in action Continue reading Notes from the field – Penetration tests

IMC Header

HP IMC 7.2 – won’t backup config of Cisco Nexus 9K switch

Background

I have a customer who is using HP Intelligent Management Center (IMC) to monitor their switching environment. Originally they were using all HP Switching, but have slowly moved away during a refresh cycle and now use Cisco Switching, a mix between 2960X and Nexus switching.

The issue

When changing the HP IMC (Basic edition licence) over to manage the Cisco switching, everything went fine, apart from the Nexus 9K switches, which were not detected properly nor could be backed up. We contacted HP, who said the 9K switches are supported, but they would not give us any further details until we had a software support contract in place.

When we ran a manual backup of the switch we would receive the following error message;

Failed to send the configuration file from the device to the iMC Server by TFTP
HP IMC Cisco Nexus switch failed backupHP IMC Cisco Nexus switch failed to send configuration file from device
The cause

The cause is down to the sysOID seen by IMC, it correctly see’s the vendor a Cisco switch, but does not identify it as a Nexus switch. The default settings for a Cisco Switch in IMC is to use CatOS commands for any operation.

HP IMC Cisco Unknown Switch SYSOID Continue reading HP IMC 7.2 – won’t backup config of Cisco Nexus 9K switch

fan replacement

HP FlexFabric Switches – AirFlow direction is not prefered

Quick note,

Installed some HP FlexFabric 5700 switches the other day and I was getting a red LED on the front, and a status message in the CLI

HPE DEV/1/FAN_DIRECTION_NOT_PREFERRED: -Slot; Fan 1 airflow direction is not preferred on slow 1, please check it.

This is a pretty common issue if you chose Back-to-Front fans for your build.

The part numbers for the 5700 series are as follows (taken from this document);

HP 58x0AF Bck(pwr) – Frt(ports) Fan Tray  – JC682A
HP 58x0AF Frt(ports) – Bck(pwr) Fan Tray  – JC683A

The fix is quite simple

To display the airflow configuration;

display fan slot {slot No,}

To change the configuration

Fan prefer-direction slow 1 port-to-power

Below is a screenshot showing the error, the display command and the resolution. Continue reading HP FlexFabric Switches – AirFlow direction is not prefered

PowerCLI

PowerCLI – Setup Host networking and storage ready for ISCSI LUNs

So I am no scripting master, my PowerShell knowledge is still something I want to expand. During an install last week I had a number of hosts to setup from scratch, so I decided to do this via PowerCLI, as a lot of the tasks were repetitive. Setting up the vSwitch networking and iSCSI configuration for each host

For those of you new to scripting, I’ve included screenshots to accompany the commands so you can see whats going on in the GUI.

Note: the full code without the breaks is at the end of this post

#Setup which host to target 
$VMhost = 'hostname'

Continue reading PowerCLI – Setup Host networking and storage ready for ISCSI LUNs