PowerCLI

PowerCLI with a GUI – Clone a machine, add DHCP Reservations, alter CPUID

VMware, , , , , , , , , ,

In this blog post, I am going to break down a PowerShell code I have created (with help from some colleagues). The functions of this PowerShell code are;

  • Present a GUI form to the end user
    • Connect to a vCenter
    • Select the virtual machine to be cloned
    • Select the datastore the new VM is to be stored on (display DS free space)
    • Select the host for this VM to be created against (display free memory on the host)
    • Set the new VM name
    • Create an IP reservation in both the Production and DR DHCP Scopes

Below are some functional screenshots of the code’s GUI and also a rough flowchart of what I needed to achieve.

You can skip to the end to find the full code or my github.

PowerCLI with a GUI - Clone a machine, add DHCP Reservations, alter CPUID

clone script connection window veducate

clone script full GUI options when connected vEducate

clone vm script flowchart

TAM Lab Recording

Since posting this blog, I also covered this in a VMware TAM Lab recording which you can watch below.

A little more background on the script

So my customer had a dedicated environment for hosting their custom application, however these applications were built and running inside an old unsupported OS which expected to be running on a particular era of CPU’s to run correctly, for example todays Intel Skylake would cause the OS to panic and not run. As you can also imagine with this type of older OS, there are no VM Tools support either.

Here is the architecture diagram;

clone vm architecture diagram

Providing DR around this environment was interesting, we could protect the VM using SRM and storage array LUN replication. But this also presented some issues, when the VM boots in DR. “what happens with networking?” hence we setup a DHCP reservation on both Production and DR. Meaning we know the VMs IP regardless of where its booted.

Continue reading PowerCLI with a GUI – Clone a machine, add DHCP Reservations, alter CPUID

vROPs – What is the “IsGreenForPlacement” Metric + Dashboard

VMware, , , , , ,

A customer of mine queried the details of a metric available in vROPs “IsGreenForPlacement”

You can find this by selecting a cluster in vROPs, go to All Metrics, and just search placement.

vrops IsGreenForPlacement 1

And here is a screenshot of the Metric in a sparkline.vrops IsGreenForPlacement 2

The customer uses this metric to give a signal (Green/Red Button on a vROPs Dashboard) if a vSphere cluster can be used for on-going deployments.

Unfortunately there’s not much documented information publicly. And we ran into an  issue where the metric stayed positive (yes you can deploy), but the Storage datastore had run out of space. So I went off to dig out what this metric actually does.

IsGreenForPlacement – details

After speaking to the internal teams on vROPs I found the answer;

“Regarding IsGreenForPlacement metric, only CPU and Memory participates on calculation of this metric, by default if CPU and MEM workload is less than 80% it is green.”

So storage is not taken into account.

Creating a Dashboard

This one will be really simple. Continue reading vROPs – What is the “IsGreenForPlacement” Metric + Dashboard

vrealize logo

Using vROPs to track adoption – Such as VMware Tools upgrades

VMware, , , , , ,

I had an interesting question from a customer recently;

Can we track the adoption/upgrades of VMware tools to the latest version in a vROPs dashboard

At first, I thought sure this is easy. But then looking at the various different default options, nothing would give me a graph which shows the increasing uptake or upgrades of VMware Tools to the last version.

I consulted internally, and between myself and my customer we came up with the following solution. Which was quite simple once we thought it out.

Solution

  1. Create a custom group based on the information you want to capture

In the below example, I’ve done this to target VMs with VMware Tools 10.3.10, you could leave it as “10.3” to target any 10.3.X release. Continue reading Using vROPs to track adoption – Such as VMware Tools upgrades

mexican header

Recipe: Grilled Mexican Chicken perfect for Tacos

General, , ,

Something completely different; I was taking to my customer about the most amazing Mexican chicken I make for Tacos. So I shared with him the recipe, thought I’d share it with you lot as well! This is my modified version that I think is better than the original recipe which can be found at the end of this post.

Marinate chicken thighs overnight for best results, Then grill until charred;

Marinade

  • 4 Tablespoons orange juice
  • 2 Tablespoons apple cider vinegar
  • 1½ Tablespoons lime juice
  • 3 cloves garlic , minced
  • 1½ Tablespoons Hot Chili Powder or Hot Kashmiri (Indian) chili powder
  • 2 tablespoon dried mixed herbs
  • 2 teaspoons smoked paprika
  • ¼ teaspoon ground cinnamon
  • 1 teaspoon salt
  • freshly ground black pepper

8D34DEE5 0FD8 4E1B 9FD3 DBC0F701ED01

Here is the original link I altered; https://tastesbetterfromscratch.com/grilled-chicken-street-tacos/

pentest left1

Notes from the field – Penetration tests

General, Networking, Windows, , , , ,

This blog post is by no means a comprehensive guide from an expert in the cyber security area. However my previous role meant I had the pleasure of reviewing a number of customer penetration tests and from this, pretty much all of them were all exploited in the same way. So I put together some basic information for any of my customers to review and think about before they had a penetration booked.

After all, might as well make it a challenge for the people you are hiring to hack your network 😉

Methodology

Ok, so I’m only going to cover the basics, as there are far better articles out there on this.

  • Reconnaissance
    • Information gathering before attending the targets site
      • IP addresses of websites and MX record details
      • Details of email addresses (shared mailboxes, employees direct)
      • Social networks (details shared on LinkedIn by Employees, the companies twitter posts etc)
        • Consider the below twitter post by a company, what information can you glean from seeing a picture of their racks and other equipment.
        • If we know the company name, we can enumerate the various domain names they own to public IP addresses, and just plug that into a website like http://shodan.io and maybe look for that Sonicwall and find out if its running the latest firmware.
        • Below when zooming in on the image, we can find details of an ADSL line
        • twitter post edited
      • Job websites; are they hiring, especially in IT, what skills do they want? Looking for an engineer that knows a particular accountancy package?
  • Enumeration/Identification
    • Assessment of devices found and the search for vulnerabilities
      • Tools in use such as, but not limited to; nmap, Nessus, Metasploit, unicornscan, nikto, dotdotpwn, gobuster.
  • Exploitation
    • Create a plan of action/attack based on the information gathered.
    • Perform the attack/exploitation itself to achieve the end goal, usually access to systems from zero, escalation with the end goal being access to private/sensitive/restricted systems and data.
    • Tools in use such as, but not limited to; Kali Linux (OS and contains a lot of tooling), Nmap, Metasploit, BurpSuite, SQLMap, padbuster, custom exploit scripts
Common exploits to gain access

Ok so first, lets review how multiple networks were exploited or hacked.

Below is the common summary of issues found at many sites I reviewed, and this is what I will cover in this blog post ;

  • Null session authentication on Domain Controllers
  • Devices configured to use NBT-NS / LLMNR
  • SMB Signing
  • NTLMv1 in use for network authentication
  • Domain Users have Local Admin permissions to their machines
  • Poor password policy
  • No split accounts for Domain Admins
  • Poor patching on systems
Null Session Authentication

By default null sessions (unauthenticated) are enabled on Windows 2000 & 2003 servers. Therefore anyone can use these NULL connections to enumerate potentially sensitive information from the servers, read this as information from your Active Directory.

Therefore anyone with a legacy domain which has been upgraded through the years, will find that Null Session Authentication is enabled on their environments.

Seeing it in action Continue reading Notes from the field – Penetration tests