Tuesday, February 14, 2012

Tunneling vSphere Client in Windows

Using tunneling over SSH you can forward the multiple ports needed to access the vSphere client used to administrate ESX or ESXi hosts.

Requirements:
  • SSH jumpbox (from this jumpbox you should have access to the ESX/ESXi machine)
  • PuTTY or Cygwin

So basically we are binding the following ports: 443, 902, and 903 to our localhost using PuTTy in this tutorial.

Steps:

  1. Open up PuTTy and configure the settings to look as follows where destIP=your destination IP address of the ESX box
    2. Go back to the session tab and type the hostname/IP address of your SSH jumpbox. Alternatively you could open up cygwin and type the following: ssh -L 443:destIP:443 -L 902:destIP:902 -L 903:destIP:903 user@jumpboxIP
  2. Edit the hosts file in windows C:\Windows\system32\drivers\etc\hosts (this is required as esxi relies on dns name and uses local resolution).

    Add the entry:
    127.0.0.1    ESXiHostname
  3. Open up vSphere client and login with the hostname of the remote ESX box

Common Errors:
Unable to connect to the MKS: Failed to connect to server :902

Occurs if you are not properly forwarding port 902 903
Posted by Bradley at 2/14/2012 11:36:00 AM 0 comments
Labels: , , , , , , , , , , , ,

Saturday, February 11, 2012

Customizing an VMware ESXi5 installation disc for unattended install

This explains the workflow of creating a customized ESXi5 installation disc using a Windows PC. VMware has documentation on this workflow using a linux machine here.

1) Download the ESXi iso.
2) Extract the iso using your favourite iso extractor to c:\esxi. I used 7zip.
3) Create a KS.CFG file in c:\esxi with your Kickstart config. Documentation of ESXi5 kickstart commands is here.
4) Modify c:\esxi\ISOLINUX.CFG. Append "ks=cdrom:/KS.CFG" to APPEND. Your LABEL install should look like this:
LABEL install
KERNEL mboot.c32
APPEND -c boot.cfg ks=cdrom:/KS.CFG
MENU LABEL ESXi-5.0.0-20111104001-custom ^Installer

You can also add multiple LABEL install blocks to specify different KS.CFG files or no kickstart at all.
**When ESXi mounts the CD during setup, all files are capitalized. So even if your kickstart cfg file is ks.cfg you have to put KS.CFG.

Now you have to burn your customized setup onto a disc.
1) Download and extract cdrtools for windows from here.
2) Run this command to create the iso (case senstive):
mkisofs.exe -relaxed-filenames -J -R -o custom_esxi.iso -b ISOLINUX.BIN -c c:\esxi\boot.cfg -no-emul-boot -boot-load-size 4 -boot-info-table c:\esxi
3) Burn custom_esxi.iso to disc with any utility. I used the Windows 7 built-in iso burner.


Common Errors:
Not specifying boot.cfg in mkisofs
kernel= must be set in /boot.cfg
Fatal error: 32 (Syntax)
Using imgburn
“No DEFAULT or UI configuration directive found”
OR
ata-pata.v00 not found

ks.cfg was not capitalized in isolinux.cfg
cannot find kickstart file on cd-rom with path -- /ks.cfg
Posted by at 2/11/2012 09:22:00 AM 0 comments
Labels: , , , , , , , , , , , , , , , ,

Sunday, February 5, 2012

Using fsutil to Create an Empty File (dd alternative)

In a previous post we learnt about the dd utility and how we can use that to wipe a drive with zeros.

The dd utility can be used to create a file full of zeroes, but there is also a windows utility built right into fsutil that allows you to do the same thing.

Both of the following examples create an empty file full of zeroes, each with a size of 10GB:

dd
dd if=/dev/zero of=/path/zeroedfile.dd bs=4M count=2560

fsutil
fsutil file createnew zeroedfile.dd 10000000000

Both of these tools can be very useful in testing raw sequential read/write disk performance as well as testing out upload compression.
Posted by Bradley at 2/05/2012 08:46:00 AM 0 comments
Labels: , , , , ,

Wednesday, December 14, 2011

Jumping Phone Queues

I've been put on hold many times trying to resolve issues but have found and confirmed working some methods to jump phone queues.

"Most of the software has a "3 mistakes and you're bounced" ruling, so pressing the * key three times should send you to an agent.

Alternatively, try * #0 or *0"

Paypal: *#0
Works Flawlessly transferred directly to an agent

Other:
0#0#0#
has also been said to work when pressed continuously in succession

As a side note here is a video tutorial on jumping phone queues and generally getting to speak to a representative/agent quickly:

http://www.videojug.com/film/how-to-hack-a-call-center-telephone-system
Posted by Bradley at 12/14/2011 09:08:00 PM 0 comments
Labels: , , , , , , ,

Monday, November 21, 2011

Creating a WinPE 3.1 USB

WinPE 3.1 is a MS toolkit for deploying images. (Version 3.1 supports upto Win 7 SP1)
These steps will create a a Windows PE 3.1 Bootable USB with imagex.exe integrated.
imagex.exe will be use to "capture" and "deploy images on machines.

1) Download and install Windows AIK 3.0 (Windows 7) or Windows AIK 3.1 (Windows 7 SP1)
2) Extract Windows AIK 3.1 iso file.
3) Insall AIK 3.1 with the following command. You need to run this in a elevated promp
"xcopy E:\ "C:\Program Files\Windows AIK\Tools\PETools" /ERDY"
where E:\ is the root directory of the ISO image.

4) Follow step 1 & 2 to prepare for a custom WinPE image here.
5) Follow step 3 in the MS doc to add the "WinPE-WDS-Tools" component. This will install the images.exe utility in your WinPE image.
6) Follow step 6 in the MS doc to unmount the image.
7) Follow step 3 in this MS doc to create a WinPE bootable USB.

Capture an image:
1) Boot the computer into the WinPE environment with the WinPE USB you created.
2) run this command: images.exe /capture /compress max "image name"

Deploy an image:
1) Boot the computer into the WinPE environment with the WinPE USB you created.
2) run diskpart.exe to configure your disk partitions and assign drive letter:
diskpart
select disk 0
clean
create primary partition
format quick fs=ntfs
active
assign letter="c"
exit
3) apply the image using imagex.exe: imagex.exe /apply 1 c:
4) setup the system partition for booting: bcdboot.exe c:\Windows





Posted by at 11/21/2011 06:50:00 PM 0 comments

Sunday, July 31, 2011

Checking RAM Speed, Size and other BIOS information

I find myself looking for RAM speed and size quite often at my current workplace. A useful tool included in some flavours of linux is the dmidecode command which will dump a computers DMI table (SMBIOS) to human-readable format. I also gives a ton of other useful information about the BIOS and hardware.

sudo dmidecode --type 17

Also, take a look at this resource site for more information about this BIOS decoding utility and a reference table for what "type" = what hardware or information: http://www.cyberciti.biz/tips/querying-dumping-bios-from-linux-command-prompt.html
Posted by Bradley at 7/31/2011 10:02:00 AM 0 comments
Labels: , , , , , , ,

Wednesday, July 27, 2011

IOS Harden Template

Here's a template I use for Cisco IOS routers. These are basic security best practices for IOS relating to access authentication, logging, system and IP stack tuning to harden IOS. Not included are ACLs and CABAC firewall configs (saving that for another post)

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber

boot-start-marker
warm-reboot count 50
boot-end-marker
!
logging buffered 64000 debugging
no logging console

aaa new-model
aaa authentication login default local
aaa authorization exec default local
!****remember to set a user*****

clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
no ip gratuitous-arps
ip options drop
ip cef
ip tcp synwait-time 10


ip dhcp bootp ignore
no ip bootp server
ip port-map ssh port tcp

login block-for 120 attempts 5 within 60
login delay 3
login on-failure log
login on-success log


memory reserve critical 2048
memory free low-watermark processor 4096
memory free low-watermark IO 4096


archive
log config
logging enable
hidekeys

ip tcp path-mtu-discovery

hostname
ip domain name
crypto key generate rsa modulus 4096
ip ssh time-out 60
ip ssh port rotary 1
ip ssh version 2

buffers tune automatic

!int interface
!--- bandwidth
!--- ip verify unicast source reachable-via rx
!--- no ip redirects
!--- no ip proxy-arp
!--- ip route-cache flow

no ip forward-protocol nd
no ip http server
no ip http secure-server

logging history size 500
no cdp run

banner login ^C
******************************************
* Unauthorized access prohibited
******************************************
^C

line con 0
no modem enable
line aux 0
exec-timeout 0 1
no exec
transport output none
line vty 0 4
exec-timeout 10
logging synchronous
rotary 1
transport preferred none
transport input ssh

! Use interval only if allocate isn't supported
scheduler allocate 3000 1000
!scheduler interval 1000
Posted by at 7/27/2011 12:33:00 AM 0 comments
Labels: , , ,

Thursday, June 9, 2011

Periodic Table of Videos


Recently I've been watching some interesting videos describing the common/interesting properties of many of the elements. Normally I wouldn't be so inclined as to look at them on a whim but this great site explains each element in a video and gives you some insight into common properties, uses, and molecular structure of each element or compound.

You can find the videos here http://www.periodicvideos.com/index.htm the site has been recognized by Science Magazine and won the Science Prize for Online Resources in Education (SPORE) to which I believe is well deserved.

Definitely something people interested in science or more specifically chemistry should check out
Posted by Bradley at 6/09/2011 08:31:00 AM 0 comments
Labels: , , , , , , , , ,

Wednesday, June 8, 2011

Media Centre Black Levels


Some of you may have noticed that the black levels in media centre end up looking a bit grey.

The main reason for this is that Windows intended for media centre to be used on a television monitor which only supports black levels from 16-235. So if you are viewing Media Centre on a computer LCD display which generally support 0-255 black levels you are definitely missing out on some of you blacks and thus lacking quite a bit of contrast in your picture.

I found the solution to the issue at the following website http://www.hack7mc.com/2009/06/fixing-media-centers-poor-black-levels.html which provides a registry edit for Media Centre to change your black levels to 0-255 to give you the full amount of black levels that your monitor supports.

Another option that would be available might be through your video card. Sometimes you will be able to set permanent black levels that will hold for every application you open via your video card settings console.

For example you can change your black level settings from older versions of Catalyst Control Center through some of the display options. You can see instructions on how to do that from the following forum post http://www.avforums.com/forums/home-entertainment-pcs/1372169-guide-how-upscale-dvds-video-using-catalyst-control-centre.html or just reference the following screenshot and find your way there visually :P

Posted by Bradley at 6/08/2011 04:06:00 PM 0 comments
Labels: , , , , , , , , , ,

Sunday, May 1, 2011

Debugging Over Remote SSH Connections (Cisco)

Terminal monitor - Enables you to display debug and system error messages on the console line through remote connections
Posted by Bradley at 5/01/2011 10:57:00 PM 0 comments
Labels: , , , , , , ,
Subscribe to: Posts (Atom)