One common attack on SSH service is brute force attacks where a remote attacker indefinitely attempts to log in with different passwords. Of course there are arguments against password authentication for SSH, and alternative authentication mechanisms such as public key authentication or two-factor authentication exist to obsolete such attacks. Putting aside pros and cons of …Continue reading...
Depending upon the nature of investigations, timely forensic examinations normally can expedite the apprehension of suspects. The use of a triage tool can identify the most likely evidentiary data sources. Ideally, the relevant evidence should then be seamlessly exported and analyzed in-depth by another comprehensive forensic tool which can provide indexing and detailed analysis.
Our CenturyLink Cloud Chef workstation served from Vagrant on Hyper-V. Credit for the ascii art goes to Tim Shakarian (@tsh4k).
A few months back when I began doing a bunch of linux automation and was waiting for my company ordered machine to arrive, I was mostly working from my personal windows laptop and was fairly invested in Hyper-V as my hypervisor of choice. Both at work and at home I work off of a wireless connection. This has not been a problem running windows guests especially since windows 8.1. There were a few rough edges on windows 8 but those seem to have been smoothed over in 8.1.
So my first go of an Ubuntu 12.04 guest installed just fine and I could interact with it via a hyper-v console but I could not SSH to the guest. It was not being assigned an IP accessible from the outside.
I had difficulty finding good information about this on the net. This is probably because the scenario is not very popular. This issue does not occur if you are on a wired connection or if your guest is using a statically assigned IP. Anyhow, I thought I’d blog about the solution for the other five people who run into this.
Is only Ubuntu affected or are other linux distributions affected as well?
I’m not sure but it is very possible. Personally I ran into this on Ubuntu 12.04 and 14.04. I have found some reports that seem to indicate that this is due to some fundamental network configuration changes made to Ubuntu in v12. If you are experiencing similar symptoms under other distros or earlier Ubuntu versions, the solution reported here is certainly worth a shot and please comment if you can.
Why run linux on Hyper-V?
That’s a very fair question. It does seem that most folks running linux VMs on windows tend to use Virtual Box as their hypervisor. I’ve run Virtual Box quite a bit back on windows 7 and it worked great. Since Windows 8, hyper-v comes “in the box” on the professional and enterprise SKUs. I had become familiar with using hyper-v on windows server SKUs, liked it and also really liked the hyper-v powershell module that ships with powershell version 3 and above.
One thing to be aware of is that you cannot run Virtual Box and hyper-v concurrently on the same machine. However, there is a work around if you create a separate boot record for a “sans Hyper-V’' setup. Of coarse this means a reboot if you want to switch. More importantly though, I have found that if you later uninstall Virtual Box, your hyper-v install can become corrupted. This has happened to me twice. The first incident required a repave of my machine and the second I recovered from by restoring to a previous machine image. I don’t know…maybe I’m doing something wrong but that was my experience and hopefully your mileage will vary. Since I use hyper-v for some side projects, I prefer to keep Virtual Box off of my personal machine.
Use an internal virtual switch and enable internet connection sharing to its adapter
This, in short, is the solution. In other words, do not use an external switch. When you are on wifi, hyper-v will create a bridge between your wifi adapter and the adapter it creates for the external switch. I wont get into the details (because I do not know them), but the Ubuntu guest cannot obtain an IP from DHCP under this setup.
So if you do not have one already, create an internal virtual switch from the Hyper-V management interface.
You can keep your external one if you use it for other guests, they can coexist just fine. Configure your linux guest’s network adapter to use the internal switch.
Next go to the Networking and Sharing center and select Change adapter settings. Open the properties of the adapter supplying your internet. This will likely be your wifi adapter. However, if you already have and plan to keep an external switch, you will notice that the wifi adapter is bridged to a separate adapter named after your external switch. If that’s the case, that’s the adapter whose properties you want to select.
Once in the properties pane, select the “sharing” tab and check: Allow other network users to connect through this computer’s network connection.
If you have ,multiple adapters that this adapter could possibly share with, there will be a drop down option to choose. You can only share with one. If you only have one (in this case the adapter assigned to the internal switch) then there will be no drop down.
That’s it. You may need to restart the networking service but after doing so, it should get an IP and you can SSH to the guest using that.
The only residual fallout from this setup, and you may experience this regardless is that sometimes moving to a different network may require resetting one or more of your adapters. For example if you transport your laptop from a work network to a home network. Again, you may experience this even without this setup or you may not experience it at all. Its been rather hit and miss for me but I seem to bump into this more often under this setup.
"Note: Embedded systems may differ depending to their build systems(Buildroot, LinuxFromScratch, Yocto...) and/or they can use slightly different versions of well-known commands. Thus, you may need to change some parameters while using those commands. Since we are talking about BLIND COMMAND INJECTION you have to be sure that your injection command/binary is installed on your target. That's why it is a good practice to check your commands in all possible "bin" directories."
Check out our infographic to know the latest statistics and trends of Cyber Crime industry. By 2017, the global Cyber Security market is expected to skyrocket to $120.1 billion. The estimated annual cost over global cyber crime is 100 billion.
OphionLocker is supposedly the new ransomware on the block and is already being compared with sophisticated operations such as CryptoLocker and CryptoWall, so i decided to take a look and what I found is nothing short of hilarious.