Very happy and proud to share with all of you guys a picture a my new born girl, Dania.

Didn't find a how to on the subject in Mangolassi and we were discussing about it in another thread so I decided to create one.

I started with a CentOS 7.2 minimal install:

-All commands were run as root.
-Installing the packages needed.
yum install samba samba-client samba-common firewalld

-Enabling and starting firewalld
systemctl enable firewalld
systemctl start firewalld

-Changing to the samba directory, making a backup of the original file and creating a master file which will be turned into our smb.conf file with testparm -s.
cd /etc/samba/
mv smb.conf smb.conf.bak
cp smb.conf.bak smb.conf.master
vi smb.conf.master

-While editing our file, in the global parameters we need to add the map to guest = Bad User option and then define our share:

[sharename]
    path = /chosen/path
    read only = No
    guest ok = Yes
    browseable = Yes 
    public = Yes

-Testing our smb.conf.master file for errors and create smb.conf file if none are found.
testparm -s smb.conf.master > smb.conf

The final file should look something like this.

[global]
    workgroup = MYGROUP
    server string = Samba Server Version %v
    security = USER
    map to guest = Bad User
    log file = /var/log/samba/log.%m
    max log size = 50
    idmap config * : backend = tdb
    cups options = raw

# User defined share 
[public]
    path = /home/public
    read only = No
    guest ok = Yes
    browseable = Yes 
    public = Yes

No we need to create our share in our filesystem, taking careful consideration of what path we specified in our smb.conf file. In this case I choose to create my share inside home and give it a name of public.
cd /home
mkdir public

We change the owner of the folder and its permissions:
chown nobody:nobody public/
chmod 777 public/

Enabling the needed services and starting them.
systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service

Allowing samba through our firewall.
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload

And finally getting SELinux to allow clients to access the share.
setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
getsebool –a | grep samba_export
yum install policycoreutils-python
semanage fcontext –at samba_share_t "/home/public(/.*)?"
restorecon /home/public

You should have a writable anonymous share that can be accessed from your Windows Clients.

** Edit
Checking the ip address of my samba host
ip addr show

[[email protected] ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:9f:69:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global enp0s3
   valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe9f:69b6/64 scope link
   valid_lft forever preferred_lft forever

The ip address of my samba host is 192.168.1.100. Now we can access the share from our windows pc using \\192.168.1.100\public

• Verifying our samba share exists in our server

  [[email protected] ~]# smbclient -L 192.168.1.100
  Enter root's password:
  Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
  
    Sharename       Type      Comment
    ---------       ----      -------
    public          Disk
    IPC$            IPC       IPC Service (Samba Server Version 4.2.10)
  
  Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
  
    Server               Comment
    ---------            -------
    LOCALHOST            Samba Server Version 4.2.10
  
    Workgroup            Master
    ---------            -------
    MYGROUP              LOCALHOST
    WORKGROUP            TECHNICOLOR
  

-We can see samba properly shows our share, it is indeed named public as per our smb.conf file.

-No we can mount our share in windows

-Using \\192.168.1.100\public to connect to share

Our share is now properly mounted and available in our Windows PC.

Just finished setting up 60 new linux machines for work.

Downloading the starwind-v8.exe to our Hyper-V host.

wget "https://url.to.your/file"  -outfile "starwind-v8.exe"

Believe it or not windows sorta has wget, I was not expecting that!!! It really is an alias for Invoke-WebRequest but nevertheless its great having something similiar availble.

After the download has finalized, just execute the .exe and the tipical windows install gui will pop up.

.\starwind-v8.exe

No management console install option available since this is a no gui server.

Since I found out about virtualization I discovered I could always have a lab.

Returning to work after my paternity leave, by the way thank you to everyone sending best wishes for my daughters birth. I didn't have much time to get online last couple of days and respond each one and the notifications have blown up and I can't even see them.

All steps must be executed on powershell with administrator permissions and ran on target computers as well as connection initiator computers.

---

Enabling PS Remoting

Enable-PSRemoting -Force 

Since this a workgroup setup, we need to configure the TrustedHosts settings on the computers in order to establish proper trusts.

// if we trust the local lan completely
Set-Item wsman:\localhost\client\trustedhosts *

// Enabling access to specific hosts via hostname or ip address just pass a comma separated list of hosts 
Set-Item wsman:\localhost\client\trustedhosts 'hostname1, hostname2 , ipaddress1'

Restart the WinRM server to make changes take effect

Restart-Service WinRM

Accessing a remote PS Session

Enter-PSSession -ComputerName  yourTargetHost -Credential yourUser

After inserting your credentials the session should be ready! =)

Now that I have some free time, I'll give you a simple example of some of the things you can do using pandas.

Our dataset will be all the posts in this topic, scraped and saved into an excel file.

DATASET : pandas-test.xslx

I am going to be using a Jupyter notebook just to make the output clearer.

$ import pandas
$ pandas.read_excel('pandas-test.xlsx')

That is the whole spreadsheet read and basically printed out, but we can't work with that. We need to read the file into a variable and start working with it.

# Reading the file to variable df
$ df = pandas.read_excel('pandas-test.xlsx')

# Printing how many rows and column in the file (rows,columns)
$ df.shape
(11,4)

# Printing the column names
$ df.columns
Index(['Date', 'Time ', 'User', 'Post'], dtype='object')

Only extracting columns - Date and User

$ df[['Date', 'User']]

Lets check how many posts per day

$ df.groupby(['Date'])['User'].count()

Now lets check by day and time

$ df.groupby(['Date', 'Time ']).count()

---

Lets filter only your posts and create a new csv file based on the data found.

$ subset = df.loc[df['User']=='Lakshmana']

Create a csv file only containing your posts

$ subset.to_csv('Lakshmana-posts.csv')

Final results your new csv file with your posts filtered out.

Lakshmana-posts.csv

---

EDIT: Just if you need it, an example of filtering by date and user

So when can I learn how to program printers during my internship, I MUST have this knowledge.

@Minion-Queen said in Looking for Highshool IT Intern:

No they really aren't just need to actually want to be involved and actually do it.

If age is not a problem, I would really love to intern for you guys.

I have never been an intern =), in Mexico or at least in my state we are required by our Universities to do "servicio social" and/or "prácticas profesionales". If we get lucky they sometimes can be like one of your internships I guess, but most of the time we are doing them in a unrelated area, being treated as free labor (no proper learning experience), turned into the copy/coffee boy/girl or many just pay to get someone to sign their required reports because you work and don't have time for school, work and servicio social.

I was actually a soccer player that was my paying job from age 13 to 25, so I started pretty late working in IT. I didn't get to have a proper internship (didn't have time my job gave me almost no free time) and my University knowledge wise was really just a waste of time as @scottalanmiller knows.

I am the sole IT generalist of my current job, I manage a main office with 20 users in a Windows 2008 domain and a remote office with 10 regular users and a small 60 seat call center with 10 of those computers running Ubuntu Mate 15.10, computers are pretty basic only 1gb Of ram we get much better performance with Linux than the windows pcs and we really only use Web Apps so I hope I can migrate the rest to Linux soon.

Main and remote offices both have kvm vm hosts with md raid 10 on HP ML110 G7 (really envy everyone who gets to play with bigger and proper servers). Small number of vms, AD and file servers, Linux jump boxes with zero tier and Elastix 2.5 vm for IT department (only me) communication (hate our Panasonic and Alcatel pbxs) .Both offices have pfsense firewalls as their default gateways connected with 200/200 Internet providers.

Basically I am a self learner who really loves IT and Linux. I am eager to keep on learning and building my career in IT. I truly believe being an intern in Ntg would be a great opportunity to advance my knowledge and have some great mentoring. I would really liked to be considered for the position =).

Happy Birthday @scottalanmiller !!

@Dashrender The default is Enable Pre-Dial checked.

Try disabling the Predial Feature - Phone Settings -> Features -> Enable Pre-Dial.

They do have the posibility to modify the time to send the call after dialing, i am away from my computer currently but if no else replies before I get back i will get you the screenshot of where the setting is.

Pretty severe so patch up your systems everyone.

Release Date:
January 26, 2021

Summary:
A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug.

Sudo versions affected:
Sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1 are affected.

CVE ID:
This vulnerability has been assigned CVE-2021-3156 in the Common Vulnerabilities and Exposures database.
Details:
When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy (which doesn't expect the escape characters) if the command is being run in shell mode.
A bug in the code that removes the escape characters will read beyond the last character of a string if it ends with an unescaped backslash character. Under normal circumstances, this bug would be harmless since sudo has escaped all the backslashes in the command's arguments. However, due to a different bug, this time in the command line parsing code, it is possible to run sudoedit with either the -s or -i options, setting a flag that indicates shell mode is enabled. Because a command is not actually being run, sudo does not escape special characters. Finally, the code that decides whether to remove the escape characters did not check whether a command is actually being run, just that the shell flag is set. This inconsistency is what makes the bug exploitable.

For more information, see The Qualys advisory.

Impact:
A local user may be able to exploit sudo to elevate privileges to root as long as the sudoers file (usually /etc/sudoers) is present.

Workaround:
None. Sudo version 1.9.5p2 or a patched vendor-supported version must be installed.

https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

https://www.sudo.ws/alerts/unescape_overflow.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156

@hobbit666 You mean issues talking about the whole controller or using the api clients? The api clients where not meant to be used directly in the controller.

My personale controller is still on Debian 9, and my desktop is Kubuntu 20.04, this is where I connected from using unificontrol

Community effort, but you can also find the several api endpoints directly from https://ubntwiki.com/products/software/unifi-controller/api, if you dont want to use any sort of client and just want the json directly.

List all your sites
/api/self/sites

List all devices from a specific site
/api/s/SITE_NAME/stat/device

@hobbit666 said in Unifi AP Export:

Does Any one know of a easy way to get a list of all AP's and their IP address from a unifi controller?

Or care to give me a tutorial on how if not simple :)

You are going to need to use an api client most likely to get the info out, https://github.com/Art-of-WiFi/
Unifi-Api-Browser: https://unificontrol.readthedocs.io/en/latest/index.html
Unifi-Api-Client: https://github.com/Art-of-WiFi/UniFi-API-client

You can use the Api Browser which is a php site to get your json list of all the devices and then parse it yourself into a csv, or use the client directly to get the values you want.

I also use https://unificontrol.readthedocs.io/en/latest/index.html which is a python3 version based on the work of hte Unifi-Api-Client above listed, and just get the values I want with it.

This just getting the list of devices from the default site, but you could go through all your sites and get all devices

import ssl
 import unificontrol
client = unificontrol.UnifiClient(host="UNIFI_CONTROLLER",username="UNIFI_CONTROLLER_USERNAME",password="UNIFI_CONTROLLER_PASSWORD",site="default",cert=cert)
devices = client.list_devices()
 
for i in range(len(devices)):
...   print ("Name,IP")
...   print (devices[i].get('name') + "," + devices[i].get('ip'))
... 
# Results
Name,IP
G&G Main Room,10.10.10.101
>>> 

Left column is Skyetel and right column is our pbx, this is a call from an internal extension to our external number

As you can see in the image, RTP packets stay in our pbx side, skyetel is not involved in the audio path.