Very happy and proud to share with all of you guys a picture a my new born girl, Dania.
Seeking for knowledge
Didn't find a how to on the subject in Mangolassi and we were discussing about it in another thread so I decided to create one.
I started with a CentOS 7.2 minimal install:
-All commands were run as root.
-Installing the packages needed.
yum install samba samba-client samba-common firewalld
-Enabling and starting firewalld
systemctl enable firewalld
systemctl start firewalld
-Changing to the samba directory, making a backup of the original file and creating a master file which will be turned into our smb.conf file with testparm -s.
mv smb.conf smb.conf.bak
cp smb.conf.bak smb.conf.master
-While editing our file, in the global parameters we need to add the
map to guest = Bad User option and then define our share:
[sharename] path = /chosen/path read only = No guest ok = Yes browseable = Yes public = Yes
-Testing our smb.conf.master file for errors and create smb.conf file if none are found.
testparm -s smb.conf.master > smb.conf
The final file should look something like this.
[global] workgroup = MYGROUP server string = Samba Server Version %v security = USER map to guest = Bad User log file = /var/log/samba/log.%m max log size = 50 idmap config * : backend = tdb cups options = raw # User defined share [public] path = /home/public read only = No guest ok = Yes browseable = Yes public = Yes
No we need to create our share in our filesystem, taking careful consideration of what path we specified in our smb.conf file. In this case I choose to create my share inside home and give it a name of public.
We change the owner of the folder and its permissions:
chown nobody:nobody public/
chmod 777 public/
Enabling the needed services and starting them.
systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service
Allowing samba through our firewall.
firewall-cmd --permanent --add-service=samba
And finally getting SELinux to allow clients to access the share.
setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
getsebool –a | grep samba_export
yum install policycoreutils-python
semanage fcontext –at samba_share_t "/home/public(/.*)?"
You should have a writable anonymous share that can be accessed from your Windows Clients.
Checking the ip address of my samba host
ip addr show
[[email protected] ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 08:00:27:9f:69:b6 brd ff:ff:ff:ff:ff:ff inet 192.168.1.100/24 brd 192.168.1.255 scope global enp0s3 valid_lft forever preferred_lft forever inet6 fe80::a00:27ff:fe9f:69b6/64 scope link valid_lft forever preferred_lft forever
The ip address of my samba host is
192.168.1.100. Now we can access the share from our windows pc using
Verifying our samba share exists in our server
[[email protected] ~]# smbclient -L 192.168.1.100 Enter root's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10] Sharename Type Comment --------- ---- ------- public Disk IPC$ IPC IPC Service (Samba Server Version 4.2.10) Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10] Server Comment --------- ------- LOCALHOST Samba Server Version 4.2.10 Workgroup Master --------- ------- MYGROUP LOCALHOST WORKGROUP TECHNICOLOR
-We can see samba properly shows our share, it is indeed named public as per our smb.conf file.
-No we can mount our share in windows
\\192.168.1.100\public to connect to share
Our share is now properly mounted and available in our Windows PC.
Downloading the starwind-v8.exe to our Hyper-V host.
wget "https://url.to.your/file" -outfile "starwind-v8.exe"
Believe it or not windows sorta has wget, I was not expecting that!!! It really is an alias for
Invoke-WebRequest but nevertheless its great having something similiar availble.
After the download has finalized, just execute the .exe and the tipical windows install gui will pop up.
No management console install option available since this is a no gui server.
Since I found out about virtualization I discovered I could always have a lab.
Returning to work after my paternity leave, by the way thank you to everyone sending best wishes for my daughters birth. I didn't have much time to get online last couple of days and respond each one and the notifications have blown up and I can't even see them.
All steps must be executed on powershell with administrator permissions and ran on target computers as well as connection initiator computers.
Enabling PS Remoting
Since this a workgroup setup, we need to configure the TrustedHosts settings on the computers in order to establish proper trusts.
// if we trust the local lan completely Set-Item wsman:\localhost\client\trustedhosts * // Enabling access to specific hosts via hostname or ip address just pass a comma separated list of hosts Set-Item wsman:\localhost\client\trustedhosts 'hostname1, hostname2 , ipaddress1'
Restart the WinRM server to make changes take effect
Accessing a remote PS Session
Enter-PSSession -ComputerName yourTargetHost -Credential yourUser
After inserting your credentials the session should be ready! =)
Now that I have some free time, I'll give you a simple example of some of the things you can do using pandas.
Our dataset will be all the posts in this topic, scraped and saved into an excel file.
DATASET : pandas-test.xslx
I am going to be using a Jupyter notebook just to make the output clearer.
$ import pandas $ pandas.read_excel('pandas-test.xlsx')
That is the whole spreadsheet read and basically printed out, but we can't work with that. We need to read the file into a variable and start working with it.
# Reading the file to variable df $ df = pandas.read_excel('pandas-test.xlsx') # Printing how many rows and column in the file (rows,columns) $ df.shape (11,4) # Printing the column names $ df.columns Index(['Date', 'Time ', 'User', 'Post'], dtype='object')
Only extracting columns - Date and User
$ df[['Date', 'User']]
Lets check how many posts per day
Now lets check by day and time
$ df.groupby(['Date', 'Time ']).count()
Lets filter only your posts and create a new csv file based on the data found.
$ subset = df.loc[df['User']=='Lakshmana']
Create a csv file only containing your posts
Final results your new csv file with your posts filtered out.
EDIT: Just if you need it, an example of filtering by date and user
No they really aren't just need to actually want to be involved and actually do it.
If age is not a problem, I would really love to intern for you guys.
I have never been an intern =), in Mexico or at least in my state we are required by our Universities to do "servicio social" and/or "prácticas profesionales". If we get lucky they sometimes can be like one of your internships I guess, but most of the time we are doing them in a unrelated area, being treated as free labor (no proper learning experience), turned into the copy/coffee boy/girl or many just pay to get someone to sign their required reports because you work and don't have time for school, work and servicio social.
I was actually a soccer player that was my paying job from age 13 to 25, so I started pretty late working in IT. I didn't get to have a proper internship (didn't have time my job gave me almost no free time) and my University knowledge wise was really just a waste of time as @scottalanmiller knows.
I am the sole IT generalist of my current job, I manage a main office with 20 users in a Windows 2008 domain and a remote office with 10 regular users and a small 60 seat call center with 10 of those computers running Ubuntu Mate 15.10, computers are pretty basic only 1gb Of ram we get much better performance with Linux than the windows pcs and we really only use Web Apps so I hope I can migrate the rest to Linux soon.
Main and remote offices both have kvm vm hosts with md raid 10 on HP ML110 G7 (really envy everyone who gets to play with bigger and proper servers). Small number of vms, AD and file servers, Linux jump boxes with zero tier and Elastix 2.5 vm for IT department (only me) communication (hate our Panasonic and Alcatel pbxs) .Both offices have pfsense firewalls as their default gateways connected with 200/200 Internet providers.
Basically I am a self learner who really loves IT and Linux. I am eager to keep on learning and building my career in IT. I truly believe being an intern in Ntg would be a great opportunity to advance my knowledge and have some great mentoring. I would really liked to be considered for the position =).
Pretty severe so patch up your systems everyone.
January 26, 2021
A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug.
Sudo versions affected:
Sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1 are affected.
This vulnerability has been assigned CVE-2021-3156 in the Common Vulnerabilities and Exposures database.
When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy (which doesn't expect the escape characters) if the command is being run in shell mode.
A bug in the code that removes the escape characters will read beyond the last character of a string if it ends with an unescaped backslash character. Under normal circumstances, this bug would be harmless since sudo has escaped all the backslashes in the command's arguments. However, due to a different bug, this time in the command line parsing code, it is possible to run sudoedit with either the -s or -i options, setting a flag that indicates shell mode is enabled. Because a command is not actually being run, sudo does not escape special characters. Finally, the code that decides whether to remove the escape characters did not check whether a command is actually being run, just that the shell flag is set. This inconsistency is what makes the bug exploitable.
For more information, see The Qualys advisory.
A local user may be able to exploit sudo to elevate privileges to root as long as the sudoers file (usually /etc/sudoers) is present.
None. Sudo version 1.9.5p2 or a patched vendor-supported version must be installed.
@hobbit666 You mean issues talking about the whole controller or using the api clients? The api clients where not meant to be used directly in the controller.
My personale controller is still on Debian 9, and my desktop is Kubuntu 20.04, this is where I connected from using unificontrol
Community effort, but you can also find the several api endpoints directly from https://ubntwiki.com/products/software/unifi-controller/api, if you dont want to use any sort of client and just want the json directly.
List all your sites /api/self/sites List all devices from a specific site /api/s/SITE_NAME/stat/device
Does Any one know of a easy way to get a list of all AP's and their IP address from a unifi controller?
Or care to give me a tutorial on how if not simple :)
You are going to need to use an api client most likely to get the info out, https://github.com/Art-of-WiFi/
You can use the Api Browser which is a php site to get your json list of all the devices and then parse it yourself into a csv, or use the client directly to get the values you want.
I also use https://unificontrol.readthedocs.io/en/latest/index.html which is a python3 version based on the work of hte Unifi-Api-Client above listed, and just get the values I want with it.
This just getting the list of devices from the default site, but you could go through all your sites and get all devices
import ssl import unificontrol client = unificontrol.UnifiClient(host="UNIFI_CONTROLLER",username="UNIFI_CONTROLLER_USERNAME",password="UNIFI_CONTROLLER_PASSWORD",site="default",cert=cert) devices = client.list_devices() for i in range(len(devices)): ... print ("Name,IP") ... print (devices[i].get('name') + "," + devices[i].get('ip')) ... # Results Name,IP G&G Main Room,10.10.10.101 >>>
Left column is Skyetel and right column is our pbx, this is a call from an internal extension to our external number
As you can see in the image, RTP packets stay in our pbx side, skyetel is not involved in the audio path.