Posts made by Romo

@JasGot why doesn't PJSIP work on them? They should really register just fine using PJSIP. SIP is not supposed to be really anymore on asterisk based systems, its deprecated.

Congrats @EddieJennings

@skyetel By North America only you mean Canada/US/Mexico or just Canada/US?

@wrcombs Classful networking was replaced with CIDR- Classless Inter-Domain Routing, which basically allows you to subnet your network to whatever size you want without really taking into consideration the specific IP ranges that where used before for subnett classes before.

So as you mention, it is totally find today to use the 10.X.X.X and subnet it to only have 254 hosts in the network when using a 255.255.255.0 mask if that is what you require for network.

@syko24 One way audio is a NAT issue, it wouldnt be related to to ISO at all.

Happy Birthday @scottalanmiller !!

@Dashrender The default is Enable Pre-Dial checked.

Try disabling the Predial Feature - Phone Settings -> Features -> Enable Pre-Dial.

They do have the posibility to modify the time to send the call after dialing, i am away from my computer currently but if no else replies before I get back i will get you the screenshot of where the setting is.

Pretty severe so patch up your systems everyone.

Release Date:
January 26, 2021

Summary:
A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug.

Sudo versions affected:
Sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1 are affected.

CVE ID:
This vulnerability has been assigned CVE-2021-3156 in the Common Vulnerabilities and Exposures database.
Details:
When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy (which doesn't expect the escape characters) if the command is being run in shell mode.
A bug in the code that removes the escape characters will read beyond the last character of a string if it ends with an unescaped backslash character. Under normal circumstances, this bug would be harmless since sudo has escaped all the backslashes in the command's arguments. However, due to a different bug, this time in the command line parsing code, it is possible to run sudoedit with either the -s or -i options, setting a flag that indicates shell mode is enabled. Because a command is not actually being run, sudo does not escape special characters. Finally, the code that decides whether to remove the escape characters did not check whether a command is actually being run, just that the shell flag is set. This inconsistency is what makes the bug exploitable.

For more information, see The Qualys advisory.

Impact:
A local user may be able to exploit sudo to elevate privileges to root as long as the sudoers file (usually /etc/sudoers) is present.

Workaround:
None. Sudo version 1.9.5p2 or a patched vendor-supported version must be installed.

https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

https://www.sudo.ws/alerts/unescape_overflow.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156

@hobbit666 You mean issues talking about the whole controller or using the api clients? The api clients where not meant to be used directly in the controller.

My personale controller is still on Debian 9, and my desktop is Kubuntu 20.04, this is where I connected from using unificontrol

Community effort, but you can also find the several api endpoints directly from https://ubntwiki.com/products/software/unifi-controller/api, if you dont want to use any sort of client and just want the json directly.

List all your sites
/api/self/sites

List all devices from a specific site
/api/s/SITE_NAME/stat/device

@hobbit666 said in Unifi AP Export:

Does Any one know of a easy way to get a list of all AP's and their IP address from a unifi controller?

Or care to give me a tutorial on how if not simple

You are going to need to use an api client most likely to get the info out, https://github.com/Art-of-WiFi/
Unifi-Api-Browser: https://unificontrol.readthedocs.io/en/latest/index.html
Unifi-Api-Client: https://github.com/Art-of-WiFi/UniFi-API-client

You can use the Api Browser which is a php site to get your json list of all the devices and then parse it yourself into a csv, or use the client directly to get the values you want.

I also use https://unificontrol.readthedocs.io/en/latest/index.html which is a python3 version based on the work of hte Unifi-Api-Client above listed, and just get the values I want with it.

This just getting the list of devices from the default site, but you could go through all your sites and get all devices

import ssl
 import unificontrol
client = unificontrol.UnifiClient(host="UNIFI_CONTROLLER",username="UNIFI_CONTROLLER_USERNAME",password="UNIFI_CONTROLLER_PASSWORD",site="default",cert=cert)
devices = client.list_devices()
 
for i in range(len(devices)):
...   print ("Name,IP")
...   print (devices[i].get('name') + "," + devices[i].get('ip'))
... 
# Results
Name,IP
G&G Main Room,10.10.10.101
>>> 

Left column is Skyetel and right column is our pbx, this is a call from an internal extension to our external number

As you can see in the image, RTP packets stay in our pbx side, skyetel is not involved in the audio path.

@Dashrender The Synchronization service manager application logs dont show the "sync" that the azure logs show sending the disable account change, but azure does show this "sync", the Actiion Client Name is Directory Sync as well

What I cant seem to find, is where this disabled account value is coming from if AD is showing the account as active and enabled.

@scottalanmiller said in User Account getting disabled in Azure:

Could there be something automated trying to log in over and over again with a bad password?

No signint attempts during the weekend, interactive or uninterective where logged int the azure logs, but the account still kept getting disabled and enabled by sync or something.

@dbeato No signing attempts at all during the weekend, but the account is still getting disabled and enabled on its own as shown in the azure audit logs.

@dbeato Targeted?

@Romo said in User Account getting disabled in Azure:

BadLogonCount : 0
badPasswordTime : 132526283882223437
badPwdCount : 0

Shouldn't the BadLogonCount raise if bad passwords were tried?

@dbeato Imgur not working apparently couldn't load the other image.