msgbartop
MAC OS X, Linux, Windows and other IT Tips and Tricks
msgbarbottom

22 Oct 16 Reset Administrator password in Windows XP

Reference URL: http://ccm.net/faq/8228-how-to-recover-windows-xp-admin-password

Steps:

Recover Windows XP Administrative Password
The first step in recovering your Windows XP password is to reboot your computer in safe mode. You can do this by restarting your computer and repeatedly pressing F8 as the computer loads. Once in safe mode, click on Start > Run. In the box that opens, type:
control userpasswords2
You will now have access to all user accounts, including that of the administrator. To reset the admin password, click on the Admin user account, followed by Reset Password. Enter a new password into the New password field and then confirm it. Save your new password by clicking OK.

Alternative

Taken from: http://ccm.net/forum/affich-57873-no-xp-pro-disc-and-lost-admin-password#q=how+to+retrieve+windows+xp+password+administrator&cur=4&url=%2F

Steps:

This method just worked completely for me, I am now operating windows in normal mode and happy to of impressed myself, lol! I decided to post this method in PLAIN ENGLISH, for those of us less computer savvy.

1. when windows is starting up press F8 (I had to attempt this a few times till I got it right, when I continuously hit the F8 key as fast as I could it worked, but you must begin hitting it as soon as windows begins to load)

2. (This will take you into a screen where windows lists different settings you can choose, as to how you want windows to run. I used the arrow keys on my keyboard, and selected safe mode)
select SAFE MODE

3. (for user name, type the word) administrator

4. (no password should be needed, so then press) enter

5.(windows should then load in safe mode. access the control panel by doing the following);
click start , control panel , user accounts

6. once in user accounts, find the name of the account that you need the password for, and
click on that account ,
then click on the option to remove the password for that account
THAT ACCOUNT IS NOW PASSWORD FREE !!!!

7. restart windows in normal mode and log in!

I also then managed to create (recreate) a password for that account as well, and then I created a guest account too!

09 Mar 16 Testing SSL Connections with SSLyze, Nmap or OpenSSL

Introduction:
OpenSSL is a great tool to check SSL connections to servers. The difficulty here is when one want a full scan of all possible SSL Cyphers and protocols used by a server. That is where SSLyze comes in handy. This tool is a Python script which will scan the target host/port for SSL handshake and report what works/support and what not. Unfortunately this lovely tool is not included in the Ubuntu/Debian distributions, and this is where this post comes handy.

IMPORTANT: Besides executing all the tests below one thing very important (as noted in the This link) is to upgrade OpenSSL to the latest version as follows:
OpenSSL 1.0.2 users should upgrade to 1.0.2g
OpenSSL 1.0.1 users should upgrade to 1.0.1s

SSLyze

Installing the dependencies and tool
cd /root/bin
wget https://github.com/nabla-c0d3/sslyze/archive/0.13.4.tar.gz
tar fvxz 0.13.4.tar.gz
apt-get install python-pip python-dev
pip install nassl

Using SSLyze
python /root/bin/sslyze-0.13.4/sslyze_cli.py --regular www.itmatrix.eu:443

NMAP

Scanning the full server for weaknesses including weak SSL Versions using NMAP.
Note: This operation can take a long time to execute.
apt-get install nmap
nmap -sV -sC www.itmatrix.eu

OR better(for checking the HTTPS,SMTPS,IMAPS,POP3S)
nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 www.itmatrix.eu

OpenSSL

Checking the SSL connection with OpenSSL
echo 'q' | openssl s_client -host www.itmatrix.eu -port 443
Note: In this above case since the SSLv2 support is normally disabled for OpenSSL in Debian/Ubuntu distributions, you will not be able to see if the server is supporting it. To overcome this and enable SSLv2 support(for your testing Linux) then follow the instructions in this site:
http://www.hackwhackandsmack.com/?p=46

NOTE:
For more information regarding protection against DROWN(SSLv2) or POODLE(SSLv3) attacks see:
https://drownattack.com
http://www.softwaresecured.com/2016/03/01/how-to-confirm-whether-you-are-vulnerable-to-the-drown-attack/
http://www.mogilowski.net/lang/de-de/2014/10/23/disabling-sslv3-for-poodle-on-debian/
https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_%28OTG-CRYPST-001%29
https://zmap.io/sslv3/

04 Jun 15 Can’t connect to VSFTPD with Filezilla

Problem:
Because of some incompatibility of the default use of cyphers in VSFTPD FileZilla cannot connect to it.

Solution:
Edit the VSFTPD configuration file /etc/vsftpd.conf and add the following directive:
ssl_ciphers=HIGH

Restart VSFTPD server and use the default settings for new FTP connection with incryption of ‘explicit FTP over TLS’.

26 Mar 12 VPN Server and clients HOW-TO

Hi Folks, there are a lot of VPN howtos out there and here I am making one more. Well if the format I’m putting it in helps for some of you to install your VPN, great. That is all I’m wishing for, and besides because I have a very short memory every time I discover something I make a note of it and this Blog is one of those notes as reminder for myself as well.

Note: I will not go into explaining much of what I list here. Sometimes I add comments but it’s the minimum.

Installing OpenVPN

Installing the packages

apt-get update
apt-get upgrade --show-upgraded
apt-get install openvpn udev

For Debian Squeeze/Wheezy
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
For Debian Jessie, follow the instructions in the following HowTo:
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8

In order that the service starts properly at boot time:
Edit the file: /etc/init.d/openvpn and change the file headers:
DELETE the lines:
# Should-Start: network-manager
# Should-Stop: network-manager

Adapt the values at the bottom of the FILE:
mcedit /etc/openvpn/easy-rsa/2.0/vars
eg.
export KEY_COUNTRY="DE"
export KEY_PROVINCE="Berlin"
export KEY_CITY="Berlin"
export KEY_ORG="MyORG"
export KEY_EMAIL="myname@myorg.com"

Initialize the Public Key Infrastructure (PKI)
Issue the following commands to create the CA and Public Key infrastructure:
cd /etc/openvpn/easy-rsa/2.0/
. /etc/openvpn/easy-rsa/2.0/vars
. /etc/openvpn/easy-rsa/2.0/clean-all
. /etc/openvpn/easy-rsa/2.0/build-ca

Generate Certificates and Private Keys
. /etc/openvpn/easy-rsa/2.0/build-key-server server
(Answer all question as appropriate)

Generate Diffie Hellman Parameters(for controlling method of key exchange)
. /etc/openvpn/easy-rsa/2.0/build-dh

The keys and certificates for the server need to be relocated to the /etc/openvpn directory so the OpenVPN server process can access them.
The commands are:
cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt /etc/openvpn/
cp /etc/openvpn/easy-rsa/2.0/keys/ca.key /etc/openvpn/
cp /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem /etc/openvpn/
cp /etc/openvpn/easy-rsa/2.0/keys/server.crt /etc/openvpn/
cp /etc/openvpn/easy-rsa/2.0/keys/server.key /etc/openvpn/

OPTIONAL:
Note: If you need to remove a user’s access to the VPN server, issue the following command sequence.
This will prevent the ‘client1‘ from connecting to your vpn server any further.
. /etc/openvpn/easy-rsa/2.0/vars
. /etc/openvpn/easy-rsa/2.0/revoke-full client1

Configure the Virtual Private Network (using example files as s start)
cd /usr/share/doc/openvpn/examples/sample-config-files
gunzip -d server.conf.gz
cp server.conf /etc/openvpn/
cp client.conf ~/
cd ~/

Edit the config file: /etc/openvpn/server.conf and make sure only the following parameters are active.
(modify the parameters as suited for your environment, eg. ca,cert,key,server)
To verify afterwards just run the command:
egrep -v '^#|^;|^$' /etc/openvpn/server.conf
and you should get the following (except for the environment dependent values)

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key < <............ This file should be kept secret dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt client-to-client <<............. Allows VPN clients to communicate between each other keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3

Start the VPN server
service openvpn restart
Verify that the VPN network interface has been created:
ifconfig tun0
Important Note:
Make sure your firewall doesn’t block the port 1194 for access from Internet.

Creating new Client Certificates:

Note:
The following steps will need to be done for each VPN client machine:

ON VPN SERVER

Using the now generated private key, generate client certificates:
(replace ‘client1‘ be the name of your client..without spaces)
cd /etc/openvpn/easy-rsa/2.0/
source ./vars
. /etc/openvpn/easy-rsa/2.0/build-key client1

Transfer the keys/certificates from the server to the clients machines ) if they are Linux with SSH running:
(Commands done on the server)
Copy ctertificate,ca and key to client machine:
ssh remote_server mkdir -p /etc/openvpn
scp /etc/openvpn/easy-rsa/2.0/keys/ca.crt root@remote_client:/etc/openvpn/
scp /etc/openvpn/easy-rsa/2.0/keys/client1.crt root@remote_client:/etc/openvpn/
scp /etc/openvpn/easy-rsa/2.0/keys/client1.key root@remote_client:/etc/openvpn/

Note: To be able to connect to the server with multiple clients at the same time with the same client certificate, add the following server start argument in:
File: /etc/default/openvpn
OPTARGS=" --duplicate-cn "

ON LINUX VPN CLIENTS:

Client configuration on Ubuntu 11.10

apt-get install openvpn network-manager-openvpn
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
Edit the file /etc/openvpn/client.conf and make sure only the following parameters are active.
(modify the parameters as suited for your environment, eg. ca,cert,key,remote)
To verify afterwards just run the command:
egrep -v '^#|^;|^$' /etc/openvpn/client.conf
and you should get the following (except for the environment dependent values)
client
dev tun
proto udp
remote www.itmatrix.eu 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/ubuntu1110.crt
key /etc/openvpn/ubuntu1110.key
ns-cert-type server
comp-lzo
verb 3

– Open a terminal/console, we need to create a new Key and certificate for this new VPN client
– Connect to the VPN server and ‘root’ using the ssh command: eg ssh root@host.myvpn.com
– Run the following comands:
cd /etc/openvpn/easy-rsa/2.0/
source ./vars
. /etc/openvpn/easy-rsa/2.0/build-key ubuntu1110

– Answer the questions, Forget the optionnal questions(just press enter)
type yes when asked to sign the certificate.
Now we have created a new certificate for this ubuntu1110 client
– Logoff ssh (‘exit’ command)

– (back into our desktop terminal) run the following commands:
sudo su -
mkdir -p /etc/openvpn/
scp root@host.myvpn.com:/etc/openvpn/easy-rsa/2.0/keys/ubuntu1110.* /etc/openvpn/
scp root@host.myvpn.com:/etc/openvpn/easy-rsa/2.0/keys/ca.crt /etc/openvpn/

Temporarily making the private key readable be the Ubuntu user for configuration
cd /etc/openvpn/
chmod 644 ubuntu1110.key
chown user:group ubuntu1110.* ca.crt

(user:group = user and group of the graphic interface)
– Now we should have 3 certificate files transferred into the OpenVPN config directory on the client machine

Connecting to the VPN server from client

Using the Linux command line

Start the VPN tunnel:
openvpn --config /etc/openvpn/client.conf & disown %1
Check the interface of the VPN tunnel:
ifconfig tun0

Finding out the IP of the Remote VPN Server (using the normal Internet way):
ssh root@vpnserver.vpn ifconfig tun0 | grep inet | awk '{print $2}' | cut -d: -f2

Connecting to the VPN server via the newly created VPN Tunnel: eg.
ssh root@10.8.0.1

Stopping the VPN on the client
killall openvpn

Using the Ubuntu Network Manager

Client OpenVPN for Ubuntu 11.10

– Start Ubuntu Software Center
– Click on ‘All Software‘ Button (left top)
– Enter the word ‘VPN‘ in the search field (Right top)
– Double Click on ‘Network‘ (Network manager Gnome)
– In ‘Add-ons‘ List Select ‘Open VPN Plugin Gnome GUI‘ and leave the others unselected.
– Click on ‘Apply Changes‘ button (midle right)
– Enter your password to allow the installation
– Once fully installed, close ‘Ubuntu Software Center‘ window.
– Click on ‘Systems Settings‘ Icon (left middle)
– Click on ‘Network‘ Icon
– Click on ‘+‘ (bottom left of window)
– Select ‘VPN‘ and click on ‘Create‘ button
– Select ‘OpenVPN‘ (middle dropdown menu) and click on ‘Create‘ button
– Enter the Connection name (eg. MyVPNServer) in the field ‘Connection Name‘ eg. VPN Server 1
– Select the Option ‘Connect Automatically
– In the ‘Gateway‘ Field enter the address or FQDN of the VPN server
– In Authentication section:
– select ‘Certificates(TLS)‘ in Type Drop down Menu.
– Click in User Certificate field and select the file /etc/openvpn/ubuntu1110.crt
– Click in Ca Certificate field and select the file /etc/openvpn/ca.crt
– Click in Private Key field and select the file /etc/openvpn/ubuntu1110.key
– Enter a password to protect the use of your private key
– Click on Advanced Button (right down of window)
– Select ‘Use UDP connection
and ‘Use LZO Data Compression
– Click on ‘OK‘, then ‘Save‘ and finally ‘Close
– Go back to your terminal and protect your VPN key (stored in /etc/openvpn/) run the command:
chmod 600 /etc/openvpn/ubuntu1110.key

Making the VPN connection
– On upper right Ubuntu system Control Bar, Click on the Icon which has 2 Arrows
(one pointing up and one pointing down)
– Select ‘VPN Connection
– Click on your VPN connection name eg. MyServer
– The connection should start after a few seconds.

– Check the interface of the VPN tunnel from your terminal:
/sbin/ifconfig tun0

– Connect to the VPN server through the VPN tunnel:
Find out the IP of the Remote VPN Server (using the normal Internet way):
ssh root@vpnserver.vpn ifconfig tun0 | grep inet | awk '{print $2}' | cut -d: -f2
eg. Answer: 10.8.0.1
Connect to the VPN server via the Tunnel:
eg.
ssh root@10.8.0.1

Extra Note:

to allow a user to login with ssh without having to type a password, run the following commands logged in as the user (incl. root as well):

On the client machine

Create an RSA key pair for the user
ssh-keygen
(Only press ‘Enter‘ key to all questions)
Send the new Public key of the user’s ssh to the ~/.ssh/authorized_keys on the remote server
ssh-copy-id 10.8.0.1
(type the password)
Now you can login in 10.8.0.1 without password.
ssh 10.8.0.1

OSX OpenVPN Clients

– Install Tunnelblick Application from:
//code.google.com/p/tunnelblick/wiki/DownloadsEntry?tm=2

– Edit the client file config file (/etc/openvpn/client.conf)
and replace the paramaters appropriately just as above for Linux.

– Start Tunnelblick application
– When asked ‘Do you have any configuration file?‘ select ‘I have configuration files
– When asked for ‘Which type of Configuration do you have?‘ select ‘OpenVPN Configuration(s)
– When asked ‘Which type of configuration do you whish to create?‘ select ‘Open Private Configurations Folder
Tunnelblick will open Finder window where its Open VPN files should be copied,
wait here before anyswering anything and proceed to the next step.

– Copying the configuration file, ca, key and certificate into Tunnelblick config Directory
Open a terminal and issue the command:
sudo cp /etc/openvpn/*.conf /etc/openvpn/*.crt /etc/openvpn/*.key /Users/$USER/Library/Application\ Support/Tunnelblick/Configurations/
sudo chown michelbisson:michelbisson /Users/$USER/Library/Application\ Support/Tunnelblick/Configurations/*

– Click on ‘Done‘ button of Tunnelblick application

Making the VPN connection

– Click the icon of the tunnelblick (on top right of screen)
– Click on ‘Connect Client
– Once you see a light at the end of the tunnel you’re connected.
– To check out your own Tunnel Interface IP:
– Start a bash terminal
– Issue the command:
ifconfig tun0

– Finding out the VPN server’s Tunnel Interface IP:
– Start a bash terminal
– Issue the command:
netstat -nr | grep 'UGSc.*tun0' | awk '{print $1}' | cut -d/ -f1

Open VPN Client on Windows

– Login as root on the VPN server and create new client certificates as done for Linux OpenVPN clients.

– Download the OpenVPN program from the following URL and install it:
http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe
(Read the following note that will will appear at the end of the installation)

GENERAL QUICKSTART FOR WINDOWS

The OpenVPN Client requires a configuration file and key/certificate files.
You should obtain these and save them to \Program Files\OpenVPN\config.
To start OpenVPN, first run the OpenVPN GUI by double clicking on the desktop icon or start menu icon.
The OpenVPN GUI is a system-tray applet, so an icon for the GUI will appear in the lower-right corner of the screen.
Right click on the system tray icon, and a menu should appear showing the names of your OpenVPN configuration files, and giving you the option to connect.

– Download putty and winSCP (for windows) from the following URL and install it:
http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.62-installer.exe
http://download.winscp.net/download/files/201201251938f0fd4d4756d7bce59a6207776b36c42b/winscp436setup.exe

IN the VPN Server:
– Login as root in the VPN server and issue the following commands:

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client.ovpn
cd /etc/openvpn/

– Edit the file /etc/openvpn/client.conf and make sure only the following parameters are active.
(modify the parameters as suited for your environment, eg. ca,cert,key,remote)
To verify afterwards just run the command:
egrep -v '^#|^;|^$' /etc/openvpn/client.conf
and you should get the following (except for the environment dependant values)
client
dev tun
proto udp
remote www.myvpnserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/windows.crt
key /etc/openvpn/windows.key
ns-cert-type server
comp-lzo
verb 3

Prepare the transfer to Windows computer by running the following commands:
apt-get install dos2unix
unix2dos client.ovpn
cd /etc/openvpn/easy-rsa/2.0/
. /etc/openvpn/easy-rsa/2.0/build-key windows

– Answer the questions, forget the optional questions(just press enter)
– type ‘yes‘ when asked to sign the certificate.
Now we have created a new certificate for this ubuntu1110 client.

In Windows host
– start WinSCP, login as root in VPN server and copy the following files as indicated:
(VPN Server) (Windows host Directory)
=========================================== ============================================
/etc/openvpn/easy-rsa/2.0/keys/ca.crt ..............Copy to directory.. \Program Files\OpenVPN\config\
/etc/openvpn/easy-rsa/2.0/keys/windows.key .........Copy to directory.. \Program Files\OpenVPN\config\
/etc/openvpn/easy-rsa/2.0/keys/windows.crt .........Copy to directory.. \Program Files\OpenVPN\config\
/etc/openvpn/client.ovpn ...........................Copy to directory.. \Program Files\OpenVPN\config\

– Start the OpenVPN GUI: Start button == All Programs == OpenVPN == OpenVPN GUI
An Icon(2 very tiny red monitors) will appear in the QuickStart Bar (Bottpm Right) of screen

– Right click on the icon and select ‘Connect

– You should get a log screen and if everything goes well you will hear a short ‘blip’ from windows indicating that a new interface is been created.

– Verify the IP of the new interface:
Start ==>> Run Command ==>> Enter: cmd.exe ==>> In DOS window run the command ‘ipconfig

Here is an exampe of the result you should get:
(This was done on a German Windows XP)
Windows-IP-Konfiguration
Ethernetadapter LAN-Verbindung 3:
Verbindungsspezifisches DNS-Suffix: localdomain
IP-Adresse. . . . . . . . . . . . : 192.168.47.129
Subnetzmaske. . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . : 192.168.47.2
Ethernetadapter LAN-Verbindung 4:
Verbindungsspezifisches DNS-Suffix:
IP-Adresse. . . . . . . . . . . . : 10.8.0.18
Subnetzmaske. . . . . . . . . . . : 255.255.255.252
Standardgateway . . . . . . . . . :

Notice the IP: 10.8.0.18 of the second interface.
This is the IP of this machine seen through the VPN.

A ping to the VPN server should also works:
ping 10.8.0.1
Ping wird ausgefuehrt fuer 10.8.0.1 mit 32 Bytes Daten:
Antwort von 10.8.0.1: Bytes=32 Zeit=60ms TTL=64
Antwort von 10.8.0.1: Bytes=32 Zeit=81ms TTL=64
Antwort von 10.8.0.1: Bytes=32 Zeit=195ms TTL=64
Antwort von 10.8.0.1: Bytes=32 Zeit=204ms TTL=64
Ping-Statistik fuer 10.8.0.1:
Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0 (0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 60ms, Maximum = 204ms, Mittelwert = 135ms

IMPORTANT for Windows 7:

I could not get it to work on Windows 7 yet ….:-(
– Now the client.ovpn file is been configured properly but is not readable so far by the OpenVPN for Windows.

Some extra Note for windows 7:

(Although I could not get it to work on Windows 7 yet)
In Windows 7 the file ‘windows.crt’, because of it’s extention as ‘crt’ (certificate)
doesn’t allow it to be copied to windows via WinSCP. So the trick is to change the extention of the file from .crt to .cert
We will use this new name in windows for OpenVPN.

20 May 10 Speeding up Firefox Browser

Google Chrome has now eclipsed Mozilla Firefox in the speed category. However, I still use Firefox as my main web browser because it is still better than Chrome in certain areas.

But just recently, I tried a few tweaks that significantly improved the speed of Firefox making it a little bit snappier than the latest version of Google Chrome when loading web pages.

Here are some of the things that I did that helps make Firefox somewhat faster than Chrome:

1. Type about:config into the Firefox URL/address bar and hit ENTER. You will be warned that you might void your warranty if you change some advanced settings, but just go on and trust me 🙂

2. Inside the Firefox configuration page, scroll down and look for the following entries:

network.http.pipelining
network.http.proxy.pipelining

Set their values to “true” by double-clicking each one of them.

3. Next up, find this entry:

network.http.pipelining.maxrequests

Double-click and set the value to 8.

4. Right-click anywhere inside the config page and select New –> Integer. Name it nglayout.initialpaint.delay and set the value to “0″.

5. Right-click anywhere inside the config page and select New –> Integer. Name it content.notify.interval and set the value to “500000″.

6. Right-click anywhere inside the config page and select New –> Boolean. Name it content.notify.ontimer and set the value to “true″.

7. Right-click anywhere inside the config page and select New –> Integer. Name it content.switch.threshold and set the value to “250000″.

8. Right-click anywhere inside the config page and select New –> Boolean. Name it content.interrupt.parsing and set the value to “false″.

That’s about it. You should be able to notice the speed improvement immediately after applying the above tweaks.

Disabling Firefox addons that you don’t use often, blocking flash content, and using a lightweight theme will also help speed up Firefox.