slipfriction.com

Wednesday 12 September 2018

How to check Gmail using Bash

Sometimes we need to automate things on linux using a gmail account. Using Gmail's built in atom feed, we can use a simple bash script to return all unread emails in XML format. Create an empty file and populate it with the following:

#!/bin/bash
username="USERNAME"
password="PASSWORD"
echo
curl -u $username:$password --silent "https://mail.google.com/mail/feed/atom" |  grep -oPm1 "(?<=<title>)[^<]+" | sed '1d'

Make sure you replace the username and password with your own. If you get no results, check your email for a message stating a sign in attempt was blocked. Open the email and follow the directions.

Wednesday 3 July 2013

How to install Integration Services for Centos 6.4 - Hyper-V 2012

Important! - You need to have a legacy network adapter inserted into the virtual machine BEFORE installing CentOS. If the legacy nic is not present at install time, you will not be able to use networking full stop.

Update: I uploaded a video on youtube showing how to do all the steps below :


Needing to install Integration Services on a fresh install of Centos 6.4, created on a Hyper-V 2012 machine. Microsoft has released instructions to do this using 2008 R2 and Centos 6.3 but as guessed, they dont work. If you follow the instructions, you'll get an error stating:

"-bash: cd: /media/CDROM/RHEL63: No such file or directory"
Not being much of a Linux guru, I had to figure this one out myself. I found all sorts of intructions about copying the files using the cp command and changing chmod values. Though it all made sense, I had to try not to type DOS commands and got a bit confused at times. It might have been a simple mistake by Microsoft but I'm not entirely sure as the guide was written for an older version of Centos. Although its a really simple task, I thought I'd document it step by step:
  1. First download the latest Linux Integration Services for Hyper-V from Microsoft here.
  2. Next insert the LinuxICv3*.iso into the Virtual Machine and type: mount /dev/cdrom /media then press enter.
  3. Now type "cd /media/RHEL63" and press enter. 
  4. Lastly, type "./install.sh" and press enter.

If the install was successful, a message will appear saying "Linux Integration Services for Hyper-V has been installed. Please reboot your system." :

All done! Now just type "reboot" and press enter.  You can now benefit from:

  • enhanced storage controller support
  • limited management from Hyper-V Manager and SCVMM
  • jumbo frames support for synthetic network controllers
  • integrated mouse support
  • support for the block Virtualization Service Client to allow Fastpath Boot Support for Hyper-V.
I'll update this post if to reflect any later releases of Hyper-V Integration Services. Now I'll have a go at re-installing my Zenoss...............*sigh*

Wednesday 26 June 2013

Active Directory Password Hell

A few months ago we started to enforce an incorrect password lockout policy at work, causing a huge spike of phone calls from users to unlock their account. Submitting a helpdesk ticket requires logging on to a pc or emailing from an external source. The problem is - if they can't log on, they can't submit a ticket. The volume of calls for this issue got so bad we had to start trialling an on-call phone, just in-case they were locked out when the office was closed overnight. I took this up as a challenge, there must've been a simpler solution than  an on-call phone.

Looking for a software solution, my manager Mandy found ADSelfService Plus by Manage Engine. It's a really cool piece of software and works really great, adding a link to the logon screen that allows you to unlock your account by answering a few security questions. I deployed it across the network but ran into another problem, we use a Virtual Desktop Infrastructure. It's fine for desktop pc's so what's the problem you ask? Here goes.................

Our Remote Desktop Servers require network level authentication. That means you have to be authenticated before a connection is allowed to the server. If you fail to authenticate from any client, you won't get a logon screen, so no link to reset your password. I could simply turn off NLA, but the servers are clustered using round robin. When an RDP connection is made from a Wyse terminal via hostname, it will connect to the first RDS server that DNS returns. The server will then interrogate the broker and redirect the connection to the RDS server with the least load. Without NLA enabled, users would have to retype their username and password over and over until they hit a server with less load than the others. Not only annoying for users, but a much wider window for users to lock themselves out...............talk about a logical paradox!    

It turns out the solution was pretty simple with a bit of C# magic.

All we used to publish to the Wyse desktop was a pop up box asking for a username and password. When the user connects, the Wyse would RDP to the Remote Desktop Farm. If I added a second connection that somehow connected the user to the helpdesk without supplying any credentials, they could submit a ticket if they were locked out! I wrote a program in C# that would simply load the webpage on a windows form. I published the application using Remote App on Server 2008 R2 and deployed a new RDP connection to the Wyse terminals using a generic logon called self service. Now the users could click either an icon called "logon" or another called "Help Desk".

Problem solved?
Nope. Users started to log vague tickets such as "Please help me to log on", leaving no name or contact details - all tickets logged this way from were from the user "self service", even though I coded a message box to pop up and remind users to leave their name.

What next?
Well, we have partners who have their own support company but use our devices from our offices. They are not connected to our network so the only way they can log support calls is by email. Then came the light bulb moment.............I could write a program that emails the helpdesk after verifying that their username exists.

Final Solution:
A really simple program with three text boxes and a button:

  1. Username
  2. Subject
  3. Details of issue 
I published the program in Remote App and added the connection to the wyse wnos.ini file and it works like a charm. An elegant solution to a very complex problem, just saying :) .




The program checks the username supplied against Active Directory and if it exists, it appends "@domain.com" to the username and sends and email to the help desk from the user's email address. The help desk will send an email to the support team and also to the user to notify us that a ticket has been logged. A simple function validates the whole form, catching all the exceptions I could find. If all goes well and the email is sent, a message box pops up saying so, then logs the session off. I'll explain in another post on how to verify a username against Active Directory in C# and how to send an email in C#. You can find the Visual Studio 2012 project here.

Monday 3 June 2013

Decoding Pager Traffic with PDW and SDR#

Today I uploaded a video on youtube showing how to decode pager traffic using sdr#, pdw and virtual audio cable. Pager sniffing is the hacker term. I am able to detect about 20 unique transmissions in total which are mostly POCSAG and Flex-A (1600 and 3200 baud). Most of the traffic is found around 152-155Mhz and 135-138Mhz, though I pick up a few faint signals between 454-460Mhz.

Software used:
SDR# - Used to detect signals with USB DVB-T dongle
PDW - Radio signal decoder
Virtual Audio Cable - Used like an audio mixer to send sdr audio output to pdw sound input

Hardware used:
Genius TVGo - rtl2832 dongle with fc0012 tuner
Wire Antenna - 2m of copper wire from a lan cable

Analysis of the traffic makes it obvious that some channels are being shared by multiple services, probably linked nationwide. Most of it is sent in plain text though the odd channel or transmission (and one notably strong one) is encrypted and appears as garbage in pdw. Some just spit out page tests all day long. Services include Fire, Ambulance and delivery companies. People also send SNMP data over the pager network, with messages such as ping failures, server failures and device offline notifications.



 Shout out to superphish on youtube, I did notice the signals but had no idea what they were. Found out it was pager traffic after watching one of his videos.

Tuesday 14 May 2013

Android 4.0 ICS on Wyse Terminal

Today I used an old Wyse C10le to boot Android 4.0, Ice Cream Sandwich from a 4GB bootable USB stick. This terminal had a corrupted firmware and failed to boot the Wyse OS, turned out that the flash based boot device was faulty. I thought it had good enough specs to try ICS on this device, with an x86 compatible VIA VX855 1GHz processor. I had to change the 512MB RAM to a 2GB PC2-6400 chip instead.
The terminal booted fine first time round, a bit slow booting from USB but was nice to get a welcome screen asking me to set up what it thought was a tablet. Running Android on this Wyse was pretty useless, no network connectivity and very unstable. Scrolling through the menus with the mouse and keyboard was quite fast but running any application would make it painfully slow. Sound was very choppy and it failed to render any kind of video I tried to run. I can’t really think of any useful need for this device at the moment and I’ve got quite a few terminals kicking around. I’ve successfully ran a number of different linux distros including DSL, XBMC and Fedora on this Wyse, a few S10’s and a V10l. Don’t know what to do with them now……….

Wednesday 10 October 2012

Hackaday Retro Challenge

The hackaday retro is a really cool lo-fi version of the site intended for using your old school or low power embedded devices. Its fully stripped of styling and scripts, allowing devices with limited memory to be able to access it. Not having anything really old at home, I scoured through the storage room at work. Apart from a few really large (and heavy) NT4 servers, the oldest and portable device I could find was a Compaq Armada 1500c. I found a suitable charger and it booted up!  It was running Windows 98, packing a Pentium 2 processor and 32MB of RAM. It had a 10mbps ethernet port but to make it more authentic, I picked up an old external serial 56K modem.

Finding the drivers for the external modem was a nightmare. After plugging in the serial port and turning it on,  device manager found it as a communications device. There was no know brand name on the thing so I opened it up to find a Conexant CX06827 chipset. Googling it revealed that it was a generic modem chip so drivers from most manufacturers should work. I found that Zoomtel did a similar modem and still offered the drivers for download

Success!

Update: I sent in my entry to hackaday and got a mention on their successes page. Mine was not very hard and not very retro apart from the modem. Why not submit your attempt too?