Hackviking He killed Chuck Norris, he ruled dancing so he took up a new hobby…


Win32 Disk Imager

Win32 Disk Imager main window

Reading and writing images to SD cards made easy! I more or less us it every day to write images to SD cards for my Raspberry Pi projects or for doing a backup of them. Win32 Disk Imager has received some bad press because it some times breaks SD cards. Every time that happen to me it was the image that was bad, so I can not really agree with the bad comments. If the card becomes unreadable it's easily fixed with SD Formatter. Win32 Disk Imager can be downloaded from SourceForge!

Filed under: Tools No Comments

SD Formatter

SD Formatter main window

SD cards some times seem to shrink or just get unreadable. Most of the time there is nothing wrong with them at all. They have just been written to in a bad way that messes up the partition table or breaks it all together. Most of the time you can fix it with disk management tools but it's more work then needed. I usually get problems with my SD cards from bad images for my Raspberry Pi but even my GoPro camera messed up a card ones. I also use a Denver action cam that usually formats the SD card with a smaller partition then the actual card size. SD Formatter from SD Association fixes the cards every time. Just run it against the card and turn on "format size adjustment" and it will come out just fine.


Raspberry Pi as a torrent server


A Raspberry Pi is a great for creating an always on torrent box that can take care of all your downloading and seeding. If you combine it with a NAS and a Raspberry Pi Kodi media center you will have a really sweat setup. The Raspberry Pi has a low power consumption, I run my of the USB port on my NAS. It also have no fans so it's quiet! In this guide we setup Transmission on a Raspberry Pi which includes both a web gui and third party apps for IOS and Android.

I presume that you have some basic knowledge of Linux and the Raspberry Pi. If not you might need to check out the installation guide for Raspberry Pi. When you have your Raspberry Pi up and running just follow the guide below. Use an image and not NOOBs it will come back and haunt you!
Continue reading...


Raspbian: fstab doesn’t mount NFS on boot


Ran out of disc space in one of my Raspberry Pi projects last night. Of course I did a quick and dirty install with NOOBs so cloning to a larger SD-card felt like a drag. So I decided it was time to upgrade from a 4GB SD to a 16GB SD as well as the latest version  4.1.6+. Installation went like a charm until I went to edit my /ect/fstab. I added the same NFS line as I used before: /mnt/download nfs rsize=8192,wsize=8192,timeo=14,intr 0 0

sudo mount -a work just fine but the share wasn't mounted after reboot. Googled the issue and found a lot of different suggestions, many related to USB drives. The number one suggestion was adding rootdelay=10 or rootdelay=5 to /boot/cmdline.txt. That would probably solve the issue for USB drives because the system are unable to identify the drive that early in the boot. Same suggestion was given for NFS failures as well but will not work. Tried a lot of suggestions, even found scripts to run mount -a after boot. That is not a solution just a work around!

Suggestion for adding x-systemd.automount,noauto to the mount options failed as well. Tried a lot of different configurations with one thing in common, no error in /var/log/syslog.

Finally I realized that the network was not ready! I checked the /etc/network/interfaces settings for eth0.

iface eth0 inet manual

It will still get a DHCP address but that will happen later in the boot process. So when the fstab entries are processed there is no network connection and therefore the disc will not mount. So if you change it to:

iface eth0 inet dhcp

Then the NFS drive will mount just fine after a reboot.


TFTPD32/64 a must have in the toolbox


TFTPD32 (or the 64bit version) is a great tool when working with networking, built in systems or small computers like the Raspberry PI. I usually end up using it's DHCP function when I need to connect something directly to my laptop for testing. It's also a great tool for quickly setting up a TFTP server for flashing firmware in built in systems. TFTPD also includes a syslog server which comes in handy troubleshooting linux based network devices like switches, routers and other stuff. Of course it's a great tool during penetration testing with man in the middle attacks where you want to take over the DHCP function in the network. I have been using it for years and I really recommend it!

TFTPD is written by Philippe Jounin, I think he is from France. Don't let the poor website design scare you of the tools he put out is really great! So check out his website: http://www.jounin.net/tftpd32.html



Easiest way to embed assembly’s into your executables

I usually write a lot of command line tools for different quick fixes. Distributing them to clients with a lot of attached DLL files are not always the best. They get copied around different servers and sooner or later someone runs them without the proper DLL files present. For quick and dirty tools there might be faulty error handling and the tool fails in a critical moment due to the missing assembly. I usually embed the DLL file into the executable, especially when doing command line tools. By far the easiest way of doing that in .Net is to install a Nuget package called Costura.Fody!

Just install it into the project and build the release and all assembly's get compressed and embedded into the executable. Visit Costura.Fody github page for more information!


WebRTC vulnerability exposes VPN users


It's now easy to expose the true IP address of VPN users. Daniel Roesler published the an example howto exploit the bug on Github. Firefoz, Mozilla, Chroma and Internet Explorer (with WebRTC plugin) are vulnerable to this bug. WebRtc is used for peer-to-peer connections for video chat and other similar implementations.

If the user isn't using VPN the computers internal network address will be exposed. This implementation is used for the WebRtc to handle NAT on the network and be able to bind sessions to the public IP. However the bug is really nasty because it exposes these functions to javascript. So this entire implementation below is made with javascript. The request is not registered in the developer console and can not be blocked by plugins.

If the user is using a lightweight VPN client, like a chrome plugin, the VPN will be bypassed all together and both the real public IP and internal NAT address will be shown.

Below there is a demo, if you see your public and private IP your browser is vulnerable for this exploit.

Code cred: Daniel Roesler (I only modified it to run in WordPress).

Your local IP addresses:

    Your public IP addresses:

      function getIPs(){
          var ip_dups = {};
          //compatibility for firefox and chrome
          var RTCPeerConnection = window.RTCPeerConnection
          || window.mozRTCPeerConnection
          || window.webkitRTCPeerConnection;
          var mediaConstraints = {
              optional: [{RtpDataChannels: true}]
          //firefox already has a default stun server in about:config
          // media.peerconnection.default_iceservers =
          // [{"url": "stun:stun.services.mozilla.com"}]
          var servers = undefined;
          //add same stun server for chrome
              servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};
              //construct a new RTCPeerConnection
              var pc = new RTCPeerConnection(servers, mediaConstraints);
              //listen for candidate events
              pc.onicecandidate = function(ice){
              //skip non-candidate events
                  //match just the IP address
                  var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3})/
                  var ip_addr = ip_regex.exec(ice.candidate.candidate)[1];
                  //remove duplicates
                  if(ip_dups[ip_addr] === undefined)
                      var li = document.createElement("li");
                      li.textContent = ip_addr;
                      //local IPs
                      if (ip_addr.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/))
                      //assume the rest are public IPs
                          ip_dups[ip_addr] = true;
          //create a bogus data channel
          //create an offer sdp
              //trigger the stun server request
              pc.setLocalDescription(result, function(){}, function(){});


      Amazon EC2 Linux – Add additional volumes

      EBS Mappings

      Adding additional storage to your Amazon EC2 instance have several advantages. You can select the right storage type for the use. Why use a fast SSD backed volume for storing nightly backups instead of magnetic storage, that ar slower but come at a much lower price.

      First you need to provision storage and assign it to your instance. Amazon provides a good guide on how to add additional volumes to your instances. There are several advantages to using several different volumes. As I wrote in my guide to move mysql storage you will not risk running the boot disk full witch will make the system halt. Other advantages include the selection of storage fit for your purpose and price range, as mentioned above. External volumes can also easily be migrated between instances if and when you get a need for that. It is also easier when you need to extend your storage space. Instead of making a snapshot of the entire instance and then launching a new one with a bigger drive you can attach new storage and migrate the data. This approach will make the downtime much shorter.

      When selecting the correct storage for you solution there are a few things to keep in mind. When it comes to EBS it comes in three basic flavors. All with there benefits and disadvantages, it is there for important to make an educated decision.
      Continue reading...


      Move MySQL database storage location

      It's always a good idea to keep storage away from the boot device. If you run out of space on the boot device the system will halt. If you make a new install it's easy enough to move your storage and you can do it from a cloud-init script like this:

      - mkdir /var/db
      - chown -R mysql:mysql /var/db
      - sed -i 's:datadir=/var/lib/mysql:datadir=/var/db:g' /etc/my.cnf
      - service mysqld start

      If the installation is all ready up and running you have to add steps for stopping the MySQL server and copy the database files:

      mkdir /var/www/db
      service mysqld stop
      mv /var/lib/mysql/* /var/db
      chown -R mysql:mysql /var/db
      sed -i 's:datadir=/var/lib/mysql:datadir=/var/db:g' /etc/my.cnf
      service mysqld start

      In these examples I have user /var/db where I mounted the second storage device. You can however use any location you see fit. Points of interest in the command sequence.

      chown -R mysql:mysql /var/db

      Make sure that the mysql deamon have access to the storage location.

      sed -i 's:datadir=/var/lib/mysql:datadir=/var/db:g' /etc/my.cnf

      sed is a simple tool for search and replace inside text/config files directly from the command line. Here it searches for the line specifying the MySQL datadir location and replaces it with the new value.


      Unattended use of mysql_secure_installation

      After installing MySQL on any Linux distribution you run the mysql_secure_installation script, or at least you should! It will prompt you to set a new root password, remove anon access and a few other things. But if you want this configuration to be done in a deployment or cloud-init script? The mysql_secure_installation command/script doesn't accept any parameters, so it can't be used for unattended install. How ever you can execute the same commands via the mysql command line tool as long as the service is started.

      mysql -e "UPDATE mysql.user SET Password=PASSWORD('{input_password_here}') WHERE User='root';"
      mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '', '::1');"
      mysql -e "DELETE FROM mysql.user WHERE User='';"
      mysql -e "DROP DATABASE test;"
      mysql -e "FLUSH PRIVILEGES;"

      I use this to provision new MySQL servers in the Amazon EC2 environment and it works like a charm. If this is used in a cloud-init script make sure to execute the sudo service mysqld start first!