The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,466 other followers

Archive for June 28th, 2021

Nieuwe tenaamstellingscode aanvragen | RDW

Posted by jpluimers on 2021/06/28

Voor mijn link archief, want het kan al een tijdje ook met DigiD: [Archive.is] Nieuwe tenaamstellingscode aanvragen | RDW.

Via: [WayBack] RDW on Twitter: “Wil je je voertuig verkopen, maar ben je je tenaamstellingscode kwijt? Vanaf nu krijg je een nieuwe code niet meer per post, maar direct per e-mail toegestuurd. In plaats van 5 dagen, ben je nu 5 minuten kwijt. Lees meer op …”

–jeroen

Read the rest of this entry »

Posted in LifeHacker, Power User | Leave a Comment »

Criminals are mailing altered Ledger devices to steal cryptocurrency: looks added USB flash card is from Intenso

Posted by jpluimers on 2021/06/28

Last week, Bleeping Computer write about [Wayback] Criminals are mailing altered Ledger devices to steal cryptocurrency:

Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets.

The fake Ledger hardware wallet has a piggy back USB flash device on it (image from Mike):

[Archive.is] _MG_ on Twitter: “Malicious hardware implant in the wild! I helped @LawrenceAbrams dig into this. It’s a hardware wallet with a malicious implant added. It’s being mailed to targets. Read about it here: “

This week, Jilles opened up a bunch of USB flash devices to compare them with the pictures of the fake Ledger hardware wallet, where Mike noted that likely an Intenso device. It all started with a compliment

I reacted that earlier this year, I had an Intenso device die that was the boot stick for an ESXi server which after booting (once in months at most) only does read-only access to it. If I find it back (I might have ditched it), I will open it up and post pictures.

[Wayback] Jeroen Wiert Pluimers on Twitter: “Note I had one of these Intenso sticks die in an ESXi server: it was just the boot stick, so no writes at all. “

Anyway, this was the one that died (maybe because it was very cheap):

According to [Wayback] USB Sticks | Intenso, these devices are manufactured by or for this German company:

Intenso International GmbH
Gutenbergstraße 2
49377 Vechta, Germany

Indeed the conclusion of Jilles and Mike, while figuring out the type of USB PCB, was already that opening up the device could give an indication in what geographic region or what era these fakes might originate from:

Meta-information is information too, and especially important in forensics.

Fake Ledger hardware wallet video

Mike also created a video. It is below the signature.

This was the tweet about it: [Archive.is] _MG_ on Twitter: “I sat down and walked through the Ledger Wallet implant. From phish, to Amazon poisoning attack, to implant, and what’s next. “

Attribution

As Jilles mentioned, attribution is important, though both Mike and Jilles hardly sees that with red teams. So thanks Mike and Jilles for doing the grunt work.

[Archive.is] Jilles on Twitter: “Thanks @_MG_! One of the hard things about creating cool stuff for red teams is that you usually cannot share what epic stuff you did, apart from your team and the client. Unless… You see one of your methods in the wild. And really love the tiny USB modules being used here.… https://t.co/Cs4rzvuNrT”

[Archive.is] Jilles on Twitter: “I have actually been working on assignments where attribution, purpose and forensics of discovered implants had to take place. Not a red team exercise.… “

–jeroen

Read the rest of this entry »

Posted in Power User, Security | Leave a Comment »

How to rename a VM through SSH on ESXi ? |VMware Communities

Posted by jpluimers on 2021/06/28

From [WayBack] How to rename a VM through SSH on ESXi ? |VMware Communities (numbering and code highlighting mine):

Kindly find the below:

  1. Backup the virtual machine
  2. Power down the virtual machine
  3. Remove the virtual machine from the vSphere host inventory
  4. Open an SSH console session to the vSphere host
  5. Navigate to the storage directory containing the virtual machine: For example: cd /vmfs/volumes/<datastore_name>/<original_vmname>
  6. Rename the primary .vmdk configuration files: vmkfstools -E "<original_vmname>.vmdk" "<new_vmname>.vmdk"
  7. Rename the .vmx configuration file: mv "original_vmname.vmx" "new_vmname.vmx"
  8. Edit the virtual machine .vmx configuration file (Be sure to properly update the directory and file name of the .vswp swap file reference): vi "new_vmname.vmx"
  9. Rename any remaining files in the virtual machine’s folder as needed:
    1. Rename the .vmxf configuration file: mv "original_vmname.vmxf" "new_vmname.vmxf"
    2. Rename the .nvram configuration file: mv "original_vmname.nvram" "new_vmname.nvram"
    3. Rename the .vsd configuration file: mv "original_vmname.vsd" "new_vmname.vmsd"
  10. Rename the virtual machine folder: Move up one directory level to the parent folder ( cd .. ) then rename the virtual machine directory: mv "original_directory" "new_directory"
  11. Add the newly-named virtual machine to the host’s inventory (the newly renamed .vmx configuration file)
  12. Power on the newly renamed virtual machine
  13. Answer “I moved it” to the virtual machine question prompt (not “I copied it”)
  14. Review the virtual machine and all files/folders to make sure it is named as desired and functioning properly

Note: There are other methods to allow for renaming, but this method is fairly quick and easy. It should work on all editions of vSphere from free to Enterprise Plus.

The “Answer question” prompt where you should selected “I moved it”:

->

Prompt with symlink names in the path

On a site note, I need to figure uit how to set the ESXi shell prompt to show the current path like pwd does (with symlink names in it instead of the followed symlink targets):

[root@ESXi-X9SRI-3F:~] cd /vmfs/volumes/EVO860_250GB/
[root@ESXi-X9SRI-3F:/vmfs/volumes/5c9bd516-ef1f6d4c-f1b1-0025907d9d5c] pwd
/vmfs/volumes/EVO860_250GB

The ESXi shell is based on busybox, in fact it uses the ash variety:

[root@ESXi-X9SRI-3F:/vmfs/volumes/5c9bd516-ef1f6d4c-f1b1-0025907d9d5c] `readlink -f \`which readlink\`` | grep ^BusyBox
BusyBox v1.29.3 (2018-11-02 15:37:50 PDT) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2015.
[root@ESXi-X9SRI-3F:/vmfs/volumes/5c9bd516-ef1f6d4c-f1b1-0025907d9d5c] type chdir
chdir is a shell builtin

This seemed to work fine:

[root@ESXi-X9SRI-3F:/vmfs/volumes/5c9bd516-ef1f6d4c-f1b1-0025907d9d5c] PS1="[\u@\h:`pwd`] "
[root@ESXi-X9SRI-3F:/vmfs/volumes/EVO860_250GB] 

But in faxt fails, as it only takes a pwd value once, and not every time the prompt is evaluated:

[root@ESXi-X9SRI-3F:/vmfs/volumes/EVO860_250GB] cd ..
[root@ESXi-X9SRI-3F:/vmfs/volumes/EVO860_250GB] pwd
/vmfs/volumes
[root@ESXi-X9SRI-3F:/vmfs/volumes/EVO860_250GB] 

So I need to re-visit these links:

–jeroen

Posted in *nix, *nix-tools, BusyBox, ESXi6, ESXi6.5, ESXi6.7, Power User, Virtualization, VMware, VMware ESXi | Leave a Comment »

Hopefully datendomina (@sys_adm_ama) has followed up with some cool vi tips…

Posted by jpluimers on 2021/06/28

I hope that datendomina (@sys_adm_ama) has followed up with some cool vi/vim tips.

Though I can do basic editing (far more than quit-without-saving) and know about he various mode, I still feel not proficient.

[WayBack] Jeroen Pluimers on Twitter: “LOL! Boy was I glad that after finding my way in Ed and sed on SunOS in the 1980s, I discovered vi. Still not proficient in it (and I probably never will). However, knowing some of the basics allowed me to visually edit any file on any Unix like system. That’s still gold to me.…”

It also made me discover [WayBack] ed(1) Conference (@ed1conf) | Twitter.

One important tip:

[WayBack] Kristian Köhntopp on Twitter: “vi movement Kommandos haben System. Erkenne und lerne das System. hjkl + prefix+hjkl, Marken, prefix+jump to mark und so weiter. Und bleibe von den verblödeten Plugins weg. Die braucht kein Mensch und machen vim nur langsam im Start und kompliziert.”

The original thread, which I hoped would get longer: [WayBack] Thread by @sys_adm_ama: “Ich lerne jetzt vi(m). Klingt beknackt, oder?se […]”

Ich lerne jetzt vi(m).

Klingt beknackt, oder? Aber ich hab überlegt: ich möchte effizienter werden, meinen Kram stressfreier bewältigen. Und ich finde, es bietet sich an da an Baustellen anzusetzen, die täglich relevant sind. Und vi(m) nutze ich in der Tat täglich.

1/

Aber auch wenn ich ihn nutze und über den »Hilfe, wie komm ich aus dem Editor wieder raus?!«-Witz nur sehr müde die Augen rolle gehe ich davon aus, dass ich nicht mal einen Bruchteil der Möglichkeiten ausschöpfe, die er bietet (1. Release 1976, älter als ich!). Das ist spannend.
Das ist jetzt meine Mini-Challenge, auf die ich jeden Tag eine Viertelstunde verwenden will: wenn ich eine Funktion brauche mich nicht mehr drum herum zu hacken, sondern recherchieren wie es richtig geht und das dann gefälligst auch verinnerlichen. Mal sehen, ob das so klappt

3/

In dem Zuge will ich auch wieder verstärkt (neo)mutt in Verbindung mit vim nutzen – das wäre ein wunderbares tägliches Training 😎 Mails schreiben muss man irgendwie immer.

neomutt bietet leider auch einen Eimer voll Funktionen, die ich noch nicht ordentlich nutze. Gnah.

4/

An euren Replies erkenne ich, dass das mit dem »sich die Kürzel merken« echt heikel zu sein scheint 🤔 Wie handhabt ihr das im Alltag? Einfach ein paar Basics wie :u und CTRL+r und gut ist? Ich bin neugierig. Oder nutzt ihr alle nano? (Ich glaub, dann muss ich entfolgen) 😂
Nur als kleinen Zwischenstand: nach dem Lesen eurer Antworten schließe ich, dass ich mich mit meinem Kenntnisstand nicht verstecken muss 😂 Da hat mir der virtuelle Schulterblick schon weiter geholfen.

/5
vi(m), weil ich Admin bin und dieses Tool auf jedem System und ohne X-Geraffels üblicherweise vorfinde (wenn auch bei neueren Installationen dieser absurde „visual mode“ der Default ist 😳). Auch unter (Open)Solaris, IRIX, was weiß ich.

/6

Eben hab ich das Buch von @MasteringVim aus der Packstation gezogen (extrem vielversprechend!) – und klar, ich werde berichten 😎 Ich bin sehr gespannt.

/7ed

–jeroen

Read the rest of this entry »

Posted in *nix, *nix-tools, Development, ed, Power User, Scripting, sed, sed script, Software Development, vi/vim | Leave a Comment »

 
%d bloggers like this: