The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,861 other subscribers

Archive for 2021

« Previous Entries
Next Entries »

Shodan (via SCADA systems accessible through the internet)

Posted by jpluimers on 2021/10/27

Just 2 years ago I bumped into shodan.io through [Wayback] Onderzoekers: zestig slecht beveiligde Nederlandse scada-systemen op internet – Computer – Nieuws – Tweakers and saved the entry [Wayback] Shodan (website) – Wikipedia:

Shodan is a search engine that lets the user find specific types of computers (webcamsroutersservers, etc.) connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.[1] This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server.

Shodan collects data mostly on web servers (HTTP/HTTPS – ports 80, 8080, 443, 8443), as well as FTP (port 21), SSH (port 22), Telnet (port 23), SNMP (port 161), IMAP (ports 143, or (encrypted) 993), SMTP (port 25), SIP (port 5060),[2] and Real Time Streaming Protocol (RTSP, port 554). The latter can be used to access webcams and their video stream.[3]

It was launched in 2009 by computer programmer John Matherly, who, in 2003,[4] conceived the idea of searching devices linked to the Internet.

It looked promising, but I was really pressed for time (having impromptu arrange all care for my mom, and became even more so when I got diagnosed with rectum cancer later that year), so did not pay much attention apart from registering.

Last year in the midst of my chemos I noted [Archive.is] Nate Warfield on Twitter: “https://t.co/16969jRfuL The latest Citrix vulnerability looks bad but there might be time to fix them before PoC comes out. The @shodanhq query above might help. (support.citrix.com/article/CTX269106 has more details)… “ (I think via @jilles_com) , so put it on my list of things to look into a bit further.

Since then, I found out a lot of people dislike Shodan and want to blacklist it because they see it as a threat. It feels like people think the internet is like the [Wayback] Ravenous Bugblatter Beast of Traal | Hitchhikers | Fandom

The Ravenous Bugblatter Beast of Traal is a vicious wild animal from the planet of [Wayback] Traal, known for its never-ending hunger and its mind-boggling stupidity. One of the main features of the Beast is that if you can’t see it, it assumes it can’t see you.

(This by the way is one of the reasons for Towel Day – Wikipedia)

Anyway: a few lists of Shodan IPv4 addresses and hostnames, and means to maintain them for the ones interested:

Reality is that the internet is much smarter, so if you block Shodan from seeing you, others from the internet still will and if you have vulnerable services, one day they will be abused. For instance, this personal anecdote:

I forgot I had a port redirection on my router for RDP access a non longer existing Windows system any more. I forgot that this Windows machine had no fixed DHCP-lease while in use (it kept it’s lease as it was always on).

When that machine was long gone, another temporary Windows machine obtained the same internal machine (the router had been rebooted and after reboot hands out previously handed out IP address), and boom: the new Windows machine was bombarded with RDP logon requests.

In the end, the new Windows machine was not compromised, so I was lucky as it could have been.

Back when registering, shodan.io sent SMTP mail via sky.census.shodan.io, so you might want to not blacklist it if you blacklist at all (incidentally, when writing the IP address  servicing that hostname was hosted in The Netherlands: [Wayback] 80.82.77.33 – sky.census.shodan.io – Netherlands – IP Volume inc – IP address geolocation).

It is good to think of you use Shodan, as not all usage might be legal where you live or where you travel to.

Some discussion in Dutch on the risks of using Shodan are in the above Tweakers.net link. It boils down to:

  • Searching should be OK
  • Accessing the devices found can be totally illegal

That’s basically with anything you find on the internet, for instance by Googling, so nothing new here.

I mainly use Shodan to see if I have any known vulnerabilities exposed. There are not that many ports open, but given the anecdote above, I might screw up again and not be so lucky.

This article has a balanced explanation of Shodan, how you use it, and how to stay safe: [Wayback] How to remove your device from the Shodan IoT search engine.

jeroen

 

Posted in Development, IoT Internet of Things, Network-and-equipment, Power User, Security, Software Development, Web Development | Leave a Comment »

ESXi: listing virtual machines with their IP addresses

Posted by jpluimers on 2021/10/26

This is sort of a follow-up on VMware ESXi console: viewing all VMs, suspending and waking them up: part 4 which already gave part of the configuration details of all the configured VMs.

Back then, we ended with this:

List the vmid values, power status and name of all VMs

Back to the listing script vim-cmd-list-all-VMs.sh:

#!/bin/sh
# https://wiert.me/2021/04/29/vmware-esxi-console-viewing-all-vms-suspending-and-waking-them-up-part-4/
vmids=`vim-cmd vmsvc/getallvms | sed -n -E -e "s/^([[:digit:]]+)\s+((\S.+\S)?)\s+(\[\S+\])\s+(.+\.vmx)\s+(\S+)\s+(vmx-[[:digit:]]+)\s*?((\S.+)?)$/\1/p"`
for vmid in ${vmids} ; do
    powerState=`vim-cmd vmsvc/power.getstate ${vmid} | sed '1d'`
    name=`vim-cmd vmsvc/get.config ${vmid} | sed -n -E -e '/\(vim.vm.ConfigInfo\) \{/,/files = \(vim.vm.FileInfo\) \{/ s/^ +name = "(.*)",.*?/\1/p'`
    vmPathName=`vim-cmd vmsvc/get.config ${vmid} | sed -n -E -e '/files = \(vim.vm.FileInfo\) \{/,/tools = \(vim.vm.ToolsConfigInfo\) \{/ s/^ +vmPathName = "(.*)",.*?/\1/p'`
    echo "VM with id ${vmid} has power state ${powerState} (name = ${name}; vmPathName = ${vmPathName})."
done

It uses vim-cmd vmsvc/getallvms, vim-cmd vmsvc/power.getstate and vim-cmd vmsvc/get.config with some sed and a for loop from dash to generate a nice list of information.

A long time ago, I already figured out that vim-cmd vmsvc/get.guest # gives all guest information including network information for a running VM that has either VMware Tools or open-vm-tools running (see VMware ESXi console: viewing all VMs, suspending and waking them up: part 3 for the difference between these two tools).

A full output of a sample VM is below the signature.

There are a few places that have the LAN ipAddress. For now, I choose to use only the IPv4 main address from ipAddress, which is in between (vim.vm.GuestInfo) { and net = (vim.vm.GuestInfo.NicInfo) [.

I modified the above script to become this:

Read the rest of this entry »

Posted in *nix, *nix-tools, ash/dash, ash/dash development, Development, ESXi6, ESXi6.5, ESXi6.7, ESXi7, find, Power User, Scripting, sed, sed script, Software Development, Virtualization, VMware, VMware ESXi | Leave a Comment »

ESXi shell: appending the parent directory of a script to the path and starting a new shell, even if the script is symlinked

Posted by jpluimers on 2021/10/26

I needed a way to append the directory of a script to the path as all my tool scripts are in there, and I did not want to modify any profile scripts as these might be modified during ESXi upgrade.

First you need the full script filename through readlink then toe parent directory name through dirname:

Note there might be dragons with more symlinks or different shells:

I created the script below. It is not perfect, but for my situation it gets the job done.

If you do not start a new shell, then the export is lost as a new dash shell process is started for each script that runs from the terminal or console.

# cat /opt/bin/append-script-directory-to-path-and-start-new-shell.sh
#!/bin/sh
# Absolute path to this script, e.g. /home/user/bin/foo.sh
# echo "'$0'"
SCRIPT=$(readlink -f "$0")
# Absolute path this script is in, thus /home/user/bin
SCRIPTPATH=$(dirname "$SCRIPT")
# echo Appending to $PATH: $SCRIPTPATH
export PATH=$PATH:$SCRIPTPATH
sh

–jeroen

Posted in *nix, *nix-tools, ash/dash, ash/dash development, Development, ESXi6, ESXi6.5, ESXi6.7, ESXi7, Power User, Scripting, Software Development, Virtualization, VMware, VMware ESXi | Leave a Comment »

Via a private message: Agile Rhapsody – Bohemian Rhapsody Parody – Scrum Team Building – Agile … on @YouTube

Posted by jpluimers on 2021/10/26

About half a year ago, someone shard this with me [Archive.is] Jeroen Wiert Pluimers on Twitter: “Via a private message: Agile Rhapsody – Bohemian Rhapsody Parody – Scrum Team Building – Agile …  via @YouTube”.

It is a great video about agile, the manifesto and scrum: spot on.

–jeroen

Read the rest of this entry »

Posted in Agile, Development, Scrum, Software Development | Leave a Comment »

wetten.nl – Regeling – Besluit zorgverzekering – BWBR0018492 – Bijlage 1 – aandoeningen in aanmerking voor langdurige fysiotherapie

Posted by jpluimers on 2021/10/25

[WayBack] wetten.nl – Regeling – Besluit zorgverzekering – BWBR0018492: Bijlage 1

Via:

–jeroen

Read the rest of this entry »

Posted in LifeHacker, Power User | Leave a Comment »

Some videos on defining ScanSnap scan destinations (Folder, Acrobat, …)

Posted by jpluimers on 2021/10/25

For my link archive some videos below.

Note that I dislike ScanSnap Cloud, as I do not want an intermediate party in between me and my cloud provider.

I much more prefer providers like Google Drive, OneDrive, etc to configure locally and have them upload to the cloud instead of ScanSnap Could also seeing my scanned content.

–jeroen

Posted in Fujitsu ScanSnap, Hardware, ix100, ix1500, ix500, Power User, Scanners | Leave a Comment »

Install pihole-eberkund on openSUSE using the Snap Store | Snapcraft

Posted by jpluimers on 2021/10/25

I wonder what this provides compared to a pihole virtual appliance: [WayBack] Install pihole-eberkund on openSUSE using the Snap Store | Snapcraft with these repositories:

Related:

–jeroen

Posted in *nix, *nix-tools, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

Happy 20th birthday WayBack machine and thanks Brewster for starting Internet Archive almost 25 years ago

Posted by jpluimers on 2021/10/24

Today, 20 years ago, the Wayback Machine started to unlock the archived content that the Internet Archive had been crawling since 1996 and make it accessible for the public at large.

Thanks Brewster Kahle for making all of this possible for such a long time!

Read the rest of this entry »

Posted in History, Internet, InternetArchive, Power User, WayBack machine | Leave a Comment »

How to Reclaim Purgeable Space on Mac – Bambielli’s Blog / Ask Different

Posted by jpluimers on 2021/10/22

For my link archive:

–jeroen

Read the rest of this entry »

Posted in Apple, Mac OS X / OS X / MacOS, Power User | Leave a Comment »

Using Google/Cloudflare/central DNS can bite you with large downloads

Posted by jpluimers on 2021/10/22

If you think download speeds are slow for large downloads (or multi-media playback is slow or quality is low) on a fast link, then consider your DNS.

Many people report that using one of the centralised DNS services (like Google/Cloudflare/…) causes slowness because they direct CDN lookups to a small pool of servers that get overloaded.

Some links:

Via [WayBack] How to check whether DNS is working through a browser? – Super User

Google DNS also allows for interactive querying, for example [WayBack] Google Public DNS

Read the rest of this entry »

Posted in Cloud, Cloudflare, DNS, Hardware, Infrastructure, Internet, Network-and-equipment, Power User | Leave a Comment »

« Previous Entries
Next Entries »