STOP Blue Screen Error on VMWare when using WinPE or WAIK

Video Posted on

This past weekend I was invoking my disaster recovery plan for a system of mine and I went to boot the .iso to run the restore (CA ArcServ D2D Bootkit) and I kept on getting this error. Under the gun of pressure as the production hours quickly approached I had to figure it out.

*** STOP: 0x0000005D (0x000000000FABBBFF, 0x0000000000000000, 0x0000000000000000,0x0000000000000000)

Stop_05D

 

Of course this is extremely frustrating when in a DR situation. So here is the quick, and simple answer.

 

This error occurs when you have the machine you’ve created in VMWare set to a 32-bit architecture, while attempting to boot into a 64-bit environment.  Power down your VM, edit the settings like shown below to x64 and you’ll be all set!

edit_vmware_vm_cpu_architecture

 

Now you’ll be able to boot up with no issues at all. I hope I’ve made your day at least a little bit easier!

 

Advertisements

Decrypting HTTPS (SSL/TLS) Tunnels Using Fiddler

Posted on

A few days ago the phone rings, I get an ear-full about how some application isn’t working correctly and how it’s all the network’s fault and the repercussions of this outage will possibly cause so much damage that the world will start turning…the OTHER DIRECTION. Unfortunately for us IT Professionals, this is all too common of an occurrence. Nonetheless, I jumped in to see what I could do. I had never seen this application before so I had to start troubleshooting from the ground up. Very quickly I noticed it was running (or supposed to be running) over web protocols, so I whipped out the handy-dandy wireshark to get a look. Hm…it establishes a TLSv1 tunnel and shoots all the data at the server that way. Well, the Apps team was no where to be found so I had to find out what was moving across the wire here to figure out the issue. This is where fiddler comes in to play *Trumpets Fanfare*.

Fiddler is a fantastic little tool that does different things with packet captures and things of the sort. For this blog, I want to talk about its’ ability to man in the middle your own machine to provide visibility into an encrypted tunnel. Lets do a little demonstration here.

I’ve done a quick search in on bing, using HTTPS — thing fancy here at all.

encrypted_search_browser

 

 

I started fiddler prior to performing the search above, and this is what it shows up with, a whole bunch of nothing. Tunnel Tunnel Tunnel Tunnel…dang security.

fiddler_encrypted

 

 

Alas, fiddler has an option to man in the middle yourself and decrypt the tunnel! Just go to Tools > Fiddler Options > HTTPS > and check the box that says “Decrypt HTTPS traffic”. I chose browsers only for this demonstration, though you can do all traffic for other uses and applications.

select_decrypt

 

 

It lets you know that you’re doing something that defies the laws of CAs.

scary_rootcert

 

Now here we go, re-launch the browser and go to https://bing.com, it throws a security error stating that the certificate is untrusted.

untrusted

 

For this to work, you will need to add the exception, if you view the cert you can see that it was assigned to fiddler, when it’s clearly stating that it is for bing.com

cert_fiddler

 

Once that is all excepted, you can do the same search we did before — plain and simple.

encrypted_search_browser

 

Back to Fiddler, and ta-da! Congratulations, you’ve bypassed the security of your own data and now have visibility into the tunnel.

viewing_encrypted

 

 

That’s it, very simple. You can view inside your SSL/TLS tunnel using fiddler in just a few simple steps. Side note, I was able to use that to determine what was happening on the wire for my application failure and was able to remedy the failure.

 

I hope I’ve made your day at least a little bit easier!

 

 

Symantec Backup Completed with Exceptions oem13.inf

Posted on

JobStatus_Exception

 

 

I recently was given this error in a backup that was leveraging Symantec Backup Exec 2010 R2. I noticed that it wasn’t failing but was “Completing with Exceptions”. Upon investigation of the job log I found the errors above, and below.

 

not_present

 

 

Upon research I found that in this version of Backup Exec (13.0) against this version of Windows (2008 R2) the VSS looks for the two files when they are not there — then fails and says they were not included in the backup.

Fantastic. Easy fix. There are two ways you can do this. One, is that you go into “C:\Windows\INF\” and make a blank text file and name it oem13.inf and then again naming it oem14.inf. The operating system won’t ever utilize it, but it will calm the unwarranted errors in Backup Exec.

The other way to remedy this is to add two simple exceptions into the backup.

 

13inf

 

 

Launch the backup exec console, find your job in “Job Monitor” and edit the include/exclude under Source –> Selections. Add the path “C:\Windows\INF” and the file “OEM13.INF” then do this again for “OEM14.INF” like above.

 

All things considered, a very easy fix. I prefer the second option so that you’re not cluttering the critical areas of the file system.

 

Hope I’ve made your day a little easier!

 

 

Varying “File name too long” Issues

Posted on Updated on

This question has been posed to be multiple times before, “It says the file name is too long, why can’t I delete it?” or some variation of the same issue. There is a multitude of forum postings scrawled all over the internet and it’s endless wonder telling people to go download all these programs to fix it, which either end up costing money or giving you malware and in the end they don’t even work. There are two quick and easy things to check to fix any issue pertaining to any variation of “file name too long” errors.

 

  1.  Check for Illegal Characters 

No file name, or path can have any illegal (reserved) characters which are as follows.

\ / ? : * ” > < |

If none of these exist, you’re good to move on.

 

2.   Make sure the path name hasn’t exceeded the maximum length

 

Windows limits a single path to 260 characters. This is why you might get an error when copying a file with a very long file/path name to a location that has a longer path than the file’s original location. This is most often the culprit. I’ve seen it most frequently when you download some sort of compressed container or files such as a .zip or a .iso such as I’ve done here below.

 

I downloaded this .iso, and used 7zip to extract it, it then created a folder with the iso’s name then duplicated it inside of itself causing my file path to be extremely long, more than the allowed 260 maximum characters in a file path.

powershell_directory

 

 

 

When then attempting to delete the tree from C:\Users\Administrator\Downloads\ I was unable to and received the aforementioned dreaded errors.

 

too_long too_long2

 

I then went in and replaced the “en_expression_studio_4_ultimate_x86_msdnaa_dvd_537046” with just “en” and was able to dramatically reduce the file path length.

 

short_powershell

 

Now that the file path length was inside the legal character limit, I was able to successfully delete the entire tree from the C:\Users\Administrator\Downloads\ folder successfully. Bada-Bing Bada-Boom.

 

There you go. I hope I’ve made your day at least a little bit easier.

How to mount your OneDrive as a local mapped drive

Posted on Updated on

EDIT: If you liked this post, I’ve updated my process a little bit and written a script to automate a good chunk of this! Go check out Part 2 of this blog! https://thetechl33t.com/2014/10/03/how-to-mount-your-onedrive-as-a-local-mapped-drive-part-2/

 

 

OneDrive is an online storage system by Microsoft that is included when you have an email account such as @live.com @hotmail.com etc. I use it fairly often and I was curious if I could map it locally, turns out that I can.

First of all, you need to go to https://onedrive.com and use your Windows Live account (the same you use to access Hotmail, Messenger, Windows Live Mail or MSN) to log in and create the folders you want to use by using the New menu. You can create private and shared folders and customize the access for every one of them.

onedrive_0

After your have created your folders and customized it to your liking, you will need to link your computer to your online ID so it can access them without asking for credentials every time.

Click on the Start Menu button and select Control Panel.

cnt_pannel

Select User Accounts and Family Safety.

useracct_2

Select User Accounts

useracct_3

Select Link Online IDs, on the left side of the window.

link_online_4

Click on Link Online ID.

link_online_5

If you haven´t installed the Windows Live ID provider, you will be taken to a website to download it. If not, click the “Add an online ID provider” link in the above photo and it will take you there.

download_signon_6

Now you will be taken back to the Online ID providers and click on Link Online ID to sign in.

liveID_7

Now, to get the address where to map your OneDrive´s folders, you can open Excel, Word, PowerPoint or OneNote click on File and then on Save & Send. Then click “Save to Web” and it will populate the OneDrive folders from the OnlineID you just linked, select that folder and click “Save As”.

doc_save_8

Double click on the folder you want to map and copy the folder´s address.

url_9

Now that you have that link, go back to “Computer” and click “Map Network Drive”.

computer_10

map_11

Choose a drive letter, and paste that URL in there that was copied a few steps back.

map_12

There ya go! You’ve now got your OneDrive linked locally!

drive_13

 

 

EDIT: If you liked this post, I’ve updated my process a little bit and written a script to automate a good chunk of this! Go check out Part 2 of this blog! https://thetechl33t.com/2014/10/03/how-to-mount-your-onedrive-as-a-local-mapped-drive-part-2/

5 free security tools for testing Windows

Posted on

One of the things you often find yourself thinking is, hmm…I should probably test my windows machines for security flaws, right? I’ve decided to share some very good tools for testing security from basic button clicking to advanced security testing.

As it relates to Windows-based computers, there are seven general types of security testing tools. These are:

  1. Port scanners
  2. Network/OS vulnerability scanners
  3. Application/database vulnerability scanners
  4. Password crackers
  5. File searching tools
  6. Network analyzers
  7. Exploit tools

All of these types of tools can and should be used when performing penetration tests, vulnerability assessments, and security audits on your Windows systems.

For the most part with security tools, you get what  you pay for. There are, however, a handful of free tools that are a solid choice.

Super Scan v3:  Very fast and easy to use port scanner that can find live systems, look for open ports and running services, grab banner information including software versions.

superscan

http://www.mcafee.com/us/downloads/free-tools/superscan3.aspx

 

 

SoftPerfect Network Scanner:   Maps MAC addresses to IP addresses which can help you locate rogue wired and wireless systems.

softperfect_network_scanner_network___internet_trace___ping_tools-18961

http://www.softperfect.com/products/networkscanner/

 

– WebFingerPrint:   Windows enumeration tool that can ferret out patch levels, NetBIOS information, user information, and more.

winfingerprint_1

http://winfingerprint.sourceforge.net/

 

Microsoft Baseline Security Analyzer:  Checks your local machine to identify missing security updates and common security misconfigurations.

 

Microsoft-Baseline-Security-Analyzer

 

http://www.microsoft.com/en-us/download/details.aspx?id=7558

 

– Metasploit:  A great tool to exploit those Windows-based vulnerabilities that other tools find, for advanced users only.

metasploit2

 

 

http://www.metasploit.com/free-download/

 

 

 

As you build your compilation of security testing tools over time, you’ll find that there is no one best tool. Keep in mind that security tools are not the “easy button” for finding security vulnerabilities. That’s where Operating System, Application, Networking Knowledge, and most importantly, experience will come into play.

 

Where tools are required, you’ll see that the ones that are more specialized in finding specific types of vulnerabilities will provide you with the best results. It all comes down to personal preference and how comfortable you feel using each tool, but in the end your goal should be to find the greatest number of vulnerabilities, exerting the least amount of work, in the shortest amount of time. Get to know the tools on this list, use them consistently and you’ll be well on your way to a storm of work that you never thought you had before ;).

Quick n’ Dirty Network Graph in Powershell

Posted on

This will be very short, sweet and to the point.

I was on a project recently where I was unable to access (and therefore monitor) any of the networking equipment and the WAN links thereof. Noticing that the issues that were occurring were due to a network problem I spoke with the folks who ran that particular network — they were no help. They gave me as little information as possible and punted the issue back to me saying it was a server problem. So here I am, no access to the network equipment, can’t monitor or log the WAN links, workstation in branch office having intermittent issues reaching the server in the main office. Enter powershell.


#-----Start-----
do {

#Ping google.com and select only the response time then output to file
test-connection google.com | Select-Object -Property ResponseTime >> pingoutput.csv

#Sleep for 10 seconds
Start-Sleep -s 10

#Write the time to the file
get-date >> pingoutput.csv

#Set the Time variable for the end while condition
$Time = (Get-Date).Hour

}

#While loop end condition states continue only if time is less than 5pm (24 hour clock)
while ($Time -le 17)
#-----End-----

The comments in the script state how it works and what each line does. After 5pm (the while loop end condition) you can grab that output .csv file and pull it in to excel. Once there you select your data real quick and you’ve got yourself a nice little graph of network latency in milliseconds over the period of the day.

network_latency

 

As you can tell there were some problems with this particular link.

 

 

There ya go!