Blog Feed

Cisco ISR 4331 IOS and ROMMON Upgrade

Here is the steps to upgrade ISR 4331 GW. You will need to upgrade ROMMON upgrade first if you are going from older ver to new ver. This is specially true when you receive RMA from Cisco for trouble device. Once the upgrade done make sure to enable smart license (Most of the time I keep questioning ” Smartness” ) and get that activated.

ISR4331 – Cisco recommended IOS-XE release 16.12.05 & ROMMON version 16.12(2r).


Step 1:
Copy both ROMMON and IOS images to the bootflash of ISR

copy tftp: bootflash:
copy ftp: bootflash:
copy scp bootflash:

Step 2: Verify MD5 Checksum for both the files.


verify /md5 bootflash:isr4300-universalk9.16.12.05.SPA.bin

verify /md5 bootflash:isr4200_4300_rommon_1612_2r_SPA.pkg

Step 3: Upgrade the ROMMON on the router with the following command

upgrade rom-monitor filename bootflash:isr4200_4300_rommon_1612_2r_SPA.pkg all

Note: Please wait until this process finishes and do not interrupt

Then reload the system to make sure it boots properly.

Step 4: Now set the new boot statement in order to be able to load the new code on the device using the following commands
conf t
no boot system
boot system flash bootflash:isr4300-universalk9.16.12.05.SPA.bin
end
Write

Step 5: Verify that the boot variable points to the new image using the following command.
show bootvar

Step 6: Now reload the device using the following command
reload

Filezilla Server Setup

It seem that new version of Filezilla Server tend to confuse many of us with introduction with complete new UI. This is a basic quick setup of Filezilla Server and some explanation for confusing steps.

***Download FIilezilla from https://filezilla-project.org/ and those who want older version of product here is the link https://download.filezilla-project.org/server/

****Once downloaded start the installer and go through process and make sure to setup admin password to access the server and if you prefer change the admin port number from default one during the installation.

****Next open Filezilla admin interface and click on server and configure

**** Click on server listener and setup listing IP to accept incoming FTP request, usually this is leave as 0.0.0.0 to listen to all address. Also you can define whether you want to you explicit TLS or not.

**** Next click on Users and add user and password. This will be the user / psw that you will be need when connecting from FTP client. Important line on here is virtul and Native path,

Virtual path is slimier to Linux directory and this will be the name directory show when client connect and you can /whatever the name you like. Native Path is where will be this file will be actually save, basically real directory path in computer where data will be saved. Note that Filezilla Server doesn’t support network path.

***Next Apply setting and done!. Server setup is complete.

Note that I didn’t go into detail to setup certs and all other setup. This is a quick and dirty FTP server 🙂

An error occurred while enrolling for a certificate.The certificate request could not be submitted to the certification authority.The RPC server is unavailable.

Recently I had upgraded Root cert server OS ver from 2012 to 2019 via in place upgrade. Yes, I know it is not the most ideal way but I had my reasons 🙂

After upgrade none of the help desk staff was was able to connect to root cert server via MMC or none of the PC was able to request certs. So everyone was in help desk wasn’t happy 😦 But user was able to request certs and domain admin was able to connect to cert MMC and issue them. Since the PC wasn’t able to request any certs and end up in breaking SCCM communication which was done via PKI. So error I was getting was this,

After many search one of the post from here save the day and it was issue with DCOM error caused by the in place upgrade, how? I have no idea 🙂 https://theitbros.com/the-rpc-server-is-unavailable-0x800706ba/

Solution was this in my case,

In the AD search for Certificate Service DCOM Access and add Domain computers/Users/domain controllers as members

Then go to root CA server and run in cmd in admin mode.

certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG

net stop certsvc & net start certsvc

After this I was able to resolved my issue.

Error: ‘Invalid Argument provided. Java Server startup failure.’ when creating or refreshing a report using a JDBC

First make sure you have correct OJDBC or JDBC file.

Then copy that file to the java lib location, in my case D:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\java\lib

Then open CRConfig.xml and add the path location as shows below

https://userapps.support.sap.com/sap/support/knowledge/en/1527666

https://userapps.support.sap.com/sap/support/knowledge/en/1219417

SCCM Prerequisite check error when upgradeing – SQL Server Configuration for site upgrade failed

I had a opportunity to upgrade SCCM to new version from 2006 ver. As some of you may know that before SCCM upgrade there is a process to check whether current environment meet per-requisites. I new that my SQL environment and server environment meet standard after reviewing Microsoft documents. But my environment was keep failing per-requisites no matter which new version I choose. After several ours of browsing and reading through logs was able to locate the issue on SQL and pass through the obstacle and successfully upgrade the environment.

All I had to do is connect with SQL server and run two command. I’m no expert on SQL so I’m going simply put here two command that you need to run in your SQL server environment. I’ll also will put link here for great post related to SCCM upgrade.

ALTER DATABASE SCCM_DB_NAME SET ENABLE_BROKER WITH ROLLBACK IMMEDIATE;

ALTER DATABASE SCCM_DB_NAME SET HONOR_BROKER_PRIORITY ON

https://blog.ctglobalservices.com/uncategorized/mas/configmgr-prerequisite-check-error-when-upgradeing-to-1810-sql-server-configuration-for-site-upgrade-failed/

https://systemcenterdudes.com/step-by-step-sccm-2103-upgrade-guide/

This task sequence cannot be run because the program files for scopeid

There are many issues that can generate above mentioned error while imaging using SCCM. But the biggest hurdle is locating the scope ID. Because usually it gives you some giant number not that clear.

Easiest way to locate the scope ID is clicking on listed task list and reference tab which list all the task IDs. This issue was resolved by re distributing erred task ID related package.

How to setup Tor Bridge

I am not going to detail what is tor and all. Because if you already looking to setup Tor bridge, I assume that you already know about tor 😊. You can learn more about tor here anyways https://www.torproject.org/

In my setup I’ve used Lubuntu ( Focal distribution) (https://lubuntu.net/ ) light weight ubuntu base distro on spare old NUC box. This setup needs very little resources since Lubuntu design to run on your old hardware. Also, system can run 24/7 with very little power consumption.

First you need to get install latest tor. Because Debain LTS ver does not always give you the latest stable tor. if your tor bridge not safe, your intended user will not be safe either.

***** Enable package manager

# apt install apt-transport-https

***** Next go the to /etc/apt/sources.list or a new file in /etc/apt/sources.list.d/ add below entries,

   deb     https://deb.torproject.org/torproject.org <DISTRIBUTION> main

   deb-src https://deb.torproject.org/torproject.org <DISTRIBUTION> main

in my case it was little different because Focal dropped 32-bit support,

   deb     [arch=amd64] https://deb.torproject.org/torproject.org focal main

   deb-src [arch=amd64] https://deb.torproject.org/torproject.org focal main

***** You can fine your distro ver by running lsb_release -c in terminal.

***** Then add gpg Keys to sign packages

# wget -qO-  https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import

# gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add –

***** Install Key rings

# apt update

# apt install tor deb.torproject.org-keyring

Get more info here https://support.torproject.org/apt/tor-deb-repo/

****** Install Tor and proxy packages

# apt-get  install tor

# apt-get install obfs4proxy

# apt-get update

***** Brows into /etc/tor/  and right click and edit as admin torrc file or open with terminal editor,

Comment out or add these lines if the do not exists,

BridgeRelay 1

ORPort TODO1 = In my case TODO1 replace with 9001

ServerTransportListenAddr obfs4 0.0.0.0:TODO2 = I changed TODO2 to 9002

ExtORPort auto

ContactInfo address@email.com = change out your address you want to be contact if the relay have issue

Nickname PickANickname = set a nickname whatever you like

ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy

Log notice file /var/log/tor/notices.log

****** Set NoNewPrivileges=no in these two files,

/lib/systemd/system/tor@default.service

/lib/systemd/system/tor@.service

After that run below in terminal,

# systemctl daemon-reload

# systemctl restart tor

***** Now you need to port forward above set ports, so that Tor can reach your bridge.

Find more info here , https://community.torproject.org/relay/setup/bridge/debian-ubuntu/

Install VirtualBox Guest Addition in Ubuntu

First from virtual machine menu, click Devices and click on Insert Guest Addition CD Image. This process will add guest addition CD inside VM.

Bring terminal and run below,

sudo apt update
sudo apt install build-essential dkms linux-headers-$(uname -r)

Then brows into the CD from GUI interface and right click somewhere in the CD and click open terminal here. This bring Terminal within CD

then simply run,

sudo su

./VBoxLinuxAdditions.run --nox11

You will need to reboot VM.

How to Install Volatility in Kali

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. ” Volatility GitHub

Kali Linux has dropped volatility from their new release and you won’t be able to install it as usual apt-get install. You can go to GitHub and get info to install it via volatility download https://www.volatilityfoundation.org/releases. But when you start running it you will see many error pop up. This mainly due to no python availability in new debian and missing dependencies.

It took me few hours of fiddling around with various package install and reading through many post. But this is the method I was able to test and get it working.

Big thanks to Jason @ Jase IT and whoever did post to install python2 @ https://stackoverflow.com/questions/61981156/unable-to-locate-package-python-pip-ubuntu-20-04

Sudo su

apt-get update

###Install phython2

apt install python2

####Install pip2

curl https://bootstrap.pypa.io/get-pip.py –output get-pip.py

python2 get-pip.py

If Error happened run below and then run python2 get-pip.py

curl https://bootstrap.pypa.io/2.7/get-pip.py –output get-pip.py

###Install python3

apt install python3

###Install pip3

apt install python3-pip

###Install dependency

apt-get install pcregrep libpcre++-dev python-dev -y

###Upgrade setuptool

pip2 install –upgrade setuptools (make sure it is dash dash before upgrade setuptools NOT single dash)

###Install pip dependency

pip2 install pycrypto

pip2 install distorm3

###Download and extract volatility from https://www.volatilityfoundation.org/releases listed as “Source Code”

###CD into the location source code

python setup.py install

python vol.py -h to see more info

 

An installation step failed. Kali Linux Install Error

I’ve recently face an error with Kali Linux install in VMware Player and even after giving ample enough space /resources it was keep falling with install step failed and I’ve confirm that VM installer has internet access.

This is pretty much loop back even after restart the install. I’ve tried many times and different methods to install and come back to screen saying hit continue and it will bring up menu that you can skip the step of installing software, pretty much you will loose the GUI and all Kali packages.

After few hours browsing and cursing this the method I used to get kali install and functioning.

**** Basically hit continue and once you come to next step where you have option to skip,skip the step and installer will continue but when kali boot back you will be presented with basic debain shell.

****Log into the shell with your username and password then run these in a order and reboot. Make sure that your Kali can reach to the internet.

This command will install GUI XFACE, after install you will be able to log into Kali GUI.

***sudo apt-get install kali-desktop-xfce

Then you need to update kali install,

***sudo apt update

After this kali need to download base tool set via meta package install. This step will install base Kali tool and some other top tools. You can refer to this link for Kali meta packages in detail https://tools.kali.org/kali-metapackages

*** sudo apt update && sudo apt install kali-linux

*** sudo apt update && sudo apt install kali-linux-full

Here is a great blog post to install meta packages https://githacktools.blogspot.com/2018/04/how-to-install-kali-linux-metapackages.html