Cisco 1941 password recovery

Note: This procedure is applicable to most Cisco routers, however the key is knowing the register to use.

Turn the power off.
Turn the power on.
About when you see the following message, hit Ctrl-Break (yes the Pause/Break key).

Readonly ROMMON initialized

You should be presented with the following prompt:

rommon 1 >

Enter confreg 0x2142:

rommon 1 > confreg 0x2142

Then, you will get the following message:

You must reset or power cycle for new config to take effect

Enter reset:

rommon 2 > reset

The router will reboot and start the initial configuration wizard. Just say “No” to skip. This will drop you to a “Router>” prompt.

Enter enable, and you will presented with a “Router#” prompt.

Copy your startup-config to running-config (make sure you do not switch the order or you will lose your configuration):

Router#copy startup-config running-config

Then reset the password (I set it to “cisco” below.):

Router#configure term
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret cisco

Then, type the following:

config-register 0x2142

If you cannot remember the register number from earlier, you can find by issuing the following:

Router(config)#do show version

Enter:

Router(config)#end

And save:

Router#write mem
Building configuration…
[OK]

Then reload to test:

Router#reload
Proceed with reload? [confirm]

Awk and cases

Good stuff here. I always like to pick up these little things along the way.

If you want to change the case of a string using awk:
Lower case:

$ echo myuppercasestring | awk ‘{print tolower($1)}’

Upper case:

$ echo mylowercasestring | awk ‘{print toupper($1)}’

I used something like this to create little of commands to rename a bunch of upper case file names to lower case file names:

$ ls -c1 | awk ‘{print “mv ” $1 ” ” tolower($1)}’

CentOS 7 – package conflict during update.

I was having trouble getting the most recently installed kernel to boot (not the latest release in the repository). It just immediately crashed like it was a grub issue. So, I decided to update the server to an even later kernel, since it is not really a production server.

However, when I did I kept getting the following conflict message:

Error: kernel conflicts with kmod-20-8.el7_2.x86_64

This what took care of the issue for me:

After running this command, I discovered that it was not an issue with an incomplete installation during my last updates.

# yum-complete-transaction –cleanup-only

Then, I ran the following, which removed a lot of duplicate packages:

package-cleanup –cleandupes

Then, I updated the server again:

# yum -y update

Rebooted the latest kernel in the repository without any issues.

CentOS – disable ciphers in openssh

I used the following procedure to disable the weak ciphers enabled in openssh on CentOS 7:

You could probably guess where you this should be configured, but one of the challenges can be getting of complete list of what is supported.

Get a list of supported ciphers:

# ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

To disable one or more, you need to explicitly specify the ciphers you do want to use. For example, arcfour:

# vi /etc/ssh/sshd_config

Ciphers 3des-cbc,blowfish-cbc,cast128-cbc,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

And then, restart sshd:

# systemctl restart sshd

And check:

$ ssh -c arcfour localhost
no matching cipher found: client arcfour server 3des-cbc,blowfish-cbc,cast128-cbc,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

Remotely enable RDP.

Download psexec.exe to run commands remotely on the remote machine.

Once installed, run psexec to bring up a command prompt on the remote machine:
C:\Tools> psexec \\remotecomputer cmd

Turn off the firewall:
C:\Windows\system32> netsh advfirewall set currentprofile state off
Default Profiles: AllProfiles, CurrentProfile, DomainProfile, PrivateProfile, or PublicProfile.

Create a rule to allow Remote Desktop through the firewall:
C:\Windows\system32> netsh advfirewall firewall set rule group=”Remote Desktop Access: new enable=Yes

These netsh commands will return an “Ok!” when successful.

Next ensure that the “Remote Registry” service is started, so you can modify the registry to enable Remote Desktop:
C:\Windows\system32> net start “Remote Registry”

Then, from your local machine open regedit and select File/Connect Network Registry…
Enter the name or I.P. address of the remote machine.
Once connected, navigate to “REMOTEMACHINE\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server”
Then, double click fDenyTSConnections and change it from a 1 to a 0.

Then, back on your psexec session restart the “Remote Desktop Services” service:
C:\Windows\system32> net stop “Remote Desktop Services”
C:\Windows\system32> net start “Remote Desktop Services”

Now, you should be able to connect, and still connect after rebooting if you set the “Remote Desktop Services” service to Automatic so it starts at boot.

Reset/remove Windows 10 policies

If you need to reset policies on a Windows 10 machine, back to the defaults you can do the following from an elevated command prompt:

To reset the Local Policies:

C:\Windows\system32>setedit /configure /cfg C:\Windows\Inf\defltbase.inf /db C:\Windows\defltbase.sdb

Reset Group Policies by removing the following directories. This file remove the directories with prompting to remove the directory tree as well:

C:\Windows\system32>rmdir /S /Q c:\windows\system32\GroupPolicyUsers
C:\Windows\system32>rmdir /S /Q c:\windows\system32\GroupPolicy

Set Windows Update Proxy Settings via Command Line

I was having trouble with updates on server. It was complaining about the proxy settings. So, I wanted to have the Windows Update use a different proxy configuration. The following commands can be used to manage the proxy settings from the command line:

Display the current settings:

netsh winhttp show proxy

Set the proxy:

netsh winhttp set proxy proxyservername:portnumber

Set proxy and bypass options:

netsh winhttp set proxy proxy-server=”proxyservername:portnumber” bypass-list=”*.mylocal.domain”

And then, when you really screw something up and just want to start over. Reset:

netsh winhttp reset proxy

Back out a yum update.

Boy, I tell ya, the more I learn about linux, the more I love it. Especially, yum. Something was wrong after I used yum to update a package. I didn’t have time to look into it in detail, so I just wanted to back out the change and downgrade the packages that were updated during the update and restore functionality. My initial thought was to restore a snapshot of the system from the night before, but I thought better and decided I would try to rollback the installation and downgrade the application. This is what I did:

Got a list of all the yum transactions on the system using the yum history command:

# yum history list all
Loaded plugins: fastestmirror
ID | Login user | Date and time | Action(s) | Altered
——————————————————————————-
18 | | 2017-03-24 17:32 | I, U | 8 EE

Then, based on the time, I was to determine the transaction ID to get more information about the transaction to verify I had the correct one using the yum history info command:

# yum history info 18
Loaded plugins: fastestmirror
Transaction ID : 18
Begin time : Fri Mar 24 17:32:42 2017
Begin rpmdb : 335:80c8ab3d529a99f5edc0570b5dbf0a9a2475ffda
End time : 17:34:11 2017 (89 seconds)
End rpmdb : 342:0f129cb344b7c87fe9b0f9b0ff74715215284aea
User :
Return-Code : Success
Command Line : update wikid-server-enterprise-4.2.0.b2007-1.noarch.rpm
Transaction performed with:
Installed rpm-4.8.0-55.el6.x86_64 @base
Installed yum-3.2.29-75.el6.centos.noarch @updates
Installed yum-metadata-parser-1.1.2-16.el6.x86_64 @anaconda-CentOS-201311272149.x86_64/6.5
Installed yum-plugin-fastestmirror-1.1.30-37.el6.noarch @base
Packages Altered:
Dep-Install audit-libs-python-2.4.5-3.el6.x86_64 @base
Dep-Install libcgroup-0.40.rc1-18.el6_8.x86_64 @updates
Dep-Install libsemanage-python-2.0.43-5.1.el6.x86_64 @base
Dep-Install policycoreutils-python-2.0.83-30.1.el6_8.x86_64 @updates
Dep-Install rsync-3.0.6-12.el6.x86_64 @base
Dep-Install setools-libs-3.3.7-4.el6.x86_64 @base
Dep-Install setools-libs-python-3.3.7-4.el6.x86_64 @base
Updated wikid-server-enterprise-4.2.0.b1977-1.noarch @/wikid-server-enterprise-4.2.0.b1977-1.noarch
Update 4.2.0.b2007-1.noarch @/wikid-server-enterprise-4.2.0.b2007-1.noarch
Scriptlet output:
1 Stopping Tomcat server … Success!
2 Stopping TimeCop service … Success!
3 Stopping wAuth protocol daemon … Success!
4 RADIUS protocol daemon already stopped.
5 LDAP protocol not enabled.
6 Stopping Logger service … Success!
7 Stopping database … Success!
history info

And then, to downgrade the packages, I used the yum history undo command:

# yum history undo 18
Loaded plugins: fastestmirror
Undoing transaction 18, from Fri Mar 24 17:32:42 2017
Dep-Install audit-libs-python-2.4.5-3.el6.x86_64 @base
Dep-Install libcgroup-0.40.rc1-18.el6_8.x86_64 @updates
Dep-Install libsemanage-python-2.0.43-5.1.el6.x86_64 @base
Dep-Install policycoreutils-python-2.0.83-30.1.el6_8.x86_64 @updates
Dep-Install rsync-3.0.6-12.el6.x86_64 @base
Dep-Install setools-libs-3.3.7-4.el6.x86_64 @base
Dep-Install setools-libs-python-3.3.7-4.el6.x86_64 @base
Updated wikid-server-enterprise-4.2.0.b1977-1.noarch @/wikid-server-enterprise-4.2.0.b1977-1.noarch
Update 4.2.0.b2007-1.noarch @/wikid-server-enterprise-4.2.0.b2007-1.noarch
Loading mirror speeds from cached hostfile
* base: mirror.keystealth.org
* extras: mirror.linuxfix.com
* updates: mirror.sigmanet.com
Failed to downgrade: wikid-server-enterprise-4.2.0.b1977-1.noarch
Resolving Dependencies
–> Running transaction check
—> Package audit-libs-python.x86_64 0:2.4.5-3.el6 will be erased
—> Package libcgroup.x86_64 0:0.40.rc1-18.el6_8 will be erased
—> Package libsemanage-python.x86_64 0:2.0.43-5.1.el6 will be erased
—> Package policycoreutils-python.x86_64 0:2.0.83-30.1.el6_8 will be erased
–> Processing Dependency: policycoreutils-python for package: wikid-server-enterprise-4.2.0.b2007-1.noarch
—> Package rsync.x86_64 0:3.0.6-12.el6 will be erased
—> Package setools-libs.x86_64 0:3.3.7-4.el6 will be erased
—> Package setools-libs-python.x86_64 0:3.3.7-4.el6 will be erased
–> Running transaction check
—> Package wikid-server-enterprise.noarch 0:4.2.0.b2007-1 will be erased
–> Finished Dependency Resolution

Dependencies Resolved

===
Package Arch Version Repository Size
===
Removing:
audit-libs-python x86_64 2.4.5-3.el6 @base 279 k
libcgroup x86_64 0.40.rc1-18.el6_8 @updates 331 k
libsemanage-python x86_64 2.0.43-5.1.el6 @base 312 k
policycoreutils-python x86_64 2.0.83-30.1.el6_8 @updates 1.3 M
rsync x86_64 3.0.6-12.el6 @base 682 k
setools-libs x86_64 3.3.7-4.el6 @base 1.1 M
setools-libs-python x86_64 3.3.7-4.el6 @base 1.6 M
Removing for dependencies:
wikid-server-enterprise noarch 4.2.0.b2007-1 @/wikid-server-enterprise-4.2.0.b2007-1.noarch 99 M

Transaction Summary
===
Remove 8 Package(s)

Installed size: 104 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Stopping Tomcat server … Success!
TimeCop process already stopped.
wAuth protocol daemon already stopped.
RADIUS protocol daemon already stopped.
LDAP protocol not enabled.
Stopping Logger service … Success!
Stopping database … Success!
Erasing : wikid-server-enterprise-4.2.0.b2007-1.noarch 1/8
Erasing : policycoreutils-python-2.0.83-30.1.el6_8.x86_64 2/8
Erasing : setools-libs-python-3.3.7-4.el6.x86_64 3/8
Erasing : setools-libs-3.3.7-4.el6.x86_64 4/8
Erasing : audit-libs-python-2.4.5-3.el6.x86_64 5/8
Erasing : libcgroup-0.40.rc1-18.el6_8.x86_64 6/8
Erasing : libsemanage-python-2.0.43-5.1.el6.x86_64 7/8
Erasing : rsync-3.0.6-12.el6.x86_64 8/8
Verifying : rsync-3.0.6-12.el6.x86_64 1/8
Verifying : wikid-server-enterprise-4.2.0.b2007-1.noarch 2/8
Verifying : policycoreutils-python-2.0.83-30.1.el6_8.x86_64 3/8
Verifying : libsemanage-python-2.0.43-5.1.el6.x86_64 4/8
Verifying : setools-libs-python-3.3.7-4.el6.x86_64 5/8
Verifying : libcgroup-0.40.rc1-18.el6_8.x86_64 6/8
Verifying : audit-libs-python-2.4.5-3.el6.x86_64 7/8
Verifying : setools-libs-3.3.7-4.el6.x86_64 8/8

Removed:
audit-libs-python.x86_64 0:2.4.5-3.el6 libcgroup.x86_64 0:0.40.rc1-18.el6_8 libsemanage-python.x86_64 0:2.0.43-5.1.el6 policycoreutils-python.x86_64 0:2.0.83-30.1.el6_8
rsync.x86_64 0:3.0.6-12.el6 setools-libs.x86_64 0:3.3.7-4.el6 setools-libs-python.x86_64 0:3.3.7-4.el6

Dependency Removed:
wikid-server-enterprise.noarch 0:4.2.0.b2007-1

Complete!

Now, in my case, I was not able downgrade the software package directly, as you can tell from the “Failed to downgrade:” message for the wikid server, the heavy lifting was done.
All I had to do, is install the original package using yum, and I was back in business:

# yum install wikid-server-enterprise-4.2.0.b1977-1.noarch.rpm

And, start the application back up:

# wikidctl start

Samba – smbpasswd

CentOS: 7.x
Samba: 4.4.4

Just a quick note. If you want to list the users in your smbpasswd file, you can use the pdbedit command.

# pdbedit -L
No builtin backend found, trying to load plugin
Module ‘tdbsam’ loaded
username:1002:

Or, for more detailed output:

# pdbedit -L -v
No builtin backend found, trying to load plugin
Module ‘tdbsam’ loaded
—————
Unix username: username1
NT username:
Account Flags: [U ]
User SID: S-1-5-21-856554280-4097225363-552893113-1000
Forcing Primary Group to ‘Domain Users’ for username1
Primary Group SID: S-1-5-21-856554280-4097225363-552893113-513
Full Name:
Home Directory: \\server\username1
HomeDir Drive:
Logon Script:
Profile Path: \\server\username1\profile
Domain: SERVER
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 07:06:39 PST
Kickoff time: Wed, 06 Feb 2036 07:06:39 PST
Password last set: Thu, 19 Jan 2017 15:10:20 PST
Password can change: Thu, 19 Jan 2017 15:10:20 PST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
—————
Unix username: username2
NT username:
Account Flags: [U ]
User SID: S-1-5-21-856554280-4097225363-552893113-1001
Forcing Primary Group to ‘Domain Users’ for username2
Primary Group SID: S-1-5-21-856554280-4097225363-552893113-513
Full Name:
Home Directory: \\server\username2
HomeDir Drive:
Logon Script:
Profile Path: \\server\username2\profile
Domain: SERVER
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 07:06:39 PST
Kickoff time: Wed, 06 Feb 2036 07:06:39 PST
Password last set: Mon, 20 Mar 2017 16:08:57 PDT
Password can change: Mon, 20 Mar 2017 16:08:57 PDT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

You can add users to the smbpasswd file as follows:

# smbpasswd -a username3

More Exchange Management Shell commands

To set a forwarding address for a mailbox that will also deliver the message to the Identity’s mailbox:

Set-Mailbox -Identity identityname -DeliverToMailboxAndForward $true -ForwardingSMTPAddress “my@mail.address

Note: If DeliverToMailboxAndForward is $false, then the message will not be deliver to the Identity’s mailbox. Just forwarded.

To remove a forwarding address for a mailbox:

Set-Mailbox -Identity identityname -ForwardingSMTPAddress $null -ForwardingAddress $null

To list auto reply status for an account:

Get-MailboxAutoReplyConfiguration accountname | Format-List

To disable auto reply for an account:

Set-MailboxAutoReplyConfiguration accountname -AutoReplyState:disabled

To only restore the Inbox for a mailbox:

Restore-Mailbox -Identity restoreto -RecoveryDatabase recoverydbname -RecoveryMailbox restorefrom -Target targetfolder -IncludeFolders \Inbox

To disable a mailbox means to disconnect a mailbox from an account. It doesn’t remove either the account or the mailbox. All Exchange attributes will be removed from the account and the mailbox will be in a disabled state. Note: The mailbox does not immediatley show up in the disabled mailbox list until the Clean-MailboxDatabase process runs again. This periodically happens on the system, but can be forced with the Clean-MailboxDatabase command. To disable a mailbox:

Disable-Mailbox -Identity “Display Name

Update list of disabled mailboxes:

Clean-MailboxDatabase “Mailbox Database Name

To list all disabled mailboxes:

Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisconnectReason -eq “Disabled” }

To connect a mailbox to a user account:

Connect-Mailbox -Database DatabaseName -Identity “Mailbox Display Name” -User accountname

Note: For the Identity or User, you can use the Legacy DN. I found this useful, when I had two of the same Display Name mailboxes disabled at the same time. You can determine the Legacy DN using the following:

Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisconnectReason -eq “Disabled” | Select DisplayName,LegacyDN}

To check you send filter configuration:

Get-SenderFilterConfig

Note: This will override the current setting and only block the one address.
To block a user:

Set-SenderFilterConfig -BlockedSenders emailaddress

To block more than one:

Set-SenderFilterConfig -BlockedSenders emailaddress1,emailaddress2

To block an entire domain:

Set-SenderFilterConfig -BlockedDomains domainname

The BlockedSenders and BlockedDomains are “Multivalue properties”, so to add or remove entries instead of entering all them every time you just want to add one, you can do the following:

Set-SenderFilterConfig -BlockedSenders @{Add=”emailaddress1“, “emailaddress2“}

Or:

Set-SenderFilterConfig -BlockedDomains @Add={“domainname1“, “domainname2

Same idea to remove from the list:

Set-SenderFilterConfig -BlockedSenders @{Remove=”emailaddress1“, “emailaddress2“}

Or:

Set-SenderFilterConfig -BlockedDomains @Remove={“domainname1“, “domainname2

Managing message size:
Here are the places where sending and receiving message size can be managed:

Get-TransportConfig | FL

Get-ReceiveConnector | FL

Get-SendConnector | FL

Get-Mailbox mailbox | FL

You want too look at the MaxSendSize, MaxReceiveSize settings.

Get-TransportConfig | FT MaxSendSize, MaxReceiveSize

Get-ReceiveConnector | FT MaxMessageSize

Get-SendConnector | FT Name,MaxMessageSize

Get-Mailbox mailbox | FT Name,MaxSendSize, MaxReceiveSize

get-transportconfig | Set-TransportConfig -maxsendsize 15MB -maxreceivesize 15MB; get-receiveconnector | set-receiveconnector -maxmessagesize 10MB; get-sendconnector | set-sendconnector -maxmessagesize 10MB; get-mailbox | Set-Mailbox -Maxsendsize 10MB -maxreceivesize 10MB

To modify the limits:

Set-TransportConfig -MaxSendSize 100MB -MaxReceiveSize 100MB

Set-ReceiveConnector -MaxMessageSize 100MB

Set-SendConnector connectorname -MaxMessageSize 100MB

Get-Mailbox mailbox | Set-Mailbox -MaxSendSize 100MB -MaxReceiveSize=100MB

There is a way to limit the attachment size itself, but creating a transport rule:

New-TransportRule -Name GTHMaxAttachSize -AttachmentSizeOver 100MB -RejectMessageReasonText “This attachment is too big! What were you thinking?”

Distribution Groups:
Create a new group:
New-DistributionGroup -Name “group name” -Alias “groupalias” -OrganizationalUnit ‘oudn

Modify a group setting:
Set-DistributionGroup groupalias -RequireSenderAuthenticationEnabled $false

Update a group member:
Update-DistributionGroupMember groupalias -Members “emailaddress

Add a group member:
Add-DistributionGroupMember groupalias -Member “emailaddress

Remove a group member:
Remove-DistributionGroupMember groupalias -Member “emailaddress

Look at at distribution group:
Get-DistributionGroup groupalias | Format-List

Get the list of members in a distribution group:
Get-DistributionGroupMember groupalias | Format-Table

Check deleted item policy on a mailbox:
Get-Mailbox alias | Select Name,RetainDeletedItemsFor,RetainDeletedItemsUntilBackup

Return top

INFORMATION