AntiBruteRDP is a simple tool to block bruteforce attempts on your Windows Servers running RDP. Most people will say that, why have it running in the first place? Well, there are times that you will[...]
Hey guys, just wanted to share how I would bypass the android lockscreen on rooted devices that have usb debugging enabled.
It has always been a security issue for rooted devices, which mostly ar[...]
Setting up WireGuard VPN on UniFi Dream Machine Pro (UDM Pro)
Having access to my home network from anywhere is the key to have my arsenal on demand. Be it for a quick look in a text file on my pc, or to remotely troubleshoot my devices, I should be able to access them when the time comes. But accessibility comes with a significant risk of security. No one should ever expose their private network without any layer of security. I have seen most successful attack originating from the internet is due to low security or no security at all.
It is advisable to have some layer of security to mitigate the risk and implement a layer 2 VPN for the connection. I have used OpenVPN previously but WireGuard is all the buzz now. My setup is very simple, which I will be setting up my UDM Pro as the WireGuard server and my phones as the clients.
Before you proceed, you must have a good understanding of networking to be able to understand how and why the configuration is done as is. This diagram visualizes what my setup is.
Installing WireGuard Kernel Mode for UDM Pro
Open an SSH connection to your UDM Pro, and download the latest wireguard-kmod. Please check the link below if you do not know how to enable SSH on the UDM Pro
When the download completes, run this to extract the contents to /mnt/data
# tar -C /mnt/data -xvzf wireguard-kmod.tar.Z
cd into /mnt/data/wireguard and run the script setup_wireguard.sh once the extraction is complete.
# ./setup_wireguard.sh
loading wireguard...
This will basically will symlink to the wg binaries and /etc/wireguard and load the kernel modules. You should see something like this in dmesg.
wireguard: WireGuard 1.0.20210219 loaded. See www.wireguard.com for information.
wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
To be able to make it persistent across reboot, you have to run the script on boot. You need to do this in the UniFi OS directly running the below command.
# unifi-os shell
Download udm-boot_1.0.5_all.deb, install it and exit.
Configuration is quite easy compared to other setups. There is a sample file provided, and you can use that as a start.
# cp /etc/wireguard/wg0.conf.sample /etc/wireguard/wg0.conf
# vi /etc/wireguard/wg0.conf
You will need to generate the key using included wg bin.
Generate the keypair for UDM Pro first
# wg genkey | tee udmprivatekey | wg pubkey > udmpublickey
And generate the keypair for my phone
# wg genkey | tee phoneprivatekey | wg pubkey > phonepublickey
The contents of the files are the key for both configurations.
As I mentioned earlier, my setup only for my phone to access my home network. My wg0.conf on UDM Pro looks like this.
[Interface]
Address = 172.16.20.1 #the LAN interface IP on UDM Pro
PrivateKey = udmprivatekey #contents of udmprivatekey
ListenPort = 44333 #port to listen for connection
[Peer]
PublicKey = phonepublickey #contents of phonepublickey
AllowedIPs = 172.16.20.0/24 #my local network subnet
# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25
That’s the basic config needed for the server part (UDM Pro).
Some of you may find this is hard, so you would better off using this config generator
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 172.16.20.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
You can also check the status using wg
# wg
interface: wg0
public key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
private key: (hidden)
listening port: 44333
peer: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
endpoint: 10.243.45.111:44334
allowed ips: 10.10.10.2/32
latest handshake: 2 seconds ago
transfer: 11.65 MiB received, 151.40 MiB sent
persistent keepalive: every 25 seconds
Stop tunnel
To stop the tunnel, run
# wg-quick down wg0
Before you start connecting, you need to allow incoming wireguard packet through the configured listen port, which in my case is 44333, you can change it to suit your environment.
Depending on your UDM Pro UI, you need to configure a firewall rule on you WAN LOCAL. Please refer here how to get there.
There’s also an update on arm.slackware.com site, says that alienBOB is working on Slackware ARM hard float port….
Slackware ARM hard float port now in progress
By mozes on 02-Apr-2013
Eric Hameleers (alienBOB of the Slackware Core team) has begun a 32-bit ARM hard float port of Slackware. This port will allow Slackware users to maximise the performance of the newest ARM devices (ARMv7 and greater). The project is currently focusing on supporting the Samsung 2012 ARM Chromebook.
So i guess later on the whole process might be a little simple than the previous one. here’s the link to his blog.
OK basically this is just to share how I compiled dsniff 2.4 in my box.
wget http://monkey.org/~dugsong/dsniff/beta/dsniff-2.4b1.tar.gz
tar -zxf dsniff-2.4b1.tar.gz cd dsniff-2.4
./configure
./make
during make, I encountered this error.
Error
./sshow.c:226: error: (Each undeclared identifier is reported only once
./sshow.c:226: error: for each function it appears in.)
./sshow.c: In function 'server_to_client':
./sshow.c:274: error: 'CLK_TCK' undeclared (first use in this function)
Below is the fix.
You have to use CLOCKS_PER_SEC instead of CLK_TCK.
According to /usr/include/time.h, CLK_TCK is the “obsolete POSIX.1-1988 name” for CLOCKS_PER_SEC.
Please also change this.The function arp_cache_lookup does not use the correct interface when running under Linux .. it always uses interface “eth0”.
cd to dsniff-2.4, find arp.c and edit the following:
strncpy(ar.arp_dev, "eth0", sizeof(ar.arp_dev));
to
strncpy(ar.arp_dev, "wlan0", sizeof(ar.arp_dev));
Save the file and recompile dsniff.
hehe…tadi bos aku suh try test celcom broadband nye speed. So aku pun try la *censored* dlm windows. Slow gile… 0.1Mbps je kot download. Pastu la ni nak try lak online guna Slack.
Simple jek nak online broadband gune linux. Konsep dia sama dgn PPP punya connection. Since aku guna Slackware 13, aku try nak guna wvdial je utk connect.
nak install wvdial ni korang kene install dulu wvstream library. Aku guna build dari slackbuild je.
IÂ was setting up samba to allow my shares available for windows users. However, i got frustated when if failed to start. IÂ was wondering what could cause it since from previous 12.2 slack it was ok.
I started checking the logs in /var/log/samba/* and tried to dismantle through the errors.
[2009/09/04 15:48:13,0] smbd/server.c:main(1210)
smbd version 3.2.13 started.
Copyright Andrew Tridgell and the Samba Team 1992-2009
[2009/09/04 15:48:13,0] lib/messages_local.c:messaging_tdb_init(96)
ERROR: Failed to initialise messages database: No such file or directory
[2009/09/04 15:48:13, 0] lib/messages.c:messaging_init(204)
messaging_tdb_init failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
[2009/09/04 15:48:13,0] lib/util.c:smb_panic(1670)
PANIC (pid 24728): Could not init smbd messaging context
[2009/09/04 15:48:13,0] lib/util.c:log_stack_trace(1774)
BACKTRACE: 6 stack frames:
#0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7d29724]
#1 /usr/sbin/smbd(smb_panic+0x80) [0xb7d29881]
#2 /usr/sbin/smbd(smbd_messaging_context+0x64) [0xb7f6785f]
#3 /usr/sbin/smbd(main+0x6ac) [0xb7f69651]
#4 /lib/libc.so.6(__libc_start_main+0xe5) [0xb762d6a5]
#5 /usr/sbin/smbd [0xb7b12921]
[2009/09/04 15:48:13,0] lib/fault.c:dump_core(201)
dumping core in /var/log/samba/cores/smbd
core dump? oh shit, not another bug… damn.. It made me disbelief as it was working fine before….
I did numerous test to pin down the root cause.
Started samba without smb.conf – smbd and nmbd did not run
Started samba with dummy smb.conf – smbd and nmbd runs
Started samba with updated smb.conf – smbd and nmbd did not run
Then i realized that the problem lies in the smb.conf file. I checked the /etc/samba/smb.conf  file. I run testparm to check what could be the problem.
bash-3.1# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[shared]"
Loaded services file OK.
ERROR: lock directory file:///var/cache/samba does not exist
ERROR: pid directory file:///var/run does not exist
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
(input truncated.....)
bash-3.1#
What the f u ck man! I knew it when i first saw it. The file:// is appending at every directory configurations.
I quickly remove every occurance of file:// and restarted samba and hell yeah! It resolve the problem.
bash-3.1# /etc/rc.d/rc.samba start
Starting Samba:Â /usr/sbin/smbd -D
        /usr/sbin/nmbd -D
bash-3.1#
How the hell does the config change like that?
Well, its kde4 samba settingbug…damn..should have go through *all bug lists* first.. hahahah
The fix would be in KDE 4.3.0. However if you have the sources, just update with the latest SVN.
