Install etherwake with
apt install etherwake -y
After it is installed, run etherwake with the target mac address.
etherwake AA:BB:CC:00:11:22
How To send Wake on LAN (WoL) packets to Device from Ubiquiti UDM/CloudKey
Reply
How to Add a User from Windows Command Prompt
Adding a user from a Windows command prompt is easy. We can use the net user command. Specify the username and password, append a /ADD and we are off to the races.
net user username password /ADD
Example Command.
net user incredigeek mysecurepassword /ADD
https://www.windows-commandline.com/add-user-from-command-line/
How to Create a Preshared Key for Wireguard
You may have encountered a Mikrotik error when trying to create preshared key
Couldn't change wireguard peer<> - invalid preshared key (6)
This is because a Wireguard preshared key needs to be 256bit (32 byte) base64 encoded key. We have a couple different ways we can generate the correct format.
1. Use Openssl to generate a random 32 byte password
openssl rand 32 | base64
2. Create a 31 character password and base64 encode it
echo Thisisthepassword31characterslo | base64 VGhpc2lzdGhlcGFzc3dvcmQzMWNoYXJhY3RlcnNsbwo=
Now we can take this and add it to our config. The config option is
PresharedKey = VGhpc2lzdGhlcGFzc3dvcmQzMWNoYXJhY3RlcnNsbwo=
How to Shutdown Windows Subsystem for Linux WSL Without Rebooting Windows
Shutting down Windows Subsystem for Linux is super easy. Open up a Command Prompt and run
wsl --shutdown
and to start it back up, search for your Ubuntu, or other Linux prompt
How To Play an Audio file in JavaScript
Here is a quick and simple way to play an audio clip in JavaScript
const audio = new Audio('path/to/audio.mp3')
audio.play()That is literally it.
You can set “audio.play()” to where ever you need in your code so it gets triggered when needed.
https://stackoverflow.com/questions/9419263/how-to-play-audio
JavaScript – The media resource indicated by the src attribute or assigned media provider object was not suitable.
If you receive the following error,
The media resource indicated by the src attribute or assigned media provider object was not suitable.
It could be because your media file is not supported. Try converting your audio file to a different format.
Operation Triangulation – iOS Zero-click APT Exploit Info
Quick Summary: Operation Triangulation is an iOS zero-click exploit that will self destruct, looks to have been used since at least 2019, works on iOS 15.7, unsure if it works on iOS 16. Can collect location, mic recordings, photos, and manipulate iMessages. First point of entry is from an iMessage message, that compromises the device, after compromise, the message gets deleted.
https://securelist.com/operation-triangulation/109842/
Links for checking for infection.
https://securelist.com/find-the-triangulation-utility/109867/
https://github.com/KasperskyLab/triangle_check
The following is a list of C&C domains from the securelist.com article. Did a quick DNS lookup for each domain and they currently have the following records & IP addresses. Note that these can change at any time and some of the IP addresses are/can be shared with other legitimate websites if it is on a shared hosting provider.
addatamarket.net - sandy.ns.cloudflare.com, doug.ns.cloudflare.com - No A records, or TXT backuprabbit.com - nelci.ns.cloudflare.com, morgan.ns.cloudflare.com - No A records, or TXT businessvideonews.com - ns2.dnsowl.com, ns3.dnsowl.com, ns1.dnsowl.com - 198.251.81.30, 209.141.38.71, 107.161.23.204 cloudsponcer.com - Cloudflare, kipp.ns.cloudflare.com, joyce.ns.cloudflare.com datamarketplace.net - ns78.domaincontrol.com, ns77.domaincontrol.com, 34.98.99.30 mobilegamerstats.com - ns1.bitdomain.biz, No A records, TXT=v=spf1 redirect=_spf.mailhostbox.com snoweeanalytics.com - cody.ns.cloudflare.com, arlee.ns.cloudflare.com - 104.21.76.6, 172.67.184.201 tagclick-cdn.com - ns4.bitdomain.biz, ns3.bitdomain.biz, ns2.bitdomain.biz, ns1.bitdomain.biz - No A records, TXT=v=spf1 redirect=_spf.mailhostbox.com" topographyupdates.com - nero.ns.cloudflare.com, dalary.ns.cloudflare.com - 104.21.27.67, 172.67.141.199 unlimitedteacup.com - nelci.ns.cloudflare.com, javon.ns.cloudflare.com - 104.21.55.58, 172.67.145.72 virtuallaughing.com - elaine.ns.cloudflare.com, braden.ns.cloudflare.com - 104.21.60.240, 172.67.202.140 web-trackers.com - dns1.registrar-servers.com, dns2.registrar-servers.com - 15.164.228.250 growthtransport.com - ns3.dnsowl.com, ns2.dnsowl.com, ns1.dnsowl.com - 198.251.81.30, 107.161.23.204, 209.141.38.71 anstv.net - ns64.domaincontrol.com, ns63.domaincontrol.com. - 93.90.223.185 ans7tv.net - ns37.domaincontrol.com,ns37.domaincontrol.com - 93.90.223.185
List of domains
addatamarket.net backuprabbit.com businessvideonews.com cloudsponcer.com datamarketplace.net mobilegamerstats.com snoweeanalytics.com tagclick-cdn.com topographyupdates.com unlimitedteacup.com virtuallaughing.com web-trackers.com growthtransport.com anstv.net ans7tv.net
List of IPv4 addresses used
107.161.23.204 198.251.81.30 209.141.38.71 34.98.99.30 172.67.184.201 104.21.76.6 172.67.141.199 104.21.27.67 172.67.145.72 104.21.55.58 104.21.60.240 172.67.202.140 15.164.228.250 209.141.38.71 198.251.81.30 93.90.223.185
Bash command to get an updated IP address list. bad.txt contains all the above domain names.
for i in `cat bad.txt` ; do dig $i a +short >> badips.lst; doneCheck DNS logs
If you have a DNS server, you can check to see if there has been any name resolution by using the following. Change named.log to your dns log
# list=""addatamarket.net" "backuprabbit.com" "businessvideonews.com" "cloudsponcer.com" "datamarketplace.net" "mobilegamerstats.com" "snoweeanalytics.com" "tagclick-cdn.com" "topographyupdates.com" "unlimitedteacup.com" "virtuallaughing.com" "web-trackers.com" "growthtransport.com" "anstv.net" "ans7tv.net"" # for domain in $list; do echo $domain && sudo grep -i $domain /var/log/named.log; done
Setup Mikrotik capture traffic
Mikrotik packet sniffer settings to capture traffic coming or going to the above IP addresses.
/tool sniffer
set file-limit=32000KiB file-name=Triangulation filter-ip-address="107.161.23.20\
4/32,198.251.81.30/32,209.141.38.71/32,34.98.99.30/32,172.67.184.201/32,104.\
21.76.6/32,172.67.141.199/32,104.21.27.67/32,172.67.145.72/32,104.21.55.58/3\
2,104.21.60.240/32,172.67.202.140/32,15.164.228.250/32,209.141.38.71/32,198.\
251.81.30/32,93.90.223.185/32"
You can then start the sniffer by running Tools -> Packet Sniffer Settings -> Start
or run
/tool/sniffer/start
Resolution
Apple issued an update that fixes the kernel part of the vulnerability.
https://securelist.com/triangledb-triangulation-implant/110050/
Wireshark – Please turn off promiscuous mode for this device
Recently received the following error while trying to do a packet capture on windows.
There are two solutions to this problem
- Disable promiscuous mode for the adapter
- Update Npcap
Disable Promiscuous mode
“Please turn off promiscuous mode for this device”
You can turn on promiscuous mode by going to Capture -> Options
Uncheck promiscuous
And click Start
Update Npcap
If you need promiscuous mode on, then look at installing a newer version of Npcap
Restart Wireshark, and Start a capture.
https://ask.wireshark.org/question/30138/please-turn-off-promiscuous-mode-for-this-device/
JavaScript Basic Spread and Rest (…) usage
The Spread and Rest operators i.e. the three dots (…) can be used to make code cleaner and more concise.
Difference between Spread and Rest
Spread: Works on elements on the right side of the = operator, and breaks them out into individual elements.
Rest: Works on the left hand side of the = operator, and compresses them into an array.
Using Spread to Iterate over Arrays
Spread works on iterables like strings, arrays, maps and sets.
The spread operator operates similar to taking all the elements out of an array and operating on them or writing them to a new array. Say for instance we have an array of computers and we want to log each element to the console.
const computersA = ['Acer', 'Apple', 'ASUS']We can log each element by running
console.log(computersA[0], computersA[1], computersA[2])Or we can use the spread operator
console.log(...computersA)The output is the same.
Joining Arrays
We can also use the spread operator to join two arrays together. Say we have two arrays
const computersA = ['Acer', 'Apple', 'ASUS']
const computersB = ['HP', 'Dell', 'Lenovo']And we want to concatenate them together. We can do that simply by
const computerAll = [...computersA, ...computersB]Rest Example
Rest is simply the opposite of spread. Spread take an item like an array and expands it out into elements we can use. Rest takes elements and packs them into an array. This can be extremely helpful if we want to pass in an unknown amount of elements into a function for processing.
const computersA = ['Acer', 'Apple', 'ASUS']function writeToLog (...arr) {
for (const element of arr) {
console.log(element)
}
}Now we can call the function with as many elements in the array and they will all get logged to the console.
writeToLog('Razer', 'Alienware', 'Legion')We could also use both the Spread and Rest functions
const gamingLaptops = ['Razer', 'Alienware', 'Legion']
writeToLog(...gamingLaptops)Now as we add more laptops to the gamingLaptops array, the function will automatically process the line and write to console.
https://www.freecodecamp.org/news/three-dots-operator-in-javascript/
Notes on Setting up a Cambium 850C PTP
These are set up a bit weird compared to normal WISP radio equipment. The default IP address is 192.0.2.1 for the radio. So you need to set a 192.0.2.3 with a subnet of 255.255.255.240. Looks like it is usually only accessible via the management port and you need to make or buy a special patch cable.
https://community.cambiumnetworks.com/t/physical-reset-on-ptp850c/88884/2
The User Guide is available here
https://www.cambiumnetworks.com/wp-content/uploads/2021/07/PTP-850-C-E-S-User-Guide-11.5.pdf
You can download the Installation Guide from here
https://support.cambiumnetworks.com/file/5034c6e4b584c5d40429a163cef0d7a6257f8dc3
Both those documents show how to install and get into the device.