How To Fix “no matching host key type found. Their offer: ssh-rsa,ssh-dss”

Posted on by
Reply

2023 Update: Recent versions of REHL have completely disabled DES which can cause issues even when using the +ssh-rsa or +ssh-rsa. You can use the following command to enable SHA1, however, upgrading the server would be recommended. 

update-crypto-policies --set DEFAULT:SHA1

Reason for it not working is some of the older weaker SSH encryption algorithms have been disabled. You can allow ssh to use it by specifying the following option.

 -oHostKeyAlgorithms=+ssh-dss

The whole command would look like

ssh  -o HostKeyAlgorithms=+ssh-dss root@192.168.111.4

http://www.openssh.com/legacy.html

https://askubuntu.com/questions/836048/ssh-returns-no-matching-host-key-type-found-their-offer-ssh-dss#836064

cPanel unable to access locally hosted domains

Posted on by
Reply

Check and verify that DNS is not being blocked upstream by a firewall. Behavior is weird, the server can get out to the internet, access to the servers IP address is available, but can’t ping domains that are locally hosted. Are also unable to ping the domains from the internet in.

To resolve the issue either disable the DNS firewall rules, or better yet add some rules to allow access to the cPanel server.

Mikrotik hAP – Change SSID via command line

Posted on by
Reply

Problem – Need 2.4 Ghz network enabled and SSID set to WiFi. Wireless router is behind a NAT, using UNMS to ssh into the radio, and from the radio ssh into hAP. Enter/Return key not working to run commands, so running the commands over ssh from the radio.

WA.v8.4.2# ssh admin@192.168.88.2  'interface wireless print'
admin@192.168.88.2's password: 
Flags: X - disabled, R - running 
 0    name="wlan1" mtu=1500 l2mtu=1600 mac-address=74:4D:28:0F:69:B3 
      arp=enabled interface-type=Atheros AR9300 mode=station ssid="MikroTik" 
      frequency=2412 band=2ghz-b/g channel-width=20mhz secondary-channel="" 
      scan-list=default wireless-protocol=any vlan-mode=no-tag vlan-id=1 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      bridge-mode=enabled default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no 
      security-profile=default compression=no 

 1  R name="wlan2" mtu=1500 l2mtu=1600 mac-address=74:4D:28:0F:69:B2 
      arp=enabled interface-type=Atheros AR9888 mode=ap-bridge ssid="WiFi" 
      frequency=5180 band=5ghz-n/ac channel-width=20mhz secondary-channel="" 
      scan-list=default wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      bridge-mode=enabled default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no 
      security-profile=default compression=no 

WA.v8.4.2# ssh admin@192.168.88.2  'interface wireless set disabled=no ssid=WiFi wlan1'
admin@192.168.88.2's password: 
WA.v8.4.2# ssh admin@192.168.88.2  'interface wireless print'
admin@192.168.88.2's password: 
Flags: X - disabled, R - running 
 0    name="wlan1" mtu=1500 l2mtu=1600 mac-address=74:4D:28:0F:69:B3 
      arp=enabled interface-type=Atheros AR9300 mode=station ssid="WiFi" 
      frequency=2412 band=2ghz-b/g channel-width=20mhz secondary-channel="" 
      scan-list=default wireless-protocol=any vlan-mode=no-tag vlan-id=1 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      bridge-mode=enabled default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no 
      security-profile=default compression=no 

 1  R name="wlan2" mtu=1500 l2mtu=1600 mac-address=74:4D:28:0F:69:B2 
      arp=enabled interface-type=Atheros AR9888 mode=ap-bridge ssid="WiFi" 
      frequency=5180 band=5ghz-n/ac channel-width=20mhz secondary-channel="" 
      scan-list=default wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      bridge-mode=enabled default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no 
      security-profile=default compression=no 

WA.v8.4.2# ssh admin@192.168.88.2  'interface wireless registration-table print'
admin@192.168.88.2's password: 
 # INTERFACE           RADIO-NAME       MAC-ADDRESS       AP  SIGNAL... TX-RATE
 0 wlan2                                A7:32:54:EE:E4:35 no  -77dBm... 18Mbps 
 1 wlan2                                34:7A:F4:43:AD:81 no  -69dBm... 6Mbps  

WA.v8.4.2# exit

An Experiment in Randomness

Posted on by
Reply

You can print a random number between 1-10 with the following command.

echo $((( RANDOM % 10 )+1))

Creating random numbers

If you change it so the output is between 0-9 you get decently even results.

cat /dev/null > random.txt && cat /dev/null > random2.txt && for ((i=0; i<=9999;i++)); do echo $((( RANDOM % 10 ))) >> random.txt ; done && for ((i=0; i<=9;i++)); do echo $(grep -c $i random.txt) $i; done  |  sort -n

Note that you can change the command to be between 1-10, but all the 1’s in 10 will get grepped and counted as 1’s.

The above command should return something similar to the following. Sorted by lowest occurrences first.

943 5
945 8
985 7
996 2
997 6
1005 3
1012 9
1016 4
1033 0
1068 1
admin@localhost:~$

We can plot them in LibreOffice Calc.

Plot with GnuPlot

Gnuplot is another utility that you can use to plot numbers. Example is below.

cat /dev/null > random.txt && cat /dev/null > random2.txt && for ((i=0; i<=9999;i++)); do echo $((( RANDOM % 10 ))) >> random.txt ; done && for ((i=0; i<=9;i++)); do echo $i $(grep -c $i random.txt) ; done  |  sort -n | gnuplot -p -e 'plot "/dev/stdin"'

Crack LUKS volume with Hashcat

Posted on by
Reply

Install hashcat

apt install hashcat

Find LUKS Volume

bob@localhost:~/$ dmesg
...
[ 1057.776074] sd 0:0:0:0: [sda] Write Protect is off
[ 1057.776074] sd 0:0:0:0: [sda] Mode Sense: 43 00 00 00
[ 1057.776593] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 1057.780234]  sda: sda1
[ 1057.783346] sd 0:0:0:0: [sda] Attached SCSI removable disk
bob@localhost:~/$

From the above we see that the drive we just pluGged into the system is “sda” so our path and partition is “/dev/sda1”

Run hashcat

The following command will run hashcat against “/dev/sda1”, change if the encrypted partition is different. Mode is to brute force every 8 numeric character combination. Refer to the following link to learn more about mask attacks.
https://hashcat.net/wiki/doku.php?id=mask_attack

Note: You should be able to dump the header and work off of that as well.

sudo hashcat -a 3 -m 14600 /dev/sda1 ?d?d?d?d?d?d?d?d

Create LUKS Encrypted Thumb Drive

Posted on by
Reply

Find the thumb drive with lsblk, dmesg, or sudo fdisk -l. In the following examples we are using /dev/sdc1, replace as needed.

sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdc1
sudo cryptsetup luksOpen /dev/sdc1 encrypted_usb
sudo mkfs.ext4 /dev/mapper/encrypted_usb

Now we can mount the drive. We are mounting it to /mnt change if needed.

sudo mount /dev/mapper/encrypted_usb /mnt

Or go ahead and close the channel and remove the drive

sudo cryptsetup luksClose /dev/mapper/encrypted_usb

Command Explanation

sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdc1

Wipe /dev/sdc1 and set the password when prompted for it.

sudo cryptsetup luksOpen /dev/sdc1 encrypted_usb

Open up a secure channel to the drive, and decrypt it so we can access it

sudo mkfs.ext4 /dev/mapper/encrypted_usb

Using the channel we created in the previous command, we can now format the drive.

sudo cryptsetup luksClose /dev/mapper/encrypted_usb

We can now close the channel for the drive and remove it.

Extract Android backup

Posted on by
Reply

https://stackoverflow.com/questions/18533567/how-to-extract-or-unpack-an-ab-file-android-backup-file

Install Android Backup Toolkit

wget https://downloads.sourceforge.net/project/adbextractor/android-backup-tookit-20180521.zip
unzip android-backup-tookit-20180521.zip
cd android-backup-tookit/android-backup-extractor/android-backup-extractor-20180521-bin

Unpack backup. Changes it from an ab to a tar file

java -jar abe.jar unpack ~/path/to/backup.ab ~/path/to/backup.tar

After thats complete, you can untar it. Change Desktop to the path you want to extract to.

tar -xvf ~/path/to/backup.tar -C ~/Desktop/

Show human readable time in dmesg

Posted on by
Reply

The -T option lets dmesg show user readable time.

Example:

$ dmesg -t
...
[Sat Nov 15 12:15:12 2019] CPU1: Package temperature/speed normal
[Sat Nov 15 12:14:12 2019] CPU3: Package temperature/speed normal
[Sat Nov 15 12:14:12 2019] CPU0: Package temperature/speed normal
[Sat Nov 15 12:14:12 2019] CPU4: Package temperature/speed normal
$

dmesg time options

$ dmesg -h | grep time
  -d, --show-delta            show time delta between printed messages
  -e, --reltime               show local time and time delta in readable format
  -T, --ctime                 show human-readable timestamp (may be inaccurate!)
  -t, --notime                don't show any timestamp with messages
      --time-format   show timestamp using the given format:
                                [delta|reltime|ctime|notime|iso]
Suspending/resume will make ctime and iso timestamps inaccurate.