Computers, Programming, Technology, Music, Literature

Archive for May 2014

Restoring TFS services after host name and domain binding changes

leave a comment »

 

This article was originally published for www.prowareness.com and could be located at http://www.prowareness.com/blog/restoring-tfs-services-after-host-name-and-domain-binding-changes/

 

I have a local TFS server set up for testing CI integration of certain tools. The database storage (sql server 2012 express), the application tier, the build agent, the controller everything set up in localhost. I am working with TFS 2012, which TFS services running under <<computername>>\TfsUser.

 

The computer was recently migrated to another domain, which involved the computer name change, and obviously the domain name change itself. That’s it. TFS services started with 503 Service unavailable. The TFS application pool was stopped, and never started again. The TFS Administrator Console was always throwing all sorts of error messages. I was not prepared for any of these changes, it took me some time to fix all of them and get the CI functionality working flawlessly again. Ironically, all these happened after I happily blogged about Migrate user profiles to new domain account in a jiffy with Profwiz. But, here I am documenting my steps one by one. If your (local) TFS server installation has incurred a domain change, you may find these steps helpful. You may be at best when you follow the steps sequentially. All the steps involve changing the old machine name to the new machine name and fixing the Windows identities.

 

1. Verify/Update the Application Tier web.config

Navigate to the TFS Application Tier Web Services folder, and edit the applicationDatabase appSettings value. The Data Source should be be <<newcomputername>>\databaseServer.

C:\Program Files\Microsoft Team Foundation Server 11.0\Application Tier\Web Services\web.config

image

 

2. Verify/Update the TFS sql server database Logins

I use <<machinename>>\TfsUser as an admin console user. Connect to the sql server where Tfs configurations are saved, Remove the logins with the old machine names. (If the old machine name’s Login exists, then it will result in a SID conflict later during other stages). Add new logins with the new <<machinename>>. Let them have sysadmin permissions.

“TF255507: The security identifier (SID) for the following SQL Server login conflicts with a specified domain or workgroup account: <<oldcomputername>>\user. The domain or workgroup account is: <<newcomputername>>\user.  The server selected to host the databases for Team Foundation Server is: <<newcomputername>>\sql2012express.
You can resolve this issue by renaming the conflicting login.”

image

 

3. Verify/Update the Tfs Application Pool identities

Make sure the Tfs Application Pools Microsoft Team Foundation Server Application Pool, and Microsoft Team Foundation Server Message Queue Application Pool in IIS runs under the <<newcomputername>>\<<yourIdentify>>. In my case it is TfsUser.

 

Screenshot_052314_062804_PM

4. iisreset at will. Couple of time during the entire troubleshooting process.

image

Try browsing to http://localhost:9000/tfs (or wherever your http://hostname:portnumber/tfs is),  you should be done here if you get the tfs Getting Started screen.

5. Dealing with Sync error for identity

However, If you encounter ‘The trust relationship between this workstation and the primary domain failed’, or the below errors, proceed.

TF53010: The following error has occurred in a Team Foundation component or extension:
Date (UTC): 15-05-2014 18:01:13
Machine: <<machinename>>
Application Domain: TfsJobAgent.exe
Assembly: Microsoft.TeamFoundation.Framework.Server, Version=11.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v4.0.30319
Service Host: 
Process Details:
  Process Name: TFSJobAgent
  Process Id: 3020
  Thread Id: 4640
  Account name: <<machinename>>\TfsUser

Detailed Message: TF200035: One or more errors occurred when Team Foundation Server attempted to synchronize the following identity: Administrators. Number of errors that occurred: 1.
++++++++++++++++++++++
Sync error for identity: Administrators
The trust relationship between this workstation and the primary domain failed
   at Microsoft.TeamFoundation.Framework.Common.SidIdentityHelper.ResolveSid(SecurityIdentifierInfo securityIdInfo, String& domain, String& userName, AccountType& type, Boolean& isDeleted, Boolean& migrated)
   at Microsoft.VisualStudio.Services.Identity.WindowsProvider.ResolveIdentity(IdentityDescriptor descriptor, String providerInfo, AccountSubType& subType, Boolean& migrated)
   at Microsoft.VisualStudio.Services.Identity.WindowsProvider.TrySyncIdentity(IdentityDescriptor descriptor, Boolean includeMembership, String providerInfo, TeamFoundationRequestContext requestContext, SyncErrors syncErrors, Identity& identity)
   at Microsoft.VisualStudio.Services.Identity.IdentitySynchronizer.SyncOneGroupMembership(TeamFoundationRequestContext requestContext, Identity groupToSync)

 

image

 

5.1

Ask your System administrator to Reset the computer account in AD. That is right click on the computer and do Reset Account.

Screenshot_051614_042936_PM

img src – http://deployhappiness.com/the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/

5.2

Then, Start –> Run –> sysdm.cpl , Hit the Network ID… button. Follow the steps to join the computer to a domain. This step would require a Domain Admins account, use your System Administrator’s or AD Administrator’s help, and complete the Join a Domain or Workgroup wizard.

image

Doing a Reset Account on AD computer account, and Joining it again to the domain via Network ID… made my ‘The trust relationship between this workstation and the primary domain failed’ error disappear.

6. Verify/Update Application Tier’s Notification URL, Server URL, Web Access URL

 

In Team Foundation Server Administration Console, Click Change URLs in Application Tier Summary, and update the Notification URL, Server URL to the <<newmachinename>>.

 

image

7. Unregister/Register the Build service with new machine name

Unregister the build service that uses the <<oldcomputername>>. Register a build service with the <<newcomputername>>. And do the same for the agent and the controller.

 

image

 

That’s should be it. At least the steps that I did to got my TFS installation working again. If you want to check the Check in, and build service, then follow the steps below.

8. Fixing the workspace conflict in Visual Studio TFS Client

Simple solution by Anand is to remove the current workspace the solution was bound to, so the VS TFS Client would automatically create one. I did not have any pending changes.

Open Developer Command Prompt for VS2012, run

C:\Program Files (x86)\Microsoft Visual Studio 11.0>tf workspaces

 

to see existing workspaces, and remove the workspaces bound to the <<oldcomputername>> with

C:\Program Files (x86)\Microsoft Visual Studio 11.0>tf workspaces /remove:<<oldcomputername>>

 

TFS client should connect fine now, and should have created a new workspace for you. Map the source control to the local directory.

 

Edit your build definition to update the Build Controller: to the newly created build controller.

image

 

Check in, and see your CI working again with all tests and other configured tools.

 

References:

http://social.msdn.microsoft.com/Forums/en-US/d261abe1-3008-4e8a-bf8a-ef249ee7d341/the-trust-relationship-between-this-workstation-and-the-primary-domain-failed?forum=tfssetup

http://deployhappiness.com/the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/

http://nakedalm.com/tf200035-sync-error-for-identity-with-tfs-2010/

Devouring Security: XML – Attack surface and Defenses

leave a comment »

 

 

 

 
 
 

Agenda:

 

·         XML today

·         XML/XPath injection – Demo

·         Compiled XPath queries

·         DTD use and abuse

          document validations

          entity expansions

          denial of service – Demo

          arbitrary uri access (egress)

          parameters

          file enumeration and theft – Demo

          CSRF on internal systems – Demo?

·         Framework defaults limits/restrictions

·         Mitigations

·         Lessons learned

·         Verifying your XML systems for potential threats

 

 

Note:

1.       All of them inclusive of sample code for exploits and prevention. Language(C#, Java, php)/Platform(Windows/Linux) agnostic wherever possible.

2.       It is imperative at this juncture, that you are aware of most attack scenarios against XML, because the framework defaults may not protect you, hence you may be vulnerable, you might have not found it yet.

3.       The session is a bit biased towards DTD abuse in XML systems, as the Injection concepts and remediation remain common in XML when compared to Sql injection.

Sql Injection testing for QA (testers)

leave a comment »

 

 

This video is for anyone that likes to know how to test an application for Sql Injection. The content and presentation was focussed on Quality Assurance personnel who are not penetration testers.

Agenda:
Context setting
Quick introduction –
GET/POST/PUT/DELETE
XML/SOAP/JSON
Browser addons for easy proxy switching
Intercepting proxies – Fiddler, OWASP ZAP, BurpSuite, ..?
Fuzzing and identifying vulnerable parameters
Code review pointers for Buddy testing
Demonstration Fiddler, ZAP, sqlmap, Sql Inject Me
Firsthand experience with Sqli tools (Vijay/Shashank)
Feedback

 

Related Blogs/Videos/Downloads:

Devouring Security – Sql Injection Part 2  | http://vimeo.com/85256464
Devouring Security – Sql Injection Part 1  | http://vimeo.com/83658524

Foxy Proxy

Chrome extension (open from chrome browser) – https://chrome.google.com/webstore/detail/foxyproxy-standard/gcknhkkoolaabfmlnjonogaaifnjlfnp?hl=en

Firefox Extenstion (open from Firefox) – https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

fiddler

http://www.telerik.com/download/fiddler

OWASP zap

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

sqlmap

http://sqlmap.org/

active python

http://www.activestate.com/activepython/downloads

Mantra browser

http://www.getmantra.com/download.html

Written by gmaran23

May 9, 2014 at 10:39 pm

Set password in Windows 7 Home premium – Ran out of options?

leave a comment »

 

This article was originally published for www.prowareness.com and could be located at http://www.prowareness.com/blog/set-password-in-windows-7-home-premium-ran-out-of-options/

 

 

By set password, I mean setting the password for a local user account without having to enter the current password. I was surprised that Windows 7 Home premium never had a way to do it via a GUI. The regular GUI options that allow you to set password would all be greyed out, or unsupported. Go to step 5 for NET USER command and set password from the command line.

 

1. control userpasswords2: Reset Password… button disabled

image

2. compmtmt.msc: Does not even show you Local Users and Groups

59ec17ecab307b2e23ade83cca4c80ae

3. lusrmgr.msc: This snapin may not be used with this version of Windows. [To hell with paying for a Home Premium license]

image

4. User Accounts –> Change Your Password [I have this bad hibernation habit, I seldom shutdown, and also have Disable Lock Computer group policy enabled]

image

5. Hail the command line options! NET USER works finally.

NET USER <<YourUserNameHere>> <<YourPasswordHere>>

Screenshot_050914_123649_PM

Written by gmaran23

May 9, 2014 at 2:39 pm

Run Commands, cpl, msc files for everyday use

leave a comment »

This article was originally published for www.prowareness.com and could be located at http://www.prowareness.com/blog/run-commands-cpl-msc-files-for-everyday-use/

A conversation like below, ended up in this blog

Sachin: Thanks, that shortcut helped. Could you give me some?
Maran: Sure
(few seconds later)
Maran: ykw Sachin, let’s make a list.
(few minutes later)
Maran: I think we should put it in a blog


 

These items are right off my head, most of these commands work from Win XP to Win 8. Memorize them, or use them everyday, so the new operating system changes does not bother you.

 

control

 Control panel

appwiz.cpl

 Add remove programs

desk.cpl

 Display settings

intl.cpl

 Region and language settings

inetcpl.cpl

 Internet Properties (Alt T + O in IE)

ncpa.cpl

 Network connections

firewall.cpl

 Windows firewall

sysdm.cpl

 System properties (Win + break)

timedate.cpl

 Date time settings

powercfg.cpl

 Power options (powercfg in command prompt)

control schedtasks

 Scheduled tasks

control userpasswords2

 User Accounts

control printers

 Printer

 

 

mmc

 Management console for snap-in creation (mother of all .msc files)

gpedit.msc

 group policy editor

diskmgmt.msc

 Disk management

devmgmt.msc

 Device manager

lusrmgr.msc

 Local user/group management

compmgmt.msc

 Computer management

services.msc

 Services

comexp.msc

 Com+ manager

certmgr.msc

 Certificate manager for current user (!important – only for current user,
not the machine)

 

 

regedit

 registry editor

rstrui

 system restore

eventvwr

 Event Viewer

inetmgr

 IIS

perfmon

 Performance monitor

taskmgr

 Task manager

msconfig

 System Configuration

dxdiag

 Direct X diagnostic tool

odbcad32

 ODBC data source administrator (if you remember DSN connections)

msinfo32

 System Information

 

 

shutdown -s -f -t 1

(-s shutdown, -f force -t time in seconds)

shutdown -h

hibernate

shutdown -r

restart

shutdown -l

logoff

logoff

logoff

winver

About windows

 

 

outlook

 MS outlook

powerpnt

 MS power point

winword

 MS word

excel

 MS excel

 

 

devmgmt

 Visual Studio

ssms

 Sql server management studio

notepad

 notepad

mspaint

 Paint

iexplore

 Internet explorer

firefox

 Firefox

chrome

 Chrome

 

 

Win + X

 Power user menu (only Windows 8 – accidental discovery by Sachin)

Win + P

Control monitors and projectors

Win + D

 Minimize windows  – toggle from minimize/maximize (Win + M for minimize, 
I don’t use it)

Win + E

Windows explorer

Win + L 

Lock computer

Win + U

Utilities / Ease of Access

Win + F

Find (Ctrl + E for search in most applications including outlook, explorer)

Win + G

Gadgets (although gadgets are discontinued)

 

Ok, I will stop now. The list has already grown than expected. Time to get back to work.

There’s a lot more that I don’t know of, refer to the below links:

http://pcsupport.about.com/od/tipstricks/a/control-panel-command-line.htm
http://support.microsoft.com/kb/192806
http://support.microsoft.com/kb/149648

Forgot to mention, if you have something that you use everyday, please add comments or contact me.

Written by gmaran23

May 8, 2014 at 10:45 pm

Posted in Windows

Tagged with , ,

Reverse engineer .Net assembly to a debuggable Visual Studio Project

leave a comment »

 

This article was originally published for www.prowareness.com and could be located at http://www.prowareness.com/blog/reverse-engineer-net-assembly-to-a-debuggable-visual-studio-project/ 

 

Skip the story

I have always wanted to build tools supporting the command like switches like the classic CONVERT command with switches like /FS:, /CvtArea:, and so on.  Couple of years back when I had to build one, I was in a hurry and my options for command line switch parsing (regex, or string splitting), didn’t look bright, back then; I went ahead with the regular string[] args array with no switches. For instance mine was like myprogram.exe ‘filename’ ‘30’, instead of the classic switch style command invoke myprogram.exe /filename:foo.file  /iterations:30. Yeah I know it was the past, and we wouldn’t want to retrospect always. Besides, nobody would have even noticed the work that would have gone behind such an effort because we all seem to like the GUI most of the time, but hey what about self content.

This time, while I was playing with the command line options of CAT.Net and FxCop, and I thought why not just disassemble and study their command line switch parser. These programs must have been written on .Net. So, I opened up CatNetCmd.exe in JustDecompile, created a project  out of it. Arguments.cs was the file I was after. Very neat command line switch parsing with SwitchHandler delegate. Well, so I had my first console application with switch enabled command line arguments. Ildasm.exe was the widely known option during the days of Inside C#, then came along .Net reflector (freeware then, commercial now). I seem to be biased to JustDecompile though, because of the Search, Ctrl+Click for Find Usages, Click to Go to Definition, on demand dll load prompt, and the Create Project… option that I present here.

 

Download the Free. For everyone. Forever JustDecompile from Telerik – http://www.telerik.com/products/decompiler.aspx. I am going to show you, how to create a Project out of CAT.Net, which is by default installed to C:\Program Files (x86)\Microsoft\CAT.NET\.

 

1. Right click CATNetCmd.exe and select Open with JustDecompile.

image_thumb[1][1]

 

2. Once the assembly is loaded in JustDecompile, just right click and just click Create Project…

Screenshot_050314_022447_PM_thumb[1]

image

 

image

Well, Well, Well, Open the solution file, and start debugging already!

image

Btw, if you are up against command line parsing, and looking for a ready made solution, try https://commandline.codeplex.com/.

Written by gmaran23

May 5, 2014 at 9:52 pm

unblock uploaded.net with hosts file entry

with 25 comments

,

Scroll to the solution section or click here if you want to skip some rant.

It’s May 1, I live in India, I desperately wanted to download some learning material, and uploaded.net is blocked here. Well, say ‘fuck’ to the government’s censorship. I used to think it was the imbecile firewall at my office, but when it tried at my home internet recently, IE gives PCBD, and chrome gives you bummer. I did not want to use a web proxy right off, because sometimes they just do not work with AJAX enabled, cookie enabled websites. And most of them do not support file downloads (at least in my experience, may be i haven’t tried harder).

I hate it when the security builders leave loopholes, and hide behind the face of the infamous dialog in the security industry ‘Nothing is 100% secure’. Well, you forgot the basics. When you block a website, you don’t block it based on the domain name. You got to be more advanced than a firewall using school kid.

I will show you a simple hosts file entry technique here to bypass the tyranny.

 

Wow, don’t I relish and cherish to be a computer engineer. Happy labor day.

 

Img src: http://www.imgion.com/images/01/Celebater-This-Day-With-Labour-.gif

 

Problem

When you try to access uploaded.net, you can’t connect to the server. Both http, and https equivalent of the links. Your nslookup, ping fails. Somehow you manage to get the up of uploaded.net from online dns lookup websites, and instead of http://uploaded.net you try the ip http://81.171.123.200/, even then you can’t connect.

Screenshot_050114_041052_PMScreenshot_050114_043104_PM

 

Solution

1. Go to you favorite DNS look up website, mine happens to me http://ping.eu/nslookup/

2. Look up http://uploaded.net and get the ip addess

Screenshot_050114_043343_PM

3. Add a hosts file entry to uploaded.net as 81.171.123.200. (Remember the ip address of uploaded.net may change from the time of this writing). Windows hosts file location C:\Windows\System32\drivers\etc\hosts. Linux hosts file location /etc/hosts. Open a notepad as admin (if UAC enabled in Windows Vista or abobe), use sudo in linux for your favorite text editor (gedit Smile with tongue out), if not running as root.

 

Screenshot_050114_043837_PM

4. Save the hosts file, breath the air of liberation. (and a free chick ad)

Screenshot_050114_044024_PM

5. Click the Free Download, or Premium Download (if you own a Villa, and not happen to be a miser)

6. Once your download link is generated, you get another bummer, this time the URL in the address bar happens to be a subdomain of uploaded.net with different IP address, and hence blocked. Hang on, let’s copy the complete FQDN of the server, and do a DNS look up at http://ping.eu/nslookup/

Screenshot_050114_044419_PM

7. DNS look up of http://fra-7m15-stor07.uploaded.net/ at http://ping.eu/nslookup yields an ip – 81.171.103.83. Add a host entry for the same server and ip. (Note: the download server may vary based on your location, make sure you copy the correct server name from the address for a dns lookup)

Screenshot_050114_044614_PM

image

8. Go back to your browser, hit the refresh button. See the magic.

image

 

Once again, happy labor day!

 

 

Update – Aug 9 2014 – Some commenter said it does not work anymore, so here’s a screenshot for you today. Still works.

image

Written by gmaran23

May 1, 2014 at 5:04 pm