Archive for the ‘Uncategorized’ Category

Joomla “unintentionally” (I guess) decided to break the Joomla admin panel if you’re running an outdated version reached end of support date. Sorry to disappoint you, but sometimes migration takes time!

If you are running an old version of Joomla with on PHP 7.2 or less, you should’ve started seeing this since November 30, 2020. If you try try to login to the Admin Panel, after you enter your credentials, you’ll get a blank page with no indication of what’s going on. Your first thought would be, have I been pawned! Your next action will be to check your homepage which will be fine.

It turns out that Joomla has set a version check whenever before it loads the Admin Panel components to show you a warning message. That’s all good but the crooks of the matter is if the End of Support (eos) date is reached, it’ll fail to load other components, rendering your Admin panel not loaded. The intention is good to warn you on sunsetting PHP 7.2, but not that great!

Anyway, to fix the issue, change the eos date (line 134) to 2021 🙃🤭

The path of the file should be: public_html/plugins/quickicon/phpversioncheck/phpversioncheck.php

That should fix the issue and you should consider seriously migrating to a newer version or a different platform asap.

If you’re wondering how to find this type of issues, here is what you need to do:

  • If you have shared hosting, create a file and name it php.ini, the add these 2 lines:
    • display_errors = On
    • error_reporting = E_All & ~E_NOTICE & ~E_STRICT
  • edit the index.php in the main folder for the site (in my case it was under public_html/index.php) and add this line in line 2 after the opening of <?php
    • ini_set(‘display_errors’, TRUE); error_reporting(E_ALL);
  • Edit configuration.php in the home directory to set error reporting to development mode
    • Change $error_reporting from ‘none’ to ‘development’
  • Now last step is, try to login and repeat the actions to trigger the logging
  • Then, go check the log file under public_html/Administrator/error_log
    • Review carefully based on timestamp and you should find what causes the issue 🙂

Don’t forget to reverse the actions you performed above (comment out what you added, change development to none, comment out the parts you added to the php.ini).

Good luck!

It’s always good to have a one-stop-shop when you try to host a website or application online. But, that might not be the best bang for your buck. So, you will end up hosting the application with a vendor, having your domain managed by a different one, and maybe you’re using G-suite or O-365 as your email system; and this is my case to pick and choose the best options depending on business requirements and potential growth. So, I’ve decided to use https://domains.google to be my domain registrar for a client that I worked with. Though, it comes with challenges sometimes.

Google domains provide cheap, lightning-fast, and intuitive service as compared to other service providers. It cost me $12 a year per domain. You get all features offered by other registrars plus 2-factor authentication to protect your dashboard.

One of the challenges would be the need to create manually MX records based on your service provider, create A records for your domain as well as sub-domains. When you create a sub-domain from cPanel, you need to create a record to point to the newly created folder (sub-domain). To do so, follow the steps below:

  1. Login to https://domains.google
  2. Go to DNS
  3. Scroll down until you get Custom records
  4. In the first box type the name of the sub-domain (in my case, the sub-domain is “test.mysite.com” so you should type test)
  5. In the second box select the record type which is (A record)
  6. In the third box, you can leave the default value (1H)
  7. In the fourth box, type in the IP address of the server (this should be the same as the IP address in www and @)
  8. Now, save and test by going to the link from a browser (http://test.mysite.com). It should work like a charm!

One cheap and easy way for a disk acquisition without the need to buy an expensive physical write-blocker is using a USB external drive or a cable-connecting device (USB IDE/SATA external connector) along with changing the Windows Registry key to enable write-protection.

To update the registry, there are 3 tasks:

  1. Backup the Registry in case something fails while modifying the keys.
  2. Modify the Registry key to enable the write-protection feature.
    1.   Go to (\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet)
    2. Right-Click the Control Key -> New -> Key
    3. Type in the Key Name: StorageDevicePolicies
    4. Press Enter
    5. Right-Click the newly created key called StorageDevicePolicies -> New -> DWORD Value
    6. Type at the right side, WriteProtect
    7. Press Enter
    8. Right-Click the newly created Dword value and click on Modify
    9. Change the value from 0 to 1
    10. Click OK

NOTE: you can export the key and save it for future uses to simplify the process of updating the Registry Key and also to minimize error every time you need to write-block a USB device.

  1. Save the exported Registry Files for future uses.

 

For more information, search for “USB Registry write-blocker”

 

 

Source: GCFI, ed4, Ch4

Dealing with digital evidence falls under the Murhpy’s Law: “If anything can go wrong, it will go wrong!” Therefore, investigators need to take precautions to protect the evidence. Investigators should make a duplicate of the disk-to-image file and keep the original image intact for emergencies in case if something go wrong. It is the most common and time-consuming technique for preserving an evidence.

So, the standard practice is to make at least 2 images of the collected evidence. It is also advised to create each image with a different imaging tool, if possible, such as ProDiscover, FTK, or X-Ways Forensics. If there’s only one imaging tool, it is suggested to create an image with compression and another with no compressions with tools like EnCase or ProDiscover.

Keep in mind, there are many acquisition tools that don’t copy data in the Host Protected Area (HPA) unless using a hardware acquisition tool that can access the drive at the BIOS level like ProDiscover with the NoWrite FPU write-blocker, ImageMASSter Solo, or X-Ways Replica. 

 

Source: GCFI, 4th ed, Ch4

In digital Forensics, there are 2 types of acquisitions: 

  1. Static Acquisition: which is the preferred way to collect a digital evidence when a computer seized during police raid.
  2. Live Acquisition: is the way to collect digital evidence when a computer is powered on and the suspect has been logged on to. This type is preferred when the hard disk is encrypted with a password. 

For both types, there are 4 methods of collecting data: 

  1. 1.    Creating a disk-to-image file: the most common method to collect data. It allows the investigator to create on or many bit-for-bit replications of the original drive. By using this method, we can use any of the forensics tools such as ProDiscover, EnCase, FTK, X-ways, ILook, SMART, and Sleuth Kit to read the different types of disk-to-image files.
  2. 2.    Creating a disk-to-disk copy: is used when disk-to-image faces hardware of software errors due to incompatibilities. It copies the entire disk to a newer disk by using any of the forensics tools such as EnCase and SafeBack. These tools can adjust the target disk’s geometry to match the original drive.
  3. 3.    Creating a logical disk-to-disk or disk-to-data file: this is the preferred method with large data storage such as RAID servers. This method captures only specific files or file types of interest to the case. It is used when time is limited.
  4. 4.    Creating a sparse copy of a folder or file: this method is similar to creating a logical acquisition but it also collects deleted data (unallocated). Also this method is used when an investigator doesn’t need to examine the whole drive.

To determine the appropriate acquisition method, the investigator must consider the following:

  1. The size of the source disk.
  2. Can you retain the source disk as an evident or must you return it to the owner?
  3. Time to do perform the acquisition.
  4. Location of the evidence

 

Source: GCFI, 4th ed, Ch4

I would recommend python 2.7 on all local machines

I suspect everyone is already ok?

[root@apu etc]# python2.7 -V
Python 2.7.3

Instructions for python 2.7 install on windows 7, ubuntu, mac will be on another page.

Because of centos 6.3 on the cluster machines, we need both 2.6 and 2.7 to coexist there. hopefully only there.

Centos relies on python 2.6 for yum

if you install python 2.7 in any way other than the following you will destroy the system and make yum inoperable

zlib failure message may be from internal python scripts doing uncompression and they may be referring to python module files, rather than looking at links directly. Not sure.

I believe only the x86_64 zlib is needed. i.e. you don’t need 32-bit and 64-bit, but just follow these instructions. They worked on apu.0xdata.loc (192.168.1.160) on 9/28/2012

to check centos version

[root@apu etc]# cat /etc/redhat-release
CentOS release 6.3 (Final)

How to install Python 2.7.3 on CentOS 6.2 (worked for 6.3 which is 0xdata install version)

stolen from Daniel Eriksson. Thanks Daniel!

http://toomuchdata.com/2012/06/25/how-to-install-python-2-7-3-on-centos-6-2/

Posted on 2012/06/25

CentOS 6.2 ships with Python 2.6.6 and depends on that specific version. Be careful not to replace it or bad things will happen. If you need access to a newer version of Python you must compile it yourself and install it side-by-side with the system version.

Here are the steps necessary to install Python 2.7.3. The procedure is exactly the same for installing Python 3.2.3, just make sure you use the command “python3.2 setup.py install” when you install distribute.

Execute all the commands below as root. Either log in as root temporarily or use sudo.

Install development tools

In order to compile Python you must first install the development tools:

yum groupinstall "Development tools"

You also need a few extra libs installed before compiling Python or else you will run into problems later when trying to install various packages:

yum install zlib-devel
yum install bzip2-devel
yum install openssl-devel
yum install ncurses-devel

Download, compile and install Python

cd /opt
wget http://www.python.org/ftp/python/2.7.3/Python-2.7.3.tar.bz2
tar xf Python-2.7.3.tar.bz2
cd Python-2.7.3
./configure --prefix=/usr/local
make && make altinstall

It is important to use altinstall instead of install, otherwise you will end up with two different versions of Python in the filesystem both named python.

After running the commands above your newly installed Python 2.7.3 interpreter will be available as /usr/local/bin/python2.7 and the system version of Python 2.6.6 will be available as /usr/bin/python and /usr/bin/python2.6.

you can create a symbolic link in /usr/local/bin and things should be fine be careful here:

cd /usr/local/bin
ls -ltr python*
ln -s /usr/local/bin/python2.7 /usr/local/bin/python

Installing and configuring distribute (setuptools)

After installing Python 2.7.3 you also need to install distribute (setuptools) so you can easily install new packages in the right location.

cd /opt
wget http://pypi.python.org/packages/source/d/distribute/distribute-0.6.27.tar.gz
tar xf distribute-0.6.27.tar.gz
cd distribute-0.6.27
python2.7 setup.py install

The commands above will generate the script /usr/local/bin/easy_install-2.7. Use this script to install packages for your new Python version. You should be able to use “easy_install” if “which easy_install” points to the correct 2.7 versions

which easy_install
ls -ltr /usr/local/bin/easy_install*


easy_install-2.7 requests
easy_install-2.7 psutil
easy_install-2.7 paramiko

(easy_install should work too, if your PATH gets /usr/local/bin first)

etc

 

Source: https://github.com/0xdata/h2o.wiki.git