IT Apprentice
This page on my blog serves as an index of technologies I’ve learned or became better at while working as an apprentice in IT. ๐
It also serves the purpose of the required documentation apprentices in Norway are supposed to do. ๐ค ๐ณ
It’s mostly in relation to stuff learned at SkyLabs AS where we run a captive portal service. But there is also some stuff from Sircon AS. Those guys run hosting services, with a focus on cPanel/WordPress shared hosting. That would be “The WHM saga”. Although when it comes to programming there would be some overlap, but don’t dwell on that. Because at Sircon, I feel like they didn’t want me working with code, but rather support only…
Here are lists of stuff I’ll be writing about here; โ marks not started ๐ง marks work in progress โ marks complete!
Programming
Python
- โ Flask ๐ผ
- โ SQLAlchemy ๐ถ
- ๐ง MSAL (Microsoft Authentication Library) ๐ช
Browser JavaScript
- โ jQuery ๐ฒ
- ๐ง Handlebars.js ใฐ๏ธ
Programs / Tools
- ๐ง Fail2ban ๐จ
- ๐ง Docker ๐ฅฐ
- โ FreeRADIUS ๐ฎ
- โ Postgres ๐พ
- ๐ง Ansible ๐ซ
- โ tzsp2pcap โ๏ธ
OS / Networking
Azure
- โ App Registration ๐
- โ Active Directory ๐ซ
Etc
The WHM saga (shortie)
Posts
-
Tzsp2pcap
Published 18/08/2022 Updated 10/10/2022
This is a very useful tool when working with Mikrotiks. As their built-in sniffer tool has support for TZSP (TaZmen Sniffer Protocol) streaming. This will send all packets that match the filtering options to some destination over TZSP/UDP. This destination may be some machine running this tzsp2pcap. Allowing you to get a pcap remotely from a Mikrtoik without touching the Mikrotiks disk. This is super useful if the box has traffic as the Mikrotik routers usually has a disk with a size in megabytes. Read More... -
Linux Desktop Password Reset
Published 18/08/2022 Updated 10/10/2022
Hacking stuff is usually pretty trivial. As long as you’ve got physical access that is. And here I’ll instruct you on how to reset passwords on a Linux installation. Either by booting a live ISO. Or by plugging the drive with the installation you’d like to reset some password(s) on into another Linux machine. Realistically, repairing a broken installation is pretty similar. Although be aware that setting up the chroot may require additional steps. Read More... -
Fail2ban
Published 14/07/2022 Updated 08/08/2022
At SkyLabs I had the surprisingly pleasant experience of configuring fail2ban for a bunch of production servers. What fail2ban simply does is watch log files, match the lines against predefined regex patterns. After a predefined amount of matches for a specific IP, it gets ๐จ banned. The super cool thing about this is that the max retry, and most options may be set globally, but also locally for each “jail”. These jails are just configs for the filters. Read More... -
Security issues
Published 04/07/2022 Updated 08/08/2022
Here is a collection of security issues I found, disclosed and got fixed as an apprentice! This one is divided into two main parts corresponding to the company I worked with when finding the issues. First one is Sircon and second SkyLabs. I have a pretty extensive Non Disclosure Agreement with SkyLabs. So anything I publish to the internet around them needs to be approved or clearly not covered by the NDA. Read More... -
Debian
Published 20/06/2022 Updated 23/08/2022
The biggest of the official Debian button logos Debian is a classic free and open source Linux distribution. It’s one of the oldest Linux OSes and the basis of many other distros. Most notably Ubuntu. Debian has three foundational documents. The Debian Social Contract/OG Version, the Debian Constitution and the Debian Free Software Guidelines. Debian version code-names are famously named after characters from the Toy Story films. It’s unstable rolling release branch is named Sid, who in the Toy Stories regularly destroys his toys. Read More... -
MSAL
Published 20/06/2022 Updated 08/08/2022
MSAL stands for Microsoft Authentication Library. It’s the replacement for ADAL, the Active Directory Authentication Library. Although Microsoft now definitely pushes cloud hard like most tech companies. So MSAL is focused on Azure AD specifically. Where there is a distinct difference between “organizational” accounts and normal public Microsoft services account. -
WHM
Published 20/06/2022 Updated 08/08/2022
WHM/Web Host Manager is the partner/backend admin panel for cPanel. It’s made for making shared web hosting super easy. WHM uses a bunch of server software under the hood for managing DNS, e-mails, web-servers and more. With WHM, it’s super easy managing a whole-bunch of Apache “virtual hosts”. One for each cPanel. WHM also supports having WHM “partner” accounts out of the box! This means that the company doing shared hosting with WHM may have partners that also have access to the WHM. Read More... -
cPanel
Published 20/06/2022 Updated 08/08/2022
I think anyone who uses cPanel should be aware of WHM/Web Host Manager. Although cPanel may run completely on its own, but usually you find its running with WHM. Meaning that whoever sells you the cPanel access sets it up through WHM. Alone cPanel may be pretty powerful depending on what access you’re granted. Often hosting providers will limit you to only access the files of your web-root and settings for additional services like e-mail and DNS. Read More... -
WordPress
Published 20/06/2022 Updated 18/08/2022
WordPress is by far the world’s most popular Content Management System. And it makes sense with its ease of use. It’s famous for letting anyone have a blog setup within 5 minutes. For the initial setup you just create an account for the admin panel. And set things like the base URL/domain for the web page. After that you’re free to explore the /wp-admin and make the content for the page. Read More... -
Docker Fix
Published 13/06/2022 Updated 08/08/2022
๐ง Work in progress -
Docker
Published 11/06/2022 Updated 08/08/2022
Docker is a super container management system that lets you isolate programs and services. This is very useful, both during development and for production deployment. Because all dependencies may be bundled into the “docker image”. And if the program/service is hacked. The adversary will only have access to the container. Which with proper configuration should make it super hard for any adversary to gain persistence. Local development When using docker for local development. Read More... -
Mikrotik
Published 08/06/2022 Updated 18/08/2022
Mikrotik produces networking equipment and software. In 2021, they were the 3rd largest and first private company to reach a value above 1B EUR in their home country Latvia. While their RouterOS has a terrible track record of getting hacked. It has a load of cool and useful features built right in. And all those ROS devices that constantly get hacked do so because of known vulnerabilities that would have been patched if only the devices where being updated on a regular basis. Read More... -
Ansible
Published 07/06/2022 Updated 08/08/2022
Ansible is a cool tool that lets you manage lots of Linux servers and even some other devices. All with just a bunch of yaml. Although not necessarily as it supports a nice load of formats for everything. Yaml being the most common, but “inventories” are usually ini format. But still you should be able to do everything in json if you really want to. Configure ansible.cfg This is the main Ansible config. Read More... -
Meraki
Published 07/06/2022 Updated 18/08/2022
Meraki is Cisco’s cloud managed networking solution. It has everything and more than what most people would need. But of course me being me, I don’t like my infrastructure being managed by cloud services. I did however work a little with Meraki at SkyLabs, and was pleasantly surprised. After having a couple very bad experiences with our Mikrotik setup script. Setting up a Meraki access point with our captive portal service was super easy! Read More... -
Azure App Registration
Published 27/05/2022 Updated 23/08/2022
You can find the App Registrations in Azure under Azure AD or directly by search. Once there you can click the “New registration” button on the top left. Then you’ll need to fill in name, account types and optionally a redirect URI. The Azure App Registration page The first thing to do now is “Branding & properties”… haha. The app authenticates towards Microsoft with either a certificate or app secrets. So the actual first thing to do is to go over the “Authentication” tab, just check that all looks good. Read More... -
Handlebars.js
Published 25/05/2022 Updated 04/07/2022
Handlebars.js is a templating engine like jinja2, but entirely in JavaScript. Personally I’ve only found pug templates very nice to work with as I love the minimal syntax. What makes handlebars cool is it’s ability to render templates both server and client side, if you’re running node.js on the server. Running it in the frontend is super easy, check this example from the handlebars docs; 1 2 3 4 5 6 7 8 <! Read More...