Author: Josh Reichardt

Hack your Evo 4G into a High End Smart Phone

Josh Reichardt 5 Comments

I was in desperate need of a phone upgrade recently and ran across a nice little deal on an old Evo 4G (not to be confused with the Evo 4G LTE) on craigslist this past weekend, which to my surprise turned into a nice little phone hacking project.  Luckily for me the phone I got was basically in mint condition as it belonged to an older gentlemen who I imagine didn’t get a lot of mileage out of it.  On top of that, it was layered in protective casings.

Sometimes buying phones on craigslist can be scary and turn into a crap shoot but in my own experience I’ve found them to work out more often than not.  The two pieces of advice I can offer when buying a used phone on craigslist are to have the seller send you the ESN number prior to meeting so you can check to make sure it is active (there are many online ESN checkers out there).  The other, simple advice is to look at the phone when you meet and make sure you can turn it on and off and that it can hold a charge.

I also want to take a moment and tell everybody about the provider I use, which is Ting.  Why?  Because they are awesome and super easy to use.  Ting offers a very competitive price and doesn’t require contracts, which I believe are important things to consider when selecting a provider.  Anyway, I could probably write an entire post about how awesome Ting is and why you should use their service but I will forego the details for now.  I just wanted to mention that you can activate your phone entirely on your own in like 5 minutes, which helped me out a lot with this project.  There are detailed instructions on their site about activating new/used phones and porting over numbers, it is easy and Ting even encourages its users to root and unlock their phones.  Long story short, Ting is awesome, it made this project much easier and you should give them a try.

Once you do all the running around and finally get your phone it is time to actually get down to the fun stuff.  I learned that rooting the Evo 4G was a bit tricky since it had all of the newest firmware and protection from HTC.  I have had less issues with rooting some other HTC devices in the past, but I don’t know how that effects the steps if the software and firmware change.  In all reality the additional steps are just a technicality I would say and aren’t too much of a hindrance.  So in the following details I will outline the process of getting your phone from the basic locked version of HTC Android to a fully unlocked phone with the capability of running custom ROMS, namely the MazWoz ROM which is currently the Jelly Bean ROM that I am using for the Evo 4G.

The first step is to get root.  This is essential because without it you will not be able to get S-OFF and be able to flash custom ROM’s.  Rather than go into great detail and post all of the steps here I will instead point you in the right direction on how to get started yourself.  There are a ton of guides out there already on how to do this and there would really be no point to add another to that collection of guides, since there are some really good ones out there that have all the links and resources.  I found this one and this one to be the most relevant and helpful.  The first one is especially nice because it offers some video guidance as well as written.  Basically when I got stuck with one of the guides I would just switch back and forth and reference the other.   I feel that they both definitely compliment each other very well.

The second step is to obtain S-OFF.  Use the links mentioned previously for obtaining root to obtain S-OFF as well, after you root your phone.  This step was very confusing to me at first so I thought I would clarify the process to make things easier for readers to understand.  Once you have root on your phone you can The major issue I ran across with this step was when I reached the step for copying over the flashimage and mtd-eng.img files.  To get this step to work I had to be in Fastboot mode to gain read/write access to the sdcard.  Other than that, everything else worked great.  I should also note that for S-OFF I chose to use to use revolutionary.exe following the instructions from the first site.  I think the steps for flashing S-OFF using the unrevoked method from the second link would work fine, maybe even preferably, I just never tested this myself.

The third step is to flash the custom ROM, along with the other apps and fixes that turn your phone in the Jelly Bean device.  Jelly Bean brings with it a number of features and improvements that make for a much better, much smoother smart phone experience.  It is really leaps and bounds above the stock version of Android OS that is shipped by default on the Evo 4G and the experience is often referred to as “buttery smooth” because it is so nice.  Here is the link for getting the MazWoz Supersonic ROM.  I used the B4 release, which is the most current as of this writing as well as the link to Gapps and the GPS fix.  As of the B4 release the WiMax wasn’t working and the video is a little glitchy and the front camera isn’t working but other than that, this ROM is a fully functioning 4.2.1 Jelly Bean image.  The WiMax isn’t important to me as I don’t have access to it where I live and the video isn’t really a big issue for me either since I don’t shoot a lot of video.

The positives of using this custom ROM immensely outweigh the negatives in my opinion. So all in all, hacking an almost 3 year old phone in about 3 hours time into a usable Jelly Bean device that typically sells for upwards of $300 for the bargain $80 price tag seems like a steal to me, the experience is nearly flawless.  Granted there are a few caveats and you need to be willing to follow the steps for the upgrade but in my opinion this is still a great deal.  You get to a) revive an old piece of hardware that is beginning to show its age, b) save a shitload of money on the cost of a new phone and c) get to tinker with your phone, which to me was the best part out of this project.  Here is a link to some other devices that have been quickly faded in popularity that can potentially be updated and given new life.  My hop is that this post will inspire you or at least give you some ideas to go and check what’s out there and maybe even help breathe some new life into some of your otherwise antiquated and dying android devices.

Read More

Fix the “Can’t create highly Available VM” error in VMM

Josh Reichardt 7 Comments

I was doing some lab testing with Virtual Machine Manager (VMM) for my Hyper-V environment the other day when I ran across this issue.  It was happening because I was attempting to save my disk image to a CSV location and I couldn’t figure out why it was blowing up.

It turns out that the answer is really simple actually but is annoying to fix.  So here is what the error looks like in VMM.  “Cannot create or update a non highly available virtual machine because the path cluster storage volume is a clustered resource error”.  Surprisingly Google didn’t turn up much for how to fix this so I thought I would make a note of it in case others happen to run across this.

VMM error

The fix is simple enough, I just wish VMM was smart enough to know when you select a CSV to use for storage.  When you go through the VM creation process and you get to the hardware selection tab, choose the “Make this virtual machine highly available” check box.

VM high availability

If you happen to be building a lot of identical (or near identical) VM’s I reccomend checking out Profiles through VMM, in this case a specific hardware profile for desktop VM’s.  Creating profiles simplifies the build and creation process and you don’t need to worry about picking all the right defaults without having your VM creation blow up.

Read More

Automatic Load Balancing Fails for New Exchange Mailboxes

Josh Reichardt 9 Comments

I had a strange issue come up recently where mail administrators were unable to allow Exchange to pick which mailbox database to place users into (I’m not quite sure what this feature is called so we’re going with automatic load balancing) when they were creating new user mailbox profiles.  This feature essentially picks a database at random as a way to balance and spread out mailboxes among databases.  Makes, sense to me.  Anyway, I’m thinking we may have installed an update that changed the behavior because this feature had apparently been working up until we installed Rollup 5-v2.  So it appears that this update had broken this automatic mailbox load balancing functionality, although I’m not 100% sure.  I just wanted to mention it in case some of you are looking for clues as to why this is happening.

So here is what the error looks like when allowing Exchange to choose which database to use when a new user is initially created.

mailbox error

Error:  Load balancing failed to find a valid mailbox database.

Hmm, okay.  That is weird.  You can check to see if the database is set to be allowed with this command.

get-mailboxdatabase | ft name,isexcludedfromprovisioning

In my case, all of my mailbox databases came back true, so they are unable to be used for automatically selecting a database when the user created.  To fix this, go ahead and run the following.

get-mailboxdatabase | set-mailboxdatabase -isexcludedfromprovisioning $false

Now go ahead and run the first command again and you should see that all the mailboxes are now marked as false, meaning they are now included in the provisioning process.

Now you should be able to go through and create without selecing a specific mailbox.  My best guess is that the update must have set this flag to exclude these databases from provisioning but is weird and is worth mentioning because it happened to cause some seemingly unexplained issues for us.

Read More

Locking down your WordPress site

Josh Reichardt 8 Comments

Since I don’t really want to get in trouble for this, I need to put in a disclaimer.  Some of these tools can be invasive and if you are running them against somebody then I take no responsibility for their actions against you.  I am testing these tools against my own site so the consequences are minimal.  Just be aware that there can be serious consequences for using these tools on sites and companies against their will.  I don’t want anybody going to jail.

The tools

Let’s take a poke around with WP Scan.  This tool is a WordPress vulnerability scanner, often packaged together with Backtrack or the newer Kali Linux pentesting distro.   WPScan helps find and eliminate security weaknesses in your WordPress site.  More information about this tool can be found here.

There are many other tools out there but for basic WordPress scanning this tool should suffice, because it offers a number of things that are of interest in a nice single tidy and clean interface.  Other tools that may be of interest include tools like Burp Suite, SQLmap, username enumeration through Metasploit and other reconnaissance tools.

The process

Most real world attacks will reach for the low hanging fruit when it comes to exploiting WordPress sites, typically gaining access to a site through password exploitation.  With so many WordPress sites going up it becomes easy to move from site to site trying different password brute forcing attacks, so that’s where you will see a large number of attacks.  There are others as well, such as vulnerability attacks, SQL injection attacks, XSS, etc.

To begin the process let’s start gathering some information about the WordPress site that will be the focus of this attack, my blog.  Here, I am running WPScan through Kali Linux, so the syntax may change depending on how you decide to use this tool.  Let’s see what basic information we can get about my blog.  This site scan will attempt to gather the basics of the site it is scanning.  For help just type ‘wpscan –help’.

wpscan --url http://thepracticalsysadmin.com

Let’s see how far we can get with the password brute forcing method.  To enumerate a list of user account names use the following,

wpscan --url http://thepracticalsysadmin.com --enumerate u

If you get any interesting results from this scan, for example the result returns the username admin, go ahead and see if you can brute force the account.

wpscan --url http://thepracticalsysadmin.com --wordlist /pentest/passwords/wordlists/darkc0de.lst --username admin

There are more features packed in this tool so take some time to explore what all it can do (preferably on a test box).  Odds are that on a site that hasn’t been properly locked down you can probably get in, one way or another.  I wouldn’t recommend running wpscan against this site though because I have already beefed up the security and temporarily block access if users run malicious scans against the site.

Locking it down

There are a number of techniques to help reduce the attack surface for your WordPress site as well as methods to increase the difficulty of breaching your site.  The first and foremost is the use of strong passwords.  That should be a given and I won’t get into the details here of how important strong passwords are.  Another (hopefully) obvious technique is to keep up to date with your patches.  Whether it be on the Operating System or your WordPress site/plugins you should try to be proactive about patching your systems.  The third and final obvious solution I will mention are getting good backups.  If your site does get compromised then it is incredibly helpful to have a point in time to go back to rather than starting over from square one.  There are plugins designed to help with this process and even doing it by hand isn’t that difficult.  You can get back on your feet even if you only have a database dump from your site at some point in the past.

I’d like to specifically mention some good tools to use if you have publicly facing SSH; one of which is fail2ban.  This tool can be used as a layer of defense to slow attackers down by detecting malicious activity and banning IP addresses.  Another great tool, a handy plugin for WordPress  sites is called Better WP Security.  This is an easy to use site hardening tool that can fill up weaknesses and security holes quickly for somebody that doesn’t necessarily have security in the foreground of their minds.

By utilizing  these basic techniques you will infinitely increase your WordPress site’s security and make it much more difficult to attack and exploit.  There are of course other techniques to improve security but at a certain point it can become a balancing act.  *Most* site admins aren’t overly conscious about security and so do not spend a lot of time on their security efforts, they are more concerned about the content and getting things up.  Likewise, some are probably more prone to lock things down more than they perhaps need to.  It is important to maximize your effort, and to cover the most important security aspects by implementing the basics.

Read More

8 Golden Rules for Sysadmins

Josh Reichardt 7 Comments

Getting the most out of your career can be rewarding.  Today I feel like taking a minute to slow down and reflect on a few of the things that I have observed in my time as a system administrator that I believe lead to success.  The following are some general rules that I have found to be true both in my work and more generally, many of these rules are just attitudes which can be applied to life as well.  Hopefully these come as common sense to you but it is always good to take time to reflect on good things.  I hope this isn’t too cliche or too much of a time waste for many of you but rather an opportunity to take a moment and analyze your current situation and potentially reevaluate anything you feel to be a weak area or area that could use improvement.

1. ) Always have a backup. Good backups are an invaluable asset to you as a system administrator, and can be a great bargaining piece if necessary in political battle.  Often times backups are overlooked by IT staff, so by ensuring you have good backups (you must always test them!) you are covering your own ass and are able to deflect blame if something out of your control occurs.   As a bonus, you look like a hero when the CEO or president of the company needs files from a month ago and have no idea where to turn, you will look like a magician and could potentially strengthen their view of IT.

2.)  Be likable. It can be a sad truth but many promotions hinge on whether or not people like you. You may be far and away the smartest, most technical or most talented person on your team but it is not going to get you very far if you are an asshole, and people don’t like you.  In this profession it is the case more often than not I see colleagues take the “holier than thou” approach which just perpetuates the stereotype that IT people are jerks.  If you can manage to be smart and not an asshole in IT you will go far.

3.)  Learn how to write. This doesn’t mean you have be able to produce enough volume for a novel, just use writing to develop your own voice, and use it as a way to communicate things effectively.  The great thing about writing is, the more you do it, the easier and more impactful it becomes.  Use your writing as an opportunity to help position yourself for success in the future.

4.)  Learn to program. Again, following up on the last point; this doesn’t mean that you need to become a software engineer, this is just the ability to quickly patch some code together to automate something that you are doing every day or having the ability to look at some process and say, “hey, I bet I could write a script to make this work better”.  It will make you more productive and efficient and will free up your time for other important tasks.

5.)  Patience. In this line of work the number one virtue any Sysadmins can have is patience. Being able to be pulled away from your work multiple times a day to help with completely unrelated issues can quickly become frustrating so having patience to deal with these things is incredibly helpful. And if you can deal with distractions well, people will like you more. Reference rule #2 for more on that.

6.)  Never stop learning.  System administration changes considerably quickly, which in my opinion is great, if you embrace it.  New technologies are always are always on the horizon, companies get bought and integrated into other companies all the time and technology strategies change all the time.  It is a never ending game of catch up for the sysadmins, so if you become content with where you are at and don’t keep up on your studies and on your technologies you will surely fall by the way side sooner than later.

7.) Attention to detail.  This one can be a real difference maker.  There is something to be said for tidiness and orderliness in system administration. Not only does it make things much easier to fix when everything is in a specific place, but it just makes you look better and in all reality doesn’t take much time to do things correctly. We all know the reckless admin who pays no attention to the mess they are making, and in turn it reflects poorly on their character.  Even if they are a genius and amazingly talented, it makes that person look sloppy and lazy to me.

8.) Balance your life.  This helps prevent stress and burnout.  Work and everything associated can get stressful at times so finding a balance becomes a great benefit when you learn how to manage it correctly.  Being able to leave work at work when you need to is crucial in keeping your sanity, but that’s not the only thing that’s important in balancing your life.  It is also helpful to find things outside of work that you enjoy doing.  Whether that be a hobby, interests outside of work, exercise, an interest group, vacations, whatever.  When you spend time focusing on the things that make you happy outside of work it will recharge your spirit more quickly and ultimately help keep you happy as well as productive at work.

Did I miss anything?  Have any other helpful tips that you’d like others to know about?  If so, let me know.

Read More