Alt linux в WSL

# ALT Linux в WSL

Нам нужен tar файл из архива:
https://ftp.altlinux.org/pub/distributions/ALTLinux/p11/images/cloud/x86_64/alt-p11-rootfs-systemd-x86_64.tar.xz


```powershell
$distro_name = "alt-p11"
$distro_storage = "c:\vm\_wsl\$($distro_name)"
$distro_tarball = "c:\users\public\iso\alt-p11-rootfs-systemd-x86_64.tar"

7z e c:\users\public\iso\alt-p11-rootfs-systemd-x86_64.tar.xz

wsl --unregister $distro_name
wsl --import $distro_name $distro_storage $distro_tarball
wsl -d alt-p11

```

```bash
apt-get update; apt-get install -y passwd sudo

wsluser=appc
adduser -G wheel $wsluser
echo -e "$wsluser ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/$wsluser
passwd $wsluser

cat > /etc/wsl.conf <<EOF
[user]
default=$wsluser

[automount]
enabled = true
mountFsTab = false
root = /mnt/
options = "metadata,umask=22,fmask=11"

[network]
generateHosts = true
generateResolvConf = true
EOF

```

```powershell
wsl --terminate $distro_name
wsl -d $distro_name

```

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

Не запускается sshd на Windows 10 The process terminated unexpectedly.

Помогло исправить разрешение на 

C:\ProgramData\ssh\logs

Оставил в списке только System и группу Администраторы и 

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

Конвертер Windows DHCP в kea-dhcp4.conf

https://github.com/arsenyratner/Convert-WindowsDHCPToKea

powershell Convert-WindowsDHCPToKea.ps1 \      -in_xml "/var/tmp/win_dhcp.xml" \      -in_template "/etc/kea/kea-dhcp4.conf" \      -out_confdir "/etc/kea" \      -split "all" \      -out_dhcp4_conf "/etc/kea/kea-dhcp4.conf.json" \      -out_confd "/etc/kea/conf.d"

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

Полезные фильтры для LDAP запросов в AD

https://podalirius.net/en/articles/useful-ldap-queries-for-windows-active-directory-pentesting/

List all users

To do this we select all the users ((objectClass=user)) and all the people ((objectClass=person)) of the LDAP:

(&(objectCategory=person)(objectClass=user))  

List of all kerberoastables users

To do this we select all the users ((objectClass=user)) having a Service Principal Name (SPN) defined ((servicePrincipalName=*)) and we remove from our results:

• The user krbtgt (which by definition has an SPN) with the filter (!(cn=krbtgt)).
• Disabled users, with the filter (!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Which gives us:

(&(objectClass=user)(servicePrincipalName=*)(!(cn=krbtgt))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))  

List of all asrep-roastables users

To do this we select all the users ((objectClass=user)) that have "Do not require Kerberos preauthentication" flag set in their userAccountControl:

(&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=4194304))  

Find all Users that need to change password on next login.

(&(objectCategory=user)(pwdLastSet=0))  

Find all Users that are almost Locked-Out

(&(objectCategory=user)(badPwdCount>=4))  

Find all Users with *pass* or *pwd* in their description

(&(objectCategory=user)(|(description=*pass*)(description=*pwd*)))  

List of all users protected by adminCount

The adminCount attribute specifies that a given object has had its access control lists (ACLs) changed to a more secure value by the Active Directory system because it is a member of one of the administrative groups, either directly or transitively.

(&(objectCategory=user)(adminCount=1))  

Groups

List all groups

(objectCategory=group)  

List of all groups protected by adminCount

The adminCount attribute specifies that a given object has had its access control lists (ACLs) changed to a more secure value by the Active Directory system because it is a member of one of the administrative groups, either directly or transitively.

(&(objectCategory=group)(adminCount=1))  

Services

Listing all servicePrincipalName

(servicePrincipalName=*)  

Listing specific services from their servicePrincipalName

To list specific services, we can use the beginning of the servicePrincipalName attribute:

(servicePrincipalName=http/*)  

Here is a few examples of servicePrincipalName:

• ldap/DC01.LAB.local
• kadmin/changepw (of kerberos service CN=krbtgt,CN=Users,DC=LAB,DC=local)
• MSSQLSvc/DC01.LAB.local

Computers

Listing all computers with a given Operating System

For example to list all the machines under Windows XP:

(&(objectCategory=Computer)(operatingSystem=Windows XP*))  

With operatingSystem in:

• Windows Server 2022*
• Windows Server 2019*
• Windows Server 2016*
• Windows Server 2008*
• Windows 11*
• Windows 10*
• Windows 8*
• Windows 7*
• Windows Vista*
• Windows XP*
• Windows Server 2003*
• Windows 2000*

Find all Workstations

(sAMAccountType=805306369)  

Find all computers having a KeyCredentialLink

This is useful to check for shadow credentials on machine accounts:

(&(objectClass=computer)(msDS-KeyCredentialLink=*))  

Find all computers having an Obsolete OS

(&(objectCategory=Computer)(|(operatingSystem=Windows 2000*)(operatingSystem=Windows Vista*)(operatingSystem=W

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

WSL ansible и правильные права на локальные диски

Linux права на диске C или D
Create this file in your wsl: /etc/wsl.conf

Content:

[automount]
enabled = true
mountFsTab = false
root = /mnt/
options = "metadata,umask=22,fmask=11"

[network]
generateHosts = true
generateResolvConf = true

After that all /mnt/c/foo will have different folder permissions (not 777 any more) and you will be able to use chmod.
It requires you to have the latest WSL as far as I know.

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

Анало ipconfig registerdns в Linux

COMP=$(hostname -s)

DOM=$(hostname -d)

IP=$(hostname -i | cut -f1 -d' ')

DC=$(dig +short m48.dzm | head -n 1)

cat > /var/tmp/nsupdate.txt << EOF

server $DC

zone $DOM

update add ${COMP}.${DOM} 86400 A ${IP}

show

send

EOF

cat /var/tmp/nsupdate.txt

kdestroy

kinit -k ${COMP^^}\$

klist

nsupdate -g -v /var/tmp/nsupdate.txt

pxe boot grub efi legacy bios

grub-mkimage -d /usr/lib/grub/i386-pc/ -O i386-pc-pxe -o ./booti386 -p '(tftp)/grub' pxe tftp
grub-mkimage -d /usr/lib/grub/x86_64-efi/ -O x86_64-efi -o ./bootx64.efi -p '(tftp)/grub' efinet tftp
cp -r /usr/lib/grub/x86_64-efi
and after '/usr/lib/grub/x86_64-efi'
ion.
cp -r /usr/lib/grub/x86_64-efi ./
cp -r /usr/lib/grub/i386-pc ./

grub/grub.cfg

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

kickstart для минимальной установки redos для шаблона proxmox

url --url=http://192.168.126.5/pub/iso/redos/7.3

lang en_US

keyboard --xlayouts='us'

timezone Europe/Moscow

zerombr

clearpart --all --initlabel

bootloader --location=mbr --append="net.ifnames=0"

autopart --type=plain

network --bootproto=dhcp --device=link --activate --onboot=on

firstboot --disable

#selinux

#selinux --enforcing

selinux --permissive

#selinux --disabledfirewall --enabled --ssh

#firewall

#firewall --enabled

firewall --disabled

authconfig --enableshadow --passalgo=sha512

#rootpw --plaintext redos --lock

rootpw --lock

#user --name=redos --groups=wheel --password=redos --gecos="defaultuser"

#sshkey --username=appc "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA7YUTXCKAMavLy98/Kep6eDKK2NyVEc/kUklZUbBubg4DfFHDO2KDXtFN7uq8HPcYR7uqFLqkRijhBwJbnPGLpp2mA+iOHLpJvD/tGpDyNt/ImM0hQG3+dzPLtvzc9Ln5mY2RUfOUTFEx7dqGVuwPQXMhZLCEkpIcGicPTpdG0CIu/GdELUtwgrZZ+reNXMG82VnFBVDZObL7H1YsmrgyyWBUMAzwf+EeUFk9Q4k8qsV8utONo3AvscaESxyt5UDvVuV7PrPxp28a03k9ybMMrXjPzuEaM2P0pxGT0VsIoR/fG78MwkSPTveX0QgDU4gBihOAcH2/2WHGBE+1pr9saw== appc@appc-pc"

#sshkey --username=root "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA7YUTXCKAMavLy98/Kep6eDKK2NyVEc/kUklZUbBubg4DfFHDO2KDXtFN7uq8HPcYR7uqFLqkRijhBwJbnPGLpp2mA+iOHLpJvD/tGpDyNt/ImM0hQG3+dzPLtvzc9Ln5mY2RUfOUTFEx7dqGVuwPQXMhZLCEkpIcGicPTpdG0CIu/GdELUtwgrZZ+reNXMG82VnFBVDZObL7H1YsmrgyyWBUMAzwf+EeUFk9Q4k8qsV8utONo3AvscaESxyt5UDvVuV7PrPxp28a03k9ybMMrXjPzuEaM2P0pxGT0VsIoR/fG78MwkSPTveX0QgDU4gBihOAcH2/2WHGBE+1pr9saw== appc@appc-pc"

%packages --multilib --ignoremissing

@Core

cloud-init

qemu-guest-agent

#net if name eth0 net.ifnames=0

-biosdevname

%end

#%post --nochroot --erroronfail --log=/tmp/ks-post.log

%post --erroronfail --log=/tmp/ks-post.log

echo post $(pwd)

#rootdir="/mnt/sysimage"

rootdir=""

echo issue

echo "\4" >> $rootdir/etc/issue

echo "\6" >> $rootdir/etc/issue

echo "" >> $rootdir/etc/issue

echo sudo

#echo "redos ALL:(ALL) NOPASSWD:ALL" > /etc/sudoers.d/redos

cat > $rootdir/etc/cloud/cloud.cfg.d/90-redos.cfg << EOF

datasource_list: [ NoCloud, ConfigDrive, None ]

runcmd:

  - rm -f /etc/machine-id

  - systemd-machine-id-setup

# System and/or distro specific settings

# (not accessible to handlers/transforms)

system_info:

   # This will affect which distro class gets used

   distro: redos

   # Default user name + that default users groups (if added/used)

   default_user:

     name: redos

     lock_passwd: True

     gecos: RedOS Cloud User

     groups: [wheel]

     sudo: ["ALL=(ALL) NOPASSWD:ALL"]

     shell: /bin/bash

   # Other config here will be given to the distro class and/or path classes

   paths:

      cloud_dir: /var/lib/cloud/

      templates_dir: /etc/cloud/templates/

   network:

      renderers: ['netplan', 'networkd', 'etcnet']

   ssh_svcname: sshd

EOF

%end

services --enabled=cloud-init,cloud-config,cloud-final,cloud-init-local

#метод завершения установки

#reboot

shutdown

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

Посмотреть список адресов в табличном виде powershell

ForEach-Object { Get-NetIPAddress -AddressFamily ipv4 } | Format-Table InterfaceIndex,InterfaceAlias,IPAddress

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

VYOS 1.5 qcow2

Собирал на ВМ с Debian 12

https://codingpackets.com/blog/vyos-qemu-image-build/

https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/1.5-rolling-202312191154/vyos-1.5-rolling-202312191154-amd64.iso

sudo ansible-playbook qemu.yml \
   -e disk_size=10 \
   -e cloud_init=true \
   -e cloud_init_ds=NoCloud,ConfigDrive,None \
   -e guest_agent=qemu \
   -e keep_user=false \
   -e enable_ssh=true \
   -e iso_local=/home/appc/vyos-1.5-rolling-202312191154-amd64.iso

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

SSTP + DST NAT NGINX APACHE share tcp 443

Взято вот туть:

https://forum.mikrotik.com/viewtopic.php?f=9&t=134358#

/interface sstp-server server set certificate=vpn.company.com.crt_0 enabled=yes port=10443
# добавим в список sstp-conn пакеты пришедшие на порт 443 для tls-host

/ip firewall mangle add \

action=add-src-to-address-list \

address-list=sstp-conn \
address-list-timeout=5s \

chain=prerouting \
dst-address-type=local \

dst-port=443 \

protocol=tcp \
tls-host=vpn.company.com

#отправим все пакеты заменим порт назначения 443 на порт 10443 в пакетах пришедших с адресов из списка sstp-vpn
/ip firewall nat add \

action=dst-nat \

chain=dstnat \

dst-address-type=local \
dst-port=443 \

protocol=tcp \

src-address-list=sstp-conn \
to-ports=10443

# правило для публикации веб сервера

/ip firewall nat add \

action=dst-nat \

chain=dstnat \

dst-address-type=local \
dst-port=80,443 \

protocol=tcp \

to-addresses=192.168.88.2

# чтобы наше правило в таблице mangle работало каждый раз, надо модифицировать fasttrack

# отключим fasttrack для пакетов идущих на адрес 443 (правило должно быть выше в списке чем правило fasttrack

/ip firewall filter add chain=forward dst-port=443 connection-state=established,related
# или будем fasttrack только те соединения которые уже набрали хотя бы 10 килобайт, тогда надо заменить правло с fasttrack

/ip firewall filter add action=fasttrack-connection chain=forward connection-bytes=10240-0 connection-state=established,related

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

Добавить открытый ssh ключ пользователю на микротике

#add ssh pub key to user
:local username "aratner";
:local userpubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8z/rBphuDpGKHpcDtWDISCZFWybdH3fSKzVxWouLG0JuEhqZSpJT9Hd+16teA8daRPb1gY+l9+mRnCqTVDKxpnMq7jkjlfNKQPunDHhr3u7JDjeBel2JrgXs/GANMSbxyC5aRNP7XYs4TooRDUFr0XXvdglcYyP+34I0M+p9m94taK1q5FtL+JrpRXXGnhYzQn/GaV0rM9Qj21GFVWPfuqqG8wWwhaYPkeibJNhMcBy+qKRK0fIiklv68fWmIwd0Os9qEAJ4XTuVP8yfKR/Cu1hXPm/4+9JfXaw3Lh9e/J54NkRcyeT3wb0BgOpXMXnexl6HTUK59EcMaLGEaU+4F aratner@croc.ru";
#create file
/file print file="$username_sshpubkey";
#create file with key
/file set "$username_sshpubkey.txt" contents="$userpubkey";
#set key for user
/user ssh-keys import user="$username" public-key-file="$username_sshpubkey.txt";

#mkirotik #ssh

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

gnome chrome dock

Создаём для каждого профиля "ярлык"

chrome-profile-name=gmail-chrome

cat > $HOME/Desktop/$chrome-profile-name.desktop << EOF
[Desktop Entry]
Version=1.0
Name=$chrome-profile-name
GenericName=$chrome-profile-name
Exec=/usr/bin/google-chrome --user-data-dir=$HOME/$chrome-profile-name  --class="$chrome-profile-name"
Icon=$HOME/$chrome-profile-name/icon.png
StartupWMClass=$chrome-profile-name
Comment=Chromium Alternate
Terminal=false
X-MultipleArgs=false
Type=Application
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml_xml;x-scheme-handler/http;x-scheme-handler/https;
StartupNotify=true
Actions=NewWindow;Incognito;TempProfile;
X-AppInstall-Package=chromium-browser
EOF

Это нужно, чтобы хромы запущенные с разными профилями вели себя как разные приложения в доке.

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

netboot.xyz podman

storage="/rpool/containers"
newpodname="netbootxyz"
newpodlocalpath="$storage/$newpodname"

mkdir -p $newpodlocalpath/{config,assets}

podman run -d \
  --name=$newpodname-app \
  -p 3000:3000                       `# sets webapp port` \
  -p 69:69/udp                       `# sets tftp port` \
  -p 8069:80                         `# optional` \
  -v $newpodlocalpath/config:/config   `# optional` \
  -v $newpodlocalpath/assets:/assets   `# optional` \
  --restart unless-stopped \
  docker.io/netbootxyz/netbootxyz

cd /etc/systemd/system
podman generate systemd --files --name ${ $newpodname}-app
systemctl daemon-reload
systemctl enable container-${newpodname}-app
systemctl stop  container-${newpodname}-app
systemctl start  container-${newpodname}-app

#    -e MENU_VERSION=2.0.59             `# optional` \
#  --pod=$newpodname \

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090

nexus podman

storage="/rpool/containers"
newpodname="nexus"
newpodlocalpath="$storage/$newpodname"

podman pod create \
  --name $newpodname \
  -p 8081:8081

mkdir -p "$newpodlocalpath/data"
chown -R 200:200 "$newpodlocalpath/data"
podman run -d \
  --pod $newpodname \
  --name $newpodname-app \
  -v $newpodlocalpath/data:/nexus-data \
  docker.io/sonatype/nexus3

cd /etc/systemd/system
podman generate systemd --files --name ${newpodname}
systemctl daemon-reload
systemctl enable pod-${newpodname}
systemctl stop pod-${newpodname}
systemctl start pod-${newpodname}

Ратнер Арсений, arsenyratner@gmail.com, 7 985 273 2090