Thursday, April 7, 2016

Extracting files from windows executables (.exe) in linux

I am trying to extract firmimg.d7 from the iDRAC firmware exe file, to be used in a drac update using the drac web interface.

The first thing to do is to strip any prepended data (e.g. a SFX stub) from the archive, using a tool called zip. You can install this tool in centos by running yum install zip.

$ file iDRAC-with-Lifecycle-Controller_Firmware_JHF76_WN64_2.30.30.30_A00.EXE
iDRAC-with-Lifecycle-Controller_Firmware_JHF76_WN64_2.30.30.30_A00.EXE: PE32+ executable for MS Windows (GUI) Mono/.Net assembly

$ zip -J iDRAC-with-Lifecycle-Controller_Firmware_JHF76_WN64_2.30.30.30_A00.EXE

$ file iDRAC-with-Lifecycle-Controller_Firmware_JHF76_WN64_2.30.30.30_A00.EXE
iDRAC-with-Lifecycle-Controller_Firmware_JHF76_WN64_2.30.30.30_A00.EXE: Zip archive data, at least v1.0 to extract

Once the file has been shown as zip archive, the normal unzip program can be used to extract it

$ unzip iDRAC-with-Lifecycle-Controller_Firmware_JHF76_WN64_2.30.30.30_A00.EXE
Archive:  iDRAC-with-Lifecycle-Controller_Firmware_JHF76_WN64_2.30.30.30_A00.EXE
 extracting: bmcexe.bat
 extracting: bmcfexe.bat
  inflating: bmcfw64.exe
  inflating: bmcfwu.cfg
 extracting: bmcinv.bat
  inflating: DellSPMsg.dll
  inflating: dupgenexec.dll
  inflating: dupgeninv.dll
  inflating: dupvalid.dll
  inflating: getSystemId.exe
   creating: hapi/
  inflating: hapi/
  inflating: hapi/dcdbas32.inf
  inflating: hapi/dcdbas32.sys
  inflating: hapi/
  inflating: hapi/dcdbas64.inf
  inflating: hapi/dcdbas64.sys
 extracting: hapi/dcdipm64.sys
  inflating: hapi/dchapi32.dll
  inflating: hapi/dchapi64.dll
  inflating: hapi/dchbas32.dll
  inflating: hapi/dchbas64.dll
  inflating: hapi/dchcfg32.exe
  inflating: hapi/dchcfg64.exe
  inflating: hapi/dchcfl32.dll
  inflating: hapi/dchcfl64.dll
  inflating: hapi/dchesm32.dll
  inflating: hapi/dchipm32.dll
  inflating: hapi/dchipm64.dll
  inflating: hapi/dchtvm32.dll
  inflating: hapi/dciwds32.exe
  inflating: hapi/dcmdev32.exe
  inflating: hapi/dcmdev64.exe
  inflating: hapi/dcwipm32.dll
  inflating: hapi/dcwipm64.dll
  inflating: hapi/hapint.exe
  inflating: hapi/hapint64.exe
  inflating: hapi/omsacntl.exe
  inflating: hapinst.bat
  inflating: package.xml
   creating: payload/
  inflating: payload/firmimg.d7
  inflating: PIEConfig.xml
  inflating: PIEInfo.txt
  inflating: spconfig.xml
  inflating: spsetup.exe
  inflating: winhapi.ini

Now, the firmimg.d7 is ready to be used.

Wednesday, March 30, 2016

How to determine your proxy ip address and port using curl

This is very easy, what you have to do is use curl to access any site, and curl will let you know what is the proxy address if you have not put in your authentication details. See below example:

foobar@ubuntu-vm:~$ curl -IL
HTTP/1.1 302 authenticationrequired
Date: Tue, 26 Jan 2016 06:46:15 GMT
Connection: Keep-Alive
Content-Type: text/html
Cache-Control: no-cache
HTTP/1.1 401 authenticationrequired
Date: Tue, 26 Jan 2016 06:46:15 GMT
Connection: Keep-Alive
Content-Type: text/html
Cache-Control: no-cache
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="MY COMPANY WEB GATEWAY"

You can see from above that my proxy ip address is, and my proxy port is 9090.

Monday, February 15, 2016

How to free reserved space on ext2/3/4 partitions

Linux by default, set aside around 5% of the total space in a partition for the root user and system service. For systems partition like /, this does make sense, since you won't be able to login if your / is full, but for other partitions, it does not seems that the reserve will help in any way.

You can find how much is being set as reserved by running:

$ sudo tune2fs -l /dev/sda1 | grep 'Reserved block count'
Reserved block count:     27709

So, for ext3/4 partitions, you can reclaim that reserve space by setting the reserve count to 0:
$ sudo tune2fs -m 0 /dev/sda1

Reserved block count will be 0% after the above command
$ sudo tune2fs -l /dev/sda1 | grep -i 'Reserved block count'
Reserved block count:     0

You can now fully enjoy the maximum space available for your partition.

Wednesday, July 8, 2015

Reset openldap default admin password

This usually will be used during the installation of ldap, or when you have forgotten your ldap admin password. It took me quite a while to find these, so thanks to these article, that pointed me to the right direction. Here is how i did it:

  1. Find the root dn account and root dn password hash: 
    $ sudo ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW | tee ~/newpasswd.ldif
  2. You can see the above info right away since we are using tee (tee is for writing to new file, and show to stdout at the same time). This is how it looks like: 
    $ cat newpasswd.ldif
    dn: olcDatabase={1}hdb,cn=config
    olcRootDN: cn=admin,dc=ubuntu-ldap,dc=com
    olcRootPW: {SSHA}CS9o0OVuD4YOj1eFNf4q6eqSe8O4MBMy
  3. Generate a new password for the admin, and append it to the newpasswd.ldif. -h is the flag to specify the scheme, and you can know the scheme by referring to the newpasswd.ldif file that we have generated, in this case {SSHA}: 
    $ sudo slappasswd -h {SSHA} >> newpasswd.ldif
    New password:
    Re-enter new password:
  4. Edit the newpasswd.ldif, so that it will look like below (just comment olcRootDN, add changetype and replace, and change the oldRootPW to the one we generated in step 3:
    dn: olcDatabase={1}hdb,cn=config
    #olcRootDN: cn=admin,dc=ubuntu-ldap,dc=com
    changetype: modify
    replace: olcRootPW
    olcRootPW: {SSHA}CS9o0OVuD4YOj1eFNf4q6eqSe8O4MBMy
  5. Implement the password change using ldapmodify command, where the flags are -H is for ldap uri, -Y for the SASL mechanism and -f for reading the input from file: 
    $ sudo ldapmodify -H ldapi:// -Y EXTERNAL -f ~/newpasswd.ldif
  6. Test the new password by listing the entries using ldapsearch, making sure that the new password is working: 
    $ ldapsearch -h localhost -b "dc=ubuntu-cacti,dc=com" -D "cn=admin,dc=ubuntu-cacti,dc=com" -W
That should be it, your admin user is now having new shiny password.

Monday, April 27, 2015

Check postfix email queue, and how to clear emails in there

To check the queue, we use a command called mailq, example as below:

$ mailq | tail

2024F98A61     3505 Mon Apr 27 18:16:17
(delivery temporarily suspended: Host or domain name not found. Name service error for type=AAAA: Host not found)
231EC98AED     3525 Fri Apr 24 16:48:04
(delivery temporarily suspended: Host or domain name not found. Name service error for type=AAAA: Host not found)

To clear the email in the queue, a command called postsuper is used, as below:

$ sudo postsuper -d ALL

To check the status of deletion, you can refer to the maillog, in below example, 15 messages have been deleted:

$ sudo tail /var/log/maillog

Apr 27 19:44:02 au-mel-rh-dev-3 postfix/smtp[6927]: 46F5598AF7: to=,[]:25, delay=2568, delays=2562/0.02/4.3/2, dsn=2.0.0, status=sent (250 ok dirdel)
Apr 27 19:44:02 au-mel-rh-dev-3 postfix/qmgr[5985]: 46F5598AF7: removed
Apr 27 19:44:04 au-mel-rh-dev-3 postfix/smtp[6925]: ABA8B98AFA: to=,[]:25, delay=1624, delays=1617/0.02/4.4/3.3, dsn=2.0.0, status=sent (250 ok dirdel)
Apr 27 19:44:04 au-mel-rh-dev-3 postfix/qmgr[5985]: ABA8B98AFA: removed
Apr 27 19:49:27 au-mel-rh-dev-3 postfix/postsuper[7913]: Deleted: 15 messages