PrintNightmare Windows CVE-2021-1675

So Microsoft wanted to make it easy for a standard user to install a Printer without Administrator rights. There is a huge bug with the PrintSpooler service that has a huge vulnerability that was a EoP (Elevation of Privilege) affecting Windows 7 to Server 2019.

However this escalated to a RCE (Remote Code Execution). RCE refers to a bug by which cybercriminals can break into your computer in the first place, without needing any password for any account on your computer.

Microsoft released an update to fix it

At the same time this was going on a Zero-day exploit was on the rise. Researchers from the cybersecurity company Sangfor were going to present their paper about Print Spooler Bugs at the 2021 Black Hat conference in August but decided to release it early. Since the Print Spooler was recently patched they thought it would be alright since the vulnerability was fixed.

Well come to find out it was something completely different hiding in the exploit that wasn’t patched. In other words there were two security holes in it. One was patched and the other was not.

The Sangfor crew inadvertently documented an as-yet-undisclosed RCE bug, thus unintentionally unleashing a zero-day exploit. The researchers apparently took down the offending information once the mistake was figured out but by then it was too late, because the exploit code had already been downloaded and republished elsewhere. Pandora’s box had already been opened, and it was too late to close it up again.

The only way to fix this until a patch release is to disable the Print Spooler. However this will disable printing and can’t print anything. It’s good practice anyway to disable the Print Spooler if you don’t have a printer to free up resources in Windows but if you use a printer all the time you’re kind of screwed until then.

This is one of the many reasons why I left Windows in the dust and use Linux. Granted there are exploits in Linux as well but they are typically targeted on older software packages and an easy update fixes it. If it’s a major one it is typically fixed within hours after it has been known to the world.

Installing pfSense on a PC Engines APU2

Featured

The APU2 came in and now I can install pfSense and share the knowledge.

First things first. The APU2 does not have a Video Out such as VGA or HDMI. It’s a headless System that uses RS-232 to run it until pfSense is installed. The options for this is to use either a DB9 Null Modem Cable if the System you’re going to connect has Serial/RS-232 or use a modern USB to Serial Cable.

For this install the Host Machine is my Desktop running Debian Linux. I am also using a USB to Serial Cable Adapter. It uses the CH341-UART chip. Keep in mind you will need a DB9 Null Modem Adapter, a simple Gender Changer Adapter isn’t going to work. for the connection software wise I am going to use GNU Screen.

We need to download pfSense. Make sure to follow the image below.

After it downloads uncompress the file and use dd (DiskDump) to write to a USB Thumb Drive. The Thumb Drive shows up as /dev/sdc but this varies system to system. If anything insert the Thumb Drive and run sudo dmesg and it should show up last and will say /dev/sd* whatever the * is is the Thumb Drive, could be sdb, sdc, sdd and so on.

For my System I issued this command.

sudo dd if=~/Desktop/pfSense-CE-memstick-serial.img of=/dev/sdc

While it was writing to the Thumb Drive I gathered the rest of the equipment together. Do not power on the APU2 just yet. When the Thumb Drive is ready plug it into the APU2. Launch GNU Screen with this command. Remember I am using a USB 2 Serial Adapter so yours might differ.

screen /dev/ttyUSB0 115200

With Screen running you can now power on the APU2. When you turn it on you should see Text pop up in the window. Select F10 to bring up the Boot Menu and select the Thumb Drive. It will take a couple of minutes to load up but it should go directly into the Installer. From there just follow the prompts and install pfSense like you would on a typical PC.

When finished installing you’ll need to reboot the APU2 and this time hit F10 again and select Manage Payload. This will bring you to a BIOS setup and just tell it to boot from whatever Media you installed pfSense onto. If you skip this part then it will only Boot into MemTest86.

After that it should work and you can then start programming it via the Web UI.

Here is a couple of shots of my APU2.

So far I am impressed. I plan installing it this Weekend and see how it goes.

Featured

S-100 Z80 Progress

I didn’t like the first revision of the Schematic so I redid the whole thing. I came across a Z80 Trainer made by Dr. Baker and used that as the basis of the new Schematic. I also used the circuit for the VT132 Project for a Terminal VGA and USB Keyboard.

These are not final. I need to review these and make sure everything is in the right order. I also need to import the S-100 BUS.

Featured

New CCTV System

I decided to buy the CCTV equipment. I bought a Reolink 5MP Pan Tilt Zoom Camera for the Driveway and a Reolink 5MP with Audio Turret Camera for the Lanai. My Boss let me buy a Hikvision Door Bell at cost and it was on sale from the distributor for $98.00. It’s the only one I can find that has ONVIF currently. I also have a couple of Hikvision IP Cameras I will use for Indoor use.

For now I plan to use MicroSD Cards for recording and push it to Shinobi that is running on the Home Assistant Server. For now I will use a TP-Link 5 Port PoE Switch. I really don’t see adding anymore Cameras since the placements I have chosen should cover everything. Except one area that has the A/C unit.

I am a bit worried since I heard A/C unit thefts are on arise in my area but I got that covered. I traded a A/C Tech 25ft of Coax for 25ft of outdoor rated cable used for A/C systems so I can make a dummy line that connects to the Alarm Panel so when someone cuts it the Alarm goes off, I have it programmed as a Duress so the Central Station sends out the Cops without Verification. Also used longer Tapcons to attach the unit into the Cement Pad. I also stripped out the Nut Driver portion of the Tapcons so the only way to get them out is with a Flat Head or a Cutting Wheel. Besides the Driveway Camera and Lanai Camera would catch anyone going to the side of the House anyway.

Anyway, back on topic here. I will probably run the Cabling to the Master Closet or Garage and then run a Single Line to the Living Room since the TV stand is getting full. Since the pfSense box has one more open port I can dedicate that to the CCTV and give access to Home Assistant.

I already got a friend that wants to buy my old Analog DVR and I will probably give the Ring to my Mother.

Featured

Lost art of Cable Management – Cable Lacing

Used in Telcom, NASA and Avionics a almost lost art of Cable Management called Cable Lacing. Instead of using Zip Ties or Tape a Waxed Coated Cotton String is used for the whole length of a Wire Rack or Wire Harness/Bundle.

In my honest opinion this looks a lot cleaner and better then a hundred Zip Ties and doesn’t leave a sticky residue like Tape does. It’s also pretty darn cheap, just don’t buy the “Electronics Grade” stuff. The 1mm size that is used for Jewelry is cheaper and it is the exact same stuff. You can also use thinner stuff but you’ll have to double wrap the bundle.

I found a little Video on YouTube that covers how to do it. The man in the Video has a terrible accent but you just to need to watch rather then listen.

A few Tips I have with this Method. Have the knots closer then what I have in the example photo. If the Cabling is running flat then you can get away with knots further away but when you go into turns and twists you want the knots closer or it will look like this.

Just like anything new you will be slow and it will look like crap but with practice it will look better and you’ll get much faster.

Featured

Fresh install Debian 10 Linux

When I install Linux I end up spending a lot of time tweaking it the way I like it. No matter the Distribution I end up doing stuff like this. Mostly because Out of the Box is for the novice user. Most end Linux users do the same thing.

I typically start with just the base install to make sure all of my hardware is in working order such as Chipset, CPU Microcode, Networking and USB. Easier to catch the issues when it’s a plain Command Line Interface. Also much easier to redo the install to Unstable if the Kernel is too old to see brand new hardware. Unstable isn’t really Unstable, it’s just newer Software that is still experimental. For a example Ubuntu uses a mixture of Unstable and LTR (Long Term Release).

When partitioning I keep things simple and use a single Partition for everything. Now if I am doing this to a system that has Multiple Hard Drives I’ll move things around such as putting the /home directory onto a different drive. Back in the day I use to toss in a old drive just to be used for SWAP but these days I see no performance gains. A EXT4 Partition is just find and no need to go into the world of ZFS and GPT since ZFS eats RAM and GPT will bite you in the ass in the end.

After I verify everything is working I’ll edit the APT sources file and add the contrib and non-free entries, update the mirrors and upgrade. Install Xorg and whatever Window Manager I want. Currently I am giving KDE Plasma a spin and it has a few nice features but I like using the Awesome WM.

Before anything else I once again verify my Video and Audio is working correctly. I’ll run the glxgears program or just look at the OpenGL Information. To test Audio I’ll just load something up in YouTube, a few times in the past the Audio would work fine within the Window Manager but YouTube, Steam and VLC would be deaf. So if YouTube works then there shouldn’t be issues with anything else.

Now I can start adding my custom tweaks and such.

I add my user to the sudoers file and make sure the hostname for the system is final. Also install ntp if Xorg’s install didn’t include it.

su
apt install binutiles sudo ntp ufw fish vlc
nano /etc/sudoers

under root’s entry add
[username] ALL=(ALL:ALL) ALL
Save and exit.

exit

I start by changing the Command Line Shell. Debian uses a modified version of BASH called DASH. Works alright but after you start playing with other types of Shells you end up staying away from it. I use to use Zsh but I converted to FISH. After installing fish I then issue chsh -s /usr/bin/fish then launch it. From there I go into ~/.config/fish and edit the config.fish file and add my alias entries.

alias ls="ls -lahp" alias dir="ls -lahp" alias shutdown="sudo shutdown now" alias reboot="sudo reboot" alias update="sudo apt update" alias upgrade="sudo apt upgrade" alias purge="sudo apt autoremove" alias edit="nano" alias G="grep" alias S="sudo"

After tweaking commands to my liking I’ll add more software I attend to use such as Htop, Bleachbit, Guake, and KDE Connect.

Over time I end up installing neofetch, screen, Arduino IDE, Sublime Text and GCC, Firefox and vBox.

Once in a blue moon I’ll screw up and spend a good few hours fixing it or just end up reinstalling everything.

Featured

Limit Unwanted Network Connections

I’m slowly putting together a Network Administration suite for the Raspberry Pi. Came across a little jewel called Evil Limiter. It’s a Python 3 Script that can do a ARP scan of a Network and give you a IP Address on the Network that you know shouldn’t be there or you have a User sucking up too much Bandwidth. So instead of Deauthing the user you can Throttle or even Block the User. For a example you can Limit a User to 100Kbit/sec or even totally block them.

This could be handy for enforcing say the Kids Internet usage during the Spring/Summer Break or even at work when Steve should be working on a report but is too busy watching Netflix or YouTube.

Now this tool is considered a DoS (Denial of Service) Attack so be careful how you use it and deploy it.

Featured

Building a Z80 Computer

Every hardcore Electronics Engineer and Computer Nerd has a bucket list and there is a Homebrew Retro Computer on that list. I could cheat and buy a RC2014 kit but building it from total scratch is even better.

Now you just don’t order/buy/find the parts and slap it all together. You have to study up on the subject. There is a PDF floating around called “Build your own Z80 Computer” by Steve Ciarcia. Then you have Grant Searle’s Website that is loaded with tons of Schematics and ideas for a minimal chip count Z80 running BASIC and CP/M.

To start off the build I am going to build a curd version of the Zeta256 and branch off of that by adding memory, UART, ROM and so forth.

Built a new NAS

I was bored last weekend and went through my junk box of computer parts. I came across a motherboard that had a AMD FX CPU. It has a ton of SATA ports on it.

I then came across six 2TB drives and a bunch of 1TB drives I had pulled out of NVRs. The case I chose was a 4U rack case I had bought a while back for my shop PC at the old house. I even found a SATA RAID card as well.

I tossed in a 120GB SSD as the primary drive and filled up rest of the drive bays with hard drives. Found a couple of bad drives as well but I had plenty of replacements.

When it came to RAM I tried some ECC DDR3 RAM and the system didn’t like it but I did manage to find four sticks of typical 8GB DDR3 so I got 32GB rock’in.

I had a few options for the operating system. I was thinking to just install Debian and setup a AoE (ATA over Ethernet) and have a couple RAID5s going but I decided to give TrueNAS another shot.

I have to say it was a little of a learning curve with it but I got TrueNAS running with two RAID pools. The six 2TB drives is my backup pool and the three 1TB drives is my VM pool. The whole thing is working as expected.

Now I would like to setup a PXE server so I don’t have to use thumb drives to install Linux on my systems.

Been busy and stressed

I have been moving all of my systems to use Debian 13 Trixie. Debian 12 Bookworm’s last major update has been buggy. My Dell Latitude laptop’s WiFi card decided to function very slow like dial-up speed slow. It’s an old Wireless N PCI-E card. I ordered an Intel AC-7260 that should be a drop in replacement. This should help extend the life of the system for my needs. I have another faster laptop but the audio isn’t working and too lazy to fix it lol.

My little reverse router has been a total game changer at work. It has came in handy for updating firmware on NVRs that are connected to a closed or air gap network. Also the wireless 10inch monitor I updated has been great as well. I can walk around a typical 3bed 2bath home to adjust camera views and show the customer.

However work itself has became stressful. I am once again the only install tech. The owner has laid off most of the company including my Wife. I have seen the ups and downs of this company but this time I am worried. A friend is starting a low voltage division at a electrical company and wants me to come along. I will tag along but I have to wait a month. Right now he is putting together inventory and booking jobs so I cant be added to payroll yet.

Modding a CCTV test monitor

A couple of months ago I ordered a Hikvision X41T Field Monitor for 40 bucks. Has BNC, VGA and HDMI inputs and also has a 12volt output if I ever needed one.

The battery cell for it was useless so I bought a 12 volt battery pack that was on sale for 12 bucks from Amazon. I had attached the battery pack to the back of it with velcrow. Had to fix the barrel jack on the battery pack a few weeks later and yesterday the same thing happen on the monitor.

I had already bought a wireless HDMI kit for it so I just have to plug in the receiver and be totally wireless. Since I had to crack open the LCD to fix the barrel I realized there is plenty of space to cram in the battery pack. So I touched up the solder break on the barrel jack and got the battery pack inside.

I had to modify the battery pack to make the charge circuit fit. Removed the power switch, barrel jack and replaced the 100uF cap so slim it down. I also added a toggle switch as the power switch and added a standard size barrel jack to the back of the LCD so I can charge the battery pack still.

Works great!

Now I need to open it back up and get a 5 volt feed for the wireless HDMI. The monitor has a USB port but wait, it’s not USB!

Yes the picture was taken upside down, sorry.

Notice where it says Video/HD/12V? Well I probed the voltage rail for the USB and it’s 12 volts.

So to fix this I decided to cut the USB cable that came with the wireless adapter in half and add in a Mini360 adjustable voltage regulator and set it to 5.1 Volts. I attached the Wireless HDMI receiver with Velcrow. I would like to have it internal but HDMI has so many pins.

Now I need to design something to hold the transmitter when not in use.

Installing equipment faster with less trips

So at work I have been installing equipment that requires something that has a DHCP server. Meaning a working internet connection pretty much but these installs are before the customer has internet. I would love to have the stuff programmed and ready to go so the customer just has to plug it into their modem instead of rolling out to the job then getting the butt end of “Why did you have to go there several times” because no one ever reads the notes besides the person that handles the schedule.

I’m gonna toss together a Raspberry Pi with some routing tools and a 5 port PoE switch. This way I can program WiFi Access Points, audio systems, TVs and such on site. My job issues out phones that have working hotspots so I can even update firmware and such.

For the software I am going to try RaspAP. It might work. I just need the WiFi radio to be the WAN and the Ethernet to be the LAN.

Getting Hikvision Solar power series cameras working on unapproved cellular networks

At work we started to use some solar powered cameras that have 4G cellular radios. Hikvision recommends AT&T and T-Mobile service with these. Well the office is hell bent on using Verizon.

I called up Hikvision and all they can do is see if the Camera is online or not. I figured it however since I use to dabble with cell phones. So here is how I got it to work with Verizon. Now your results may vary with other providers, even if they use the same towers as the big companies.

You’ll need a computer running Windows, SADP Tool from Hikvision and the Edge browser. It’s easier to power up the camera with a 12volt power supply so you don’t have to in the elements.

Step 1.
Register the SIM card with the IMEI that is on the camera. Take note of the provided phone number the provider gives you after registration.

Step 2.
Use the SADP tool and do a forgot password, export the XML file and send it to Hikvision using their web portal. Takes anywhere from five minutes to an hour and from my experience do not send it any later than 4:00PM EST. When you receive the ZIP file from Hikvision you need to extract it and then upload the new XML file from the SADP Tool. Now set your password.

Step 3.
You’ll need Microsoft Edge for this and have to enable Internet Explorer mode. Change the TCP/IP options to on your computer to match the camera’s network. The default IP to the camera is 192.168.1.64. Just set your IP to 192.168.1.200.

Step 4.
Log into the camera using Microsoft Edge and reload in Internet Explorer Mode. Select Configuration then Network. Now select Wireless Dial.

Step 5.
Make sure the enable box is checked. You should see the SIM 1 has a signal but no IP address. We need to add some Dial Parameters. These are what I used for Verizon.

Dial Mode – Auto
Network Mode – 4G
Offline Time – 3600
Phone – The number that was assigned to SIM card
Access Number – *99#
User Name – Leave blank
Password – Leave blank
APN – vzwinternet
MTU – 1400
Verification Protocol – Auto

If you’re not using Verizon then go to apnsettings.org to find the APN settings for the provider you want to use.

Step 6.
After saving the settings power cycle the camera and when it loads back up go back to Configuration, Network and Wireless Dial. You should now see an IP address and now you can add it to Hik-Connect by scanning the QR code.

Amazon keeps messing up my order

So I decided to buy some tool boxes for work. As much as I would love to buy the Milwaukee Packout stuff I can’t afford it so I decided to go with the Craftsman Versastack.

I had ordered from Amazon the kit that comes with the deep box with wheels, the medium box and the parts box for $99.00 bucks. Was next day shipping but didn’t get sent out until the 14th. At some point it got delayed and was delayed many times so I reached out to Amazon and after fighting the AI chat I was able to speak to a real person. The support said they will resend it with over night shipping and refund me a month of prime. It never happened….

I canceled the order and reordered it. Now I had to pay $116.00. Once again it was next day shipping and should of arrived on the 20th. Guess what, same thing. It never showed up and I got a thing telling me it’s delayed and they will hold off on payment until it’s shipped. Thing is they already took the $116.00. I’m still waiting for the refund for the first attempt.

Kinda tempted to cancel it and just wait for my refunds and go spend the extra 80 bucks at Walmart. I already bought a couple of boxes from Lowes and a medium size box Amazon did send next day shortly from the first attempt so now it’s too late to invest in something else.

New Tool Boxes

So I had a little extra money and decided to buy some Tool Boxes.

I’m a Milwaukee Tools guy but the Packout stuff isn’t worth the money. I checked out Harbor Freight and didn’t like the Bauer modular boxes. Kinda like the dividers in the large box but the construction felt too cheap.

I swear something I think cell phones listen to us. Reason why I went on Amazon on my break and I was suggested the Craftsman Versa Stack tool boxes. The reviews are fine and the set was 100 bucks. However it’s gonna take a week to show up. Also they’re compatible with the Dewalt TSTAK modular boxes so if the Craftsman stuff every gets discontinued I could use the Dewalt boxes.

I gathered my tools up the other day and realized I’m gonna need more storage so I bought another medium box and it came in yesterday.

I had bought some toolbox foam a while back so I used it on the box that came in. This box is going to hold my specialty tools. They all pretty much fit. I have a few more things I want to put in it but those tools are at the office. I still have a few pieces of foam I can use as padding on the big box for my power tools. Next payday I am going to get one of the drawer boxes for my common use tools that I don’t carry everyday in my tool belt.

I am also going to get some Canvas Zipper bags to hold drill bits and such in.

Here is the list of boxes I and accessories I got.

ToolBox Foam
Craftsman Versa Stack Kit
Craftsman Versa Stack Medium box
Craftsman Versa Stack Drawers
Canvas Zipper Tool Bags

Serial Terminal Build (Part 2)

It took a while but I got it working flawlessly on this CCTV monitor.

Here are some of the options I had to use in the config.txt.

sdtv_mode=0 sdtv_aspect=1 sdtv_disable_colourburst=1 overscan_left=33 #dtoverlay=vc4-kms-v3d max_framebuffers=2 framebuffer_priority=3

The first three is declaring we are using CVBS (Composite) video and what kind. Mode is set to NTSC, aspect is set to 4:3 and disabling color so it’s mono.

The text was “falling” off the screen on the left side so I had to use the overscan option to put the video over 33 pixels to the right from the left side.

No accelerated graphics. If enabled during boot the driver loads up and then pushes the text off the screen no matter what is declared on overscan option.

The last two were set when I ran the “tvtune” command.

For giggles I might toss on the Mini vMac emulator and emulate an old classic Macintosh.

Serial Terminal Build

The Monitor arrived and I checked it out. Before power up I opened it up and did a visual inspection. Looks very clean and possibly low hours have been used. Typically CRT displays are magnets for dirt when they are on. Black dust builds up on the dag ground and really bad on the anode from the flyback over time when it’s used. This looks like it just came off the assembly line.

I found an old Pi Zero and created a fresh SD card and modified the config.txt to use SDTV. The Pi wouldn’t power on. I pulled out a Pi3 and that works but I need to run an older version of the OS so I can have more CVBS options like 4:3 aspect and such. The current build only has a few options.

Building a retro serial terminal the right way

I always wanted a serial dumb terminal. The popular retro units are way too expensive. I’ve made a few in the past but didn’t have that charm to it with an LCD. I even tried to 3D Print a mini VT-100 but kept running into issues of parts fitting. However I was able to 3D print a case that would work but after printing it the LCD and keyboard that was made for it are too expensive.

So the route I am going is a 1970’s home brew route. I bought a ELMO 902-E CCTV B&W monitor. These types of displays were like the Sony PVM but in black & white. They have a much higher resolution than a typical TV. Some have compared it to a 1080p resolution.

The plan is to clean it up, recap it if needed. Add a few mods so I can use it for other things like Composite video and S-Video but the main idea is to toss in a Raspberry Pi Zero I got laying around and just have it load up either gnu screen or minicom.

Now this isn’t going to be fully 1970’s but the look and feel is what I am going for. The hard part is the keyboard. I love mechanical keyboards but they’re all backlit these days and they’re typically those lame RGB effects. I found this one and the ad says you can turn the backlight off. Now it would be cool to have it backlit but a solid color like Green, Orange or White.