prevent dns enumeration on bind dns server

what the hell is dns enumeration? well, according to this pdf book DNS enumeration is

… the process of locating all the DNS servers and their corresponding records for an organization. A company may have both internal and external DNS servers that can yield information such as usernames, computer names, and IP addresses of potential target systems.

so, this just little tricks on how to prevent dns enumeration on bind dns server, some dns enumeration tools will look at the zone transfer located on your dns server, and when it was misconfigured, it will leak all dns info to the attacker, like this:

sample of dns enumeration result
sample of dns enumeration result

Q: so, what’s the actual danger of this kind of leakage?

A: The information can disclose the network infrastructure of the company without alerting the IDS/IPS. This is due that most of the organizations are not monitoring their DNS server traffic and those that do they only monitor the zone transfers attempts.

and the trick is simple, most of the enumeration tools look for dns zone transfer record, so instead of allowing it for the rest of server’s uptime, just turn it of until you’re needed to do that.

put this line on your named.conf

and restart the service.

disclaimer: this tips doesnt guarantee your server will 100% immune to enumeration. the incident was reported and already fixed by the sysadmin on 18 april 2016.

XTraDB – InnoDB internal, in drawing

as an idiot sysadmin, it’s quite hard for me to understand what was the differrence between InnoDB and XtraDB, until I found this document called “XtraDB – InnoDB internal drawing”.

 

XtraDB - InnoDB internal

 

need a bigger picture? click here

[Job Offer] Backend Developer at Qasico

Hello,

Qasico is looking for a Backend Developer.

qasico

here is a brief explanation for Qasico,
QASICO are the first customized Integrated Business Application (IBA) provider in Indonesia. IBA is an integration model that combines business model operations and processes with technology to achieve efficiency, manageable, expandable and sustainable company or businesses. QASICO understand business challenges in every business stages, once the company fail to cope with that it’ll be a hard way to restart it again. That’s why QASICO with IBA modular system will assure company’s growth for successes.

QASICO origin name yield from Padang language (West Sumatra province of Indonesia), means “come here”. We are welcoming all business leaders and entrepreneurs to allocate the time to think about the business future without worrying how to get there. When challenges of business process enabler using technology as solution, QASICO is the answer

are you interested? find more info here.

golang oEmbed package

oembed
oEmbed

hello Everyone, I just want to share a small Golang oEmbed package for parsing Oembed data, there was a paid service like embed.ly or iframely.com. but in case you’re have a growing startup that doesn’t have big pile of money to pay some SaaS, maybe deploying your own service can be a good solution.

this module is written in golang, called oembed, and I also write a demo on how to use this module as a part of http service called gallang, the working demo are live here.

I’m bit suck at introducing something, so that was all.  X_X

[Scrapy] ‘scrapyd.webservice’ doesn’t define any object named ‘DaemonStatus’

I was using scrapy v1.0.3 and scrapyd v1.1.0 when I got "Module 'scrapyd.webservice' doesn't define any object named 'DaemonStatus'"  error as I throw deploy command through my scrapyd-client .

let me at 'em
let me at ’em

I doesnt know exactly why scrapinghub team doesnt release a new package to pypi, the documentation of scrapyd allready showing the latest docs describing about DaemonStatus.json  endpoint, but the latest package on cheese-shop still doestn provide this function.

In case you’re hurry and need this to be fixed asap, just pull the code from their github repo, I’m using this version [c7b98c].
extract, and install it. restart your scrapyd and everything just fine except you still cannot access the daemonstatus.json  endpoint.

naah not bad, at least I still can manage to deploy my latest spider to the production server.

hints:

if you are working with virtualenv, make sure you activate the virtualenv before firing these command

after that, resume your delayed task.

[ rabbitmq ] shit i forgot my admin password

with current hype on microservice, sometimes you will tighly coupled with message-oriented middleware like RabbitMQ [features], and as a part of security you will need an account to access them, yeah that username and password things.

but what happen if your sysadmin has shortcomings in terms of recall and suddenly yelling “Shit, I forgot my admin password” when you ask him to add new rabbitmq account for some software-development-related stuff?

its-rabbids-not-rabbitmq
aaaaaaaaaaaa

just calm him down and tell him to do this:

to add new user identified by  sup3rc00lpwd , and followed by this

to assign newly create user as an administrator . and then tell him to clean up his shit.

dont forget to tell him to sip his nearly-freeze coffee.


 

ps: in this post, I was the sysadmin.

ps2: this post contain heavy use of badwords and sarcasm.

Selenium Grid with PhantomJS

PhantomJS
PhantomJS Logo

Today I was installing a new box to be used as automatication server, for the hub I’m using selenium grid with PhantomJS as some of the webdriver that plugged in.

I’m using PhantomJS v2.0, downloaded it’s source from official site (http://phantomjs.org/), and compiling it in 4 core debian jessie VM.

the compilation work nicely, just follow along the build documentation (http://phantomjs.org/build.html) until I had an issue when running this command:

the output says:

googling for a while, and the problem was in the GhostDriver, so in case you had this issue, here is a quick solution:

edit src/ghostdriver/hub_register.js , comment or delete this following code:

recompile, and the problem is gone.

Here is the output after firing the same command:

[php] Lumen Framework Additional Configuration File

Today I was interested in Lumen Framework, another product from Taylor Otwell under the Laravel flag. at my first though, oh look another laravel with less batery included by default.

started to construct new project, and yeah, I need an additional configuration file and I would like to add it somewhere separated from the famous ‘.env’ file.

after lurking around the Lumen’s docs, I found this:

whoa whoa, where this config come from? nah, found it under the this file pointing to Container’s instance. and the I found this function that can be called from the $app->configure() . This magic give you an ability to add additional configuration file using php format that placed in the config folder within your project root.

 

so, without wasting more time, I create the config folder, put my site.php file with following value:

and add this line to app.php

this method fill register your additional configuration file which is placed in config/{name}.php and you can access it later with config("{name}.{key}") . please make sure you change the {name} with correct file.

 

Fin.

[golang] Tick – Tock Clock

 

[vagrant][chef] chef missing shared folder

Chef missing shared folder
vagrant logo

Today I found issue after upgrading my virtualbox. I was using vagrant with chef as provisioner. after upgrading virtualbox and VBoxGuestAddons, and updating some component on cheffile, my chef provisioner returning error that Chef missing shared folder.

The error message is looked like this:

then after googling for a while, I got the solutions. the problem is, vagrant cached the synced folder settings, after upgrading VirtualBox, this cache should be invalidated. To invalidate the cache, just run this command from your vagrant directory (The directory where your vagrantfile lies)

and re-run the provisioner

solved, that’s how to solve when Chef missing shared folder when you re-run provisioner after upgrading virtualbox