Categories
Uncategorized

stuck at cisco rommon or switch: prompt and wanted to revert a bad upgrade in ios?

I didn’t know this was a thing I wanted to do, but while upgrading a few Cisco 3650’s I accidentally threw on the wrong bin file. I pointed to the wrong bin file and rebooted. Luckily I had a console cable plugged in and ready already. I knew the previous image was good, so now that I am stuck at rommon, or a switch: prompt I was able to enter this and it booted right into the old and good ios:

boot flash:packages.conf

I don’t know why this was so hard to find, but googling for ios upgrade revert rommon, hopefully this comes up and saves you some looking!

Categories
Linux

librenms and oxidized plugin SSH issues

I was setting up LibreNMS (version 22.2.1 at time of writing) and found out that it also has a plugin called oxidized (version 0.28.0 at time of writing) that allows you to do back ups of configuration files. So I figured why not, let’s replace my dated rconfig setup. In my opinion oxidized is a bit archaic, but it seems to be based on an old tool called RANCID. So long story short, it is a bit on the YAML heavy side, it takes some manual configuration in shell. My oxidized config looks like this, for example:

# - keyboard-interactive

groups: {}
models: {}
pid: /home/oxidized/.config/oxidized/pid
input:
  default: ssh
  debug: false
  ssh:
    secure: false
output:
  default: file
  file:
    directory: /home/oxidized/.config/oxidized/configs
source:
  default: csv
  csv:
    file: /home/oxidized/.config/oxidized/router.db
    delimiter: !ruby/regexp /:/
    map:
      name: 0
      ip: 1
      model: 2
      username: 3
      password: 4
    vars_map:
      ssh_kex: 5
      ssh_host_key: 6
      ssh_hmac: 7
      ssh_encryption: 8
      enable: 9
    gpg: false
model_map:
  cisco: ios
  juniper: junos
  asa: asa

I kept getting KEX errors for my ASA when it was trying to log in:

raised Net::SSH::Exception (rescued RuntimeError) with msg "could not settle on kex algorithm"

My ASA router.db line looked like this (replacing xxxxx with actual passwords):

madfw5:192.168.150.1:asa:admin:xxxxxxx:+diffie-hellman-group1-sha1:ssh-rsa:hmac-sha2-256:aes256-cbc:xxxxxxxx

I knew this was a good KEX (diffie-hellman-group1-sha1), as I forced it via the ASA, and SSH worked via putty, or other switches on the network. It also worked for my cisco switches via oxidizer. For reference, my ASA is running 9.16(2)14 ASA and ASDM 7.17(1)152. I wanted to see what other options exist, so I ran show ssh:

madfw5# show ssh
Idle Timeout: 60 minutes
Version allowed: 2
Cipher encryption algorithms enabled: aes128-gcm@openssh.com aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc chacha20-poly1305@openssh.com
Cipher integrity algorithms enabled: hmac-sha2-256

and my KEX checked my KEX:

madfw5#  sh run ssh
ssh stricthostkeycheck
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group14-sha256

But I kept getting the error. Doing some digging, I saw oxidizer uses NET:SSH perl module, and their GIT is pretty updated, and it showed what algorithms were currently supported: https://github.com/net-ssh/net-ssh

I saw ecdh-sha2-nistp256 was allowed and supported, which worked on the ASA, by tabbing out the option:

madfw5(config)# ssh key-exchange group ?

configure mode commands/options:
  curve25519-sha256   Diffie-Hellman group-31-sha256
  dh-group1-sha1      Diffie-Hellman group 2 (DEPRECATED)
  dh-group14-sha1     Diffie-Hellman group-14-sha1
  dh-group14-sha256   Diffie-Hellman group-14-sha256
  ecdh-sha2-nistp256  Diffie-Hellman group-19-sha256

Then forced it by finishing out the command in configure terminal mode:

madfw5# conf t
madfw5(config)#
madfw5(config)# ssh key-exchange group ecdh-sha2-nistp256

so now it shows:

madfw5(config)# sh run ssh
ssh stricthostkeycheck
ssh timeout 60
ssh version 2
ssh key-exchange group ecdh-sha2-nistp256
madfw5(config)#

good to go, now the ASA is backing up and running oxidizer, huzzah! I am still learning what else oxidizer can do. My next step is to enable git, so it will automatically upload new versions of the configuration files it backs up.

Categories
Computer Hardware Gaming General Computing

Steelseries GG sucks – get the last version of engine

As most people seem to be aware, the Steelseries GG software sucks, and those of us who just needed Engine, are forced to upgrade. So I dug around for the last version of Engine only, none of the GG bloat and this was it: SteelSeriesEngine3.20.0Setup.exe

This is the direct link, while it works to steelseries’ website: https://engine.steelseriescdn.com/SteelSeriesEngine3.20.0Setup.exe

If they pull it, you can download here: https://vivithemage.com/extra/SteelSeriesEngine3.20.0Setup.exe

If you download it from steelseries or vivithemage.com, these are the hashes:

MD5: E0828A3D321418513CEC2B273CF33607
SHA1: 5B1E48E51C02C685B236199C1A71F07E0396780E
SHA256: 7527895C81CB5C42CE51F5463FA7FAB79766952E1F8F34B5E6F1268CD2681EA0
SHA512: 534C496B597DF513863CC004BF4F413E3CDE6830748D2EF03897C7049075E381DADFCBD968B5A298D1F845DF9D6658555133A469D0D40E3D46F768920B15DC0F

If you were forced to upgrade to GG, make sure to uninstall and then install this version of Engine. This is currently working fine for my Windows 10 Pro 21H2 patched PC.

Categories
Linux

How to Install or Update PHP to 7.4 with ioncube on CentOS 7

I needed to upgrade my WHMCS host server to utilize PHP 7.4. I am coming from PHP7.3 and found it pretty straight forward of an upgrade. Also, 7.3 is end of life and only on security updates right now.

Step 1: First thing I would do is back up your server you are updating. If you can, do a snapshot.

Step 2: Update your server

yum install epel-release yum-utils -y
yum update -y

Step 3: Check the version of the PHP that is currently running.

php -v

Step 4: List all the PHP packages you have installed into a file, so you can refer to it to install all those packages in PHP 7.4

rpm -qa | grep php > /home/php_rpm_originals.txt

Step 5: Remove all the installed PHP packages

yum remove "php*" -y

Step 6: Install the updated Remi repository if it is not already installed.

yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm

Step 7: Enable the PHP 7.4 repository, install the core and required PHP packages. You can also refer to step 4 for the previously required packages.

yum --enablerepo=remi-php74 install php php-pdo php-fpm php-gd php-mbstring php-mysql php-curl php-mcrypt php-json php-bcmath php-tidy php-tcpdf php-xmlrpc -y

Step 8: Check the updated PHP version.

php -v

PHP 7.4.27 (cli) (built: Dec 14 2021 17:17:06) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
Step 9: Restart Apache to use the newly installed PHP 7.4

systemctl restart httpd

Step 10: Check what architecture you are running – in my case it was 64bit

uname -a

Linux madgenius.com 3.10.0-1160.53.1.el7.x86_64 #1 SMP Fri Jan 14 13:59:45 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Step 11: Download your version of the ioncube loaders

——————– For 64-bit System ——————–

cd /tmp

wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz

——————– For 32-bit System ——————–

cd /tmp

wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz

Step 12: unzip and move into the directory

tar -zxvf ioncube_loaders_lin_x86*
cd ioncube/
ls -ltrh

Step 13: Obtain your PHP location for modules.

php -i | grep extension_dir

extension_dir => /usr/lib64/php/modules => /usr/lib64/php/modules
Step 14: Copy the files you need, in our case it was 7.4.

cp ioncube_loader_lin_7.4.so ioncube_loader_lin_7.4_ts.so /usr/lib64/php/modules

Step 15: Modify your php.ini file to include ioncube. I added mine at the top right below [PHP]. The line you want to add is:

zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_7.4.so

vi /etc/php.ini

Once done editing, hit ESC and then type in :X and hit ENTER


Step 16: Restart apache or nginx/php-fpm servers
——————– Start Apache Web Server ——————–

systemctl restart httpd

——————– Start Nginx + PHP-FPM Server —————-

systemctl restart nginx
systemctl restart php-fpm

Verify install:

php -v

PHP 7.4.27 (cli) (built: Dec 14 2021 17:17:06) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with the ionCube PHP Loader + ionCube24 v11.0.1, Copyright (c) 2002-2022, by ionCube Ltd

Categories
Advertising

EVGA 10% off discount code – associates code

Warning, this is purely an ad post for my associates code. Good news is it can get you up to 10% off any hardware at evga.com and it’s store. When you go to check out, just punch in this associates code during checkout: I6AM2ZPP7846RU5

That is it! Should save you up to 10%. Otherwise here’s the total savings per product type:

Product Type
Audio
10.00%

Capture Device
5.00%

Cases
10.00%

Cooling
10.00%

Gaming Keyboards
5.00%

Gaming Mice
5.00%

Graphics
3.00%

Motherboards
5.00%

Power Supplies
10.00%

I appreciate you for using my code!

Categories
APC

Having issues upgrading APC 9640 Network Manager card 3

Of course this is still a thing. Even though when you log into the management page, you can click firmware upgrade, it fails to upload throwing:

Trying numerous browsers, the upgrade always fails via the browser for my AP9640/41/42 APC Network Management Cards. So just like I experienced before with the AP9617/18/19 cards, you have to drop into FTP to successfully upgrade. The process is one of a few options pulled from APC’s website: https://www.apc.com/us/en/faqs/FA156047/

Before upgrading, make sure you pulled down the Bin file, which as of this posting (November 2021) was: apc_hw21_su_1-5-1-1.nmc3 You can find it by downloading the latest file from apc’s website and running the exe file. Then dive into the directories to C:\apc_hw21_su_1-5-1-1\Bins . If for some reason this file doesn’t exist anymore, you can pull it down from here: https://vivithemage.com/extra/apc_hw21_su_1-5-1-1.nmc3

MD5 HASH: AEDA1DEECF92D6DC956DE9A8235DDB11
SHA256 HASH: 2D68A703308F222E453BA525816B544635DE03D451D406BB52A856CD0920F1A9

This is what you have to do to upgrade:

Manual (via FTP) – Network Management Card 3

1. To perform a firmware flash with this method the Management Card must have been previously configured with a System IP, Subnet Mask, and Default Gateway and attached to the network. In addition, FTP Server must be enabled.

2. Open an MS-DOS command prompt window on a PC which is connected to the network. Change to the directory which contains the firmware upgrade files. Some example commands which need to be entered are shown in bold in order to change directoriesPlease note, this is just an example. You may need to enter a full path to a directory which requires different syntax.
C:\>cd apc
C:\apc>

3. Open an FTP client session.

C:\apc>ftp 192.168.1.100 (192.168.1.100 being the IP address of the web card)

4. Log in as Administrator (apc is the default user name and password).

5. Upgrade the firmware:

ftp>bin(specifies binary transfer mode which is required)
ftp> hash (optional – enables hash mark printing as a way of monitoring file transfer progress)
ftp>put apc_hw21_SU_XXXX.nmc3(XXX being the version number downloaded)
6. When FTP confirms the transfer, type quit to close the session.

7. Wait about 20 – 30 seconds.

That is it, APC Network Manager will reboot and you’ll be upgraded.

Categories
General Computing

SABnzbd 3.4.1 Windows – Untrusted certificate

Interesting issue that popped up right after upgrading. My SABNZB started throwing cert errors on all of my usenet servers. Too much of a coincidence, and it looks like there was an expired cert. The error SabNZB kept spitting out was:

Server blablabla uses an untrusted certificate [Certificate not valid. This is most probably a server issue.]

This is a shameless pull from /u/MonstaGraphics on reddit who posted the fix.

  1. Press the Windows/Start button, Type MMC and press enter.
  2. Press Ctrl+M.
  3. Double-click on “Certificates” in the left list, then click the “Finish” button. Click “OK” to close the window.
  4. Expand “Certificates – Current User”, then expand “Intermediate Certificate Authorities”, then click “Certificates”.
  5. Find the expired certificate titled “R3”, and delete it. Close the Window, you don’t need to save anything once prompted.
Categories
Gaming

Fallout 4 mouse lag fix

I have not played fallout 4 in a while, but for some reason, mouse lag was still a problem as it was in fallout 3 and New Vegas. The fix is the same though. Navigate to here:

C:\Users\**USERNAME**\Documents\My Games\Fallout4

Use your favorite file editor to modify these two files: Fallout4.ini and Fallout4Prefs.ini If you do not have a file editor, try notepad, or get yourself notepad++ to enable yourself a lot more editing functionality.

You want to change line iPresentInterval=1 to be iPresentInterval=0

That resolved it for me, again. At least the fix is consistent!

Enjoy.

Categories
Nintendo Switch

Nintendo Switch does not detect SD Card – Plug ribbon cable back in option

My Nintendo switch v2 stopped detecting my SD card. I was able to plug the SD card back into my PC and it was detecting OK. I am guessing my son dropped the switch, and I am out of warranty. So I took it apart to see what was behind there, I figured these connectors aren’t super strong, they are usually a ribbon cable. I was right, it was not connected anymore. Put it back in, and it was good.

If you think that might be you, here’s what it looks like to reconnect the ribbon cable. You can find numerous teardown videos to get to this stage, it’s only a few screws. One caveat, be very gentle with the screws, do not over tighten them as they are very soft metal. They will strip easily.

Categories
General Computing

Bypassing the Google Chrome “Your connection is not private” Warning

Sometimes this will pop up, specifically with a website that has a CA signed by the military, government, or self signed certs. In Google Chrome, at least as of version 92.0.4515.159, you can do this to get around it. Just know, that your session may not be as secure as you’d like, so you better know what you are hitting!

The fix is to left click anywhere on the site page, and then type:

thisisunsafe

If it worked, the site should reload and get you in. You do not need to press enter, it will automatically take it. There’s no text box, or typing prompt, just type it on the screen after you left click on the page.