幽靈連線：持續性的 proxy.pac 請求

透過 wireshark 觀察，電腦持續發對遠端Host-A電腦出 proxy.pac 請求。

關閉全部proxy設定後，電腦仍持續對 Host-A:443 發出 https://host/proxy.pac 的連線。

使用 netstat -no  找到發送連線的資訊，及所對定的PID。

使用 wmic process get Caption, ProcessID, ParentProcessID 找到該PID所對應的 Parent PID (PPID)及程序名稱，發現是連線是來自 msedgewebview2.exe，其最上層程序是 widgets.exe。

搜尋網頁後發現widgets.exe應該是Windows小工具，透過設定關閉Windows小工具，發現程序依然存在。

利用程序探索器v17.12 (Process Explorer)觀察msedgewebview2.exe和widgets.exe的關聯性，也透過工作管理員開啟顯示PID來觀察msedgewebview2.exe，確認widgets.exe應該是Windows小工具。

再去搜尋網頁，發現要完全關閉widgets.exe必須利用編輯群組原則來設定(gpedit.msc)：
電腦設定兒 > 系統管理範本 > Windows元件 > 小工具 > 允許小工具 
設定為已停用，如此才能避免程序依然存在，只是畫面上不會顯示。

關閉後，發現對外連線數已經減少，但依然還是存在。

再次使用netstat, wmic, procexp, tasklsit，發現請求是來自系統開機初期就已經執行的 svchost.exe，其執行內容為 svchost.exe -k LocalServiceHttp -p，再去查詢發現這是 WinHTTP Web Proxy Auto-Discovery Service，且這個服務是無法透過管理服務來關閉：
電腦管理 > 服務 > WinHTTP Web Proxy Auto-Discovery Service 

最後思考，一定是有甚麼資訊記載讓這麼底層的服務會去參照，想到利用regedit來搜尋，搜尋連線出去的網址，意外發現，竟然使用者的登錄資訊，竟然有過去Internet Explorer殘留的資訊，但這個資訊已經沒辦法利用現在的設定工具來呈現或變更：HKEY_USERS\USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
"AutoDetect"=1
"AutoConfigURL"="URL"
"ProxyEnable"=1
"ProxyServer"="Proxy:Port"
"ProxyOverride"="List"

其中 AutoConfigURL 就是過去曾經設定過的資訊，移除之後，在重新開機，幽靈連線就此消失，解謎任務完成。

Tiny Core Linux安裝PowerDNS Server/Recursor

1. 建立開發機器

qemu-img create -f qcow2 Core15-64-dev-1024.qcow2 1024M

2. 安裝作業系統並設定serial console

qemu-system-x86_64 -hda Core15-64-dev-1024.qcow2 -cdrom CorePure64-15.0.iso -boot d -m 4096

3. 開啟TC

qemu-system-x86_64 -hda Core15-64-dev-1024.qcow2  -m 4096 -accel whpx,kernel-irqchip=off  -serial telnet:localhost:12345

4. 安裝編譯環境

tec-load -wi compiletc openssl-dev wget 

copy Core15-64-dev-1024.qcow2 Core15-64-dev-pdns-recursor.qcow2

5A. 建立PowerDNS Recursor開發環境機器

qemu-system-x86_64 -hda Core15-64-dev-pdns-recursor.qcow2 -m 4096 -accel whpx,kernel-irqchip=off -serial telnet:localhost:12345,server,nowait

6A. 下載並安裝Recursor所需編譯環境並進行編譯

tce-load -wi boost-1.65-dev lua-5.4-dev rust

cd /usr/local/include

sudo ln -s lua5.4/* .

cd ~

wget https://downloads.powerdns.com/releases/pdns-recursor-5.2.0.tar.bz2

tar xf pdns-recursor-5.2.0.tar.bz2

cd pdns-recursor-5.2.0

export SSL_CERT_FILE=/usr/local/etc/ssl/certs/ca-certificates.crt

./configure

make

7. 安裝完成編譯程式

sudo make install

8A. 封裝pdns-recursor.tcz

tce-load -wi squashfs-tools

mkdir -p pdns_recursor

cd pdns_recursor

mkdir -p usr/local/sbin usr/local/bin usr/local/etc usr/local/etc/pdns_recursor usr/local/tce.installed

cp /usr/local/sbin/pdns_recursor usr/local/sbin

strip -g usr/local/sbin/*

cp /usr/local/bin/rec_control usr/local/bin

strip -g usr/local/bin/*

cp /usr/local/etc/recursor.yam-dist usr/local/etc

cat > usr/local/etc/pdns_recursor/recursor.yml <<_END_

dnssec:
   validation: off

ecs:
   add_for:
   - '0.0.0.0/0'

incoming:
   allow_from:
   - '0.0.0.0/0'
   listen:
   - '0.0.0.0'
   use_incoming_edns_subnet: true

logging:
   loglevel: 6
   trace: 'yes'

outgoing:
   dont_query:
   - '127.0.0.0/8'
   edns_subnet_allow_list:
   - '0.0.0.0/0'
   source_address:
   - '0.0.0.0'

recursor:
#   hint_file: '/opt/pdns_recursor/root.hint'

_END_

cat > usr/local/etc/pdns_recursor/root.hint <<_END_

; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35

_END_

cat > usr/local/tce.installed/pdns_recursor <<_END_

#!/bin/sh
syslogd
sleep 5
mkdir /var/run/pdns-recursor

mkdir /opt/pdns_recursor

cp -n /usr/local/etc/pdns_recursor/* /opt/pdns_recursor
pdns_recursor --daemon=yes --config-dir=/opt/pdns_recursor

_END_

cd ~

cat pdns_recursor.tcz.dep <<_END_

openssl.tcz
boost-1.65.tcz
lua-5.4-lib.tcz
curl.tcz

_END_

sudo chown -R root:root pdns_recursor

sudo chown tc:staff pdns_recursor/usr/local/tce.installed/pdns_recursor

chmod 755 pdns_recursor/usr/local/tce.installed/pdns_server

mksquashfs pdns_recursor pdns_recursor.tcz

md5sum pdns_recursor.tcz > pdns_recursor.tcz.md5.txt

9A. 導出

local:

nc -w 3 server 65001 < pdns_recursor.tcz

remote:

ncat -l 65001 > pdns_recursor.tcz 

local:
nc -w 3 server 65001 < pdns_recursor.tcz.dep
remote:
ncat -l 65001 > pdns_recursor.tcz.dep
local:
nc -w 3 server 65001 < pdns_recursor.tcz.md5.txt
remote:
ncat -l 65001 > pdns_recursor.tcz.md5.txt

5B. 建立PowerDNS Server開發環境機器

copy Core15-64-dev-1024.qcow2 Core15-64-dev-pdns-server.qcow2
qemu-system-x86_64 -hda Core15-64-dev-pdns-server.qcow2 -m 4096 -accel whpx,kernel-irqchip=off -serial telnet:localhost:12345,server,nowait
6B. 下載Server編譯所需編譯環境並進行編譯

tce-load -wi boost-1.65-dev lua-5.4-dev rust curl-dev

cd /usr/local/include

sudo ln -s lua5.4/* .

cd ~

wget https://downloads.powerdns.com/releases/pdns-4.9.5.tar.bz2

tar xf pdns-4.9.5.tar.bz2

cd pdns-4.9.5

export SSL_CERT_FILE=/usr/local/etc/ssl/certs/ca-certificates.crt
./configure --with-modules=bind
make
7. 安裝完成編譯程式
sudo make install
8B. 封裝pdns-server.tcz
cd ~
mkdir -p usr/local/bin usr/local/sbin usr/local/etc usr/local/tce.installed /usr/local/lib/pdns usr/local/etc/pdns_server
cp /usr/local/sbin/pdns* usr/local/sbin
cp /usr/local/bin/pdns* usr/local/bin
cp /usr/local/bin/zone* usr/local/bin
cp /usr/local/etc/pdns.conf-dist usr/local/etc
cp /usr/local/lib/pdns/* usr/local/lib/pdns
strip -g usr/local/bin/* usr/local/sbin/*
strip --strip-unneeded usr/local/lib/pdns/lib*.so
cat > usr/local/tce.installed/pdns_server <<_END_
#!/bin/sh
syslogd
sleep 5
mkdir /var/run/pdns
mkdir /opt/pdns_server
cp -n /usr/local/etc/pdns_server/* /opt/pdns_server
pdns_server --daemon=yes --config-dir=/opt/pdns_server
_END_
cat > usr/local/etc/pdns_server/pdns.conf <<_END_
daemon=no
edns-subnet-processing=yes
enable-lua-records=yes
launch=bind
bind-config=/opt/pdns_server/named.conf
local-address=0.0.0.0
log-dns-details=yes
log-dns-queries=yes
loglevel=6
_END_
cat > usr/local/etc/pdns_server/named.conf <<_END_
zone "example.com." {
        type master;
        file "/opt/pdns_server/db.example.com";
};
_END_
cat > usr/local/etc/pdns_server/db.example.com <<_END_
$TTL 60
@       IN      SOA     ns.example.com. host.example.com. (
        2025010101;
        600;
        30;
        60;
        60)
        IN      NS      ns
ns      IN      A       10.1.1.1
www1    IN      A       10.1.1.2
www2    IN      A       10.1.1.2
www     IN      LUA     CNAME   "; if (netmask({'10.1.1.0/24'})) then return 'ww
who     IN      LUA     TXT     "; returnj 'IP=' .. bestwho:toString()"
_END_
cd ~
sudo chown -R root:root pdns_server
sudo chown tc:staff pdns_server/usr/local/tce.installed/pdns_server
sudo chmod 755 pdns_server/usr/local/tce.installed/pdns_server
mksquashfs pdns_server pdns_server.tcz
md5sum pdns_server.tcz > pdns_server.tcz.md5.txt

cat > pdns_server.tcz.dep <<_END_
> openssl.tcz
> lua-5.4-lib.tcz
> curl.tcz
> _END_

9. 導出

local:
nc -w 3 server 65001 < pdns_server.tcz
remote:
ncat -l 65001 > pdns_server.tcz 
local:
nc -w 3 server 65001 < pdns_server.tcz.dep
remote:
ncat -l 65001 > pdns_recursor.tcz.dep
local:
nc -w 3 server 65001 < pdns_server.tcz.md5.txt
remote:
ncat -l 65001 > pdns_server.tcz.md5.txt

Mikrotik script to add NAT rules for GNS3

SNMP

:for i from=0 to=9 do={ /ip/firewall/nat add chain=dstnat protocol=udp dst-address=120.125.82.173 dst-port="6300$i" to-addresses="192.168.1.$i" to-ports=161 action=dst-nat }

:for i from=10 to=99 do={ /ip/firewall/nat add chain=dstnat protocol=udp dst-address=120.125.82.173 dst-port="630$i" to-addresses="192.168.1.$i" to-ports=161 action=dst-nat }

:for i from=100 to=255 do={ /ip/firewall/nat add chain=dstnat protocol=udp dst-address=120.125.82.173 dst-port="63$i" to-addresses="192.168.1.$i" to-ports=161 action=dst-nat }  

TinyCoreLinux安裝Bit-Twist

A. Bit-Twist僅能安裝於64bit TinyCoreLinux

B. 生成bittwist.tcz

1. 安裝CorePure64.iso於Core15-dev.qcow2

qemu-img create -f qcow2 Core15-dev.qcow2 512M

qemu-system-x86_64 -hda Core15-dev.qcow2 -cdrom CorePure64-15.0.iso -boot d -m 256

開機後依OS安裝程序完成TinyCoreLinux安裝

2. 建立編譯環境

qemu-system-x86_64 -hda Core15-dev.qcow2 -m 256

tce-load -wi compiletc

3. 下載Bit-Twist編譯環境並產生bittiwst

tce-load -wi libpcap-dev

tce-load -wi wget

hash -r

wget https://sourceforge.net/projects/bittwist/files/Linux/Bit-Twist%204.4/bittwist-linux-4.4.tar.gz/download

mv download bittwist-linux-4.4.tar.gz

tar zxf bittwist-linux-4.4.tar.gz

cd bittwist-linux-4.4

修改編譯參數：
修改
LPCAP = -Wl,-Bstatic -lpcap -Wl,-Bdynamic
為
LPCAP = -lpcap

vi Makefile

make

strip bin/bittwist bin/bittwiste

4. 封裝bittwist.tcz

tce-load -wi squashfs-tools

mkdir -p /tmp/bittwist/usr/local/bin

cp bin/bittwist bin/bittwiste /tmp/bittwist/usr/local/bin

sudo chown -R root:root /tmp/bittwist

mksquashfs /tmp/bittwist bittwist.tcz -noappend

5. 送出bittwist.tcz

使用 nc (netcat) 進行檔案傳輸

接受端 (server:65001)

nc -l -p 65001 > bittwist.tcz

或

ncat -l 65001 > bittwist.tcz

發送端 

nc -w 3 server 65001 < bittwist.tcz

完成bittwist.tcz的生成。

sudo halt

C. 安裝bittwist.tcz於Core15-bittwist.qcow2

1. 建立Core15-bittwist.qcow2

qemu-img create -f qcow2 Core15-bittwist.qcow2 128M

qemu-system-x86_64 -hda Core15-bittwist.qcow2 -cdrom CorePure64-15.0.iso -boot d -m 128

開機後依OS安裝程序完成TinyCoreLinux安裝

2. 安裝tcpdump

qemu-system-x86_64 -hda Core15-bittwist.qcow2 -m 128 -nic user,hostfwd=tcp::65001-:65001

tce-load -wi tcpdump

3. 下載bittwist.tcz

cd /mnt/sda1/tce/optional

nc -l -p 65001 > bittwist.tcz

發送端 

nc -w 3 Host_IP 65001 < bittwist.tcz

或

ncat --send-only localhost 65001 < bittwist.tcz

測試下載的bittwist.tcz檔案

tce-load -i bittwist.tcz

4. 設定開機安裝bittwist.tcz

將bittwist.tcz加入/mnt/sda1/tce/onboot.lst

修改

tcpdump.tcz

為

tcpdump.tcz
bittwist.tcz

vi /mnt/sda1/tce/onboot.lst

安裝bittwist.tcz完畢

sudo halt

5. 測試bittwist.tcz安裝結果

qemu-system-x86_64 -hda Core15-bittwist.qcow2 -m 128

bittwist -d

rm .ash_history

sudo halt

Windows Apache & PHP Installation

1. Download Apache (Windows version)

https://www.apachelounge.com/download/

2. Download PHP (Windows version)

https://windows.php.net/download

3. Install Apache

• Unzip httpd-2.4.62-240718-win64-VS17.zip
• Move extracted directory Apache24 to X:\Apache24
• Add or modify the following lines in httpd.conf (X:\Apache24\conf\httpd.conf):

Define SRVROOT "X:/Apache24"
Define DOCROOT "Y:/htdocs"
Define SRVNAME "your.domain"

Define CERTDOC "Y:/cert/domain"
ServerAdmin "admin@${SRVNAME}"
ServerName "${SRVNAME}:80"
DocumentRoot "${DOCROOT}"
<Directory "${DOCROOT}">

• To rotate logs modify the following lines in httpd.conf:

ErrorLog "|bin/rotatelogs.exe -l ${DOCROOT}/logs/error-%Y%m%d.log 86400"
CustomLog "|bin/rotatelogs.exe -l ${DOCROOT}/logs/access-%Y%m%d.log 86400" common

• To increase Max Client Connections

Uncomment the following line in httpd.conf:
Include conf/extra/httpd-mpm.conf

•  To enable SSL:

Uncomment the following lines in httpd.conf:

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

Add or modify the following lines in httpd-ssl.conf (conf/extra/httpd-ssl.conf):

<VirtualHost *:80>
ServerName ${SRVNAME}
Redirect permanent / https://${SRVNAME}/
</VirtualHost>

<VirtualHost _default_:443>
#DocumentRoot "${SRVROOT}/htdocs"
ServerName ${SRVNAME}:443
#ServerAdmin admin@example.com
#ErrorLog "${SRVROOT}/logs/error.log"
#TransferLog "${SRVROOT}/logs/access.log"
SSLCertificateFile "${CERTDOC}/fullchain1.pem"
SSLCertificateKeyFile "${CERTDOC}/privkey1.pem"

4. Install PHP

• Unzip php-8.3.10-Win32-vs16-x64.zip
• Move php-8.3.10-Win32-vs16-x64 to X:\php 
• Modify the following lines in httpd.conf:

<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

LoadModule php_module "X:/php/php8apache2_4.dll"
<IfModule php_module>
PHPIniDir "X:\php"
AddType application/x-httpd-php .php .html
</IfModule>

• Copy php/php.ini-production to php/php.ini
• Change or uncomment the following lines in php.ini:

extension_dir = "X:\php\ext"
date.timezone = Asia/Taipei

• Enable curl in PHP:

Copy php/libssh2.dll to Apache24/bin

Uncomment the following lines in php.ini:

extension=curl
extension=openssl

• Enable MBstring (Big5 encoding) in PHP:

Uncomment the following line in php.ini:

extension=mbstring

5. Done!

Tiny Core Linux traceroute IPv6

The traceroute (symbolic linked to busybox.suid) in TinyCoreLinux 15.x does not support IPv6 address family.

To traceroute an IPv6 address, install nmap and openssl-1.1.1 as an alternative solution:

tce-load -wi nmap.tcz
tce-load -wi openssl-1.1.1.tcz

After installation, traceroute IPv6 address may be achieved by:

sudo nmap -v -6 -sn -n --traceroute 2001:4860:4860::8888

That's it!

perfSONAR 5.0.7 on Ubuntu 22.04

Failed to install perfSONAR on Ubuntu 22.04 because pscheduler depends on python3-pyjq which is not installable.

$sudo apt install perfsonar-toolkit

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

 pscheduler-server : Depends: postgresql-12 but it is not installable or

                              postgresql-11 but it is not installable or

                              postgresql-10 but it is not installable or

                              postgresql-9.6 but it is not installable or

                              postgresql-9.5 but it is not installable

                     Depends: postgresql-plpython3-12 but it is not installable or

                              postgresql-plpython3-11 but it is not installable or

                              postgresql-plpython3-10 but it is not installable or

                              postgresql-plpython3-9.6 but it is not installable or

                              postgresql-plpython3-9.5 but it is not installable

 python3-pscheduler : Depends: python3-pyjq

E: Unable to correct problems, you have held broken packages.

$sudo apt install python3-pyjq

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

Package python3-pyjq is a virtual package provided by:

  python3-pyjq-u20 2.4.0-3~bpo10+1

  python3-pyjq-u18 2.4.0-3~bpo10+1

  python3-pyjq-d10 2.4.0-3~bpo10+1

You should explicitly select one to install.

E: Package 'python3-pyjq' has no installation candidate

$sudo apt install python3-pyjq-u20

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

 python3-pyjq-u20 : Depends: python3 (< 3.9) but 3.10.6-1~22.04 is to be installed

E: Unable to correct problems, you have held broken packages.