Review of 2020

I don’t even know where to begin with this year. So from March until now I’ve primarily been working from home due to Covid19. During this time I was heavily involved with getting remote VPNs setup. I also assisted with the Wireless side of an SD Access deployment. I sat and failed the ENCOR exam at the end of August. I did intend resitting it soon after as I failed with a close score of 804.

A funny situation happened during the exam which led me to rush through the last 10-15 questions. Whether that might have swayed the results is hard to say, but it was funny nonetheless. I decided to sit the exam in our offices. As well as checking that no staff are due in, also remember the cleaners! Which I didn’t. Just prior to the exam I was advised that any interruptions would void it. I had about 15 questions remaining and I could hear the cleaners on their way in, which led to me putting on the afterburners. I wasn’t fast enough and they did enter the room before I could finish. I politely asked them to come back later, expecting the exam to be voided. Nothing happened, so I assume the proctor was either not there or was busy doing something else. I will be sitting the next one from home!

Like I mentioned, I did intend resitting it soon after. Unfortunately I was pulled into a programming project that ate away 3 solid weeks of my time. I really enjoyed it. It was a CLI script written in Python that called the O365 API. It would then use the address ranges that it pulled from it to whitelist them on a collection of ASA Firewalls. After that was completed I ended up going down a Multicast rabbit hole, since then I’ve been dipping in and out of a variety of other technologies. I also moved into a new apartment, which really derailed the study habits I had developed.

Looking back at my goals for 2019 and comparing them to now, they haven’t changed that much. I still want to get ENCOR out of the way. I’ve decided to then sit ENSLD instead of ENARSI, as I feel design is a weak area of mine. I’ve also get the impression that ENARSI is one of the toughest from the specialisations. Eventually I will then work towards DEVASC and the new CWNA is also on the horizon.

I also have a new job. I’ve now moved from an MSP over to the healthcare sector. I’m looking forward to this new challenge and getting back into some good study habits.

Here’s to 2021.

WinSCP to FMC

Adding this for posterity as Cisco forum threads have a tendency to disappear. Thanks to Fatjon.Celaj for this information.

Whilst SSH’d into the FMC enter expert mode using the keyboard ‘expert’.
Run more or less on /etc/password to confirm what the default shell is for the admin user. (If this is what you’re using).

For example:
admin@fmc:~$ more /etc/passwd
root:x:0:0:Operator:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
mysql:x:27:27:MySQL:/var/lib/mysql:/sbin/nologin
nobody:x:99:99:nobody:/:/sbin/nologin
sshd:x:33:33:sshd:/:/sbin/nologin
www:x:67:67:HTTP server:/var/www:/sbin/nologin
sfrna:x:88:88:SF RNA User:/Volume/home/sfrna:/sbin/nologin
snorty:x:90:90:Snorty User:/Volume/home/snorty:/sbin/nologin
sfsnort:x:95:95:SF Snort User:/Volume/home/sfsnort:/sbin/nologin
sfremediation:x:103:103::/Volume/home/remediations:/sbin/nologin
admin:x:100:100::/Volume/home/admin:/usr/bin/clish
casuser:x:101:104:CiscoUser:/var/opt/CSCOpx:/sbin/nologin
lamplighter:x:110:110::/var/opt/lamplighter:/bin/sh
monetdb:x:111:111::/Volume/lib/monetdb:/sbin/nologin
fatjon:x:1000:201::/Volume/home/fatjon:/usr/bin/clish

Notice that the default shell is ‘clish’. If you’ve attempted to connect to the FMC using WinSCP with the protocol set to SCP, you’ll be presented with an error message about the shell type.

To change the shell type you need to switch to the root user by executing ‘sudo su‘.

Modify the admin’s shell to use Bash with the following

usermod –shell /bin/bash admin‘.

Now you’ll be able to use WinSCP. To revert it back use

usermod –shell /usr/bin/clish admin‘.

*** WARNING ***

Remember to change the shell type back before you log out. Otherwise you might not be able to get back in!

SecureCRT on Linux

TL;DR Using SecureCRT as my native terminal emulator for EVE-NG on Arch works.

To my surprise SecureCRT has a Linux installer. After following the instructions from the comments on the AUR for SecureCRT I managed to get it installed.

There was a few niggling things that I needed to do before I was able to settle in. First thing, use Firefox or any browser based on Firefox. When launching a console from inside EVE, Firefox prompt’s you to select an application. Find and select SecureCRT and set it as the default program. Whenever future console sessions are opened it automatically launches SecureCRT. When using Chrome it doesn’t give me that option, it attempts to launch it through whatever is configured in ‘eve-ng integration‘. I’ve tried setting it to SecureCRT, it would launch but wouldn’t connect. If anyone has any tips on fixing that please leave a comment.

The were two other annoyances I ran into. When launching a console it would open each session in a separate window. If you only want a single window with each session opening inside a tab, then you need to edit the ‘Single Instance’ command inside the Global.ini

The Global.ini on Arch is currently located in $HOME/.vandyke/SecureCRT/

You need to change:

D:”Single Instance”=00000000

To:

D:”Single Instance”=00000001

The other issue that I had was that the top menu bar was missing. This is needed if you ever need/want to access things like the Global options. I had to change the following from:

D:”Show Menu Bar”=00000000

To:

D:”Show Menu Bar”=00000001

This has been a really nice upgrade to my workflow. I’ve attached an image of what it looks like below.

Homelab

After spending some time on the subreddit r/homelab I recently purchased a used Dell R720 so that I can setup a proper homelab environment for my studies. Along with that I also purchased Cisco’s CML personal edition so that I can use the supplied images with EVE-NG Pro.

Here’s the images that come with CML.

 

Image

Description

Version

ASAv Cisco ASA firewall image 9.12.2
CSR 1000v IOS-XE Cloud Services Router 16.11.01b
IOS XRv IOS XR classic image (32-bit, deprecated) 6.3.1
IOS XRv 9000 IOS XR 64-bit image 6.6.2
Nexus 7000v NX-OS layer 3 image (deprecated) 7.3.0.d1.1
Nexus 9000v NX-OS layer 2/3 image 9.2.3
IOSv IOS classic layer 3 image 15.8(3)
IOSv L2 IOS classic layer 2/3 switch image 15.2
Linux Images
TRex Linux-based image with Cisco’s packet generator 2.6.5
WAN Emulator Linux-based image that provides WAN-like delay, jitter, and loss effects to links 3.10
Alpine Linux Desktop Alpine Linux image that provides a graphical, Xfce interface 3.10
Tiny Core Linux Tiny Core Linux server image 8.2.1
Ubuntu 18.04 Full-featured Ubuntu server image using cloud-init YAML configuration 18.04.3 LTS
CoreOS Linux container-focused OS using cloud-init YAML configuration 2135.4.0

As this is all new to me I found Rob Willis‘ YouTube introductory videos on VMware ESXi and installation guides were great for getting me started.

This introduction to EVE-NG, which is a collaboration with INE’s Rohit Pardasani and EVE-NG’s CEO Uldis Dzerkals, along with the EVE cookbook is what I used to get EVE-NG up and running on ESXi.

After a while of testing and tweaking with the native console options thanks to this EVE-NG-integration repo, I’m currently settled with using Remina for both RDP and VNC sessions and Roxterm for terminal access (struggling to get tabbed sessions working with terminator). Along with testing out Waterfox because I wanted a completely separate browser to manage ESXi and EVE-NG. Here’s the final result.

Just wanted to add that the reason I chose native over the HTML5 console was because I was having issues with copying and pasting. It was failing to work on Firefox/waterfox but it works fine in Chrome!

I’m looking forward to setting up some large topologies and being able to play around with server side technologies so that I can start experimenting with things like 802.1 x, parsing syslogs/netflow/snmp, testing security with Kali, automation and so on.

Enabling telnet access for the ASAv

When launching the ASAv in GNS3 by default telnet will partially load and you’ll be welcomed by a blank screen. This has caught me out a few times. The fix is detailed in this excellent blog post.

For posterity to summarise that post. Boot up the ASAv using console type vnc or if you’re on Linux try using spice. Once it’s booted up execute the following command:

ciscoasa#copy disk0:/coredumpinfo/coredump.cfg use_ttyS0

Be careful not to use the letter O it has to be the number 0 at the end of use_ttyS0. Shutdown the ASA, change the console type to Telnet. Power it back on and it should now work.

Formatting a MAC address

I’m often given huge lists of MAC addresses and they tend to arrive in a variety of different formats. Such as the following:

AABBCCDDEEFF
AA-BB-CC-DD-EE-FF
AAB.BCC.DDE.EFF
AABB.CCDD.EEFF
AA:BB:CC:DD:EE:FF

Typically I need them formatted as the last example above, with colons between every 2 characters.

The formula below works great in Excel, where A2 is the cell you’re targeting:

=LEFT(A2,2)&”:”&MID(A2,3,2)&”:”&MID(A2,5,2)&”:”&MID(A2,7,2)&”:”&MID(A2,9,2)&”:”&RIGHT(A2,2)