- Details
- Written by Die Ysbeer
- Category: Uncategorised
- Hits: 3306
My home internet configuration consists of a Mikrotik router connected to a D-Link DSL-2500U ADSL router (configured in bridge mode) which in turn is connected to my ADSL line. The Mikrotik handles my PPPoE connection and also my firewall. I basically use the D-Link as a simple ADSL modem. These are cheap and small. If the lightning wipes it out, I can simply buy a new one.
From the mikrotik router I push all logs to rsyslogd that runs on my HP microserver. This allows me to have a longer history of the network events. I have also enabled remote logging the modem, however whenever the power cycles, the time reset to [whatever default state]. This creates inaccurate logs. I have no idea when the line dropped and came back up again. It was hard to believe that this modem does not have some sort of NTP. I browsed through all of the options on the web interface with no luck of finding the NTP option.
Enter portscan
PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http
This is interesting... telnet port is open... Connecting to it I get a login request, using the modem's login details I am able to login.
Typing help a bunch of commands are returned, one of which is sntp. BINGO!!
Login: admin Password: > help ? help logout reboot adsl atm brctl cat ddns df dumpcfg echo ifconfig kill arp defaultgateway dhcpserver dns lan passwd ppp remoteaccess restoredefault route save swversion wan usbtest macaddr allledon allledoff keyteston keytestoff ping ps pwd macaddr siproxd sntp sysinfo tftp >
The sntp command returns
> sntp sntp -s server [ -s server2 ] -t "timezone" disable date zones >sntp zones --help Timezones supported: International Date Line West Midway Island, Samoa Hawaii Alaska Pacific Time, Tijuana Arizona Chihuahua, La Paz, Mazatlan Mountain Time Central America Central Time Guadalajara, Mexico City, Monterrey Saskatchewan Bogota, Lima, Quito Eastern Time Indiana Atlantic Time Caracas, La Paz Santiago Newfoundland Brasilia Buenos Aires, Georgetown Greenland Press for more. Mid-Atlantic Azores Cape Verde Is. Casablanca, Monrovia Greenwich Mean Time: Dublin, Edinburgh, Lisbon, London Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna Belgrade, Bratislava, Budapest, Ljubljana, Prague Brussels, Copenhagen, Madrid, Paris Sarajevo, Skopje, Warsaw, Zagreb West Central Africa Athens, Istanbul, Minsk Bucharest Cairo Harare, Pretoria Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius Jerusalem Baghdad Kuwait, Riyadh Moscow, St. Petersburg, Volgograd Nairobi Tehran Abu Dhabi, Muscat Press for more. Baku, Tbilisi, Yerevan Kabul Ekaterinburg Islamabad, Karachi, Tashkent Chennai, Kolkata, Mumbai, New Delhi Kathmandu Almaty, Novosibirsk Astana, Dhaka Sri Jayawardenepura Rangoon Bangkok, Hanoi, Jakarta Krasnoyarsk Beijing, Chongqing, Hong Kong, Urumqi Irkutsk, Ulaan Bataar Kuala Lumpur, Singapore Perth Taipei Osaka, Sapporo, Tokyo Seoul Yakutsk Adelaide Darwin Press for more. Brisbane Canberra, Melbourne, Sydney Guam, Port Moresby Hobart Vladivostok Magadan, Solomon Is., New Caledonia Auckland, Wellington Fiji, Kamchatka, Marshall Is. >
Using this, it is easy to setup the NTP client to query the Mikrotik/HP microserver for time when booting up.
Extra
Recently I watched the youtube video, DEF CON 22 - Shahar Tal - I Hunt TR-069 Admins: Pwning ISPs Like a Boss (https://www.youtube.com/watch?v=rz0SNEFZ8h0). The technique he uses to get to the TR-069 page (which is hidden) of the router made me wonder if my modem has this feature and what the values might be.
So looking at the menu frame of the web interface's source reveals a bunch of interesting things
<html>
<head>
<html><head>
<meta http-equiv='Pragma' content='no-cache'>
<link rel=stylesheet href='stylemain.css' type='text/css'>
<link rel=stylesheet href='colors.css' type='text/css'>
<script language='javascript' src='menuTree.js'></script>
<script language='javascript' src='menuTitle.js'></script>
<script language='javascript' src='menuBcm.js'></script>
<title></title>
<base target="_self">
</head>
<body class='mainMenuBody' topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
<table border="0" cellpadding="0" cellspacing="0" height="1000">
<tr>
<td style="background-color: #CC6906" width="1"></td>
<td class='menu' width="158" valign="top" align="left">
<br>
<script language='javascript'>
<!-- hide
var options = new Array('admin',
'annex_a',
'Bridge',
'0',
'0',
'0',
'',
'',
'0',
'1',
'1',
'1',
'1',
'1',
'1',
'1',
'1',
'false',
'0',
'0',
'', //SUPPORT_SES
'0',
'0',
'0',
'',
'1',
'false',
'0',// value-added usb-storage
'0',
'0'
);
createBcmMenu(options);
initializeDocument();
// done hiding -->
</script>
<noscript>You must enable JavaScript in your browser.</noscript>
</td>
<td style="background-color: #CC6906" width="1"></td>
<td style="background-color: #ffffff"></td>
</tr>
</table>
</body>
</html>
Opening the menuBcm.js shows the option values, and browsing through the code I found the TR-069 page (tr69cfg.html), as well as the NTP page (sntpcfg.html).
if ( sntp == '1' && proto != 'Bridge' && !(proto=='PPPoE' && ipExt=='1') && !(proto=='PPPoA' && ipExt=='1') ) insFld(nodeMngr, gFld(getMenuTitle(MENU_SNTP), 'sntpcfg.html'));
However looking at the code it seems that this menu item is only displayed when the device is not in bridge mode (the mode I am using it in) and if a PPPoE/PPPoA interface has been configured and that the interface has an external IP address.
This is just stupid, so I browse to http://192.168.1.1/sntpcfg.html and I can directly modify my values from there :)
- Details
- Written by Die Ysbeer
- Category: Uncategorised
- Hits: 2758
Intro
The state of South Africa's electricity network is horrible, with me never knowing when they are going to implement what stage of load shedding. This is a problem for I run a HP micro-server for media and backups at home. In the morning I will shutdown the server before going to work and upon arrival back home I will switch it back on. The issue is I do not want to start my PC up to SSH into the server to issue a shutdown command.
Won't it be convenient if I could just fire up my browser on my phone (that is connected to my home WIFI) and open a php page and the server will gracefully shutdown?
Solution
I run Ubuntu 14.04 with lighttpd as the webserver. So firstly we want to let the www-data user have permissions to execute shutdown as root user. Open up a console and type sudo visudo. This opens up nano in my case, with the sudoers file. At the bottom of the file add the following:
www-data ALL=(root) NOPASSWD: /sbin/shutdown -P now
Exit and save. What this line does is it allows the www-data user to execute shutdown as root without entering a password. I have added the -P now arguments to it as well, so www-data can only run shutdown with those specific arguments.
Next create a file in the directory of your webserver, in my case /var/www/, called shutdown.php. Change the permissions of the file to 644.
user@server:/var/www# sudo touch shutdown.php user@server:/var/www# sudo chmod 644 shutdown.php
Edit the file and add the following php code
<?php echo "<head>Shutting down...</head>"; $output = shell_exec('sudo /sbin/shutdown -P now'); echo $output; ?>
Now if you point your browser to http://yoursever/shutdown.php, it will shutdown the server.
- Details
- Written by Die Ysbeer
- Category: Uncategorised
- Hits: 2026
Who am I?
I am a computer engineer working in the defense and space industry. The last few years I have mainly done FPGA firmware specializing in video processing applications.
About this site
This site is just a collection of random articles about random subjects, but probably mainly focused on what I know, or at least how I solved certain problems.
Contact me
If you want to contact me send an e-mail to