Japan Trip Jan – 2012

This is some of the details of out trip to Tokyo in Jan 2012.

Museum of Aeronautical Sciences, Narita

View Larger Map

We landed, and stayed out at Narita for a night, and when to a Plane Museum that is located at one of the edges of the airport. We have lunch in the old control tower and watched planes land only 100 meters away. And the kids had a nice meal out of an airplane shaped plate.

Anita likes flying up in the sky with the dragons

Nothing makes Lucas more happy than droping bombs on Nazi’s

Im happy now, modelling this XS-1, but soon ill stand up and hit my head.

The Captain and assistants are in the front end of a real 747 (section 41), messing around with all the buttons…Can’t find the “Engage” button

There’s a problem in the cockpit…..

The first night in Japan we stayed at the Narita Tobu hotel, about $58AUD for a total of 2 connected rooms, with a total of 4 double beds. (we ended up using only 2). We also caught our first bus, where i had to mime out “plane museum”

Besides of the airport, during our whole trip, we met a total of about 3 people that can speak english. Infact we met more people that speak chinese, then my wife translates to me, so that’s “lost in translation” and “chinese whispers”

Tokyo Sea Life Park

View Larger Map

This place was better than expected, only a few minutes from the train station, the kids started to get excited as the escalator took us down under the water, and it became dark, then we saw all the fish…

It cost about 700 yen for and adult ticket, like most other things in japan, kids under 5 are free (atleast that was out logic, and no one stopped us)

 

 

and hammer head sharks too

 

A turtle, and lots of star fish, as well and dozens of smaller tanks with fish from around the world in them.

Penguins were cute, but outside in the freezing cold, so we rushed thru. Lucas loved watching then doing poo’s in the water, infact every picture we took of him and the penguins including one doing a poo

Random Pictures

 

This is in a toy’r’us, lots of different toys, including this happy looking guy, he is even on the back of Anita’s nappies

 

This is up the TMG tower, i think its up on the 45th floor, not sure, but its high, bored the kids lots.This picture is looking south, the TMG tower on the south edge of the big city part, so nothing is block the view in this direction, you can just make out mt Fuji covered in snow. Generally its very very clear in the mornings, and by 11am its a little hazy like it is now. This place is free, its in Shinjuku. All these building look so small, but some are still 15 story building..

This handsome guy kept on posing for me, look at those eyes

This is back at our room, in the evening, those are the mountains a long way away, looking west, with the clouds/mist below them

And this was the next morning, it snowed during the night, made things crystal clear, and covered those mountains in snow.

 

It covered everything thing else in snow too, added a touch of while to the roof tops, but was a wonderful blue skied day.

Train Museum

View Larger Map

This place was great, Lucas loved all the trains, toy trains, steam trains, and carriages. there was lots of train toys too, and learning about stuff also. The train trip there was also interesting, as it about an hour from the city, so you can start to see stand alone houses everywhere (next to 20 story blocks of units)

 

the 4 of us cuddled up a carriage from around 1930.

Odaiba

View Larger Map

This place is a mand made island, built like 200 years ago or something, but not used till the last 20 or 30 years. There are lots of shopping things, and big places here, we went back 2 days in a row.

 

From Shimbashi station, we changed trains to a automated/elevated train, there was not driver, so we took the front seat. This was a very impressing trip, weaving through sky scrapers, then along the water, then up and over the rainbow bridge.

  

Not the warmest train ive ever been on.

We found a Toyota “mega web” show room,it had a few pretty cool cars in it, but i just stayed playing games

this place was on the 2nd floor of a 3 story place, hence its not the real sky, felt really odd and dizzy inside, but mainly from the insane price tags on things

 

then we walked around the 2 big shopping complexe and daiba, much better priced, and much better to look at too.

 

grabbed 2x20cm nice pizza’s and a pepsi for 650yen, just keep your eyes for the deals, there are some VERY nice looking places to eat here, with wonderful views up towards the rainbow bridge, and beyond to Tokyo

Some western embarrassment that kept on following around, not sure why my wife kept on taking pictures of him, i better have words with her.

The next day we went back to the same place, but this time sitting at the back of the train. Oddly enough its the sae as the first return trip, but in reverse order.

 

Rainbow bridge, from the train line, then the train line goes in a big upwards loop that takes it onto the bridge.

i like this picture for some reason, just everyone got there washing out, it will only see the sun for 2-3 hours, there is still snow and ice on the ground for 3-4 days prior, and its 3-5 degree’s. Good luck drying.

Miraikan science museum

This is still is Daiba, Its the museum of “Emerging Technologies”, like the 12 year old Asimo

My old human son in the middle, and my new robot son on the left, Asimo has an off switch. and can dance better too.

Lots of little screens, each with moving clouds etc, not sure if its real time or not.

Its odd walking around this place, its the first place we have walked around were the street is not 3 meters wide and has 20 stories building on either side.

It did however have a giant robot thing.

 

I told my kids that the giant robot became active at night time, and patrolled the area, just as the sun was setting. we had to run the next 800 meters to the train station….

Bit Equivalent Strength of a password

When dealing with all those cases where you supply and password or passphrase that in turn generates an encryption key, then the passphase is the weakest link (and by weakest, I mean about 604 billion trillion times weaker! More on that later)

Encryption methods are ranked mainly by how many bits there are, for every bit you add, it doubles its strength, and doubles the number of possibilities there are.

Passwords however are ranked by their length and how complex they are.

Since in many cases passwords are used to generate encryption strings, having a weak or short password would be the weakest link in the chain.

For example again, there is no point using 256bit encryption when your password is "123"

So you can work out the "Bit Equivalent Strength" of a password simply by its number of combinations, then see where that number fits in a lookup table of 2^x

So the point is, for many cases where you are encrypting something, like encrypting your hard disk, or files, then ignore for now how many bits the encrypting string is, and think more about your password.

If you want "128bit password", then you need 21 characters (with a average keyset of 72 characters)

Would you encrypt your company secrets with a 49bits? The most complex 8 character password is only 49bits. That’s 604 billion trillion times weaker that 128bits

Now you think that those are really large numbers that no one can ever crack, now read it all again thinking that a off the shelf gaming machine can brute force about 150 million passwords a second using mainly its GPU. That’s the first 27 bits in 1 second! And doubling for every other bit added (that’s the simple version anyway) With some better math’s, that’s a 49bit password (8 complex characters) crack in 49 days. Of course different methods take different times to decrypt.

Interesting...

Remotely installing VNC

Sometimes you just need VNC on a PC, either to spy on someone, or to step someone thru a problem.

I Often get phone calls where you need to look at what the user is doing in order to figure out what they are doing wrong.

for this example, there is the Server, where VNC will be installed, and the Client, this is where you will run the VNC Viewer from.

Initial Build

From the client, download VNC ( i use TightVNC for some reason) and install as normal to c:\program files\TightVNC

Setup it up listening, and set a password.

go to its registry key, something like HKLM\software\orl\vnc or HKLM\software\tightvnc and extract that key to the tightVNC folder (call it tightvnc.reg)

Each PC

Copy the whole tightvnc folder to the server (\\server\c$\program files\tightvnc)

PSEXEC to the server, psexec -s \\server cmd.exe

install VNC on the server via the command line, "c:\program files\TightVNC\winvnc -install" (or --install or install)

import reg settings on the server, password and pref's etc, "reg import c:\program files\tightvnc\tightvnc.reg"

start the winvnc service on the server, "net start winvnc"

Exit PSEXEC, "exit"

Now from he Client, open c:\program files\tightvnc\vncviewer.exe and connect to the server, the password will be what you setup on the initial client

Run Explorer (shell) as an admin while logged in as a user.

This is a little odd one, if really only i hack you will use once a year, but its good to know its possible.

Lets say you have all users PC users not as local admins, and one of them fills out a huge survey online, but when they get to the end (30 minutes later) they realize they cannot save, they can only print. so they print it right? that would be a simple solution if they had any printers installed!

So how can i non admin add printers? that can't. and the user didn't want to redo the survey (national mangers, pfft all the same). So i had to come up with this hack below

Step one, open a new cmd via runas:

Runas /noprofile /user:localmachine\username cmd.exe

Step two, kill explorer.

Press ctrl+alt+esc and kill explorer.exe

Step three, open explorer.exe again as admin.

Go to that admin cmd window, and type”explorer”

Done..it will not close any other windows. Go to the task manager again, and you can see what running as what.

This is where you can add printers, or do anything else as and admin

Going back

Step four, kill explorer.

You cannot do this from the taskmanager, you (as a user) do know have rights to kill processes created by admins.

So go to your cmd window (running a admin) and type

Taskkill /im “explorer.exe”

Step five, start explorer again

In taskmamanger, go to file, new task, and type “explorer”. And it will all be back to normal.

Then end result is that have all their programs open still, but now a few extra printers too.

All this can be scripted (with a pause in the middle). so you can run it, pause, do your work as admin, press any key, and resume as the user....

so maybe you can use it more than once, because once scripted, it sure beats a log off and log on.

GPO: Add the Administrators security group to roaming user profiles path

Dont you hate it when a user rings up and you solve their problem you need access you their profiles on the server?

such examples might be they cannot login, or its slow to login due to profile size. Or you want to add an icon to their desktop? or you want to restore a file or something like that.

But you cannot do that by default, bucause 2003 server will set only the real user to have access to that folder (and system and stuff like that), but not even domain admins will have access by default.

Sure, you can go in there and take ownership, apply (wait 20 minutes for it to propergate to all sub folders and files, and then change the ACL's and repropergate again (thanks microsoft). 40 minutes later and 5 frantic phone calls from the user later, you can proceed.

Or, if you planned ahead, you would be added this following group policy before creating all of the users (i used this when setting up new domains).

i will not explain how to add this setting, just where it is. only admins will be applying it.

Computer Configuration/Administrative Templates/System/User Profiles/Add the Administrators security group to roaming user profilesSetting path

schedule restores to a VM

not sure if this one is possible, but we are about to start to use storagecraft shadowprotect to do online backups of servers.

sounds great, can do inc backups every 15 minutes. so if something happens bad, then you dont lose too much data.

but what is there is a hardware failure, and you need to restore to another server, the ad says it will take minutes, and yes i agree, it will take minutes to get the process starts, but if you have a 50GB server (and thats rather small ide say) then restoring that will take (50GB copied from a 100mb NAS)  about 70 minutes, thats of course after all the other stuffing around trying to get the now dead server to come alive again.

We have always used a custom written backup program, its rather simple, it does the following:

1, take a shadow copy of all drives

2, open a virtual disk and maps it as a drive letter

3, robocopy all the data from the shadow copies to the virtual disks

4, close the virtual disk and remove the shadow copy.

sure, there is a little error checking and reporting, and backup types (full, diff and inc) code in place (in fact its 90% of it), but its still remains rather simple.

But was i love most about this is that the virtual disk is bootable (once you add it to a virtual machine) so it means you can just boot it up when you want, default having it isolated from your LAN is good practise). So when i have a server die, or even do something funny, i will start to boot up the backup of it, and the same time ill try to fix the live server, 10 minutes later ill give up and go to the failover server, and that would have already booted. Sure it might be 3% slower, but your working again.

This system i also use to test boot servers every few weeks; see if that boots, install any patch's that you want to try out, reboot and it doesn't work, then there is nothing lost (besides a known good backup).

This system only did backups once every night.

so moving away from this system and going to storage craft and doing backups up to every 15 minutes. ill still like to be able to have a fail over server i can boot up with 10 minutes notice, test it out, test install patch's, or just plain fiddle with. without having a 70 minutes wait first.

So, can i, in shadow protect, do schedule restores (of course to a virtual machine)

Remotely enable RDP

As in most of my posts, i assume the person reading this is working in a company, with all PC's on the domain, and that you are a domain admin (or at least have domain admin rights, even if that's not your job role).

So of course you will need local admin access on the remote machine (domain admins have that) and you will need the firewall not blocking everything.

There are many many different ways to do this.

you can open regedit, connect to a remote computer, and change the following key:

or on a local PC you can go to the cmd windows and type the following:

reg add "\\machinename\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

for the above to work to need remote access to that PC (file and print sharing enabled).

or you can PSEXEC to the remote PC and type a command like the above but with the machinename part.

or you can remote install VNC on the machine, the VNC to it, and then enable remote desktop.

or you can ring up the user and get then to do it.

or you can leave your desk, walk down 2 flights of stairs and do it yourself, maybe on the way to lunch or something.

or, set a group policy for it (apply it just to them it needed) and wait till they reboot.

Now, if you did of the first few ways, and the firewall is on, it will not add an exception for you. so the port will be open (you can just that via psexec \\machine cmd then netstat -ano |find /i "listening"). but you can add a firewall exception via the netsh command

netsh interface ip firewall add portopening TCP 3389 RemoteDesktop.

or maybe RDP was enabled the whole time, but the firewall was turned on AFTER is was enabled (this also does not add an exception), so use the above to remotely add an exception.

Netstat: everthing about ports

if you don't know what netstat does then just run this, and study the output

netstat -ano

netstat /? will tell you more if you are still guessing.

if you want to know what on your PC is taking with what, then the below command is perfect:

netstat - ano | find /i "est"

if you want to know what 'servers' are running on your PC, or what is open and waiting for someone to connect in to, this below is your man:

netstat - ano | find /i "listening"

if the source is 0.0.0.0 then it means is listening all ALL ip address (on all NIC's), else it will just like the IP address separately.

This will also list the PID, you can use use tasklist /fi "pid eq 1234" to look this up or use taskmanager with PID showing. There are programs that tie this bits of info together, but who needs em.

This is useful for when some goose has changed the default RDP port from 3389 to 3388 and not told anyone, windows says RDP is turned on, but you cannot connect to it. after fiddling the firewall and anything else you can think of you check the registry and see its on a different port. its dead simple to check the active listening ports.

If you want more details then this, like how much bandwidth each port is using, then you need to use a program like netlimiter its not free, and it needs a reboot, but it tells you want program and what port and what session is using up all your bandwidth, and gives you that info over time also.

Process Explorer will also tell you what active sessions a process has open but will only show you once you know the process.

Or you can use a packetsniffer, ive got a hole nother entry about that.

Packet Sniffing

Packet sniffers can be setup in 2 main ways:

1, to sniff all trafic thats going in or out from the machine your on.

2, to sniff all traffic going past a certain point (eg, out to the internet) on the network.

Most of the time i use it just to see what a PC is doing, who its talking to, and most importantly what its sending.

Most packet sniffers ive played with do mostly the same thing, caputre packets and let you sort and filter them. WireShark is perfect for the single PC usage, its free, (and open source for those that care)

ill list some examples of when ive needed a packet sniffer, not all relate to my work:

1, i wanted to download lots of pictures from google street view, from about 2km of highway near my place. i opened wireshark, open google maps and went to streetview, then looked at the packet sniffer and it told me where it was getting that data from. it also gave my lots of XML files that would tell me the next location to go it, and what picture that used. so i just wrote a script to enumerate thru a few hundred of them and save the pictures in order, then i just used windows movie maker to stitch them altogether. ended up looking great.

2, was setting up a 3rd party program for one of my client, this program sent shipping notices to the transport company, so they could oganise a pickup. but the program was connecting, it was giving a comms related error. i ran wireshark and see if sent off a request to a FTP location, it authenticated fine, but was failing to store/upload the files. something i did notice tho was the username and password of course are clear text for FTP, and the password looked generic (not specific to my client), i manaully logged on to that site with tho credentials and refreshed the page a few times and started to see other people upload shipping notices, and the they would vanish (a bot must be polling every 2 minutes or so), but i could download these files and see then in clear text again. besides that security program, it showed my the FTP module did not switch to the right transfer mode before upload the files, i had to get my firewall guys to make some changes and it all worked.

3, many many other times, use to see how things work like the stucture of a DNS packet, following HTTP streams (joining the convertsion back and forward), detect broadcast hammers, and just to spy on other people.

Its certainly worth knowing what info you can gather with a packet sniffer, just download and play.

Download it here: http://www.wireshark.org/download.html

NETSH, edit network settings from the command line

just run NETSH from a cmd window and you will see what i mean.

it can do lots of things, to best explain ill just give you a list of examples.

to set a NIC to use static

netsh interface ip set address name="Local Area Connection" static 192.168.0.2 255.255.255.0 192.168.0.1 1

to set a NIC to use DHCP

netsh interface ip set address "Local Area Connection" dhcp

it supports scripting files also

full details about the NETSH usage is here: http://support.microsoft.com/?kbid=242468

Pipe to the clipboard

Ill be short on this one, in windows 2008 and vista you can pipe to the clipboard

usage is as you would expect. for example

hostname | clip

that would put the results on the dir listing in the clip board. good for scripts and stuff you know you will just need to copy out anyway., Or if the output is really large, more than the cmd buffer.

TCP PROXY

Great for routing trafic thru a sniffing host, or settting up a mail server on a not standard port. or redirect one port to another. syntax is simple, eg:

stcppipe.exe www.yahoo.com 80 80

The above listens on all IP's on port 80, and sends it to yahoo on port 80

stcppipe.exe mail1.doamin.com 25 2525

Listen on 2525 and sends that data to port 25 on mail1.domain.com

DOWNLOAD: http://www.mediafire.com/file/gmmwgfdnnxj/Portping.exe

PSEXEC

This little tool lets you run process's on a remote computer.

And if its a console program, like cmd, then you can get feedback too. So you can get a remote cmd prompt to any computer on your network!

Usage is simple:

psexec \\computername cmd.exe

(this will only work if you are already authed to the computer, like it a domain member, and you are a domain admin for example)

more info and download at http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

ARP scanning: Finding all used IP addresses

When you cannot ping something, like when the firewall is on, it still responsed to arp requests.

run this fromt he command prompt, just remember to change the IP addresss:

arp -d 

for /L %i in (1,1,254) do @start ping 192.168.0.%i -n 1 -l 10 -w 50 

ping 127.0.0.1 -n 5 

cls 

arp -a  

So this clears your arp cache, ping 255 address's , waits a few seconds, and then displays your arp cache. Cut and paste it all in a command prompt and your good to run. and of course change the IP address range as needed.

Search for an emails in Active Directory

to search for an email address in active directory

1, from dsa.msc

2, right click the domain (eg, company.local)

3, click "find..."

4, in the "find:" drop down, selected "Custom Search"

5, goto the advanced Tab

6, enter this as a LDAP query: (proxyaddresses=smtp:user@domain.com)

7, and this hit "Find Now"

PortPing

It will ping a port to see if its open.

Yes, you can just telnet to an IP, and specify a port. But this lets you do it continuosly.

Usage, porting hostname port

eg, portping server 3389

Great for after you have reboot a server thats behind a firewall (that you cannot ping), but there is a port forward to 3389 (RDP), then you can tell when its back up, without all the trying and trying. A massive time saver for all

download from here: http://www.mediafire.com/file/ygj5yzmkowe/Portping.exe