Skip to content

Danfoss Wireless Thermostat Hacking – Part One

Hi, have you seen rflink http://www.nemcon.nl/blog2/ it doesn’t support danfoss at the moment but they might be able add with the code that you’ve written in the next post.

Hacking at Home

tp7000rf

I wanted to control my central heating system using a Raspberry Pi and Arduino micro-controllers to provide better control, flexibility, and a fun home automation project.

We originally chose wireless thermostats when we replaced the heating system in our home, but their user interface is not great and they are fiddly to use.  “Smart” thermostats were starting to come onto the market showing a glimpse of what could be done.

Having made some useful progress in my overall goal, I am documenting it here for the benefit of others.  My requirements were simple:

  • Easy to change the heating profile for a day, e.g. if we decided to light a fire and didn’t need heat from the central heating system;
  • The boiler should be used efficiently to reduce costs;
  • Changes should be minimally invasive to the existing setup (e.g. no major rewiring/plumbing).

This post talks about how I was able to control the boiler…

View original post 1,394 more words

Symantec Endpoint Protection – Sweet32

To resolve Nessus vulnerabilities below

42873 SSL Medium Strength Cipher Suites Supported

94437 SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

Edit the following files

“C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\conf\ssl\ssl.conf”

“C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\conf\ssl\sslForClients.conf”

From:

SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:3DES:!RC4

To:

SSLCipherSuite  HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128

Edit

“C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml”

Edit SSLCipherSuite to

HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128

Spiceworks – SWEET32

To resolve Nessus Vulnerabilities

42873 SSL Medium Strength Cipher Suites Supported

94437 SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

Edit “C:\Program Files (x86)\Spiceworks\httpd\conf\httpd.conf”

Replace

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

With

SSLCipherSuite HIGH:!aNULL:!MD5:!3DES

Gitlab Nessus Vulnerabilities – Sweet32, CRIME

To resolve Nessus Vulnerabilities

20007 SSL Version 2 and 3 Protocol Detection

42873 SSL Medium Strength Cipher Suites Supported

62565 Transport Layer Security (TLS) Protocol CRIME Vulnerability

94437 SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

nano /etc/gitlab/gitlab.rb

Edit the file to show the below

nginx[‘ssl_ciphers’]=”HIGH:!aNULL:!MD5:!3DES”

nginx[‘ssl_prefer_server_ciphers’] = “on”

Then run reconfig

sudo gitlab-ctl reconfigure

SQL Fails to start after SSL cert install

I came into this issue when i was resolving Nessus Vulnerability.

SSL Self-Signed Certificate (57582)

I generated a proper cert using the webserver templatye for my internal CA and used the FQDN as the Subject. Imported the cert and applied it via SQL configuration manager, then restarted SQL. Sometimes it started but failed to accept connections, other is wouldn’t start.

Windows could not start the SQL Server (%sqlserverninstancename%) on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code – 2146885628

  1. First we need to find the name of the service account used by the instance of SQL Server. It will probably be something like ‘SQLServerMSSQLUser$[Computer_Name]$[Instance_Name]‘.
  1. One way to do this is to navigate to the installation directory or your SQL Instance. By default SQL Server is installed at C:\Program Files\Microsoft SQL Server\MSSQL10_50.InstanceName.
  2. Right click on the MSSQL folder and click Properties.
  1. Click the Security tab and write down the user in the Group or user names window that matches the pattern of ‘SQLServerMSSQLUser$[Computer_Name]$[Instance_Name]‘.
  2. Now, open the Microsoft Management Console (MMC) by click Start -> Run, entering mmc and pressing Enter.
  3. Add the Certificates snap-in by clicking File -> Add/Remove Snap-in… and double clicking the Certificates item (Note: Select computer account and Local computer in the two pages on the wizard that appears.
  4. Click Ok.
  1. Expand Certificates (Local Computer) -> Personal -> Certificates and find the SSL certificate you imported.
  1. Right click on the imported certificate (the one you selected in the SQL Server Configuration Manager) and click All Tasks -> Manage Private Keys…
  1. Click the Add… button under the Group or user names list box.
  1. Enter the SQL service account name that you copied in step 4 and click OK.
  1. By default the service account will be given both Full control and Read permissions but it only needs to be able to Read the private key. Uncheck the Allow Full Control option.
  2. Click OK.
  3. Close the MMC and restart the SQL service.

Imperva DB monitoring

Imperva Db monitor cannot decrypt data

The below is required as Imperva cannot decrypt ECDH or DH Algorithms

 The below is to be run on the SQL server

Powershell to disable DH, ECDH

# Disable Diffie-Hellman and ECDH

md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\ECDH"

Set-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\ECDH" -Name Enabled -Value 0 -Force

md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman"

Set-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman" -Name Enabled -Value 0

 

# Cipher Suite Order, this may be overridden by group policy

Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002" -Name "Functions" -value "TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA"

Fix Splunk Nessus SSL Vulnerabilities

To Resolve the following Nessus Vulernabilites

20007 SSL Version 2 and 3 Protocol Detection

42873 SSL Medium Strength Cipher Suites Supported

62565 Transport Layer Security (TLS) Protocol CRIME Vulnerability

94437 SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

Add the following to “C:\Program Files\SplunkUniversalForwarder\etc\system\local\server.conf”

[sslConfig]

allowSslCompression = false

useClientSSLCompression = false

sslVersions = tls1.1, tls1.2

sslVersionsForClient = tls1.1, tls1.2

cipherSuite = HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128

Add the following to “C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf”

[SSL]

cipherSuite = HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128

allowSslCompression = false

useClientSSLCompression = false

Restart SplunkUniversalForwarder service