NextCloud Deployed in Homelab

 

Following this post, I was able to get Nextcloud running with a LAMP stack on Ubuntu 20.04.

I had to make a few tweaks to fit the configuration to my environment. Even though I am running it on a low-powered box, it has no trouble with concurrent uploads/downloads. The bottleneck is the network as expected.

The mobile UI is faster than the desktop however my cellphone connection is weaker, hence the slower upload speed. Finding what you are looking for is intuitive and everything works as expected.

With a normal connection speed, uploads proceeded at the expected rate.

My initial impressions of Nextcloud are positive and I would recommend it for a homelab or potentially a backup/special use case system in an enterprise environment. It is useful for simple file transfers and the collaboration tools seem promising. https configuration using Letsencrypt is simple and provides sufficient privacy.

Penetration Testing My Home Network

I have a basic router for my home network: https://www.wavlink.com/en_us/product/WL-WN530HG4.html

The builtin management tools are surprisingly sufficient, I am able to configure DDNS, DMZ, Port forwarding, and automatic wifi channel switching.

I disabled WAN access to ping and to the management page which is clearly working well when I attempted accessing it from a hotspot on my Parrot OS laptop. (learn more about ParrotOS here)

Both the DDNS address and direct IP wouldn't allow any attacks from OWASP ZAP to get through:

Even the test I ran from internal (the router sees it as LAN even though I access it via WAN at quazmoz.hopto.org) didn't have many vulnerabilities and none of them were critical. However, I was a little bummed to see the vulnerability for clickjacking...

So far so good on the pen-test. Next up is to see how it handles direct attacks against the VPN and NextCloud

UrBackup - Open-Source Backup Server

Today I managed to get my UrBackup server running fairly quickly. Linux has a small error with con files but everything else seems to be working fine. You can find the downloads and guides here: https://www.urbackup.org

In my experience, this server works well and is reliable despite being free. I have implemented it successfully both in an enterprise and homelab.

It allows backup of specific files, drives, as well as scheduling. The server has a good variety of settings that you would expect for a backup server, including AD integration and backing up over the internet.

My next project will be to see how this works using OpenVPN and going directly over the internet.

Jenkins and DDNS OpenVPN

Jenkins is configured with BlueOcean and OpenVPN is now set to use quazmoz.hoptoo.org which is a free DDNS service from noip.com. My router is set to push changes to my public IP to noip.

OpenVPN and Docker

The small server now has docker installed along with OpenVPN and Samba.

XRDP for the homelab

I wiped my Ubuntu server and installed xrdp which is working far better than guacamole. I believe there may be some bugs with the guac install for Ubuntu 20.04

Homelab

I set up my first homelab(took me long enough) using a mini-pc I bought off of Amazon. So far I have guacamole configured:





Aside from one tweak to the guide (run "enable" command first)


systemctl start guacd
systemctl enable guacd


It installed smoothly and works ok, I will probably install another solution however. It frequently disconnects and I haven't been able to determine why.

My next step is to mess around with VM solutions for Linux and possibly a VPN linux server.

Mini-PC from Amazon

How to add users to a Distribution List using Powershell

#Get all the names from an email or other list you have generated

#Text file must be manipulated first to contain only the name and email of each user.

#This can be accomplished by pasting all the names/emails into notepad, find and replace ; with , then save as csv.

#Open this csv with excel, copy/paste with transpose option then copy/paste into notepad and save as .txt

#Run the below on the .txt

$Users = Get-Content 'C:\Users\QMFAVO\Desktop\users.txt'

$Users  -replace " <.*", "," | Out-File C:\Users\QMFAVO\Desktop\usersreadytoadd.csv

#Type "name," to the beginning of the file and save

#Copy/paste csv onto server

#Then run the below on the exchange server

$usersreadytoadd = Import-Csv 'C:\Users\QMFAVO\Desktop\usersreadytoadd.csv'

foreach ($User in $usersreadytoadd)

{

    Add-DistributionGroupMember -Identity "DistributionList@contoso.com" -Member "$($User.name.substring(1))"

}

#get rid of '

$Users = Get-Content 'C:\Users\QMFAVO\Desktop\usersreadytoadd.csv'

$Users  -replace "'", "" | Out-File C:\Users\QMFAVO\Desktop\usersreadytoadd.csv

#get rid of commas

$Users = Get-Content 'C:\Users\QMFAVO\Desktop\usersreadytoadd.csv'

$Users  -replace ",", "" | Out-File C:\Users\QMFAVO\Desktop\usersreadytoadd.csv

#usersreadytoadd.csv should have only Names in this format without quotes "John Smith"

Setting Windows 10 Taskbar Clock to Display Hours, Minutes, and Seconds Using Powershell

It is not possible currently to set the clock on your Windows 10 taskbar using control panel settings to display seconds along with the hour and minute. However there is a way to do it using Powershell:

New-PSDrive HKU Registry HKEY_CURRENT_USER

$registryPath = "HKU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"

$Name = "ShowSecondsInSystemClock"

$value = "1"

New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force

Tizen Studio - Importing a project from another computer or from Github

Tizen studio can be a bit confusing so I have made a quick guide to importing your project into Tizen studio from a download from Github or another git repo.

File > Import

Select Tizen/Tizen Project

Select Archive file

Find your .wgt file and select it

Click finish

GUI vs CLI (Graphical User Interface vs Command Line Interface)

Sometimes it is better to use the CLI to make changes to users. Some common use cases are AD, Exchange, and on-prem Skype for business.

Shared email accounts in exchange do not show the Send-on-behalf permission within the ECP GUI, however this property still exists and can cause problems for users trying to send on behalf of a shared email account.

Set-Mailbox "SharedMailbox" -GrantSendOnBehalfTo @{add="Mailbox_needing_permission"}

Sometimes in Skype for business, the GUI will not successfully apply changes. Sometimes this is due to AD accounts

not having security settings inheritance turned on. If you run a command like the below, it should have no issue applying the settings:

Enable-csuser -Identity contoso\user -Sipaddress SIP:desired_sip_address@contoso.com -RegistrarPool skype-pool-name

A new sequence of posts

It has been quite some time since I last posted. I will be switching over to tech-related topics from now on in my spare time.

Feel free to comment with any questions or suggestions.

Below is a script that I use to process terminations based on how the auto-emailed notifications come into my inbox:

#***This must be run with outlook closed***

#This script can be modified to filter emails and write their contents to a .txt file

#This script is in two sections

#Parameters

#This is the email account you are trying to search within

$Account = "quinn.favo@contoso.com"

#This is the email folder to search

$Folder = "Inbox"

#Variable used to search the body of emails, enter as a string whatever phrase of text you are looking for, the asterisks should be present at the beginning and end of the string

$BodySearch = "*Account Termination Request*"

#Counter for how many emails were received that match the above parameters, this will be printed at the end of the script to verify success and how many emails were committed to the .txt file

$EmailCheck = 0

#This assigns the path of your current desktop to a variable to be used later

$DesktopPath = [Environment]::GetFolderPath("Desktop")

#Create outlook COM object to search folders

$Outlook = New-Object -ComObject Outlook.Application

$OutlookNS = $Outlook.GetNamespace("MAPI")

#Get all emails from specific account and folder

$AllEmails = $OutlookNS.Folders.Item($Account).Folders.Item($Folder).Items

#Filter emails based on the previously specified string in #Bodysearch

$ReportsEmails = $AllEmails | Where-Object { ($_.HTMLBody -like $BodySearch)}

#Count number of emails that contain the string specified in #Bodysearch

$ReportsEmails | ForEach-Object {$EmailCheck = $EmailCheck + 1}

#Display number of emails found

Write-Output $EmailCheck

#Write the contents of the body from each email to a txt on the desktop

$ReportsEmails.Body | Out-File $DesktopPath\emails.txt

#Quit Outlook COM Object

$Outlook.Quit()

#Kill Outlook after finishing script(allows you to open outlook again)

Stop-Process -Name "OUTLOOK" -Force

#Run the below in the second step

#---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

#Exchange CLI

#Save the emails.txt file to the exchange desktop

#Run the below on exchange server with AD module installed

#Grab desktop path

$DesktopPath = [Environment]::GetFolderPath("Desktop")

$EnableUsers = Get-Content $DesktopPath\emails.txt | Where-Object { $_.Contains("UserID:") }

Write-Output $EnableUsers

$Manager = Get-Content $DesktopPath\emails.txt | Where-Object { $_.Contains("@contoso.COM") }

Write-Output $Manager

$Ticket = Get-Content $DesktopPath\emails.txt | Where-Object { $_.Contains("19") }

Write-Output $Ticket

$Date = Get-Date

$i = 0

#Iterate through users pulled from ticket notification emails

#This will get the name of the user in each email and assign it to the variable $TermUsers

$TermUsers = Get-Content $DesktopPath\emails.txt | Where-Object { $_.Contains("UserID:") }

Write-Output $TermUsers

#This will get the name of the user's manager and assign it to the $Manager variable

$Manager = Get-Content $DesktopPath\emails.txt | Where-Object { $_.Contains("@contoso.COM") }

Write-Output $Manager

#This will get the ticket# starting with 19(or whatever number you specify) and assign it to $Ticket

$Ticket = Get-Content $DesktopPath\emails.txt | Where-Object { $_.Contains("19") }

Write-Output $Ticket

$Date = Get-Date

$i = 0

#Iterate through users pulled from ticket notification emails

ForEach ($UserID in $TermUsers) {

    $Var = 5

    Write-Output $UserID.substring(9)

    $Var = Get-ADUser $UserID.substring(9) -Properties *

    #Check if AD user exists

    If ($Var -ne 5) {

        #If enabled - disable account, modify description, forward email, and hide from Address Book

        If ($Var.Enabled = "True") {

            $Tick = $Ticket[$i]

            $Man = $Manager[$i]

            $Man = $Man.Substring(1)

            Set-ADUser $Var -Description "$($Var.Description) Quinn Favo disabled $Date ticket# $Tick" -Enabled $False

            #-DeliverToMailboxAndForward is set to $False because setting it to true will cause delivery to the forwarding mailbox as well as the original mailbox

            Set-Mailbox -Identity $Var.Name -HiddenFromAddressListsEnabled $true -DeliverToMailboxAndForward $False -ForwardingAddress $Man

        }

        #Disabled, move on to next account

        Else {

            Write-Output "$UserID is already disabled"

        }

    }

    #If doesn't exist in AD, display output

    Else {

        Write-Output "User does not exist"

    }

    $i ++

}