List Users and Roles in Kenna

Last month, I created a ruby script to list all users in Kenna. And I found that I need to list all the roles besides the user list.

Then, I notice I'm not a good ruby developer.

I just re-write a script in python to list all users (including myself) and all roles in Kenna.

kenna-users.py -h

My Notes on VMware Products

Short/quick notes about VMware products : ESX, ESXi, vCenter, vSphere/client.

ESX/ESXi

• Both are hypervisor that allowsus to manage VM on physcal host.
• ESXi operates independently from general purpose OS. Thus simplifies management (Linux-based consoles), better security, and smaller footprint (32MB).
• ESX must be installed on top a general purpose OS (Windows or Linux).
  
• A virtual representation of the processing and memory resources of a physical machine runnign ESXi is kwnon as a host.
• Two or more ESXi can be grouped into a cluster for resource pools management.
  

VMware vCenter Server

• Can be installed as virtural machine on top of ESXi server.
  
• Allows for centralized management of all virtual infrastructure : hosts and VMs.
• Allows to optimize routine operations on large-scale infrastructure.
• Running on Photon OS, Windows OS (discontinued) or Linux-based appliance.
  
• Allow single sign-on, inventory (VMs, hosts, datastores, networks) search, notification, and host profile configurations.
• Scalability: run up to 2000 hosts and 35000 VMs.
• Enterprise features : vMotion, VMware High Availability, Vmware Update Manager, Vmware Distrubuted Resource Scheduler (DSR).
• RBAC, performance monitoring and
  

 vSphere and vSphere client/HTML5

• vSphere is a suite that contains ESX, ESXi, vCenter, vSphere client, and used as a modern software-defined data center (SDDC).
  
• vSphere client/HTML5 - used to access ESXi (small env) and vCenter (large env) for management.
• vSphere client is replaced by HTML5-based vSphere in vSphere 6.7
  

 Links:

• https://www.mustbegeek.com/difference-between-vsphere-esxi-and-vcenter/
• https://www.nakivo.com/blog/vmware-esxi-vs-vsphere-vs-vcenter-key-differences/
  

Show Kenna Connector Status

While working on Kenna data set, it is largely depends on the input from vulnerability scanning system. Sometimes, the data upload is delayed due to the Kenna connector is taking too long to upload the data.

Thus, I just created a python script that allow me to check the Kenna connector sync status.

List Users in Kenna

I've been using KennaSecurity for one year. Then I found that something strange with KennaSecurity GUI. 

When you try to list users in Kenna, you can't find yourself in the list even you are administrator.

Thus, I create a simple ruby script that help me to list all the users, including myself. ;)

Essential OpenSSL Commands

Here, I collected some essential commands for OpenSSL.

Check the Connection:

$ openssl s_client -showcerts -connect www.microsoft.com:443

Decoding BASE64 (PEM) Certificate

Capture the output between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” tags, and save as a text file (i.e. cert_microsoft.com).

Run the command below to read the file, and display it in a textual format.

$ openssl x509 -noout -text -in cert_microsoft.com

Decoding Binary Certificate (DER) Certificate

DER is a binary certificate format and the content is the same as PEM (Base64).

$ openssl x509 -noout -text -inform der -in cert_microsoft.der

Convert Certificate between DER and PEM format

By the way, -inform is short for “input format”

$ openssl x509 -inform der -in cert_microsoft.der -out cert_microsoft.pem

$ openssl x509 -inform der -in cert_mirosoft.der -outform pem -out cert_microsoft.pem

$ openssl x509 -in cert_microsoft.pem -outform der -out cert_microsoft.der

 $ openssl x509 -inform pem -in cert_microsoft.pem -outform der -out cert_microsoft.der

 

Checking the Chain of Trust

$ openssl verify -verbose cert_microsoft.pem

If you see "Error 20 at 0 depth lookup", it means that the intermediate certificate (or certificate for the Issuer of the server certificate) is missing. 

$ openssl verify -untrusted cert_symantec cert_microsoft.pem

If you see "Error 20 at 1 depth lookup", it means the error is no longer on the server certificate (0 depth) but now can't find the issuer certificate for the Symantec cert.

$ openssl verify -untrusted cert_symantec -CAfile ./RootCerts.pem cert_microsoft.pem

You should see everything is "OK" now.

If you have more than 1 intermediate certificate, just concatenate both certs into one.

$ cat inter1.pem inter2.pem > inter_both.pem

Testing SSLv2/SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3

$ openssl s_client -ssl2 -connect microsoft.com:443

$ openssl s_client -ssl3 -connect microsoft.com:443

$ openssl s_client -tls1 -connect microsoft.com:443

$ openssl s_client -tls1_1 -connect microsoft.com:443

$ openssl s_client -tls1_2 -connect microsoft.com:443

$ openssl s_client -tls1_3 -connect microsoft.com:443    

$ openssl s_client [-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3] -connect microsoft.com:443

 

Get the Common Name (cn) or Subject

$ openssl x509 -noout -subject -in cert_microsoft.pem

Renegotiation (by client)

$ openssl s_client -connect www.microsoft.com:443

HEAD / HTTP/1.0

R

<CRLF>

 

Testing Weak Ciphers

$ openssl s_client -cipher NULL,EXPORT,LOW,3DES -connect <site:port>

Testing NULL Cipher

$ openssl s_client -cipher aNULL -connect <site:port>

Forward Secrecy

$ openssl s_client -cipher EDH,EECDH -connect <site:port>

Testing RC4 ciphers

$ openssl s_client -cipher RC4 -connect <site:port>

Testing Compression (CRIME/TLS or BREACH/HTTP)

"Compression: zlib compression" and "Compression: 1 (zlib compression)" indicate that the remote server is vulnerable to the CRIME attack. "Compression: NONE" means not vulnerable to TLS compression. 

$ openssl s_client -connect <site:port>

GET / HTTP/1.1
Host: example.com
Accept-Encoding: compress, gzip

<CRLF><CRLF> 

If the response contains encoded data, it indicates that HTTP compression is supported; therefore the remote host is vulnerable (to BREACH).

Links:

• Explaining the Chain of Trust 
• SSL Checklist for Pentesters - the Manual Cheatsheet
• Manual testing of SSL/TLS weaknesses