Today as part of my work duties I went to school to offer mentorship to some students interested in tech.
The place we went to was called the Puget Sound Skills Center.
Kids there were interested in tech and one of them was interested in red team ethical hacking.
I can get behind that, I will provide them some things to play with.
Weight: 321.4
Making use of lab but it does not need to be on all the time.
So I figured out how to power on things, I can probably script it all, but I want to make sure things are started in the correct order and there is a timing issue.
I can do it relatively quickly, I think total it takes like 15 minutes to be completely up and maybe 20 minutes to be completely down.
At least it is relatively low thought and documented.
Also created an hta launcher for the lab to get me quickly to the utilities, apps, notes and files I need.
Weight: 322.6
Got a quick presentation tomorrow that requires a heck of a lot of preparation.
It is late, past 10:30PM and I got most stuff done, but got a bit more to go.
One hurdle is missing notes on how I managed to work linux stuff with Active Directory.
Another thing I documented was startup and shutdown procedure.
Also improved nagios monitoring.
Did a lot.
Weight: 321.8
Purchased this to remove pins last year, to assist in pin removals. It sucked!!! Got 1 pin removed with great difficulty
Maybe I did it wrong, I think may have been a knock off, but later paid twice that
Today the new pin removal tool came in and it worked.
Tool is called a Jready DAP-D173. Works really well.
I actually purchased it to repurpose a corsair PS modular cable for a Seasonic PS. ChatGPT said it was a bad idea. Didn’t fit anyway.
More work on the bathroom, today was the toilet. Ran out of time and energy. Got it in but one of the T bolts did not go in.
Long day and I am tired.
Weight: 321.2
Good new, had my last visit with my occupational therapist. He measure my grip strength, pinch and thumb press. It was clear improvement.
I did mention my back left shoulder hurts. He things it is just a muscle spasm.
Couple tasks this weekend, going to continue with bathroom.
Weight: 320.4
I got sysprep working at a minimal level the way I want. I now have a base windows 11 image I can use to rebuild a box relatively quickly.
After a reboot I rename it and add it to the domain.
From there ansible takes over. I am able to use a rocky 9.7 box to manage Windows Desktops via the domain through winrm
Here is how I got winrm working (not I just used a self signed cert)
Enable-PSRemoting -Force
$CertDnsName = "win11.example.com"
$Cert = New-SelfSignedCertificate `
-DnsName $CertDnsName `
-Provider "Microsoft RSA SChannel Cryptographic Provider" `
-KeyLength 2048 -NotAfter (Get-Date).AddYears(5) `
-CertStoreLocation Cert:\LocalMachine\My
$CertThumbprint = $Cert.Thumbprint
# Create Listener
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -HostName $CertDnsName -CertificateThumbPrint $CertThumbprint -Force
# Open Firewall
New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Direction Inbound -LocalPort 5986 -Protocol TCP -Action Allow
# Verify
winrm enumerate winrm/config/listener
On the Linux side I had to make sure I had the correct ansible packages
sudo dnf -y install ansible-core epel-release
sudo dnf -y install krb5-workstation krb5-devel python3-devel gcc python3-passlib apg
sudo dnf install -y python3-kerberos krb5-workstation
python3 -m pip install pywinrm requests
ansible-galaxy collection install community.general
ansible-galaxy collection install community.mysql
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install ansible.windows:2.3.0
This got me working but my ansible.cfg needed to look like this
[defaults]
inventory = ./inventory
host_key_checking = False
retry_files_enabled = False
stdout_callback = default
timeout = 30
ansible_connection=winrm
# Optional but useful
interpreter_python = auto_silent
[connection]
pipelining = True
[winrm]
# Kerberos settings
transport = kerberos
scheme = https
port = 5986
server_cert_validation = ignore
kerberos_delegation = true
And finally some variables needed to be set in the inventory file
##### Sample inventory
[windows]
win11a.example.com
win11b.example.com
win11c.example.com
[windows:vars]
ansible_connection=winrm
ansible_port=5986
ansible_winrm_transport=kerberos
ansible_winrm_scheme=https
ansible_winrm_server_cert_validation=ignore
kilist
kdestroy
kinit Admin@EXAMPLE.COM
In other news, got a new Sony earbuds, RIP my old set.
Still need to get bathroom done
Got a new UPS to install this weekend.
Weight: 321.6
Spun up a couple of cloned Windows 11 VMs and used sysprep on them
Would like to streamline the sysprep process, so may work on creating a sysprep file.
That is later though, meanwhile I got 3 windows boxes I can mess with. I may clone them to make it easier to rebuild without sysprep.
Weight: 321.6
Chinese new year today, wish it was yesterday, but today is also Fat Tuesday.
Not sure what I want to give up, will think about it today.
Recall this was a busy weekend for me, caught up to me this afternoon. After my 3PM meeting I took a quick break and woke up at 7:30, but I did get up at 6 to work so it is about right.
Weight: 323.8
Wow, didn’t think I would run out of time on a 4 day weekend, yet here I am.
I woke up later, but not really late today.
Let’s see what I did
I dont think I will be going to bed early, still got more stuff to do.
Weight: 323.8
Started working on a minor remodel of our bathroom downstairs.
First step is the wall, and getting rid of black mold.
Wasn’t alone on this though, oldest son helped me a lot.
Next one is the toilet, and finally the fan and light in that bathroom.
Also moving on to getting my NAS up. Next step for that project is to begin hard drive burning.
With this many drives, need to use a tool called bht.
Weight: 323.2
