03 November 2011

Easily delete Lan Server entries in Belgacom BBOX routeur

Deleting Lan Server entires via the BBOX web interface is a pain when there are more than five entries to delete.

Hopefully, you can connect to the telnet interface to achieve this task 10 times quicker :
  1. Connect to the router via telnet (check this post to figure out how to connect via telnet)
  2. Check the ID numbers of the entries you want to delete:
    1. You can hover the button to edit or delete an entry in the web interface in order to see the ID in the URI
    2. Or you can run this command rg_conf_print /fw/rule/loc_srv/ to see the list of Lan Servers
  3. Run the following command for each ID to delete where [ID] is the id to delete :
    rg_conf_del /fw/rule/loc_srv/[ID]
If you don't want to execute the command manualy, you can use my tool.
Usage : bbox_fw_delete_id -i [bbox_ip] -l [login_name] -p [password] -s [start_id] -e [end_id]
This tool is provided 'as is' and could not work as expected or even corrupt your BBox.

.NET library used to write this tool

02 November 2011

Disable UPnP on Belgacom BBox2 routeur

  1. Connect via telnet on your belgacom routeur
  2. telnet 192.168.1.1
  3. Login : admin
  4. Password : BGCVDSL2 (default password)
  5. Check if config is the same as expected 
    Following command should return (enabled(1))
  6. rg_conf_print upnp/enabled
  7. Change the configuration
    rg_conf_set upnp/enabled 0

Connect to your local router from wan through ssh

In a previous post, I've described how to open remote management for your bbox2 / local modem-router via ssh.

I've found an easier and more secure way to achieve this :

Prerequisites :
* You have PuTTY (or an ssh client)
* ssh server on your local network is reachable from wan

In PuTTY settings > Connection > SSH > Tunnels, define the following :

  • Source port : 8080 (or any free port on your computer running PuTTY)
  • Destination : 192.168.1.1:80 (assuming your router ip is 192.168.1.1 and the default web interface running on port 80)
  • Click on [Add]
  • Apply changes

You can now connect on your router web interface from your computer running PuTTY via the following address : http://localhost:8080/

Hex Edit Windows 7 SAM file to enable Administrator Account

It could happen that your were connected to a Windows Domain and that you've decided to leave this domain.
What about if all local users are disabled?

You cannot join anew a Windows Domain as you don't own any local user able to connect in order to join the domain.
You can still start your computer and see the login screen but you will definitely stay a click away from your desktop...

Hopefully, there is a bunch of tools allowing you to enable anew the Administrator account and even reset the password :
link1
link2
link3
...
(Simply search "offline windows password change" on Google)

But in my case, editing the SAM file on another computer simply didn't work and I didn't want to burn a CD or corrupt my multiboot usbkey.

So I've booted on Lubuntu already installed on my usbkey and decided to hex edit the file.

Later on, I've found a linux tool called chntpw that could be installed on my live lubuntu distro and could do the trick, but I went another way :
  1. apt-get install hexedit
  2. Open SAM file (containing local user accounts)
    1. hexedit /media/os/Windows/System32/config/SAM
  3. Find signature "00001F4"
    1. CTRL+S : 3030303030314634
  4. Find signature "2.9.8"
    1. CTRL+S :  3200390038
  5. Being on the char "2" position, calculate 18 hex position on the left (i.e. press 36 times the left arrow key)
  6. The hex char should be 11, replace it by 10
  7. Save by pressing F2
  8. Reboot on Windows
  9. Enjoy your local administrator account enabled with a blank password*
* If the administartor password wasn't changed by a user or a GPO

#1 #2

01 November 2011

Connect to SSH with a Public Key on a Synology Station

Prerequisites :
  • You own a public key and a private key, or you can generate one with puttygen or openssl
  • ipkg and nano installed if you want to use this editor

  1. First connect to your nas as root via ssh using your admin password.
  2. If you want to connect later on as root, go in the home folder of root
    If you want to connect as another user, go in the home folder of the other user, and follow the same instructions
    cd /root/
  3. Go to or create the directory .ssh
    mkdir .ssh
    cd .ssh/
  4. Open the file authorized_keys (assuming nano is installed with ipkg, otherwise use cat or vi) :
    nano authorized_keys
  5. Copy your public key inside the file and save it.
  6. Open sshd config file :
    nano /etc/ssh/sshd_config
  7. Ensure the two following parameters are enabled and uncommented :
    RSAAuthentication yes
    PubkeyAuthentication yes
  8. Configure your ssh client to use your private key and enjoy ;)