Quick and Dirty SOCKS Proxy From Mac

Purpose of SOCKS Proxy

If you need to access specific internal web pages and don’t want/need to use a VPN, or if you need to test something from another area of the world this is where SOCKS proxies can come in handy. For the sake of an explanation I’ll give a scenario. Let’s say your company has a geolocation service that automatically detects the region the user’s public IP is coming from and uses that to determine which pages get served. This is a common scenario with global applications that serve South America as much of that region speaks Spanish, however Brazil speaks Portuguese. With the geo-ip detection running on your servers if a Brazilian IP is detected the Portuguese site will be served rather than the standard South American sites. To test this functionality you can simply spin up a micro instance in AWS in the Sau Paulo Brazil region, then in your Security Group open port 22 for SSH as well as the port you’ll use for your SOCKS proxy (I’ll use 1080 in this example). Technically speaking you can use any unassigned port, but generally speaking the commonly used proxy ports are 1024 and 1080.

 

Making the Connection (Mac or Linux)

Now that you have your instance spun up and your security groups modified to open the port, you’ll be able to create the connection using the syntax below in your terminal:

ssh -D 1080 user@ip-or-hostname

 

Once you have authenticated and established connection we are halfway there. The last remaining step is to tell either your system or browser to forward traffic over localhost (which will then forward over the proxy.

 

Setting Up the Proxy in Firefox

I have chosen Firefox for this example because I primarily use Chrome and don’t want to clear cache just for a quick dirty test, and Firefox is also stupidly easy to configure SOCKS proxy settings for. First in your address bar type about:config

socks1

When you see the above warning go ahead and click the blue button to continue. Then on the next screen type “network.proxy” in the search:

Socks2

Once you’ve done this you’ll want to change the following items (note these are listed in bold in the screenshot)

 

Preference Name
Value
network.proxy.socks 127.0.0.1
network.proxy.socks_port 1080 (or your port number)
network.proxy.socks_version 4
network.proxy.type 1

 

socks3

Validating Functionality

Now that you’ve made these changes in firefox visit http://icanhazip.com or Google what’s my ip. Your public IP should match the remote box you are SOCKS proxied to. If this is the case you are all set to test, if not you will need to go back and verify your settings.

 

It is possible to setup a system wide SOCKS proxy but for this purpose I wanted to provide the least intrusive and easiest quick dirty way to test remote functionality via a super simple SOCKS proxy.

Happy Holidays! A Year in Review

Seasons Greetings,

A lot has changed in the past year since I started this blog. Today marks the 1 year anniversary of my blog site. A year ago I was a Systems Administrator for a small company with about 100 users, 4 VMware nodes in a cluster and a largely Windows environment and days away from passing my MCSA Certification. Over the past year as I reflect I’ve moved to an MSP providing support for thousands of servers on different OS and architectures, different hypervisors, learned SaltStack, became proficient in managed switching environments and got up to speed with F5 Load Balancers. In this time I’ve also gathered up Linux +, Hyper-V, Citrix Xen, and LPIC 1 certifications. What a wild ride this has been. I have nearly doubled my salary and grown in so many ways technically. One of the things that has become apparent to me is that the quest for knowledge must also be tempered with quality time with family and friends. It’s easy for a year to go by in an instant and work your heart out, but it’s equally important if not more important to maintain a balance between work and life beyond work. That said I do enjoy time with my home lab, still love what I do for a living, and have enjoyed engaging in the technical community, learning from others and mentoring others to grow their skills and careers. I want to spend a moment and be sentimental (which doesn’t happen for me as often as it should) and thank my wife, my dear friends, and my colleagues for making this life worth living and for standing by my side and putting up with the late night calls, untimely outages, and other fun that comes with the life of Server Operations. Looking forward to a new and killer year in 2016. Thank you all for reading and supporting my endeavors, feel free to reach out to me if you want to see any specific new content in the coming year. Have a happy and safe holiday!

Resetting Forgotten Windows Admin Password

One of the “fun” experiences I have run into in my IT career is the situation where domain trust is broken or the network is not configured, but you absolutely have to get into the box in question. The trouble is the password was set by someone who was in the position before you and there is no documentation. I have come across 2 ways to do this, one of which I consider to the conventional bare metal method and the Hyper-V guest method.

 

Method 1 (Bare Metal Method):

If you have a physical server or a virtual machine that is in another format other than VHD to VHDX use this method. Essentially what we will be doing is booting from the windows disk into a command prompt repair option, backing up and renaming utilman.exe and making a copy of cmd.exe name utilman.exe. This will allow us to reboot to login prompt, press windows + U (which ordinarily brings up utilman.exe) which will launch a command prompt, from where we can reset the administrator password using the net user commands.

The first step is to insert the windows disk, reboot and choose to boot from disk. Once you are on the the screen that present the option to install windows or repair your computer

page1

 

repair-your-computer

Choose the troubleshoot option, and then select to command prompt.

Once you are booted into the command prompt you will need to type the following commands (note D is the normal drive for C: in this prompt, if you primary drive is labeled something other than C you can use diskpart to identify the proper disk)

  • D;
  • cd windowssystem32
  • ren utilman.exe utilman.bkp
  • copy cmd.exe utilman.exe

Close the command prompt, eject the disk and restart. Once you boot to the sign in screen press windows key + U then type the following:

  • net user administrator Password123!

Close the command prompt and login as administrator with the password you just set. Once you have completed this successfully you will want to remove the utilman.exe application and rename utilman.bkp to utilman.exe.

 

 

Method 2 (Mounting VHD Method):

If you are utilizing Hyper-V or another virtualization platform that utilizes VHD or VHDX files you have another option, which is to mound the VHD and perform similar steps to the above. If the VM in question is running shut it down. Once the virtual machine is shut down on the Hyper-V host machine open disk management (diskmgmt.msc) and choose the “action” menu, then select “attach VHD”.

attach vhd

Once you select attach VHD, you’ll need to navigate to the directory where your Hyper-V VHDs are stored (by default this is C:UsersPublicDocumentsHyper-VVirtual Hard Disks). Select the VHD and mount it. Once the VHD is mounted you’ll see it show up as a drive letter, navigate to this drive letter, choose the windowssystem32 directory. You will need to right click on utilman.exe and choose properties, select the security tab, choose advanced security and change ownership to your user account.

utilbak

Once you have taken ownership and applied changes you will be able to add your account on the security tab and grant full control. Once this is applied you will then have the permissions needed to change the filename to utilman.back. Once this is done locate cmd.exe in same directory, right click and copy, then paste and rename to utilman.exe. Unmount the VHD  by opening disk managment (diskmgmt.msc), highlight the disk for the VHD you mounted, then choose “action>all tasks>detach VHD”

detach

Once you have unmounted the VHD you can boot the Hyper-V virtual machine and press ctrl+U at the login prompt to reset the password via command prompt with the following command:

  • net user administrator Passwor123!

Once you are successfully in the server and you need to perform the same cleanup tasks as in method 1. If you run into issues moving utilman.bak to utilman.exe you can try shutting down the VM and re-mounting the VHD to the Hyper-V host and change these options, unmount the VHD and reboot the Hyper-V system.

 

Thank you all for reading and I hope this article is helpful. This article is intended to assist administrators to access systems they have rights to access but lack the password. This article is in no way mean to help or endorse illicit access to systems, please use this information carefully and please act ethically and only use this to access systems you own and/or are authorized to access.