Kali Blue Screen & No Icons

Filed Under IT Tipz & Trix

I see that a few people have encountered the Kali Blue Screen, no icons and constantly getting kicked back to the log in screen after doing an update. Some people seem to think it is related to virtualised instances (VMware, VirtualBox etc).

Anyhoo – the following worked for me to cure the issue

  1. Boot to the login screen
  2. CTRL-ALT F2 to go to the console
  3. Login as normal
  4. at the prompt enter dpkg  –configure -a (double hyphen before the configure)
  5. reboot

Hope it helps someone else out and Happy New Year everyone!

Recover media files from HTC HSMBackup

Filed Under IT Tipz & Trix

Due to my M7 going in for repair, I have temporarily got a Samsung as a loan phone. With an upcoming weekend away I wanted to grab my music and stick it on the Samsung so I could listen to it in the car on the long drive.

However, as most things in bb_land, this is not just a case of using the HTC Sync Manager to Restore -> New Phone where it extracts the files into their native format and copies them over. In fact you can’t do it at all.

A quick bit of bumbling around and I find the files stores in AppData/Local/HTC MediaHub/HSM Backup/ in folders helpfully named things like BR_534833355459393033373038 and 35F67E512C69CF39ECF43E90A40F2BDE5A510F2C with useful filenames such as 0C52E903FFEC6CDFBB37A3113D99476A0BB46891. Awesome.

Some quick peeking with a Hex Editor reveals these to be the files I need, just with no extension and a garbled filename. Only wanting to grab the MP3s and not any videos etc I banged up this quick script to be run from the HSM Backup folder


$di = new RecursiveDirectoryIterator('C:\Test Directory');
foreach (new RecursiveIteratorIterator($di) as $filename => $file) {
//read first 3 bytes of file
echo "Attempting File : $file \n"; //Show file we are attempting
if (substr($file,-1) <> ".") { //Eliminate whining when attempting . and .. in the dir structure
$newhandle = fopen($file, "r");
echo "Opened File : $file \n"; //Show we have a handle on the file
$contents = fread($newhandle, 3);
echo "Read File : $file \n"; //Show we have read from the file
//is it ID3
if ($contents == "ID3") {
//Yes -> copy to place and rename to MP3
copy ($file, $newfile);

Running the script copies any files with ID3 as the first 3 bytes of the file to a new file with the same name but an MP3 extension (thus preserving the original for when the M7 comes back from repair to be resynced. After that a simple Windows Search for *.MP3 showed me all my files that I just cut and pasted into the Music folder on the Samsung.

Script is easy to change for different formats (i.e if you are looking for a video just change the number of bytes read and the compare constant)

Hope it helps someone recover their music if they’ve swapped phones and this is the only backup they have.

RPC_S_Server_Unavailable error (0x6ba) and Microsoft Exchange is unavailable.

Filed Under IT Tipz & Trix, Sighs

This post probably falls more under the doh! category than anything else but it might still be useful if anyone else suffers from the same apparent brain failure as I did 🙂 When setting up a remote user to use Outlook and was struggling massively to get it to connect. Every time Outlook would give me the following error stating that Outlook must be online or connected to complete this action.
Exchange Unavailable
Could something have changed that I was unaware of? I tried testing it with the Exchange Connectivity Tester (which is a brilliant troubleshooting tool btw) and that failed too with the horrible “The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process” error.

Remote connectivity results

Remote connectivity results – click for full version

Google advice on the 16000+ results for that term ranged from disable IPv6 to registry edits on the server. But since it was only this one user that had issues, I didn’t think we needed to go that far. I could happily connect to ports 6001,6002 and 6004 and every other remote user was having no issues. Then it occurred to me, like a 100 year old lightbulb slowly, so very slowly, dispelling the dark fugue of confusion – this looks like a DNS error. Why is it unable to ping the server? What is it trying to ping? OWA works find for the user so it’s not an account issue. The problem – I had entered the external server name in the Outlook Account Settings (:facepalm:).

The proxy server you enter for RPC over HTTPS for the Exchange account details here :

Account Settings

Account Settings

 is NOT the same as the address you enter for your server here :

Outlook Config

Outlook Config – click to enlarge

Once I changed the Outlook Config to point to exchange.contoso.local – BOOM! Problem solved. And a quite shocking amount of “OMFG I wasted so much time on this, what a numpty I am” 🙂

The Case of Metasploit and the Facebook Cookies.

Filed Under IT Tipz & Trix

Or How I Started My Metasploit Scripting Journey

I have been using MetaSploit for a while now and have slowly got comfortable enough with it to start tinkering under the hood so to speak. Most of this has been driven by a desire to get the most out of the trial version of Cobalt Strike which is hands down one of the most awesome pieces of software I have played with in a while.

Whilst Cobalt Strike’s built in browser pivoting is awesome, I believe it is most useful on a reliably exploited box, rather than one that might only connect occasionally like a laptop. There are many wonderful post modules already supplied with the Metasploit framework for gathering credentials, but I couldn’t find an out of the box solution for grabbing Windows 8 cookies (enum_ie for example won’t work on a Win8 box) so I thought I would go about writing my own.

After all – how hard can it be!!

A little research shows that Windows 8 cookies are stored in %USERPROFILE%\AppData\Local\Microsoft\Windows\InetCookies and %USERPROFILE%\AppData\Local\Microsoft\Windows\InetCookies\Low in TXT files.

With my test target exploited I thought the best approach would be to search those folders and download each TXT file so we could have a complete copy of all of the IE Cookies for the logged on user.

What follows is many different approaches, one ultimately successful and IMHO a good demonstration of thinking outside the box to solve issues when you are on your own! If anyone knows of a good place for discussing newbie level Metasploit issues and being guided through the process – please let me know. Always keen to learn!

Read more

Extract embedded Flash (SWF) files from a PowerPoint presentation

Filed Under IT Tipz & Trix

I was recently asked by my boss if I could dump all of the Adobe Flash videos out of our corporate PowerPoint presentation so that we can convert them to .mp4/.mov so we can put some of the animations on iPhone so our reps can show them to the customer.

It really is not as easy as it looks!

I googled a fair few sites looking for answers and there really isn’t much out there that will do this auto-magically for you. So I rolled my own 🙂

The procedure is very simple.

  • 1. Open PowerPoint file and ensure that it is saved as .pptx (the new XML Office format)
  • 2. Rename the .pptx as a .zip file (we all know that the new format is already zipped up right?)
  • 3. Open the .zip file in winrar/winzip or your preferred utility
  • 4. Navigate to the .\ppt\activeX directory in the archive
  • 5. Extract all the .bin files to another directory
  • 6. Run the php script below on it

All the script does is scan the files in the current directoy to see if they are .BIN files (which is where PowerPoint stores SWF files, as well as other embedded file types), search through that file for the beginning of the SWF file header (denoted by FWS), read the file length as defined in the header and save that section out to a new file with a .swf file extension.

Simples really 🙂

As always, hope it helps someone. Script follows :

  Read more

What to look for in an IT support company

Filed Under IT Tipz & Trix

A lot of people have recently asked me how to choose the right company for their IT support. Below are my guidelines on what to look for.

1. Check how many engineers they have on staff – not subcontracted.
2. If they do subcontract – ask why.
3. Visit their workshop – it is your lifeblood they are looking after. Make sure they have the tools to deal with it.
4. Get references – and make sure you have the name of the technician they worked with as good technicians will often leave a bad company.
5. Follow up the references – ask for examples of problems that they have solved for you. See if you can speak to the technician in the reference.
6. Ensure that you meet the technicians – after all, you will be dealing with them, not the guy who sold it to you.
7. Make sure that IT is their primary focus – you don’t ask your mechanic to fix a filling / perform heart surgery.

Most importantly you should remember that if your IT fails, your business will suffer. Don’t just accept at face value what a salesperson tells you a company can do as sales people are generally not technical people. Sales people are commission focussed – technical people are solution focussed. No one (that I know of) pays their technicians on a per fix basis. Sales people are commissioned on a per contract basis (generally).

Ultimately you need to be sure that the company you choose values your business as much as you value your IT. That is why it is important to pick a company that has made an investment in staff, workshop and spares and not just in a flashy advertising campaign/website.

Personally speaking, if the company who approaches me for IT support doesn’t have 100% focus on IT solutions, I’m not interested. My lifeblood should be their lifeblood – my data is vital to me and it should be to them. I don’t want anybody looking after my business / data who isn’t 100% focussed on that.

Jerky Mouse in Windows 2008 R2 under ESXi4.1

Filed Under IT Tipz & Trix

The laggy mouse issue seems quite common and after a bit of Googling I have found a solution that worked perfectly, at least for me.

It’s a simple video card driver upgrade!

    If you go Start -> Right Click on My Computer -> Manage and under Diagnostics you find the Device Manager.

    Scroll down to Display Adapters and expand the selection so that you can see the currently installed adapter. Right Click and go to Update Driver Software.

    Select ‘Broswe my computer for driver software’ and navigate to C:\Program Files\Common Files\VMWare\Drivers\wddm_video folder

    Update the driver and reboot!

Everything is now fixed 🙂

Hopefully this will help anyone else who is having poor mouse performance in Windows 2008 R2 under ESXi4.1 – it is no fun using vSphere to work on a VM with a horrible, jerky, jumpy, laggy mouse!

Moving shares between SBS 2003 & SBS 2008

Filed Under IT Tipz & Trix

Still migrating the data over for my client, I ran into the usual problem of moving data from one drive to another preserving both NTFS ACLs and share details.

The easiest way round this, that I have found, is as follows

Issue the following commands from the command prompt on the destination server to copy all of the NTFS ACLs and data over from the source server to the destination server (in my instance I was copying their data drive, which was D) so my commands looked like this

net use z: \\source_server\d$
robocopy z:\ d:\ /E /COPYALL

However, this does not preserve the share info. Since mine was a fresh install, I just needed a complete copy of the drive and share permissions I just exported the following registry info from source server :


Re-importing that on Destination server had everything up and running in copy_time+2 mins 🙂

Happy days

Moving lists between SharePoint sites

Filed Under IT Tipz & Trix

Once I’d overcome the issues with user permissions outlined here I noticed that the companyweb was different to oldcompanyweb.

A lot of the metadata was missing, including version history. Turns out that this is quite the problem just using stsadm from the command line.

However, I found a great tool called SharePoint Content Deployment Wizard.

In my case, I just deleted the lists that didn’t have the data required and re-imported them using this tool though you could use it just as well to skip the whole stsadm -o export/import proceedure. Though please make sure which account you are logged in as else you may run into the problems outlined in my previous post.

Again – hope it helps!

SBS 2003 -> SBS 2008 Migration

Filed Under IT Tipz & Trix

Long time no post!

Thought I would update my blog with some hints and tips for some problems I hit in a recent client migration from SBS 2003 -> SBS 2008.

Following the Microsoft tech document everything went smoothly until I needed to recreate the old companyweb.

stsadm -o export -url http://OldCompanyWeb -filename cweb.bak -includeusersecurity completes with no errors

[6/14/2010 12:09:49 PM]: Progress: Export Completed.
[6/14/2010 12:09:49 PM]: Finish Time: 6/14/2010 12:09:49 PM.
[6/14/2010 12:09:49 PM]: Completed with 0 warnings.
[6/14/2010 12:09:49 PM]: Completed with 0 errors.

Though I do notice the following in the log file :

[6/14/2010 12:09:10 PM]: Debug: Security check failed in OnListItemExport

The actual site http://OldCompanyWeb looks and runs just fine

When issuing the stsadm -o import -url http://companyweb -filename cweb.bak -includeusersecurity I get the following errors

Multiple instances of :
[6/14/2010 1:30:09 PM]: Debug: Security check failed in OnUserGroupExport
[6/14/2010 1:30:10 PM]: Warning: The specified user could not be found.
*** Inner exception:
User cannot be found.
at Microsoft.SharePoint.SPUserCollection.FindUserSID(String strSearchText)
at Microsoft.SharePoint.SPUserCollection.GetBySID(String strSid)
at Microsoft.SharePoint.SPUserCollection.GetBySID(Byte[] byteSid)
at Microsoft.SharePoint.Deployment.SecurityObjectSerializer.ResolveUser(ImportStreamingContext context, SPWeb web, Byte[] sid, Int32& idUser)
[6/14/2010 1:30:10 PM]: Debug: Security check failed in OnUserGroupExport
[6/14/2010 1:30:10 PM]: Warning: The specified user could not be found.
*** Inner exception:

and at the end

[6/14/2010 1:34:50 PM]: Progress: Importing Role Assignment for _catalogs/users.
[6/14/2010 1:34:51 PM]: FatalError: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at Microsoft.SharePoint.SPGlobal.HandleUnauthorizedAccessException(UnauthorizedAccessException ex)
at Microsoft.SharePoint.Library.SPRequest.ResetSecurityScope(String bstrUrl, UInt32 dwObjectType, String bstrObjUrl, Guid guidDoc, Boolean bUnique, Boolean bCopyRoleAssignments, Guid& pguidScopeId, Int32& piError)
at Microsoft.SharePoint.Deployment.RoleAssignmentsImport.ProcessComplexElement(ImportStreamingContext context, XmlReader xr, SqlSession session)
at Microsoft.SharePoint.Deployment.SqlBatchImport.Run()
at Microsoft.SharePoint.Deployment.SecurityObjectSerializer.SetObjectData(Object obj, SerializationInfo info, StreamingContext context, ISurrogateSelector selector)
at Microsoft.SharePoint.Deployment.XmlFormatter.ParseObjectDirect(Object objParent, Type objectType)
at Microsoft.SharePoint.Deployment.XmlFormatter.DeserializeObject(Type objectType, Boolean isChildObject, DeploymentObject envelope)
at Microsoft.SharePoint.Deployment.XmlFormatter.Deserialize(Stream serializationStream)
at Microsoft.SharePoint.Deployment.ObjectSerializer.Deserialize(Stream serializationStream)
at Microsoft.SharePoint.Deployment.ImportObjectManager.ProcessObject(XmlReader xmlReader)
at Microsoft.SharePoint.Deployment.SPImport.DeserializeObjects()
at Microsoft.SharePoint.Deployment.SPImport.Run()
[6/14/2010 1:34:51 PM]: Progress: Import Completed.
[6/14/2010 1:34:51 PM]: Finish Time: 6/14/2010 1:34:51 PM.
[6/14/2010 1:34:51 PM]: Completed with 18 warnings.
[6/14/2010 1:34:51 PM]: Completed with 1 errors.

Turns out that the account I was using (one created with full admin rights as the deployment document states that it is recommended that you create a new administrator account on the Source Server for migration instead of using the built-in Administrator account) did not have the correct permissions to do this.

Even though I used the ‘Run as’ option to run the command prompt as administrator :/

Logging on as a different user (in my case using the built in Administrator account) solved all the above issues.

Hope it helps someone

keep looking »