I have a co-worker that picked up an old DSC PC5010 alarm panel (for free, you can’t go wrong right…) and since I had fun writing about the Honeywell Lynx Touch Backdoor, I figured I’d give this a go and see what happens. The problem… the panel had installer lockout enabled.
You can tell when a panel has installer lockout enabled because you will hear a distinct 8-10 clicks from a relay when the panel is initially powered up (see video directly below). When the panel is locked out like that it blocks the ability to default the panel back to factory (even by hard wire reset), so unless you have the installer code, you’re SOL…
This is going to be a short and sweet post, but it touches on something I had to deal with just the other day.
I was going through my router, which I do on a regular basis, to check what unknown network devices were showing up in the network list. In my case I usually do this for two reasons. The first is to name all my devices in the router itself and typically assign it a static IP. The second is for pure security. I want to know what devices are on my network, and who the device belongs to.
The particular unknown network device that I noticed, and could not identify was named “GainSpand48cb6“. I usually take pride in naming my devices, so GainSpan was not something that I had setup. I made the assumption that the d48cb6 was the last 6 digits in the mac address, which I confirmed by looking at the device info more deeply.
There comes a time in every security professionals career where either an installer code was lost, changed, locked out, or forgotten.
An installer code is a 4 digit code that, when entered into the keypad, will allow you into the programming menus of an alarm panel.
Some panels however have back doors hidden in them that allow access to the installer menu without ever knowing the code. Take the Honeywell Lynx Touch L5100 for example.
This beauty is actually one of my favorite alarm panels to work with (only being beaten by the Lynx Touch L7000 of course) combining a whole hefty set of features such as Z-Wave, Wifi, and GSM into a small easy to install package.
Quick tip for those of you using AVG Firewall. I ran into an issue where, after installing AVG, my VMWare virtual machine would not longer connect to the internet. Windows still showed a connection and I could still ping (both by IP and domain names), but when I open a browser to load a web page, nothing happened.
At first I didn’t realize it was AVG that was causing the issue (it’s been a while since I last used my VM so I didnt make the connection right away). But some simple troubleshooting narrowed it down (set firewall to “Allow All“) and boom, internet started working right away.
As some of you may (or may not) know, by default apache2 allows something called “Directory Listing”. Essentially what this means is that when you visit your web server, if you browse to a directory within your www folder that does not contain an index page (index.php, index.htm, index.html, etc.), apache2 will actually spit out (or list) the entire contents of that folder. This should be a concern for anyone running a production server, and unless there is a specific need for directory listing its always a good idea to disable it. There is tonnes of different opinions on whether or not its a security issue to leave it enabled, and to this I have to say to each their own. Personally I feel it is a security risk, but at best disabling it is simply security by obscurity.
It happens to all I.T. guys sooner or later. You have a device on a network (maybe yours, or maybe a customers) and you need to figure out what IP address that device has. Some devices will provide this information via a console port, or maybe you can check your DHCP server’s reservation list… but what if you do not have access to any of these methods?
It recently came up where I wanted to force users visiting the IdleDev page to use a secure connection (https) domain wide (mostly for the development of Zero Day to ensure a secure connection is used at all times).
Unfortunately this was something that did not appear to be directly supported by my host. Luckily they do allow .htaccess and mod_rewrite, so from there it was easy.
By placing that text into your .htaccess file, and replacing “www.exampledomain.com” with your own domain, it will redirect the user to use an secure connection throughout the entire domain (essential for sending encrypted passwords, or any other data over the web that requires a secure connection).