Docker is not running \ You are ubable to start Docker Daemon:

root@penguin:~# sudo service docker restart
Failed to restart docker.service: Unit docker.service is masked.
root@penguin:~# docker –version
Docker version 1.12.6, build 78d1802

Sysctl shows the same output :

root@penguin:~# sudo systemctl enable docker
Synchronizing state of docker.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable docker
Failed to enable unit: Unit file /etc/systemd/system/docker.service is masked.

Ok we see that service is masked  , it means below

mask is a stronger version of disable. Using disable all symlinks of the specified unit file are removed. If using mask the units will be linked to /dev/null. This will be displayed if you check e.g. by systemctl status halt.service. The advantage of mask is to prevent any kind of activation, even manual.

Ok so we need to unmask the docker service

root@penguin:~# systemctl unmask docker.service
Removed /etc/systemd/system/docker.service.
root@penguin:~# systemctl unmask docker.socket
root@penguin:~# systemctl start docker.service

Now everything should back to normal

root@penguin:~$ systemctl list-unit-files | grep docker
docker.service                             enabled  
docker.socket                              enabled  
root@penguin:~# docker ps -a
CONTAINER ID        IMAGE                     COMMAND             CREATED             STATUS                    PORTS               NAMES
61459d6cc36e        prakhar1989/static-site   "./wrapper.sh"      12 weeks ago        Exited (0) 11 weeks ago                       static-site

 

Mongo install ubuntu 12.04

Posted: 8th November 2016 by admin in all
Tags: , ,

Fast , not clustered mongo installation (QA pupposes mainly)

#!/bin/bash
 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
 echo "deb http://repo.mongodb.org/apt/ubuntu precise/mongodb-org/3.0 multiverse" |     sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list
 sudo apt-get update
 sudo apt-get install -y mongodb-org

 

Aproximatelly from a month + my server was down

All data and websites were unavailabe , I'm tried to recover the data but VirtWire.com just closed the bussiness and shutted down the servers..

Nice… Very nice

rule #1 – Always keep recent backup

Mysql DumpSometimes, when you have got a large number of tables in your database and while taking the dump of that particular database, you would have encountered this strange error

mysqldump: Got error: 1016: Can't open file: '.\database\certain_table.frm' (errno: 24) when using LOCK TABLES

There are two solutions to avoid this error

1. Set the following value to some higher number in your mysql database

set open-files-limit=20000

2. or, While taking the mysql dump, use –lock-tables=false option.

mysqldump --lock-tables=false -u root -p db-with-lots-of-tables > db.sql

Remote Code Execution Via HTTP Request In IIS On Windows

Posted: 27th October 2016 by admin in Hacks
Tags: ,

Patching time.

A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.

To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.
MS15-034

Details are withheld for now, so it's a race: patch your systems before the attackers can reverse engineer the Windows patch.

More details: MS15-034
This vulnerability has been assigned a CVE: CVE-2015-1635

Update: exploit code is emerging

The first snippets of exploit code for MS15-034 are starting to show up, to scan for the vulnerability of a system.

char request1[] = "GET / HTTP/1.1\r\nHost: stuff\r\nRange: bytes=0-18446744073709551615\r\n\r\n";

ms15_034_code_snippet

This remote scan is using the Range-header to trigger a buffer overflow and detect if the system is vulnerable or not.

$ telnet 10.0.1.1 80
GET / HTTP/1.1
Host: stuff
Range: bytes=0-18446744073709551615

The following curl command would mimic the same request.

$ curl -v 10.0.1.1/ -H "Host: irrelevant" -H "Range: bytes=0-18446744073709551615"

The Range-attack looks similar to a Denial-of-Service (DoS) attack on Apache a few years back that caused 100% CPU usage (dutch (NL) blogpost with more details).

When sending such a request, it can trigger a blue screen on the Windows Server, effectively rendering it offline.

The CVE and Microsoft Bulleting mention Remote Code Execution possibilities as well. Since the exact details of the patch aren't clear yet, it's unknown how to trigger that particular part of the vulnerability.

As well you can check your sites rigth here : https://lab.xpaw.me/MS15-034/