HowTos

Cloudflare API DNS Update

 in Applications / Bash / Firewall / GNU/Linux / HowTos  tagged api / cloudflare / DNS / update DNS record / what is my ip by

Cloudflare is a content delivery network (CDN) that provides a wide range of services, including domain name system (DNS) management. The Cloudflare API allows developers to programmatically manage DNS records, making it possible to automate updating DNS records. This blog post will explain how to use the Cloudflare API to update a DNS record.

Log in to Cloudflare and get your Global API Key

First, log in to your Cloudflare account and obtain your Global API Key. You can obtain your Global API Key by navigating to the URL: https://dash.cloudflare.com/profile/api-tokens. Once logged in, you should see a section called “API Tokens.” Click on the “View” button to see your Global API Key.

Find the Zone ID

The next step is to find the Zone ID of the domain you want to update. You can find the Zone ID by following the instructions provided in the Cloudflare documentation: https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/.

  1. Click on the domain you want to manage.
  2. In the left-hand sidebar, click on “Overview.”
  3. Scroll to the “API” section and click “Get your API key.”
  4. Click on the “View” button next to the Global API Key.
  5. Copy the key and keep it somewhere safe.

Get the DNS Record Identifiers

Once you have obtained the Zone ID, you can use it to get the identifiers for the DNS records associated with that domain. You can do this by making a GET request to the Cloudflare API, specifying the Zone ID, and providing your email address and API key. The response will contain information about all of the DNS records associated with the domain, including their identifiers.

Here is an example command that you can use to get the DNS record identifiers:

curl --request GET \
  --url https://api.cloudflare.com/client/v4/zones/<zone_id>/dns_records \
  --header 'Content-Type: application/json' \
  --header 'X-Auth-Email: <email_address>' \
  --header 'X-Auth-Key: <api_key>'

Replace <zone_id>, <email_address>, and <api_key> with your actual values.

Update the DNS Record

Finally, you can use the DNS record identifier to update the DNS record. The following is an example bash script that you can use to update a DNS record:

#!/bin/bash

ip=`curl https://bytefreaks.net/what-is-my-ip | grep '<h1 style="text-align: center;"' | cut -d '>' -f 2 | cut -d '<' -f 1`;

ip=`echo $ip | cut -d, -f1`;

comment=`date +%Y-%m-%d\ %H:%M`;

curl --request PUT \
  --url https://api.cloudflare.com/client/v4/zones/<zone_id>/dns_records/<dns_record_id> \
  --header 'Content-Type: application/json' \
  --header 'X-Auth-Email: <email_address>' \
  --header 'X-Auth-Key: <api_key>' \
  --data '{
  "content": "'$ip'",
  "name": "www.bytefreaks.net",
  "proxied": true,
  "type": "A",
  "comment": "'"$comment"'",
  "tags": [],
  "ttl": 3600
}'

Replace <zone_id>, <dns_record_id>, <email_address>, and <api_key> with your actual values. You should also update the "name" field to match the name of the DNS record you want to update.

This script is used to update a DNS record using the Cloudflare API. It retrieves the current public IP address of the device running the script and then updates the specified DNS record on Cloudflare with the new IP address.

Here is a breakdown of each command in the script:

  • ip=curl https://bytefreaks.net/what-is-my-ip | grep ‘<h1 style=”text-align: center;”‘ | cut -d ‘>’ -f 2 | cut -d ‘<‘ -f 1“: This command uses the curl command to retrieve the public IP address of the device running the script from the website https://bytefreaks.net/what-is-my-ip. The output of this command is then piped through grep to find the line that contains the IP address. The cut command is then used to extract the IP address from the line.
  • ip=echo $ip | cut -d, -f1“: This command removes any commas from the IP address, which may be present if the IP address is in a format that includes additional information.
  • comment=date +%Y-%m-%d\ %H:%M“: This command generates a comment for the DNS record update. The comment includes the current date and time in the format YYYY-MM-DD HH:MM.
  • curl --request PUT \: This command sends an HTTP PUT request to update the specified DNS record.
  • --url https://api.cloudflare.com/client/v4/zones/<zone_id>/dns_records/<dns_record_id> \: This specifies the URL for the Cloudflare API endpoint for updating a DNS record. The <zone_id> and <dns_record_id> placeholders should be replaced with the actual zone ID and DNS record ID, respectively.
  • --header 'Content-Type: application/json' \: This specifies that the content type of the request is JSON.
  • --header 'X-Auth-Email: <email_address>' \: This specifies the Cloudflare account email address associated with the API key. The <email_address> placeholder should be replaced with the actual email address.
  • --header 'X-Auth-Key: <api_key>' \: This specifies the Cloudflare API key for the account. The <api_key> placeholder should be replaced with the actual API key.
  • --data '{ ... }': This specifies the JSON data to be sent in the request body. This includes the new IP address in the content field, the domain name in the name field, the record type in the type field, the comment in the comment field, and other optional parameters like the ttl. Note that the domain name at.put.cy is hardcoded in the script, and should be replaced with the actual domain name to be updated.

The Fugle Company – The optimal solution

 in HowTos  tagged fugle / game / targeted attack / The fugle Company / Trend Micro by

Below you will find our take on the targeted attack game that was developed by Trend Micro.
With some luck and some good decisions, it seems that we got an optimal solution for this game that balances available resources while minimizing exposure risk. We will try and explain a bit our choices which happened to be the correct ones in this very interesting scenario.

  • After being informed by our security manager that he is not sure if the product is ready when it comes to security, we chose the option “Outsource to a third party to help us identify any security issues (the ones related to the app).”. This way, we gave our security manager the chance to investigate further if there is a need to worry.
  • When prompted with the three options for choosing the team to audit our system, we decided to pick “ITFr33X, recommended by one of the IT team members – a group of talented freelancers, who will do it fast and for a reasonable price.”.
    We avoided using the clearly inexperienced team as their feedback might not be helpful in the end.
    We also skipped the very experience team that was very expensive as we would spend 3 out of 6 tokens that are available to us on the initial investigation step. This way, we could starve the company of funds for development and improvement.
  • While trying to preserve some funds for new developments, we decided to use to the full extend our resources and picked the option “Use internal active directory to enforce strict access policies.”. It was clear that there was still a lot of space for improvement for free, so we thought it would be better to avoid making security changes while our base was not secured to its best settings.
  • Assuming that no security infrastructure is perfect and that it is a matter of time before any product is hacked, we decided to take the option to “Encrypt all the Intellectual Property.” even though it had the cost of two tokens. This way, when our system might get compromised, we would at least protect all critical and sensitive data by rendering them useless to the attackers.
  • We decided to improve our organization’s ability to detect and mitigate threats by selecting the option “Invest in Breach Detection technology.”. Again, we worked with the assumption that no security system is perfect, and it would be best to get our security systems up to date and improve our ability to detect, record, and prevent attacks and irregular behaviors. This option is a practical solution, and it provides immediate results to the system.
  • We took the only option that seemed to make sense to us, which was “Invite them to the test the app in a controlled environment.”. Delaying the demo would give any journalist who wants to write a bad review for our company the stepping stone to do so. The option to provide access to the app with limited functionality had a lot of risks. It would allow an experienced user to mess with it and find problems exposing our company with severe consequences.
  • Being straight with our responses regarding our intentions is a better option, in our opinion, than sugar-coating our answer while trying to trick the journalists. Since we were talking with an experienced journalist, the option “We are very sorry, but a high-security project, can not go outside the company.” would make sense to them, and we expected them to respect it.
  • Since we were pretty confident with our systems, we believed that our team’s fast and thorough check was the best option. For this reason, we chose the option “Have the Security team check the Breach Detection System logs.”.
  • SUCCESS!!

Below is a video demonstrating the gameplay we describe above.

Reset a WatchGuard Firebox M200 1

 in HowTos  tagged admin / default password / factory reset / Firebox / M200 / WatchGuard by
  1. Power on the WatchGuard Firebox M200.
  2. Wait until the Arm indicator ( Shield symbol ) turns solid green.
    The indicator is found on the front part of the device (it is the second light on the column with the three lights).
  3. Press and hold the Reset button on the front of the device.
    The reset button is right next to the three lights.
    Do not release the button until step 8.
  4. After five seconds, the Arm indicator ( Shield symbol ) will turn red.
  5. Continue to hold the Reset button even if the Arm indicator ( Shield symbol ) is not lit.
  6. After approximately 40 seconds, the Arm indicator ( Shield symbol ) should start to flash green.
  7. Continue to hold the Reset button while the Arm indicator ( Shield symbol ) flashes green once per second.
  8. Once the Arm indicator ( Shield symbol ) starts to flash green twice per second, release the Reset button.
  9. Wait until the Arm indicator ( Shield symbol ) starts to flash red again.
  10. Press and hold the Reset button for five seconds to reboot the device.
  11. The Firebox will restart with factory-default settings.

After you perform the reset procedure, the Firebox will be reset to factory-default settings.
Any saved backup images will be deleted from the Firebox.
Interface 0 will be enabled as an external interface, as a DHCP client.
Interface 1 will be enabled as a trusted interface with the IP address 10.0.1.1, and a DHCP server will be enabled.
The default admin and status management user accounts will be available, with the default passphrases (default password) which will be the word readwrite.
The Web Setup Wizard will start automatically when you log in to Fireware Web UI.
The device will be discoverable by the WSM Quick Setup Wizard.
The device will be discoverable as a new FireCluster member (if the device supports FireCluster).

MTN Cyprus – Get SIM Card IMSI and MSISDN using USSD codes

 in HowTos  tagged cyprus / imsi / MSISDN / MTN / ussd by

Because of reasons we wanted to find the IMSI of a SIM card and the MSISDN of its connection on a phone we had in our hands.
We did not wish to install additional applications on that phone to get this information so we had to find an alternative method in getting the IMSI and the MSISDN.
Luckily for us there was a way using the USSD codes that were provided by MTN Cyprus.

Using the dialer (phone application) of our phone we typed the following two commands (one at a time) and then pressed the call (green) button.

To get the MSISDN we called:

*1#

To get the IMSI we called:

*888#

After each call a popup message would appear from the provider (MTN) showing us the information asked.

References

Unstructured Supplementary Service Data (USSD), sometimes referred to as “Quick Codes” or “Feature codes”, is a communications protocol used by GSM cellular telephones to communicate with the mobile network operator’s computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network.

From: https://en.wikipedia.org/wiki/Unstructured_Supplementary_Service_Data

 

MSISDN is a number uniquely identifying a subscription in a GSM or a UMTS mobile network. Simply put, it is the mapping of the telephone number to the SIM card in a mobile/cellular phone. This abbreviation has a several interpretations, the most common one being “Mobile Station International Subscriber Directory Number”.

From: https://en.wikipedia.org/wiki/MSISDN

 

The International Mobile Subscriber Identity or IMSI is used to identify the user of a cellular network and is a unique identification associated with all cellular networks. It is stored as a 64 bit field and is sent by the phone to the network. It is also used for acquiring other details of the mobile in the home location register (HLR) or as locally copied in the visitor location register. To prevent eavesdroppers identifying and tracking the subscriber on the radio interface, the IMSI is sent as rarely as possible and a randomly generated TMSI is sent instead.

From: https://en.wikipedia.org/wiki/International_mobile_subscriber_identity