The News

Read some news and pretend that you are working. Bosses love that!

Github RPC failed; curl 56 GnuTLS recv error A TLS fatal alert has been received

posted Feb 24, 2020, 11:57 PM by Leigh Williams

I am running Ubuntu 18.04 in HyperV and couldn't push to Github. Pull was fine.

Go here to get the latest Intel WiFi driver:

remote error: tls: bad record MAC

posted Feb 24, 2020, 11:14 PM by Leigh Williams

I sometimes get this in docker or a VM. It is related to checksum offloading onto the NIC. Diable checksum offloading:

sudo apt install ethtool
sudo ethtool --offload eth0 rx off tx off

Squid transparent proxy on Mikrotik with single ETH interface

posted Aug 23, 2019, 5:52 AM by Leigh Williams

Always wanted to set up a squid and squidguard transparent proxy on your Mikrotik router, and a raspberry pi? Then look no further!

To get squid up and running on your PI, check out this guy on YouTube (3 parts). He explains it like a beast. Nobody can beat him:

To get a proper squidguard list of IPs and domains, look around the internet. I am not going to share mine as it has too many false positives.

Now for the other half:

Mikrotik Rules:
/ip firewall mangle chain=prerouting action=mark-routing new-routing-mark=to_proxy passthrough=yes protocol=tcp src-address=YOUR_IP_HERE dst-port=80
--Replace YOUR_IP_HERE with an actual IP or subnet
--Add port 443, 8080, etc

--Now lets route this marked packet to our raspberry pi running Squid:
/ip route add disabled=no distance=1 dst-address= gateway=YOUR_SQUID_IP routing-mark=to_proxy scope=30 target-scope=10
--Replace YOUR_SQUID_IP with your squid server's actual IP address

Linux Rules (on your IP):
On your raspberry pi that is running squid, add this IP tables rule:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to YOUR_IP:YOUR_PORT
--Replace YOUR_IP and YOUR_PORT with the raspberry pi's IP and the port your squid is running on (should be 3128)

Now on the device with YOUR_IP_HERE, open a website (if you specified port 80, open a non-SSL page). 
But oh no! You're getting a 400 bad request! WHAT EVER SHOULD I DO NOW??!! Easy! Make sure in your squid.conf file you have this:
http_port 3128 transparent

Without the word "transparent" squid will throw away the domain portion and just work on everything after the domain and that's why it freaks out.

Prevent devices from bypassing pihole (mikrotik)

posted Jul 20, 2019, 2:07 AM by Leigh Williams

Thanks to this guy for this awesome post:

Basically, you need to do this:
  • Change to your pi hole IP
  • Change to your subnet

#Make sure all DNS goes to pihole IP address
chain=dstnat action=dst-nat to-addresses= protocol=udp src-address=! dst-address=! dst-port=53
chain=dstnat action=dst-nat to-addresses= protocol=tcp src-address=! dst-address=! dst-port=53

#Hairpin NAT
#Masquerade router IP 
#These not really needed. I kept mine so its one IP (router IP) source
chain=srcnat action=masquerade protocol=udp src-address= dst-address= dst-port=53 
chain=srcnat action=masquerade protocol=tcp src-address= dst-port=53
chain=srcnat action=masquerade protocol=udp src-address= dst-address= dst-port=53 
chain=srcnat action=masquerade protocol=tcp src-address= dst-port=53

Kali on Hyper V

posted Jun 10, 2019, 8:52 AM by Leigh Williams

I recently had to get Kali up and running on Hyper V. Here are some tips and tricks:

After installation, use these sources (they might change after some time so always check the Kali website for the latest):
nano /etc/apt/sources.list (and add the below)
deb kali-rolling main non-free contrib
deb-src kali-rolling main non-free contrib

Install XRDP if you want a proper shared clipboard, fullscreen, etc the easy way
Apt-get install xrdp
update-rc.d xrdp enable
service xrdp start

Add sudo users if you want 
sudo useradd -m XXX
sudo passwd XXX
sudo usermod -a -G sudo XXX
chsh -s /bin/bash XXX

In Hyper V, create a new External switch. This might mess up your host's network speed. Run the below command in an elevated powershell prompt:
Set-VMNetworkAdapter –ManagementOS -Name <VirtualNetworkAdapterName> -VmqWeight 0

Correct Kali repos and VirtualBox bidirectional clipboard

posted Apr 25, 2019, 9:42 PM by Leigh Williams

nano /etc/apt/sources.list
deb kali-rolling main contrib non-free
# For source package access, uncomment the following line
deb-src kali-rolling main contrib non-free

Then do:
sudo apt-get update && sudo apt-get upgrade -y
sudo apt-get install -y virtualbox-guest-x11

Then do:
Original post:
In virtualbox make sure your clipboard is set up bidirectional. Reboot everything. Reboot the world to be safe.

Add this to bashrc:
In your bashrc file (~/.bashrc) add this:
# Enable VirtualBox Clipboard 
VBoxClient --clipboard

Restart clipboard when it gets wonky
If the clpboard stops working, do this:
ps -ef | grep VBoxClient | grep clip kill -9 [the PIDs] VBoxClient --clipboard

So what should you do?

posted Dec 14, 2018, 12:31 PM by Leigh Williams   [ updated Dec 14, 2018, 12:46 PM ]

1.) If you're technical, plug in a bootable flash drive with a clean Linux install that you have stashed away in your "just in case I need this" drawer (Linux because its quick and easy) and change that password, ASAP. Why a clean bootable USB? Because you don't know where they got your password from. Is it a keylogger, spyware, trojan, other site that got hacked, did you perhaps reuse that password, etc. You can't take risks. If you're not technical, use a device with anitivirus, run a scan, and make sure its clean (yes, your AV might be compromised, yes you might have a rootkit, but this might be your best option).

Go to to change your password.

2.) Do you have any accounts, apps, etc linked to that Gmail account? Do you have any devices that are "trusted" that the hacker might have gotten remote access to? Go to and review any trusted applications and devices, and revoke access. where needed. Best is, revoke all access because its probably from like 5 years ago in any case. 

Also, review the currently signed in devices and revoke access if those devices are unfamiliar.

3.) Do you use that Gmail password anywhere else? If you do, shame on you; you should never ever reuse a password.

4.) Any banking or investment accounts with no 2FA or variations of your Google password? Change them and enable 2FA. If they dont offer 2FA, shame on them.

5.) Go to all your social media accounts (twitter, facebook, linkedin, instagram, etc), paypal, eBay, Azure, etc, and enable 2FA. They all support 2FA. And change your password on all these sites (yes, it is tedious, but it must be done). Why should you change passwords here? Well, you dont know what else the bad guys managed to get access to. Also, you might have forgotten to enable 2FA on some of these sites, or the option might not have been available when you signed up 10 years ago.

6.) If these sites present you with 2FA over SMS or an Authentication App, don't choose SMS. 2FA over SMS is dead and should be considered insecure. Choose the App option. If they only have the SMS option, well, its better than nothing.

7.) Make sure you have proper password recovery options set up on all these accounts. Why? Well, you just changed 10+ passwords. If you dont use a password manager (like Google Chrome's built-in one or Keeper or Lastpass) you will probably forget those passwords. Dont write them down. For all you know, your cat might be able to read and she's the one doing all this because of world domination and all that.

8.) Be vigilant. Keep an eye on your credit cards, keep an eye on any account alter emails or sudden 2FA SMS or popups.

9.) Go to and check if your email address appeared in any breaches. If it did, follow the steps above for those websites.

10.) Relax. This can be stressful especially this time of year and if you followed these steps you did whatever you could. You did your best. But stay vigilant.

Schedule airodump via Cron to run every X minutes

posted Jan 4, 2018, 11:23 PM by Leigh Williams   [ updated Jan 4, 2018, 11:24 PM ]

service cron status -- check if it is running
ps -ef |grep cron --another way to check if cron is running

You can use the below to generate output files every XX minutes with a list of APs and stations nearby. Airodump will automatically create a new file every time you run it. You can then import these files into a DB to track channels, connected stations, track MAC addresses, etc

crontab -e
Add the below line:
*/2 * * * * /usr/sbin/timout -s 9 -k 5 1m /root/ -- -s 9 is the signal type, -k 5 says after 5 seconds KILL the process if it is still running. You kinda want this so you dont end up with multiple running airodumps. And then 1m is for how long to run the application.

In you must have this line:
/usr/sbin/airodump-ng --write /path/to/where --write-interval XX --output-format csv wlan0mon

Type "whereis timeout" to see where your timeout command is locateda
Type "whereis airodump-ng" to see where your airodump-ng is located

VirtualBox Guest Additions and shared clipboard and Folders for Ubuntu Guest

posted Jul 2, 2017, 1:43 AM by Leigh Williams

1.) Install guest additions from the VBox menu as per normal then run "sudo apt-get install virtualbox-guest-dkms"
2.) sudo usermod -a -G vboxsf YOUR_USER
3.) set up your shared folder 
4.) restart your guest

To install MySQL
sudo apt-get install mysql-server
sudo mysql_secure_installation
sudo apt-get install mysql-client
sudo apt-get install mysql-workbench

Plex not seeing NTFS external hard drive

posted May 7, 2017, 12:49 AM by Leigh Williams

type sudo blkid. You will get output like this:
/dev/sda1: UUID="9081b56d-8715-49f3-a35d-529a39d5780e" TYPE="ext4" PARTUUID="c8168d71-01"
/dev/sda5: UUID="fbd90bd5-6b1a-4088-8569-0afbf0faebab" TYPE="swap" PARTUUID="c8168d71-05"
/dev/sdb1: UUID="79a6887b-0168-464e-9507-84cc1233fcb6" TYPE="ext4" PARTUUID="c3072dd0-01"
/dev/sdc1: UUID="4E65750852A3B04A" TYPE="ntfs" PARTUUID="000dfe15-01"

Way at the end is the NTFS drive. Now create an /etc/fstab entry like this:
UUID=4E65750852A3B04A /media/theexternal ntfs-3g permissions,nofail,auto 0 0
nofail means your pc won't fail to boot if your external drive is not plugged in. 
If your drive wasn't plugged in during boot, and you plug it in later and it doesn't boot, enter the comman "mount -a" to mount all again (mount-a reads fstab and check where the drive is and where to mount it)

1-10 of 75