blindpete.com Just my rambles

One of the best ways to learn is to practice and practice and I do have to say that VMWare has played a very large role in my professional life since it allows me  to test ideas, code, validate and practice against different versions of an OS, different patch levels and even different OS’s with out having to have a very large number of servers and routers to simulate environments. My current lab system is a PC running Windows 7 Enterprise with 8GB of RAM, 2 1TB 7200 SATA HD and a Intel Quad 8300, all of this running VMware Workstation 7. I have a collection of VM’s that I clone as needed, my collection of VM’s for cloning are:

1. (5) Windows 2008 Ent RTM 32bit
2. (1) Windows 2008 Ent Core RTM 32bit
3. (2) Windows Vista RTM 32bit
4. (2) Windows 7 RTM 32bit
5. (1) Windows XP SP2 32bit
6. (1) Windows XP SP3 32Bit
7. (1) Windows 2003 Ent SP2 32bit
8. (1) Windows 2003 Ent SP1 32bit
9. (1) Windows 2003 Ent R2 32bit
10. (1) Windows 2000 Advanced SP3 32bit
11. (1) Windows 2000 Advanced SP4 32bit
12. (1) Pfsense 1.2.3 Appliance
13. (1) BT4
14. (1) Ubuntu 9.10 32bit

For Database testing I have the following VM’s:

1. (1) MS SQL 2005 running on Windows 2003 32bit
2. (1) MS SQL 2008 Running on Windows 2003 Ent 32bit
3. (1) Oracle 9i Running on Windows 2003 Advanced 32bit
4. (1) Oracle 10g Running on Windows 2003 Ent 32bit
5. (1) Oracle 11g Running on Windows 2003 Ent 32bit

As it can be seen since most of my work is done with Meterpreter and post exploitation in Windows Systems the majority of my VM’s are Windows. As you can see I do have a lot of VM’s and to make matters a bit more complex when I’m testing something I use VMware Workstation feature of Teams where I create a complete isolated network of machines, this lets me test the machines behind a virtual firewall to see how well my code will work behind several configurations of firewalls and a very good feature of teams is that I can control the speed of a virtual network so I can test how will my attack or code will behave if the client has a 64kbps connection, a T-1 and many other types of speed, this really helps me tune and see how multithreading and moving large files behave thru this connections.

The team where I clone any of the VM’s you see above looks as follow:

In the configuration shown above I can play with the speed of the LAN1 network so as to simulate different environments, depending of where I want to simulate the attacker I will place the attacker machine in my home network or as a internal attacker I place an attacking  VM inside LAN2.

As it can be seen my setup can become complicated very fast and doing changes to individual machines becomes a tedious job so what better way  handle all of this VM’s that to automate it For this a simple tool that I like that can be used on Linux, OSX and Windows is the vmrun tool that is part of the VMware VIX kit, this kit is part of Fusion Full download and as a separate download for Linux. With this tool you can manage VM’s in:

1. ESX and ESXi (Remotely)
2. VMware Server (Remotely)
3. VMware Player (Remotely)
4. VMware Workstation (Locally)
5. VMware Fusion (Locally)

Some of the stuff you can do with this tool are:

1. Change state of VM’s(Start, Stop, Pause and Reset)
2. Manage Snapshots (Creation, Deletion, Revert to Snapshot)
3. Manage Processes to VM’s(List, Start and Kill)
4. Upload Files to VM’s
5. Run Scripts on VM’s

The list above is only a shot list you can check the vmrun Documentation

One of the things I tend to do is do a snapshot to all running VM’s once I have the environment setup as I want so in case I mess up something I can revert the affected VM, so for this I wrote the following batch script to create a snapshot of all running VM’s

@echo off

setlocal

set Path=C:\Program Files (x86)\VMware\VMware VIX

set snapname=

set /p snapname=Enter the name for the snapshot: 

for /F "skip=1 delims=," %%i in ('vmrun list') do (

echo Creating Snapshot for %%i and naming it %snapname%

vmrun -T ws snapshot "%%i" %snapname%

)

endlocal

set /p any=press any key ....

Here is a sample run of the script

As you can see you get prompted for the name to give to the snapshot, and we are doing a snapshot of only the running VM’s since those are the ones I’m working at the moment, I do not want to snapshot my master templates.

To revert to all running VM’s to a known snapshot the only thing I changed is the command to be revertToSnapshot

@echo off

setlocal

set Path=C:\Program Files (x86)\VMware\VMware VIX

set snapname=

set /p snapname=Enter the name for the snapshot:

for /F "skip=1 delims=," %%i in ('vmrun list') do (

echo Reverting snapshot for %%i

vmrun -T ws revertToSnapshot "%%i" %snapname% msg.autoAnswer = TRUE

vmrun start "%%i"

)

endlocal

set /p any=press any key ....

To delete I just changed the command to deleteSnapshot  as you can see it is very simple to script this tool.

@echo off

setlocal

set Path=C:\Program Files (x86)\VMware\VMware VIX

set snapname=

set /p snapname=Enter the name for the snapshot:

for /F "skip=1 delims=," %%i in ('vmrun list') do (

echo Deleting snapshot for %%i

vmrun -T ws deleteSnapshot "%%i" %snapname% msg.autoAnswer = TRUE

vmrun start "%%i"

)

endlocal

set /p any=press any key ....

In the next example I just made the batch accept a variable of file to upload to all windows running hosts by looking at their names and looking for the string“win” and only to those copy the file, I can either drag and drop the file on top of the script or when I run it and the script asks I can just drag and drop the file to the CMD windows so as to copy the path to the executable, also you will see that I provide the guest username and password so it is a good idea to have the same username and password for you lab VM’s on you machine. All VM actions that interact with the OS of the VM require that VMware Tools are installed and that credentials are given to access the underlying OS.

@echo off

set Path=C:\Program Files (x86)\VMware\VMware VIX

if "%1"=="" (set /p file=Enter path of file to upload: ) else (set file="%1")

set /p target=Enter path and filename on VMs to upload: 

for /F "delims=," %%i in ('vmrun list ^| %windir%\system32\find.exe "win"') do (

echo uploading file %file% to %%i

vmrun -T ws -gu administrator -gp Newsystem01 copyFileFromHostToGuest "%%i" "%file%" "%target%"

)

set /p any=press any key ....

Now you can use this other script to run the executable on all windows hosts, a similar one can be made for Linux if you follow a naming conversion for your VM’s.

@echo off

set /p file=Enter path and filename of program to run: 

set /p options=Enter options for program:  

for /F "skip=1 delims=," %%i in ('vmrun list ^| %windir%\system32\find.exe "win"') do (

echo uploading file %file% to %%i

vmrun -T ws -gu administrator -gp Newsystem01 runProgramInGuest "%%i" "%file%" "%options%" msg.autoAnswer = TRUE

)

set /p any=press any key ....

I just showed some simple examples on automating workstation but this can also be done with VMware Server and ESX/ESXi by just changing the type in the –T flag to server or esx depending the target and giving the address to connect to with –h for the web address and –u for the host user and –p for the host password. The tool simply executes XMLRPC calls thru SSL against the servers. I encourage that you read the rest of the short documentation on vmrun and modify and play with the scripts I here showed as examples, you can transform this same script to batch and use them in OSX or Linux if you like.

Just something I wanted to document for myself as it is info I need on a regular basis and always have trouble finding it or at least finding the correct bits and pieces. I was more or less triggered by this excellent white paper that Herco van Brug wrote. I do want to invite everyone out there to comment. I will roll up every single useful comment into this article to make it a reference point for designing your storage layout based on performance indicators.

The basics are simple, RAID introduces a write penalty. The question of course is how many IOps do you need per volume and how many disks should this volume contain to meet the requirements? First, the disk types and the amount of IOps. Keep in mind I’ve tried to keep values on the safe side:

(I’ve added SSD with 6000 IOps as commented by Chad Sakac)

So how did I come up with these numbers? I bought a bunch of disks, measured the IOps several times, used several brands and calculated the average… well sort of. I looked it up on the internet and took 5 articles and calculated the average and rounded the outcome.

[edit]
Many asked about where these numbers came from. Like I said it’s an average of theoretical numbers. In the comments there’s link to a ZDNet article which I used as one of the sources. ZDNet explains what the maximum amount of IOps theoretically is for a disk. In short; It is based on “average seek time” and the half of the time a single rotation takes. These two values added up result in the time an average IO takes. There are 1000 miliseconds in every second so divide 1000 by this value and you have a theoretical maximum amount of IOps. Keep in mind though that this is based on “random” IO. With sequential IO these numbers will of course be different on a single drive.
[/edit]

So what if I add these disks to a raid group:

For “read” IOps it’s simple, RAID Read IOps = Sum of all Single Disk IOps.

For “write” IOps it is slightly more complicated as there is a penalty introduced:

So how do we factor this penalty in? Well it’s simple for instance for RAID-5 for every single write there are 4 IO’s needed. That’s the penalty which is introduced when selecting a specific RAID type. This also means that although you think you have enough spindles in a single RAID Set you might not due to the introduced penalty and the amount of writes versus reads.

I found a formula and tweaked it a bit so that it fits our needs:

(TOTAL IOps × % READ)+ ((TOTAL IOps × % WRITE) ×RAID Penalty)

So for RAID-5 and for instance a VM which produces 1000 IOps and has 40% reads and 60% writes:

(1000 x 0.4) + ((1000 x 0.6) x 4) = 400 + 2400 = 2800 IO’s

The 1000 IOps this VM produces actually results in 2800 IO’s on the backend of the array, this makes you think doesn’t it?

[edit: Good catch by Jason, I mixed up IO’s with IOps in the equation. 1000 IOps result in 2800 IO’s.)

And it is the most beautiful one we have ever had! Just pick the size you need, apply it to your desktop and enjoy the upcoming holiday season:

1024×768,
1280×800,
1280×960,
1280×1024,
1440×900,
1600×1200,
1920×1200.

Our downloads page also has links to the Christmas/New Year wallpaper we had last year, and for our friends in the Southern Hemisphere there a couple summer options!

Possibly related posts: (automatically generated)

• Summer 2009 Wallpaper
• Summer PowerGUI Wallpaper
• PowerGUI Wallpaper
• Free Download: Christmas and New Year Wallpapers

If you don’t know already PowerCLI now has two modes single and multiple.  It stands for exactly what you think it does.  In single mode when you execute a command PowerCLI runs that command against the server you’re connected too.  Multiple mode allows you to specify multiple vCenter/ESX/vSphere host, and when you execute a command it runs that command against every server you’ve specified! This had to be one painful feature to get right, but the PowerCLI team nailed it.

I’ll admit when I first played with it I thought I wouldn’t never need/use multiple mode.  That is until our vCenter server was inadvertently shutdown instead of rebooted.  Normally this would lead to one of two out comes.
A.) forcefully register vCenter on the first host I hit and power it up.
B.) A twenty minute search for the host that has vCenter.

Well today I didn’t feel like doing either… On a whim I tried this new-fangled multiple connection thing… IT WORKED!

# Set PowerCLI to multiple  Set-PowerCLIConfiguration -DefaultVIServerMode Multiple -Confirm:$false  # Connect to every vSphere host in the cluster that contains vCenter  Connect-VIServer -User root -Password password -Server esx1,esx2,esx3,esx4,esx5,esx6,esx7,esx8  # Start vCenter  Get-VM vCenter01 | Start-VM

I’ve since wrapped all this up in a batch file and added it to our playbook for a lights out recovery of virtual center!

~Glenn

Susan has posted the resuls of the PowerGUI scripting contest we had last month and it was so intense that we ended up with 5 winners instead of 3!

So, without further ado… let me open this envelope… and announce that the winners are…

Most Active Participant ($1000 Amazon certificate) – Adam Murray – IIS7 Powerpack.

Second Most Active Participant ($500 Amazon certificate) – Shannon Ma – NetPoint PowerPack for Windows Management

Best PowerPack ($1000 Amazon certificate) – Alan Renouf – Virtu-Al.Net VMware Virtual Infrastructure / vSphere scripts

Honorable Mention and $250 Amazon certificates:

• Vadims Podans – Enterprise PKI management
• David Moravec – SMS 2003

If you are one of the winners (congratulations!) you will get contacted shortly with details on how you will be able to get the prize.

The competition this year was increadibly intense and all the winning PowerPacks are just great and well worth checking out.

Possibly related posts: (automatically generated)

• New enterprise PKI management console

The style I use has a nice black background...

A while back Thell Fowler (with a little help, and a lot of testing from me) wrote a very good PowerShell Lexer for Notepad++ 5.2 and later… it’s very thorough, has good code-folding, and full support for PowerShell 2.0 syntax highlighting.

I mention this because Notepad++ 5.6 just released yesterday, and it has built-in support for PowerShell syntax courtesy of Scintilla ... but it’s very, very bad. The scintilla PowerShell lexer is probably the most minimal PowerShell lexer I’ve seen (it’s worse than the old “user style” I had created for Notepad++) and has no support for:

• The ` escape character
• Here-strings (which can contain quotes, etc)
• The difference between strings and literal strings and literal here-strings
• The begin/process/end block keywords and Param()
• PowerShell operators (like -is or -gt or -notcontains)
• [System.Namespace.Class]::Method() syntaxes
• Nested $variables inside strings
• Nested $( code blocks ) inside strings (with strings inside those, and …)
• Any of the new PowerShell 2 syntax like:
  • multi-line comments
  • [Parameter()] and [Alias()] and [Validate …. ]

• [CmdletBinding()]

There’s probably more, but I couldn’t be bothered to spend more than a couple of minutes with it. As you can probably guess … all of those features are supported by the external PowerShell Lexer plugin that Thell wrote, so if you’re a PowerShell and Notepad++ user, I apologize for not drawing your attention to our PowerShell Lexer for Notepad++ before .

Incidentally, I stuck a screenshot in this post so you can see how I use it, but there’s one a more complete example of the PowerShell Syntax Highlighting on that lexer download page.

With the recent release of Windows PowerShell v.2 and the immanent publication of our well regarded Windows PowerShell v.2 TFM book by Don Jones and Jeff Hicks, SAPIEN is releasing our Windows PowerShell v.1 TFM eBook as a FREE download to the public. Even though this eBook is for version 1 of PowerShell, the book still contains loads of valuable information about PowerShell’s core workings and cmdlets. Download the eBook today at http://www.primaltools.com/downloads/communitytools/. Just look for the entry entitled “Powershell TFM V1 eBook”.

Technorati Tags: Books, don jones, powershell, SAPIENPress, Windows PowerShell

Tags: Books, don jones, powershell, SAPIENPress, Windows PowerShell

This entry was posted on Tuesday, December 1st, 2009 at 9:25 am and is filed under Books and Training, General, Windows PowerShell, Windows Scripting News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.