Update Mutillidea to version 2.6.40 on Metasploitable 2

Update -> I just found out that if you’re going to update multillidae on metasploit 2 it will render some of the exploitable features of metasploitable 2 invalid. The new version of multilidea needs a newer version of PHP since an existing bug in PHP 5.2. With the combination of old PHP & new multillidae, you’re able to create an account on the multillidae site but you cannot login. Jeremy Duin marked this bug as “won’t fix”.

What is Mutillidea?

And then something completely different. In having some more spare time I picked up the interest in capture the flag like online “hacking”games. See root-me.org or ctf365.com for examples. These sites host several challenges, either stand alone challenges (forensics, realist challenges, cracking, cryptography, webapp vulnerability), or capture the flag challenges. With capture the flag challenges you’re in a room with an x number of people with a virtual machine running in that environment. The virtual machine runs service and web applications which are intentionally made vulnerable to several exploits, the person who captures the flag first (first hack) wins the challenge. Subsequently the virtual machine is shutdown and a new round starts. Root-me.org has about 20-25 virtual machines from which you can chose. Most of them are also downloadable as a virtual machine to be spinned up in your own testing environment.

As said the vulnerabilities are present in either services (mysql, iis, dns) or web applications. Mutillidae is more like a platform running on Metasploitable 2 which gives you and almost endless possibilities to learn about application penetration testing. (XSS, SQL injection, HTML Injection, Session hijacking, the whole OWASP top 10 and many more.

Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. It is already installed on Samurai WTF. Simply replace existing version with latest on Samurai. Mutillidae contains dozens of vulnerabilities and hints to help the user exploit them; providing an easy-to-use web hacking environment deliberately designed to be used as a hack-lab for security enthusiast, classroom labs, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability software.

mutillidae hack

There are a lot of tutorials on how to install Metasploitable 2 in your own lab.

Updating Mutillidea on Metasploitable 2

The version that comes with Metasploitable 2 is not the latest one. So if you need to update mutillidae on your Metasploitable 2 machine, then follow the steps below ->

  1. Check out latest version at the sourceforge page
  2. Login to your metasploitable machine as msfadmin
  3. go to your /var/www directory
  4. rename the mutillidae directory into mutillidea.bak (use sudo, else access denied)
  5. download latest version of mutillidae with wget (replace x.x.x. with latest version found in step 1 -> wget http://sourceforge.net/projects/mutillidae/files/mutillidae-project/LATEST-x.x.xx.zip/download –no-check-certificate
  6. unzip the downloaded file (unzip LATEST……, use sudo)
  7. Test the site, you need to refresh the database to make it work
  8. The following warning will appear which is easy to fix, just install php5-curl.Warning: Detected PHP Curl is not installed on the server. This may cause issues detecting or downloading remote files. The server operating system seems to be Linux. You may be able to install with sudo apt-get install php5-curl
  9. The apt-get for php5-curl will throw a 404 error. Please follow the small tutorial made to change the repository location for Ubuntu.

Continue reading

Containers for the Virtualization Admin (webinar)

Thursday, June 16
10:00 PST | 13:00 EST

As the use of containers becomes more popular for the enterprise, what does it mean for VMs?

In this webinar Mike Coleman, Technical Marketing Engineer and Chris Hines, Product Marketing Manager at Docker, will discuss the difference between containers and virtual machines, and explain how the two can coexist. Get your questions answered during the Q&A.

Speakers:

Mike Coleman, Sr. Technical Marketing Engineer at Docker. Mike creates and delivers technical content to Docker’s customers and community.

Chris Hines, Product Marketing Manager at Docker. Chris helps to develop and share the Docker story with the world. He works closely with Docker customers to understand how Docker is enabling enterprises to build, ship and run their applications, anywhere.

Azure VPN Gateway (Resource Manager) problem

Azure VPN GatewaySince my previous post about setting up pfsense/vpn for use with Azure, I have rebooted my system several time. Usually I only power on my testlab when working on it.

After every reboot, at least when trying with short intervals, I was unable to get the VPN up and running again. I had the same problem yesterday, but not seeing the pattern of the reboot, I just recreated the site to site VPN @ azure side. After recreation connection, initiated from the pfsense box, was able to connect again.

So today same problem. I found an article explaining how to reset an Azure VPN Gateway using powershell. However, the article describes how to reset a Azure VPN Gateway which was created in the classic model, so not the resource manager model.

I cannot find how to reset an Azure VPN Gateway, resource manager model, using powershell so I figured changing something to the VPN Gateway @ azure side of things would maybe reset or refresh the config. And indeed this works. (????) No 100% proof since I can’t be bothered too much. Already too much time spent on getting the comtrend 3223u modem in bridge mode.

Please leave a message if you know a way on how to reset Azure VPN Gateway, resource model, with powershell….

 

Setting up site-to-site VPN to Azure with Pfsense

Hybrid CloudSo this is finally the first part of creating a hybrid cloud using Pfsense to hook up the on premise resources to the cloud (azure). The best way to go is off course to implement azure stack locally to go full hybrid using the same technology stack on premise as used in Azure itself. Going hybrid without Azure Stack using a VPN tunnel or, for larger customers Expressroute  is a good intermediate step to prepare for the future full hybrid and multi cloud scenario’s. It creates the possibility to have some of your workloads in the cloud (dev & test environments) while keeping your old monitoring tools, or mix both old and new (for example SCOM & OMS).

I struggled a bit with my Comtrend 3223U router from Tele2. There is not much documentation available on how to put this ADSL modem in bridge mode. After “hacking” the modem (see previous post) I got admin access to the modem. But even then it’s hard to figure out how to put this modem in bridge mode in a way it still works with my ISP.

I ultimately decided to just route the traffic behind pfsense through the ADSL modem instead of using pfsense as the “modem”. If I want I can use the DMZ Host option of my ADSL modem to make sure all packets from internet end up @ the pfsense virtual machine.

Quick Pfsense howto ->

1. Download the pfsense iso @ Pfsense.org
2. Unpack the file and create a 512MB, Generation 1 VM and use the downloaded and unpacked iso as an image for the VM.
3. Add two virtual switches. One Private virtual switch and an External virtual Switch. Add two network adapters and hook one up to the private virtual switch and the other one to the external virtual switch.

4. Boot from the downloaded Pfsense image and configure both the WAN and the LAN interface.

  • In bridge mode you can set the WAN interface to DHCP. It will receive an IP from your ISP.
  • I used a static IP address which is in the same subnet as the ISP Modem for the WAN interface
  • I used a static Ip address which is in my local lan subnet for the LAN interface.
  • I have added an upstream gateway on the WAN interface to point to the IP of the ISP Modem

5. Once done you can access the Pfsense WebGui to adjust or check your pfsense config and to configure IPSEC to connect to Azure. Accessing the Pfsense web GUI is done by typing the LAN interface IP in your web browser.

Pfsense Azure

 

6. In the Pfsense GUI go to VPN -> Ipsec.

7. Click on add P1, you will see the screen below

Azure PFsense

  • The only things you need to fill out here are 1. Remote Gateway IP 2. pre-shared key. Leave the browser open, we will come back to this in just a second.

Configure Azure site to site VPN using an ARM template.

  1. You can use the below code and deploy the template using powershell or visual studio. Or you can just hit the button below to get redirected to the Azure Portal ->

Azure Deploy

{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "vpnType": {
            "type": "string",
            "metadata": {
                "description": "Route based or policy based"
            },
            "defaultValue": "RouteBased",
            "allowedValues": [
                "RouteBased",
                "PolicyBased"
            ]
        },
        "localGatewayName": {
            "type": "string",
            "defaultValue": "onpremVPNGateway01",
            "metadata": {
                "description": "Aribtary name for gateway resource representing "
            }
        },
        "localGatewayIpAddress": {
            "type": "string",
            "defaultValue": "X.X.X.X",
            "metadata": {
                "description": "Public IP of your local GW"
            }
        },
        "localAddressPrefix": {
            "type": "string",
            "defaultValue": "192.168.0.0/16",
            "metadata": {
                "description": "CIDR block representing the address space of the OnPremise VPN network's Subnet"
            }
        },
        "virtualNetworkName": {
            "type": "string",
            "defaultValue": "Vnet01",
            "metadata": {
                "description": "Arbitrary name for the Azure Virtual Network"
            }
        },
        "azureVNetAddressPrefix": {
            "type": "string",
            "defaultValue": "10.10.0.0/16",
            "metadata": {
                "description": "CIDR block representing the address space of the Azure VNet"
            }
        },
        "subnetName": {
            "type": "string",
            "defaultValue": "Subnet01",
            "metadata": {
                "description": "Aribtrary name for the Azure Subnet"
            }
        },
        "subnetPrefix": {
            "type": "string",
            "defaultValue": "10.10.2.0/24",
            "metadata": {
                "description": "CIDR block for VM subnet, subset of azureVNetAddressPrefix address space"
            }
        },
        "gatewaySubnetPrefix": {
            "type": "string",
            "defaultValue": "10.10.1.0/29",
            "metadata": {
                "description": "CIDR block for gateway subnet, subset of azureVNetAddressPrefix address space"
            }
        },
        "gatewayPublicIPName": {
            "type": "string",
            "defaultValue": "VPNGatewayIP",
            "metadata": {
                "description": "Aribtary name for public IP resource used for the new azure gateway"
            }
        },
        "gatewayName": {
            "type": "string",
            "defaultValue": "VPNGateway01",
            "metadata": {
                "description": "Arbitrary name for the new gateway"
            }
        },
        "connectionName": {
            "type": "string",
            "defaultValue": "Site-To-Site",
            "metadata": {
                "description": "Arbitrary name for the new connection between Azure VNet and other network"
            }
        },
        "sharedKey": {
            "type": "securestring",
            "metadata": {
                "description": "Shared key (PSK) for IPSec tunnel"
            }
        }
    },
    "variables": {
        "Location": "[resourceGroup().location]",
        "vnetID": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]",
        "gatewaySubnetRef": "[concat(variables('vnetID'),'/subnets/','GatewaySubnet')]",
        "subnetRef": "[concat(variables('vnetID'),'/subnets/',parameters('subnetName'))]",
        "api-version": "2015-06-15"
    },
    "resources": [
        {
            "apiVersion": "[variables('api-version')]",
            "type": "Microsoft.Network/localNetworkGateways",
            "name": "[parameters('localGatewayName')]",
            "location": "[variables('location')]",
            "properties": {
                "localNetworkAddressSpace": {
                    "addressPrefixes": [
                        "[parameters('localAddressPrefix')]"
                    ]
                },
                "gatewayIpAddress": "[parameters('localGatewayIpAddress')]"
            }
        },
        {
            "apiVersion": "[variables('api-version')]",
            "name": "[parameters('connectionName')]",
            "type": "Microsoft.Network/connections",
            "location": "[variables('location')]",
            "dependsOn": [
                "[concat('Microsoft.Network/virtualNetworkGateways/', parameters('gatewayName'))]",
                "[concat('Microsoft.Network/localNetworkGateways/', parameters('localGatewayName'))]"
            ],
            "properties": {
                "virtualNetworkGateway1": {
                    "id": "[resourceId('Microsoft.Network/virtualNetworkGateways', parameters('gatewayName'))]"
                },
                "localNetworkGateway2": {
                    "id": "[resourceId('Microsoft.Network/localNetworkGateways', parameters('localGatewayName'))]"
                },
                "connectionType": "IPsec",
                "routingWeight": 10,
                "sharedKey": "[parameters('sharedKey')]"
            }
        },
        {
            "apiVersion": "[variables('api-version')]",
            "type": "Microsoft.Network/virtualNetworks",
            "name": "[parameters('virtualNetworkName')]",
            "location": "[variables('location')]",
            "properties": {
                "addressSpace": {
                    "addressPrefixes": [
                        "[parameters('azureVNetAddressPrefix')]"
                    ]
                },
                "subnets": [
                    {
                        "name": "[parameters('subnetName')]",
                        "properties": {
                            "addressPrefix": "[parameters('subnetPrefix')]"
                        }
                    },
                    {
                        "name": "GatewaySubnet",
                        "properties": {
                            "addressPrefix": "[parameters('gatewaySubnetPrefix')]"
                        }
                    }
                ]
            }
        },
        {
            "apiVersion": "[variables('api-version')]",
            "type": "Microsoft.Network/publicIPAddresses",
            "name": "[parameters('gatewayPublicIPName')]",
            "location": "[variables('location')]",
            "properties": {
                "publicIPAllocationMethod": "Dynamic"
            }
        },
        {
            "apiVersion": "[variables('api-version')]",
            "type": "Microsoft.Network/virtualNetworkGateways",
            "name": "[parameters('gatewayName')]",
            "location": "[variables('location')]",
            "dependsOn": [
                "[concat('Microsoft.Network/publicIPAddresses/', parameters('gatewayPublicIPName'))]",
                "[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
            ],
            "properties": {
                "ipConfigurations": [
                    {
                        "properties": {
                            "privateIPAllocationMethod": "Dynamic",
                            "subnet": {
                                "id": "[variables('gatewaySubnetRef')]"
                            },
                            "publicIPAddress": {
                                "id": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('gatewayPublicIPName'))]"
                            }
                        },
                        "name": "vnetGatewayConfig"
                    }
                ],
                "gatewayType": "Vpn",
                "vpnType": "[parameters('vpnType')]",
                "enableBgp": "false"
            }
        }
    ]
}

2. The ARM template will create the following:

a. Vnet01, which will be the Azure local network

b. VPNGateway, which holds the config of the VPN @ Azure aside of things

c. VPNGatewayIP -> The external IP from Azure. This is the Remote Gateway IP you need to fill out @ Pfsense

d. OnPremVPNGateway01 -> This defines the local, on premise network. This resource holds the local, on premise network ranges. All ranges defined here will be routed using the created VPN. The IP Address belonging to the OnPremVPNGateway01 itself is off course your own public IP address.

e. Site-to-Site -> This holds the pre-shared key which you need for PFsense config.

3. You can accept all the defaults here. Only changes needed here are to fill out your local VPN gateway’s IP address and the localadressprefix (which is the local IP range).

You also have the option between the following two VPN types ->

  • Policy-based VPN type: Policy-based VPNs were previously called static routing gateways in the classic deployment model. Policy-based VPNs encrypt and direct packets through IPsec tunnels based on the IPsec policies configured with the combinations of address prefixes between your on premises network and the Azure VNet. The policy (or traffic selector) is usually defined as an access list in the VPN device configuration. The value for a policy-based VPN type is PolicyBased.
  • Route-based VPN type: Route-based VPNs were previously called dynamic routing gateways in the classic deployment model. Route-based VPNs use “routes” in the IP forwarding or routing table to direct packets into their corresponding tunnel interfaces. The tunnel interfaces then encrypt or decrypt the packets in and out of the tunnels. The policy (or traffic selector) for route-based VPNs are configured as any-to-any (or wild cards). The value for a route-based VPN type is RouteBased.

Ok, the Azure site to site VPN deployment will run for a while. I don’t know if the speed depends upon the subscription, I have a free visual studio developer subscription, but it takes quite long.

3. Once completed gather the external IP given by Azure (VPNGatewayIP) and the pre-shared key. (Site-to-Site resource -> shared key)

4. Go back to your browser and complete the phase 1 IPSEC config with both Azure Gateway IP & Shared Key. Click on Save.

5. Now add phase 2 (Add p2) to the phase 1 ipsec config. Here you have to define the remote network. Leave all defaults except fill out the remote network. (This is the range that belongs to Azure vnet01 with the accompanied subnet) Hit save

6. The end result should be like this ->

Ipsec Azure7. In the Status -> Gateway you can hit connect to test the connection

Pfsense Azure

In Part II we’re going to deploy some servers to the cloud and on Premise and link them to each other (SCOM,OMS)

Please feel free to ask any question regarding Azure, Pfsense, Hybrid Cloud scenario’s.

Get admin acces to your Tele2 3223u ADSL Modem

Just a quick post about getting access to your Comtrend Tele2 3223u ADSL Modem. There are several post on the internet about getting admin access. The best post is probably the one found here. However this did not work form me.

Follow the guide on the link above but use ->

<AdminPassword notification=”2″>BASE64encodedpwd=</AdminPassword>

instead of the adminpassword line showed in the guide. I constantly get an illegal image error when following that post. The above will give you admin access to your Comtrend Tele2 3223u ADSL Modem

Setting up Azure Hybrid Cloud with Pfsense

Hybrid CloudSetting up Azure Hybrid Cloud with Pfsense

Coming in the next few days is a manual how to setup your own Hybrid Cloud using Pfsense and Azure. I must say it’s not a full hybrid cloud because I’m not able to run Azure Stack on premise. Some parts will not be part of the manual because I really want to focus on the Azure Resource Manager Templates for configuring the VPN connection (Azure Side) and the Configuration and Setup of Pfsense. Also another overview of the domain join using Azure Resource Manager Templates will be shown.

The hybrid cloud will consist of:

  • One On Premise Domain Controller (not part of the manual, assuming everybody can setup a domain controller without help)
  • On On Premise DNS Server (not part of the manual, assuming everybody can setup a DNS Server without help)
  • A On Premise VMM Server (not part of the manual, assuming everybody can setup a VMM Server without help)
  • An on premise SCOM Server (not part of the manual, assuming everybody can setup a SCOM Server without help, part of the manual will be the SCOM agent rollout using Azure Resource Manager Templates and the linking between SCOM and OMS)
  • An OMS workspace (to be linked with SCOM)
  • Azure Resource Manager Templates that deploys a Azure Virtual Machine which is added to the domain and has a SCOM agent installed.

The above environment will be my new lab / learning environment. Any other “requests for investigations” are welcome. Just leave a comment and I will see if I find some time to add this to the list.

First I need to see if my Azure Powershell version problem is gone. Had some troubles deploying Azure Resource Manager templates with the march version of Azure Powershell (The “The remote server returned an error (403) Forbidden” which I blogged about earlier)

The remote server returned an error (403) Forbidden

It seems that the new Azure Powershell version (03-03-2016) gives a problem with existing Visual Studio Azure Resource Manager projects that use a SAS token to download a custom script from a storage blob. The generated SAS token seems to be valid because the assembled blob link enables you to download the custom script from the blob. Seems to be a problem in the web request to the server.

“Failed to download all specified files. Exiting. Error Message: The remote server returned an error (403) Forbidden”

Going to test a bit more to get this resolved.

Update: uninstall the Azure Powershell cmdlets which are release on 03-03 (the 1.0.5 azure powershell version) & Install the 1.0.4 Azure Powershell tools which come with the Azure Stack TP1 cmdlets (click to download )

This should solve the “(403) Forbidden” error.

 

Remove all Azure Resources belonging to an Azure Virtual machine

I wrote a basic powershell script (first version, needs to be cleaned and updated) to remove all resource belonging to a selected virtual machine. The selection is done from a simple drop down menu which holds all the VM’s in the selected subscription. I found it very time consuming to click through the portal searching for all individual resources used by an Azure virtual machine. In practice I see some of the resources never get cleaned up. Resulting in resource waste and money loss.

Things I want to add are:

  • Also remove the status file belonging to the Virtual Machine (now only removes the VHD blob) – done
  • Add switches to force the deletion of the resources (instead of confirming at each step)
  • Add flexibility for the containername which holds the VHD blob. (now assumes it’s in storageaccount / vhds
  • Progression bar??
  • Clean screen and gives some colorful feedback to the user.

Any other ideas to extend/adjust/update this script? Other best practices related to powershell? (I’m no PS guru)


# Login and select Azure Subscription. 

Login-AzureRmAccount -TenantId db87e8a4-ab1f-4a72-844d-f9ad89ad4258
Select-AzureRmSubscription -SubscriptionId  72e4639f-8f07-45c5-9347-9e3dd84691db

# Get all Azure VM's in subscription so they can be added to drop down list. 

$listvms = Get-AzureRmVM
$extractvmname = $listvms.Name

# Add All VM's in Subscription to drop down list. 

[array]$DropDownArray = $extractvmname

# This Function Returns the Selected Value and Closes the Form

function Return-DropDown {
 $script:Choice = $DropDown.SelectedItem.ToString()
 $Form.Close()
}

function selectShare{
    [void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
    [void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")


    $Form = New-Object System.Windows.Forms.Form

    $Form.width = 300
    $Form.height = 150
    $Form.Text = ”DropDown”

    $DropDown = new-object System.Windows.Forms.ComboBox
    $DropDown.Location = new-object System.Drawing.Size(100,10)
    $DropDown.Size = new-object System.Drawing.Size(130,30)

    ForEach ($Item in $DropDownArray) {
     [void] $DropDown.Items.Add($Item)
    }

    $Form.Controls.Add($DropDown)

    $DropDownLabel = new-object System.Windows.Forms.Label
    $DropDownLabel.Location = new-object System.Drawing.Size(10,10) 
    $DropDownLabel.size = new-object System.Drawing.Size(100,40) 
    $DropDownLabel.Text = "Select Azure VM to Remove"
    $Form.Controls.Add($DropDownLabel)

    $Button = new-object System.Windows.Forms.Button
    $Button.Location = new-object System.Drawing.Size(100,50)
    $Button.Size = new-object System.Drawing.Size(100,20)
    $Button.Text = "Select an Item"
    $Button.Add_Click({Return-DropDown})
    $form.Controls.Add($Button)

    $Form.Add_Shown({$Form.Activate()})
    [void] $Form.ShowDialog()


    return $script:choice
}

$vmname = selectShare

# Extract Resourcegroupname, full nic path and full path to VHD from selected VM
#
# VHD storage path/url will look like:  https://storageaccountname.blob.core.windows.net/vhds/xxxxxx.vhd 
# NIC name will look like: "/subscriptions/subscriptionidxxxx/resourceGroups/resourcegroupname/providers/Microsoft.Network/networkInterfaces/nicname
#
#


$listvmsforrg = Get-AzureRmVM
$vmtoextractrg = $listvmsforrg | Where-Object { $_.Name -eq $vmname } 
$resourcegroup = $vmtoextractrg.ResourceGroupName


$setnictoremove = $vmtoextractrg.NetworkInterfaceIDs
$setdisktoremove = $vmtoextractrg.StorageProfile.OsDisk.Vhd.Uri

# Extract nicname, storage account and vhdname from returned strings. 
# Assuming Azure VM VHD is in VHDS contrainer within extracted storage account.




$S1 = $setnictoremove
$S2 = $setdisktoremove

$nicname = Split-Path $setnictoremove -Leaf
$vhdname = Split-Path $setdisktoremove -Leaf
$storageaccountname = $setdisktoremove.Substring($S2.Indexof("://")+3,($S2.Indexof(".")-$S2.Indexof("://")-3))

Remove-AzureRmVM -ResourceGroupName $resourcegroup -Name $vmname
$fullkeys = Get-AzureRmStorageAccountKey -StorageAccountName $StorageAccountName -ResourceGroupName $resourcegroup
$key = $fullkeys[0].key1
$context = New-AzureStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $key  
Remove-AzureStorageBlob -Container vhds -Blob $vhdname -Context $context
Remove-AzureRmNetworkInterface -ResourceGroupName $resourcegroup -name $nicname
$statusfile = Get-AzureStorageBlob -Container "vhds" -Context $context -Verbose  
$statusfile2 = $statusfile | Where-Object { $_.Name.Contains($vmname) } 
Remove-AzureStorageBlob -Container vhds -Blob $statusfile2.Name -Context $context





OMS and SCOM client from ARM Template

For a Proof of Concept I was asked to create an ARM template which would deploy an Azure VM that would be added to both SCOM and OMS. In practice this is probably not recommended or not needed when you connect the on premise SCOM environment to OMS, but it would be a time saver for demo purposes to have just 1 template to be rolled out which would show the system popping up in both OMS and SCOM.

After deploying the ARM template, the system ends up in OMS only. After a second look this is because first the SCOM is installed (not a native VM extension) by using a powershell script. But 3 minutes after that deployment, the OMS VM extension is deployed which removes the SCOM client and installs  a newer agent.