Kali VM (NAT) + host = rookie mistake

 

So readers,

In getting back to practicing my l337 skills, I was attempting to invoke remote ftp file transfers via a non-interactive shell.

Basically using the –s ftp command, which runs ftp commands in a script.

A non-interactive shell:

This is basically is a shell on a remote computer (bind or reverse) that gives no feedback, and will not execute commands.

It starts off like an interactive shell where you can execute commands remotely, then you invoke ftp, powershell and it closes the connection.

 

The setup:

Victim machine (my laptop)           

 

Attacker machine (my kali linux vm on the laptop)

Normal interactive shell, you can execute commands like so

Non interactive shell, invoked by the powershell command:

Non interactive shell, invoked by ftp

The victim (my windows laptop), breaks the remote connection, this is what it looks like from the victim machine. This you would not normally see.

Due to the non–interactive shell, you are unable to execute ftp commands sequentially, you may want to GET a file off the host to the victim to do some credential dumping.

ftp –s command

The –s command is explained here: –s

It allows you to run a text file containing FTP commands.

 

So naturally you place ftp commands in a text file and run ftp –s:<file>. In my case ftp- s:ftp2.txt

Like this:

Which is executed from the HOST (my windows laptop), and gets a file from the kali VM (attacker). The script runs fine.

From Kali VM to HOST errors

But using the remote shell and invoking the script it errors as such:

I let it run for a few minutes and it would not process any further. Why you may ask? Well the name of the post must have given it away.

I do not know WHY in the technical sense, but it has to do with running the kali vm in NAT network made, thus sharing the hosts IP address. I am sorry, I cannot be anymore technical than that. But as I explain below how I found about the issue, it must be that the ncat shell is from a different IP than the vm, but if that was the case invoking the –s command from my laptop (windows) should not be able to connect to it.

The work around/ fixxer upper

Set your Virtual Machine to bridged so that it has an IP,  in the same network.

VM settings> select bridged> select replicate physical network connection state> then click configure adapters

My IP address goes from the internal VM IP address:

To one in the same IP subnet as my laptop windows machine

 

AND if we invoke the ftp –s command remotely:

it successfully runs ftp commands from the file as shown and puts procdump.exe onto the victim machine (my windows laptop)

 

note: Do change the IP address in the ftp command to the new IP address for you Kali VM, or like me you will be wondering why it does not work

 

Hopefully this helps some people. As last night it was giving me a run for my money. If anyone cares to read this far, I initially found the issue by remoting from a vm on laptop B to my personal laptop with the remote shell, I then realised the ncat connection from my kali linux was from the laptop B IP address and not the Kali linux VM IP address.

 

Cheers,

Haydn

Some basic thoughts on the Target Data Breach

 

Hi All, I happened to be given a copy of the A “Kill Chain” Analysis of the 2013
Target Data Breach (majority staff report for the Chairman Rockefeller March 26, 2014). An article by the United States Senate. It can be found here.

Some basic notes:

• Target was PCI-DSS compliant prior to the breach.
• The initial breach was to a third-party vendor.
• Installed malware on Target systems
• Were able to pivot around the network
• Were able to copy large amounts of data via FTP.

My basic thoughts on failings

The target breach has been covered to death, from every angle. My words are from someone not so experienced and thinking how it could have been done different.

A third party vendor was breached initially, giving the attackers the basic access to Target’s network:

 

• There is minimal target could have done to stop attackers using publicly available information to create phishing attacks onto their vendor. I am sure nothing legal could be forced, other than simply asking them to have process where they remove publicly available information that is not required. The article explains Targe could have done this, but with so many vendors how would that be enforced, or how could it be checked that it was carried out. Would contracts stating that such a thing been done have been enough?

 

• The article explains that Target could have enforced a security process on third parties, which I  am sure PCI-DSS compliance requires; by that I mean the vendor could be more secure How could one manage many vendors to have a base line of security? Could they have forced each vendor to be PCI-DSS compliant?

 

• Security awareness training is recommended, saying it could have stopped the attack that way. My argument to this is, that phishing attacks are becoming so advanced these days, there is no way to tell if the email is ‘not’ legit. If it is a work email requiring some action of an employee will be in trouble, then the employee must prove it is not legitimate. Therefore training has a limited impact.

 

• It is said the vendor used a free version of Malwarebytes antivirus. I am wondering if it would have been feasible to have a basic checklist for basic security, such as software licensing, or evidence of using a DLP or IPS for example. This could be used as an on boarding process for each vendor.

 

• The article states that Target could have required 2 factor authentication. This is a great idea. Again it could be part of the on boarding process. I imagine this would have to be managed  by the vendor, as Target managing it for every vendor would be death by overhead. Target could simply require 2 factor authentication and leave it to the vendor to decide the way it is delivered. This would allow flexibility with vendors to choose sms to their phone, an rsa token or other methods.

 

Installed malware on Target systems :

• Target staff failed to act on alerts generated by software. It is also stated that that Target staff could have viewed this as a false positive, possible being overwhelmed with alerts. I read about this all the time, security software being misconfigured or not being used to its full potential, there is no point spending budget on something and not learning how to use it. How is one to confirm if their software is sending too many false positives? Is there a balance? A quality process of some sort should be put in place, follow best practice for each software. Many pieces of software have tuning guides.

 

• The articles states Target could have paid greater attention to industry updates on RAM scraping malware (used in the breach). This is true, but there are so many updates, so many articles to read, how is one to keep up to date on the latest attacks. Perhaps there needs to be (as always is said) more sharing between companies of attack statistics, or a central Security Operations Centre for say payment card industry. That may work, everyone puts in a lump sum of money each year to support the SOC and the information learned is shared between everyone. Or perhaps the way security alerts are delivered via government could be improved, I can imagine industry being bombarded with so many alerts.

Were able to pivot around the network

• The article advises that target could have used white listing, a technique where only approved processes are allowed to run on a machine. In theory this is great, but if I am an attacker, I would assume you would be wiping any type of exe created on the file system, as such I would attempt to use a current process, or at the very least migrate into a process to look around. This can be very easily done with the Metasploit Framework’s meterpreter shell command migrate which allows easy process migration (but of course you must be on the box in the first place). As such white listing does not work as well as it would sound. It is a great idea, just be are of its down sides. The defensive security podcast gives a great explanation here.

 

• I do not think prevention at this stage is most important, I believe detection to be the main focus. This is because if someone is on your network, there is a plethora of opportunities for them to privilege escalate or to pivot, just a simple default password missed in audits or an old firewall rule left in place could be the culprit. Detecting attempts or unusual behaviour would do great to have in place in order to detect.

Were able to copy large amounts of data via FTP:

• I did read once that someone claimed the attackers copied 70gigs via FTP. Whether that is true or not I do not know, but it is a high amount of data and should have been noticeable. Anyhow, the article says that one of the servers FTP was used to transfer the data to was located in Russia via plain text. It also claims this could have been prevented via whitelisting FTP servers. This is a great idea, but what about location spoofing a FTP server. I would have thought the attackers did that already. If whitelisting is not strong enough in that they can pretend to be an allowed FTP server, a limit to the amount of data that can be sent over time could work. Or a warning  sent to the security team that in x amount of time a high amount of data had been transferred and as such this was not normal behaviour and has been flagged.

 

Hopefully that is a good read.

Just some food for thought as I learn to blog about current issues and trends.

 

Cheers,

Haydn

My sexist twitter post and what I learned

 

Dear readers.

I have a confession, I ignorantly posted a sexist tweet/comment. I say ignorantly because I thought I was being silly or just ‘joking’, a simple tweet without a second thought. I went to bed thinking, oh someone will laugh at that comment. Boy was I wrong, and I did cop it, but I think they were lenient on me.

Anyhow, my intent is irrelevant, what I have learned is how my sexist remark, being innocent or not is part of the whole culture of sexism, not just in hacking or information security as an industry, but life.

This post is not to give an excuse, it is to show what I have learned from this experience, and to hope raise further awareness.

Due to the reaction my comment received I have done some research.

• This article titled: Sexism and the single hacker: Where are the women at Def Con?  (August 31, 2013) was a good read. Vegas is a place which is commonly known for booze, drugs and prostitutes/strippers, but as the article states it does not mean that is ok at a conference, or ok at all.
• There is also this article: Ending sexism in hacker culture: A work in progress (updated January 2nd 2013). This article covers the same Def Con game of Hacker Jeopardy as the above article. It is also updated with “Fighting sexism: an on-going process”. It is a good read. The following quote that I have made into a  screen shot is powerful.

• Before my sexist comment, I had read this article without thinking too much into it. “STOP SAYING "I HAVE A BOYFRIEND" TO DEFLECT UNWANTED ATTENTION” At the time I read it I was thinking yes that is true, women should not have to be taken for men to consider them ‘out of bounds’. I have been guilty of it, at a night club, being young and when the whole idea was to ‘get a girl’ (looking back now, I can see that even then it was sexist, the whole young culture is). When a girl is not interested, the first statement was ‘oh you have a boyfriend’, which in hindsight is not always the case. Women are allowed to not be interested due to many other facts than simply being taken.

A side question to the above: In order for someone to decide if your push is welcomed or unwelcomed your must ‘come on’ or show your attracted to a women in the first place . If a woman likes the attention, it is not sexist, but if she does not like it, it is sexist. This is not to be controversial, but as this would be a typical male response, has anyone thought on how to handle this. I can imagine someone would say well it is discrimination if an attractive male hits on a girl and an unattractive male hits on a girl the exact same way and one is considered sexist while the other isn't. Is this a chick before the egg kind of scenario, or am I completely off track with this one?

It is not an a + b = c scenario, however some food for thought perhaps.

• A video I had watched, again prior to my sexist comment: This is What Everyday Sexism Feels Like...to a Man

 

This video, is very off putting to watch. Especially to someone who generally thinks of himself as non sexist (me) but through ignorance continues the culture of sexism. The video is of a man walking a baby, where men are treated as a sex object. It is quite an eye opener, to women running down the street topless and females being the dominant sex, purposefully opposite to the real world. Quite sad once accepting it as it is. A man is being hit on by a group of women, and when he is repulsed they call him a skank, an eye opener to that of women in the real world being hit on by groups of guys, and if they do not like it, it is the woman's fault.

A side note to sexism in my Fiancé's experience

Again, I did not think too much of this, perhaps I am guilty of not accepting or seeing deeply into others situations.

My fiancé’ (lucky to have her now I think of it) and I opened a joint account, as I work full time, she was placed as the primary account holder. Despite this, the bank has sent a letter with my name on it, asking how I like the account etc. They never sent her a letter asking her the same thing, nor did they send a letter to the both of us.

She tried to get a credit card to build up credit  history. Having no credit history she was forced to have a supported credit card (not the right term), one with a $600 freeze on her own money, in case she did not pay her account. While signing up, the banker (probably male) told her that I (her fiancé’) could come in and get a credit card straight away. Now I have no credit history either, so why that is different I have no idea.

So even from a banks point of view, men are the dominant sex. She was very upset and angry, and I simply replied with ‘that is how the world is’, which neither helps or changes anything. I did say  I understood how she felt and she had every reason to feel that way, although it is not until now, that I truly understand how she felt/feels, and how ingrained the sexist culture towards women is.

I did not realise I was a contributor of sexism (like these articles) until it was pointed out

I felt completely terrible for my comment being taken as sexism, I would have never considered my self sexist. Yet now I realise that the comment was still made after I had clearly viewed awareness articles/videos of sexism.

So why did it take ‘being made a fool out of on twitter’ to realise that sexism has very deep roots?

Perhaps it is because whenever a sexism campaign is shown, it is at the very extreme (not meaning to say that it is rare) and that I was able to separate myself as being nowhere near what the campaigns show. This I would consider to be akin to road toll campaigns, where someone is texting or not paying attention and they are killed in some huge horrific car accident, I would never consider myself an idiot to do that, however just last night I was tired and hit a gutter driving home. I could have so easily been the exact reason for road toll campaigns, and yet I still did not think too much of it other than ‘oops’.

Perhaps it is not until the ego is smashed to pieces and one can take a step back, and say ‘oh I have made a really big mistake’ that one learns the most. But it should not take your own mistake, or a big mistake to learn something.

I do not have a solution to breaking the sexist culture, or to changing the opinion of everyday people to thinking they are not part of the problem, or as I mentioned above that they are not anywhere near like that shown in a sexist campaign. All I can say, is that I now have a greater understanding and awareness of sexism in hacking culture by having the car accident (to use the road toll analogy).

Having a greater awareness and understanding means?

As I always try to be more self aware and improve myself and be a better human being. Having a greater awareness allows me to not make the mistake again, to notice when small sexist things are being done (by small I mean not as noticeable) and to call them out. Hopefully I can help better things for everyone.

I still struggle with the pulling the racist or sexist card

Some thing's can be said with no prior thought of sexism or racism and people can just say you are racist or sexist in order to make your argument invalid. How is one to tell the difference? After my experience, I do not think it is worth the risk of getting it wrong, if someone wants to say you are racist or sexist just to cause a problem, that is fine, accept it, as you will never truly know.

If they feel you are being racist or sexist that is what matters. Try to not be too quick to shrug off someone being upset and feeling you are racist or sexist as just ‘playing that card’, as I have done many times.

 

The point of the post

The point of this post was to say I am sorry for being sexist. No excuses, only that I apologize and I will and can do better.

Hopefully my post can make others aware that being ignorant does not stop somebody being hurt, and it does not stop a sexist culture. One may consider themselves separate to a sexist culture, however it could be said that if you are not part of the solution, you are part of the problem. Does that shake any bones?

I did try to write this post from the perspective of someone who has constantly been attacked or abused (perhaps not the correct terminology), trying to understand the real issues and not belittle any feelings. I hope I have achieved that.

 

Any feedback is welcome.

Cheers,

Haydn

test

test

Share point installation notes

Howdy all,

Just a short post for those wanting a hint in the right direction for installing Share point 2013.

Please note:

• This is for a setup with a complete installation of sharepoint; meaning not a stand alone with a built in sql server express
• The share point and sql server are on one server
• It is part of a domain, so DNS, accounts are created on the domain controller

Start with this video:



Why you ask?
Because the MSDN documentation is very detailed, very exact and very dry reading.

Be-careful of :
Installing Share point stand-alone for Domain environments. It does not work with an active directory over a domain.

Please install via these tutorials.

Disclaimer:
I am in the middle of following them and have not yet finished the installation. will update when it is up and running :)

Some issues I am finding:

Creating a web application works fine, completing a site collection works fine, creating a site... not so much. By not so much, I mean I am able to create it, just unable to access it.

I have tried a bit of googling and found some potential reasons such as:

• loop back check
• Fully qualified domain name issues

The Administration site is accessible externally. My thoughts so far is that through the install, windows is able to configure everything correctly, but sharepoint is unable to configure sites correctly, mainly the DNS, forward lookup etc.

Trouble shooting so far:
So far, there was an issue with an SSL site. What does SSL need, certificates, as such we went through and created a self signed certifcated, exported it, and added it to the share point trust zone.

A great tutorial for that can be found here

The new issues:

• The site works in that it asks for credentials but gives a 404 file not found error. So in order to troubleshoot I am trying to create a non ssl site to see if it is to do with SSL somehow.
• Running slow.. very slow
• Is crashing quite a lot, when restarting the server, when create a web application and a site collection

Addressing the 404 file not found error:

I was unable to directly fix the error in asking for credentials then loading a 404, i.e nothing showing up. That is, I was unable to fix the error for a web application that is directly created for SSL.

A work around instead, was to create a web application without SSL, and then change it to have SSL. Basically creating on port 80 and then changing to port 443.

As said early, the thought was the DNS server does not automatically configure for site collection, or the creation of sites.

This blog post, which also comes in a white paper goes very advanced to solving sites with SSL. But do read the first part, as it gives great steps on creating a DNS new host A name. Which solves the problem of 404 file not found.

The key take aways are:

• Configure the DNS, to have the correct FQDN, so that being on a domain, allows you to connect to the site, whether it being ssl or standard http
• generate a certificate for the ssl. I advise using the selfssl as per step 3 in the guide. Please note: you must run it as administrator, but doing so opens cmd at the default location. So you have to manually move into the selfssl directory and execute the command from there.
• When importing the certificate it can be hard to find the local computer certificates, instead of just local user, this is why selfssl is really great. It does that automatically
• Bind the website in IIS so that the website and certificate are bound together, i.e it knows what certificate to expect.
• Within sharepoint, change the http to https. Alternate access mappings can be found under central administration, not under security as one would think
• add the trust in sharepoint, add the certificate and you should be good to go.

It is working
I followed the videos, and fought with creating an ssl site within sharepoint. I found that following the white paper (a guide to https and secure sockets layer in sharepoint 2013) and changing the non ssl site to an ssl site worked much better. Well technically, it actually worked :)

Some logging things to note
There are many many logs consistently created. I will update this tomorrow with the details.

update:

This user expains: "In my sharepoint 2010 development server owstimer.exe consumes  > 1.2 GB Memory". This is not exactly my problem but owstimer just kept crashing.

The image:

It constantly errors, so far share point is still working fine. I will need to trouble shoot this I think.

Another constant error:

 

 

Cheers,
Haydn

Why I believe the Country Club Pet Resort played a role in the death of my dog

Sorry readers to have not posted so long, and most importantly sorry to have to post something of this nature.

_____

Update 6th May 2014 (afternoon):
The Fiance' had a call with the owner, they had offered to pay for cremation (through their resort), however we had already paid for the cremation through a different vet.



Update 6th May 2014: The Fiance' has called again today to talk to a person of importance, they said the owner would call back.

Which brings to mind, why did a manager/owner not call or investigate when we removed our pet from their place early and complained. If I was a reputable business I would want to understand why any customer was upset and what has happened, in order to stop similar occurrences happening in the future.

We are having to CHASE them up for any information, any support, any honest from them.
____
___
Update: we have recently found these reviews as well they can be found here
There are a few good reviews, and then the bad reviews keep on coming. I wish we knew this beforehand!
___


So I moved to Calgary about 2 months ago. My pet Rottweiler came over on the April 13th 2014. He was placed in the Country Club Pet Resort in Calgary one day after arriving, we had to put him down yesterday (2nd May 2014).

Now this post is not to say that they 'killed' my dog. This post is to make readers aware of placing pets in kennels, and to be aware of possible neglect and a lack of care, in particular the Country Club Pet Resort.

Our dearly loved Rottweiler Jaxon had a condition commonly known as wobblers disease/syndrome. Its symptoms can be found here.

This is Jaxon:

Basically:

• A spinal condition that affects movement, control of walking, unable to run and sprint, depending on the severity. 
• Its symptom list can be quite long (quoting the above link)
• Strange, wobbly gait
• Neck pain, stiffness
• Weakness
• Possible short-strided walking, spastic with a floating appearance or very weak in the front limbs
• Possibly unable to walk – partial or complete paralysis
• Possible muscle loss near the shoulders
• Possible worn or scuffed toenails from uneven walking
• Increased extension of all four limbs
• Difficulty getting up from lying position

The reason I list the symptoms is because they are quite obvious symptoms to spot (I will come back to why it is important they are obvious later on).

Prior to Canada:

Our dear Jaxon prior to flying to Canada had been diagnosed with this condition, however his case was not severe, we were advised to not let him run or sprint. Being a 2 year old dog, he was very happy and would sprint around the room jumping on the couch when we would come home. So he was quite happy and go lucky.

Jaxon was also health checked and given the go ahead and allowed to fly.

After landing:

I picked up Jaxon from the Cargo bay, and he was alert, extremely excited to see me. My fiance' and I took him to a pet friendly hotel for the night, so that we could spend over night with him. Jaxon seemed very normal and quite active and happy for the night with us. We did not have any worries at all at this time.

This is him standing after meeting my Fiance' after the flight:

The reason for choosing Country Club Pet Resort:

Jaxon was to spend the night in the hotel with us and then be placed in a kennel for a month or so, until we were able to find a place to rent or buy.

As Jaxon is so valuable to us, the Fiance' chose the Country Club Pet Resort for the extra care that could be provided, things like mats on the floor, a heated room, walks and cuddles each and every day.

It is called the 'all inclusive package' which states clearly:

Your pet's all inclusive package includes:

• 3 times a day excercising and playing in our romping corrals (with or without a friend)
• Individual suite
• 1-2 Meals a day with snacks in between
• Daily nose to toes wellness inspection
• Daily Individual Cuddles and T.L.C.

* plus a rotation of one of the following activities daily:

• Brushing and Body Massage
• Indoor or outdoor play time in our playschool
• Off-leash park including playing ball and chase

That spelling mistake is from their website, not my mistake. Anyhow, the Country Club Pet Resort was clearly made aware of Jaxons condition, that he was not to run, not to be allowed to play with other very active dogs. We were even told that they had dealt with dogs with wobblers syndrome before, and as such were very capable and confident of safely keeping Jaxon.

As a result we paid the premium to make sure our dog was to have the highest care while we were unable to be with him. We were trying to be the best owners possible.

We did not choose a VIP special needs room, as Jaxon appeared to us to be as normal as he could be for his condition, that is to say; he was the same as he was in Australia.

Everyday my Fiance' or her mother would call the pet resort, because my Fiance' is what you would say 'OCD' about the health and care of her dog. Every time they called, they were told Jaxon is fine and to not stress, that he is happy and doing fine.

Showing up unannounced is when it all went wrong:
My Fiance' was stressing without Jaxon, emotionally a mess, unable to function normally with out him. Worry about his care, his health and how she was a bad owner for putting him in a kennel. Every night I would re assure her that there was no reason to worry as we had him at a very reputable and expensive place, assuming he was gaining the care and attention we expected.

One night she was worse than normal stressing about him, she had the day off work the next day and I said just go see him, to put your mind at rest.

My Fiance' and her mother went to the resort to see Jaxon, they did not call prior, as the website states that appointments are unnecessary.

Directly from their website : Found here 
 *Daily tours between 1-3 pm (no appointment necessary)

Upon arriving to see Jaxon,  they were told his was a 'little' stiff today. Upon bringing him out he could barely walk, which concerned them. They took Jaxon to the grass, and he was not able to walk correctly to the grass, Jaxon would fall over many times. He would get excited wag his tail and fall. Upon further inspect he had dried poo on his bum.

 After this happening my Fiance' promptly decided to take Jaxon out of the pet resort.

Her mother called me very upset, crying, saying he is so bad, falling over his front paws, and has never been like this. Being the high reputable resort I was in disbelief.

They took Jaxon straight to the emergency VET. He was given 3 types of medication, an anti inflammatory to help the swelling in his legs and a muscle relaxant. Jaxon had lost 5kgs of weight, mostly muscle. I will come back to this further on, but this is important.

Jaxon also drank furiously when given water, indicating a high amount of thirst, basically not given water.

They headed up to her uncles which is an hour away, as they have dogs and Jaxon would be able to recover. Jessica took the week off work to be able to spend 24/7 with him.

The 1st day after was a little recovery, but the luck only lasted so long:
The first day (30th  April 2014) Jaxon seemed to improve a little bit. My fiance' was able to look after him on her own, her uncle had placed a ramp for 3 stairs, as he was unable to walk up or down them.

The following day Jaxon got much worse, he was unable to walk down the ramp with assistance, she basically had to hold his whole weight to get him anywhere in the house. She would constantly call me crying while I was at work.

She took Jaxon outside to pee and he did not make it up the ramp, he fell and hurt himself. It took her an hour to get him inside. After this I took a personal day at work, so that I could come up that night and be with them to help care for Jaxon.

I was shocked at the condition of my dog, who once was happy, able to run to me as a walked in a room, was now stuck laying on his side on the couch, left to wag his tail and bark in excitement. His paws had cuts on the top, from tripping over his front feet. They looked like carpet burns, or cigarette burn on some ones hands. Little circles of cuts, where the skin had been scrapped off.

I thought I would be able to lift his spirits and lift him enough while walking to allow his muscle to strengthen up after having lost so much. To my horror Jaxon was unable to even wee or poo without support.  It was clear that his wobblers condition had become severe.

We had a harness for him, to allow us to hold him up, we would use a towel under his stomach to help raise his back legs. This was not enough for him to walk.

In order to not go into further detail on his condition, or how horrible and sudden his decline was I will not write any more on it. On the 2nd May 2014 we chose to put him to sleep. I had to carry him into the final room.


Country Club Pet Resort and their lack of care:

It is my honest belief that Country Club Pet resort has some responsibility to bare, in other words, they played a role in the sudden decline and ultimate the death of my beloved pet.




Here is my reasoning:

• Country Club Pet Resort all inclusive package included a daily nose to to toes wellness inspection. Why did they not inform us that Jaxon was unable to walkas well as when we had dropped him off, or that he had declined in health.

• Also why did he have dry poo on his bum? This would show that they did not do their inspection with which we had paid for. This is the reason we were comfortable with having him there.
• Jaxon lost 5kgs on muscle in 2 weeks and 2 days at the resort, how does an animal lose that much muscle that quickly if they had been walked multiple times a day, as well as checked all over once a day. This they did not alert us of. Which in my opinion is something would be easily noticeable.

Previously I mentioned the symptoms of Wobblers disease were obvious and that it is important. The following is above is why.

• Having wobblers syndrome animals previously,they should be able to understand the condition. If they were taking care of him as expected, how did they not notice the sudden and obvious decline. They claimed to have experience with the symptoms and disease, they should have had a careful eye on him.

• Having made them very aware of the condition, and how important he was too us, we were expecting them to make us aware of any change, no matter how small. This they failed to do.

• If we had known he had declined, we would have as my Fiance' had done, taken him to a place where he could be cared for 24/7. As they did not alert us to any changes, his condition was much worse than it could have been.

• My Fiance' called them after wards to complain to them, and was told they had NOT previously dealt with wobblers syndrome animals previously, quite a back-flip before placing Jaxon into the resort and paying the money. We had been told this is a case of 'he said she said', that is; who knows what is true. But that still does not take away the confidence and expertise they instilled in us that they were 100% capable of looking after Jaxon and dealing safely with his condition.

• The lady was to investigate why we were not alerted early to Jaxons decline in health, but as yet we have heard nothing from them

• They have not shown any sympathy, they merely have been focusing on absolving themselves of any responsibility. They have not offered to refunded any money at all, despite being forced to take him out of the kennel 'early' due to his declining condition.

The Country Club Pet Resort website is here

I will not say they killed our beloved dog, however I will say that I believe they had many failings in their care of Jaxon which attributed to his sudden decline and ultimately his death.

They either failed to check Jaxon's health everyday, or everyday they checked and did not inform us. Either way, the end result is that we were not given the chance to take care of Jaxon as soon as his wobblers syndrome had flared up.

This post is to make other owners to be careful with kennels and pet resorts. I am very angry and hurt, and have attempted to be as unbiased as possible. I do not have any photos of Jaxon's paws to prove his condition, as at the time we were focused on helping him get better. This is also why I say they DID NOT kill my dog, but they DO hold some responsibility due to their failings in everything they made us believe they would do.

The fact that they demanded payment before taking Jaxon out of the kennel despite his condition makes me sick, the fact they have not offered anything at all during this time is terrible. Perhaps they did not offer any money or support due to that showing an acknowledgement of wrong doing. However due to them offering no support I have posted this to make everyone aware.

We decided to put Jaxon to sleep 3 days after removing him from the resort.

Sorry again to post something like this.

Haydn