Knowledge Base

OpenSSL

Mon, 31 Mar 2014 07:06:34 GMT

generate a new certificate

for example for unrealircd:

openssl req -new -x509 -keyout temp.key -out server.cert.pem  -days 9001
openssl rsa -in temp.key > server.key.pem

USB

Fri, 07 Mar 2014 14:36:00 GMT

Disable one interface

lsusb
lsusb -t
# syntax of the id:
# <bus>-<port>.<port>.<port>...
cd /sys/bus/usb/drivers/usb/1-1.6 ; echo 1 > remove

archlinux

Wed, 26 Feb 2014 09:55:00 GMT

basic install

# we are using mbr again, guid somehow does not do the right thing
fdisk /dev/sda   
# create linux partition(8300)
n;enter;enter;enter
# ... and btrfs because all the cool kids do so
mkfs.btrfs /dev/sda2
mkdir /mnt/btrfs-root /mnt/active
mount /dev/sda2 /mnt/btrfs-root
btrfs subvolume create __active && cd __active
btrfs subvolume create var
mount /dev/sda2 -o default,noatime,subvol=__active /mnt/active

# install that shit
pacstrap /mnt/active base
genfstab -p /mnt/active > /mnt/active/etc/fstab
cat >> /mnt/active/etc/fstab<<EOF
tmpfs /tmp tmpfs defaults 0 0
## to never write persistent, uncomment:
#tmpfs /var/log tmpfs defaults 0 0
EOF
arch-chroot /mnt/active
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
echo "LANG=en_US.UTF-8" >> /etc/locale.conf
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
locale-gen
echo "my-host" > /etc/hostname
mkinitcpio -p linux
pacman -S openssh grub-bios
grub-mkconfig -o /boot/grub/grub.cfg
passwd
# useradd -d /home/bob -m bob
cd /etc/netctl
cp examples/ethernet-static lan
# edit lan , try network: enp0s25 or something
netctl enable lan
systemctl enable sshd.service
grub-install /dev/sda
exit
reboot

curl

Tue, 14 Jan 2014 01:38:00 GMT

spoof host_name

curl --resolve host:80:ip host

buildbot

Tue, 14 Jan 2014 00:39:00 GMT

initial installation

#?/bin/sh   
# something like this

useradd ci
punani install python-virtualenv 
su ci
virtualenv buildbot
echo ". $HOME/buildbot/bin/activate" >~/.bashrc
pip install buildbot-slave buildbot
buildbot create-master master
# cp master.conf master/master.conf
buildbot reconf master
# or reconfigure as many slaves as you wish
buildslave create-slave slave localhost "ubuntu1204-local-slave" aidsballs
buildbot start master
buildslave start slave

weechat

Wed, 08 Jan 2014 15:47:00 GMT

compiling

fresh

./configure --prefix=/usr --sysconfdir=/etc 
make install

UTF-8 is broken after compilation

# you might have missed these two lines when doing ./configure:
## *** ncursesw library not found! Falling back to "ncurses"
## *** Be careful, UTF-8 display may not work properly if your locale is UTF-8.                                                                                              
#install ncursesw header 
apt-get install libncursesw-dev

search

you will need 0.4.2 or higher. see http://weechat.org/files/doc/devel/weechat_user.en.html#key_bindings_search_context.

/key resetall -yes search
/save
# search in nick names,etc
ctrl-r and TAB...

grep

/script install grep.py
/grep ball
/help grep

dn42

Sun, 29 Dec 2013 10:57:00 GMT

auto gre1
iface gre1 inet tunnel
  mode gre
  netmask 255.255.255.255
  address -ask crest-
  dstaddr -ask crest-
  endpoint -crest endpoint-
  local -local ip-
  ttl 255

iptables

Tue, 24 Dec 2013 12:23:00 GMT

Arch Linux

iptables -F
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -p tcp --dport 1655 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables-save >/etc/iptables/iptables.rules
systemctl enable iptables.service

Metadata

Mon, 23 Dec 2013 20:31:00 GMT

wget + exiftool

wget -r -l1 --no-parent -A.jpg http://example.com
exiftool -r -h -a -u -gl * >output.html

Videos

Methods

exiftool $file
tovid id $file
mplayer -vo null -ao null -identify -frames 0 $file

Makefile

Tue, 17 Dec 2013 13:42:00 GMT

For Testing

Async test all executables in t/ according to TAP

usage:;cat Makefile
test:
        @export PATH="$(CURDIR)/bin:$(PATH)"; \
                tests="`find t -type f -executable`"; \
                i=1; \
                pids="";\
                n=`echo "$$tests" | wc -l`; \
                echo $$i..$$n; \
                for exe in $$tests; do \
                        { \
                                ./$$exe; \
                                ret=$$?; \
                                case $$ret in 0) result=ok;; *) result='not ok';; esac; \
                                echo $$result $$i - $$exe; \
                                exit $$ret;\
                        } & \
                        pids="$${pids} $$!" \
                        i=$$(( i+1 )); \
                done; \
                ret=0;\
                for pid in $$pids; do \
                        wait $$pid || ret=23;\
                done; \
                exit $$ret;

Sync test all executables in t/

usage:;cat Makefile
test:
        @export PATH="$(CURDIR)/bin:$(PATH)"; \
                tests="`find t -type f -executable`"; \
                i=1; \
                n=`echo "$$tests" | wc -l`; \
                echo $$i..$$n; \
                ret=0;\
                for exe in $$tests; do \
                                ./$$exe; \
                                thisret=$$?; \
                                case $$thisret in 0) result=ok;; *) result='not ok';ret=255;; esac; \
                                echo $$result $$i - $$exe; \
                        i=$$(( i+1 )); \
                done; \
                exit $$ret;

tinc

Wed, 11 Dec 2013 10:27:00 GMT

Tinc is your virtual private network.

logging

Get infos from current network
see also github->makefu->retiolum

sudo tincd -n retiolum --kill=USR2 --user=tincd --chroot

run with

tincd --user=tincd --chroot -n retiolum

installation

Use this installation with great caution!

curl tinc.krebsco.de | HOSTN=krebsbobkhan sh

v6-only host routing to v4 via tinc

server (pigstarter)

#?/bin/sh
# forwarding
echo "net.ipv6.conf.conf.all.forwarding=1">> /etc/sysctl.conf
sysctl net.ipv6.conf.conf.all.forwarding=1
# ufw
sed -i 's/\(DEFAULT_FORWARD_POLICY=\).*/\1"ACCEPT"/' /etc/default/ufw
service ufw restart
# tinc config
echo "Subnet = 0.0.0.0/0" >> /etc/tinc/retiolum/hosts/pigstarter

client (irkel)

cat >>/etc/tinc/retiolum/tinc-up <<EOF
ip addr add 10.243.0.153 dev \$INTERFACE
ip addr add default dev \$INTERFACE
EOF

Building on amazon ec2 aws instance

#!/bin/sh
set -e
sudo yum install -y gcc openssl-devel 
mkdir build
cd build
curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar xz
cd lzo-2.04
./configure --prefix=/usr
make
sudo make install
cd ..
curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz
cd tinc-1.0.13
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
sudo make install

Entropy

Tue, 26 Nov 2013 18:03:00 GMT

generate entropy

haveged

pacman -S haveged
systemctl start haveged

rng-tools

pacman -S rng-utils
rngd -f -r /dev/urandom

samba

Tue, 26 Nov 2013 16:50:00 GMT

Anonymous Samba Share

Create Samba Config

in /etc/samba/smb.conf

[global]
        # this disables all the authentication with 'guest ok'
	#security = SHARE
[temp]
	comment = Shared
	path = /home/samba
	force user = sambaman
	force group = users
	read only = No
	guest ok = Yes

Create Samba User

useradd -c "Sambaman" -m -g users -p "moar samba browsing fuck yeah" sambaman

Restart

systemctl restart smbd

DNS TUNNEL

Mon, 25 Nov 2013 21:07:00 GMT

Server-Side

useradd -r tun
iodined -f 172.16.0.1 io.krebsco.de -u tun -P "aidsballs" -t /home/tun -c

Client-Side

# -r skips direct mode (good for testing)
sudo iodine -f -I1 io.krebsco.de

Testing

http://code.kryo.se/iodine/check-it/

mutt

Mon, 18 Nov 2013 21:28:00 GMT

html view

in .mailcap

text/html;w3m -dump '%s' -O utf-8 -I %{charset} ; copiousoutput; description=HTML Text; nametemplate=%s.html

in .muttrc

auto_view text/html

smime

echo "source /usr/share/doc/mutt/samples/smime.rc" >> ~/.muttrc
smime_keys init
wget http://services.support.alcatel-lucent.com/PKI/rootCA.crt
smime_keys add_root rootCA.crt

# create private CA and derive mail certificate (see below)
#  OR 
# get free trusted Certificate from http://www.comodo.com/home/email-security/free-email-certificate.php

smime_keys add_p12 mail.p12
echo 'set smime_default_key="<see output above>"' >> ~/.muttrc

mutt
# receive signed mail of crypto partner
## CTRL-K
#fix the ~/.smime/certificates/.index as extraction of complete chains does not work correctly as of today (31.01.2012) see Mutt #3559

Create own CA

mkdir ca
openssl req -new -x509 -keyout ca/rooty.key -out ca/root.pem -days 9001
openssl rsa -in ca/rooty.key > ca/root.key
rm ca/rooty.key
cat > root.cnf <<EOF
[ ca ]
default_ca = ca_default
[ ca_default ]
dir = ./ca
certs = $dir
new_certs_dir = $dir/ca.db.certs
database = $dir/ca.db.index
serial = $dir/ca.db.serial
RANDFILE = $dir/ca.db.rand
certificate = $dir/ca.crt
private_key = $dir/ca.key
default_days = 365
default_crl_days = 30
default_md = md5
preserve = no
policy = generic_policy
[ generic_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOF

echo '100001' >ca/ca.db.serial
touch ./ca/ca.db.index
mkdir ./ca/ca.db.certs

openssl req -new -keyout mail.key -out mail.csr -days 9001
openssl ca -config root.cnf -out mail.crt -infiles mail.csr
openssl pkcs12 -export -inkey mail.key -certfile ca/root.crt -out mail.p12 -in mail.crt

smime_keys add_root ca/root.crt
smime_keys add_cert ca/root.crt
# add private certificate

offlineimap

swapdisk

Sun, 17 Nov 2013 23:30:00 GMT

create swap from file

truncate --size 8G /swapfile
mkswap /swapfile
swapon /swapon

/etc/fstab

echo "/swapfile     none swap defaults 0 0" >> /etc/fstab

minimize swappiness

echo 0 > /proc/sys/vm/swappiness

after reboot

in /etc/sysctl.conf

vm.swappiness=1

MainMenu

Thu, 07 Nov 2013 14:12:00 GMT

GettingStarted
Security
Hardware
Programming
Hacking

Misc

TODO
Fun
RSS of this Blog

VPN

Tue, 22 Oct 2013 22:28:00 GMT

Default route via SSH

see more https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH.27s_built_in_tunneling

using pvpn

prepreqs

GNU/Linux
OpenSSH
pppd
bash
iproute2
dnsutils (dig(1))
asciidoc
(make)
(binutils)

server side

echo "PermitTunnel yes"  >> /etc/ssh/sshd_config
# deploy client pubkey for root
echo "PermitRootLogin without-password" >> /etc/ssh/sshd_config
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >> /etc/rc.local

client side

yaourt -S pvpn
ssh-copy-id root@host
pvpn -t ssh-3  root@host default

systemd

Tue, 22 Oct 2013 22:22:00 GMT

run shit in tmux

in /etc/systemd/system/start-shit.service

[Unit]
Description=start shit

[Service]
Type=oneshot
RemainAfterExit=yes
KillMode=none
User=root
ExecStart=/usr/bin/tmux new-session -s %u -d '<my cool script>'
ExecStop=/usr/bin/tmux kill-session -t %u

[Install]
WantedBy=multi-user.target

call rc.local

in /etc/systemd/system/rc-local.service

[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local

[Service]
Type=oneshot
ExecStart=/etc/rc.local start
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99

[Install]
WantedBy=multi-user.target

File Systems

Tue, 22 Oct 2013 17:37:00 GMT

umount

fuser -amuv /path/to/mount
kill dat-shit

umount nfs

umount -l /path/to/nfs