mount virtual disk in Linux

22 September 2018

 

sudo apt-get install qemu-utils

unload NBD module

sudo rmmod nbd

reload

sudo modprobe nbd max_part=8

Attach whole file (disk)

sudo qemu-nbd -c /dev/nbd0 drive.vdi

Mount partition  from /dev/nbd0.  it can be several disk /dev/nbd0p*

sudo mount /dev/nbd0p1 /media/vdi

----------------------

Umount & cleanup

sudo umount /dev/nbd0p1
sudo qemu-nbd -d /dev/nbd0
sudo rmmod nbd

 

Wypisanie wszystkich urządzeń hardware

hardware hacking | 7 September 2018

lshw -C network

 

LSHW(1)                                                                                                                                                                                        LSHW(1)

NAME
       lshw - list hardware

SYNOPSIS
       lshw [ -version ]

       lshw [ -help ]

       lshw [ -X ]

       lshw  [  [ -html ]  [ -short ]  [ -xml ]  [ -json ]  [ -businfo ]  ]  [ -dump filename ]  [ -class class... ]  [ -disable test... ]  [ -enable test... ]  [ -sanitize ]  [ -numeric ]  [ -quiet
       ]

DESCRIPTION
       lshw is a small tool to extract detailed information on the hardware configuration of the machine. It can report exact memory configuration, firmware  version,  mainboard  configuration,  CPU
       version and speed, cache configuration, bus speed, etc. on DMI-capable x86 or IA-64 systems and on some PowerPC machines (PowerMac G4 is known to work).

       It currently supports DMI (x86 and IA-64 only), OpenFirmware device tree (PowerPC only), PCI/AGP, CPUID (x86), IDE/ATA/ATAPI, PCMCIA (only tested on x86), SCSI and USB.

       -version
              Displays the version of lshw and exits.

       -help  Displays the available command line options and quits.

       -X     Launch the X11 GUI (if available).

       -html  Outputs the device tree as an HTML page.

       -xml   Outputs the device tree as an XML tree.

       -json  Outputs the device tree as a JSON object (JavaScript Object Notation).

       -short Outputs the device tree showing hardware paths, very much like the output of HP-UX's ioscan.

       -businfo
              Outputs the device list showing bus information, detailing SCSI, USB, IDE and PCI addresses.

       -dump filename
              Dump collected information into a file (SQLite database).

       -class class
              Only show the given class of hardware. class can be found using lshw -short or lshw -businfo.

       -C class
              Alias for -class class.

       -enable test

 

-----------------------

wl:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/4.15.0-33-generic/updates/dkms/

depmod...

DKMS: install completed.
modprobe: ERROR: could not insert 'wl': Required key not available
update-initramfs: deferring update (trigger activated)
Processing triggers for initramfs-tools (0.130ubuntu3.1) ...
update-initramfs: Generating /boot/initrd.img-4.15.0-33-generic
W: initramfs-tools configuration sets RESUME=UUID=91ff709b-f67d-4c36-9ee8-81e8f6b0b3a3
W: but no matching swap device is available.
I: The initramfs will attempt to resume from /dev/sdb1
I: (UUID=ac087cdf-cf65-9745-a66e-00c2283af0cf)
I: Set the RESUME variable to override this.

 

Kategorie Linux

syslog-ng config

25 April 2018

save to file SYSLOG-NG

destination d_network_hosts { file("/syslog/$YEAR/$MONTH/$DAY/$HOST.log" owner(root) group(sudo) perm(0644) create_dirs(yes) dir_perm(0755)); };
 log { source(s_network); destination(d_network_hosts); };

 

Kategorie Linux

Mount VirtualBox VDI image (and other)

18 March 2018

Pre Requirements:

sudo apt-get install qemu-utils

modprobe nbd

Install block device:

qemu-nbd -c /dev/nbd0 <vdi-file>
mount /dev/nbd0p1 /mnt

Uninstall:

umount /mnt
qemu-nbd -d /dev/nbd0

 

Kategorie Tools, Linux

Command Line Kung Fu

14 March 2017

source: http://blog.commandlinekungfu.com/p/index-of-tips-and-tricks.html

Auditing

The Advantage of "sort" to View Passwords
Avoiding LANMAN False Positives
"chage" to Get/Set Password Security Parameters
Change a User's Password to Blank
Find Accounts With Superuser Privileges
Finding Duplicate User IDs
Finding Null Passwords
Lock Out Users Remotely While Preserving Session
Lock Screen With "tsdiscon"
"net use" and The Blank Passwords
Show Account Security Settings
Show Domain-Wide Settings For Accounts
Suspicious Password Entries
Why "wmic" Remote Lock Fails?
"wmic" to Display Users' SID
Workaround to View Windows Password Hashes


Forensics

Better "find" with touch
Determine where a USB device was plugged into
Display File Creation Time
Listing Files by Inode as a Proxy for Creation Time
Remotely Pull USB info
Show USB vendor/serial number 
USB History
Watch File Count in a Directory

Network Troubleshooting

Hack to Pull Out a Specific Protocol From "netstat" Output (Linux)
Kill Process by TCP/UDP port number
Learn About Network Traffic
"netstat" vs "lsof"
Protocol Stats
"watch" vs "netstat -c" 

Penetration Testing

The Broadcast Ping
Command-Line Ping Sweeper
Detecting when a scan reaches a given target
Firewall Chains
Look at Firewall Configs
Reverse DNS Records
See the Number of Times a Firewall Rule Was Triggered
Show Ports Allowed Through Firewall
Show Programs Allowed Through Firewall
Speed Up Ping


System Administration


Aborting a System Shutdown
Browsing the Registry with Powershell  
Careful with iptables "INPUT"
Converting Unix timestamps to human-readable form 
Disable The Guest Account 
Dropping Firewall Dead
Execute a Command En Mass
"find ...| xargs ..." vs "find ... -exec ..."
"findstr /m" to Print Only File Name
Find Files That Only Contain Printable ASCII With "findstr /p" (But be Aware)
Finding Names of Files Matching a String
Having Fun with Firewall
The Importance of Putting Your System's Hostname
IPTables or The Simplified Firewall Configuration
Linking Files
Listing Files and Their Sizes
Listing the largest 100 files
Poke Holes Through The Firewall
Reboot in [N] Seconds
Remote Command Execution
Simplify Your Life With "ufw"
SSH: Using "user@host" vs "-l" 
Symlink to an Entire Directory
What is hogging up the space?
WScript to Create Link For Files and Folders

Text Manipulation

Backup Before You Change With "sed"
Build Your Own "uniq" Command on Windows
Convert Multiple-Line Output into a Single Line Using "tr"
Convert Text Formats - Dos to Unix
Extra Little File to Help
"for" loops to parse text
Have "sed" Use Extended Regular Expressions
Replacing Strings in Multiple Files
Replacing Text Powershell Way
The Single Quote, The Double Quote, and The "FOR" Loop
When "sed" is better than "awk"

 

FruityWifi on Raspberry-Pi

13 December 2016

FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it.

 

http://www.fruitywifi.com/index_eng.html

 

Extra space with extroot for LEDE

27 November 2016
necessary package
opkg update
opkg install block-mount
mount device
mkdir /mnt/sda1
mount /dev/sda2 /mnt/sda1
copy root directory content
mkdir -p /tmp/cproot
mount --bind / /tmp/cproot
tar -C /tmp/cproot -cvf - . | tar -C /mnt/sda1 -xf -
umount /tmp/cproot
configure /etc/config/fstab
block detect  > /etc/config/fstab

vi /etc/config/fstab
config global
        option anon_swap '0'
        option anon_mount '1'
        option auto_swap '1'
        option auto_mount '1'
        option delay_root '5'
        option check_fs '0'
        option from_fstab '1'

config mount
        option uuid 'some-uuid'
        option enabled '1'
        option target '/'
        option 'options' 'rw,sync'
        option fstype 'ext4'
        option enabled_fsck '0'

Reboot and Check
mount

Secure Coding Guidelines

13 March 2016

virtualbox DKMS problem after reinstallation

9 March 2016

sudo apt-get install dkms --reinstall

sudo apt-get --reinstall install virtualbox-dkms

sudo systemctl start vboxweb.service

---------------------- vboxweb.service ----------

 [Unit]
 Description=VirtualBox Web Service
 After=network.target

 [Service]
 Type=forking
 PIDFile=/run/vboxweb/vboxweb.pid
 ExecStart=/usr/bin/vboxwebsrv --pidfile /run/vboxweb/vboxweb.pid  --background
 User=vbox
 Group=vboxusers

 [Install]
 WantedBy=multi-user.target

--------------------

sudo mkdir /var/lib/vbox

sudo chown vbox:vboxusers /var/lib/vbox

 

 

 

Protection of system security

3 November 2015

Debian APM82181

6 September 2015

kompilacja dla https://github.com/MyBookLive/kernel-4.0.x/blob/master/config_mbl

http://blog.loetzimmer.de/2014/10/debian-wheezy-auf-wd-mybook-live-mbl.html

https://github.com/KL-Yang/mbl-linux-4.0

http://nils.schimmelmann.us/post/98616730247/i-liberated-my-netgear-centria-n900-router

Kategorie Linux

mandiant free forensic tools

24 June 2015
Source: https://www.mandiant.com/resources/downloads
  • Redline ®

    Redline® is a free utility that accelerates the process of triaging hosts suspected of being compromised or infected while supporting in-depth live memory analysis.More

  • IOC Editor

    Mandiant's IOC Editor is a free editor for Indicators of Compromise (IOCs).More

  • IOC Finder

    Mandiant's IOC Finder is a free tool for collecting host system data and reporting the presence of Indicators of Compromise (IOCs).More

  • Memoryze™

    Free memory forensics software designed to help incident responders find evil within live memory. More

  • Memoryze™ for the Mac

    Free memory forensics software designed to help incident responders find evil within live memory. More

  • Highlighter™

    Highlighter is designed to help security analysts and system administrators rapidly review log and other structured text files. More

  • Web Historian™

    Web Historian’s capabilities have been consolidated into Mandiant Redline.More

  • Research: PdbXtract™

    PdbXtract is a tool to help you explore symbolic type information as extracted from Microsoft programming database files.More

  • Research: Mandiant ApateDNS™

    Mandiant ApateDNS is a tool for controlling DNS responses though an easy to use graphical user interface (GUI).More

  • Research: Mandiant Heap Inspector™

    Mandiant Heap Inspector is a heap visualization and analysis tool. It has the ability to collect a process' heaps using both API and raw methods.More

Przekierowanie tcpdump linux - windows

8 June 2015

Linux

ssh xdalny-linux "tcpdump -s0 -w - 'port 8080'" | wireshark -k -i -

 

windows

 

plink -ssh username@remote-host "tcpdump -s 0 -w - 'port 8080'" | wireshark -i -

 

source: https://kaischroed.wordpress.com/2013/01/28/howto-use-wireshark-over-ssh/

Mini malware analyzer

8 June 2015
sudo brctl addbr bridge0
sudo tunctl -t tap0
sudo tunctl -t tap1
sudo tunctl -t tap2
sudo tunctl -t tap3
sudo brctl addif bridge0 tap0
sudo brctl addif bridge0 tap1
sudo brctl addif bridge0 tap2
sudo brctl addif bridge0 tap3
sudo ip l set dev tap0 up
sudo ip l set dev tap1 up
sudo ip l set dev tap2 up
sudo ip l set dev tap3 up
sudo ip l set dev br0 up
sudo ip addr add 192.168.168.50/24 dev bridge0 

 

Dodanie nowego dysku do LVM

9 April 2015

sudo fdisk /dev/sdb

dodanie partycji (n)

ustawienie typu (8e) - 'Linux LVM'

wylistowanie aktualnych zasobów:

$ sudo lvs
  LV     VG         Attr      LSize   Pool Origin Data%  Move Log Copy%  Convert
  root   lnx-tmw-vg -wi-ao--- 436.52g
  swap_1 lnx-tmw-vg -wi-a----  15.89g
$ sudo vgs
  VG         #PV #LV #SN Attr   VSize   VFree
  lnx-tmw-vg   1   2   0 wz--n- 465.52g 13.11g
$ sudo pvs
  PV         VG         Fmt  Attr PSize   PFree
  /dev/sda5  lnx-tmw-vg lvm2 a--  465.52g 13.11g
$ sudo pvs
  PV         VG         Fmt  Attr PSize   PFree
  /dev/sda5  lnx-tmw-vg lvm2 a--  465.52g 13.11g

dodanie nowego dysku fizycznego - PV (Physical Volume):

 sudo pvcreate /dev/sdb3

Rozszerzenie grupy wolumenu LVM

$ sudo vgextend lnx-tmw-vg /dev/sdb1

Wypisanie woluminów logicznych

$sudo  lvdisplay

  --- Logical volume ---
  LV Path                /dev/lnx-tmw-vg/root
  LV Name                root
  VG Name                lnx-tmw-vg
  LV UUID                XXXX-XXX-XXXX-XXX-XXX-XXX-b3wfbb
  LV Write Access        read/write
  LV Creation host, time lnx-tmw, 2015-04-02 11:58:26 +0200
  LV Status              available
  # open                 1
  LV Size                436.52 GiB
  Current LE             111750
  Segments               2
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           252:0

  --- Logical volume ---
  LV Path                /dev/lnx-tmw-vg/swap_1
  LV Name                swap_1
  VG Name                lnx-tmw-vg
  LV UUID                XXXX-XXX-XXXX-XXX-XXX-XXX-b3wfbb
  LV Write Access        read/write
  LV Creation host, time lnx-tmw, 2015-04-02 11:58:26 +0200
  LV Status              available
  # open                 0
  LV Size                15.89 GiB
  Current LE             4067
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           252:1

Rozszerzenie LV o 80%:

$ sudo lvm lvextend -l +80%FREE root

Rozszerzenie partycji systemowej:

$ sudo resize2fs -f /dev/lnx-tmw-vg/root

 

Kategorie Linux

Zmiana wielkości partycji NTFS w pod linux'em

9 April 2015

na odmontowanym dysku:

sudo ntfsresize --info /dev/sdb2
Device name        : /dev/sdb2
NTFS volume version: 3.1
Cluster size       : 4096 bytes
Current volume size: 500000879104 bytes (500001 MB)
Current device size: 500000882688 bytes (500001 MB)
Checking filesystem consistency ...
100.00 percent completed
Accounting clusters ...
Space in use       : 42992 MB (8.6%)
Collecting resizing constraints ...
You might resize at 42991591424 bytes or 42992 MB (freeing 457009 MB).
Please make a test run using both the -n and -s options before real resizing!

 

Testy (--size określa wielkość nowej partycji):

sudo ntfsresize --no-action --size 50000M  /dev/sdb2

Jeżeli wszystko jest ok:

Device name        : /dev/sdb2
NTFS volume version: 3.1
Cluster size       : 4096 bytes
Current volume size: 500000879104 bytes (500001 MB)
Current device size: 500000882688 bytes (500001 MB)
New volume size    : 49999995392 bytes (50000 MB)
Checking filesystem consistency ...
100.00 percent completed
Accounting clusters ...
Space in use       : 42992 MB (8.6%)
Collecting resizing constraints ...
Needed relocations : 9000796 (36868 MB)
Schedule chkdsk for NTFS consistency check at Windows boot time ...
Resetting $LogFile ... (this might take a while)
Relocating needed data ...
100.00 percent completed
Updating $BadClust file ...
Updating $Bitmap file ...
Updating Boot record ...
The read-only test run ended successfully

wykonujemy polecenie w trybie zapisu:

sudo ntfsresize --size 50000M  /dev/sdb2
Device name        : /dev/sdb2
NTFS volume version: 3.1
Cluster size       : 4096 bytes
Current volume size: 500000879104 bytes (500001 MB)
Current device size: 500000882688 bytes (500001 MB)
New volume size    : 49999995392 bytes (50000 MB)
Checking filesystem consistency ...
100.00 percent completed
Accounting clusters ...
Space in use       : 42992 MB (8.6%)
Collecting resizing constraints ...
Needed relocations : 9000796 (36868 MB)
WARNING: Every sanity check passed and only the dangerous operations left.
Make sure that important data has been backed up! Power outage or computer
crash may result major data loss!
Are you sure you want to proceed (y/[n])? y
Schedule chkdsk for NTFS consistency check at Windows boot time ...
Resetting $LogFile ... (this might take a while)
Relocating needed data ...

trochę to trwa a czekamy na:

100.00 percent completed
Updating $BadClust file ...
Updating $Bitmap file ...
Updating Boot record ...
Syncing device ...
Successfully resized NTFS on device '/dev/sdb2'.
You can go on to shrink the device for example with Linux fdisk.
IMPORTANT: When recreating the partition, make sure that you
  1)  create it at the same disk sector (use sector as the unit!)
  2)  create it with the same partition type (usually 7, HPFS/NTFS)
  3)  do not make it smaller than the new NTFS filesystem size
  4)  set the bootable flag for the partition if it existed before
Otherwise you won't be able to access NTFS or can't boot from the disk!
If you make a mistake and don't have a partition table backup then you
can recover the partition table by TestDisk or Parted's rescue mode.

Zmiana wielkości partycji:

sudo fdisk /dev/sda
Command (m for help): p
Disk /dev/sdb: 465.8 GiB, 500107862016 bytes, 976773168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x14cc98c0

Device     Boot  Start       End   Sectors   Size Id Type
/dev/sdb1  *      2048    206847    204800   100M  7 HPFS/NTFS/exFAT
/dev/sdb2       206848 976771071 976564224 465.7G  7 HPFS/NTFS/exFAT

kasujemy  partycje 2 (/dev/sdb2) (opcja d)

Tworzymy nową partycje o wielkości zmniejszonej do rozmiaru + 150 M: (opcja n)

Zmieniamy typ partycji (t na 7)

wykonujemy ostateczny test:

sudo ntfsresize --info --force /dev/sdb2

 


Device name        : /dev/sdb2
NTFS volume version: 3.1
Cluster size       : 4096 bytes
Current volume size: 49999995392 bytes (50000 MB)
Current device size: 52575600640 bytes (52576 MB)
Checking filesystem consistency ...
100.00 percent completed
Accounting clusters ...
Space in use       : 42978 MB (86.0%)
Collecting resizing constraints ...
You might resize at 42977857536 bytes or 42978 MB (freeing 7022 MB).
Please make a test run using both the -n and -s options before real resizing!

 

Kategorie Windows, Linux

Virtualbox konfiguracja RDP auth

8 April 2015
Aby nie było łatwo przejąć konsoli RDP przez podłączenie się do portu, ustawienie konfiguracji hasła dla RDP
    VBoxManage setproperty vrdeauthlibrary "VBoxAuthSimple"
    VBoxManage modifyvm "MyMachineName" --vrdeauthtype external
    VBoxManage internalcommands passwordhash "mojehasło"
# - output password hash
    VBoxManage setextradata "MyMachineName" "VBoxAuthSimple/users/some_user" "password hash"

Kategorie Linux

VirtualBox server

4 April 2015

Dziś stwierdziłem koniec - Windows (as hoster) jest do .... !

Windows 7 Enterprise w wersji 64bit "muli" tak, iż przy uruchamianiu wirtualki / kilku wiertualek  czas jest tragiczny...

rozwiązanie:

Ubuntu + virtualbox + phpVirtualBox i jest wspaniały serwer (host) Vbox:

od strony 25 http://dlc-cdn.sun.com/virtualbox/4.3.26/UserManual.pdf

opis instalacji: http://www.admin-magazine.com/Articles/Server-Virtualization-with-VirtualBox

pomimo świeżej instalacji pojawiły się problemy:

1)  * No suitable module for running kernel found

rozwiązanie: http://askubuntu.com/questions/582109/14-10-virtualbox-no-suitable-module-for-running-kernel-found-cannot-find-ker
+ instalacja z paczki dla debiana opkg -i virtualbox

2) klucze do repozytorium vs konfiguracja bezpieczeństwa sieci wewnętrznej

należy pamiętać o extension pack:

sudo VBoxManage extpack install [ścieżka do ściągnietych z https://www.virtualbox.org/wiki/Downloads]

sprawdzenie:

sudo VBoxManage list extpacks

No i zostało tylko mozolne przeniesienie obrazów ale to już pikuś :)

Samba OpenWRT

4 April 2015
Kategorie OpenWRT, Linux

TAO - The Secret War

z Archiwum razorCMS | 1 May 2012

source: http://www.wired.com/threatlevel/2013/06/general-keith-alexander-cyberwar/all/

Czytając fragment:

"The NSA was able to extract data about the Iranian networks, listen to and record conversations through computer microphones, even reach into the mobile phones of anyone within Bluetooth range of a compromised machine."

   zastanawiam się czy jest to opis wyrwany z fimu s-f, ale możliwość nieskrępowanego ciągu "1" i "0" są nieprawdopodobne jeżeli nie trzeba przechodzić przez konwerter cyfrowo analogowy :)

Kategorie Free Thinking