Linux Journal Copy Cat
GNU/LINUX RAMB MANUAL,TWEAKS AND TRICKS
INTRODUCTION:
Many people is misconcepted or misinformed about LINUX. Linux is not an O.S. but it is a kernel. It is useless when it is used alone it needs distros to make it a powerful operating system.There are are many Linux-Distros--Debian, Slackware, OpenSuse, Fedora, Gentoo, Ubuntu, Red Hat, CentOS, Kali and the list goes on and on everyday.Many of us have no clue that Android O.S. use LINUX kernel or else it will be just a cripple. Many of us donâ™t recognize how powerful a linux distro is. Most of us are not aware that 85 to 97 percent of websites in the wold run in Linux Distros.
WHY I WROTE THIS?:
I wrote this for a personal reason. Linux is good when it comes to security but is hard to use ---> It will be only hard If you donâ™t know what to do. Just invest some brain cells and it will be useful.Hoping would be a beginning for those who just learning the ropes.I intend it to be cheatsheet for newbie.Empirical Experience there are many times I have been in a forum, not all the posts there are useful. I chose the best of
them. So I have a reference when it comes tweaking.My last reason. I donâ™t want to forget it.
I. MAY COMMAND LIVE AND PERSIST
Donâ™t get intimidated by black screen and flickering green text on screen like those weâ™ve seen on those Hacker movies and claim to be a
super genious. Those overated and bullshits.
CLI --> Command Line Interface. CLI is useful use lesser memmory unlike its opponent GUI (Graphical Useâ™s Interface) use much memmory
BASH or Bourne Again SHell:A Linux/Unix shell that you type your command there are alternatives like xterm and konsole. The counterpart of bash in Windows is Batch files like Batch file, BASH does not need to be compiled to run. it just runs, and could change the code on the fly.
One of the useful tool Xterm shell is the crontab. I used to delete those files over and over again with this tool you can elimate
those habitual deletion of file and saves a lot times. In Linux shell type âœcrontab -lâ
in my case : this is my crojobs it includes of the file path of my bash script---xhistory.sh
To edit the crontab type the âœcrontab -e" on linux shell
johndoe@linuxdistros:~$ crontab -e
Put the following lines of command and save it then restart your machine. It supposed to
work.
#every 15 minutes the machine will execute this bash script file
*/15 * * * * sh "/home/john/cronjobs/xhistory.sh"
And the xhistory.sh contains the following lines of script commands.
#It fills .bash_history with ramdom characters for 34 times
shred -n 34 "/home/charm/.bash_history"
#Then emptying the file by filling with null bytes
cat /dev/null > /home/john/.bash_history
history -c
history -w
shred -n 34 "/home/john/.local/share/recently-used.xbel"
cat /dev/null > /home/john/.local/share/recently-used.xbel
shred -n 34 "/home/john/.config/smplayer/smplayer.ini"
cat /dev/null > "/home/john/.config/smplayer/smplayer.ini"
The exections secure delete the contents of history files. It is a little bit
counter hacking but it is good when you used it mysql shell, rlogin, ssh passwords
it prevents the attacker to exploit you passwords. And one more thing it saves disk space.
Minute Hour Day MONTH YEAR commands
* * * * * /root/run_me.sh
HARDENED NETWORK SECURITY
iptables --> it is a very versatile firewall native in linux kernel. You donâ™t need to install a a 3rd party software, you just need
know how it works
YOUR SECURITY IS VITAL. You could avoid hackers scanning and launching ARP Network poisoning (Like wifikill on android devices )
which can cut you out from internet. And the worse is they can still information, passwords and even credit card number by
launching ssl strip tools. You could avoid that and become stealth in a network like in a public internet network.
Somebody can ping scan your machine your machine and that is start of the vulnerability. You are also vulnerale of what they call it
âœPing of deathâ which is a kind of DOS (Denial of Service) Attack and MITM (Man inn The Middle Attack) Attak which can totally strip naked
your privacy and it allows someone to steal your passwords in the site your visited. You could avoid those threat by utilizing
the following commands in linux system shell.
NOTE: It requires root access
#DISALLOWING REMOTE ACCESS in x11
root@linuxshell:~$iptables -A INPUT -p tcp --destination-port 6000 -j REJECT
root@linuxshell:~$iptables -A OUTPUT -p tcp --destination-port 6000 -j REJECT
root@linuxshell:~$ip6tables -A INPUT -p tcp --destination-port 6000 -j REJECT
root@linuxshell:~$ip6tables -A OUTPUT -p tcp --destination-port 6000 -j REJECT
#Disallowing ping from someone. Your machine rejects ping it does not reply.
root@linuxshell:~$iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
root@linuxshell:~$iptables -A OUTPUT -p icmp --icmp-type echo-reply -j REJECT
iptables -A INPUT -s 192.168.1.103 -J DROP --> Drop all packets from specific IPaDD
To Check it out if the code works
root@linuxshell:$ iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:x11 reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere icmp echo-request reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:x11 reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere icmp echo-reply reject-with icmp-port-unreachable
This one will prevent your machine from WifiKill and MITM and DOS attack in Local Network.
NOTE: It requires root access.
This one is wlan or wifi
root@linuxshell:~$echo "1" > /proc/sys/net/ipv4/conf/wlan0/arp_ignore
root@linuxshell:~$echo "8" > /proc/sys/net/ipv4/conf/wlan0/arp_announce
This one is for LAN or Ethernet card:
root@linuxshell:~$echo "1" > /proc/sys/net/ipv4/conf/wlan0/arp_ignore
root@linuxshell:~$echo "8" > /proc/sys/
net/ipv4/conf/wlan0/arp_announce
#######################################
YOU SHOULD TRY sysctl -a
You can set some firewall rules
and it retains even the system is restarted
the path of config file is
/etc/sysctl.conf
######################################
HARDENED PRIVACY ( needs to be edited)
In this section I will tackle more advance security. If you are an average internet users you donâ™t need to do this stuff, but if you are a journalist, eloectronic privacy
advocate or a wistleblower you want to expose some corruptions and it is definitely a matter of life and death. You have to be careful I advice to turnoff your swap before encrypting files and send it to someone.
I highly recommend to use âœTailsâ linux distro. A bootable OS can be booted on usb and CD. But if you want to leave any digital fingerprint and you want to hide an
incriminating data. (just google it)
After your machine boot up. Do this first in Linux Shell.
swapoff -a
a - all. turn of swap totaly
you can check it out by: typing the following command on Bash
htop - swap memmory should appear 0.
freem -a
The swap memmory also can be encrypted. just google it.
Creation of 6MB file
dd if=/dev/urandom of=swapfile.crypt bs=1M count=64
loop=$(losetup -f)
losetup ${loop} swapfile.crypt
cryptsetup open --type plain --key-file /dev/urandom ${loop} swapfile
mkswap /dev/mapper/swapfile
swapon /dev/mapper/swapfile
The result:
# swapon -s
Filename Type Size Used Priority
/dev/mapper/swap0 partition 4000176 0 -1
/dev/mapper/swap1 partition 2000084 0 -2
/dev/mapper/swapfile partition 65528 0 -3
swap0 and swap1 are real partitions.
shareimprove this answer
edited Feb 12 '13 at 22:39
cjm
20.3k57073
answered Feb 12 '13 at 21:10
ott--
7661512
5
This Configuration uses randomly generated keys at boot and will not support Hibernation to hard disk! You Should Disable Hibernation through your respectie DE Power Management Utility and set it to Shutdown on Critical to avoid Data Loss!
Make sure to run sudo -s or su before running the following.
Disable Swap:
# swapoff -a
Locate the existing Swap Partition
# lsblk
You will get something like this:
sda3 8:3 0 8G 0 part [SWAP]
Overwrite Old Swap
# dd if=/dev/zero bs=1024000 of=/dev/sda<#>
for example:
# dd if=/dev/zero bs=1024000 of=/dev/sda3
fstab setup
# vim /etc/fstab
Replace old SWAP device with crypttab mapper name: /dev/mapper/cswap
#<file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/cswap none swap pri=1,defaults 0 0
Crypto Setup
# ls -lF /dev/disk/by-id
For Example:
ata-HGST_HTS545050A7E680_TEK55D4F0BU3GV-part3 -> ../../sda3
# vim /etc/crypttab
# <name> <device> <password> <options>
cswap /dev/disk/by-id/ata-HGST_HTS545050A7E680_TEK55D4F0BU3GV-part3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
Active Encrypted Swap
# reboot
Verify Enctypted Swap Operations
For example:
# dmsetup -C info
cswap 253 0 L--w 2 1 0 CRYPT-PLAIN-cswap
# lsblk
â"œâ"sda3 8:3 0 8G 0 part
â"‚ â""â"cswap 253:0 0 8G 0 crypt [SWAP]
# cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-0 partition 8385532 0 -1
####################################################################
ENVIRONMENTAL VARIABLES
You can also edit environmental variables. In your home directory search for .bahrc
if thereâ™s none in existence make one. This is a cool thing you can decide what you wanted
to do with your bash shell environment. Open âœ.bashrc" and add this line:
PS1='\u@\h:\w\$ '
When you open the cosole the display would be like this.
john@bashshell:~$
you can just change it whatever you want to do with it like:
PS1='\u@\h:\w\# '
It results:
john@bashshell:~#______
There is another one useful for changing environmental variables.
this one is like a starup folder in windows.
open the file path /etc/profile.d/
If you ought to install software in another folder besides the nstandard installation folder (like your new downloaded firefox you want it to install in other folder like an encrypted disk beside the standard disk)you have to change the environmental variables like in this case the java is installed in none standard way. you can check it out by typing âœwhich javaâ in my case java could not found because it is installed in none standard way.
First I move The jkd7 folder from /usr/lib64/jdk7 to /usr/jdk7 (you can also do this in umounted devices encrypted volume like truecrypt and luks you program runs there)
if i type java -version in bash I recieve this
bash: java: command not found
This the original path
#!/bin/sh
export JAVA_HOME=/usr/lib64/jdk7
export PATH='/usr/lib64/jvm/bin:/usr/lib64/jvm/jre/bin:/usr/lib64/jvm/bin:/usr/lib64/jvm/jre/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib64/kde4/libexec:/usr/lib64/qt/bin'
This is the modified path
#!/bin/sh
export JAVA_HOME=/usr/jdk7
export PATH='/usr/jdk7/bin:/usr/jdk7/jre/bin:/usr/jdk7/bin:/usr/jdk7/jre/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/jdk7/bin:/bin:/usr/games:/usr/lib64/kde4/libexec:/usr/lib64/qt/bin'
restart your machine.
on conssole type: java -version
Java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)
You supposed to see the java vesion. In that case it should work all the way.
feb 3, 2016
If you want to torrify your download. run tor first and do the
next step: this time i download the file with name âœyoutube-dlâ
i tunnel the connection in TOR using socks5
curl --socks5-hostname 127.0.0.1:9150 http://youtube-dl.org/latest/youtube-dl -o youtube-dl
The good thing about âœcurlâ if the download is interupted or experinced disconnection you can still resume your download. if the file is too large and you want continue the download the next day you can still resume the remaining bytes.
OPENSSL OPEN SSL
There was something in my machine always bothering me I canâ™t install
openssl properly it was always butt-in the older installed ssl version
the problem is I was so stupid that I dinâ™t think about the path name of the old one just to overight my machine is a little bit eccentric it dinâ™t install openssl in the standard directory so i have no configure the installation first this is the path that work in my machine: ./config --prefix=/usr/local --openssldir=/usr/local/openssl
./config
make
make test
make install
I just browsed it on the web I don't know if it is working
HOW TO ANONYMIZE FIREFOX on 2010-08-10
wrote :
change in about:config
browser.download.manager.scanWhenDone = false
browser.send_pings = false
dom.disable_window_open_feature.menubar = true
dom.disable_window_open_feature.scrollbars = true
intl.accept_charsets;utf-8
intl.accept_languages;en
intl.charset.default;utf-8
intl.charsetmenu.browser.cache;UTF-8
keyword.enabled = false
layout.css.visited_links_enabled = false
network.http.sendRefererHeader;0
network.http.accept.default;*/*
network.prefetch-next = false
network.proxy.socks_remote_dns = true
########################################################################
add to about:config (for faking the user agent)
new - string: general.useragent.override - value: Mozilla/5.0 (en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
########################################################################
change settings
(in firefox 3.5 and higher first choose "user default" to change some settings)
javascript:disabled
java: disabled
history: disabled
chronicle: disabled
save data: disabled
cookies: disabled
clear private data: enabled (all)
remember passwords: disabled
offline storage: 0 mb cache
########################################################################
search engines disable/uninstall
PACKET WARS
#to forward the traffic to your machine between your target and router.
echo 1 > /proc/sys/net/ipv4/ip_forward
MORE ABOUT NETWORK SECURITY
SSH - Safe shell. A future network admin should know how to use telnet, rlogin , sftp, gopher and ssh.
Safe shell is secure. You should know how configure ssh server and client for encrypted connection. In my case I
use OpenSSH for BSD
https://archive.is/o/zCaQN/www.ssh.com/support/documentation/online/ssh/adminguide/32/Generating_the_Host_Key.html
-----------------------------------------------
SSH PROXY connection
ssh -p 443 -C2qTnN -D 52233 skyssh.com-florp@146.185.160.149

ssh -D 12345 myuser@remote_ssh_server
SOCKS Host: 127.0.0.1 port: 12345 (I, actually, used 8080) with
ssh -C2qTnN -D 8080 user@my_server
create.sshgoogle.com
fastssh.com
skyssh.com
http://www.phcorner.net
un: json***
pw: cro*****
tcpvpn.com
bestvpnssh.com
mytunneling.com
createssh.com

ssh -C2qTnN -D 8080 -p 443 skyssh.com-anonme@188.166.190.87
ssh -C2qTnN -D 51234 skyssh.com-krang@45.32.147.45
-------------------------------------------------------------------------------------
PUT YOUR WIRELESS CARD IN MONITOR MODE
(It depends on your wlan card if it is supported listening or monitor mode.
ON YOUR SHELL
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
ifconfig wlan0 down
iwconfig wlan0 mode managed
ifconfig wlan0 up

#redirect all of torify's traffic to localhost
sudo iptables -t nat -A OUTPUT -m owner --uid-owner torify -j DNAT --to-destination 127.0.0.1
#allow vm to access privoxy, tor
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -p tcp --dport 8118 -j ACCEPT
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -p tcp --dport 9050 -j ACCEPT
#allow tor to access vm
sudo iptables -A OUTPUT -o lo -m owner --uid-owner debian-tor -p tcp --dport 5022 -j ACCEPT
#if we allow it outgoing, allow it incoming and don't interfere with prior connections
sudo iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp -m state --state RELATED -j ACCEPT
sudo iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -m state --state RELATED -j ACCEPT
#don't let anything access vm on localhost
sudo iptables -A OUTPUT -o lo -p tcp --dport 5022 -j DROP
#don't let torify snoop around on listening localhost ports
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -j DROP
#don't allow external machines to access vm
sudo iptables -A INPUTÂ ! -i lo -p tcp --dport 5022 -j DROP
#drop all torify traffic failsafe and protocol agnostic
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -j DROP
To make sure the rules stay after reboot, type the following command: sudo iptables-save
Next we'll need to make sure Privoxy works with Tor. Type this command: sudo gedit /etc/privoxy/config
Delete everything in the file and replace it with this:
# Generally, this file goes in /etc/privoxy/config
#
# Tor listens as a SOCKS4a proxy here:
forward-socks4a / 127.0.0.1:9050 .
confdir /etc/privoxy
log /etc/privoxy
#actionsfile standard # Internal purpose, recommended
#actionsfile default # Main actions file
#actionsfile user # User customizations
#filterfile default.filter
# Don't log interesting things, only startup messages, warnings and errors
#logfile logfile
#jarfile jarfile
#debug 0 # show each GET/POST/CONNECT request
#debug 4096 # Startup banner and warnings
#debug 8192 # Errors - *we highly recommended enabling this*
user-manual /usr/share/doc/privoxy/user-manual
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-edit-actions 0
enable-remote-http-toggle 0
Now, type this command:
sudo /etc/init.d/privoxy restart

Well, that didnâ™t work like intended. We dropped ARP related traffic to the IP address, but not on IP level. This is also visible in the arp -n list:
root@ubuntu:/data# arp -n
Address                 HWtype HWaddress          Flags Mask           Iface
192.168.1.20           ether  00:a7:22:23:d1:f3  C                    eth0
192.168.1.1             ether  d8:d7:21:22:5a:f4  C                    eth0
So to make this work, we simply have to flush the ARP cache. We delete the related ARP entry:
root@ubuntu:/data# arp -d 192.168.1.1
root@ubuntu:/data# arp -n
Address                 HWtype HWaddress          Flags Mask           Iface
192.168.1.20           ether  00:a7:22:23:d1:f3  C                    eth0
192.168.1.1Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â (incomplete)Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â eth0

Specific traffic filtering
Back to our original mission: only allow our router to exchange ARP packets.
root@ubuntu:/data# Block ARP traffic from all machines (default: DENY)
arptables -P INPUT DROP
root@ubuntu:/data# Allow router (fixed ARP)
arptables -A INPUT --source-mac d8:d7:21:22:5a:f4 -j ACCEPT
All ARP packets are blocked now. Each system which will transmitting traffic will end up as an (incomplete) entry.
Enable all ARP traffic
If we want to allow traffic again:
root@ubuntu:/data# arptables -P INPUT ACCEPT
root@ubuntu:/data# arptables --flush
Flushing the full ARP cache can be done with ip utility:
root@ubuntu:/data# ip -s neighbour flush all
Conclusion
Arptables is a very powerful utility to filter traffic and avoid an unexpected router taking over our connectivity. However, keep in mind that connectivity is not fully blocked. Only ARP traffic is blocked (layer 2/3 on the OSI model). If someone is able to manually add an entry to the ARP table, traffic is able to flow again.
One hardening trick I like is to turn off ARP completely with:
ip link set dev eth0 arp off
Then add a static ARP entry for the router so you can get to that:
arp -s 10.0.0.2 00:0c:29:c0:94:bf
------------------------------
gpg --keyserver pgpkeys.mit.edu --recv 8B48AD6246925553
#######################
To update java download java.33.3..gz and extract the files in the current directory of java installation just a sort of copy and paste
######################################
you could secure delete klipboard it is located in /.kde/ but you can disable the saving in klipboard in options
Set Environmental variables
export MYHOME=/mnt/live/memory/data/AdwCleaner/
###############################
# TO DISABLE BASH HISTORY PERMANENTLY #
# echo 'set +o history' >> ~/.bashrc #
###############################
JUST DISABLE HISTORY IN A CURRENT SHELL

set +o history
##############################################
The OpenSSH 7+ does not support deffie-hellman handshake by default
you should config it or type it specifically in CLI. And does not display the key in md5 hexadecimal string format but a series of gibberish. To make it work in that way one should edit this config as I explain below:
/home/user/.ssh/config
Host 192.168.1.1
KexAlgorithms +diffie-hellman-group1-sha1
FingerprintHash md5
/home/user/.ssh/config
What I did is to make something in old format md5 display and old
Host * # anyhost
ForwardX11 yes
Compression yes
X11 is also cool thing
==============================
Linux command line show directory sizes
du -sh *
http://112.203.90.24//admin/pldt.asp --might be exploited
=========================================
LEARNING APACHE MORE
This is substantial
http proxy using apache âœproxy-html.conf <--Im gonna study about that

f2592419@mvrht.comf2592419@mvrht.com
=================================
DNS/NameServer
I find a more effective way to customize dns server
=========================================================
#add into .bashrc
genpasswd() {
local l=$1
[ "$l" == "" ] && l=16
tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs
}
===============================================================================
unix tools
fc ---edit .bash_history
LINUX/unix MONITORING TOOLS
iptraf --network
top --process
vmstat --process
iostat
iftop --network
du -sh * --> show directory sizes
1. Fire up airodump-ng, lock to the channel that has the network AP you are interested in.
2. Note the BSSID of the AP and the MAC of a connected client.
3. Use aireplay-ng to force a deauth. Since Association and Re-Association packets contain the SSID whether hidden or not,
when the client reconnects, your airodump-ng session should capture the SSID and report that in your session window.
Basic syntax is:
aireplay-ng -0 3 -a $BSSID -c $CLIENTMAC $INTERFACE
aireplay-ng --ignore-negative-one -0 30 -a C4:6E:1F:48:DB:E4 -c 04:1B:BA:44:A3:E8 mon0
aireplay-ng --ignore-negative-one -0 -a 00:13:33:F3:84:9B -c 9C:B7:0D:26:0D:59 mon2
B315_9487D


root@bt:~# /pentest/password/jtr/john --stdout --incremental:all | aircrack-ng -b 00:19:5B:52:AD:F7 -w - /tmp/wpa2*.cap

-----------------------------------------------------------------------------------------------------------------------------------
iptables -I FORWARD 5 -s 10.42.0.52 -p tcp -m quota --quota 104857600 -j ACCEPT
456 iptables -I FORWARD 1 -s 10.42.0.52 -p tcp -m quota --quota 104857600 -j ACCEPT
457 iptables -I FORWARD 2 -s 10.42.0.52 -j DROP
------------------------------------------------------------------------------
Conserning about bandwith quota In my own machine not the forwarding or shared
connections ones. this is 20 mb limit 20 971 520
iptables -A INPUT -p tcp -m quota --quota 20000000 -j ACCEPT
iptables -A INPUT -j DROP
1000/1024 bytes = 1 kb
 1 MiB = 220 bytes = 1024 kibibytes = 1048576bytes
ssh -C2qTnN -D 8090 usrname@hostname -p 443

###################################################
NETWORK SECURITY!
MITM NO PROBLEM IGNORE ICMP OR BROADCAST REQUEST
Add the following line âœ/etc/sysctl.confâ
Ignore ICMP request:
net.ipv4.icmp_echo_ignore_all = 1
Ignore Broadcast request:
net.ipv4.icmp_echo_ignore_broadcasts =1
#load new setting by typing the following command# sysctl -p
to show all the rules: sysctl -a
IT IS ALSO A GOOD THING IF YOU DISABLE YOUR IPV6 IF YOU DON'T
USE IT:
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
another method permanent effect edit the following file:
/etc/sysctl.conf
#with this lines
#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
#############################################
CREATING A BOGUS SSID OR AN EVIL TWIN
airbase-ng -a 00:09:5B:6F:64:1E --essid
"Fakeaccesspoint" -c 11 mon0
#########################################################
miselenious tricks display time in the upper left of the terminal
while sleep 1;do tput sc;tput cup 0 $(($(tput cols)-29));date;tput rc;done &
07/05/17 07:30:58 PM
Adding the rule
iptables -A OUTPUT -p udp --dport 53 -j DROP
removing the rules
iptables -D OUTPUT -p udp --dport 53 -j DROP
Sunday, November 12, 2017
If you were having a problem in your default DNS server e.g. your pesky router. Just dont forget the resolve.conf in âœ/etc/resolve.confâ
and add the following line:
nameserver 8.8.8.8 #invoking google server as you dns server
##########################################################################
Whatâ™s more surprising I solved a long time problem in sshd put it in booting up. And might solve other problem like putting httpd servic in startup
just change the chmod 0777 the file specific file in this directory âœ/etc/rc.d/â
#AUTO START SCRIPT IN MY MACHINE WITHOUT ERROR
# FILENAME: rc.local
# DESCRIPTION: This script enable tap functions of touchpad in this machine
# lenovo.modprobe startup script is not functioning and I dont know why.
# INSTRUCTION: Add the following script on rc.local the directory /etc/rc.local
# if does not exist create it or Simply copy this file [/etc/rc.local]
# and execute this command: [service rc.local restart] without the square brackets
# This procedure must have effect already your touchpad tapping function. Reboot your machine
# init 6
modprobe -r psmouse
modprobe psmouse proto=imps
It more
######################################################################
Sunday, November 19, 2017
In this moment in time I completely configured working dnsmasq DNS server in
this machine but sandly my linux machine at home is broken. It saddens me the fact that I have good internet connection at home and cound not even practice stardard networking practice at home I had to be a snitch. To digest everything I learned in a short period at time. I know it is wrong but I coudnâ™t help myself to solve something (a long time problem) . I eager to learn more thatâ™s how I get my drive to insist my persitence in learning.
By the way I wanted to write down details how I solved that DNS (dnsmasq problem)
saving queries in a text file
dnsmasq --no-daemon --log-queries --log-facility=/var/log/dnsmasq.log
just show log queries
dnsmasq --no-daemon --log-queries
Slax DEBIAN BASED ERA
2018-04-09 07:51:
I have installed new linux base OS
It is in its infancy but I guess I would learn a lotfrom it
The first and foremost problem I encountered and solved is about
the autologin of Debian OS even though it has password(It is modified version of Debian it is sort of minimalist OS so many features are not includedin the system. like the desktop manager ). I just googled it unlike
before I had to do it all by myself.
systemctl set-default multi-user.target
To make it back in autologin
systemctl set-default graphical.target
As I have said, I donâ™t have Desktop manager I couldnâ™t
even adjust the brightness. Just like I did in the first I googled it
Debian has a lot of community support unlike the former distro I had.
This is the solution.
echo 1000 > /sys/class/backlight/intel_backlight/brightness
just like that. But it depends on your hardware you should follow the /sys/class/backlight and browse the directory to find out which is which.
script to make it automated
#################################################
#!/bin/sh
if [ $1 -le 0 ]
then
echo "1" > /sys/class/backlight/intel_backlight/brightness
else
echo $((2400 * $1 / 100 )) > /sys/class/backlight/intel_backlight/brightness
fi
#################################################
MORE GOOD FIREWALL RULES FROM EXPERTS JUST PASTED WHOLE THING HERE JUST FIGURE IT OUT
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0
net.ipv4.icmp_echo_ignore_all = 1
If you have issues on your touchpad here is the solution
https://forums.kali.org/showthread.php?221-Touchpad-Synaptics-Tapping-issue-Solved
on the command line:
modprobe -r psmouse //disable touchpad first
modprobe psmouse proto=imps //it should function your touchpad
If you want to make it automated. modify the file of the
following path /etc/modprobe.d/anyname.conf
add the following line
options psmouse proto=imps
Insert date from cli output VIM editor
:r !date
Sat May 5 04:11:45 EDT 2018
I dont like Windows OS specially windows10 it is the biggest
spyware. It captures screen shots and the plain text of the text file
is being spied so I tranfered this text on a volume
I googled and it said you can make a virtual disk, like ext4 file system
you can make it, but you must make a file container first you can use
fallocate or dd (google it stupid). and make it by use some
tools like mkfs, e.g. mkfs.ext4 <nameofthefile) and you can mount it
like you just mounting a regular disk.
Creation of 500mb container:
dd if=/dev/zero of=MyDrive.img bs=1M count=500
This one is pretend to be a broken disk
dd if=/dev/zero bs=1k count=100 | tr "\000" "\377" > /dev/sdb
My discovery it can be used to wipe ssd/hhd
dd if=/dev/zero of=foo.bar bs=300k count=1 conv=notrunc
Formatting of the Container:
mkfs -t ext3 MyDrive.img
Now you can mount it.
mount MyDrive.img /mnt/mountfolder
--------------------------------------------------------------
THIS COULD BE SOLUTION TO MY LONG TERM PROBLEM
DNS SERVER WITH CUSTOM PORT
87.118.100.175 (Ports: 53, 110)
94.75.228.29 (Ports: 53, 110, DNSSEC)
87.118.104.203 (Ports: 53, 110,DNSSEC)
62.141.58.13 (Ports: 53, 110, HTTPS-DNS, DNSSEC)
87.118.109.2 (Ports: 53, 110, DNSSEC)
09.12.2019
ULTIMATE SOLUTION FOR SECURE E2EE FOR DNS ASIDES FROM HTTP-DNS
dnscrypt-proxy
# FileName: dnscrypt-proxy.conf
# A more comprehensive example config can be found in
#
# /usr/share/doc/dnscrypt-proxy/examples/dnscrypt-proxy.conf
ResolverName random
ResolversList /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
#cloudflare
#yandex
#ipredator
Daemonize no
#fallback_resolver = 77.88.8.7:53
# LocalAddress only applies to users of the init script. systemd users must
# change the dnscrypt-proxy.socket file.
# to edit systemctl edit dnscrypt-proxy.socket
LocalAddress 127.0.2.1:53
----------------------------------------------
# To Edit systemctl edit dnscrpt-proxy.socket
#fileName dnscrypt-proxy.socket
[Socket]
ListenStream=
ListenDatagram=
ListenStream=127.0.2.1:53
ListenDatagram=127.0.2.1:53
https://forums.gentoo.org/viewtopic-t-164165-start-0.html
Fri Jun 1 09:41:01 CST 2018
Open_SSH7.4p1 disables the following key exhange algorithms and
cipher by default. so I need to define the following
line in ~/.ssh/config to pull this out.
Host 10.0.0.1
FingerprintHash md5
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers 3des-cbc
--------------------------------------------
disable a certain linux service
-------------------------------------------
systemctl disable dnsmasq.service
#check status
systemctl status dnsmasq
------------------------
show services and etc
systemctl --all
Monday, October 08, 2018
NOTE TO MYSELF
Just searching all over again for something. Those pesky files stored in a removable SSD storage
I fear it is gone for good.
use âœddâ command to overwrite file with zeros or make a container file âœmkfsâ at least I have a clue
doing something than nothing.
Iâ™ve got the best solution before.
Create your image file of the size you want:
dd if=/dev/zero of=./your.img bz=1M count=<number of megabytes you want>
Format it
mkfs.ext3 ./your.img
(Recheck that command before running it, do read what is printed out.)
Mount it:
mount -o loop ./your.img /some/mount/point
And you're done. Don't forget to unmount before you copy/send that image file anywhere.
dd if=/dev/zero of=~/theFile.img bs=1M count=10
$ /sbin/mkfs.ext4 theFile.img
$ sudo mount -o loop theFile.img /mnt/tmp/
Oct 11, 2018
In any GNU LINUX distros if you install something related to video or audio and if it does
not work in non-root user try to add that user(s) in that group video/audio/graphic shits shits.
October 17, 2018
IMAGE AND DEVICE ENCRYPTION
LUKS / CRYPTSETUP
Sample of creation of encrypted image file
fallocate -l 100M encryptedimage.bin
mkfs.ext4 -j encryptedimage.bin
cryptsetup -y luksFormat encryptedimage.bin
MOUNT LUKS IMAGE / DISK CONTAINER
cryptsetup luksOpen enk.bin enkVolume
mkfs.ext4 /dev/mapper/enkVolume
TO UNMOUNT LUKS IMAGE / DEVICE
cryptsetup luksClose /dev/mapper/enkVolume
November 15, 2018
I just discovered tcplay means tru3 crypt play it can create and mount TC volume
HERE ARE some of the procedures according to your need
Encrypting a file as a virtual volume
Invoke
$ losetup -f
to find the first unused loopback device; in this example, /dev/loop0.
Note: As of udev 181-5, the loop device module is no longer auto-loaded.
Create a new container foo.tc, 20M in size for instance, in the working directory:
# fallocate -l 20M foo.tc
# losetup /dev/loop0 foo.tc
# tcplay -c -d /dev/loop0 -a whirlpool -b AES-256-XTS
Enter a secure password for the volume, and confirm the query to overwrite foo.tc with the new volume. tcplay will then write random data into the volume. Map the volume and create a filesystem on it in order to mount
# tcplay -m foo.tc -d /dev/loop0
# mkfs.ext4 /dev/mapper/foo.tc
# mount /dev/mapper/foo.tc /mnt/truecrypt/
To unset the container,
# umount /mnt/truecrypt
# dmsetup remove foo.tc
# losetup -d /dev/loop0
Mounting an existing container for a user
Consider /dev/loop0 the first unused loop device, foo.tc the TrueCrypt container, /home/you/truecrypt/ the desired mount point. The user you in this example has uid=1000 and gid=100. The steps for mounting the container as a virtual volume are:
Associate loop device with the container
Map the container to the loop device
Mount the container in the filesystem
The following commands perform the above actions.
# losetup /dev/loop0 foo.tc
# tcplay -m foo.tc -d /dev/loop0
# mount -o nodev,nosuid,uid=1000,gid=100 /dev/mapper/foo.tc /home/you/truecrypt/
Note, if the container uses ext4 or another filesystem that supports file ownership, the uid and gid parameters aren't needed and will not work. Therefore the third command would be simply:
# mount -o nodev,nosuid /dev/mapper/foo.tc /home/you/truecrypt/
To reverse them:
# umount /home/you/truecrypt/
# dmsetup remove foo.tc
# losetup -d /dev/loop0
Using tcplay-helper
The tcplay-helper-gitAUR[broken link: package not found] tool simplifies the process of creating, mounting and unmounting tc-play containers. The tool is still a work-in-progress, but should work fine for most users wanting to work with simple secure tc-play containers.
The following command creates a 3Mb container called foo.tc.
# tcplay-helper create foo.tc 3M
To mount the container file we can either mount it as root with the following command. The container will be mounted under /mnt/truecrypt/
# tcplay-helper open foo.tc
Alternatively, we can supply a username to mount the container as.
# tcplay-helper open foo.tc archie
Finally, to close the container this command does the trick.
# tcplay-helper close foo.tc
ovember 16, 2018
FOR THE BROADER KNOWLEDGE ABOUT FILE SYSTEM
LET TRY SQUASH FILE SYSTEM
It can be mounted but it just a read-only filesystem
you can use tar, zip, 7zip etc instead
bash# mksquashfs /var/arch /var/arch.sqsh
bash# mkdir /mnt/tmp
bash# mount /var/arch.sqsh /mnt/tmp -t squashfs -o loop
bash# ls /mnt/tmp
CHANGE VLC USERAGENT
vlc 'http://wiki.videolan.org/' :http-user-agent='FooBar/1.2.3'
may 20, 2019
I Learned things in a hardway because I am stupid
Learn How to PURGE
apt remove package ----just remove to program the config files not included
apt-get purge dnsmasq ----> remove programs dependencies including config files
# SET UP FAKE CAM
#!/bin/sh
# install v4l2looback first
# card label that would be your camera name
printf "Requires root access"
modprobe v4l2loopback video_nr=5 card_label="Intergrated Webcam"
#--------------------------------
# this one works well you could play even file in url
ffmpeg -re -i sadak.mp4 -r 10 -pix_fmt yuyv422 -f v4l2 /dev/video5
ffmpeg -f x11grab -r 15 -s 1280x720 -i :0.0+0,0 -vcodec rawvideo -pix_fmt yuv420p -threads 0 -f v4l2 /dev/video0
ffmpeg -re -i video.mp4 -c:v rawvideo -pix_fmt yuv420p -f v4l2 -s 640*360 /dev/video0
ffmpeg -re -i input.mp4 -map 0:v -f v4l2 /dev/video0
Sept.12.2019
Useful tools ipcalc
root@ibm~# ipcalc 10.0.0.1/8
Address: 10.0.0.1 00001010. 00000000.00000000.00000001
Netmask: 255.0.0.0 = 8 11111111. 00000000.00000000.00000000
Wildcard: 0.255.255.255 00000000. 11111111.11111111.11111111
=>
Network: 10.0.0.0/8 00001010. 00000000.00000000.00000000
HostMin: 10.0.0.1 00001010. 00000000.00000000.00000001
HostMax: 10.255.255.254 00001010. 11111111.11111111.11111110
Broadcast: 10.255.255.255 00001010. 11111111.11111111.11111111
Hosts/Net: 16777214 Class A, Private Internet
So I discovered open host slots
############################################################
#HOW To convert unixtime to readable format vice versa. [tag unix time]
bash# date -d "2019-11-09 18:24:30" "+%s"
1573323870
bash#date --date='@1573323870'
Sat Nov 9 18:24:30 UTC 2019
##################################################################
Samba client
mount.cifs //[IP_ADDR]/SERVER_NAME/FOLDER_NAME /mountpoint
nmblookup '*'
nmblookup -S WORKGROUP
#######################################################
GET SUM IN FILES
NOTE: IT ALSO COMPUTES DECIMAL NUMBERS
awk '{ sum += $1 } END { print sum }' Oct24-Nov30.txt
#######################################################
###################################
Get the sum of list of number
Warning It ignores decimal places
###################################
grep -oE '[0-9]+' Oct24-Nov30.txt | paste -s -d + - | bc
ou can use grep + paste + bc
$ grep -oE '[0-9]+' file
10
10
20
20
20
$ grep -oE '[0-9]+' file | paste -s -d + -
10+10+20+20+20
$ grep -oE '[0-9]+' file | paste -s -d + - | bc
80
tr 'A-Za-z0-9' 'N-ZA-Mn-za-m5-90-4'
################################################3
bssid: Upper Room
BC:C0:0F:BF:90:80
1john3v16
chrome.exe --proxy-server="socks5://localhost:9050" --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE localhost"
===========================
screen capture FFMPEG
https://ffmpeg.org/ffmpeg-devices.html#x11grab
===========================
ffmpeg -f x11grab -framerate 25 -video_size cif -i :0.0 out.mp4
Sun Jun 6 03:56:34 CST 2021
NEW TRICKS IN MY SLEEVES
Can execute command in text stream
The nice thing about it different
command from everyline
just press CTRL-C for the next command
line in the next line.
$/bin/sh -c "$(cat IoT.txt)"
Thu Jul 8 06:26:40 UTC 2021
pgrep firefox | xargs kill
ps -auxf
ps firefox
ps -A
Thu Jul 8 07:41:44 UTC 2021
A Golmine
Ctrl-c kill foreground process
Ctrl-z Suspend fg process
Ctrl-d Terminate input, or exit shell
Ctrl-s Suspend output
Ctrl-q Resume output
Ctrl-o Discard output
Ctrl-l Clear screen
GNU/LINUX RAMB MANUAL,TWEAKS AND TRICKS
INTRODUCTION:
Many people is misconcepted or misinformed about LINUX. Linux is not an O.S. but it is a kernel. It is useless when it is used alone it needs distros to make it a powerful operating system.There are are many Linux-Distros--Debian, Slackware, OpenSuse, Fedora, Gentoo, Ubuntu, Red Hat, CentOS, Kali and the list goes on and on everyday.Many of us have no clue that Android O.S. use LINUX kernel or else it will be just a cripple. Many of us don't recognize how powerful a linux distro is. Most of us are not aware that 85 to 97 percent of websites in the wold run in Linux Distros.
WHY I WROTE THIS?:
I wrote this for a personal reason. Linux is good when it comes to security but is hard to use ---> It will be only hard If you don't know what to do. Just invest some brain cells and it will be useful.Hoping would be a beginning for those who just learning the ropes.I intend it to be cheatsheet for newbie.Empirical Experience there are many times I have been in a forum, not all the posts there are useful. I chose the best of
them. So I have a reference when it comes tweaking.My last reason. I don't want to forget it.
I. MAY COMMAND LIVE AND PERSIST
Don't get intimidated by black screen and flickering green text on screen like those we've seen on those Hacker movies and claim to be a
super genious. Those overated and bullshits.
CLI --> Command Line Interface. CLI is useful use lesser memmory unlike its opponent GUI (Graphical Use's Interface) use much memmory
BASH or Bourne Again SHell:A Linux/Unix shell that you type your command there are alternatives like xterm and konsole. The counterpart of bash in Windows is Batch files like Batch file, BASH does not need to be compiled to run. it just runs, and could change the code on the fly.
One of the useful tool Xterm shell is the crontab. I used to delete those files over and over again with this tool you can elimate
those habitual deletion of file and saves a lot times. In Linux shell type "crontab -l"
in my case : this is my crojobs it includes of the file path of my bash script---xhistory.sh
To edit the crontab type the "crontab -e" on linux shell
johndoe@linuxdistros:~$ crontab -e
Put the following lines of command and save it then restart your machine. It supposed to
work.
#every 15 minutes the machine will execute this bash script file
*/15 * * * * sh "/home/john/cronjobs/xhistory.sh"
And the xhistory.sh contains the following lines of script commands.
#It fills .bash_history with ramdom characters for 34 times
shred -n 34 "/home/charm/.bash_history"
#Then emptying the file by filling with null bytes
cat /dev/null > /home/john/.bash_history
history -c
history -w
shred -n 34 "/home/john/.local/share/recently-used.xbel"
cat /dev/null > /home/john/.local/share/recently-used.xbel
shred -n 34 "/home/john/.config/smplayer/smplayer.ini"
cat /dev/null > "/home/john/.config/smplayer/smplayer.ini"
The exections secure delete the contents of history files. It is a little bit
counter hacking but it is good when you used it mysql shell, rlogin, ssh passwords
it prevents the attacker to exploit you passwords. And one more thing it saves disk space.
Minute Hour Day MONTH YEAR commands
* * * * * /root/run_me.sh
HARDENED NETWORK SECURITY
iptables --> it is a very versatile firewall native in linux kernel. You don't need to install a a 3rd party software, you just need
know how it works
YOUR SECURITY IS VITAL. You could avoid hackers scanning and launching ARP Network poisoning (Like wifikill on android devices )
which can cut you out from internet. And the worse is they can still information, passwords and even credit card number by
launching ssl strip tools. You could avoid that and become stealth in a network like in a public internet network.
Somebody can ping scan your machine your machine and that is start of the vulnerability. You are also vulnerale of what they call it
"Ping of death" which is a kind of DOS (Denial of Service) Attack and MITM (Man inn The Middle Attack) Attak which can totally strip naked
your privacy and it allows someone to steal your passwords in the site your visited. You could avoid those threat by utilizing
the following commands in linux system shell.
NOTE: It requires root access
#DISALLOWING REMOTE ACCESS in x11
root@linuxshell:~$iptables -A INPUT -p tcp --destination-port 6000 -j REJECT
root@linuxshell:~$iptables -A OUTPUT -p tcp --destination-port 6000 -j REJECT
root@linuxshell:~$ip6tables -A INPUT -p tcp --destination-port 6000 -j REJECT
root@linuxshell:~$ip6tables -A OUTPUT -p tcp --destination-port 6000 -j REJECT
#Disallowing ping from someone. Your machine rejects ping it does not reply.
root@linuxshell:~$iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
root@linuxshell:~$iptables -A OUTPUT -p icmp --icmp-type echo-reply -j REJECT
iptables -A INPUT -s 192.168.1.103 -J DROP --> Drop all packets from specific IPaDD
To Check it out if the code works
root@linuxshell:$ iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:x11 reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere icmp echo-request reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:x11 reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere icmp echo-reply reject-with icmp-port-unreachable
This one will prevent your machine from WifiKill and MITM and DOS attack in Local Network.
NOTE: It requires root access.
This one is wlan or wifi
root@linuxshell:~$echo "1" > /proc/sys/net/ipv4/conf/wlan0/arp_ignore
root@linuxshell:~$echo "8" > /proc/sys/net/ipv4/conf/wlan0/arp_announce
This one is for LAN or Ethernet card:
root@linuxshell:~$echo "1" > /proc/sys/net/ipv4/conf/wlan0/arp_ignore
root@linuxshell:~$echo "8" > /proc/sys/
net/ipv4/conf/wlan0/arp_announce
#######################################
YOU SHOULD TRY sysctl -a
You can set some firewall rules
and it retains even the system is restarted
the path of config file is
/etc/sysctl.conf
######################################
HARDENED PRIVACY ( needs to be edited)
In this section I will tackle more advance security. If you are an average internet users you don't need to do this stuff, but if you are a journalist, eloectronic privacy
advocate or a wistleblower you want to expose some corruptions and it is definitely a matter of life and death. You have to be careful I advice to turnoff your swap before encrypting files and send it to someone.
I highly recommend to use "Tails" linux distro. A bootable OS can be booted on usb and CD. But if you want to leave any digital fingerprint and you want to hide an
incriminating data. (just google it)
After your machine boot up. Do this first in Linux Shell.
swapoff -a
a - all. turn of swap totaly
you can check it out by: typing the following command on Bash
htop - swap memmory should appear 0.
freem -a
The swap memmory also can be encrypted. just google it.
Creation of 6MB file
dd if=/dev/urandom of=swapfile.crypt bs=1M count=64
loop=$(losetup -f)
losetup ${loop} swapfile.crypt
cryptsetup open --type plain --key-file /dev/urandom ${loop} swapfile
mkswap /dev/mapper/swapfile
swapon /dev/mapper/swapfile
The result:
# swapon -s
Filename Type Size Used Priority
/dev/mapper/swap0 partition 4000176 0 -1
/dev/mapper/swap1 partition 2000084 0 -2
/dev/mapper/swapfile partition 65528 0 -3
swap0 and swap1 are real partitions.
shareimprove this answer
edited Feb 12 '13 at 22:39
cjm
20.3k57073
answered Feb 12 '13 at 21:10
ott--
7661512
5
This Configuration uses randomly generated keys at boot and will not support Hibernation to hard disk! You Should Disable Hibernation through your respectie DE Power Management Utility and set it to Shutdown on Critical to avoid Data Loss!
Make sure to run sudo -s or su before running the following.
Disable Swap:
# swapoff -a
Locate the existing Swap Partition
# lsblk
You will get something like this:
sda3 8:3 0 8G 0 part [SWAP]
Overwrite Old Swap
# dd if=/dev/zero bs=1024000 of=/dev/sda<#>
for example:
# dd if=/dev/zero bs=1024000 of=/dev/sda3
fstab setup
# vim /etc/fstab
Replace old SWAP device with crypttab mapper name: /dev/mapper/cswap
#<file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/cswap none swap pri=1,defaults 0 0
Crypto Setup
# ls -lF /dev/disk/by-id
For Example:
ata-HGST_HTS545050A7E680_TEK55D4F0BU3GV-part3 -> ../../sda3
# vim /etc/crypttab
# <name> <device> <password> <options>
cswap /dev/disk/by-id/ata-HGST_HTS545050A7E680_TEK55D4F0BU3GV-part3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
Active Encrypted Swap
# reboot
Verify Enctypted Swap Operations
For example:
# dmsetup -C info
cswap 253 0 L--w 2 1 0 CRYPT-PLAIN-cswap
# lsblk
├─sda3 8:3 0 8G 0 part
│ └─cswap 253:0 0 8G 0 crypt [SWAP]
# cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-0 partition 8385532 0 -1
####################################################################
ENVIRONMENTAL VARIABLES
You can also edit environmental variables. In your home directory search for .bahrc
if there's none in existence make one. This is a cool thing you can decide what you wanted
to do with your bash shell environment. Open ".bashrc" and add this line:
PS1='\u@\h:\w\$ '
When you open the cosole the display would be like this.
john@bashshell:~$
you can just change it whatever you want to do with it like:
PS1='\u@\h:\w\# '
It results:
john@bashshell:~#______
There is another one useful for changing environmental variables.
this one is like a starup folder in windows.
open the file path /etc/profile.d/
If you ought to install software in another folder besides the nstandard installation folder (like your new downloaded firefox you want it to install in other folder like an encrypted disk beside the standard disk)you have to change the environmental variables like in this case the java is installed in none standard way. you can check it out by typing "which java" in my case java could not found because it is installed in none standard way.
First I move The jkd7 folder from /usr/lib64/jdk7 to /usr/jdk7 (you can also do this in umounted devices encrypted volume like truecrypt and luks you program runs there)
if i type java -version in bash I recieve this
bash: java: command not found
This the original path
#!/bin/sh
export JAVA_HOME=/usr/lib64/jdk7
export PATH='/usr/lib64/jvm/bin:/usr/lib64/jvm/jre/bin:/usr/lib64/jvm/bin:/usr/lib64/jvm/jre/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib64/kde4/libexec:/usr/lib64/qt/bin'
This is the modified path
#!/bin/sh
export JAVA_HOME=/usr/jdk7
export PATH='/usr/jdk7/bin:/usr/jdk7/jre/bin:/usr/jdk7/bin:/usr/jdk7/jre/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/jdk7/bin:/bin:/usr/games:/usr/lib64/kde4/libexec:/usr/lib64/qt/bin'
restart your machine.
on conssole type: java -version
Java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)
You supposed to see the java vesion. In that case it should work all the way.
feb 3, 2016
If you want to torrify your download. run tor first and do the
next step: this time i download the file with name "youtube-dl"
i tunnel the connection in TOR using socks5
curl --socks5-hostname 127.0.0.1:9150 http://youtube-dl.org/latest/youtube-dl -o youtube-dl
The good thing about "curl" if the download is interupted or experinced disconnection you can still resume your download. if the file is too large and you want continue the download the next day you can still resume the remaining bytes.
OPENSSL OPEN SSL
There was something in my machine always bothering me I can't install
openssl properly it was always butt-in the older installed ssl version
the problem is I was so stupid that I din't think about the path name of the old one just to overight my machine is a little bit eccentric it din't install openssl in the standard directory so i have no configure the installation first this is the path that work in my machine: ./config --prefix=/usr/local --openssldir=/usr/local/openssl
./config
make
make test
make install
I just browsed it on the web I don't know if it is working
HOW TO ANONYMIZE FIREFOX on 2010-08-10
wrote :
change in about:config
browser.download.manager.scanWhenDone = false
browser.send_pings = false
dom.disable_window_open_feature.menubar = true
dom.disable_window_open_feature.scrollbars = true
intl.accept_charsets;utf-8
intl.accept_languages;en
intl.charset.default;utf-8
intl.charsetmenu.browser.cache;UTF-8
keyword.enabled = false
layout.css.visited_links_enabled = false
network.http.sendRefererHeader;0
network.http.accept.default;*/*
network.prefetch-next = false
network.proxy.socks_remote_dns = true
########################################################################
add to about:config (for faking the user agent)
new - string: general.useragent.override - value: Mozilla/5.0 (en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
########################################################################
change settings
(in firefox 3.5 and higher first choose "user default" to change some settings)
javascript:disabled
java: disabled
history: disabled
chronicle: disabled
save data: disabled
cookies: disabled
clear private data: enabled (all)
remember passwords: disabled
offline storage: 0 mb cache
########################################################################
search engines disable/uninstall
PACKET WARS
#to forward the traffic to your machine between your target and router.
echo 1 > /proc/sys/net/ipv4/ip_forward
MORE ABOUT NETWORK SECURITY
SSH - Safe shell. A future network admin should know how to use telnet, rlogin , sftp, gopher and ssh.
Safe shell is secure. You should know how configure ssh server and client for encrypted connection. In my case I
use OpenSSH for BSD
https://archive.is/o/zCaQN/www.ssh.com/support/documentation/online/ssh/adminguide/32/Generating_the_Host_Key.html
-----------------------------------------------
SSH PROXY connection
ssh -p 443 -C2qTnN -D 52233 skyssh.com-florp@146.185.160.149
ssh -D 12345 myuser@remote_ssh_server
SOCKS Host: 127.0.0.1 port: 12345 (I, actually, used 8080) with
ssh -C2qTnN -D 8080 user@my_server
create.sshgoogle.com
fastssh.com
skyssh.com
sshagan.net
go-ssh.com
http://www.phcorner.net
un: json***
pw: cro*****
tcpvpn.com
bestvpnssh.com
mytunneling.com
createssh.com
ssh -C2qTnN -D 8080 -p 443 skyssh.com-anonme@188.166.190.87
ssh -C2qTnN -D 51234 skyssh.com-krang@45.32.147.45
-------------------------------------------------------------------------------------
PUT YOUR WIRELESS CARD IN MONITOR MODE
(It depends on your wlan card if it is supported listening or monitor mode.
ON YOUR SHELL
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
ifconfig wlan0 down
iwconfig wlan0 mode managed
ifconfig wlan0 up
#redirect all of torify's traffic to localhost
sudo iptables -t nat -A OUTPUT -m owner --uid-owner torify -j DNAT --to-destination 127.0.0.1
#allow vm to access privoxy, tor
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -p tcp --dport 8118 -j ACCEPT
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -p tcp --dport 9050 -j ACCEPT
#allow tor to access vm
sudo iptables -A OUTPUT -o lo -m owner --uid-owner debian-tor -p tcp --dport 5022 -j ACCEPT
#if we allow it outgoing, allow it incoming and don't interfere with prior connections
sudo iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp -m state --state RELATED -j ACCEPT
sudo iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -m state --state RELATED -j ACCEPT
#don't let anything access vm on localhost
sudo iptables -A OUTPUT -o lo -p tcp --dport 5022 -j DROP
#don't let torify snoop around on listening localhost ports
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -j DROP
#don't allow external machines to access vm
sudo iptables -A INPUT ! -i lo -p tcp --dport 5022 -j DROP
#drop all torify traffic failsafe and protocol agnostic
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -j DROP
To make sure the rules stay after reboot, type the following command: sudo iptables-save
Next we'll need to make sure Privoxy works with Tor. Type this command: sudo gedit /etc/privoxy/config
Delete everything in the file and replace it with this:
# Generally, this file goes in /etc/privoxy/config
#
# Tor listens as a SOCKS4a proxy here:
forward-socks4a / 127.0.0.1:9050 .
confdir /etc/privoxy
log /etc/privoxy
#actionsfile standard # Internal purpose, recommended
#actionsfile default # Main actions file
#actionsfile user # User customizations
#filterfile default.filter
# Don't log interesting things, only startup messages, warnings and errors
#logfile logfile
#jarfile jarfile
#debug 0 # show each GET/POST/CONNECT request
#debug 4096 # Startup banner and warnings
#debug 8192 # Errors - *we highly recommended enabling this*
user-manual /usr/share/doc/privoxy/user-manual
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-edit-actions 0
enable-remote-http-toggle 0
Now, type this command:
sudo /etc/init.d/privoxy restart
Well, that didn't work like intended. We dropped ARP related traffic to the IP address, but not on IP level. This is also visible in the arp -n list:
root@ubuntu:/data# arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.1.20 ether 00:a7:22:23:d1:f3 C eth0
192.168.1.1 ether d8:d7:21:22:5a:f4 C eth0
So to make this work, we simply have to flush the ARP cache. We delete the related ARP entry:
root@ubuntu:/data# arp -d 192.168.1.1
root@ubuntu:/data# arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.1.20 ether 00:a7:22:23:d1:f3 C eth0
192.168.1.1 (incomplete) eth0
Specific traffic filtering
Back to our original mission: only allow our router to exchange ARP packets.
root@ubuntu:/data# Block ARP traffic from all machines (default: DENY)
arptables -P INPUT DROP
root@ubuntu:/data# Allow router (fixed ARP)
arptables -A INPUT --source-mac d8:d7:21:22:5a:f4 -j ACCEPT
All ARP packets are blocked now. Each system which will transmitting traffic will end up as an (incomplete) entry.
Enable all ARP traffic
If we want to allow traffic again:
root@ubuntu:/data# arptables -P INPUT ACCEPT
root@ubuntu:/data# arptables --flush
Flushing the full ARP cache can be done with ip utility:
root@ubuntu:/data# ip -s neighbour flush all
Conclusion
Arptables is a very powerful utility to filter traffic and avoid an unexpected router taking over our connectivity. However, keep in mind that connectivity is not fully blocked. Only ARP traffic is blocked (layer 2/3 on the OSI model). If someone is able to manually add an entry to the ARP table, traffic is able to flow again.
One hardening trick I like is to turn off ARP completely with:
ip link set dev eth0 arp off
Then add a static ARP entry for the router so you can get to that:
arp -s 10.0.0.2 00:0c:29:c0:94:bf
------------------------------
gpg --keyserver pgpkeys.mit.edu --recv 8B48AD6246925553
#######################
To update java download java.33.3..gz and extract the files in the current directory of java installation just a sort of copy and paste
######################################
you could secure delete klipboard it is located in /.kde/ but you can disable the saving in klipboard in options
Set Environmental variables
export MYHOME=/mnt/live/memory/data/AdwCleaner/
###############################
# TO DISABLE BASH HISTORY PERMANENTLY #
# echo 'set +o history' >> ~/.bashrc #
###############################
JUST DISABLE HISTORY IN A CURRENT SHELL
set +o history
##############################################
The OpenSSH 7+ does not support deffie-hellman handshake by default
you should config it or type it specifically in CLI. And does not display the key in md5 hexadecimal string format but a series of gibberish. To make it work in that way one should edit this config as I explain below:
/home/user/.ssh/config
Host 192.168.1.1
KexAlgorithms +diffie-hellman-group1-sha1
FingerprintHash md5
/home/user/.ssh/config
What I did is to make something in old format md5 display and old
Host * # anyhost
ForwardX11 yes
Compression yes
X11 is also cool thing
==============================
Linux command line show directory sizes
du -sh *
http://112.203.90.24//admin/pldt.asp --might be exploited
=========================================
LEARNING APACHE MORE
This is substantial
http proxy using apache "proxy-html.conf <--Im gonna study about that
f2592419@mvrht.comf2592419@mvrht.com
=================================
DNS/NameServer
I find a more effective way to customize dns server
=========================================================
#add into .bashrc
genpasswd() {
local l=$1
[ "$l" == "" ] && l=16
tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs
}
===============================================================================
unix tools
fc ---edit .bash_history
LINUX/unix MONITORING TOOLS
iptraf --network
top --process
vmstat --process
iostat
iftop --network
du -sh * --> show directory sizes
1. Fire up airodump-ng, lock to the channel that has the network AP you are interested in.
2. Note the BSSID of the AP and the MAC of a connected client.
3. Use aireplay-ng to force a deauth. Since Association and Re-Association packets contain the SSID whether hidden or not,
when the client reconnects, your airodump-ng session should capture the SSID and report that in your session window.
Basic syntax is:
aireplay-ng -0 3 -a $BSSID -c $CLIENTMAC $INTERFACE
aireplay-ng --ignore-negative-one -0 30 -a C4:6E:1F:48:DB:E4 -c 04:1B:BA:44:A3:E8 mon0
aireplay-ng --ignore-negative-one -0 -a 00:13:33:F3:84:9B -c 9C:B7:0D:26:0D:59 mon2
B315_9487D
root@bt:~# /pentest/password/jtr/john --stdout --incremental:all | aircrack-ng -b 00:19:5B:52:AD:F7 -w - /tmp/wpa2*.cap
-----------------------------------------------------------------------------------------------------------------------------------
iptables -I FORWARD 5 -s 10.42.0.52 -p tcp -m quota --quota 104857600 -j ACCEPT
456 iptables -I FORWARD 1 -s 10.42.0.52 -p tcp -m quota --quota 104857600 -j ACCEPT
457 iptables -I FORWARD 2 -s 10.42.0.52 -j DROP
------------------------------------------------------------------------------
Conserning about bandwith quota In my own machine not the forwarding or shared
connections ones. this is 20 mb limit 20 971 520
iptables -A INPUT -p tcp -m quota --quota 20000000 -j ACCEPT
iptables -A INPUT -j DROP
1000/1024 bytes = 1 kb
1 MiB = 220 bytes = 1024 kibibytes = 1048576bytes
ssh -C2qTnN -D 8090 usrname@hostname -p 443
###################################################
NETWORK SECURITY!
MITM NO PROBLEM IGNORE ICMP OR BROADCAST REQUEST
Add the following line "/etc/sysctl.conf"
Ignore ICMP request:
net.ipv4.icmp_echo_ignore_all = 1
Ignore Broadcast request:
net.ipv4.icmp_echo_ignore_broadcasts =1
#load new setting by typing the following command# sysctl -p
to show all the rules: sysctl -a
IT IS ALSO A GOOD THING IF YOU DISABLE YOUR IPV6 IF YOU DON'T
USE IT:
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
another method permanent effect edit the following file:
/etc/sysctl.conf
#with this lines
#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
#############################################
CREATING A BOGUS SSID OR AN EVIL TWIN
airbase-ng -a 00:09:5B:6F:64:1E --essid
"Fakeaccesspoint" -c 11 mon0
#########################################################
miselenious tricks display time in the upper left of the terminal
while sleep 1;do tput sc;tput cup 0 $(($(tput cols)-29));date;tput rc;done &
07/05/17 07:30:58 PM
Adding the rule
iptables -A OUTPUT -p udp --dport 53 -j DROP
removing the rules
iptables -D OUTPUT -p udp --dport 53 -j DROP
Sunday, November 12, 2017
If you were having a problem in your default DNS server e.g. your pesky router. Just dont forget the resolve.conf in "/etc/resolve.conf"
and add the following line:
nameserver 8.8.8.8 #invoking google server as you dns server
##########################################################################
What's more surprising I solved a long time problem in sshd put it in booting up. And might solve other problem like putting httpd servic in startup
just change the chmod 0777 the file specific file in this directory "/etc/rc.d/"
#AUTO START SCRIPT IN MY MACHINE WITHOUT ERROR
# FILENAME: rc.local
# DESCRIPTION: This script enable tap functions of touchpad in this machine
# lenovo.modprobe startup script is not functioning and I dont know why.
# INSTRUCTION: Add the following script on rc.local the directory /etc/rc.local
# if does not exist create it or Simply copy this file [/etc/rc.local]
# and execute this command: [service rc.local restart] without the square brackets
# This procedure must have effect already your touchpad tapping function. Reboot your machine
# init 6
modprobe -r psmouse
modprobe psmouse proto=imps
It more
######################################################################
Sunday, November 19, 2017
In this moment in time I completely configured working dnsmasq DNS server in
this machine but sandly my linux machine at home is broken. It saddens me the fact that I have good internet connection at home and cound not even practice stardard networking practice at home I had to be a snitch. To digest everything I learned in a short period at time. I know it is wrong but I coudn't help myself to solve something (a long time problem) . I eager to learn more that's how I get my drive to insist my persitence in learning.
By the way I wanted to write down details how I solved that DNS (dnsmasq problem)
saving queries in a text file
dnsmasq --no-daemon --log-queries --log-facility=/var/log/dnsmasq.log
just show log queries
dnsmasq --no-daemon --log-queries
Slax DEBIAN BASED ERA
2018-04-09 07:51:
I have installed new linux base OS
It is in its infancy but I guess I would learn a lotfrom it
The first and foremost problem I encountered and solved is about
the autologin of Debian OS even though it has password(It is modified version of Debian it is sort of minimalist OS so many features are not includedin the system. like the desktop manager ). I just googled it unlike
before I had to do it all by myself.
systemctl set-default multi-user.target
To make it back in autologin
systemctl set-default graphical.target
As I have said, I don't have Desktop manager I couldn't
even adjust the brightness. Just like I did in the first I googled it
Debian has a lot of community support unlike the former distro I had.
This is the solution.
echo 1000 > /sys/class/backlight/intel_backlight/brightness
just like that. But it depends on your hardware you should follow the /sys/class/backlight and browse the directory to find out which is which.
script to make it automated
#################################################
#!/bin/sh
if [ $1 -le 0 ]
then
echo "1" > /sys/class/backlight/intel_backlight/brightness
else
echo $((2400 * $1 / 100 )) > /sys/class/backlight/intel_backlight/brightness
fi
#################################################
MORE GOOD FIREWALL RULES FROM EXPERTS JUST PASTED WHOLE THING HERE JUST FIGURE IT OUT
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0
net.ipv4.icmp_echo_ignore_all = 1
If you have issues on your touchpad here is the solution
https://forums.kali.org/showthread.php?221-Touchpad-Synaptics-Tapping-issue-Solved
on the command line:
modprobe -r psmouse //disable touchpad first
modprobe psmouse proto=imps //it should function your touchpad
If you want to make it automated. modify the file of the
following path /etc/modprobe.d/anyname.conf
add the following line
options psmouse proto=imps
Insert date from cli output VIM editor
:r !date
Sat May 5 04:11:45 EDT 2018
I dont like Windows OS specially windows10 it is the biggest
spyware. It captures screen shots and the plain text of the text file
is being spied so I tranfered this text on a volume
I googled and it said you can make a virtual disk, like ext4 file system
you can make it, but you must make a file container first you can use
fallocate or dd (google it stupid). and make it by use some
tools like mkfs, e.g. mkfs.ext4 <nameofthefile) and you can mount it
like you just mounting a regular disk.
Creation of 500mb container:
dd if=/dev/zero of=MyDrive.img bs=1M count=500
This one is pretend to be a broken disk
dd if=/dev/zero bs=1k count=100 | tr "\000" "\377" > /dev/sdb
My discovery it can be used to wipe ssd/hhd
dd if=/dev/zero of=foo.bar bs=300k count=1 conv=notrunc
Formatting of the Container:
mkfs -t ext3 MyDrive.img
Now you can mount it.
mount MyDrive.img /mnt/mountfolder
--------------------------------------------------------------
THIS COULD BE SOLUTION TO MY LONG TERM PROBLEM
DNS SERVER WITH CUSTOM PORT
87.118.100.175 (Ports: 53, 110)
94.75.228.29 (Ports: 53, 110, DNSSEC)
87.118.104.203 (Ports: 53, 110,DNSSEC)
62.141.58.13 (Ports: 53, 110, HTTPS-DNS, DNSSEC)
87.118.109.2 (Ports: 53, 110, DNSSEC)
09.12.2019
ULTIMATE SOLUTION FOR SECURE E2EE FOR DNS ASIDES FROM HTTP-DNS
dnscrypt-proxy
# FileName: dnscrypt-proxy.conf
# A more comprehensive example config can be found in
#
# /usr/share/doc/dnscrypt-proxy/examples/dnscrypt-proxy.conf
ResolverName random
ResolversList /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
#cloudflare
#yandex
#ipredator
Daemonize no
#fallback_resolver = 77.88.8.7:53
# LocalAddress only applies to users of the init script. systemd users must
# change the dnscrypt-proxy.socket file.
# to edit systemctl edit dnscrypt-proxy.socket
LocalAddress 127.0.2.1:53
----------------------------------------------
# To Edit systemctl edit dnscrpt-proxy.socket
#fileName dnscrypt-proxy.socket
[Socket]
ListenStream=
ListenDatagram=
ListenStream=127.0.2.1:53
ListenDatagram=127.0.2.1:53
https://forums.gentoo.org/viewtopic-t-164165-start-0.html
Fri Jun 1 09:41:01 CST 2018
Open_SSH7.4p1 disables the following key exhange algorithms and
cipher by default. so I need to define the following
line in ~/.ssh/config to pull this out.
Host 10.0.0.1
FingerprintHash md5
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers 3des-cbc
--------------------------------------------
disable a certain linux service
-------------------------------------------
systemctl disable dnsmasq.service
#check status
systemctl status dnsmasq
------------------------
show services and etc
systemctl --all
Monday, October 08, 2018
NOTE TO MYSELF
Just searching all over again for something. Those pesky files stored in a removable SSD storage
I fear it is gone for good.
use "dd" command to overwrite file with zeros or make a container file "mkfs" at least I have a clue
doing something than nothing.
I've got the best solution before.
Create your image file of the size you want:
dd if=/dev/zero of=./your.img bz=1M count=<number of megabytes you want>
Format it
mkfs.ext3 ./your.img
(Recheck that command before running it, do read what is printed out.)
Mount it:
mount -o loop ./your.img /some/mount/point
And you're done. Don't forget to unmount before you copy/send that image file anywhere.
dd if=/dev/zero of=~/theFile.img bs=1M count=10
$ /sbin/mkfs.ext4 theFile.img
$ sudo mount -o loop theFile.img /mnt/tmp/
Oct 11, 2018
In any GNU LINUX distros if you install something related to video or audio and if it does
not work in non-root user try to add that user(s) in that group video/audio/graphic shits shits.
October 17, 2018
IMAGE AND DEVICE ENCRYPTION
LUKS / CRYPTSETUP
Sample of creation of encrypted image file
fallocate -l 100M encryptedimage.bin
mkfs.ext4 -j encryptedimage.bin
cryptsetup -y luksFormat encryptedimage.bin
MOUNT LUKS IMAGE / DISK CONTAINER
cryptsetup luksOpen enk.bin enkVolume
mkfs.ext4 /dev/mapper/enkVolume
TO UNMOUNT LUKS IMAGE / DEVICE
cryptsetup luksClose /dev/mapper/enkVolume
November 15, 2018
I just discovered tcplay means tru3 crypt play it can create and mount TC volume
HERE ARE some of the procedures according to your need
Encrypting a file as a virtual volume
Invoke
$ losetup -f
to find the first unused loopback device; in this example, /dev/loop0.
Note: As of udev 181-5, the loop device module is no longer auto-loaded.
Create a new container foo.tc, 20M in size for instance, in the working directory:
# fallocate -l 20M foo.tc
# losetup /dev/loop0 foo.tc
# tcplay -c -d /dev/loop0 -a whirlpool -b AES-256-XTS
Enter a secure password for the volume, and confirm the query to overwrite foo.tc with the new volume. tcplay will then write random data into the volume. Map the volume and create a filesystem on it in order to mount
# tcplay -m foo.tc -d /dev/loop0
# mkfs.ext4 /dev/mapper/foo.tc
# mount /dev/mapper/foo.tc /mnt/truecrypt/
To unset the container,
# umount /mnt/truecrypt
# dmsetup remove foo.tc
# losetup -d /dev/loop0
Mounting an existing container for a user
Consider /dev/loop0 the first unused loop device, foo.tc the TrueCrypt container, /home/you/truecrypt/ the desired mount point. The user you in this example has uid=1000 and gid=100. The steps for mounting the container as a virtual volume are:
Associate loop device with the container
Map the container to the loop device
Mount the container in the filesystem
The following commands perform the above actions.
# losetup /dev/loop0 foo.tc
# tcplay -m foo.tc -d /dev/loop0
# mount -o nodev,nosuid,uid=1000,gid=100 /dev/mapper/foo.tc /home/you/truecrypt/
Note, if the container uses ext4 or another filesystem that supports file ownership, the uid and gid parameters aren't needed and will not work. Therefore the third command would be simply:
# mount -o nodev,nosuid /dev/mapper/foo.tc /home/you/truecrypt/
To reverse them:
# umount /home/you/truecrypt/
# dmsetup remove foo.tc
# losetup -d /dev/loop0
Using tcplay-helper
The tcplay-helper-gitAUR[broken link: package not found] tool simplifies the process of creating, mounting and unmounting tc-play containers. The tool is still a work-in-progress, but should work fine for most users wanting to work with simple secure tc-play containers.
The following command creates a 3Mb container called foo.tc.
# tcplay-helper create foo.tc 3M
To mount the container file we can either mount it as root with the following command. The container will be mounted under /mnt/truecrypt/
# tcplay-helper open foo.tc
Alternatively, we can supply a username to mount the container as.
# tcplay-helper open foo.tc archie
Finally, to close the container this command does the trick.
# tcplay-helper close foo.tc
ovember 16, 2018
FOR THE BROADER KNOWLEDGE ABOUT FILE SYSTEM
LET TRY SQUASH FILE SYSTEM
It can be mounted but it just a read-only filesystem
you can use tar, zip, 7zip etc instead
bash# mksquashfs /var/arch /var/arch.sqsh
bash# mkdir /mnt/tmp
bash# mount /var/arch.sqsh /mnt/tmp -t squashfs -o loop
bash# ls /mnt/tmp
CHANGE VLC USERAGENT
vlc 'http://wiki.videolan.org/' :http-user-agent='FooBar/1.2.3'
may 20, 2019
I Learned things in a hardway because I am stupid
Learn How to PURGE
apt remove package ----just remove to program the config files not included
apt-get purge dnsmasq ----> remove programs dependencies including config files
# SET UP FAKE CAM
#!/bin/sh
# install v4l2looback first
# card label that would be your camera name
printf "Requires root access"
modprobe v4l2loopback video_nr=5 card_label="Intergrated Webcam"
#--------------------------------
# this one works well you could play even file in url
ffmpeg -re -i sadak.mp4 -r 10 -pix_fmt yuyv422 -f v4l2 /dev/video5
ffmpeg -f x11grab -r 15 -s 1280x720 -i :0.0+0,0 -vcodec rawvideo -pix_fmt yuv420p -threads 0 -f v4l2 /dev/video0
ffmpeg -re -i video.mp4 -c:v rawvideo -pix_fmt yuv420p -f v4l2 -s 640*360 /dev/video0
ffmpeg -re -i input.mp4 -map 0:v -f v4l2 /dev/video0
Sept.12.2019
Useful tools ipcalc
root@ibm~# ipcalc 10.0.0.1/8
Address: 10.0.0.1 00001010. 00000000.00000000.00000001
Netmask: 255.0.0.0 = 8 11111111. 00000000.00000000.00000000
Wildcard: 0.255.255.255 00000000. 11111111.11111111.11111111
=>
Network: 10.0.0.0/8 00001010. 00000000.00000000.00000000
HostMin: 10.0.0.1 00001010. 00000000.00000000.00000001
HostMax: 10.255.255.254 00001010. 11111111.11111111.11111110
Broadcast: 10.255.255.255 00001010. 11111111.11111111.11111111
Hosts/Net: 16777214 Class A, Private Internet
So I discovered open host slots
############################################################
#HOW To convert unixtime to readable format vice versa. [tag unix time]
bash# date -d "2019-11-09 18:24:30" "+%s"
1573323870
bash#date --date='@1573323870'
Sat Nov 9 18:24:30 UTC 2019
##################################################################
Samba client
mount.cifs //[IP_ADDR]/SERVER_NAME/FOLDER_NAME /mountpoint
nmblookup '*'
nmblookup -S WORKGROUP
#######################################################
GET SUM IN FILES
NOTE: IT ALSO COMPUTES DECIMAL NUMBERS
awk '{ sum += $1 } END { print sum }' Oct24-Nov30.txt
#######################################################
###################################
Get the sum of list of number
Warning It ignores decimal places
###################################
grep -oE '[0-9]+' Oct24-Nov30.txt | paste -s -d + - | bc
ou can use grep + paste + bc
$ grep -oE '[0-9]+' file
10
10
20
20
20
$ grep -oE '[0-9]+' file | paste -s -d + -
10+10+20+20+20
$ grep -oE '[0-9]+' file | paste -s -d + - | bc
80
tr 'A-Za-z0-9' 'N-ZA-Mn-za-m5-90-4'
################################################3
bssid: Upper Room
BC:C0:0F:BF:90:80
1john3v16
chrome.exe --proxy-server="socks5://localhost:9050" --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE localhost"
===========================
screen capture FFMPEG
https://ffmpeg.org/ffmpeg-devices.html#x11grab
===========================
ffmpeg -f x11grab -framerate 25 -video_size cif -i :0.0 out.mp4
Sun Jun 6 03:56:34 CST 2021
NEW TRICKS IN MY SLEEVES
Can execute command in text stream
The nice thing about it different
command from everyline
just press CTRL-C for the next command
line in the next line.
$/bin/sh -c "$(cat IoT.txt)"
Thu Jul 8 06:26:40 UTC 2021
pgrep firefox | xargs kill
ps -auxf
ps firefox
ps -A
Thu Jul 8 07:41:44 UTC 2021
A Golmine
Ctrl-c kill foreground process
Ctrl-z Suspend fg process
Ctrl-d Terminate input, or exit shell
Ctrl-s Suspend output
Ctrl-q Resume output
Ctrl-o Discard output
Ctrl-l Clear screen
posted by aaron_1574 | November 13, 2022
<< Home