Posts from 2014-08

Bandit Walkthrough
posted on 2014-08-30 11:39:32

http://overthewire.org/wargames/bandit/ is quite some fun, in case you are a linux user. You might even learn a trick or two along the way.

prerequisites

Helpful may be, to create a ssh host shortcut either in ~/.ssh/config or a DNS shortcut in /etc/hosts for the banditlabs url:

Host asdf
    Hostname bandit.labs.overthewire.org

That way you can access the server via ssh <username>@asdf.

solutions

These are the solutions I found so far:

level 0

Connect via ssh bandit0@asdf if you made the shortcut like above. Else use ssh bandit0@bandit.labs.overthewire.org.

bandit0@melinda:~$ ls
readme
bandit0@melinda:~$ cat readme 
boJ9jbbUNNfktd78OOpsqOltutMc3MY1

level 1

Now connect via ssh bandit1@asdf if you made the shortcut like above. Else use ssh bandit1@bandit.labs.overthewire.org.

bandit1@melinda:~$ ls
-
bandit1@melinda:~$ cat ./- 
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

level 2

You should by now know which username to use to connnect to the server for the next level... ;)

bandit2@melinda:~$ ls
spaces in this filename
bandit2@melinda:~$ cat spaces\ in\ this\ filename 
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Just use Tab for auto-completion in the shell and avoid typing...

level 3

bandit3@melinda:~$ cd inhere/
bandit3@melinda:~/inhere$ ls -a
.  ..  .hidden
bandit3@melinda:~/inhere$ cat .hidden 
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

level 4

bandit4@melinda:~$ cd inhere/
bandit4@melinda:~/inhere$ ls
-file00  -file02  -file04  -file06  -file08
-file01  -file03  -file05  -file07  -file09
bandit4@melinda:~/inhere$ file ./*
./-file00: data
./-file01: data
./-file02: Non-ISO extended-ASCII text, with no line terminators
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: Non-ISO extended-ASCII text
bandit4@melinda:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

level 5

bandit5@melinda:~$ find inhere/ -size 1033c \! -executable
inhere/maybehere07/.file2
bandit5@melinda:~$ cat inhere/maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        bandit5@melinda:~$ 

level 6

bandit6@melinda:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
/var/lib/dpkg/info/bandit7.password
bandit6@melinda:~$ cat /var/lib/dpkg/info/bandit7.password 
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

level 7

bandit7@melinda:~$ grep millionth data.txt 
millionth   cvX2JJa4CFALtqS87jk27qwqGhBM9plV

level 8

bandit8@melinda:~$ cat data.txt | sort | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

level 9

bandit9@melinda:~$ strings data.txt | grep ^=
========== the
=qy9g
========== is
=9-5
========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
bandit9@melinda:~$ strings data.txt | grep ==
========== the
,========== passwordc
========== is
========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

level 10

bandit10@melinda:~$ base64 -d data.txt 
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

level 11

bandit11@melinda:~$ cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'          
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

level 12

This is a longer one... I inserted extra newlines for better readability this time.

bandit12@melinda:~$ l
data.txt

bandit12@melinda:~$ mkdir /tmp/sjas/ && cp data.txt /tmp/sjas

bandit12@melinda:~$ cd /tmp/sjas

bandit12@melinda:/tmp/sjas$ l
data.txt

bandit12@melinda:/tmp/sjas$ cat data.txt 
0000000: 1f8b 0808 d095 b051 0203 6461 7461 322e  .......Q..data2.
0000010: 6269 6e00 013a 02c5 fd42 5a68 3931 4159  bin..:...BZh91AY
0000020: 2653 5915 d9db 2800 0017 7fff ff5d f6ea  &SY...(......]..
0000030: e98b bff6 ff7f ffbf fce3 f7fa a3fb badb  ................
0000040: f3e9 f873 b7ff fcff cffb 7bff b001 3b35  ...s......{...;5
0000050: b080 d000 0000 0000 1ea0 f534 3400 0d00  ...........44...
0000060: d1a1 a1a1 a006 8680 0006 9ea0 6868 68f4  ............hhh.
0000070: 81b5 0d34 d0c2 0d0d 3d13 47a4 cd44 01a1  ...4....=.G..D..
0000080: a007 a801 a000 d1a0 d00d 0034 0640 1ea3  ...........4.@..
0000090: 4c99 0000 d034 d1b5 3201 a0d1 a06d 4003  L....4..2....m@.
00000a0: d403 351a 00f4 2347 a801 9348 1a7a 8034  ..5...#G...H.z.4
00000b0: d340 0000 0006 690d 0000 0340 0d3d 46d1  .@....i....@.=F.
00000c0: 341a 7a86 8190 1a1a 1a34 347a 8d00 001a  4.z......44z....
00000d0: 6468 d006 8001 0403 0081 e752 1ca1 324a  dh.........R..2J
00000e0: 2d8d 2082 b927 606a 8dc4 4407 d0eb 1428  -. ..'`j..D....(
00000f0: 8782 7c75 29f4 19d4 3b6a 1f7e 147f 5636  ..|u)...;j.~..V6
0000100: 0183 4dbf 9a5d 968c 7340 d299 dd22 3024  ..M..]..s@..."0$
0000110: 8ecc 1ffe 92b3 101b ca86 20bd 47f2 7958  .......... .G.yX
0000120: 7d40 d62a 1dc8 8697 d109 66ae 1549 39df  }@.*......f..I9.
0000130: 95e2 2dad 4990 b250 9a0b f842 0ade e4fb  ..-.I..P...B....
0000140: 2717 ba73 0a60 9048 c4db 851b db3c 0e4d  '..s.`.H.....<.M
0000150: 9d04 a542 3d98 a411 65b8 116f 0710 19e3  ...B=...e..o....
0000160: 210a 11d4 b9bc 5227 c02e f8ac fab6 f541  !.....R'.......A
0000170: f934 9619 a951 6654 8482 4fd2 9ce7 af09  .4...QfT..O.....
0000180: 0ed5 e29c 3482 e515 3882 07b5 8a2b 02e7  ....4...8....+..
0000190: 5357 2cd5 c071 3d10 546c d9e2 aa49 a75c  SW,..q=.Tl...I.\
00001a0: 2ada f467 469d 4464 c20e f8f0 17d3 271d  *..gF.Dd......'.
00001b0: e3c6 ac3a 9f96 d17f 897c 04bf c445 d6bc  ...:.....|...E..
00001c0: a706 16b0 34bf 2f1b 3419 9eea 5d5a f7c0  ....4./.4...]Z..
00001d0: 1ce4 5477 832b 2258 6b29 55ec 2155 2e66  ..Tw.+"Xk)U.!U.f
00001e0: 2ad1 81d1 edd0 22fe 0f6c 9172 b0d2 3b93  *....."..l.r..;.
00001f0: 42b3 079e 8013 c6ef 1425 82fe a53b 1898  B........%...;..
0000200: c9b5 2111 5c53 eb19 6142 a8b6 480a a8eb  ..!.\S..aB..H...
0000210: 439e b18f 9269 890e dcec da54 614c 4eba  C....i.....TaLN.
0000220: fe8c 5c10 6586 1321 680b 9896 fdee b1d5  ..\.e..!h.......
0000230: 8e68 d49a 11d4 868d 7e82 3238 4e13 dd44  .h......~.28N..D
0000240: 9ad4 0081 b138 f17f e2ee 48a7 0a12 02bb  .....8....H.....
0000250: 3b65 0018 d921 743a 0200 00              ;e...!t:...

bandit12@melinda:/tmp/sjas$ file data.txt 
data.txt: ASCII text

bandit12@melinda:/tmp/sjas$ xxd -r data.txt data1

bandit12@melinda:/tmp/sjas$ file data1
data1: gzip compressed data, was "data2.bin", from Unix, last modified: Thu Jun  6 13:59:44 2013, max compression

bandit12@melinda:/tmp/sjas$ mv data1 data1.gz

bandit12@melinda:/tmp/sjas$ gzip -d data1.gz 

bandit12@melinda:/tmp/sjas$ l
data.txt  data1

bandit12@melinda:/tmp/sjas$ mv data1 data2.bin

bandit12@melinda:/tmp/sjas$ file data2.bin 
data2.bin: bzip2 compressed data, block size = 900k

bandit12@melinda:/tmp/sjas$ bzip2 -d data2.bin
bzip2: Can't guess original name for data2.bin -- using data2.bin.out

bandit12@melinda:/tmp/sjas$ l
data.txt  data2.bin.out

bandit12@melinda:/tmp/sjas$ file data2.bin.out 
data2.bin.out: gzip compressed data, was "data4.bin", from Unix, last modified: Thu Jun  6 13:59:43 2013, max compression

bandit12@melinda:/tmp/sjas$ gzip -d -S .out data2.bin.out 

bandit12@melinda:/tmp/sjas$ l
data.txt  data2.bin

bandit12@melinda:/tmp/sjas$ file data2.bin. 
data2.bin.: POSIX tar archive (GNU)

bandit12@melinda:/tmp/sjas$ tar -xvf data2.bin 
data5.bin

bandit12@melinda:/tmp/sjas$ l
data.txt  data2.bin  data5.bin

bandit12@melinda:/tmp/sjas$ file data5.bin 
data5.bin: POSIX tar archive (GNU)

bandit12@melinda:/tmp/sjas$ tar -xvf data5.bin 
data6.bin

bandit12@melinda:/tmp/sjas$ file data6.bin 
data6.bin: bzip2 compressed data, block size = 900k

bandit12@melinda:/tmp/sjas$ bzip2 -d data6.bin
bzip2: Can't guess original name for data6.bin -- using data6.bin.out

bandit12@melinda:/tmp/sjas$ file data6.bin.out     
data6.bin.out: POSIX tar archive (GNU)

bandit12@melinda:/tmp/sjas$ tar xf data6.bin.out 

bandit12@melinda:/tmp/sjas$ l
data.txt  data2.bin  data5.bin  data6.bin.out  data8.bin

bandit12@melinda:/tmp/sjas$ file data8.bin 
data8.bin: gzip compressed data, was "data9.bin", from Unix, last modified: Thu Jun  6 13:59:43 2013, max compression

bandit12@melinda:/tmp/sjas$ gzip -d -S .bin data8.bin

bandit12@melinda:/tmp/sjas$ l
data.txt  data2.bin  data5.bin  data6.bin.out  data8

bandit12@melinda:/tmp/sjas$ file data8 
data8: ASCII text

bandit12@melinda:/tmp/sjas$ cat data8 
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

Finally it's over...

level 13

This time all the console output is shown:

I connect to host asdf as I made the aforementioned shortcut in ~/.ssh/config.

[sjas@beckett /tmp]% ssh bandit13@asdf                                         

This is the OverTheWire game server. More information on http://www.overthewire.org/wargames

Please note that wargame usernames are no longer level<X>, but wargamename<X>
e.g. vortex4, semtex2, ...

Note: at this moment, blacksun and drifter are not available.

bandit13@bandit.labs.overthewire.org's password: 
Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.15.4-x86_64-linode45 x86_64)

 * Documentation:  https://help.ubuntu.com/

Welcome to the OverTheWire games machine !

Please read /README.txt for more information on how to play the levels
on this gameserver.

  System information disabled due to load higher than 8.0

11 packages can be updated.
8 updates are security updates.

New release '14.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.



*** System restart required ***

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

bandit13@melinda:~$ l
sshkey.private
bandit13@melinda:~$ logout
Connection to bandit.labs.overthewire.org closed.
[sjas@beckett /tmp]% scp bandit13@asdf:sshkey.private .                        

This is the OverTheWire game server. More information on http://www.overthewire.org/wargames

Please note that wargame usernames are no longer level<X>, but wargamename<X>
e.g. vortex4, semtex2, ...

Note: at this moment, blacksun and drifter are not available.

bandit13@bandit.labs.overthewire.org's password: 
sshkey.private                                100% 1679     1.6KB/s   00:00    
[sjas@beckett /tmp]%

All here is to do is to download the ssh private key to your local machine. I moved it to /tmp since I will not need anymore after the levels. It this were different, I'd have placed it into my ~/.ssh folder.

level 14

Now the private key from level 13 is to be put to use. The next levels are to be passed on the server, connected as bandit14, anyway.

The pass the keyfile to ssh, use -i, if it should not use ~/.ssh/id_rsa or ~/.ssh/id_dsa

Also the complete output is shown here.

[sjas@beckett /tmp]% ssh -i /tmp/sshkey.private bandit14@asdf                  

This is the OverTheWire game server. More information on http://www.overthewire.org/wargames

Please note that wargame usernames are no longer level<X>, but wargamename<X>
e.g. vortex4, semtex2, ...

Note: at this moment, blacksun and drifter are not available.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/tmp/sshkey.private' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /tmp/sshkey.private
bandit14@bandit.labs.overthewire.org's password: 

[sjas@beckett /tmp]% chmod 600 /tmp/sshkey.private                             
[sjas@beckett /tmp]% ssh -i /tmp/sshkey.private bandit14@asdf                  

This is the OverTheWire game server. More information on http://www.overthewire.org/wargames

Please note that wargame usernames are no longer level<X>, but wargamename<X>
e.g. vortex4, semtex2, ...

Note: at this moment, blacksun and drifter are not available.

Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.15.4-x86_64-linode45 x86_64)

 * Documentation:  https://help.ubuntu.com/

Welcome to the OverTheWire games machine !

Please read /README.txt for more information on how to play the levels
on this gameserver.

System information disabled due to load higher than 8.0

11 packages can be updated.
8 updates are security updates.

New release '14.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.



*** System restart required ***

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

bandit14@melinda:~$ cat /etc/bandit_pass/bandit14
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

chmod is used to fix permissions that were off. ssh expects RW access to the key only being possible by the owner, no other rights.

level 15

localhost? On my own computer?

[sjas@beckett /tmp]% telnet localhost 30000                                    
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

Not so. How on the remote server?

[sjas@beckett /tmp]% telnet bandit.labs.overthewire.org 9000                   
Trying 178.79.134.250...
^C

Won't work from a remote server, most likely due to firewall rules. So Ctrl-C for ending the connection try and retry from on the server:

[sjas@beckett /tmp]% ssh -i /tmp/sshkey.private bandit14@asdf                   
.
.
.

bandit14@melinda:~$ telnet localhost 30000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
Correct!
BfMYroe26WYalil77FoDi9qh59eK5xNr

Connection closed by foreign host.
bandit14@melinda:~$ 

nc (netcat) works, too:

bandit14@melinda:~$ nc localhost 30000
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
Correct!
BfMYroe26WYalil77FoDi9qh59eK5xNr

bandit14@melinda:~$

level 16

First try:

bandit14@melinda:~$ openssl s_client -connect localhost:30001
CONNECTED(00000003)
depth=0 CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = localhost
verify return:1
---
Certificate chain
 0 s:/CN=localhost
   i:/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICpDCCAYwCCQDDVcPYicjxQjANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwls
b2NhbGhvc3QwHhcNMTMwNjA2MTM1ODM3WhcNMjMwNjA0MTM1ODM3WjAUMRIwEAYD
VQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF
Id/8XRfPayS8u+XfqkXQq3QawTEmxcxQw4TiLKlnqLqsl02U3dUIBqSJu1LQE8lf
/eez2KF9Nse9cXqty6M6J9/515b+xaLfkAV1q97JwO1BfciJDiWqjPerMcikUb0d
zTnDFSpWpnrTjLqlquSWrgRxMffmGi+6x7lsWp8EOAIrFhxadYgTskVUslsgtwBP
dVtDG3OZSa8uyD6LJMCgMpaIs0nI1AS8yWWRnBPP6tujJV9x5JI8GYuC1OB9hsYT
+J7ZMkQ5soOXi9TIuyQSfavH27z44uMF3g4fB6i9l2KNFeKkuq1JVM+HbrXfSlf3
+Gtm/+hO/jlKzGw+pmobAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAF0ah9QUPxRM
cCNaZ2Bb+IkBXbj1esk92Hv7H4uYIionJl2f+8M6/YgGNhBI4C1r82Hwbi9DwVYs
kztth6DQIBw3KnNLyoKfYmEz6+Azko5rIefeJoHEBdD41tMqmBd8jWi5+hUbkeLr
8A0wzwi/mVQP4xBZ5cELDEaC2MFCi20X4APFFYeXEMjEYwTwADdADiQ52ezle0zr
iSZ10PUmxqjE4NCYo8feZ7emRcAozZElyF9JjoHfXSSiEViELPU2Wb9ygljYz2Hy
AGDcpE2FIGZRiHk+PT2tHD92bp4BeyZsh52pYvItJie3owdIQoQASfperclRvcyn
mNrjHPUubAc=
-----END CERTIFICATE-----
subject=/CN=localhost
issuer=/CN=localhost
---
No client certificate CA names sent
---
SSL handshake has read 1272 bytes and written 363 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 162F69EE481BEE8FF1AC7CCBA304284F7C7A6AF9C35743D0272D285514D8226D
    Session-ID-ctx: 
    Master-Key: 6CDD3BC45858C00FF59DD8E0C872AC96769EAC33574BD56590AA0B0A32C1DA309F32FF8C38B10AB6AFD58D44AF3CB767
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1409415184
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
BfMYroe26WYalil77FoDi9qh59eK5xNr
HEARTBEATING
read R BLOCK
read:errno=0
bandit14@melinda:~$

Ok, lets give the manpage a try? (man s_client)

CONNECTED COMMANDS
       If a connection is established with an SSL server then any data
       received from the server is displayed and any key presses will be sent
       to the server. When used interactively (which means neither -quiet nor
       -ign_eof have been given), the session will be renegotiated if the line
       begins with an R, and if the line begins with a Q or if end of file is
       reached, the connection will be closed down.

Awww, lets just try -quiet...

bandit14@melinda:~$ openssl s_client -connect localhost:30001 -quiet
depth=0 CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = localhost
verify return:1
BfMYroe26WYalil77FoDi9qh59eK5xNr
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd

read:errno=0
bandit14@melinda:~$

:D

level 17

First lets do a simple portscan:

bandit14@melinda:~$ nmap -PN localhost

Starting Nmap 5.21 ( http://nmap.org ) at 2014-08-30 16:28 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0011s latency).
Not shown: 994 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
113/tcp   open  auth
443/tcp   open  https
3306/tcp  open  mysql
30000/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds

Bummer. But that's due to nmap only scanning the first 30000 ports. See:

bandit14@melinda:~$ nmap -p 30000-32000 localhost

Starting Nmap 5.21 ( http://nmap.org ) at 2014-08-30 16:41 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00086s latency).
Not shown: 1994 closed ports
PORT      STATE SERVICE
30000/tcp open  unknown
30001/tcp open  unknown
31046/tcp open  unknown
31518/tcp open  unknown
31691/tcp open  unknown
31790/tcp open  unknown
31960/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 0.54 seconds
bandit14@melinda:~$

30001 wasn't shown in the first scan.

Since we know the port is between 31000 and 32000, so it's one of these:

  • 31046
  • 31518
  • 31691
  • 31790
  • 31960

This can be programmatically tried by nmap, too, but I am an amateur, so I will try them by hand. It's just that five ports.

bandit14@melinda:~$ openssl s_client -quiet -connect localhost:31046
140737354065568:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:


bandit14@melinda:~$ openssl s_client -quiet -connect localhost:31518
depth=0 CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = localhost
verify return:1
cluFn7wTiGryunymYOu4RcffSxQluehd
cluFn7wTiGryunymYOu4RcffSxQluehd
^C


bandit14@melinda:~$ openssl s_client -quiet -connect localhost:31691 
140737354065568:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:
bandit14@melinda:~$ openssl s_client -quiet -connect localhost:31790
depth=0 CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = localhost
verify return:1
cluFn7wTiGryunymYOu4RcffSxQluehd
Correct!
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
+TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
-----END RSA PRIVATE KEY-----

read:errno=0
bandit14@melinda:~$

Well, this looks like ssh privatekey? :)

For fun the last port:

bandit14@melinda:~$ openssl s_client -quiet -connect localhost:31960
140737354065568:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:
bandit14@melinda:~$

By the way:
-PN flag used in the first scan is for skipping the host discovery stage. Use it, if you know for sure that the host is up.

level 18

The desctiption was a bit off, since there was no password. 'Just' a private key.

Anyway, copy the content of the private key and put it into a new key file.

I created a new file in /tmp/newkey. Opened it in my editor of choice (vim), pasted everything between the delimiters into it:

-----BEGIN RSA PRIVATE KEY----- 

    and the garbage between 
         included, too

-----END RSA PRIVATE KEY-----

... and save it.

If you have a microsoft-based operating system and fuck up the line endings due to copy paste, you're to blame (CRLF instead of just LF.).

If all was done accordingly, it will work as can be seen here. Of course, I forgot chmod 600 on the keyfile once again.

[sjas@beckett /tmp]% ssh -i /tmp/newkey bandit17@asdf                          

This is the OverTheWire game server. More information on http://www.overthewire.org/wargames

Please note that wargame usernames are no longer level<X>, but wargamename<X>
e.g. vortex4, semtex2, ...

Note: at this moment, blacksun and drifter are not available.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for '/tmp/newkey' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /tmp/newkey
bandit17@bandit.labs.overthewire.org's password: 

[sjas@beckett /tmp]% chmod 600 newkey                                          
[sjas@beckett /tmp]% ssh -i /tmp/newkey bandit17@asdf

.
. (this time I omitted the servers welcome message........)
.

bandit17@melinda:~$ 

After having this out of the way, there are options to solve this:

diff wasn't mentioned, but is the easiest by far:

bandit17@melinda:~$ diff passwords.old passwords.new 
42c42
< PRjrhDcANrVM6em57fPnFp4Tcq8gvwzK
---
> kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

It shows the differences between two files.

42c42 tells, line 42 in the first file got changed to line 42 in the second file, and thus is the new password.

Another solution:

bandit17@melinda:~$ TEMP=`cat passwords.new`; for i in $TEMP; do grep $i passwords.old > /dev/null; if [ $? -ne 0 ]; then echo $i; fi; done
kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

Explaining this, because there's helpful stuff in there:

 1      TEMP=`cat passwords.new`
 2      for i in $TEMP
 3      do 
 4          grep $i passwords.old > /dev/null
 5          if [ $? -ne 0 ]
 6          then 
 7              echo $i
 8          fi
 9      done
  1. assign the new variable TEMP the contents of 'passwords.new'
  2. for loop, index i, running through contents of temp
  3. start of body of for loop
  4. grep for finding matches. exit code 0 if yes, exit code 1 if no match found. The grep output was streamed to /dev/null, because the output is of no importance to us.
  5. if clause, checking if no match was found. $? returns return code of last command that was run. -ne is 'not equal'.
  6. start of if body
  7. echo the currently tested string, which is our winner
  8. return to escape the loop as soon as we found our match
  9. end of if body
  10. end of body of for loop

level 19

Execute the cat from your localhost to run on the server and return the results. To do so simply append the command you want to the ssh call.

[sjas@beckett /tmp]% ssh bandit18@asdf cat readme                              

This is the OverTheWire game server. More information on http://www.overthewire.org/wargames

Please note that wargame usernames are no longer level<X>, but wargamename<X>
e.g. vortex4, semtex2, ...

Note: at this moment, blacksun and drifter are not available.

bandit18@bandit.labs.overthewire.org's password: 
IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

level 20

bandit19@melinda:~$ ll /etc/bandit_pass/
total 108
drwxr-xr-x   2 root     root     4096 Jun 27  2013 ./
drwxr-xr-x 109 root     root     4096 Aug 30 10:57 ../
-r--------   1 bandit0  bandit0     8 Jun  6  2013 bandit0
-r--------   1 bandit1  bandit1    33 Jun  6  2013 bandit1
-r--------   1 bandit10 bandit10   33 Jun  6  2013 bandit10
-r--------   1 bandit11 bandit11   33 Jun  6  2013 bandit11
-r--------   1 bandit12 bandit12   33 Jun  6  2013 bandit12
-r--------   1 bandit13 bandit13   33 Jun  6  2013 bandit13
-r--------   1 bandit14 bandit14   33 Jun  6  2013 bandit14
-r--------   1 bandit15 bandit15   33 Jun 27  2013 bandit15
-r--------   1 bandit16 bandit16   33 Jun  6  2013 bandit16
-r--------   1 bandit17 bandit17   33 Jun  6  2013 bandit17
-r--------   1 bandit18 bandit18   33 Jun  6  2013 bandit18
-r--------   1 bandit19 bandit19   33 Jun  6  2013 bandit19
-r--------   1 bandit2  bandit2    33 Jun  6  2013 bandit2
-r--------   1 bandit20 bandit20   33 Jun  6  2013 bandit20
-r--------   1 bandit21 bandit21   33 Jun  6  2013 bandit21
-r--------   1 bandit22 bandit22   33 Jun  6  2013 bandit22
-r--------   1 bandit23 bandit23   33 Jun  6  2013 bandit23
-r--------   1 bandit24 bandit24   33 Jun  6  2013 bandit24
-r--------   1 bandit3  bandit3    33 Jun  6  2013 bandit3
-r--------   1 bandit4  bandit4    33 Jun  6  2013 bandit4
-r--------   1 bandit5  bandit5    33 Jun  6  2013 bandit5
-r--------   1 bandit6  bandit6    33 Jun  6  2013 bandit6
-r--------   1 bandit7  bandit7    33 Jun  6  2013 bandit7
-r--------   1 bandit8  bandit8    33 Jun  6  2013 bandit8
-r--------   1 bandit9  bandit9    33 Jun  6  2013 bandit9
bandit19@melinda:~$

Since we need the pass for bandit20...

bandit19@melinda:~$ ls -ln /etc/bandit_pass/bandit20 
-r-------- 1 11020 11020 33 Jun  6  2013 /etc/bandit_pass/bandit20

but really only bandit20 can read it.

So what's up with the binary?

bandit19@melinda:~$ whoami
bandit19
bandit19@melinda:~$ id
uid=11019(bandit19) gid=11019(bandit19) groups=11019(bandit19)
bandit19@melinda:~$ ./bandit20-do whoami
bandit20
bandit19@melinda:~$ ./bandit20-do id    
uid=11019(bandit19) gid=11019(bandit19) euid=11020(bandit20) groups=11020(bandit20),11019(bandit19)

Niiice. And so...

bandit19@melinda:~$ ./bandit20-do cat /etc/bandit_pass/bandit20 
GbKksEFF4yrVs6il55v6gwY5aVje5f0j

level 21

For this one, you have to open two shells, with which you connect to the server:

On the first one, open a netcat server on a free port. (ss -a, to look up which ports are in use, nc -l <port> to run it.)

On the second shell, connect with the SUID binary to the netcatserver. (./suconnect <port used before with netcat>)

Once connected, send the password from the last level from the server (via first shell).

FIRST SHELL: (there arrives the new pw!)

bandit20@melinda:~$ nc -l 54545
GbKksEFF4yrVs6il55v6gwY5aVje5f0j
gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
bandit20@melinda:~$

SECOND SHELL:

bandit20@melinda:~$ ./suconnect 54545
Read: GbKksEFF4yrVs6il55v6gwY5aVje5f0j
Password matches, sending next password
bandit20@melinda:~$ 

Et voila.

level 22

First lets see what cronjobs are defined in /etc/cron.d. For better readability, I let the filename be printed in yellow.

bandit21@melinda:/etc/cron.d$ for i in *; do echo $'\e[1;33m'$i$'\e[0m'; cat $i; done
boobiesbot-check
@reboot root /vulnbot/launchbot.sh start boobiesbot
cron-apt
#
# Regular cron jobs for the cron-apt package
#
# Every night at 4 o'clock.
0 4 * * *   root    test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt
# Every hour.
# 0 *   * * *   root    test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt /etc/cron-apt/config2
# Every five minutes.
# */5 * * * *   root    test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt /etc/cron-apt/config2
cronjob_bandit22
* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
cronjob_bandit23
* * * * * bandit23 /usr/bin/cronjob_bandit23.sh  &> /dev/null
cronjob_bandit24
* * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null
eloi0
@reboot eloi0 /eloi/eloi0/eloi0.sh
eloi1
@reboot eloi1 /eloi/eloi1/eloi1.sh
hintbot-check
@reboot root /vulnbot/launchbot.sh start hintbot
manpage3_resetpw_job
cat: manpage3_resetpw_job: Permission denied
melinda-stats
*/30 * * * * root /root/scripts/melinda-cronjob.sh
natas-session-toucher
* * * * * root /root/scripts/natas-session-toucher.sh
natas-stats
*/30 * * * * root /root/scripts/natas-cronjob.sh
natas25_cleanup
cat: natas25_cleanup: Permission denied
natas26_cleanup
cat: natas26_cleanup: Permission denied
php5
# /etc/cron.d/php5: crontab fragment for php5
#  This purges session files older than X, where X is defined in seconds
#  as the largest value of session.gc_maxlifetime from all your php.ini
#  files, or 24 minutes if not defined.  See /usr/lib/php5/maxlifetime

# Look for and purge old sessions every 30 minutes
09,39 *     * * *     root   [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete
semtex0-32
@reboot root /semtex/semtex0 24000 /semtex/semtex0.data32
semtex0-64
@reboot root /semtex/semtex0 24001 /semtex/semtex0.data64
semtex0-ppc
@reboot root /semtex/semtex0 24002 /semtex/semtex0.datappc
semtex10
@reboot root /semtex/semtex10 24019
semtex12
@reboot root /semtex/semtex12.authd 24012 /semtex/semtex12.data/password
@reboot root /semtex/semtex12.reader 24013 /semtex/semtex12.data/dir/
semtex5
@reboot root /semtex/semtex5 24027
semtex6
@reboot root /semtex/semtex6
semtex8
@reboot root /semtex/semtex8 /semtex/semtex8.data/semtex8.jpg /semtex/semtex8.data/semtex8.sock
semtex9
@reboot root /semtex/semtex9.fshell /semtex/semtex9.data/fakeshell
@reboot root /semtex/semtex9.i2t -f /semtex/semtex9.data/fakeshell
sysstat
# The first element of the path is a directory where the debian-sa1
# script is located
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin

# Activity reports every 10 minutes everyday
5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1

# Additional run at 23:59 to rotate the statistics file
59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2
vortex0
@reboot root /vortex/vortex0
vortex20
@reboot root /vortex/vortex20
vulnbot0-check
# @reboot root /vulnbot/launchbot.sh start vulnbot0
vulnbot1-check
# @reboot root /vulnbot/launchbot.sh start vulnbot1
bandit21@melinda:/etc/cron.d$ 

Looks like cronjob_bandit22 is the way to go.

bandit21@melinda:/etc/cron.d$ cat cronjob_bandit22 
* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

Now we know which script gets executed every minute. (* * * * *)

bandit21@melinda:/etc/cron.d$ cat /usr/bin/cronjob_bandit22.sh 
#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

Well, lets check the rights and the content of these files from the script...

bandit21@melinda:/etc/cron.d$ ll /etc/bandit_pass/bandit22
-r-------- 1 bandit22 bandit22 33 Jun  6  2013 /etc/bandit_pass/bandit22

No luck, no read access for us.

bandit21@melinda:/etc/cron.d$ ll /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
-rw-r--r-- 1 bandit22 bandit22 33 Aug 30 19:32 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

But here...

bandit21@melinda:/etc/cron.d$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI

level 23

bandit22@melinda:~$ cd /etc/cron.d
bandit22@melinda:/etc/cron.d$ ll
total 128
drwxr-xr-x   2 root root 4096 Jul 22 13:40 ./
drwxr-xr-x 109 root root 4096 Aug 30 10:57 ../
-rw-r--r--   1 root root  102 Apr  2  2012 .placeholder
-rw-r--r--   1 root root   52 Oct 22  2013 boobiesbot-check
-rw-r--r--   1 root root  355 Nov 18  2011 cron-apt
-rw-r--r--   1 root root   61 Jun  6  2013 cronjob_bandit22
-rw-r--r--   1 root root   62 Jun  6  2013 cronjob_bandit23
-rw-r--r--   1 root root   61 Jun  6  2013 cronjob_bandit24
-rw-r--r--   1 root root   35 Jun  6  2013 eloi0
-rw-r--r--   1 root root   35 Jun  6  2013 eloi1
-rw-r--r--   1 root root   49 Jul  3 14:13 hintbot-check
-rw-------   1 root root  233 Jun  6  2013 manpage3_resetpw_job
-rw-r--r--   1 root root   51 Jul 12 15:57 melinda-stats
-rw-r--r--   1 root root   54 Sep 30  2013 natas-session-toucher
-rw-r--r--   1 root root   49 Sep 30  2013 natas-stats
-r--r-----   1 root root   47 Sep 30  2013 natas25_cleanup
-r--r-----   1 root root   45 Jul 22 13:40 natas26_cleanup
-rw-r--r--   1 root root  544 Mar 11  2013 php5
-rw-r--r--   1 root root   58 Jun  6  2013 semtex0-32
-rw-r--r--   1 root root   58 Jun  6  2013 semtex0-64
-rw-r--r--   1 root root   59 Jun  6  2013 semtex0-ppc
-rw-r--r--   1 root root   36 Jun  6  2013 semtex10
-rw-r--r--   1 root root  143 Jun  6  2013 semtex12
-rw-r--r--   1 root root   35 Jun  6  2013 semtex5
-rw-r--r--   1 root root   29 Jun  6  2013 semtex6
-rw-r--r--   1 root root   96 Jun  6  2013 semtex8
-rw-r--r--   1 root root  134 Jun  6  2013 semtex9
-rw-r--r--   1 root root  396 Dec 16  2011 sysstat
-rw-r--r--   1 root root   29 Jun  6  2013 vortex0
-rw-r--r--   1 root root   30 Jul  2  2013 vortex20
-rw-r--r--   1 root root   52 Jul  3 13:41 vulnbot0-check
-rw-r--r--   1 root root   52 Jul  3 13:41 vulnbot1-check
bandit22@melinda:/etc/cron.d$ cat cronjob_bandit23
* * * * * bandit23 /usr/bin/cronjob_bandit23.sh  &> /dev/null

Oh, another cronjob running every minute.

bandit22@melinda:/etc/cron.d$ ll /usr/bin/cronjob_bandit23.sh 
-rwxr-x--- 1 bandit23 bandit22 211 Jun  6  2013 /usr/bin/cronjob_bandit23.sh*

Running a script, for which our group just happens to have execute permission, too.

bandit22@melinda:/etc/cron.d$ cat /usr/bin/cronjob_bandit23.sh 
#!/bin/bash

myname=$(whoami)
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)

echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"

cat /etc/bandit_pass/$myname > /tmp/$mytarget

And the script just further happens to copy something into /tmp, again. Granting read permissions to everyone in the process.

This tells us different things.

  • We can run the script ourselves. But this won't help us.
  • The path where the file is stored lies under /tmp and the filename is generated.
  • If we knew the filename, we'd have the pw.

So let's do the line with the filename creation by hand:

bandit22@melinda:/etc/cron.d$ echo I am user bandit23 | md5sum | cut -d' ' -f1
8ca319486bfbbc3663ea0fbe81326349

Which is the filename. Since i am not overly into copy-typing:

bandit22@melinda:/etc/cron.d$ cat /tmp/`echo I am user bandit23 | md5sum | cut -d' ' -f1`
jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n

level 24

level 25

This one is not prepared yet. It's over for now.

\O/
 |
/ \
Proxmox firewall settings
posted on 2014-08-28 14:23:21

To run proxmox properly (including it's web interface), these ports are needed in /etc/init.d/firewall:

bin=`which iptables`
I=eth0

$bin -A INPUT -i $I -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 22 -j ACCEPT
$bin -A INPUT -i $I -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 80 -j ACCEPT
$bin -A INPUT -i $I -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 443 -j ACCEPT
$bin -A INPUT -i $I -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 8006 -j ACCEPT
$bin -A INPUT -i $I -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 5900 -j ACCEPT
$bin -A INPUT -i $I -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 5901 -j ACCEPT
$bin -A INPUT -i $I -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 5902 -j ACCEPT
$bin -A INPUT -i $I -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 5903 -j ACCEPT
$bin -A INPUT -i $I -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 5904 -j ACCEPT
$bin -A INPUT -i $I -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 5905 -j ACCEPT
Tomcat memory settings on Debian
posted on 2014-08-27 17:57:37

To double all the base tomcat memory limits, use this:

/etc/default/tomcat7:

JAVA_OPTS="-Djava.awt.headless=true -XX:+UseConcMarkSweepGC -Xms512m -Xmx1024m -XX:MaxPermSize=256m"

This edits the startup settings of tomcat. The parts in question are these:

# set the minimum heap size
-Xms512m
# set the maximum heap size
-Xmx1024m
# set the permgen space size
-XX:MaxPermSize=256m

Try these if your tomcat has hickups.

SSH debugging
posted on 2014-08-26 16:40:50

When debugging SSH connections, or rather their connection establishment mishaps, check the logs:

Debian:

/var/log/auth.log

RedHat:

/var/log/secure

Usually this does suffice. If not, increase the Log Level in /etc/ssh/sshd_config.

Proxmox no subscription repo
posted on 2014-08-25 18:05:50

As of currently, the Proxmox installer is available in version 3.2. Nowadays proxmox apt repositories are set to the subscription ones (costing money, if you want to use them).

To change this... change the following file to contain these contents:

/etc/apt/sources.list.d/pve-enterprise.list:

deb [arch=amd64] http://download.proxmox.com/debian wheezy pve-no-subscription

apt-get update, apt-get upgrade.

Common Lisp Aliasing
posted on 2014-08-22 01:00:32

To alias a function in common lisp, i.e. to shorten the builtin function documentation to something easier to write, i.e. 'doc', do this in the lisp console:

(setf (symbol-function 'doc) #'documentation)

To make this stick, put it into either the system-wide initfile, or the user one. So either into $SBCL_HOME/sbclrc (if this does not exist, try /etc/sbclrc), or $HOME/.sbclrc.

Another alternative would be to create a new lisp image, but YMMV.

Network Stats on FreeBSD
posted on 2014-08-21 16:51:25

To see proper load and complete stats on a FreeBSD (i.e. a PFSense), use:

systat -ifstat 1

Which gives something like this:

                    /0   /1   /2   /3   /4   /5   /6   /7   /8   /9   /10
 Load Average

  Interface           Traffic               Peak                Total
     ovpns1  in      0.000 KB/s          1.714 KB/s           84.050 MB
             out     0.000 KB/s          3.965 KB/s          202.886 MB

        lo0  in      0.000 KB/s          0.000 KB/s          200.695 KB
             out     0.000 KB/s          0.000 KB/s          200.695 KB

       enc0  in      0.301 KB/s          0.618 KB/s          615.144 MB
             out     0.243 KB/s          0.483 KB/s          334.407 MB

        em2  in      0.095 KB/s          0.152 KB/s           28.847 MB
             out     0.095 KB/s          0.095 KB/s           28.016 MB

        em1  in    158.298 KB/s        206.448 KB/s          202.662 GB
             out    10.525 KB/s         71.434 KB/s           39.187 GB

        em0  in     11.428 KB/s         72.010 KB/s           41.853 GB
             out    49.342 KB/s         79.099 KB/s           88.548 GB
hosts
posted on 2014-08-19 17:33:31

To show migrated webpages, prior to an aktive DNS configuration, add such a line to your local hosts file:

10.0.0.1 mydomain.de www.mydomain.de

Domain and IP are examples, of course.

Depending on the operating system you use, there are different ways to achieve this:

Linux

Change the file /etc/hosts. Just append the line, leave everything else untouched.

Windows

italic is what you actually have to do:

  1. In Windows press Windowskey + r, type cmd, Enter
  2. type cd %SystemRoot%\system32\drivers\etc, Enter
  3. notepad hosts, Enter
  4. 10.0.0.1 mydomain.de www.mydomain.de is to be appended at the end
  5. Save file, close

Now you should be able to test the page from a browser of your choice by accessing the URL.

Once you are satisfied that all is working accordingly, don't forget to remove the entry you just made.

Running tomcat on port 80
posted on 2014-08-13 12:46:39

To run a tomcat on port 80 (which needs system user rights):

vim /etc/default/tomcat7:

AUTHBIND=yes

In case you need tomcat on port 80 and 443, this seems not to work.

My approach was to let it run on the base ports (8080 and 8443) and to redirect these via iptables.

vim /etc/init.d/firewall:

# first open all the ports needed
$bin -A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 80 -j ACCEPT
$bin -A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 443 -j ACCEPT
$bin -A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 8080 -j ACCEPT
$bin -A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 8443 -j ACCEPT
# flush nat table... beware if you already use that chain elsewhere!
$bin -F -t nat
$bin -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
$bin -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443

In case you want to run tomcat and apache in parallel, assign a second IP to your NIC.
Then add the IP of tomcat to the redirect statements above via -d <this.is.the.ip>.

Change tomcat's used java version
posted on 2014-08-12 10:20:19

To change the java version used, on a debian install, which is used by tomcat, change /etc/default/tomcat7.

There you have to change the JAVA_HOME setting accordingly.

Exporting JAVA_HOME by hand is no use, and changing the init script in /etc/init.d/tomcat7 is not just ugly and bad style, but michgt also be overwritten by future updates.

less syntax highlighting
posted on 2014-08-08 23:44:09

This works on debian:

$ apt-get install source-highlight -y
$ export LESSOPEN="| /usr/share/source-highlight/src-hilite-lesspipe.sh %s"
$ export LESS=' -R '

Put the export lines into your .bashrc to make them stick.

vim backreferences
posted on 2014-08-08 15:30:52

Backreferences in vim are used in search-and-replace commands in vim.

Parts grouped in the search part, can be referenced in the replace part.

Usually for grouping escaped parentheses are needed, depending on how magic your vim is, or if you use \v. If you don't believe me, you most certainly never used :h magic in vim, which tells this:

 3. Magic                                                        */magic*

Some characters in the pattern are taken literally.  They match with the same
character in the text.  When preceded with a backslash however, these
characters get a special meaning.

Other characters have a special meaning without a backslash.  They need to be
preceded with a backslash to match literally.

If a character is taken literally or not depends on the 'magic' option and the
items mentioned next.
                                                        */\m* */\M*
Use of "\m" makes the pattern after it be interpreted as if 'magic' is set,
ignoring the actual value of the 'magic' option.
Use of "\M" makes the pattern after it be interpreted as if 'nomagic' is used.
                                                        */\v* */\V*
Use of "\v" means that in the pattern after it all ASCII characters except
'0'-'9', 'a'-'z', 'A'-'Z' and '_' have a special meaning.  "very magic"

Use of "\V" means that in the pattern after it only the backslash has a
special meaning.  "very nomagic"

Examples:
after:    \v       \m       \M       \V         matches ~
                'magic' 'nomagic'
          $        $        $        \$         matches end-of-line
          .        .        \.       \.         matches any character
          *        *        \*       \*         any number of the previous atom
          ()       \(\)     \(\)     \(\)       grouping into an atom
          |        \|       \|       \|         separating alternatives
          \a       \a       \a       \a         alphabetic character
          \\       \\       \\       \\         literal backslash
          \.       \.       .        .          literal dot
          \{       {        {        {          literal '{'
          a        a        a        a          literal 'a'

{only Vim supports \m, \M, \v and \V}

It is recommended to always keep the 'magic' option at the default setting,
which is 'magic'.  This avoids portability problems.  To make a pattern immune
to the 'magic' option being set or not, put "\m" or "\M" at the start of the
pattern.

TL;DR

Use \( \) to group, and \1, \2, and so forth to reference.

Example:

echo 1
echo 2

will become

echo "1"
echo "2"

through this:

:%s/\(^echo \)\(\d\+\)$/\1"\2"/g

or alternatively this: (I hope I have no typo in there ;o))

:%s/\v(^echo )(\d\+)$/\1"\2"/g

It matches echo at the beginning of the line (^) as first part, one ore more digits (\d\+) afterwards as second part. These are referenced through \1 and \2, and the second backreference is put in between quotation marks "".

MySQL-over-SSL
posted on 2014-08-08 14:45:03

How to use SSL/TLS for mysql connections? We shall see.

This guide assumes you have mysqld already installed and have root access on the box you are working on. All this was done a debian 7 install.

check if your mysqld supports it

This means, if the mysql install was compiled with the right flags.

  • connect to mysql
  • show variables like 'have_ssl';
  • DISABLED = capable, but was not started with the option on
  • YES = SSL capable and enabled

Example:

[sjas@box ~]$ mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 65
Server version: 5.5.38-0+wheezy1 (Debian)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show variables like 'have_ssl';
+---------------+----------+
| Variable_name | Value    |
+---------------+----------+
| have_ssl      | DISABLED |
+---------------+----------+
1 row in set (0.00 sec)

mysql> quit
Bye
[sjas@box ~]$

cert 101

To use a public key infrastructure here, you have to have a root certificate (coming from a CA, which is short for certificate authority).

Thus a private key for the CA is generated and a certificate.

Next step is creating the server private key, and creating a certificate request from it. This request is used with the CA cert and the CA key, to create the actual server certificate.

This procedure is repeated for the client.


Finally, on client side, to use SSL/TLS, you have to use these: The CA cert, the client cert and the client key

Finally, on server side, to use SSL/TLS, you have to use these: The CA cert, the server cert and the server key

All these will be self-signed (self-generated, and not signed by an actual CA like Thawte or Digicert) and created by the next script.

create certificates

This script is handy, put it into a file and make it executable for usage:

#!/bin/bash

echo $'\e[1;33m''clean environment'$'\e[0m'
rm -rf mynewcerts
mkdir mynewcerts
cd mynewcerts

echo $'\e[1;33m''NOTE:'$'\e[0m'
echo $'\e[1;33m''USE DIFFERENT COMMON NAMES'$'\e[0m'
echo $'\e[1;33m''FOR ALL CERTS.'$'\e[0m'

echo $'\e[1;33m''create ca cert'$'\e[0m'
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3650 -key ca-key.pem -out ca-cert.pem

echo $'\e[1;33m''Create server certificate, remove passphrase, and sign it'$'\e[0m'
echo $'\e[1;33m''server-cert.pem = public key, server-key.pem = private key'$'\e[0m'
openssl req -newkey rsa:2048 -days 3650 -nodes -keyout server-key.pem -out server-req.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -req -in server-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

echo $'\e[1;33m''Create client certificate, remove passphrase, and sign it'$'\e[0m'
echo $'\e[1;33m''client-cert.pem = public key, client-key.pem = private key'$'\e[0m'
openssl req -newkey rsa:2048 -days 3650 -nodes -keyout client-key.pem -out client-req.pem
openssl rsa -in client-key.pem -out client-key.pem
openssl x509 -req -in client-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem

echo $'\e[1;33m''verify certs'$'\e[0m'
openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem

echo $'\e[1;33m''move server files to /etc/mysql/ssl'$'\e[0m'
mkdir - /etc/mysql/ssl
cp ca-cert.pem server-cert.pem server-key.pem /etc/mysql/ssl

echo $'\e[1;33m''TESTING Howto:'$'\e[0m'
echo $'\e[1;33m''service mysql stop'$'\e[0m'
echo $'\e[1;33m''mysqld --ssl-ca=/etc/mysql/ssl/ca-cert.pem --ssl-cert=/etc/mysql/ssl/server-cert.pem --ssl-key=/etc/mysql/ssl/server-key.pem'$'\e[0m'
echo $'\e[1;33m''Then in second console window:'$'\e[0m'
echo $'\e[1;33m''connect to this server, cd into mynewcerts folder'$'\e[0m'
echo $'\e[1;33m''mysql --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem  --ssl-key=client-key.pem -uroot -p'$'\e[0m'

This will create and do:

  • a CA key and certificate
  • a server privatekey, cert request and cert
  • and a client privatekey, cert and request
  • move the server-files to /etc/mysql/ssl

The requests are actually not important, once the certificates are generated. They are left in, in case a recreation of the certificates, i.e. with new CA data, is to be made.

Leave the passphrases blank and look out, so you have differing common names. If you use the same common names, you will have problems later on.

testing

Both these can be done on the same server.

server side

On server side, you have to use these files:

  • ca-cert.pem
  • server-cert.pem
  • server-key.pem

Create a directory in your mysql folder, here named /etc/mysql/ssl, and put these files into there.

Then stop mysqld, if running:

$ service mysql stop
$ mysqld --ssl-ca=/etc/mysql/ssl/ca-cert.pem --ssl-cert=/etc/mysql/ssl/server-cert.pem --ssl-key=/etc/mysql/ssl/server-key.pem

The MySQL server has to be properly started with these SSL options, else SSL would be turned of on server-side. On how to automate this, see the end of this guide.

client side

On client side, you have to use these files:

  • ca-cert.pem
  • client-cert.pem
  • client-key.pem

So from within the mynewcerts folder the script just created, run from a second shell this:

$ mysql --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem  --ssl-key=client-key.pem -uroot -p

After entering your password, you are at the mysql prompt. Use \s to check the output.

You might get something along these lines:

mysql> \s
--------------
mysql  Ver 14.14 Distrib 5.5.38, for debian-linux-gnu (x86_64) using readline 6.2

Connection id:          40
Current database:
Current user:           root@localhost
SSL:                    Cipher in use is DHE-RSA-AES256-SHA
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server version:         5.5.38-0+wheezy1 (Debian)
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /var/run/mysqld/mysqld.sock
Uptime:                 1 hour 29 min 28 sec

Threads: 1  Questions: 116  Slow queries: 0  Opens: 171  Flush tables: 1  Open tables: 41  Queries per second avg: 0.021
--------------

mysql>

If the SSL: ... line actually shows a cipher (and is not just empty), your setup works.

\q to exit from the mysql shell, then pkill mysql to kill the mysql server you just started by hand (see server section above).

The above can be done shorter, try this line:

mysql --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem  --ssl-key=client-key.pem -uroot -p -sss -e \s | grep SSL

proper setup

To have the mysqld starting properly, you have to pass the SSL options to the init script.

This is easiest done like this: (Another copy&paste section, this can be pasted directly to the shell.)

cat <<EOHD >> /etc/mysql/conf.d/ssl.cnf
[mysqld]
ssl-ca   = /etc/mysql/ssl/ca-cert.pem
ssl-cert = /etc/mysql/ssl/server-cert.pem
ssl-key  = /etc/mysql/ssl/server-key.pem
EOHD

The /etc/mysql/my.cnf should include the following line:

#
# * IMPORTANT: Additional settings that can override those from this file!
#   The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d

... so the previously generated file will work. Then do:

service mysql stop  ## in case it started somehow
service mysql start

Of course, you should test your work again via the mysql client (see client section above and look at the output of \s).

Otherwise, pass the client privkey, client cert and CA cert to the machines you actually want to secure and be happy you have encrypted mysql traffic.

force SSL usage

Further you can also force users to use SSL, when creating them within mysql.

From the mysql prompt:

mysql> GRANT ALL PRIVILEGES ON *.* TO 'ssluser'@'%' IDENTIFIED BY 'password-to-change' REQUIRE SSL WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;

Then this will work: (From within the folder where the certs are located, of course.)

$ mysql --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem -ussluser -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 57
...

but not this:

$ mysql -u ssluser -p
Enter password:
ERROR 1045 (28000): Access denied for user 'ssluser'@'localhost' (using password: YES)

Keep in mind, that the ssluser account created above is intended to replace the root account. That is the reason he got rights for everything (*.*) and can grant/revoke rights (WITH GRANT OPTION). Use a more fine-granular approach if you want to create accounts for your customers, else they could kill your DB as they wish.

remote access

In order to tell mysql to grant access to from remote machines:

$ vim /etc/mysql/my.cnf

and comment out:

bind-address = 127.0.0.1

exchanging keys and certs between machines

At last the note, exchanging privatekeys should never take place over unencrypted channels. Try scp, sftp or mailing the three files via a password encrypted compressed archive (zip, tar, 7z, ...) and passing the password through a separate channel.

Everything else is just plain bad style.

bash heredoc to file
posted on 2014-08-08 09:36:34

To append a heredoc to an existing file:

$ cat << EOHD >> myfile.txt
> line 1
> line 2
> line 3
> line 4
> EOHD

This works on a prompt, and will add this:

line 1
line 2
line 3
line 4

to file 'myfile.txt'.

This was shown on a prompt. To have the same effect from within a script, insert this into your file:

#!/bin/bash
cat << EOHD >> myfile.txt
line 1
line 2
line 3
line 4
EOHD

Make it executable (chown 755 <name-of-script.sh>), and run it (./<name-of-script.sh>).

Mail relaying test
posted on 2014-08-07 17:06:56

An open Relay might be misused for spamming and is a security issue, so this has to be fixed.

To check if your mailserver is misconfigured, you might use swaks.

swaks --from test@mail.de --to <your-actual@mailaddress.tld> -s <mailserver-hostname-to-test>

Or shorter:

swaks -f asdf@asdf.de -t sjas@mail.de -s my.domain.de

If something along the following lines is shown, you are clear:

[sjas@ctr-014 ~]% swaks --from asdf@asdf.de --to sjas@mail.de --server my.domain.de
=== Trying my.domain.de:25...
=== Connected to my.domain.de.
<-  220 my.domain.de ESMTP Postfix
-> EHLO ctr-014.intranet.centron.de
<-  250-my.domain.de
<-  250-PIPELINING
<-  250-SIZE 10240000
<-  250-ETRN
<-  250-STARTTLS
<-  250-AUTH PLAIN LOGIN
<-  250-AUTH=PLAIN LOGIN
<-  250-ENHANCEDSTATUSCODES
<-  250-8BITMIME
<-  250 DSN
-> MAIL FROM:<asdf@asdf.de>
<-  250 2.1.0 Ok
-> RCPT TO:<sjas@mail.de>
<** 554 5.7.1 <sjas@mail.de>: Relay access denied
-> QUIT
<-  221 2.0.0 Bye
=== Connection closed with remote host.
[sjas@ctr-014 ~]% 

To just test regular mailing capabilities, this suffices on the current server:

swaks -f root@`hostname -f` -t sjas@mail.de
Create password and copy it into clipboard
posted on 2014-08-07 09:51:29

To create a password and put it into you clipboard immediatly, use this line in your window manager's global shortcuts:

echo `\pwgen -cn 18 -1` | cut -d' ' -f1 | tr -d "\n" | xclip   
List file contents of all files in a folder
posted on 2014-08-06 18:52:29

To show all file contents of all files contained within a folder, you can of course use a loop:

for i in *; do cat $i; done

However, it might be helpful to know from which file which content originated:

for i in *; do echo $i; cat $i; done'

Since this is better, maybe still a bit crowded on the screen, how about coloring the file names?

for i in *; do echo $'\e[1;33m'$i$'\e[0m'; cat $i; done

This will show the same output as previously, but the filenames will show up in yellow.

This is due to the shell escape codes $'\e[1;33m' and $'\e[0m'. The first one tells the shell to use yellow font, the second tells to quit all extra formatting. Else everything would show up yellow.

Besides 1;33 for yellow, these exist: (and maybe even more, I do not know)

Black         0;30
Dark Gray     1;30
Red           0;31
Light Red     1;31
Green         0;32
Light Green   1;32
Brown         0;33
Yellow        1;33
Blue          0;34
Light Blue    1;34
Purple        0;35
Light Purple  1;35
Cyan          0;36
Light Cyan    1;36
Light Gray    0;37
White         1;37

\e[ stands for a literal escape symbol, IIRC.

More info on the shell control sequences can be found here and here.

encyclopedia
posted on 2014-08-05 16:23:36

This link here leads to 'linuxquesions.org' security references.

Takes years to read.

Run wireshark as non-root user
posted on 2014-08-05 10:23:00

To run wireshark as a non-root user, do this (as root, or use sudo):

apt-get install wireshark   
dpkg-reconfigure wireshark-common
usermod -a -G wireshark USER
# logout and login for new environment, for testing do:
groups USER  ## should lack group wireshark
su USER
groups USER  ## should now have group wireshark and thus work
wireshark
MySQL Debian root password reset
posted on 2014-08-04 16:24:52

If you have lost your mysql root password, and you happen to be on a debian system, you have luck:

[sjas@test ~]# cat /etc/mysql/debian.cnf 
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host     = localhost
user     = debian-sys-maint
password = r51fkvVRogY4i5oj
socket   = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host     = localhost
user     = debian-sys-maint
password = R51fkvVRogY4i5oj
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr

On debian, a system user with the same rights as mysql's root is created upon install. This one is used for mysql updates, for example.

So you can login into mysql, using the password from above:

$ sudo mysql -u debian-sys-maint -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 37
Server version: 5.5.38-0+wheezy1 (Debian)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> update mysql.user set Password=PASSWORD('my-new-and-secret-password') where user='root'; flush privileges; exit;
Query OK, 4 rows affected (0.01 sec)
Rows matched: 4  Changed: 4  Warnings: 0

Query OK, 0 rows affected (0.00 sec)

Bye
$

In this example the root PW got set to my-new-and-secret-password.

linux file attributes
posted on 2014-08-03 11:32:52

These should be present for ext2 / ext3 file systems. No idea for ext4 or if these are present across all unices.

a : append only
c : compressed
d : no dump
e : extent format
i : immutable
j : data journalling
s : secure deletion
t : no tail-merging
u : undeletable
A : no atime updates
C : no copy on write
D : synchronous directory updates
S : synchronous updates
T : top of directory hierarchy

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pvecm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

View posts from 2017-03, 2017-02, 2017-01, 2016-12, 2016-11, 2016-10, 2016-09, 2016-08, 2016-07, 2016-06, 2016-05, 2016-04, 2016-03, 2016-02, 2016-01, 2015-12, 2015-11, 2015-10, 2015-09, 2015-08, 2015-07, 2015-06, 2015-05, 2015-04, 2015-03, 2015-02, 2015-01, 2014-12, 2014-11, 2014-10, 2014-09, 2014-08, 2014-07, 2014-06, 2014-05, 2014-04, 2014-03, 2014-01, 2013-12, 2013-11, 2013-10


Unless otherwise credited all material Creative Commons License by sjas