Posts from 2015-01

github: create/delete repo via API

posted on 2015-01-30 13:46:21

This work on github's API in version 3.

Create

curl -u <user> https://api.github.com/user/repos -d '{ "name": "<reponame>", "description": "<description>" }'

user, reponame, description are to be set accordingly. description is optional.

If a user:pw combo were given, you'd not be prompted for you password. Only downside is, you have it in your bash history. (Of course, depending on your shell settings, if the command is prepended with a ' ' (Space character), this might not neccessarily be the case.)

Delete

curl -u <user> -X DELETE https://api.github.com/repos/<user>/<reponame>

Pretty self-describing.

Examples

First a creation:

[jl@jerrylee ~]% curl -u sjas https://api.github.com/user/repos -d '{"name": "my_testrepo", "description": "this is a description"}' 
Enter host password for user 'sjas':
{
  "id": 30072166,
  "name": "my_testrepo",
  "full_name": "sjas/my_testrepo",
  "owner": {
    "login": "sjas",
     ...

     ...
[jl@jerrylee ~]%     

And a deletion:

[jl@jerrylee ~]% curl -u sjas -X DELETE https://api.github.com/repos/sjas/my_testrepo
Enter host password for user 'sjas':
[jl@jerrylee ~]%     

If the deletion was successful, no response is provided. If it failed, github will tell you.

Pause bash shell

posted on 2015-01-23 13:08:32

If you have a long running command with a lot of output where you just got a glimpse on something and you need a closer look but the shell won't let you scroll? (Due to new printouts appearing all the time.)

Use Ctrl-s to pause (and you can scroll up all you want, in case your terminal emulator will let you).
Afterwards Ctrl-q will 'unpause' it again.

The shell is not really put on hold, just the visual updating of the standard output is paused. After the unpausing, everything that has happened in the meantime will become updated again.

Installing Linux on a Macbook

posted on 2015-01-23 13:00:33

During booting your (U)EFI capable USB stick, press ALT. That way you can boot your stick.

A simple CD however will work directly. Do as you like, this took me literally years to find out.

bash completion shortcuts

posted on 2015-01-23 11:23

The bash shell also has more shortcuts, than just the ones like for emacs or vi movement.

The other interesting completions are:

C-x /     filename completion
C-x $     bash variable completion
C-x @     hostname completion
C-x !     command completion

Meta-~ username completion
Meta-/ filename completion
Meta-$ bash variable completion
Meta-@ hostname completion
Meta-! which does command completion

Krypton Walkthrough

posted on 2015-01-22 03:24:30

http://overthewire.org/wargames/krypton/ is just as much fun as bandit or leviathan, which I covered in earlier posts here or here.

prerequisites

Just go and have a look at the bandit post mentioned above

solutions

Here is what I have found by now.

level 0

[root@jerrylee /home/jl]# echo "S1JZUFRPTklTR1JFQVQ=" | base64 -d
KRYPTONISGREAT

This is only locally.

level 1

Here you have to login with 'krypton1'. In case you have already been on the server, you can see this here:

leviathan7@melinda:~$ grep krypton /etc/passwd
krypton1:x:8001:8001:krypton level 1:/home/krypton1:/bin/bash
krypton2:x:8002:8002:krypton level 2:/home/krypton2:/bin/bash
krypton3:x:8003:8003:krypton level 3:/home/krypton3:/bin/bash
krypton4:x:8004:8004:krypton level 4:/home/krypton4:/bin/bash
krypton5:x:8005:8005:krypton level 5:/home/krypton5:/bin/bash
krypton6:x:8006:8006:krypton level 6:/home/krypton6:/bin/bash
krypton7:x:8007:8007:krypton level 7:/home/krypton7:/bin/bash
leviathan7@melinda:~$

So, after connecting first lets see where our file is:

krypton1@melinda:~$ find / -iname '*krypton2*' | less

In less, do again the &krypton2 + Enter trick:

/games/krypton/krypton1/krypton2
/games/krypton/krypton2
/home/krypton2
~
~
~
~
~
~
~
& (END)

krypton1@melinda:~$ cat /games/krypton/krypton1/krypton2 | tr 'A-Za-z' 'N-ZA-Mn-za-m' LEVEL TWO PASSWORD ROTTEN ### level 2 krypton2@melinda:~$ ls -lah total 20K
drwxr-xr-x   2 root root 4.0K Nov 14 10:32 .
drwxr-xr-x 167 root root 4.0K Jan 12 17:44 ..
-rw-r--r--   1 root root  220 Apr  9  2014 .bash_logout
-rw-r--r--   1 root root 3.6K Apr  9  2014 .bashrc
-rw-r--r--   1 root root  675 Apr  9  2014 .profile
krypton2@melinda:~$ cd /games/krypton/
krypton2@melinda:/games/krypton$ ls
krypton1  krypton2  krypton3  krypton4  krypton5  krypton6
krypton2@melinda:/games/krypton$ cd krypton2
krypton2@melinda:/games/krypton/krypton2$ ls -lah
total 15K
drwxr-xr-x 2 root     root     1.0K Nov 14 10:32 .
drwxr-xr-x 8 root     root     1.0K Nov 14 10:32 ..
-rw-r----- 1 krypton2 krypton2 1.1K Nov 14 10:32 README
-rwsr-x--- 1 krypton3 krypton2 8.8K Nov 14 10:32 encrypt
-rw-r----- 1 krypton3 krypton3   27 Nov 14 10:32 keyfile.dat
-rw-r----- 1 krypton2 krypton2   13 Nov 14 10:32 krypton3

So far, so nice. But the encrypt file does not work due to file permissions, it seems.

Lets hack up a really, really whacky bash script:

#!/bin/bash

## basically this converts the chars to their ascii code and back
## this is likely not the best solution, but everything else would have been even worse

## first read the file contents into an array
a=0
while read -n1 j
do
    ((a++))
    current[$a]=$(LC_CTYPE=C printf '%d ' "'$j")
done < <( cat ./krypton3 )## HERE PROCESS SUBSTITUTION IS NEEDED!
echo

## now iterate over the array we created and increment each item by 1
for i in {1..25}
do
    echo "OFFSET BY "${i}
    for l in $(seq 1 $((a-1)))
    do
        ## here is the most important part:
        ## since 'A' is 65 in ascii, substract 64
        ## such that 'A' becomes '1', and 'Z' becomes '26'
        ## then increment by one, take the modulo 26
        ## (else you have numbers bigger than 26)
        ## and aftwards add 64, so the ascii conversion can take place again
        ## the 'mod 26' trick works since we assume the pw is written in CAPSLOCK
        current[$l]=$(( $(( $((  $(( current[$l] - 64 )) + 1 )) % 26 )) + 64 ))
    done

    ## now print the current result by iterating again and converting to characters again
    for ((b=0; b<${#current[@]}; b++))
    do
        printf "\x$(printf %x ${current[$b]})"
    done
    echo
    echo
done

Uah, this was ugly. I did that just as a proof of concept, use a proper scripting language in case you want to do it yourself. But I disgress.

Lets just use this monster as a one-liner:

krypton2@melinda:/games/krypton/krypton2$ a=0; while read -n1 j; do ((a++)); current[$a]=$(LC_CTYPE=C printf '%d ' "'$j"); done < <( cat ./krypton3 ); for i in {1..25}; do echo "OFFSET BY "${i}; for l in $(seq 1 $((a-1))); do current[$l]=$(( $(( $((  $(( current[$l] - 64 )) + 1 )) % 26 )) + 64 )); done; for ((b=0; b<${#current[@]}; b++)); do printf "\x$(printf %x ${current[$b]})"; done; echo; echo; done
OFFSET BY 1
PNRFNEVFRNFL

OFFSET BY 2
QOSGOFWGSOGM

OFFSET BY 3
RPTHPGXHTPHN

OFFSET BY 4
SQUIQHYIUQIO

OFFSET BY 5
TRVJRI@JVRJP

OFFSET BY 6
USWKSJAKWSKQ

OFFSET BY 7
VTXLTKBLXTLR

OFFSET BY 8
WUYMULCMYUMS

OFFSET BY 9
XV@NVMDN@VNT

OFFSET BY 10
YWAOWNEOAWOU

OFFSET BY 11
@XBPXOFPBXPV

OFFSET BY 12
AYCQYPGQCYQW

OFFSET BY 13
B@DR@QHRD@RX

OFFSET BY 14
CAESARISEASY

OFFSET BY 15
DBFTBSJTFBT@

OFFSET BY 16
ECGUCTKUGCUA

OFFSET BY 17
FDHVDULVHDVB

OFFSET BY 18
GEIWEVMWIEWC

OFFSET BY 19
HFJXFWNXJFXD

OFFSET BY 20
IGKYGXOYKGYE

OFFSET BY 21
JHL@HYP@LH@F

OFFSET BY 22
KIMAI@QAMIAG

OFFSET BY 23
LJNBJARBNJBH

OFFSET BY 24
MKOCKBSCOKCI

OFFSET BY 25
NLPDLCTDPLDJ

Looks like offset '14' is our winner:

CAESARISEASY

This would have been quite easier if the encrypter just worked...

level 3

krypton3@melinda:~$ ls -alhF
total 20K
drwxr-xr-x   2 root root 4.0K Nov 14 10:32 ./
drwxr-xr-x 167 root root 4.0K Jan 12 17:44 ../
-rw-r--r--   1 root root  220 Apr  9  2014 .bash_logout
-rw-r--r--   1 root root 3.6K Apr  9  2014 .bashrc
-rw-r--r--   1 root root  675 Apr  9  2014 .profile
krypton3@melinda:~$ cd /games/krypton/krypton
krypton1/ krypton2/ krypton3/ krypton4/ krypton5/ krypton6/
krypton3@melinda:~$ cd /games/krypton/krypton3
krypton3@melinda:/games/krypton/krypton3$ ls -lah
total 12K
drwxr-xr-x 2 root     root     1.0K Nov 14 10:32 .
drwxr-xr-x 8 root     root     1.0K Nov 14 10:32 ..
-rw-r----- 1 krypton3 krypton3   56 Nov 14 10:32 HINT1
-rw-r----- 1 krypton3 krypton3   37 Nov 14 10:32 HINT2
-rw-r----- 1 krypton3 krypton3  785 Nov 14 10:32 README
-rw-r----- 1 krypton3 krypton3 1.6K Nov 14 10:32 found1
-rw-r----- 1 krypton3 krypton3 2.1K Nov 14 10:32 found2
-rw-r----- 1 krypton3 krypton3  560 Nov 14 10:32 found3
-rw-r----- 1 krypton3 krypton3   42 Nov 14 10:32 krypton4

Using the contents of 'found1' to 'found3' with frequency analysis tools found on the web, I can get this: (the last column / line is the frequency in english language from most to fewest)

 s : 155 s : 243 s : 58   |    e
 c : 107 q : 186 q : 48   |    t
 q : 106 j : 158 j : 41   |    a
 j : 102 n : 135 g : 35   |    o
 u : 100 u : 130 c : 34   |    i
 b : 87  b : 129 n : 31   |    n
 g : 81  d : 119 b : 30   |    s
 n : 74  g : 111 u : 27   |    h
 d : 69  c : 86  d : 22   |    r
 z : 57  w : 66  v : 21   |    d
 v : 56  z : 59  z : 16   |    l
 w : 47  v : 53  w : 16   |    c
 y : 42  m : 45  e : 13   |    u
 t : 32  t : 37  m : 12   |    m
 x : 29  e : 34  k : 12   |    w
 m : 29  y : 33  x : 9    |    f
 l : 27  x : 33  y : 9    |    g
 k : 25  k : 30  a : 9    |    y
 a : 20  l : 27  t : 6    |    p
 e : 17  a : 26  l : 6    |    b
 f : 11  i : 14  f : 5    |    v
 o : 7   f : 12  i : 3    |    k
 h : 2   o : 3   o : 2    |    j
 i : 2   h : 2   p : 1    |    x
 r : 1   r : 2   r : 1    |    q
 p : 0   p : 1   h : 0    |    z

 SCQJUBGNDZVWYTXMLKAEFOHIRP
 SQJNUBDGCWZVMTEYXKLAIFOHRP
 SQJGCNBUDVZWEMKXYATLFIOPRH

 ETAOINSHRDLCUMWFGYPBVKJXQZ

Using this on the server:

krypton3@melinda:/games/krypton/krypton3$ cat krypton4 | tr [SCQJUBGNDZVWYTXMLKAEFOHIRP] [ETAOINSHRDLCUMWFGYPBVKJXQZ]
krypton3@melinda:/games/krypton/krypton3$ cat krypton4 | tr [SCQJUBGNDZVWYTXMLKAEFOHIRP] [ETAOINSHRDLCUMWFGYPBVKJXQZ]; echo
YELLC NSEOR ELEXE LWNFH UAIIY NHCTI PHFOE
krypton3@melinda:/games/krypton/krypton3$ cat krypton4 | tr [SQJNUBDGCWZVMTEYXKLAIFOHRP] [ETAOINSHRDLCUMWFGYPBVKJXQZ]; echo
YECCD NHEAS ECEVE CGNUO FTIIY NODRI BOUAE
krypton3@melinda:/games/krypton/krypton3$ cat krypton4 | tr [SQJGCNBUDVZWEMKXYATLFIOPRH] [ETAOINSHRDLCUMWFGYPBVKJXQZ]; echo
WEDDC SOEAR EDEKE DFSMN GTHHW SNCIH YNMAE

Well, this could be better. But by now I lost my motivation, so this stops here. If I will continue, the following steps will be put up here into this post.

Leviathan Walkthrough

posted on 2015-01-22 01:38:57

http://overthewire.org/wargames/leviathan/ is just as much fun as bandit, which I covered in eralier post here.

prerequisites

Just go and have a look at the bandit post mentioned above

solutions

Here is what I have found by now.

level 0

leviathan0@melinda:~$ ls -alh
total 24K
drwxr-xr-x   3 root       root       4.0K Nov 14 10:32 .
drwxr-xr-x 167 root       root       4.0K Jan 12 17:44 ..
drwxr-x---   2 leviathan1 leviathan0 4.0K Nov 14 10:32 .backup
-rw-r--r--   1 root       root        220 Apr  9  2014 .bash_logout
-rw-r--r--   1 root       root       3.6K Apr  9  2014 .bashrc
-rw-r--r--   1 root       root        675 Apr  9  2014 .profile
leviathan0@melinda:~$ cd .backup/
leviathan0@melinda:~/.backup$ ls -alh
total 140K
drwxr-x--- 2 leviathan1 leviathan0 4.0K Nov 14 10:32 .
drwxr-xr-x 3 root       root       4.0K Nov 14 10:32 ..
-rw-r----- 1 leviathan1 leviathan0 131K Nov 14 10:32 bookmarks.html
leviathan0@melinda:~/.backup$ grep leviathan1 *
<DT><A HREF="http://leviathan.labs.overthewire.org/passwordus.html | This will be fixed later, the password for leviathan1 is rioGegei8m" ADD_DATE="1155384634" LAST_CHARSET="ISO-8859-1" ID="rdf:#$2wIU71">password to leviathan1</A>

pw is rioGegei8m, as can be seen in the last line.

level 1

ltrace for tracing libraries is the key here.

leviathan1@melinda:~$ ls -alhF
total 28K
drwxr-xr-x   2 root       root       4.0K Nov 14 10:32 ./
drwxr-xr-x 167 root       root       4.0K Jan 12 17:44 ../
-rw-r--r--   1 root       root        220 Apr  9  2014 .bash_logout
-rw-r--r--   1 root       root       3.6K Apr  9  2014 .bashrc
-rw-r--r--   1 root       root        675 Apr  9  2014 .profile
-r-sr-x---   1 leviathan2 leviathan1 7.4K Nov 14 10:32 check*
leviathan1@melinda:~$ ./check 
password: 


Wrong password, Good Bye ...
leviathan1@melinda:~$ ltrace ./check 
__libc_start_main(0x804852d, 1, 0xffffd784, 0x80485f0 <unfinished ...>
printf("password: ")                             = 10
getchar(0x8048680, 47, 0x804a000, 0x8048642password: 
)     = 10
getchar(0x8048680, 47, 0x804a000, 0x8048642
)     = 10
getchar(0x8048680, 47, 0x804a000, 0x8048642
)     = 10
strcmp("\n\n\n", "sex")                          = -1
puts("Wrong password, Good Bye ..."Wrong password, Good Bye ...
)             = 29
+++ exited (status 0) +++
leviathan1@melinda:~$ ./check
password: sex
$ id
uid=12001(leviathan1) gid=12001(leviathan1) euid=12002(leviathan2) groups=12002(leviathan2),12001(leviathan1)
$ cd /                  
$ pwd
/
$ find . -iname "*leviathan*2*" | less

Then in less, use & to show just lines matching your search content, and type leviathan2 and hit enter, which will give you this:

./etc/leviathan_pass/leviathan2
./home/leviathan2
~
~
~
~
~
~
~
~
~
& (END)

So:

$ cat ./etc/leviathan_pass/leviathan2
ougahZi8Ta

level 2

:(

leviathan2@melinda:~$ ls -alh
total 28K
drwxr-xr-x   2 root       root       4.0K Nov 14 10:32 .
drwxr-xr-x 167 root       root       4.0K Jan 12 17:44 ..
-rw-r--r--   1 root       root        220 Apr  9  2014 .bash_logout
-rw-r--r--   1 root       root       3.6K Apr  9  2014 .bashrc
-rw-r--r--   1 root       root        675 Apr  9  2014 .profile
-r-sr-x---   1 leviathan3 leviathan2 7.4K Nov 14 10:32 printfile
leviathan2@melinda:~$ ./printfile 
*** File Printer ***
Usage: ./printfile filename
leviathan2@melinda:~$ mkdir -p /tmp/sjas/
leviathan2@melinda:~$ ln -s /etc/leviathan_pass/leviathan3 /tmp/sjas/lvl2
leviathan2@melinda:~$ ls -alh /tmp/sjas/lvl2 
lrwxrwxrwx 1 leviathan2 leviathan2 30 Jan 22 01:15 /tmp/sjas/lvl2 -> /etc/leviathan_pass/leviathan3
leviathan2@melinda:~$ touch /tmp/sjas/asdf\ lvl2
leviathan2@melinda:~$ ./printfile /tmp/sjas/lvl2\ asdf 
You cant have that file...
leviathan2@melinda:~$ touch /tmp/sjas/lvl2\ asdf
leviathan2@melinda:~$ ./printfile /tmp/sjas/lvl2\ asdf
Ahdiemoo1j
/bin/cat: asdf: No such file or directory

And we get the password: Ahdiemoo1j

This is a security flaw. But neither strace nor this here...

leviathan2@melinda:~$ ltrace ./printfile /tmp/sjas/lvl2\ asdf
__libc_start_main(0x804852d, 2, 0xffffd754, 0x8048600 <unfinished ...>
access("/tmp/sjas/lvl2 asdf", 4)                 = 0
snprintf("/bin/cat /tmp/sjas/lvl2 asdf", 511, "/bin/cat %s", "/tmp/sjas/lvl2 asdf") = 28
system("/bin/cat /tmp/sjas/lvl2 asdf"/bin/cat: /tmp/sjas/lvl2: Permission denied
/bin/cat: asdf: No such file or directory
 <no return ...>
 --- SIGCHLD (Child exited) ---
 <... system resumed> )                           = 256
 +++ exited (status 0) +++

... helped my understanding much.

By using the space in the filename, this works. If used only the link, it wouldn't work. I cannot tell you more, since I googled this as I wasn't smart enough to figure this out by myself.

See https://www.gnu.org/software/libc/manual/html_node/Testing-File-Access.html for more info, if you happen to program C.

level 3

 1  leviathan3@melinda:~$ ls -alh
 2  total 28K
 3  drwxr-xr-x   2 root       root       4.0K Nov 14 10:32 .
 4  drwxr-xr-x 167 root       root       4.0K Jan 12 17:44 ..
 5  -rw-r--r--   1 root       root        220 Apr  9  2014 .bash_logout
 6  -rw-r--r--   1 root       root       3.6K Apr  9  2014 .bashrc
 7  -rw-r--r--   1 root       root        675 Apr  9  2014 .profile
 8  -r-sr-x---   1 leviathan4 leviathan3 7.4K Nov 14 10:32 level3
 9  leviathan3@melinda:~$ ./level3 
10  Enter the password> 
11  bzzzzzzzzap. WRONG
12  leviathan3@melinda:~$ ltrace ./level3 
13  __libc_start_main(0x8048450, 1, 0xffffd784, 0x8048600 <unfinished ...>
14  __printf_chk(1, 0x80486ca, 0x804860b, 0xf7fca000) = 20
15  fgets(Enter the password>                
16  "\n", 256, 0xf7fcac20)                     = 0xffffd5bc
17  puts("bzzzzzzzzap. WRONG"bzzzzzzzzap. WRONG
18  )                       = 19
19  +++ exited (status 0) +++
20  leviathan3@melinda:~$ strings ./level3 
21  /lib/ld-linux.so.2
22  libc.so.6
23  _IO_stdin_used
24  __printf_chk
25  puts
26  __stack_chk_fail
27  stdin
28  fgets
29  system
30  __libc_start_main
31  __gmon_start__
32  GLIBC_2.3.4
33  GLIBC_2.4
34  GLIBC_2.0
35  PTRhp
36  QVhP
37  [^_]
38  snlprintf
39  [You've got shell]!
40  /bin/sh
41  bzzzzzzzzap. WRONG
42  Enter the password> 
43  ;*2$",
44  secret
45  leviathan3@melinda:~$ ./level3 
46  Enter the password> snlprintf
47  [You've got shell]!
48  $ id
49  uid=12003(leviathan3) gid=12003(leviathan3) euid=12004(leviathan4) groups=12004(leviathan4),12003(leviathan3)
50  $ cat /etc/leviathan_pass/leviathan4
51  vuH0coox6m

Line 37 should be the if-clause or something, 38 the string to test against. Line 39 and 40 are the branch for true whereas 41 is the branch for false?

So much for some wild guesswork.

level 4

leviathan4@melinda:~$ ls -lahF
total 24K
drwxr-xr-x   3 root root       4.0K Nov 14 10:32 ./
drwxr-xr-x 167 root root       4.0K Jan 12 17:44 ../
-rw-r--r--   1 root root        220 Apr  9  2014 .bash_logout
-rw-r--r--   1 root root       3.6K Apr  9  2014 .bashrc
-rw-r--r--   1 root root        675 Apr  9  2014 .profile
dr-xr-x---   2 root leviathan4 4.0K Nov 14 10:32 .trash/
leviathan4@melinda:~$ cd .trash/
leviathan4@melinda:~/.trash$ ls -lahF
total 16K
dr-xr-x--- 2 root       leviathan4 4.0K Nov 14 10:32 ./
drwxr-xr-x 3 root       root       4.0K Nov 14 10:32 ../
-r-sr-x--- 1 leviathan5 leviathan4 7.3K Nov 14 10:32 bin*
leviathan4@melinda:~/.trash$ ./bin 
01010100 01101001 01110100 01101000 00110100 01100011 01101111 01101011 01100101 01101001 00001010 
leviathan4@melinda:~/.trash$ ltrace ./bin 
__libc_start_main(0x80484cd, 1, 0xffffd754, 0x80485c0 <unfinished ...>
fopen("/etc/leviathan_pass/leviathan5", "r")      = 0
+++ exited (status 255) +++
leviathan4@melinda:~/.trash$ for i in `./bin`; do echo "ibase=2;$i" | bc; done
84
105
116
104
52
99
111
107
101
105
10
leviathan4@melinda:~/.trash$ for i in `./bin`; do j=$(echo "ibase=2;$i" | bc); printf "\x$(printf %x $j)"; done
Tith4cokei

This was some ugly stuff at the end. Once you see the binary values, and converting them to decimals, the numbers look like ascii character numbers. The decoding printf statement is from stackoverflow.com.

level 5

leviathan5@melinda:~$ ls -lahF
total 28K
drwxr-xr-x   2 root       root       4.0K Nov 14 10:32 ./
drwxr-xr-x 167 root       root       4.0K Jan 12 17:44 ../
-rw-r--r--   1 root       root        220 Apr  9  2014 .bash_logout
-rw-r--r--   1 root       root       3.6K Apr  9  2014 .bashrc
-rw-r--r--   1 root       root        675 Apr  9  2014 .profile
-r-sr-x---   1 leviathan6 leviathan5 7.5K Nov 14 10:32 leviathan5*
leviathan5@melinda:~$ ./leviathan5 
Cannot find /tmp/file.log
leviathan5@melinda:~$ ltrace ./leviathan5 
__libc_start_main(0x80485ed, 1, 0xffffd774, 0x8048690 <unfinished ...>
fopen("/tmp/file.log", "r")                      = 0
puts("Cannot find /tmp/file.log"Cannot find /tmp/file.log
)                = 26
exit(-1 <no return ...>
+++ exited (status 255) +++
leviathan5@melinda:~$ ln -s /etc/leviathan_pass/leviathan6 /tmp/file.log
leviathan5@melinda:~$ ./leviathan5 
UgaoFee4li

No explanation here, as this one was rather easy.

level 6

leviathan6@melinda:~$ ls -lahF
total 28K
drwxr-xr-x   2 root       root       4.0K Nov 14 10:32 ./
drwxr-xr-x 167 root       root       4.0K Jan 12 17:44 ../
-rw-r--r--   1 root       root        220 Apr  9  2014 .bash_logout
-rw-r--r--   1 root       root       3.6K Apr  9  2014 .bashrc
-rw-r--r--   1 root       root        675 Apr  9  2014 .profile
-r-sr-x---   1 leviathan7 leviathan6 7.4K Nov 14 10:32 leviathan6*
leviathan6@melinda:~$ ./leviathan6 
usage: ./leviathan6 <4 digit code>
leviathan6@melinda:~$ ltrace ./leviathan6 
__libc_start_main(0x804850d, 1, 0xffffd774, 0x8048590 <unfinished ...>
printf("usage: %s <4 digit code>\n", "./leviathan6"usage: ./leviathan6 <4 digit code>
) = 35
exit(-1 <no return ...>
+++ exited (status 255) +++
leviathan6@melinda:~$ for i in `seq 0000 9999`; do echo $i; ./leviathan6 $i; done
Wrong
0
Wrong
1
Wrong
2
Wrong
3
Wrong
4


... this takes a while.


Wrong
7120
Wrong
7121
Wrong
7122
Wrong
7123
$ cat /etc/leviathan_pass/leviathan7
ahy7MaeBo9

Bruteforcing this with a bash one-liner is the easiest option to find '7123'. Cat the PW file once you have the leviathan7 shell and you are done.

level 7

leviathan7@melinda:~$ ls -lahF
total 24K
drwxr-xr-x   2 root       root       4.0K Nov 14 10:32 ./
drwxr-xr-x 167 root       root       4.0K Jan 12 17:44 ../
-rw-r--r--   1 root       root        220 Apr  9  2014 .bash_logout
-rw-r--r--   1 root       root       3.6K Apr  9  2014 .bashrc
-rw-r--r--   1 root       root        675 Apr  9  2014 .profile
-r--r-----   1 leviathan7 leviathan7  178 Nov 14 10:32 CONGRATULATIONS
leviathan7@melinda:~$ cat CONGRATULATIONS 
Well Done, you seem to have used a *nix system before, now try something more serious.
(Please don't post writeups, solutions or spoilers about the games on the web. Thank you!)
leviathan7@melinda:~$ 

Ooooops.

CentOS: dig? nslookup?

posted on 2015-01-22 01:28:44

If you are missing dig or host or nslookup on CentOS:

yum install -y bind-utils

Linux performance observability tools

posted on 2015-01-17 18:50:42

This is an alphabetical list which will serve as a reminder, what programs are there to be looked up for me. :)

All this started when I stumbled across a picture on the web, which was from a presentation from Brendan Gregg at LinuxCon14 as I later found out. It was called Linux Performance Tools and it's worth its words in gold, platin and whatever material you see as highly valuable. The slides are here, get your copy and study them. If you want some serious linux sysadmin skills, there is no possible excuse for not doing it.

Seriously.

DO. IT. NOW.

Another two incentives can be found here and here. These may only use a small portion of the later mentioned programs, but either walk the extra miles, or raise your hands in defeat once things get tough, everybody gets to choose man's own path.

Alphetically sorted:

blktrace (8)         - generate traces of the i/o traffic on block devices
dstat (1)            - versatile tool for generating system resource statistics
dtrace (1)           - Dtrace compatibile user application static probe generation tool.
ebpf: nothing appropriate.
ethtool (8)          - query or control network driver and hardware settings
free (1)             - Display amount of free and used memory in the system
ftrace: nothing appropriate.
iostat (1)           - Report Central Processing Unit (CPU) statistics and input/output statistics for devices and partitions.
iotop (8)            - simple top-like I/O monitor
ip (8)               - show / manipulate routing, devices, policy routing and tunnels
iptraf (8)           - Interactive Colorful IP LAN Monitor
ktap: nothing appropriate.
lldptool (8)         - manage the LDP settings and status of lldpad
lsof (8)             - list open files
ltrace (1)           - A library call tracer
lttng: nothing appropriate.
mpstat (1)           - Report processors related statistics.
netstat (8)          - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
nicstat: nothing appropriate.
pcstat: nothing appropriate.
perf (1)             - Performance analysis tools for Linux
pidstat (1)          - Report statistics for Linux tasks.
/proc: nothing appropriate.
ps (1)               - report a snapshot of the current processes.
rdmsr: nothing appropriate.
sar (1)              - Collect, report, or save system activity information.
slabtop (1)          - display kernel slab cache information in real time
snmpget (1)          - communicates with a network entity using SNMP GET requests
ss (8)               - another utility to investigate sockets
stap (1)             - systemtap script translator/driver
strace (1)           - trace system calls and signals
swapon (8)           - enable/disable devices and files for paging and swapping
sysdig ()            - the definitive system and process troubleshooting tool
tcpdump (8)          - dump traffic on a network
tiptop (1)           - display hardware performance counters for Linux tasks
top (1)              - display Linux processes
uptime (1)           - Tell how long the system has been running.
vmstat (8)           - Report virtual memory statistics

First some more explanations on the ones listed above with "nothing appropriate":

ebpf, ftrace, ktap, lttng, nicstat, pcstat, /proc, rdmsr are usually all too new. New like either in bleeding edge, or at least not available in CentOS 7 or Debian 7. If you grab the sources, you might get along. The manpage headlines are actually from a CentOS 7. (Only exception is sysdig, which I installed via the one-liner its github page provided.) /proc is of course not a command, but mentions the /proc folder linux uses where a lot of useful information can be found.

Here are some other sortings, by 'types' now. (Maybe this improves readability, or makes it easier to remember, who knows. It's worth trying, still.)

'stat', 'top', 'trace', 'tap':

dstat      iotop      blktrace     ktap
iostat     slabtop    dtrace       stap
mpstat     tiptop     ftrace
netstat    top        ltrace
nicstat               strace
pcstat
pidstat
vmstat

the rest:

ebpf
ethtool
free
ip
iptraf
lldptool
lsof
lttng
perf
/proc
ps
rdmsr
sar
snmpget
ss
swapon
sysdig
tcpdump
uptime

This were only the 'observability' tools from the presentation. There are also some more listed on 'benchmarking' and 'tuning', and maybe 'tracing'.

Just go an read up on them. NOW.

OS schema

posted on 2015-01-17 04:55:48

While toying around with the vim DrawIt plugin (which simplyfies the task of creating ascii art diagrams immensely), I needed something to test it with.

After having come across an operating system layout and which of linux tools' are to be used at which spot, I 'redrew' this:

      +---------------------------------------------+
      |              APPLICATIONS                   |
      |          db's, all server types, ...        |
      |                   +-------------------------+
      |                   |       system libs       |
      +=============================================+
      |              system call interface          |
      +=============================================+
 l    |  VFS           ||  sockets   ||             |     cpu     +-------+
 i    +----------------++------------++  scheduler  |-------------| CPU 1 |
 n  k |  FS            ||  TCP/UDP   ||             |  intercon.  +-------+
 u  e +----------------++------------++-------------+                 |
 x  r |  volume        ||  IP        ||             |                 |
    n |  managers      ||            ||  virtual    |                 |
    e +----------------++------------++  memory     |                 |
    l |  block dev if  ||  ethernet  ||             |             +------+
      +=============================================+             | DRAM |
      |              device drivers                 |             +------+
      +=============================================+
                             |
                             |  I/O bus
                             |
                       +------------+
                       | I/O bridge |
       expander        +------------+
       interconnect     /           \
                       /             \
       +----------------+          +--------------------+
       | I/O controller |          | network controller |
       +----------------+          +--------------------+
               /\                            /\
              /  \     if transports        /  \
             /    \                        /    \
       +------+    +------+         +------+   +------+
       | disk |    | swap |         | port |   | port |
       +------+    +------+         +------+   +------+

Running bash scripts

posted on 2015-01-16 23:47:45

There are several ways, how bash scripts can be invoked.

Here are the basic ones along with some lesser known ones:

  1. If your script has a proper shebang and is executable:

    ./SCRIPTNAME.sh

  2. If its missing the x bit:

    bash SCRIPTNAME.sh

  3. Echo commands after processing:

    bash -x SCRIPTNAME.sh

  4. Syntax checking / dry-running:

    bash -n SCRIPTNAME.sh

systemd cheat sheet

posted on 2015-01-16 22:54:15

SYSVINIT COMMAND                    SYSTEMD COMMAND


Used to start a service (not reboot persistent)
service <daemon> start               systemctl start <daemon>


Used to stop a service (not reboot persistent)
service <daemon> stop                systemctl stop <daemon>


Used to stop and then start a service
service <daemon> restart             systemctl restart <daemon>


When supported, reloads the config file without interrupting pending operations.
service <daemon> reload              systemctl reload <daemon>


Restarts if the service is already running.
service <daemon> condrestart         systemctl condrestart <daemon>


Tells whether a service is currently running.
service <daemon> status              systemctl status <daemon>


Used to list the services that can be started or stopped
Used to list all the services and other units
ls /etc/rc.d/init.d/                systemctl 
                                    systemctl list-unit-files --type=service
                                    ls /lib/systemd/system/*.service /etc/systemd/system/*.service


Turn the service on, for start at next boot, or other trigger.
chkconfig <daemon> on                systemctl enable <daemon>


Turn the service off for the next reboot, or any other trigger.
chkconfig <daemon> off               systemctl disable <daemon>


Used to check whether a service is configured to start or not in the current environment.
chkconfig <daemon>                   systemctl is-enabled <daemon>


Print a table of services that lists which runlevels each is configured on or off
chkconfig --list                    systemctl list-unit-files --type=service 
                                    ls /etc/systemd/system/*.wants/


Used to list what levels this service is configured on or off
chkconfig <daemon> --list            ls /etc/systemd/system/*.wants/<daemon>.service


Used when you create a new service file or modify any configuration
chkconfig <daemon> --add             systemctl daemon-reload

To be fair, this is just ripped from the fedora manual and I reformatted it a bit.

Another gem might be:

systemd-analyze blame

This will tell you the times the assorted programs needed during booting

Enable fritzbox telnet access

posted on 2015-01-15 23:55:52

To enable the telnet access on a fritz.box, try using a connected phone and dial:

#96*7*

To disable it again dial:

#96*8*

Once the phone dialled the number, just hang up after you heard the single beep. Maybe the presence of the beep depends on the type of phone used, I do not know.

First trying telnet access gives you this:

[jl@jerrylee ~]% telnet 10.0.0.1                                               
Trying 10.0.0.1...
telnet: connect to address 10.0.0.1: Connection refused
[jl@jerrylee ~]%

Afterwards:

[jl@jerrylee ~]% telnet 10.0.0.1                                               
Trying 10.0.0.1...
Connected to 10.0.0.1.
Escape character is '^]'.
password: 


BusyBox v1.19.3 (2012-08-07 18:33:02 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

ermittle die aktuelle TTY
tty is "/dev/pts/0"
Console Ausgaben auf dieses Terminal umgelenkt
#

The password you are asked for, is the one you set up for the gui login.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, applet, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, configuration management, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fdisk, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pct, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plasma, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pveam, pvecm, pvesm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, quickshare, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh


Unless otherwise credited all material Creative Commons License by sjas