Bash: script to run tcpdump on remote host and pipe it back to local wireshark

 §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, Arch, Backbox, Debian, Diagnostics, Gêñ†ðð, Hå¢kïñg, Lïñµx, Monitoring, Netbook, Rê§êår¢h, Redhat, ßå¢k†rå¢k, Ubuntu  No Responses »
Feb 052013
 

So I wrote this script because I often need to run tcpdump on a remote host and then view it in wireshark.  The old method was to run tcpdump on remote host, scp/rsync the file back to my local machine, open it in wireshark, view it.  This script saves a lot of time.  It assumes you are logging in as root and will need modified if you are running as a normal user (change root to your username and make sure you have sudo privileges for tcpdump)

#!/bin/bash
 
# By Ed Wiget
# This runs tcpdump on a remote hosts and pipes it back locally to wireshark to view in realtime
 
# 20130205 - original script
 
if [ $1 == "" ]; then
	echo "What is the remote host by fqdn, i.e. server1.domain.com"
	read RHOST
else
	RHOST=$1
fi
 
wireshark -k -i <( ssh -l root ${RHOST} /usr/sbin/tcpdump -i eth0 -w - )
 
# after you kill wireshark, the tcpdump still runs on remove host...we need to kill it
PIDOF=`ssh root@${RHOST} "ps aux | grep [t]cpdump" | awk -F" " '{print$2}'`
 
echo "killing pid ${PIDOF} on ${RHOST}...please wait...."
ssh root@${RHOST} "pkill tcpdump"
 
# now we make sure it is killed
PIDOF2=`ssh root@${RHOST} "ps aux | grep [t]cpdump" | awk -F" " '{print$2}'`
if [ ${PIDOF2} == "" ]; then
	echo "pid check returns ${PIDOF2}"
else
	echo "pid check returns ${PIDOF2}"
fi

Gê† ¥ð §hð¢k ðñ!

 §¢rïþ†§, Arch, Gêñ†ðð, Lïñµx, Redhat, ßå¢k†rå¢k, Ubuntu  1 Response »
Aug 112011
 

ï£ ¥ð ¢åñ’† rêåÐ ßå§h, gê† Ðå £µ¢k 𵆆å hêrê

#!/bin/bash
 
# By Ed Wiget
# This script automates downloading youtube video and converting to mp3 file
# I use it to grab new songs for my ipod that I am too lazy to insert store bought cd :)
 
# set this variable to the location of your scripts:
BASE_DIR=~/scripts
 
# this sets the location of the python youtube-dl script, relative to above
YOUTUBE_DL=${BASE_DIR}/youtube-dl/youtube-dl
 
# this sets the path of the downloaded files and temp directory
DL_FILES=~/Downloads
 
# this sets the path to were the final mp3 is stored
MP3_LOCATION=~/Music
 
# this checks for the youtube-dl script and if it doesn't exist, it gets it
# if it does exist, it checks to make sure its the latest version
if [ ! -d ${BASE_DIR}/youtube-dl ];
then
echo "grabbing the youtube-dl script"
cd ${BASE_DIR}
git clone git://github.com/rg3/youtube-dl.git youtube-dl
else
echo -e "youtube-dl already exists\n\nMaking sure we have the latest version"
${YOUTUBE_DL} -U
fi
 
# this checks to make sure we have ffmpeg and lame installed, and if not, grabs them
FFMPEG1=`which ffmpeg | wc -l`
LAME1=`which lame | wc -l`
 
if [ ${FFMPEG1} = 1 ];
then
echo "ffmpeg already exists"
else
echo "grabbing ffmpeg"
# for ubuntu based distros, use this line
sudo apt-get install ffmpeg
# for redhat based distros, use this line
#sudo yum install ffmpeg
# for arch
#pacman -S ffmpeg
fi
 
if [ ${LAME1} = 1 ];
then
echo "lame already exists"
else
echo "grabbing lame"
# for ubuntu use this line
sudo apt-get install lame
# for redhat use this line
# sudo yum install lame
# for arch linux
#pacman -S lame
fi
 
# next we ask the user for the video file, it should be in format like:
# http://www.youtube.com/watch?v=6E2hYDIFDIU
echo -e "What is the video to download, ie. http://www.youtube.com/watch?v=6E2hYDIFDIU"
read VIDEO_URL
 
echo "You entered ${VIDEO_URL} is this correct? ( y / n )"
read ANS
        if [ ${ANS} = "y" ];
                then
                        cd ${DL_FILES}
                        # grab the song title
                        SONG_TITLE=`${YOUTUBE_DL} --get-title ${VIDEO_URL}`
                        echo -e "the song title is ${SONG_TITLE}"
                        # downloading video
                        echo "downloading video....please wait"
                        ${YOUTUBE_DL} ${VIDEO_URL}
                        # we need to convert the dl url to a filename for later processing
                        # the url is like:  http://www.youtube.com/watch?v=6E2hYDIFDIU 
                        # the downloaded file will be 6E2hYDIFDIU.mp4
                        MP4_FILE=`echo ${VIDEO_URL} | awk -F/ '{print$4}' | awk -F= '{print$2}'`
                        # get the downloaded file extension
                        FILE_EXT=`ls ${DL_FILES}/${MP4_FILE}* | awk -F. '{print$2}'`
                        echo "your video is located in ${DL_FILES}/${MP4_FILE}.${FILE_EXT}"
                        echo ""
                        echo "converting ${DL_FILES}/${MP4_FILE}.${FILE_EXT} to wav.....please wait"
                        # ffmpeg -i 6E2hYDIFDIU.flv 6E2hYDIFDIU.wav
                        ffmpeg -i ${DL_FILES}/${MP4_FILE}.${FILE_EXT} ${DL_FILES}/"${SONG_TITLE}".wav
                        echo "video converted to wav file....converting wav to mp3"
                        lame -b 128 ${DL_FILES}/"${SONG_TITLE}".wav ${MP3_LOCATION}/"${SONG_TITLE}".mp3
                        echo "${SONG_TITLE} is now available at ${MP3_LOCATION}/${SONG_TITLE}.mp3"
                        echo -e "\n\nmoving video download file ${DL_FILES}/${MP4_FILE}.${FILE_EXT} to ${MP3_LOCATION}/${SONG_TITLE}.${FILE_EXT}"
                        mv ${DL_FILES}/${MP4_FILE}.${FILE_EXT} ${MP3_LOCATION}/"${SONG_TITLE}".${FILE_EXT}
                        echo "video file is now at ${MP3_LOCATION}/"${SONG_TITLE}".${FILE_EXT}"
                        echo -e "\n\ndone .... and enjoy"
        else
                echo "there was an error...."
                exit
fi

Kêêþïñg ßå¢k†rå¢k µþ †ð Ðå†ê

 §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, Gêñ†ðð, Hå¢kïñg, Lïñµx, Rê§êår¢h, ßå¢k†rå¢k  No Responses »
May 052011
 

So on my backtrack installation and also on my gentoo laptop with the same directory structure, I keep everything up to date that is in subversion or similar using a script.  Here is the script…..

By the way, I don’t have the identical toolset as backtrack.  I have added a lot of things, and I generally try to get the subversion versions of them if possible.  The easiest way to find what software or applications you have in the /pentest directory is to do a scan for .svn folder.  If it exists, you can add that application to this script.

Continue reading »

Gêñ†ðð ñê†wðrkMåñågêr Ðï§þ冢hêr

 §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, †µ†ðrïål§, Gêñ†ðð, Lïñµx  No Responses »
May 052011
 

Did you ever wish you could start certain scripts only when you are bringing the network up and then stop them when bring the network down?

For the longest time, I was using wicd to manage network connections.  At some point and time I decided to take a look at NetworkManager.

Using network manager, you can use the dispatcher to run scripts based on network connection, runlevel, etc.

This is how I got it working in gentoo linux and a few example scripts.

Continue reading »

Vêrïzðñ Kïll§ ÄñÐrðïÐ †ê†hêr – ñð† êñ†ïrêl¥

 †µ†ðrïål§, Android, Gêñ†ðð, Hå¢kïñg, Lïñµx  No Responses »
May 052011
 

I am sure many people have heard that verizon has asked google to remove tethering applications from their App Store.

Luckily I already had it installed but in case you don’t you can get it from here android-wifi-tether

I am running 2.0.7

In linux, you need to make sure you have this in the kernel config:

Device Drivers --->
  [*] Network device support --->
    USB Network Adapters --->
      [*] Multi-purpose USB Networking Framework
        <*> CDC Ethernet support
        <*> CDC EEM support
        <*> Simple USB Network Links (CDC Ethernet subset)
          [*] Embedded ARM Linux links
  [*] USB Support --->
    <*> USB Modem (CDC ACM) support
    <*> USB Wireless Device Management support

Continue reading »

gêñ†ðð g†kþðÐ lïßïmðßïlêÐêvï¢ê.§ð.¹

 §¥§†êm ÄÐmïñ阮rå†ïðñ, Gêñ†ðð, Lïñµx  No Responses »
Apr 282011
 

If you get an error install app-pda/gtkpod-2.0.0 about libimobiledevice.so.1 and you already have installed app-pda/libimobiledevice-1.1.0, the problem is because there is not a symlink. The fix is easy:

$ sudo ln -s /usr/lib64/libimobiledevice.so.2.0.0 /usr/lib64/libimobiledevice.so.1
$ sudo ldconfig
$ sudo env-update