Nov 212013
 

I work from home a lot.  My ISP used to never change IP addresses dynamically the first 3 years or so I was with them.  Now they change it often (more than once a week).  This creates a slower response time when I am at home, get a page, go to log in via ssh, and find out my ip has changed since we restrict our AWS environment via group policies.  The times I have needed to do this are relatively few, but still its a problem if there is an emergency.  Leave it to me to come up with a simple solution….

Continue reading »

Aug 262013
 

If you get these errors…..

insserv: warning: script 'S85vpnagentd_init' missing LSB tags and overrides
insserv: warning: script 'vpnagentd_init' missing LSB tags and overrides
insserv: There is a loop between service rmnologin and mountnfs if started
insserv:  loop involving service mountnfs at depth 7
insserv:  loop involving service networking at depth 6
insserv: There is a loop between service rmnologin and mountnfs if started
insserv: Starting vpnagentd_init depends on rmnologin and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rmnologin and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rmnologin and therefore on system facility `$all' which can not be true!
insserv: Max recursions depth 99 reached
insserv:  loop involving service nfs-common at depth 4
insserv:  loop involving service pulseaudio at depth 13
insserv: exiting now without changing boot order!

The fix is….

Continue reading »

Jun 062013
 

This is a trick I learned a long time ago.  I used to teach it in my linux administration, digital forensics, and ethical hacking courses I taught at college.  It has been one of the most useful commands I ever learned.  So the scenario goes like this:  lets assume you have a user you suspect is doing something nefarious…maybe even a hacker has a shell on your server.  You would like to be able to see exactly what they are doing.  Wouldn’t it be nice to be able to connect to their shell without them knowing so you can watch what they are doing?

Here is how it is done…..

Continue reading »

May 182013
 

A long time ago, I created a database to hold passwords and their respective hashes for some 16 various hash types.  It has approximately 310,261,848 passwords for each type and is growing nearly every day as more password lists become available.  I found a pretty quick way to generate the hashes for these wordlists and wanted to share how it is done.  These hashes only work with unsalted/unpeppered passwords.

First, lets look at my table schema, which is very simple and very effective.  It uses an index on the hash + password column so there can not be any two hashes+passwords that are the same.  The types table is a  simple lookup table that references data.type 1 to a name like DES.  The primary key is on the name column.  I don’t claim to be a db administrator so if you spot any errors, let me know.

Continue reading »

Apr 062013
 

I am all about performance and speed.  I even go so far as to test various ways of doing things in bash (or other programming languages) to optimize the code so it runs faster or more efficiently.  I optimize services in the same matter.  With my fairly new laptop, it has one of the hybrid graphics cards – intel + nvidia.  It works with bumblebee….and cuda….for the most part.  Simply running ‘optirun command’ switches to the nvidia graphics card which gives much better performance, not only in graphics intensive stuff…..but even bash shell.

Example:  running a simple ‘time ls -la’ in a directory containing  1590 items

real	0m0.095s
user	0m0.012s
sys	0m0.008s

Example 2: running ‘optirun xterm’ and then running the same command ‘time ls -la’ in the same directory in the new nvidia xterm:

real    0m0.015s
user    0m0.000s
sys     0m0.012s

And even the glx tests are much faster:

$ glxspheres 
Polygons in scene: 62464
Visual ID of window: 0xa4
Context is Direct
OpenGL Renderer: Mesa DRI Intel(R) Ivybridge Mobile 
60.131595 frames/sec - 67.106860 Mpixels/sec
31.846655 frames/sec - 35.540867 Mpixels/sec
31.377641 frames/sec - 35.017447 Mpixels/sec
31.636594 frames/sec - 35.306439 Mpixels/sec

and:

$ optirun glxspheres 
Polygons in scene: 62464
Visual ID of window: 0x21
Context is Direct
OpenGL Renderer: GeForce GTX 660M/PCIe/SSE2
153.415397 frames/sec - 171.211583 Mpixels/sec
158.583456 frames/sec - 176.979136 Mpixels/sec
161.016123 frames/sec - 179.693993 Mpixels/sec
158.156824 frames/sec - 176.503015 Mpixels/sec

To me, this is enough of a performance improvement to use the nvidia graphics card always.  Except, there is no way to do that in the new laptop…..at least that I have figured out.

Mar 092013
 

As I use nginx more and more, one of the things I miss is being able to see who is connecting to the server and the request they are making.  This is often helpful in determining attacks.  So, I basically wrote this script which does it.

#!/bin/bash
 
# By Ed Wiget
# This shows active GET and POSTS to port 80
# One of the things i hate about nginx is the lack of an apache style status page showing requests
# hence I wront this script....which does it at a network layer, using ngrep
 
# 20130308 - original script
 
## grep all HTTP GET or POST requests from network traffic on eth0 interface  ##
# sudo ngrep -l -q -d eth0 "^GET |^POST " tcp and port 80
 
if [ `which ngrep | head -1 | wc -l` == "0" ]; then
	echo "missing ngrep....please install"
	exit
fi
 
if [ $1 = "" ]; then
	echo "You must pass the interface as an option, i.e. eth0 or eth1, etc"
	read CIF
else
	CIF=$1
fi
 
thing=1
 
until [ $thing = "0" ]; do
	# uncomment top line if you dont need x-forward-for
        #sudo ngrep -l -q -d eth0 "^GET |^POST " tcp and port 80
        # use the next line if you do need x-forward-for
	#sudo ngrep -d eth1 -q 'X-Forwarded-For'  tcp and port 80
	ngrep -d ${CIF} -t '^(GET|POST) ' tcp and port 80
	echo
	sleep 1;
done

CHANGES

20130905 – added option to pass interface

Feb 052013
 

So I wrote this script because I often need to run tcpdump on a remote host and then view it in wireshark.  The old method was to run tcpdump on remote host, scp/rsync the file back to my local machine, open it in wireshark, view it.  This script saves a lot of time.  It assumes you are logging in as root and will need modified if you are running as a normal user (change root to your username and make sure you have sudo privileges for tcpdump)

#!/bin/bash
 
# By Ed Wiget
# This runs tcpdump on a remote hosts and pipes it back locally to wireshark to view in realtime
 
# 20130205 - original script
 
if [ $1 == "" ]; then
	echo "What is the remote host by fqdn, i.e. server1.domain.com"
	read RHOST
else
	RHOST=$1
fi
 
wireshark -k -i <( ssh -l root ${RHOST} /usr/sbin/tcpdump -i eth0 -w - )
 
# after you kill wireshark, the tcpdump still runs on remove host...we need to kill it
PIDOF=`ssh root@${RHOST} "ps aux | grep [t]cpdump" | awk -F" " '{print$2}'`
 
echo "killing pid ${PIDOF} on ${RHOST}...please wait...."
ssh root@${RHOST} "pkill tcpdump"
 
# now we make sure it is killed
PIDOF2=`ssh root@${RHOST} "ps aux | grep [t]cpdump" | awk -F" " '{print$2}'`
if [ ${PIDOF2} == "" ]; then
	echo "pid check returns ${PIDOF2}"
else
	echo "pid check returns ${PIDOF2}"
fi

Jul 032012
 

So I wrote this script because I had a bunch of files I copied from my ipod touch that were named like ABCD.mp3 and I wanted them to be like ARTIST-SONG_TITLE.mp3 There was also another issue where I had some songs named ARTIST-SONG_TITLE.mp3 but they did not have the id3 information. So this script does both. Also, if the file is an itunes file like ABCD.mp3 and it doesn’t have embedded id3 information, it skips it. Here is the script:

Continue reading »

May 252012
 

I do things the easiest way that gets the job done.  Someone asked me recently about mounting a shared windows drive in Linux from bash.  They stated they normally mount it through dolphin using:

smb://username:password@ip_address/SHARED_DRIVE

That works until you need to copy files via rsync or some other bash method.  The solution is actually very simple:

mount -t cifs //ip_address/SHARED_DRIVE /mnt/directory -o user=username,password=user_password_on_windows_share,uid=500,gid=500

Just be sure you replace uid=500 with the users id in linux and gid=500 with the users group id in linux in order to be able to write files/directories with the proper permissions.  Of course the mount directory, /mnt/directory, also must exist.

If you get an error about “mount error(12): Cannot Allocate Memory

the fix is:

Edit the windows registry

Set “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\LargeSystemCache” to “1″.
 
Set “HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Size” to “3″.
 
Restart the “server” service.