Thursday, February 25, 2016

Using cheat for getting help with unix commands.


There are lots of tools and commands in unix systems for various purposes. Some tools we need in our day to day activities but some tools are using very rarely. For both of these instances most of time we are facing forgetting the commands that relevant to a tool or a command. Even a tool that we are using daily sometimes we are getting trouble when we execute some commands we have not been used previously. And also sometimes even if we know the command we may forgot what actual does that command. So to identify those things there is a great tool called Cheat.

Using cheat in terminal you can get the usage of most of the unix tools and commands. And it's not like man. It gives us "what you want to do? and here is the command for it". 

How to install cheat?
If you have installed python simply run the following command



sudo pip install cheat

After you have installed  cheat you can just type cheat on the terminal and the tool which you need to get the details.

example:

Assume you need to get the commands related to tar

cheat tar

using the above command you can get the help of tar.

 You can also add your own cheats also. To add your own cheats or custom cheats that some one else has made, go to the ~/ .cheat/ and past the cheat file that you've created or the custom one.

you can run the cheats as above.

Posted by at No comments:

Tuesday, February 23, 2016

Config CentOS as Gateway / Firewall mode

We can use Cent OS as a gateway in a network to implement other function as a firewall also. So here are steps.

Firstly if you have not installed iptables install it as follows.

Debian

apt-get install iptables-services

Redhat

yum install iptables-services

It is important to install iptables-services packages.


1) Load the modules.

This is not need to done in newer linux versions.

modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ip_nat_ftp

2) Disable ECN if enabled.



If ECN (Explicit Notification Congesion) enabled will slow down the connection.

echo 0 > /proc/sys/net/ipv4/tcp_ecn


3) Enable ipv4 forwading

echo 1 > /proc/sys/net/ipv4/ip_forward
or
sudo sysctl -w net.ipv4.ip_forward=1

Remember.. This will only temporary enable the ipv4 forwarding. When ever you restarted the network service or reboot the system this will disabled. To enable this on boot follow the below commands


nano /etc/sysctl.conf

Then you will open up for edit the sysctl.conf file. At the end of file add the following line.

net.ipv4.ip_forward = 1

If this line already exist with "= 0", change it to "= 1"
If this line already exist with "#" infront of the line, remove the "#"

4) Flushing the existing iptables rules.

$iptables -F INPUT
$iptables -F OUTPUT
$iptables -F FORWARD
$iptables -F -t nat

iptables -F -t nat, this will remove all rules in nat table. (by default iptables work with filter table. So it is important to flush the nat table in our case)

5) Defining the standard policy

The syntax for this is as follows

iptables -P "chain" "action"

With -P we can define default policy.
What is default policy. Why we are adding a default policy.

Every firewall has a default policy. It may be a accept or drop. Default policy is the last rule of the firewall after it has matched all the rules that we have given. Let's say firewall received a ip packet. It goes with all the entries in it's table for find what do with this packet. is it forward or drop it. So in here if the firewall couldn't find any matching in it's entries with the IP packet it will do the last action which is the default policy. If default policy is Drop, it will drop the packet. If its Accept, it will forward the packet.

$iptables -P INPUT DROP
$iptables -P OUTPUT ACCEPT
$iptables -P FORWARD ACCEPT

In here  i have put DROP as the default policy for INPUT chain. Because i don't want to go through my firewall unwanted packets.

now the network we are going to face is as follow

(localnetwork with some PCs) ----[firewall(centos)]---(ADSL router)

In this local network it may be contain no. of PCs. Each PC has a certain IP address which belongs to same subnet. We will call this network as localnet

Firewall has 2 interfaces which are localint( ip of the localint is localaddr) and publicint (ip address of the publicint is publicaddr)

ADSL router is the Gateway for us.


And please consider another few things. When i mention localnet it should be with subnet mask of the local network.

ex:
192.168.1.0/24

When I mention any it means any network/ any ip. You should consider it as 0.0.0.0/0
This is how we indicate any network.

6) Allowing access from the local network

$iptables -A INPUT -s $localnet -d $localaddr -j ACCEPT
$iptables -A INPUT -s $localnet -d $publicaddr -j ACCEPT

7) Allowing the packet goes from our local interface

$iptables -A INPUT -i lo -j ACCEPT

8) Allowing secure connections to establish

$iptables -A INPUT -s $any -d $publicaddr -m state --state ESTABLISHED,RELATED -j ACCEPT

9) Masquerade the local network to the public network (NATing)

$iptables -t nat -A POSTROUTING -s $localnet -d $any -j MASQUERADE


How to save configured iptables rules and make it work on boot.

Up to now we have setup the iptables rules. But if we reboot or restart the iptables service all the rules will be deleted that we have made. So we need to save them.

Save iptables rules in a seperate file

We can save the iptables rules in a separate file for restore later. To do this follow the command

iptables-save > "file you want to save as"

ex ;

iptables-save > /etc/iptables-save

Then it will be save as you named it.
To restore the iptables rules from that saved file simply run

iptables-restore < "the rules file that you saved"

check whether the rules has been restored by running
iptables -L

Save iptables rules in boot

To enable the iptables rules that we have created firstly we have to edit /etc/sysconfig/iptables-config

nano /etc/sysconfig/iptables-config

in that file find the following lines.

IPTABLES_SAVE_ON_STOP="no"

IPTABLES_SAVE_ON_RESTART="no"

find those two lines and change the "no" to "yes"

Then after you have change all iptables rules simply run the following command to save the iptables rules in /etc/sysconfig/iptables file.

service iptables save

all the current iptables rules will rewrite to iptables file and after you rebooted they will saved as they were.

if you need to enable the iptables service at boot simply run the following command

systemctl enable iptables



You can find the details of IPTABLES and how it works in the following link

http://www.karlrupp.net/en/computer/nat_tutorial

Its a very good link for this.

If you want to learn deeper and more precisely about iptables please refer the following link. It is best for this.

http://www.linuxhowtos.org/Security/iptables.htm



Reference ;
https://www.centos.org/forums/viewtopic.php?t=38943
Posted by at No comments:

Linux shell with effective way (ways to use it)

Here we are going to focus on linux / unix shell with specific symbols which we can use the shell in effective manner.

The symbols are,
|, \ , &, &&, [], [[]], (), {} 

These symbols are very usefull in bash.

Using pipe symbol in shell

| the pipe sign can use to pipe the output of a command. simply it's forwarding what have in stdout in to stdin.

ex:
ls /etc | grep gtk

here we get the output of the ls /etc and put it into the grep gtk  command as an input to that command.


Logical Operators.




Ampersand Operator (&)

The function of ‘&‘ is to make the command run in background. Just type the command followed with a white space and ‘&‘. You can execute more than one command in the background, in a single go.

Run one command in the background:

root@localhost:~$ ping ­www.google.com &

Run two command in background, simultaneously:
root@localhost:~$ apt-get update & apt-get upgrade &


2. semi-colon Operator (;)

The semi-colon operator makes it possible to run, several commands in a single go and the execution of command occurs sequentially.
root@localhost:~$apt-get update ; apt-get upgrade ; mkdir test

The above command combination will first execute update instruction, then upgrade instruction and finally will create a ‘test‘ directory under the current working directory.

3. AND Operator (&&)

The AND Operator (&&) would execute the second command only, if the execution of first command SUCCEEDS, i.e., the exit status of the first command is 0. This command is very useful in checking the execution status of last command.
For example, I want to visit website google.com using link command, in terminal but before that I need to check if the host is live or not.
root@localhost:~$ ping -c3 www.google.com && links www.google.com

4. OR Operator (||)

The OR Operator (||) is much like an ‘else‘ statement in programming. The above operator allow you to execute second command only if the execution of first command fails, i.e., the exit status of first command is ‘1‘.

For example, I want to execute ‘apt-get update‘ from non-root account and if the first command fails, then the second ‘links www.google.com‘ command will execute.

tecmint@localhost:~$ apt-get update || links www.google.com

In the above command, since the user was not allowed to update system, it means that the exit status of first command is ‘1’ and hence the last command ‘links www.google.com‘ gets executed.

What if the first command is executed successfully, with an exit status ‘0‘? Obviously! Second command won’t execute.

tecmint@localhost:~$ mkdir test || links www.google.com

Here, the user creates a folder ‘test‘ in his home directory, for which user is permitted. The command executed successfully giving an exit status ‘0‘ and hence the last part of the command is not executed.


5. NOT Operator (!)


The NOT Operator (!) is much like an ‘except‘ statement. This command will execute all except the condition provided. Let's assume a directory which exists some files with several .html files. We need to delete all files without deleting .html files. So we can use the following command for this.
 
root@localhost:~$ rm -r !(*.html)

do ls for confirm the files are exists.

6. AND – OR operator (&& – ||)


The above operator is actually a combination of ‘AND‘ and ‘OR‘ Operator. It is much like an ‘if-else‘ statement.

For example, let’s do ping to google.com, if success echo ‘Verified‘ else echo ‘Host Down‘.
tecmint@localhost:~/tecmint$ ping -c3 www.tecmint.com && echo "Verified" || echo "Host Down"

Sample Output

PING www.google.com (212.71.234.61) 56(84) bytes of data. 64 bytes from www.google.com (212.71.234.61): icmp_req=1 ttl=55 time=216 ms 64 bytes from www.google.com (212.71.234.61): icmp_req=2 ttl=55 time=224 ms 64 bytes from www.google.com (212.71.234.61): icmp_req=3 ttl=55 time=226 ms --- www.google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 216.960/222.789/226.423/4.199 ms Verified

Now, disconnect your internet connection, and try same command again.

root@localhost:~/tecmint$ ping -c3 www.google.com && echo "verified" || echo "Host Down"

Sample Output

ping: unknown host www.google.com Host Down


\ Back slash

this operator will use when we writing long statement in the shell and if we want to break it in to several lines.


Test and [ ]

Test function is used in many language for check the condition of a expression (evaluate a expression). [ ] is similar to test.

[ "abc"="abc" ]

This tells check whether abc equals abc. if they are equals it returns 0(expression true). else 1(expression result False).

ex :

root@localhost:~$if [ "abc"="abc" ];then echo "equals";fi
root@localhost:~$equals

[[ ]] is same as [ ], but using it we can include number of commands with other operators.

We can use [ ] this for check whether if a file exists, check whether it's a file or a directory and so on. Here is a list of them.

some common file test

OperatorCharacteristic
-dDirectory
-eExists (also -a)
-fRegular file
-hSymbolic link (also -L)
-pNamed pipe
-rReadable by you
-sNot empty
-SSocket
-wWritable by you
-NHas been modified since last being read

Testing pair of files

Operator    True if
-nt                Test if file1 is newer than file 2. The modification date is used for this and         the next comparison.

-ot                Test if file1 is older than file 2.

-ef                Test if file1 is a hard link to file2.

 



You can get the actual result of test function using $?

ex:
root@localhost:~$[ -e /home ]; echo $?
root@localhost:~$0

Using parentheses in Shell

Parentheses can use for certain no. of instances.

1) Executing group of commands in a different shell(subshell) we can use ()

ex:
root@localhost:~$pwd
/home/user
root@localhost:~$(cd /tmp; pwd)
/tmp
root@localhost:~$pwd
/home/user

2) Defining an array,

array=(a b c d)

To iterate all the values in array use the following comand

echo ${array[@]}

arrayname[@] will result all values in the array.

3) Command substitution

Reassigns the output of a command. Even multiple command.

ex ;
var=$(ls /home/user/Documents)
echo $var
Output reassigned to var variable and it can be printed
similar to ' '

We can rewrite above command as follow

var=$'ls /home/user/Documents'
echo $var


Double parantheses

1) Integer arithmatic

((i=23))

2) Integer arithmatic with variable

v=$((45+34))
echo $v
 79

3) Variable increment or  decrement

var=1
((var++))
echo $var
2

4) In functions

for ((i=0; i<10; i++))



Curly braces

This is doing big part in bash.

1) Truncate the contents of a variable

$ var="abcde"; echo ${var%d*}
abc

This will remove all characters after "d" letter with the "d". It looks from right to left. That mean if d has number of occurrences, from the last "d" characters will removed.





2) Make substitutions similar to sed

$ var="abcde"; echo ${var/de/12}
abc12

3) Use a default value

$ default="hello"; unset var; echo ${var:-$default}
hello

4) And also can use for iterate strings as loops

$ echo f{oo,ee,a}d
food feed fad

$ mv error.log{,.OLD}
(error.log is renamed to error.log.OLD because the brace expression
expands to "mv error.log error.log.OLD")

$ for num in {000..2}; do echo "$num"; done
000
001
002

$ echo {00..8..2}
00 02 04 06 08


$ echo {D..T..4}
D H L P T

$Variable="abcdef"
$ echo Variable: ${VARIABLE}123456
    Variable: abcdef123456


5) Run block of code in the same shell

$ { date; top -b -n1 | head ; } >logfile
    # 'date' and 'top' output are concatenated,
    # could be useful sometimes to hunt for a top loader )

Deleting certain files in a directory

Assume a directory with three files named a.txt, b.txt and c.txt
You need to delete only a.txt and b.txt

rm /home/user/Documents/{a.txt,b.txt}

this will remove only those files.


Summary of all

  •  Brackets

    if [ condition ] # test construct
    if [[ condition ]] # extended test construct, similar to single, but is bash builtin
    Array[index]=element1 # array initialization
    [a-z] # range of characters in a regular expression

  • Curly Brackets

    ${variable} # parameter substitution
    ${!variable} # indirect variable reference
    { cmd1; cmd2; …; cmdN; } # block of code
    {string1,string2,…,stringN} # brace expansion
    {a..z} # extended brack expansion
    {} # text replacement, after find and xargs

  • Parentheses

    ( cmd1; cmd2; …; cmdN ) # command group executed within a subshell
    Array=(element1 element2 … elementN) # array initialization
    result=$(cmd) # command substitution like “
    >(cmd) # process substitution
    <(cmd) # process substitution

  • Double Parentheses

    (( var = 78)) # integer arithmetic
    var=$(( 20 + 5 )) # integer arithmetic with viriable assignment
    (( var++ )) (( var– )) # c-style variable increment/decrement
    (( var0 = var1<98?9:21 )) # c-style trinary operation

Hope this is very useful while using bash.


Referenced links ;
http://unix.stackexchange.com/questions/32210/using-single-or-double-bracket-bash
https://shunchaowang.wordpress.com/2015/03/06/bash-parentheses/
http://www.linuxjournal.com/content/bash-brace-expansion
http://stackoverflow.com/questions/8748831/bash-when-do-we-need-curly-braces-in-variables
http://www.tecmint.com/chaining-operators-in-linux-with-practical-examples/
http://mywiki.wooledge.org/BashFAQ/031
http://stackoverflow.com/questions/2188199/how-to-use-double-or-single-bracket-parentheses-curly-braces
https://bash.cyberciti.biz/guide/Logical_OR
Posted by at No comments:

Friday, February 19, 2016

How to open Shell on web server using PHP

Web servers are the most vulnerable for attacks. Because they directly connected with internet and also what are they meant to be. So for a hacker web server is a good start. Spidering web site, directory traversal, catching the x site scripts and finding holes in a web site is lead to a good hack. So here i'm going to explain a good trick to hack a web site using php script. But there should be some vulnerables in the particular web site in order to make this hack.

<?php
$output shell_exec('ls -lart');
echo "<pre>$output</pre>";?>


Read more »
Posted by at No comments:
Subscribe to: Posts (Atom)