Archive for the ‘Downloads’ Category

tv crime2KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url’s are dumped into a CSV file in %AppData%.

General Design

KeeFarce uses DLL injection to execute code within the context of a running KeePass process. C# code execution is achieved by first injecting an architecture-appropriate bootstrap DLL. This spawns an instance of the dot net runtime within the appropriate app domain, subsequently executing KeeFarceDLL.dll (the main C# payload).

The KeeFarceDLL uses CLRMD to find the necessary object in the KeePass processes heap, locates the pointers to some required sub-objects (using offsets), and uses reflection to call an export method.

Prebuilt Packages

An appropriate build of KeeFarce needs to be used depending on the KeePass target’s architecture (32 bit or 64 bit). Archives and their shasums can be found under the ‘prebuilt’ directory.

Executing

In order to execute on the target host, the following files need to be in the same folder:

  • BootstrapDLL.dll
  • KeeFarce.exe
  • KeeFarceDLL.dll
  • Microsoft.Diagnostic.Runtime.dll

Copy these files across to the target and execute KeeFarce.exe

Building

Open up the KeeFarce.sln with Visual Studio (note: dev was done on Visual Studio 2015) and hit ‘build’. The results will be spat out into dist/$architecture. You’ll have to copy the KeeFarceDLL.dll files and Microsoft.Diagnostic.Runtime.dll files into the folder before executing, as these are architecture independent.

Compatibility

KeeFarce has been tested on:
KeePass 2.28, 2.29 and 2.30 – running on Windows 8.1 – both 32 and 64 bit.
This should also work on older Windows machines (win 7 with a recent service pack). If you’re targeting something other than the above, then testing in a lab environment before hand is recommended.
Download

 

Advertisements

Windows TV

Discover a range of Microsoft books on Windows Server, Microsoft Azure, App Development and System Center as well as Windows books available free of charge! From technical overviews to drilldowns on special topics, these free Microsoft books are available in PDF, EPUB, and/or Mobi for Kindle formats. Download these eBooks at your convenience today.

App DevelopmentWindows Server

Microsoft AzureWindows 8.1

Microsoft System CenterOther Books

 

 

(more…)

tv Snort

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Official Release Note of Snort 2.9.1:- 

  • Protocol aware reassembly support for HTTP and DCE/RPC pre-processors. Updates to Stream5 allowing Snort to more intelligently inspect HTTP and DCE/RPC requests and responses. See README.stream5 subsection related to Protocol Aware Flushing (PAF).
  • SIP pre-processor to identify SIP call channels and provide rule access via new rule option keywords. Also includes new pre-processor rules for anomalies in the SIP communications. See the Snort Manual and README.sip for details.
  • POP3 & IMAP pre-processors to decode email attachments in Base64, Quoted Printable, and uuencode formats, and updates to SMTP pre-processor for decoding email attachments encoded as Quoted Printable and uuencode formats. See the Snort Manual, README.pop, README.imap, and README.SMTP for details.
  • Support for reading large pcap files.
  • Logging of HTTP URL (host and filename), SMTP attachment filenames and email recipients to unified2 when Snort generates events on related traffic.
  • IP Reputation pre-processor, allowing Snort to blacklist or whitelist packets based on their IP addresses. This pre-processor is still in an experimental state, so please report any issues to the Snort team. See README. Reputation for more information.

To download Snort Click Here

tvchrome

Google Chrome, a browser built on the Blink layout engine that aims to be minimalistic and versatile at the same time, is now at version 31.0.1650.26 Beta.

After the release of a development and stable version, a new Google Chrome Beta is now available, bringing a few much needed changes and improvements.

According to the announcement, a “kiosk_only” manifest attribute has been added for platform apps, a content switch has been added to turn off unprefixed MediaSource API, a wrong policy used for secondary users has been corrected, a tablet layout regression has been corrected, and much more.

A complete list of bug fixes and changes can be found in the official changelog.

Download Google Chrome 31.0.1650.26 Beta for Windows
Download Google Chrome 31.0.1650.26 Beta for Mac OS X
Download Google Chrome 31.0.1650.26 Beta for Linux

tv crime2

1. Nmap
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage.

2. Wireshark
Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. Wireshark homepage.

3. Metasploit Community edition
Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. Metasploit community edition homepage.

4. Nikto2
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Nikto2 homepage.

5. John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. John the Ripper homepage.

6. ettercap
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ettercap homepage.

7. NexPose Community edition
The Nexpose Community Edition is a free, single-user vulnerability management solution. Nexpose Community Edition is powered by the same scan engine as Nexpose Enterprise and offers many of the same features. Nexpose homepage.

8. Ncat
Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses. ncat homepage.

9. Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT. kismet homepage.

10. w3af
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af homepage.

11. hping
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. hping homepage.

12. burpsuite
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. BurpSuite homepage.

13. THC-Hydra
A very fast network logon cracker which support many different services.  hydra homepage.

14. sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. sqlmap homepage.

15. webscarab
WebScarab has a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned. WebScarab homepage.

tv-300x2241

Download the PDF cheat sheet >Caintech.co.uk Windows Shortcuts You Should All Know To Save Time

 

Windows Explorer Keyboard Shortcuts

* END (Display the bottom of the active window)

* HOME (Display the top of the active window)

* NUM LOCK+Asterisk sign (*) (Display all of the subfolders that are under the selected folder)

* NUM LOCK+Plus sign (+) (Display the contents of the selected folder)

* NUM LOCK+Minus sign (-) (Collapse the selected folder)

* LEFT ARROW (Collapse the current selection if it is expanded, or select the parent folder)

* RIGHT ARROW (Display the current selection if it is collapsed, or select the first subfolder)

 

Shortcut Keys for Character Map

* After you double-click a character on the grid of characters, you can move through the grid by using the keyboard shortcuts:

* RIGHT ARROW (Move to the right or to the beginning of the next line)

* LEFT ARROW (Move to the left or to the end of the previous line)

* UP ARROW (Move up one row)

* DOWN ARROW (Move down one row)

* PAGE UP (Move up one screen at a time)

* PAGE DOWN (Move down one screen at a time)

* HOME (Move to the beginning of the line)

* END (Move to the end of the line)

* CTRL+HOME (Move to the first character)

* CTRL+END (Move to the last character)

* SPACEBAR (Switch between Enlarged and Nor mal mode when a character is selected)

 

Microsoft Management Console (MMC) Main Window Keyboard Shortcuts

* CTRL+O (Open a saved console)

* CTRL+N (Open a new console)

* CTRL+S (Save the open console)

* CTRL+M (Add or remove a console item)

* CTRL+W (Open a new window)

* F5 key (Update the content of all console windows)

* ALT+SPACEBAR (Display the MMC window menu)

* ALT+F4 (Close the console)

* ALT+A (Display the Action menu)

* ALT+V (Display the View menu)

* ALT+F (Display the File menu)

* ALT+O (Display the Favourites menu)

 

MMC Console Window Keyboard Shortcuts

* CTRL+P (Print the current page or active pane)

* ALT+Minus sign (-) (Display the window menu for the active console window)

* SHIFT+F10 (Display the Action shortcut menu for the selected item)

* F1 key (Open the Help topic, if any, for the selected item)

* F5 key (Update the content of all console windows)

* CTRL+F10 (Maximize the active console window)

* CTRL+F5 (Restore the active console window)

* ALT+ENTER (Display the Properties dialog box, if any, for the selected item)

* F2 key (Rename the selected item)

* CTRL+F4 (Close the active console window. When a console has only one console window, this shortcut closes the console)

 

Remote Desktop Connection Navigation

* CTRL+ALT+END (Open the Microsoft Windows NT Security dialog box)

* ALT+PAGE UP (Switch between programs from left to right)

* ALT+PAGE DOWN (Switch between programs from right to left)

* ALT+INSERT (Cycle through the programs in most recently used order)

* ALT+HOME (Display the Start menu)

* CTRL+ALT+BREAK (Switch the client computer between a window and a full screen)

* ALT+DELETE (Display the Windows menu)

* CTRL+ALT+Minus sign (-) (Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PRINT SCREEN on a local computer.)

* CTRL+ALT+Plus sign (+) (Place a snapshot of the entire client window area on the Terminal server clipboard and provide the same functionality as pressing ALT+PRINT SCREEN on a local computer.)

 

Internet Explorer navigation

* CTRL+B (Open the Organize Favourites dialog box)

* CTRL+E (Open the Search bar)

* CTRL+F (Start the Find utility)

* CTRL+H (Open the History bar)

* CTRL+I (Open the Favourites bar)

* CTRL+L (Open the Open dialog box)

* CTRL+N (Start another instance of the browser with the same Web address)

* CTRL+O (Open the Open dialog box, the same as CTRL+L)

* CTRL+P (Open the Print dialog box)

* CTRL+R (Update the current Web page)

* CTRL+W (Close the current window)

tv-Linux

Following on from a recent post Nmap Cheat Sheet’I have decided to create another cheat sheet but this time for GNU/Linux as I am constantly referring to it for reference. These kind of things are very handy as if you are like myself and don’t use Linux on a daily basis they can play a major part in jogging the little grey cells.

Download:  Cheat Sheet commands for GNU/Linux

CheatSheet commands for GNU / Linux

System Information

1. arch: show the architecture of the machine (1).
2. uname -m: show the architecture of the machine (2)..
3. uname -r: show the kernel version used.
4. dmidecode -q: display the components (hardware) system.
5. hdparm -i /dev/hda: show the characteristics of a hard disk.
6. hdparm -tT /dev/sda: make reading test on a hard disk.
7. cat /proc/cpuinfo: CPU information show.
8. cat /proc/interrupts: show interrupts.
9. cat /proc/meminfo: verify memory usage.
10. cat /proc/swaps: show swap files.
11. cat /proc/version: display the version of the kernel.
12. cat /proc/net/dev: network adapters and display statistics.
13. cat /proc/mounts: display the mounted file system.
14. lspci -tv: show PCI devices.
15. lsusb -tv: show USB devices.
16. date: display the system date.
17. cal 2013: show calendar 2013.
18. cal 07 2013: show the calendar for the month July 2013.
19. date 041217002013.00: place (declare, set) date and time.
20. clock -w: save changes to the BIOS date.

Shutdown (Reset System or Log out)

1. shutdown -h now: Shut down system (1).
2. init 0: Shut down system (2).
3. telinit 0: Shut down system (3).
4. halt: shutdown the system (4).
5. shutdown -h hours:minutes &: planned shutdown of the system.
6. shutdown -c: cancel a planned shutdown of the system.
7. shutdown -r now: Restart (1).
8. reboot: Reboot (2).
9. logout: close session.

Files and Directories

1. cd /home: enter the “home” directory.
2. cd ..: go back one level.
3. cd ../..: back 2 levels.
4. cd: go to the root directory.
5. cd ~user1: go to directory user1.
6. cd -: go (back) to the previous directory.
7. pwd: : show the path of the working directory.
8. ls: see the files in a directory.
9. ls -F: see the files in a directory.
10. ls -l: show details of files and folders in a directory.
11. ls -a: show hidden files.
12. ls *[0-9]*: show the files and folders that contain numbers.
13. tree: display files and folders in a tree starting from the root. (1)
14. lstree: display files and folders in a tree starting from the root. (2)
15. mkdir dir1: create a folder or directory called ‘dir1’.
16. mkdir dir1 dir2: create two folders or directories simultaneously (Create two directories at once)
17. mkdir -p /tmp/dir1/dir2: create a directory tree.
18. rm -f file1: delete the file called file1.
19. rmdir dir1: delete the folder called dir1.
20. rm -rf dir1: delete a folder called dir1 with its contents recursively.
21. rm -rf dir1 dir2: delete two folders (directories) with its contents recursively.
22. mv dir1 new_dir: rename or move a file or folder (directory).
23. cp file1: copy a file.
24. cp file1 file2: copy two files together.
25. cp dir /* . : copy all the files in a directory within the current working directory.
26. cp -a /tmp/dir1 . : copy a directory within the current working directory.
27. cp -a dir1: copy a directory.
28. cp -a dir1 dir2: copy two directories.
29. ln -s file1 lnk1: create a symbolic link to the file or directory.
30. ln file1 lnk1: creating a physical link to the file or directory.
31. touch -t 0712250000 file1: modify the real time (time of creation) of a file or directory.
32. file file1: output (screen dump)
33. iconv -l: lists of known encryption.
34. iconv -f fromEncoding -t toEncoding inputFile > outputFile: creates a new form of the input file is encoded in assuming and making a ToEncoding fromEncoding.
35. find . -maxdepth 1 -name *.jpg -print -exec convert ”{}” -resize 80×60 “thumbs/{}” \;: grouping resized files in the current directory and send them to directories in thumbnail view (requires converting from ImageMagick).

Finding Files

1. find / -name file1: file and directory search from the root of the system.
2. find / -user user1: find files and directories belonging to user user1.
3. find /home/user1 -name \*.bin: search files with extension ‘. bin ‘directory within it’ / home/user1.
4. find /usr/bin -type f -atime +100: look at binary files used in the last 100 days.
5. find /usr/bin -type f -mtime -10: find the changed files created within the last 10 days.
6. find / -name \*.rpm -exec chmod 755 ‘{}’ \;: look for files with extension. ‘rpm’ and change permissions.
7. find / -xdev -name \*.rpm: Find files with extension ‘. rpm’ ignoring them removable devices such as cdrom, pen-drive, etc ….
8. locate \*.ps: find files with extension. ‘ps’ primarily executed with the command ‘updatedb’.
9. whereis halt: show the location of a binary file. In this case you are wondering Where he command ‘halt’
10. which halt: show the full path (full path to it) to a binary / executable.

Mounting a file system

1. mount /dev/hda2 /mnt/hda2: mount a disk called hda2. Check first the existence of the directory ‘/ mnt/hda2?, If not, create it.
2. umount /dev/hda2: removing a disk called hda2. Out first from point ‘/ mnt/hda2.
3. fuser -km /mnt/hda2: force umount when the device is busy.
4. umount -n /mnt/hda2: running disassembly without reading the file / etc / mtab. Useful when the file is read-only or the hard drive is full.
5. mount /dev/fd0 /mnt/floppy: mount a floppy disk (floppy).
6. mount /dev/cdrom /mnt/cdrom: mount a cdrom / dvdrom.
7. mount /dev/hdc /mnt/cdrecorder: mount a rewritable cd or dvdrom.
8. mount /dev/hdb /mnt/cdrecorder: mount a rewritable cd / dvdrom (a dvd).
9. mount -o loop file.iso /mnt/cdrom: mount a file or iso image.
10. mount -t vfat /dev/hda5 /mnt/hda5: mount a FAT32 file system.
11. mount /dev/sda1 /mnt/usbdisk: mount a usb thumb drive or a memory (without specifying the filesystem type).

Hard Disk Space

1. df -h: display a list of mounted partitions.
2. ls -lSr |more: show the size of the files and directories sorted by size.
3. du -sh dir1: Estimate the space used by the directory dir1.
4. du -sk * | sort -rn: show the size of the files and directories sorted by size.
5. rpm -q -a –qf ‘%10{SIZE}t%{NAME}n’ | sort -k1,1n: show space used by the installed rpm packages organized by size (Fedora, Redhat and others).
6. dpkg-query -W -f=’${Installed-Size;10}t${Package}n’ | sort -k1,1n: show space used by the packages installed, organized by size (Ubuntu, Debian and others) .

Users and Groups

1. groupadd name_of_the_group: create a new group.
2. groupdel name_of_the_group: delete a group.
3. groupmod -n new_name_of_the_group old_name_of_the_group: rename a group.
4. useradd -c “Name Surname ” -g admin -d /home/user1 -s /bin/bash user1: Create a new user belonging to the “admin”.
5. useradd user1: create a new user.
6. userdel -r user1: delete a user (‘-r’ eliminates home directory).
7. usermod -c “User FTP” -g system -d /ftp/user1 -s /bin/nologin user1: change user attributes.
8. passwd: Changing password.
9. passwd user1: change the password of a user (only root).
10. chage -E 2013-12-31 user1: place a time limit for the user’s password. In this case says that the key expires on December 31, 2013.
11. pwck: correct syntax check the file format of ‘/ etc / passwd’ and the existence of users.
12. grpck: check correct syntax and format of the file ‘/ etc / group’ and the existence of groups.
13. newgrp group_name: Registers a new group to change the default group of newly created files.

File Permissions (Use “+” to place permissions and “-” to remove)

1. ls -lh: Show permissions.
2. ls /tmp | pr -T5 -W$COLUMNS: Terminal divided into 5 columns.
3. chmod ugo+rwx directory1: : enable read permissions (r) , write (w) and execute (x) to the owner (u) group (g) and others (o) on the directory ‘directory1
4. chmod go-rwx directory1: remove read permission (r), write (w) and (x) running the group (g) and others (o) on the directory ‘directory1
5. chown user1 file1: cchange owner of a file.
6. chown -R user1 directory1: change the owner of a directory and all files and directories contained within.
7. chgrp group1 file1: changing group of files.
8. chown user1:group1 file1: change user and group ownership of a file.
9. find / -perm -u+s: display all system files with SUID configured.
10. chmod u+s /bin/file1: set the SUID bit on a binary file. The user that running that file takes the same privileges as the owner.
11. chmod u-s /bin/file1: disable SUID bit on a binary file.
12. chmod g+s /home/public: place a SGID bit on a directory-similar to SUID but for directory.
13. chmod g-s /home/public: disable SGID bit on a directory.
14. chmod o+t /home/public: place a bit STIKY in a directory. Allows deletion of files only rightful owners.
15. chmod o-t /home/public: STIKY disable bit in a directory.


Special Attributes on files (Use “+” to place permissions and “-” to remove)

1. chattr +a file1: allows to writte by opening a file only append mode.
2. chattr +c file1: allows a file to be compressed / decompressed automatically.
3. chattr +d file1: ensures that the program ignore delete files during backup.
4. chattr +i file1: convert the file unchanged, so it can not be removed, altered, renamed, or bound.
5. chattr +s file1: allows a file to be deleted safely.
6. chattr +S file1: ensures that a file is modified, the changes are written in synchronous mode as with sync.
7. chattr +u file1: allows you to restore the contents of a file even if it is canceled.
8. lsattr: show special attributes.


Compressed files

1. bunzip2 file1.bz2: decompress in file called ‘file1.bz2.
2. bzip2 file1: compress a file called file1.
3. gunzip file1.gz: decompress a file called ‘file1.gz.
4. gzip file1: compress a file called ‘file1.
5. gzip -9 file1: compress with maximum compression.
6. rar a file1.rar test_file: create a zip file called ‘file1.rar’.
7. rar a file1.rar file1 file2 dir1: compress ‘file1,’ file2 and ‘dir1Simultaneously.
8. rar x file1.rar: decompress rar file.
9. unrar x file1.rar: decompress rar file.
10. tar -cvf archive.tar file1: create an uncompressed tarball.
11. tar -cvf archive.tar file1 file2 dir1: create an archive containing ‘file1,file2 and dir1.
12. tar -tf archive.tar: show contents a file.
13. tar -xvf archive.tar: extract a tarball.
14. tar -xvf archive.tar -C /tmp: extract a tarball in / tmp.
15. tar -cvfj archive.tar.bz2 dir1: create a tarball compressed into bzip2.
16. tar -xvfj archive.tar.bz2: decompress a bzip2 compressed tar file.
17. tar -cvfz archive.tar.gz dir1: create a gzip tarball.
18. tar -xvfz archive.tar.gz: decompress a gzip compressed tar archive.
19. zip file1.zip file1: create a zip file.
20. zip -r file1.zip file1 file2 dir1: compress in zip several files and directories simultaneously.
21. unzip file1.zip: decompress a zip file.


RPM Packages (Red Hat, Fedora…etc)

1. rpm -ivh package.rpm: install an rpm package.
2. rpm -ivh –nodeeps package.rpm: installing an rpm package ignoring dependencies requests.
3. rpm -U package.rpm: upgrade a rpm package without changing configuration files.
4. rpm -F package.rpm: upgrade a rpm package only if it is installed.
5. rpm -e package_name.rpm: remove a rpm package.
6. rpm -qa: show all rpm packages installed on the system.
7. rpm -qa | grep httpd: show all rpm packages with the name “httpd”.
8. rpm -qi package_name: get information on a specific package installed.
9. rpm -qg “System Environment/Daemons”: show rpm packages of a software group.
10. rpm -ql package_name: show list of files given by a rpm package installed.
11. rpm -qc package_name: show configuration files list given by a rpm package installed.
12. rpm -q package_name –whatrequires: show list of dependencies required for a rpm package.
13. rpm -q package_name –whatprovides: show the capacity provided by a rpm package.
14. rpm -q package_name –scripts: scripts show started during installation / removal.
15. rpm -q package_name –changelog: display the history of revisions of a rpm package.
16. rpm -qf /etc/httpd/conf/httpd.conf: check which rpm package belongs to a given file.
17. rpm -qp package.rpm -l: show list of files given by a rpm package not yet been installed.
18. rpm –import /media/cdrom/RPM-GPG-KEY: Import digital signature public key.
19. rpm –checksig package.rpm: verify the integrity of a package rpm.
20. rpm -qa gpg-pubkey: verify the integrity of all rpm packages installed.
21. rpm -V package_name: check the file size, licenses, rates, owner, group, check MD5 digest and last modified.
22. rpm -Va: check all rpm packages installed on the system. Use with caution.
23. rpm -Vp package.rpm: verify a rpm package not yet installed.
24. rpm2cpio package.rpm | cpio –extract –make-directories *bin*: extracting executable file from a rpm package.
25. rpm -ivh /usr/src/redhat/RPMS/`arch`/package.rpm: install a package built from a source rpm.
26. rpmbuild –rebuild package_name.src.rpm: build a rpm package from a source rpm.


YUM packages updater (Red Hat, Fedora…etc)

1. yum install package_name: download and install a rpm package..
2. yum localinstall package_name.rpm: This will install an RPM and attempt to resolve all dependencies for you, using your repositories.
3. yum update package_name.rpm: update all rpm packages installed on the system.
4. yum update package_name: upgrade a rpm package.
5. yum remove package_name: remove a rpm package.
6. yum list: list all packages installed on the system.
7. yum search package_name: Find a package repository rpm.
8. yum clean packages: clean a cache erasing downloaded packages.
9. yum clean headers: remove all header files that the system uses to resolve the dependency.
10. yum clean all: delete from the cache packages and header files.

Deb packages (Debian, Ubuntu…etc)

1. dpkg -i package.deb: upgrade a deb package.
2. dpkg -r package_name: remove a deb package.
3. dpkg -l: show all deb packages installed on the system.
4. dpkg -l | grep httpd: show all deb packages with the name “httpd”
5. dpkg -s package_name: to obtain information on a specific package installed on the system.
6. dpkg -L package_name: show list of files given by a package installed on the system.
7. dpkg –contents package.deb: show list of files given by a package not yet installed.
8. dpkg -S /bin/ping: check which package owns a given file.

APT packages updater (Debian, Ubuntu …etc)

1. apt-get install package_name: install / upgrade a deb package.
2. apt-cdrom install package_name: install / upgrade a deb package from cdrom.
3. apt-get update: update the package list.
4. apt-get upgrade: update all installed packages
5. apt-get remove package_name: remove a deb package.
6. apt-get check: check the correct resolution of dependencies.
7. apt-get clean: clean up cache from packages downloaded.
8. apt-cache search searched-package: returns list of packages that corresponds to the series’ wanted packages. ”

View the contents of a file

1. cat file1: view the contents of a file starting from the first row.
2. tac file1: view the contents of a file starting from the last line.
3. more file1: view content along a file.
4. less file1: command like ‘more’ but can save the file movement and backward movement.
5. head -2 file1: see the first two lines of a file.
6. tail -2 file1: see the last two lines of a file.
7. tail -f /var/log/messages: see in real time what has been added to the file.

Text Manipulation

1. cat file1 file2 .. | command <> file1_in.txt_or_file1_out.txt: general syntax for text manipulation using PIPE, STDIN and STDOUT.
2. cat file1 | command( sed, grep, awk, grep, etc…) > result.txt: general syntax to manipulate a text from a file and write the output to a new file.
3. cat file1 | command( sed, grep, awk, grep, etc…) » result.txt: general syntax to manipulate a text from a file and add result in an existing file.
4. grep Aug /var/log/messages: search words “Aug” on file ‘/ var / log / messages’.
5. grep ^Aug /var/log/messages: look for words that begin with “Aug” on file ‘/ var / log / messages’
6. grep [0-9] /var/log/messages: select all lines in the file ‘/ var / log / messages’ that contain numbers.
7. grep Aug -R /var/log/*: search for the string “Aug” in directory ‘/ var / log’ and below.
8. sed ‘s/stringa1/stringa2/g’ example.txt: relocate “string1” with “string2” in example.txt
9. sed ‘/^$/d’ example.txt: delete all blank lines from the example.txt
10. sed ‘/ *#/d; /^$/d’ example.txt: Remove comments and blank lines example.txt
11. echo ‘esempio’ | tr ‘[:lower:]‘ ‘[:upper:]‘: convert lowercase to uppercase
12. sed -e ’1d’ result.txt: deletes the first line of the file sample.txt
13. sed -n ‘/stringa1/p’: display only lines that contain the word “string1”.

Character set and file conversion

1. dos2unix filedos.txt fileunix.txt: convert a text file format from MSDOS to UNIX.
2. unix2dos fileunix.txt filedos.txt: convert a text file format from UNIX to MSDOS.
3. recode ..HTML < page.txt > page.html: convert a text file to html.
4. recode -l | more: show all available format conversions.

Analysis of the file systems

1. badblocks -v /dev/hda1: Check for bad blocks on disk hda1.
2. fsck /dev/hda1: repair / check integrity Linux system file on disk hda1.
3. fsck.ext2 /dev/hda1: repair / check integrity ext 2 file system on disk hda1.
4. e2fsck /dev/hda1: repair / check integrity ext 2 file system on disk hda1.
5. fsck.ext3 /dev/hda1: repair / check integrity ext 3 file system on disk hda1.
6. fsck.vfat /dev/hda1: repair / check integrity ext 3 file system on disk hda1.
7. fsck.msdos /dev/hda1: repair / check integrity of a file from MSDOS system on disk hda1.
8. dosfsck /dev/hda1: repair / check integrity of a file from a DOS system on disk hda1.

Formatting a filesystem

1. mkfs /dev/hda1: create a Linux file system on the partition hda1.
2. mke2fs /dev/hda1: create a system file type on the partition hda1
3. mke2fs -j /dev/hda1: create a Linux file system type ext3 (journal) on hda1 partition.
4. mkfs -t vfat 32 -F /dev/hda1: ccreate a FAT32 file system on hda1.
5. fdformat -n /dev/fd0: flooply format a disk.
6. mkswap /dev/hda3: create a swap file system.

Working with SWAP

1. mkswap /dev/hda3: create a swap file system.
2. swapon /dev/hda3: activate a new swap partition.
3. swapon /dev/hda2 /dev/hdb3: activate two swap partitions.

Backup

1. dump -0aj -f /tmp/home0.bak /home: make a complete backup directory ‘/ home’.
2. dump -1aj -f /tmp/home0.bak /home: make incremental backup directory ‘/ home’.
3. restore -if /tmp/home0.bak: restoring a backup interactively.
4. rsync -rogpav –delete /home /tmp: synchronization between directories.
5. rsync -rogpav -e ssh –delete /home ip_address:/tmp: rsync through SSH tunnel.
6. rsync -az -e ssh –delete ip_addr:/home/public /home/local: synchronize a local directory with a remote directory via ssh and compression.
7. rsync -az -e ssh –delete /home/local ip_addr:/home/public: Synchronize a remote directory with a local directory via ssh and compression.
8. dd bs=1M if=/dev/hda | gzip | ssh user@ip_addr ‘dd of=hda.gz’: make a backup on a hard disk on a remote host via ssh.
9. dd if=/dev/sda of=/tmp/file1: save the contents of a hard drive to a file. (In this case the hard drive is “sda” and the file “file1”).
10. tar -Puf backup.tar /home/user: make incremental backup directory ‘/ home / user’.
11. ( cd /tmp/local/ && tar c . ) | ssh -C user@ip_addr ‘cd /home/share/ && tar x -p’: copy the contents of a directory on a remote directory via ssh.
12. ( tar c /home ) | ssh -C user@ip_addr ‘cd /home/backup-home && tar x -p’: copy a local directory on a remote directory via ssh.
13. tar cf – . | (cd /tmp/backup ; tar xf – ): local copy preserving permits and links from one directory to another.
14. find /home/user1 -name ‘*.txt’ | xargs cp -av –target-directory=/home/backup/ –parents: finding and copying all files with ‘. txt’ from one directory to another.
15. find /var/log -name ‘*.log’ | tar cv –files-from=- | bzip2 > log.tar.bz2: find all files with ‘. log’ and make a bzip file.
16. dd if=/dev/hda of=/dev/fd0 bs=512 count=1: make a copy of MRB (Master Boot Record) to floppy.
17. dd if=/dev/fd0 of=/dev/hda bs=512 count=1: restore the backup of the MBR (Master Boot Record) saved on a floppy.

CD-ROM

1. cdrecord -v gracetime=2 dev=/dev/cdrom -eject blank=fast -force: clean or erase a rewritable cd.
2. mkisofs /dev/cdrom > cd.iso: create an iso image of cdrom on disk.
3. mkisofs /dev/cdrom | gzip > cd_iso.gz: create a compressed iso image of cdrom on disk.
4. mkisofs -J -allow-leading-dots -R -V “Label CD” -iso-level 4 -o ./cd.iso data_cd: create an iso image from a directory.
5. cdrecord -v dev=/dev/cdrom cd.iso: burn an iso image.
6. gzip -dc cd_iso.gz | cdrecord dev=/dev/cdrom -: burn an iso image compression.
7. mount -o loop cd.iso /mnt/iso: mount an iso image.
8. cd-paranoia -B: take songs from a cd to wav files.
9. cd-paranoia – ”-3”: take the first 3 songs from a CD to wav files.
10. cdrecord –scanbus: scan bus to identify the channel scsi.
11. dd if=/dev/hdc | md5sum: to run an md5sum in a device such as a cd.

LAN and Wi-Fi

1. ifconfig eth0: show the configuration of an Ethernet network card.
2. ifup eth0: activate an interface ‘eth0’
3. ifdown eth0: disable an interface ‘eth0’
4. ifconfig eth0 192.168.1.1 netmask 255.255.255.0: set an IP address.
5. ifconfig eth0 promisc: configure ‘eth0’ common mode for packets (sniffing).
6. dhclient eth0: active interface ‘eth0’ dhcp mode.
7. route -n: show route table
8. route add -net 0/0 gw IP_Gateway: default input configuration.
9. route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1: Configure static route for network search ‘192 .168.0.0/16’
10. route del 0/0 gw IP_gateway: remove the static route.
11. echo “1” > /proc/sys/net/ipv4/ip_forward: enable ip route.
12. hostname: display the system hostname.
13. host http://www.example.com: hostname search to resolve the name to an IP address (1).
14. nslookup http://www.example.com: find the host name to resolve the name to an IP address and vice versa (2)
15. ip link show: show the link status of all interfaces.
16. mii-tool eth0: show the link status of ‘eth0’
17. ethtool eth0: display statistics for ‘eth0’.
18. netstat -tup: show all active network connections and their PID.
19. netstat -tupl: show all network services listening on the system and its PID.
20. tcpdump tcp port 80: show all HTTP traffic.
21. iwlist scan: show wireless networks.
22. iwconfig eth1: show the configuration of a wireless network card.
23. whois http://www.example.com: search Whois database.

Microsoft Windows Networks (SAMBA)

1. nbtscan ip_addr: net bios name resolution.
2. nmblookup -A ip_addr: net bios name resolution.
3. smbclient -L ip_addr/hostname: show remote actions of a windows host.


IP Tables (FIREWALL)

1. iptables -t filter -L: show all chains of the filter table.
2. iptables -t nat -L: show all chains of the nat table.
3. iptables -t filter -F: clear all rules from the filter table.
4. iptables -t nat -F: clean all nat table rules.
5. iptables -t filter -X: delete any user-created chain.
6. iptables -t filter -A INPUT -p tcp –dport telnet -j ACCEPT: allow input telnet connections.
7. iptables -t filter -A OUTPUT -p tcp –dport http -j DROP: block output HTTP connections.
8. iptables -t filter -A FORWARD -p tcp –dport pop3 -j ACCEPT: allow POP connections to a front chain.
9. iptables -t filter -A INPUT -j LOG –log-prefix “DROP INPUT”: registering an input string.
10. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE: configure a PAT (Port Address Translation) on eth0, hiding the forced departure packages.
11. iptables -t nat -A PREROUTING -d 192.168.0.1 -p tcp -m tcp –dport 22 -j DNAT –to-destination 10.0.0.2:22: redirect packets directed from one host to another.

Monitoring and debugging

1. top: show cpu processes.
2. ps -eafw: show cpu processes.
3. ps -e -o pid,args –forest: shows Linux processes in a hierarchal manner.
4. pstree: show system processes tree.
5. kill -9 ID_Process: force close and finish process..
6. kill -1 ID_Process: force a process to reload the configuration.
7. lsof -p $$: display a list of files opened by processes.
8. lsof /home/user1: lists open files on a given path by the system.
9. strace -c ls >/dev/null: show system calls made ​​and received by a process.
10. strace -f -e open ls >/dev/null: display library calls.
11. watch -n1 ‘cat /proc/interrupts’: show interruptions in real time.
12. last reboot: show reboot history.
13. lsmod: display the loaded kernel.
14. free -m: Displays the status of RAM in megabytes.
15. smartctl -A /dev/hda: monitor the reliability of a hard drive via SMART.
16. smartctl -i /dev/hda: check if SMART is enabled on a hard disk.
17. tail /var/log/dmesg: show events inherent in the charging process of the kernel.
18. tail /var/log/messages: show system events.

Other useful commands

1. apropos …keyword: display a list of commands that belong to the keywords of a program, are useful when you know what makes your program, but not know the command name.
2. man ping: display manual pages on-line, for example, in a ping command, use the ‘-k’ to find any related command.
3. whatis …keyword: Displays the description of what the program does.
4. mkbootdisk –device /dev/fd0 `uname -r`: create a floppy boteable.
5. gpg -c file1: encrypt a file with GNU security guard.
6. gpg file1.gpg: decode a file with GNU Security Guard.
7. wget -r http://www.example.com: download an entire website.
8. wget -c http://www.example.com/file.iso: download a file with the possibility to stop the download and resume later.
9. echo ‘wget -c http://www.example.com/files.iso‘ | at 09:00: Start a download at any time. In this case begin at 9 am.
10. ldd /usr/bin/ssh: display the shared libraries required by ssh.
11. alias hh=’history’: place an alias for a command-hh = history.
12. chsh: change the command Shell.
13. chsh –list-shells: is an appropriate command to find out if you have to remote into another terminal.
14. who -a: show who is registered, and print time of last import system, dead processes, system logging processes, active processes produced by init, current and past performance of the system clock changes.