вторник, 25 февраля 2014 г.

Настройка локали Linux

If you use bash as your shell, you can put these lines in your ~/.bashrc and ~/.profile files
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
export LANGUAGE=en_US.UTF-8
To make these changes active in the current shell, source the .bashrc:
source ~/.bashrc

понедельник, 24 февраля 2014 г.

How to add openvpn autostart in Linux

Create file:
nano /etc/init.d/myopenvpn


Insert inside:
# OpenVPN autostart on boot script

start on runlevel [2345]
stop on runlevel [!2345]

respawn

exec /usr/sbin/openvpn --status /var/run/openvpn.client.status 10 --cd /etc/openvpn --config /etc/openvpn/client.conf --syslog openvpn

воскресенье, 23 февраля 2014 г.

Openvpn setup

Firstly
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y
Now download LZO RPM and Configure RPMForge Repo. Use wget command:
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
Then build the rpm package using this command:
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm

rpm -Uvh lzo-*.rpm

rpm -Uvh rpmforge-release*

Installing OpenVPN
Only for VPS based-on OpenVZ virtualization (other skip this): please enable TUN/TAP options in your VPS control panel (e.g: SolusVM)




Install by yum “yum install openvpn”
If we got the problem with “No package openvpn available”

Download rpmforge for your system from http://pkgs.repoforge.org/rpmforge-release/

Install rpmforge by rpm command

rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm


After instlall rpmforge, now we can use yum to install openvpn

yum install openvpn

Now you need to change some files, copy directories, and generate the SSL keys for your server. Execute the following commands:
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/

nano /etc/openvpn/easy-rsa/2.0/vars
edit this line
export KEY_CONFIG='$EASY_RSA/whichopensslcnf $EASY_RSA'
replace it with
export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
once done hit Control+O to save then Control+X to exit. Create the certificate using these commands:
cd /etc/openvpn/easy-rsa/2.0

chmod 755 *

source ./vars

./vars

./clean-all

./build-ca

Common Name: your server hostname

./build-key-server server

./build-dh


nano -w /etc/openvpn/server.conf //put here your settings
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
#plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3
service openvpn start


chkconfig openvpn on

//add autostart

echo openvpn /etc/openvpn/server.conf >> /etc/rc.d/rc.local
You’ll also need to enable IP forwarding in the file /etc/sysctl.conf. Open it and edit “net.ipv4.ip_forward” line to 1:
nano /etc/sysctl.conf

//set net.ipv4.ip_forward = 1

sysctl -p
Create new Linux username which can also be used to login to the VPN:
useradd username -s /bin/false


passwd username

Now route some iptables.
Xen and KVM users use:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
special for OpenVZ use these two instead:
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 123.123.123.123

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 123.123.123.123
Do not forget to replace 123.123.123.123 with your server IP.
Save rules
service iptables save
Client .ovpn config file
client
dev tun
proto udp
remote-cert-tls server #server certificate verification by client(build-key-server)
remote 123.123.123.123 1194 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
reneg-sec 0
verb 3
sudo openvpn --config ~/path/to/client.ovpn

воскресенье, 9 февраля 2014 г.

Routers

    User: admin
    Pass: 1234
  

CPE WAN Management Protocol (CWMP)
CPE WAN Management Protocol remote configuration is by default often enabled. This means, that the device opens a backdoor.



sys password


model info
sys atsh

add user
sys multiuser on|username password

sys cwmp disp


Отключаем злосчастный сервисный протокол CWMP и очищаем его параметры для уверенности
ZTE> sys cwmp clearall
ZTE> sys cwmp switch 0
cwmp switch is 0.
ZTE> sys cwmp disp
************** Display messages about cwmp **************
CWMP Debug Level: 0
CWMP Switch: 0
ACS URL: http://:0
ACS Login User Name:
ACS Login Password:
Connection Request URL: http://0.0.0.0:80/
Connection Request User Name:
Connection Request Password:
CPE Inform Period Enable: 0
CPE Inform Period Interval: 0
CPE OUI:
CPE ProductClass:
CPE Description:
CPE SerialNumber: 002512CA9093
CPE Manufacture:
CPE ModelName:
ZTE>

sys save


Entering an incorrect command will result in a list of valid commands.

 tc> ls
   Valid commands are:
   sys             exit            ether           wan             
   ip              bridge          dot1q           pktqos          
   show            set             lan  
 
   Entering an incomplete command will result in a list of valid command options.

четверг, 6 февраля 2014 г.

nmap tricks

Скан дедиков
nmap -n -Pn -p T:3389 -T5 -iR 0
-n не разрешать dns
-Pn - disable ping (host discovery,Treat all hosts as online) before port scanning -p T:3389 - port + TCP protocol
-T5 - paranoid mode (only if you have wide network channel)
Имена шаблонов следующие: paranoid(паранойдный) (0), sneaky(хитрый) (1), polite(вежливый) (2), normal(обычный) (3), aggressive(агрессивный) (4) и insane(безумный) (5).
Первые два предназначены для обхода IDS. Вежливый (polite) режим снижает интенсивность сканирования с целью меньшего потребления пропускной способности и машинных ресурсов. Обычнй (normal) режим устанавливается по умолчанию, поэтому опция -T3 ничего не делает. Агрессивный (aggressive) режим повышает интенсивность сканирования, предполагая, что вы используете довольно быструю и надежную сеть. Наконец, безумный (insane) режим предполагает, что вы используете чрезвычайно быструю сеть и готовы пожертвовать точностью ради скорости.
-iR 0 - scan random ip
-iR <кол-во хостов> (Выбирает произвольные цели)
Аргумент 0 может быть передан для бесконечного сканирования

Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
  -sL: List Scan - simply list targets to scan
  -sn: Ping Scan - disable port scan
  -Pn: Treat all hosts as online -- skip host discovery
  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
  -PO[protocol list]: IP Protocol Ping
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
  --dns-servers <serv1[,serv2],...>: Specify custom DNS servers
  --system-dns: Use OS's DNS resolver
  --traceroute: Trace hop path to each host
SCAN TECHNIQUES:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  --scanflags <flags>: Customize TCP scan flags
  -sI <zombie host[:probeport]>: Idle scan
  -sY/sZ: SCTP INIT/COOKIE-ECHO scans
  -sO: IP protocol scan
  -b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
  -p <port ranges>: Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
  -F: Fast mode - Scan fewer ports than the default scan
  -r: Scan ports consecutively - don't randomize
  --top-ports <number>: Scan <number> most common ports
  --port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
  --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
  --version-light: Limit to most likely probes (intensity 2)
  --version-all: Try every single probe (intensity 9)
  --version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
  -sC: equivalent to --script=default
  --script=<Lua scripts>: <Lua scripts> is a comma separated list of 
           directories, script-files or script-categories
  --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
  --script-args-file=filename: provide NSE script args in a file
  --script-trace: Show all data sent and received
  --script-updatedb: Update the script database.
  --script-help=<Lua scripts>: Show help about scripts.
           <Lua scripts> is a comma separted list of script-files or
           script-categories.
OS DETECTION:
  -O: Enable OS detection
  --osscan-limit: Limit OS detection to promising targets
  --osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
  Options which take <time> are in seconds, or append 'ms' (milliseconds),
  's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
  -T<0-5>: Set timing template (higher is faster)
  --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
  --min-parallelism/max-parallelism <numprobes>: Probe parallelization
  --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
      probe round trip time.
  --max-retries <tries>: Caps number of port scan probe retransmissions.
  --host-timeout <time>: Give up on target after this long
  --scan-delay/--max-scan-delay <time>: Adjust delay between probes
  --min-rate <number>: Send packets no slower than <number> per second
  --max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
  -f; --mtu <val>: fragment packets (optionally w/given MTU)
  -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
  -S <IP_Address>: Spoof source address
  -e <iface>: Use specified interface
  -g/--source-port <portnum>: Use given port number
  --data-length <num>: Append random data to sent packets
  --ip-options <options>: Send packets with specified ip options
  --ttl <val>: Set IP time-to-live field
  --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
  --badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
     and Grepable format, respectively, to the given filename.
  -oA <basename>: Output in the three major formats at once
  -v: Increase verbosity level (use -vv or more for greater effect)
  -d: Increase debugging level (use -dd or more for greater effect)
  --reason: Display the reason a port is in a particular state
  --open: Only show open (or possibly open) ports
  --packet-trace: Show all packets sent and received
  --iflist: Print host interfaces and routes (for debugging)
  --log-errors: Log errors/warnings to the normal-format output file
  --append-output: Append to rather than clobber specified output files
  --resume <filename>: Resume an aborted scan
  --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
  --webxml: Reference stylesheet from Nmap.Org for more portable XML
  --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
  -6: Enable IPv6 scanning
  -A: Enable OS detection, version detection, script scanning, and traceroute
  --datadir <dirname>: Specify custom Nmap data file location
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sn 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (http://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES