--
Save live audio stream to file:
-% mplayer -ao pcm:file=$FILE
+% mplayer -ao pcm:file=$FILE $URL
+--
+Save live stream to file:
+
+% mplayer -dumpfile $FILE -dumpstream $STREAM
or
-% mencoder mms://file.wmv -o $FILE -ovc copy -oac copy
+% mencoder mms://$URL -o $FILE -ovc copy -oac copy
or
--
Read HTTP via netcat:
-echo "GET / HTTP/1.0\r\n\r\n" | netcat $DOMAIN 80
+echo -e "GET / HTTP/1.1\r\nHost: $DOMAIN\r\n\r\n" | netcat $DOMAIN 80
--
Get X ressources for specific program:
--
Transfer your SSH public key to another host:
-% ssh-keygen # if you don't have a key yet
+% ssh-keygen # ssh-keygen / ssh-key-gen: if you don't have a key yet
[...]
% ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system
or
Develop, test and use exploit code with the Metasploit Framework:
cd /tmp
-wget http://framework-mirrors.metasploit.com/msf/downloader/framework-3.0.tar.gz
-unp framework-3.0.tar.gz
-cd framework-3.0
+wget http://spool.metasploit.com/releases/framework-3.2.tar.gz
+unp framework-3.2.tar.gz
+cd framework-3.2
./msfcli
--
Useful documentation:
% iconv -f iso-8859-15 -t utf8 < isofile > utffile
--
-Assign static setup for network cards (eth0 and eth1) via udev:
+Assign static setup for network cards (NICs) via udev:
-First method - manual:
-~~~~~~~~~~~~~~~~~~~~~~
-Get information for SYSFS address:
-# udevinfo -a -p /sys/class/net/eth0/ | grep address
+Retrieve information for address (corresponding to MAC address):
-Then create udev rules:
-# cat /etc/udev/network.rules
-# match eth* stuff:
-KERNEL=="eth*", SYSFS{address}=="00:00:00:00:00:01", NAME="wlan0"
-KERNEL=="eth*", SYSFS{address}=="00:00:00:00:00:02", NAME="lan0"
-# do not match eth* drivers but also e.g. firewire stuff:
-ACTION=="add", SUBSYSTEM=="net", SYSFS{address}=="00:00:00:00:00:03", NAME="1394"
+ # udevadm info -a -p /sys/class/net/eth0/ | grep -i 'ATTR{address}'
-Now activate the rules:
-# cd /etc/udev/rules.d/ && ln -s ../network.rules z35_network.rules
+Execute /lib/udev/write_net_rules with according values (INTERFACE
+is old NIC name, INTERFACE_NAME is new NIC name and MATCHADDR
+is the MAC address retrieved with udevadm info command):
-Unload the drivers, restart udev and load the drivers again to activate
-the settings.
+ # INTERFACE=eth0 INTERFACE_NAME=lan0 MATCHADDR=00:00:00:00:00:01 /lib/udev/write_net_rules
-Second method - automatic:
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-Run /lib/udev/write_net_rules shipped with recent udev versions:
+This will generate file /etc/udev/rules.d/70-persistent-net.rules with content:
-# INTERFACE=wlan1 /lib/udev/write_net_rules 00:00:00:00:00:04
+SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:01", KERNEL=="eth*", NAME="lan0"
-This command will create /etc/udev/rules.d/z25_persistent-net.rules containing:
+Finally take down the interface (ifdown/ifconfig) and execute:
-SUBSYSTEM=="net", DRIVER=="?*", SYSFS{address}=="00:00:00:00:00:04", NAME=wlan1
+ # udevadm trigger --action=add --subsystem-match=net
-See /usr/share/doc/udev/writing_udev_rules/index.html for more information.
+so the interface will be renamed. (Rebooting or
+unloading drivers/restart udev/loading drivers again
+works as well of course.)
--
Change the suffix from *.sh to *.pl using zsh:
--
Write a Microsoft compatible boot record (MBR) using ms-sys
-Write a Windows 2000/XP/2003 MBR to device:
+Write a Windows 2000/XP/2003 MBR to a device:
# ms-sys -m /dev/ice
+
+Notice: grab ms-sys from http://ms-sys.sourceforge.net/ - demo:
+
+ wget http://surfnet.dl.sourceforge.net/sourceforge/ms-sys/ms-sys-2.1.3.tgz
+ unp ms-sys-2.1.3.tgz
+ cd ms-sys-2.1.3
+ make
+ ./bin/ms-sys ...
--
Use a Vodafone 3G Datacard (UMTS) with Linux:
Plug in your vodafone card and check in syslog whether the appropriate
(probably /dev/ttyUSB0 or /dev/noz0) has been created. If so run:
-# gcom -d $DEVICE
+# comgt -d $DEVICE
# wvdial --config /etc/wvdial.conf.umts $PROFILE
Usage examples:
-# gcom -d /dev/ttyUSB0
+# comgt -d /dev/ttyUSB0
# wvdial --config /etc/wvdial.conf.umts a1usb
-# gcom -d /dev/noz0
+# comgt -d /dev/noz0
# wvdial --config /etc/wvdial.conf.umts tmnozomi
-# gcom -d /dev/noz0
+# comgt -d /dev/noz0
# wvdial --config /etc/wvdial.conf.umts dreiusb
+# comgt -d /dev/ttyACM0
+# wvdial --config /etc/wvdial.conf.umts yesss
+
If you receive invalid DNS nameservers when connecting, like:
[...]
Bus 004 Device 008: ID 1199:6813 Sierra Wireless, Inc.
# modprobe usbserial vendor=0x1199 product=0x6813
+
+To get a list of available providers execute:
+
+# comgt -s -d /dev/ttyUSB0 /etc/comgt/operator
--
hdparm - get/set hard disk parameters
Check filesystem's LABEL:
generic way:
-# vol_id -l /dev/sda1
+# blkid /dev/sda1
-ext2/3 without vol_id:
+ext2/3 without blkid:
# dumpe2fs /dev/sda1 | grep "Filesystem volume name"
-xfs without vol_id:
+xfs without blkid:
# xfs_admin -l /dev/sda1
-reiserfs without vol_id:
+reiserfs without blkid:
# debugreiserfs /dev/sda1 | grep -i label
-jfs without vol_id:
+jfs without blkid:
# jfs_tune -l /dev/sda1 | grep -i label
-reiser4 without vol_id:
+reiser4 without blkid:
# debugfs.reiser4 /dev/sda1 | grep -i label
--
Check filesystem's UUID:
generic way:
-# vol_id -u /dev/sda1
+# blkid /dev/sda1
-ext2/3 without vol_id:
+ext2/3 without blkid:
# dumpe2fs /dev/sda1 | grep -i UUID
-xfs without vol_id:
+xfs without blkid:
# xfs_admin -u /dev/sda1
-reiserfs without vol_id:
+reiserfs without blkid:
# debugreiserfs /dev/sda1 | grep -i UUID
-reiser4 without vol_id:
+reiser4 without blkid:
# debugfs.reiser4 /dev/sda1 | grep -i UUID
--
Change a filesystem's LABEL:
Set up a CGI server on your webserver:
% cp hgwebdir.cgi ~/public_html/hg/index.cgi
% $EDITOR ~/public_html/hg/index.cgi # adjust the defaults
-
-Mercurial repositories of grml can be found at http://hg.grml.org/
--
Download binary codecs for mplayer:
--
Test UTF-8 capabilities of terminal:
-wget http://melkor.dnp.fmph.uniba.sk/~garabik/debian-utf8/download/UTF-8-demo.txt.gz
+wget http://www.linux-cjk.net/Console/garabik/UTF-8-demo.txt.gz
zcat UTF-8-demo.txt.gz
or:
--
Debugging SSL communications:
-% openssl s_client -connect server.adress:993
+% openssl s_client -connect server.adress:993 > output_file
+% openssl x509 -noout -text -in output_file
or
# shadowconfig on
--
-Set up an IPv6 tunneln on grml:
+Set up an IPv6 tunnel on grml:
# ipv6-tunnel start
--
--
Create netboot package for grml-terminalserver:
-# sh /usr/share/doc/grml-terminalserver/examples/create-netboot
+# bash /usr/share/doc/grml-terminalserver/examples/create-netboot
+--
+To boot grml via network (PXE) check out grml-terminalserver:
+
+# grml-terminalserver
+
+See http://grml.org/terminalserver/ for more details.
--
Rotate pictures:
if it was shot at 10:38 o'clock on 2007-08-17 (according to
the information inside the exif header).
--
+Calculate network / netmask:
+
+Usage examples:
+% ipcalc 10.0.0.28 255.255.255.0
+% ipcalc 10.0.0.0/24
+--
+Blacklist a kernel module:
+
+# blacklist <name_of_kernel_module>
+
+-> running 'blacklist hostap_cs' for example will generate an
+entry like this in /etc/modprobe.d/grml:
+
+blacklist hostap_cs
+alias hostap_cs off
+
+To remove the module from the blacklist again just invoke:
+
+# unblacklist <name_of_kernel_module>
+
+or manually remove the entry from /etc/modprobe.d/grml.
+--
+Create a Debian package of a perl module:
+
+% dh-make-perl --cpan Acme::Smirch --build
+--
+The Magic SysRq Keys (SysReq or Sys Req, short for System Request):
+
+To reboot your system using the SysRq keys just hold down the Alt and
+SysRq (Print Screen) key while pressing the keys REISUB ("Raising
+Elephants Is So Utterly Boring").
+
+R = take the keyboard out of raw mode
+E = terminates all processes (except init)
+I = kills all processes (except init)
+S = synchronizes the disk(s)
+U = remounts all filesystems read-only
+B = reboot the system
+
+Notice: use O instead of B for poweroff.
+
+Or write the sequence to /proc/sysrq-trigger instead:
+
+# for i in r e i s u b ; do echo $i > /proc/sysrq-trigger ; done
+
+To enable or disable SysRq calls:
+
+# echo 0 > /proc/sys/kernel/sysrq
+# echo 1 > /proc/sys/kernel/sysrq
+
+See http://en.wikipedia.org/wiki/Magic_SysRq_key for more details.
+--
+Memtest / memcheck:
+
+Just boot your grml Live-CD with "memtest" to execute a memcheck/memtest
+with Memtest86+.
+--
+Tunnel TCP-Traffic through DNS using dns2tcp:
+
+Server-side:
+~~~~~~~~~~~~
+1. Create necessary DNS-Records:
+dnstun.example.com. 3600 IN NS host.example.com.
+dnstun.example.com. 3600 IN A 192.168.1.1
+host.example.com. 3600 IN A 192.168.1.1
+
+2. Configure dns2tcpd on host.example.com.:
+# cat /etc/dns2tcpd.conf
+listen = 192.168.1.1 #the ip dns2tcpd should listen on
+port = 53 #" port " " " "
+user = nobody
+chroot = /tmp
+domain = dnstun.example.com. # the zone as specified inside dns
+ressources = ssh:127.0.0.1:22 # available resources
+
+3. Start the daemon:
+# cat > /etc/default/dns2tcp << EOF
+# Set ENABLED to 1 if you want the init script to start dns2tcpd.
+ENABLED=1
+USER=nobody
+EOF
+# /etc/init.d/dns2tcp start
+
+Client-side:
+~~~~~~~~~~~~
+You have two possibilities:
+- Use the DNS inside your network (DNS must allow resolving for external domains)
+# grep nameserver /etc/resolv.conf
+nameserver 172.16.42.1
+# dns2tcpc -z dnstun.example.com 172.16.42.1
+Available connection(s) :
+ ssh
+# dns2tcpc -r ssh -l 2222 -z dnstun.example.com 172.16.42.1 &
+Listening on port : 2222
+# ssh localhost -p 2222
+user@host.example.com:~#
+
+- Directly contact the endpoint (port 53 UDP must be allowed outgoing)
+# dns2tcpc -z dnstun.example.com dnstun.example.com
+Available connection(s) :
+ ssh
+# dns2tcpc -r ssh -l 2222 -z dnstun.example.com dnstun.example.com &
+Listenning on port : 2222
+# ssh localhost -p 2222
+user@host.example.com:~#
+
+Notice: using 'ssh -D 8080 ..' you will get a socks5-proxy listening on
+localhost:8080 which you can use to tunnel everything through your "dns-uplink".
+--
+Configure a MadWifi device for adhoc mode:
+
+Disable the autocreation of athX devices:
+# echo "options ath_pci autocreate=none" > /etc/modprobe.d/madwifi
+
+Remove the autocreated device for now:
+# wlanconfig ath0 destroy
+
+Configuration in /etc/network/interfaces:
+
+iface ath0 inet static
+ madwifi-base wifi0
+ madwifi-mode adhoc
+ ...
+
+Hints:
+ - Do not use interface names without ending 0 (otherwise startup fails).
+ - Only chooss unique names for interfaces.
+--
+Find dangling symlinks using zsh:
+
+% ls **/*(-@)
+--
+Use approx with runit supervision
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Install the packages:
+# apt-get install approx runit
+
+Add user approxlog for the logging daemon:
+# adduser --system --home /nonexistent --no-create-home approxlog
+
+Create config directory:
+# mkdir /etc/sv/approx
+
+Use /var/run/sv.approx as supervise directory:
+# ln -s /var/run/sv.approx /etc/sv/approx/supervise
+
+# cat > /etc/sv/approx/run << EOF
+#!/bin/sh
+echo 'approx starting'
+exec approx -f 2>&1
+EOF
+
+You normally do not need a logging service for approx because it logs
+to syslog too. So just for completion:
+# mkdir -p /etc/sv/approx/log
+# ln -s /var/run/sv.approx.log /etc/sv/approx/log/supervise
+# cat > /etc/sv/approx/log/run << EOF
+#!/bin/sh
+set -e
+LOG="/var/log/approx"
+test -d "$LOG" || mkdir -p -m2750 "$LOG" && chown approxlog:adm "$LOG"
+exec chpst -uapproxlog svlogd -tt -v "$LOG"
+EOF
+
+Now activate the new approx service (will be started within 5s):
+# ln -s /etc/sv/approx/ /var/service/
+
+Make approx managed via runit available via init-script interface:
+# dpkg-divert --local --rename /etc/init.d/approx
+# ln -s /usr/bin/sv /etc/init.d/approx
+--
+Remote-reboot a grml system using SysRQ via /proc (execute as root):
+
+eject &>/dev/null
+umount -l /cdrom
+eject /dev/cdrom
+echo b > /proc/sysrq-trigger
+--
+Show what happens on /dev/sda0:
+
+# mount the debugfs to relay kernel info to userspace
+mount -t debugfs none /sys/kernel/debug
+
+# is a convenient wrapper arround blktrace and blkparse
+btrace /dev/sda0
+--
+Convert Flash to Avi:
+
+% ffmpeg -i input.flv output.avi
+
+Extract MP3 from Flash file:
+
+% for i in *.flv; do ffmpeg -i $i -acodec copy ${i%.flv}.mp3 ; done
+--
+Usage example for cryptsetup / -luks encrypted partition on LVM:
+
+volume group name: x61
+logical volume name: home
+
+echo "grml-crypt_home /dev/mapper/x61-home none luks" >> /etc/crypttab
+Start cryptdisks
+mount /dev/mapper/grml-crypt_home /mnt/test
+--
+fdisk/parted/... complains with something like
+'unable to open /dev/sda - unrecognised disk label'?!
+
+See http://grml.org/faq/#fdisk =>
+
+* use /sbin/fdisk.distrib from util-linux
+* switch to sfdisk, cfdisk,...
+* use parted's mklabel command (but please read the
+ parted manual before executing this command)
+--
+dmraid - support for SW-RAID / FakeRAID controllers
+like Highpoint HPT and Promise FastTrack
+
+Activate all software RAID sets discovered:
+# dmraid -ay
+
+Deactivates all active software RAID sets:
+# dmraid -an
+
+Discover all software RAID devices supported on the system:
+# dmraid -r
+--
+Extract winmail.dat:
+
+List content:
+% ytnef winmail.dat
+
+Extract files to current directory:
+% ytnef -f . winmail.dat
+--
+Approx - Debian package proxy/cacher howto
+
+% apt-get install approx
+% echo 'debian http://ftp.de.debian.org/debian' >>/etc/approx/approx.conf
+% Restart approx
+
+Add your new approx to sources.list
+
+eg.
+deb http://localhost:9999/debian unstable main contrib non-free
+
+use approx in grml-debootstrap like:
+% grml-debootstrap -r lenny -t /dev/sda1 -m http://127.0.0.1:9999/debian
+--
+Simple webserver with python:
+
+% python -m SimpleHTTPServer
+--
+Upgrade only packages from the grml-stable Debian repository:
+
+echo 'deb http://deb.grml.org/ grml-stable main' > /etc/apt/grml-stable.list
+apt-get -o Dir::Etc::sourcelist=/etc/apt/grml-stable.list -o Dir::Etc::sourceparts=/doesnotexist update
+apt-get upgrade
+--
+Install Centos into a directory:
+
+% febootstrap centos-5 directory http://mirror.centos.org/centos-5/5.3/os/i386/
+--
+Install Fedora into a directory:
+
+% febootstrap fedora-11 target_directory
+--
+Use Nessus / OpenVAS (remote network security auditor):
+
+Install software packages:
+# apt-get update
+# apt-get install openvas-client openvas-server openvas-plugins-base openvas-plugins-dfsg
+
+Add a user:
+# openvas-adduser
+
+Start openvas server (takes a while):
+# Start openvas-server
+
+Invoke client as user:
+% OpenVAS-Client
+--
+Find packages not available from any active apt repository:
+
+% apt-show-versions | awk '/No available version in archive/{print $1}'
+--
+Simple mailserver with python:
+
+% python -m smtpd -n -c DebuggingServer localhost:1025
+--
+finger via netcat:
+
+echo $USER | nc $HOST 79
+--
+Install Archlinux using Grml:
+
+https://wiki.archlinux.org/index.php/Install_from_Existing_Linux
+or
+wget http://tokland.googlecode.com/svn/trunk/archlinux/arch-bootstrap.sh
+--
projects / grml-tips.git / blobdiff