Fix NTLDR or any MBR problems with Linux!
If you have run into a problem with booting its usually caused by the MBR (Master Boot Record) being corrupted it is the first 446 bytes of a hard disk, it usually stores boot information and or a boot loader. to wipe the MBR without destroying the partition table or any of your files boot into Linux using a live cd.
Open a a terminal as root and enter the following command.
dd if=/dev/zero of=/dev/sda count=1 bs=446
sda is usually the first master disk, this can change but its usually sda.
Posted by: Webstas
Behold the Magical Jellybean of Wireless Keys
If for whatever reason you need to grab the wireless key from your machine, check out WirelessKeyView found here:
http://www.nirsoft.net/utils/wireless_key.html
This is a cool little tool that will acquire your keys and even write them to a text file for you. Enjoy.
Posted by: Heavymeddler
Share a folder over VirtualBox with a Windows Host and Ubuntu VM
I ran into some issues while attempting to share a folder from Windows to Ubuntu over VirtualBox. Here are the steps I followed to get this to work:
- Create a folder in Windows to share (or use one that already exists... your choice)
- Start the Ubuntu virtual machine
- On the virtual machine windows, click on Devices>Shared Folder...
- Click on the "Add Shared Folders (Ins)" button
- Browse to the Windows folder you are planning to shared, name it, and click OK to save
- Click OK to close the Shared Folders window
- Open the terminal on the Ubuntu VM
- Create a directory to mount the share to:
sudo mkdir /mnt/win_share
sudo mount.vboxsf Share /mnt/win_share
Add a file to directory and check to see if it shows on both machines. If you'd like to add a link to the share on your desktop, run the the following command in the terminal:
ln -s /mnt/win_share/ /home/<user>/Desktop/Share
There should now be a link on your Ubuntu Desktop.
Posted by: Heavymeddler
Using Xming to export windows
Sometimes it's useful to use a GUI on linux for a specific task. I came across this because of some things Oracle does, but you can use it for other things, too.
1. Download xming from sourceforge
2. Open putty
3. Go to the SSH section>X11>Enable X11 forwarding
4. Open a connection
5. Run a command for something that only runs in a gui, like gedit.
6. The gedit window will appear on your desktop.
Posted by: Alamonot
Send Data Over a Network Using netcat
Often you cannot direct copy files between machines. One way to pass data is using netcat. There are versions of netcat for both Windows and Linux. Here are the steps to setup a connection to transfer data over a network using netcat.
Setup netcat to listen (the machine receiving the data)
- Command: nc -v -l -p 10000 > command.txt
- Notes: -p is the port that you are opening up to receive the data. You can name the text file anything you want (usually wise to name it something descriptive).
Run a command on the sending machine
- Command: command | nc receiving_machine_ip_address 10000
- When the transfer is complete, kill the command using Ctrl-c
Posted by: Heavymeddler
Analyzing Volatile Data
What to check for when analyzing volatile data through a netcat connection:
- The System Date and Time
- Current Network Connects
- Open TCP or UDP Ports
- Which Executables Are Opening TCP or UDP Ports
- Cached NetBIOS Name Table
- Users Currently Logged On
- The Internal Routing Table
- Running Processes
- Running Services
- Scheduled Jobs
- Open Files
- Process Memory Dumps
The System Date and Time
Check this to keep the machine time in sync with logs and trusted NTP server.
Windows Commands:
- date
- time
Linux/Unix Command:
- date
Current Network Configuration
Check this to see if an attacker is currently connected or running a brute force attack against the internet. Note that port assignments can be checked at www.portsdb.org.
Windows/Linux/Unix Command:
- netstat -an (Note that the -an flag specifies to check all network connections)
Open TCP or UDP Ports
Check for rogue ports that were not opened by the system. A suspiciously open port can be the sign of a back door created by an attacker. Note that port assignments can be checked at www.portsdb.org.
Windows Command:
- netstat -an
Linux/Unix Command;
- netstat -anp (the p shows the process number that opened the port)
Executables Opening TCP or UDP Ports
Using a tool called FPort distributed from www.foundstone.com, scan which executables are using ports. Compare the list to the list of questionable ports you gathered while running netcat. Research which process are system processes and which are suspicious.
Windows Command:
- FPort
Linux/Unix Command:
- lsof (adding -n command lengthens the output)
Cached NetBIOS Name Tables (Windows only)
Checking the NetBIOS Name Table cache will show the NetBIOS name or IP address of recently connected machines.
Windows Command:
- nbtstat -c (the -c switch instructs nbtstat to dump the cache)
Users Currently Logged On (Windows only)
Using the PSLoggedOn tool in the PSTools suite distributed at www.sysinternals.com you can see who is currently logged into your system. This would catch anybody that is connected remotely.
Windows Command:
- psloggedon
The Internal Routing Table
Checking the Routing Table will identify instances where an attacker is routing his connection to avoid a firewall or gain access from a machine with greater access.
Windows/Linux/Unix Command:
- netstat -rn
Running Processes
Using the pslist tool to check which processes are running will show which processes have been run by an attacker. The elapsed time will help indicate which processes were launched by the system and which were launched by an attacker.
Windows Command:
- pslist
Linux/Unix Command:
- ps -aux
Running Services (Windows only)
Using the PSService tool you can examine the services running on the target machine. Finding a rogue service can be valuable since attackers can run executables from them.
Windows Command:
- psservice
Scheduled Jobs
Attackers can schedule jobs to do things while they are not even there.
Windows Command:
- at
Linux/Unix Command:
- cron
Open Files
The PSfile tool will check for any files opened remotely on the machine. This will help determine more information about the attack.
Windows Command:
- psfile
Linux/Unix Command:
- lsof
Process Memory Dumps (Windows only)
Running process memory dumps and using tools to inspect the data will help gain additional information about the attacker and their intent. This is extensive and requires a large knowledge base to know what to look for.
Windows Command/Tool:
- userdump.exe (provided by Microsoft)
Full System Memory Dumps (Windows only)
Using the dd tool you can dump the entire memory of the target computer. It is wise to map a drive to a remote machine so that you do not overwrite valuable data.
Windows Command/Tools:
- dd
Loaded Kernel Modules (Linux/Unix only)
This command unloads the kernel modules so that you can inspect for items that are not system related.
Linux/Unix Command:
- lsmod
Mounted File Systems (Linux/Unix only)
These commands check for mounted file systems that are unexpected.
Linux/Unix Command:
- mount
- df
Posted by: Heavymeddler
The vim Cheat Sheet
This was written by Nana Långstedt and posted at http://www.tuxfiles.org/linuxhelp/vimcheat.html. I copied it over here because it is easier for me to find it here.
| Working with files | |
| Vim command | Action |
| :e filename | Open a new file. You can use the Tab key for automatic file name completion, just like at the shell command prompt. |
| :w filename | Save changes to a file. If you don't specify a file name, Vim saves as the file name you were editing. For saving the file under a different name, specify the file name. |
| :q | Quit Vim. If you have unsaved changes, Vim refuses to exit. |
| :q! | Exit Vim without saving changes. |
| :wq | Write the file and exit. |
 |
Almost the same as :wq, write the file and exit if you've made changes to the file. If you haven't made any changes to the file, Vim exits without writing the file. |
| Moving around in the file | |
| These Vim commands and keys work both in command mode and visual mode. | |
| Vim command | Action |
| j or Up Arrow | Move the cursor up one line. |
| k or Down Arrow | Down one line. |
| h or Left Arrow | Left one character. |
| l or Right Arrow | Right one character. |
| e | To the end of a word. |
| E | To the end of a whitespace-delimited word. |
| b | To the beginning of a word. |
| B | To the beginning of a whitespace-delimited word. |
| 0 | To the beginning of a line. |
| ^ | To the first non-whitespace character of a line. |
| $ | To the end of a line. |
| H | To the first line of the screen. |
| M | To the middle line of the screen. |
| L | To the the last line of the screen. |
| :n | Jump to line number n. For example, to jump to line 42, you'd type :42 |
| Inserting and overwriting text | |
| Vim command | Action |
| i | Insert before cursor. |
| I | Insert to the start of the current line. |
| a | Append after cursor. |
| A | Append to the end of the current line. |
| o | Open a new line below and insert. |
| O | Open a new line above and insert. |
| C | Change the rest of the current line. |
| r | Overwrite one character. After overwriting the single character, go back to command mode. |
| R | Enter insert mode but replace characters rather than inserting. |
| The ESC key | Exit insert/overwrite mode and go back to command mode. |
| Deleting text | |
| Vim command | Action |
| x | Delete characters under the cursor. |
| X | Delete characters before the cursor. |
| dd or :d | Delete the current line. |
| Entering visual mode | |
| Vim command | Action |
| v | Start highlighting characters. Use the normal movement keys and commands to select text for highlighting. |
| V | Start highlighting lines. |
| The ESC key | Exit visual mode and return to command mode. |
| Editing blocks of text | |
| Note: the Vim commands marked with (V) work in visual mode, when you've selected some text. The other commands work in the command mode, when you haven't selected any text. | |
| Vim command | Action |
| ~ | Change the case of characters. This works both in visual and command mode. In visual mode, change the case of highlighted characters. In command mode, change the case of the character uder cursor. |
| > (V) | Shift right (indent). |
| < (V) | Shift left (de-indent). |
| c (V) | Change the highlighted text. |
| y (V) | Yank the highlighted text. In Windows terms, "copy the selected text to clipboard." |
| d (V) | Delete the highlighted text. In Windows terms, "cut the selected text to clipboard." |
| yy or :y or Y | Yank the current line. You don't need to highlight it first. |
| dd or :d | Delete the current line. Again, you don't need to highlight it first. |
| p | Put the text you yanked or deleted. In Windows terms, "paste the contents of the clipboard". Put characters after the cursor. Put lines below the current line. |
| P | Put characters before the cursor. Put lines above the current line. |
| Undo and redo | |
| Vim command | Action |
| u | Undo the last action. |
| U | Undo all the latest changes that were made to the current line. |
| Ctrl + r | Redo. |
| Search | |
| Vim command | Action |
| /pattern | Search the file for pattern. |
| n | Scan for next search match in the same direction. |
| N | Scan for next search match but opposite direction. |
| Replace | |
| Vim command | Action |
| :rs/foo/bar/a | Substitute foo with bar. r determines the range and a determines the arguments. |
| The range (r) can be | |
| nothing | Work on current line only. |
| number | Work on the line whose number you give. |
| % | The whole file. |
| Arguments (a) can be | |
| g | Replace all occurrences in the line. Without this, Vim replaces only the first occurrences in each line. |
| i | Ignore case for the search pattern. |
| I | Don't ignore case. |
| c | Confirm each substitution. You can type y to substitute this match, n to skip this match, a to substitute this and all the remaining matches ("Yes to all"), and q to quit substitution. |
| Examples | |
| :452s/foo/bar/ | Replace the first occurrence of the word foo with bar on line number 452. |
| :s/foo/bar/g | Replace every occurrence of the word foo with bar on current line. |
| :%s/foo/bar/g | Replace every occurrence of the word foo with bar in the whole file. |
| :%s/foo/bar/gi | The same as above, but ignore the case of the pattern you want to substitute. This replaces foo, FOO, Foo, and so on. |
| :%s/foo/bar/gc | Confirm every substitution. |
| :%s/foo/bar/c | For each line on the file, replace the first occurrence of foo with bar and confirm every substitution. |
Posted by: Heavymeddler
Connecting to an SSH server, really really fast
This post assumes you have the following: an ssh server, putty, and autohotkey-a desktop scripting tool.
- Open Putty, and create a session with any and all settings you would want in putty. Add tunnels, compression, etc, whatever you usually do when you start a putty session
- Save your session for future use. You'll use the name of this session later.
- Write a simple batch script that will load putty, and send a user name and pw. Mine looks like this: "\putty.exe -load sessionname -l username -pw password
- Save your batch file.
- This s where we start using autohotkey. You'll want to download this, and open it to create a new autohotkey script. Here's how my script looks:
;
; AutoHotkey Version: 1.x
; Language: English
; Platform: Win9x/NT
; Author: A.N.Other <myemail@nowhere.com>
;
; Script Function:
; Template script (you can customize this template by editing
"ShellNew\Template.ahk" in your Windows folder)
;
#NoEnv ; Recommended for performance and compatibility with future AutoHotkey
releases.
SendMode Input ; Recommended for new scripts due to its superior speed and
reliability.
SetWorkingDir %A_ScriptDir% ; Ensures a consistent starting directory.
#p::
Run "location of your putty batch file"
WinWaitActive, ahk_class PuTTY,,3
WinMinimize
WinWaitActive, ahk_class ConsoleWindowClass,,3
WinMinimize
return
#c::
If WinExist("ahk_class PuTTY")
{
WinClose
}
If WinExist("ahk_class #32770")
{
WinActivate
Send {Enter}
}
return
Save that script and run it. When ever you press windowkey+p it will start putty. When ever you press windowkey+c it will close putty!
Posted by: Alamonot
Install windows from usb flash
Recently came across this little gem, it makes installing windows pretty much any version alot faster and easier. It allows you to create a bootable flasd drive from a windows cd or other source, it also let you setup parameters so it doesnt need user input ie. cd key, user names, language, timezones.
WinToFlash - Install Windows from usb - Download page.
Posted by: Webstas
Getting my Bluetooth mouse to work with Ubuntu
Bluetooth Mouse From Hell
I have a Microsoft 5000 Bluetooth Mouse. Unfortunately it has been a total headache to get it to work with Ubuntu and stay working. Below are the steps I have taken to remedy the issue:
- Turn on your mouse and make it discoverable
- Open a terminal and enter the command:
hcitool scan - It should return a list of bluetooth devices in range (mine returned something like:
00:1D:D8:92:FE:45 Microsoft Bluetooth Notebook Mouse 5000) - Enter:
sudo gedit /etc/bluetooth/hcid.conf - Add the following entry to the file (remember the name is the same returned in the previous step):
device HardwareAddressHere {
name “Microsoft Bluetooth Notebook Mouse 5000”;
} - Run the command:
sudo /etc/init.d/bluetooth restart - Verify that you get a message indicating that stopping and starting bluetooth is OK
- Run the command:
sudo apt-get install bluez-compat - With your mouse still in discovery mode, run the command:
sudo hidd --search - Your mouse should now be paired and working. (this includes after reboot, it should automatically pair)
Posted by: Heavymeddler