Monday, January 30, 2006

PortForwarding on Linux .. the easy way - (not through SSH)

this info might not be tempting for home user with only one PC ... but it worth it for ppl who owns a few linux boxes in a large network ... there are many uses of portforwarding ... but i'll leave that to y'all to explore it ... in this thread, i'll explain 2 ways of doing portforwarding on linux ... i'll not cover portforwarding using iptables coz its quite hard to understand .. hehehe .. (i dun understand it oso) ...

OPTION 1: The easy and secure way : Using SSH portforwarding
this method is very easy ... however .. u'll need an SSH server running sumwhere in the network to create the tunnel ...

let assume the SSH server is called : mysshd.server
your pc is called : localhost
and the target PC is called : remote.system

if you want a port in localhost to forward its request to a port to remote.system use this command


$ ssh user@mysshd.server -L [localport]:remote.system:[remoteport]
** dont include the [ ]

this will open a port @ localhost:localport that redirects to remote.system:remoteport ...

if you want a port in mysshd.server to forward it requests to remote.system or another pc on the network ..


$ ssh user@mysshd.server -R [porttoopen]:remote.system:[targetport]
** dont include the [ ]

this will open a port @ mysshd.serverorttoopen that redirects to remote.system:targetport ...

NOTE: the requests are tunnelled through SSH protocol .. so .. its quite slower bcoz SSH encrypts all transactions .. but it is very secure this way ...

Minus point : this can only work to forward TCP connections ... it wont work for UDP

OPTION 2: Using Portfwd

theres a userspace program to do portforwarding on linux ... it is called portfwd .. u can get it from http://sourceforge.net/projects/portfwd/

extract it, compile, and install it ... by default the executable will be installed at /usr/local/sbin/portfwd ..

to forward a TCP connection ... create a plaintext file .. lets call it portfwd.cfg ... and insert these lines


tcp { [localport] { => remote.system:[remoteport] } }
** dont include the [ ]

then execute


# /usr/local/sbin/portfwd -c portfwd.cfg

this will open a TCP port @ localhost:localport to remote.system:remoteport

UDP forwarding is similar ... juz change tcp to udp in the config file ..

for more options .. read the manpages and the documentations

well ... think thats all .... enjoy!! ..

Network FileSystem using SSHfs

isnt it neat having one PC with its mounts are scattered among multiple PCs's harddisks in the network?? ... lots of stuff can be done using it coz all of the files work virtually as if it is in the same pc ...(i leave this for y'all to think what u can do with it coz i'm not good in giving ideas :P ) ....

traditional method of mounting a network filesystem is by using the famous NFS exports .... however ... configuring NFS to work might be quite hard for newbies ... and it became harder if you want to ensure the security of ur system ....

a few weeks ago .. i discovered that there is a program that can make the SFTP capability of SSH to be mounted as a local filesystem .... it gives the flexibility if NFS ... ease of use -- as easy as logging into SSH ... and the transactions are encrypted ... neato ..... the program is developed under FUSE ... so .. u'll need to have a FUSE capable kernel for it .... AFAIK ... kernel 2.6.14 above have FUSE included in it .... FC4 users juz need to update the kernel to the latest ... its compiled together in the RPM of the latest kernels ....

then u'll need to get the FUSE-SSHfs package from http://fuse.sourceforge.net/sshfs.html ... compile and install it ... good news to FC4 users ... FUSE-SSHfs RPM package is available in Fedora Extras ... hehe...

after a successfull installation .... u'll need to be root in order to mount the filesystem ...

mounting :


# sshfs user@mysshserver.net:/path/to/target /mountpoint/path
// then enter ur login passwd

umounting:


# fusermount -u /mountpoint/path

by default ... only root can read/write to the mounted path ... if u need to have other users to use it ... use this command

# sshfs -o default_permissions,allow_other user@mysshserver.net:/path/to/target /mountpoint/path
// then enter ur login passwd

now u got a folder on another pc on the network mounted on /mountpoint/path of ur local filesystem .... enjoy!!

Console Based Linux Boxes Made Easy using Webmin

Console based linux ... something that sounds quite techy to ppl .... and many ppl beleive only a total g33k can control such system ...

the advantages of using console based linux are:

  • requires low memory
  • a stupid GUI-centric windoze user wont mess around your system if he got physical access to it
  • much stable i think ... coz X11 application (the GUI apps) sumtime causes problem ..
  • and the best of all ... its a penguin on steroid ... fast even on old PCs ..

NEWFLASH: Console based linux are no longer a problem ... i've tumbled into a program called webmin ( http://www.webmin.com/ ) ... its a web-based GUI for linux ... it runs on HTTP protocol and by default on port 10000 ...

installing it on a RPM based system is a breeze ... juz download the RPM package, install it and ure up and running ..

webmin have quite a large modules set for configuring various configs of linux softwares ... from setting up server softwares such as Apache, MySQL, SSH server, DHCP, Bind DNS Server, to setting up system setting eg. User, Groups, Partition, Quotas, and Network configurations of a system ...

sounds interesting?? ... goto http://www.webmin.com/ to get it ....

Sunday, January 29, 2006

Life as a Linux/Unix admin in a Windows world - PT1 The experience

nice article about a life os a Linux/UNIX Admin .... i got the link from digg.com ..

I like this extract from the article ... it reminds me on how stupid the IT Management Services of my university, Petronas Technology University.
The Dumb-asses
OK, so a good Linux/Unix Admin will be jack of all trades when it comes to the computer world. Most will have some basic knowledge of just about everything. I want to explain a situation I ran into a few years back that made my jaw drop and got me so freaking frustrated.

We lost power, and I came in along with our Windows Admin at the time to check in on a 2 servers that didn't come up automatically. One Windows and one FreeBSD.

Windows Admin goes to his and to his surprise the Windows machine is going in reboot loop. BIOS, OS start, reboot, BIOS, OS start reboot etc, basically a file system error occurred that was fixed by booting into safe mode and running scan disk I believe.

So we go to my machine and its hung at the BIOS level. I turn it off and turn it back on, same thing. Right after the memory count, and before the SCSI initialization it hard locks. Hrmm, that's weird. I show Windows Admin who laughs at me. This is how the conversation went:

Win Admin: Damn unstable Linux, if that thing was running Windows you would of been able to easily fix it.
Me: Huh (keep in mind, this guy has A+ certification so he should know how a computer works)
Win Admin: System won't even start to boot, Linux really bit the dust that time ha ha.
Me: Hey smart guy, you are aware that it hasn't even tried to touch the Master Boot Sector?
Win Admin: Like I know that Linux crap, you don't have to worry about that crap in Windows.
Me: OMG (I start laughing).
Win Admin: Whats so funny?
Me: Let me get this straight, your A+ certified correct?

I then go on to explain that the issue is not a OS, but at the hardware level. And I also taught him what the master boot record was.

http://linuxgangster.org/modules.php?name=Content&file=viewarticle&id=19

GPG4Win: 1024+ bit Encryption ... For Windoze Users

After a while wondering if i can share the priviledge of GnuPG PGP close-to-military level encryption with my not-so-knowing windows-dependant friends .. i google around for a solution .. and here it is .. hiding somewhere in the dark side of google .. a decent GPG for them ..

it uses the GNU Privacy Assistant as it GUI .. so .. its pretty easy for a non-tech-savvy windoze user to use ..

http://www.gpg4win.org/

Rootshell.be Free Shell Account

Need a free SSH account for having an "outside" looks of your system? .. Rootshell.be have what you need.. It gives you a free UNIX shell with 5MB quota ... and its SSH ports also listen on port 443 ... it haves the basics tools for simple tests on your system ..

However.. its SSH PortForwarding is sumtimes not stable ...

http://www.rootshell.be/

Free Community Based Rainbow Table Cracking

Cracking a passwd hash using the traditional JohnTheRipper way might take a very long time to accomplish ...

there is also an alternative and faster way of cracking ... by generating rainbow tables ( http://www.antsight.com/zsl/rainbowcrack/ ) ... however .. this requires you to pregenerate the tables on your own first ( it may take years too ).. and it might be worthless if you only need to crack one password ..

but fear not ... RainbowCrack.com ( http://www.rainbowcrack.com/ ) is here for you ... this site is a community based rainbowtable cracking engine .. the only catch is .. you need to generate a 600MB rainbowtable for them and upload it to their server.. after uploading, u are granted access to their rainbowtable cracking engine for 14days ...

Saturday, January 28, 2006

Revealing BIOS Passwords

cmospwd this is a cool software that can view the CMOS password of a certain computer without the need of hacking into the hardware of the system ...

using it is damn easy ... juz simply run "ioperm.exe -i" as administrator . then run the cmospwd executable ... it will display the passwd to you ... i've tested it on my system with award bios 6.0 ... guess what .. it works with charm ...

http://www.cgsecurity.org/index.html?cmospwd.html

Saturday, January 14, 2006

Public-Key & Contact



-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (GNU/Linux)

mQGiBEPH5FMRBAC5GZyTuXhjeDNFK5Va5snLvq+J+eS6e0cWYtvC0ZM7ehTWNQuG
hNTUqRf2RBfL5fiWCmVyjb0vt4WzRuuxrAvHIRPS60NzEqxjwc+OOJx2o0zNjvHc
2i0NHYExZrUV1pSRC9HMOXtdNKHp/vHO9rRqCneN1k1zdQmQi45+rqTtswCgmFrH
syrZOsZTjkX+P19SuBDilk8D/iaEbhYy97+U5tKxddk8JC01hczKzfPY1heDYk6E
QdypHIV8dNd2bBX/MYJRho3QWUQ/yfJyPjDJACLPkug64ihk6aupxwrL8IgENu3U
5m5J/gOvjrUx249HAj39S67s2gmafmUTxS7oGmdOwp8z/OLjI7Wm3euRcUFKAfXn
e6l9A/4xSOE6jaKlpRPpi8vl+zRmr/V5VX9o40/Pw3oHkJR66GZX9ikcBkQWuQIZ
Ln9fkVW1y3e/98ZYz9rueWdMVapO0sg4ExAHl8ROXt+EQvZhrBP48QZ1pnLX1Tw1
7FjpKKDwSdPIvbmHNwiiGwtX7s9sYyQiqFByqjhgWf5efyqTUrROTW9oZCBJemhh
ciBGaXJkYXVzIElzbWFpbCAoTW9iaWxlOiAwMTctMjc5Mjc2NSkgPG1vaGQuaXpo
YXIuZmlyZGF1c0BnbWFpbC5jb20+iGMEExECACMCGyMGCwkIBwMCBBUCCAMEFgID
AQIeAQIXgAUCRbEFtwIZAQAKCRCqIgTozGi7HRU4AKCKx+P8N9F7iPHnBpoxp1Ru
gmMVTwCgi+iTkArpFNta1mPeJtb+UvugMKi5AQ0EQ8fkVBAEAM4XdS7PSFAbsMSe
WrGmdAlC7Fl5xDfDeVgwmO2YPNuHIM0wnIoDXROMooX9Fm7nJtXeAv7FwaTTr/n7
DG2+3ynO/mWGEbuxORXRQnIY6GF376S/hFkpvljj4vcA3BDWtHp7L9gSuKmGoX+Z
49Dipw4FO+P2CSKWJUorGFsDq+PPAAMFA/wLP6oTMe29lkAEzf3S9apd9hf9RdgU
prJvH++Ms22D5PdYSXIaRc4dIa2X1X9rrCQkzdbc9tnxJAOj9ABwzLHclcu07EZJ
tFHx2Utb9tk/IJzx9y7eF0dW0j5i0nSBjo1K+s5GN7+GJcnl+XOeiU5/3wXs5C6V
shNLC9ti6/s0cYhGBBgRAgAGBQJDx+RUAAoJEKoiBOjMaLsdURUAoId4I4N3L206
iG6ddrq4H08HsGPrAJ9s2b6JeAuX75J3KAxNaehDG5rzWQ==
=5fJY
-----END PGP PUBLIC KEY BLOCK-----