Fixing Plesk Postix sending emails locally

I had this issue too. Any email being sent to my company domain was being sent locally. This is (I believe) because in Plesk (yes it’s a Plesk issue).

So basically it’s going oh soandso@company.com is the registered user lets send any @company.com emails locally or something like that.

Anyway, I have had to fix this twice now and I did it by editing the /etc/postfix/main.cf file and commenting out the lines that started with “virtual”.

How to increase the Kali Linux root partition

If you need to increase the Kali Linux root partition size, this might become difficult if you have another extended partition (like SWAP) right after your root partition ends.
First things first. If you are using VMware, edit the settings of the Kali virtual machine and expand the hard disk.
Power on the Kali virtual machine.

My problem:
/dev/sda1 30GB mounted on /
/dev/sda2 5GB extended partition mounted as SWAP

What I want to do is delete the SWAP partition, mark the space as unused and increase the / partition size and leave a couple of GB free to create another SWAP partition.

Using qparted will not work, because it will tell you that the (swap) partition is in use.
Commenting the swap partition in /etc/fstab will also not work. Also tried swapoff –all with the same result.

The fix:
root@kali:~# fdisk /dev/sda5 //the SWAP partition
use p to print the current partitions on that device.
use d to delete the partition
with w write the changes and reboot.

Use df -h to see if the SWAP is still there, or qparted if you want a GUI.

Resize the root partition by deleting it:

root@kali:~# fdisk /dev/sda

Command (m for help): p
Disk /dev/sda: 300 GiB, 322122547200 bytes, 629145600 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xaaea4a6f

Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 60262399 60260352 28.8G 83 Linux

Command (m for help): d //deletes the partition
Selected partition 1
Partition 1 has been deleted.

// recreate the partition starting from the first allocated cylinder (2048), the increase the size of the partition
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-629145599, default 2048): 2048
Last sector, +sectors or +size{K,M,G,T,P} (2048-629145599, default 629145599): +290G //extend the / partition to 290G

Created a new partition 1 of type ‘Linux’ and of size 290 GiB.

Command (m for help): a //mark the partition as bootable
Selected partition 1
The bootable flag on partition 1 is enabled now.

Command (m for help): p
Disk /dev/sda: 300 GiB, 322122547200 bytes, 629145600 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xaaea4a6f

Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 608176127 608174080 290G 83 Linux

Command (m for help): w //write the changes
The partition table has been altered.
Calling ioctl() to re-read partition table.
Re-reading the partition table failed.: Device or resource busy

The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8).

root@kali:~# reboot

After the reboot, issue the following command:

root@kali:~# resize2fs /dev/sda1
resize2fs 1.42.13 (17-May-2015)
Filesystem at /dev/sda1 is mounted on /; on-line resizing required
old_desc_blocks = 2, new_desc_blocks = 19
The filesystem on /dev/sda1 is now 76021760 (4k) blocks long.

Check with df -h if the partition scheme is ok.

root@kali:~# df -h
Filesystem Size Used Avail Use% Mounted on
udev 10M 0 10M 0% /dev
tmpfs 529M 7.9M 521M 2% /run
/dev/sda1 286G 9.5G 264G 4% /
tmpfs 1.3G 320K 1.3G 1% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 1.3G 0 1.3G 0% /sys/fs/cgroup
tmpfs 265M 8.0K 265M 1% /run/user/133
tmpfs 265M 16K 265M 1% /run/user/0
tmpfs 1.3G 4.0K 1.3G 1% /var/lib/polkit-1/localauthority/90-mandatory.d
root@kali:~# resize2fs /dev/sda1

To create another SWAP partition, just use qparted and create the partition with the desired size.

Cheeers!

How to run airodump-ng in background

airodump-ng is part of the aircrack-ng suite and is responsible for 802.11 (WLAN) raw frames capturing.
At some point you will need to run airodump-ng in background, which is kind of tricky, but I’ll show you how it’s done properly.

To be able to use airodump you will need to have a WLAN network card capable of functioning in monitor mode.

Monitor mode allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received from the wireless network.

Enable monitor mode:

ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

Standard usage of airodump:

airodump-ng wlan0 // channel hopping (monitors all channels by hopping from one to another)
airodump-ng -c 6 wlan0 // monitors channel 6
airodump-ng -c 6 wlan0 -w capture // monitors channel 6 and writes the captured frames to capture.cap file

In Linux, the easiest way to run programs in the background is to use the “&”:

my_script.sh &
my_command -options &

This, however, does not work correctly with airdoump and after some trial and error, the most stable way to run airodump-ng in the background is to put the commands in a script file and run the script with:

nohup ./script.sh &

The script:
#!/bin/bash
# run airodump-ng in the background in a stable way
airodump-ng -w capture wlan1 &

The problem with using nohup is that it generates a huge ./nohup.out file.
To fix this, add a cron entry that will clear ./nohup.out every minute:

crontab -e

And add the following line:

* * * * * > /path/to/nohup.out

The nohup file will be generated in the directory from where you started the airodump script.

Other useful commands for frame capturing the WPA handshake:
– Capture traffic of a specific BSSID (router/AP):

airodump-ng -c 7 --bssid 12:34:56:78:90:AB -w capture wlan0

//replace 7 with your channel and modify the MAC

– Deauthenticate all sessions of a WLAN with aireplay:

aireplay-ng -0 1 -a 12:34:56:78:90:AB wlan0

– Deauthenticate a client:

aireplay-ng -0 1 -a router_MAC -c client_MAC wlan1

– View hidden ESSID:

airodump-ng --essid-regex "<len " wlan1

Cracking the WPA handshakes is a different subject, but it can be done with aircrack-ng or ocl-hashcat (for GPUs with OpenCL or CUDA ).

More info:
www.aircrack-ng.org
hashcat.net/oclhashcat

Please make sure that you try this tutorial on WLANs or equipment that you own or have the right to crack or tamper with. Not following this advice will get you in legal issues.

Delete files older than

find ./your_directory/ -mtime +30 -type f -delete

Download Tinder profile photos

Ever wondered if you can download Tinder profile photos of the members you just visited?

Fortunately this is actual possible, using a small hack, so swiping left will no longer be a problem.

The case:
– Android phone
– Tinder 4.0 for Android

Done lots of profile views, some likes, super-likes, etc
Now is the time to see how can the user profile pics be downloaded.

You will need to have root on your phone.
– Install Super SU (https://play.google.com/store/apps/details?id=eu.chainfire.supersu&hl=en). Warning this will void your phone’s warranty.

A SSH server for you mobile phone:
– SSHDroid (https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid&hl=en)

Make sure that the phone and your laptop/PC are connected to the same WLAN SSID and have IPs in the same subclass, for example 192.168.1.x
Start SSHDroid and make sure that is connected to a wifi connection and has a valid IP. See the screenshot below!

SSHdroid connected to a WLAN

SSHdroid connected to a WLAN

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Download Winscp (https://winscp.net/eng/download.php)

– create a SCP session and enter the phone’s IP from the step above. The username should be root and the password admin
winscp

 

 

 

 

 

 

 

 

 

Once the SCP session is open, go to the /data/data/com.tinder/cache/picasso-cache folder and download all the files with the “.1” extension in that folder.  Hint: WinScp can sort by file extension or file size.
Go to the local folder on your PC (where you downloaded the files).
Hit the Windows+R keyboard combination, write cmd, hit OK.
Issue the following commands:
cd C:\Users\your_username\Documents\tinder // assuming that this is where you downloaded the files

and rename all files with the following command:
ren * *.jpg

If this doesn’t work, go to http://www.howtogeek.com/111859/how-to-batch-rename-files-in-windows-4-ways-to-rename-multiple-files/ and check out those tutorials.

In Linux you can rename those Tinder profile photos using:

mv * *.jpg

The result ? Lots of jpg files.

download tinder profile photos

 

 

 

 

 

 

 

That’s it. Go to that folder and you should see all Tinder profile pics of the users who’s profile you visited.

Cheers!

Install truecrypt on Linux CentOS

This is small guide on how to install truecrypt on Linux CentOS.

Truecrypt is probably the greatest encryption software that I’ve used to protect my files, unfortunately it has been discontinued by it’s developers for some very strange reasons.

However, that doesn’t mean that you cannot install it on your Linux machine.
So here goes the install process for truecrypt 7.1a, the console version of this crypto tool:

1.  Download the tar.gz archive from here or use wget from the command line, see below.

- wget http://nixware.net/wp-content/uploads/2015/06/truecrypt-7.1a-linux-console-x86.tar.gz

2. Extract the truecrypt archive:

tar -xvf ./ truecrypt-7.1a-linux-console-x86.tar.gz
cd ./truecrypt-7.1a-linux-console-x86

3. Give execution permissions to the installer script.

chmod 755 ./truecrypt-7.1a-linux-console-x86

4.  Install the requirements: libstdc++.so.6 and libfuse.so.2

yum install libfuse.so.2 libstdc++.so.6

5. Run the truecrypt installer:

[root@lnx truecrypt]# ./truecrypt-7.1a-setup-console-x86

– select option 1

6.  Create a new volume with:

/usr/bin/truecrypt -c

– follow the easy steps in the volume setup

7. Mount the container to a specified directory:

[root@nix truecrypt]# truecrypt -t -k "" --protect-hidden=no container1 /media/truecrypt1
Enter password for /home/user1/truecrypt/container1:
[root@nix truecrypt]# cd /media/truecrypt1
[root@nix truecrypt1]# ls
[root@nix truecrypt1]# pwd
/media/truecrypt1

8. Dismount a container:

truecrypt -d 

9.  (Optional) Check https://www.grc.com/misc/truecrypt/truecrypt.htm for some nice info

That’s it. Have fun hiding your stuff!

Guess my number python script

Modify the Guess My Number game so that the player has a
limited number of guesses. If the player fails to guess in time,
the program should display an appropriately chastising
message.

# guess my number game
# the computer generates a number between 1 and 100
# and tells the user if the number entered is smaller or higher
# than the number picked randomally by the computer

import random
print("I'm thinking of a number between 1 and 100\n")
print("Try to guess it in 5 attempts\n")

guess_total = 0
random_number = int(random.randint(1, 100))
my_number = int(input("Introduceti numarul: "))


while guess_total &lt; = 5 : if guess_total &gt;= 4:
        print("You've reached the max number of tries")
        break
           
    elif my_number == random_number:
        guess_total += 1
        guess_total = int(guess_total)
        print("Great. You've guessed it in", guess_total,"tries")
        break
        
    elif my_number &lt; random_number: guess_total += 1 guess_total = int(guess_total) print("You're number is too low\n") my_number = int(input("Introduceti numarul: ")) elif my_number &gt; random_number:
        guess_total += 1
        guess_total = int(guess_total)
        print("You're number is too high")
        my_number = int(input("Introduceti numarul: "))

# end of my wannabe program

My python journey (1)

So I’m trying to learn python using “Python for the absolute beginner, 3rd edition”
Challenges:
. Write a program that simulates a fortune cookie. The program
should display one of five unique fortunes, at random, each
time it’s run.

# program to display fortune cookies
# display random one of 5 fortune cookies

import random
cookie = int(random.randint(1, 5))

if cookie == 1:
    print(cookie, "it is.", "You will win the lottery this week.")
elif cookie == 2:
    print(cookie, "it is.", "You will get laid with a hot blonde...someday.")
elif cookie == 3:
    print(cookie, "it is.", "You will get an extra hour of sleep.")
elif cookie == 4:
    print(cookie, "it is.", "You will be a successful hacker.")
elif cookie == 5:
    print(cookie, "it is.", "Nothing special will happen today. Tough luck!")
else:
    print("Error happend")

input("\nPress enter to exit!")


And here is the output of the program.

python for beginners

Me and my luck… 🙂

Install Logwatch in Linux CentOS

Logwatch is a Linux application that parses log files, analyses them and sends periodical reports, based on specific criteria, to one or more email addresses.
In order to install logwatch in linux CentOS you have to issues the following command:

yum install logwatch

Edit the configuration file:

nano /usr/share/logwatch/default.conf/logwatch.conf

Check and edit the following directives in order to suit your needs:

LogDir = /var/log
MailFrom = Logwatch@mydomain.com
Range = yesterday //(or today)
Detail=Medium // (other: Low, Medium, High)
Service=all //(other examples would be httpd, sshd2, ftp)

Run logwatch manually:

logwatch --detail High --mailto myemail@domain.com --service http --range today

The output should be like this:

 ################### Logwatch 7.3.6 (05/19/07) ####################
        Processing Initiated: Tue May 19 14:21:59 2015
        Date Range Processed: today
                              ( 2015-May-19 )
                              Period is day.
      Detail Level of Output: 5
              Type of Output: unformatted
           Logfiles for Host: nix
  ##################################################################

 --------------------- courier mail services Begin ------------------------

 **Unmatched Entries**
   courier-pop3d - 2 Times
      Connection, ip=[::ffff:182.118.53.150] - 1 Time
      Disconnected, ip=[::ffff:182.118.53.150] - 1 Time



 ---------------------- courier mail services End -------------------------


 --------------------- Cron Begin ------------------------

sshd:
    Authentication Failures:
       root (43.255.188.163): 4930 Time(s)
       root (43.255.188.155): 3524 Time(s)
       root (61-218-247-185.hinet-ip.hinet.net): 925 Time(s)
       unknown (61-218-247-185.hinet-ip.hinet.net): 391 Time(s)
       root (61.133.63.14): 137 Time(s)
       root (58.218.205.72): 114 Time(s)
       root (222.186.160.48): 98 Time(s)
       root (218.65.30.61): 90 Time(s)
       root (221.229.166.81): 80 Time(s)
       root (58.218.205.66): 69 Time(s)
       root (58.218.199.195): 68 Time(s)

Block failure notice emails in qmail

I have Plesk on my Linux server and I receive lots of spam emails from the root account on my server.
Here’s what happened. My forum used to send emails to non-existent email accounts around the web and I used to receive the failure notices for them.
To block failure notice emails in qmail that were forwarded to my main email I had to modify the aliases from

/var/qmail/alias

Here’s a sample email I received:

MAILER-DAEMON@nixware.net
Mar 30 (7 days ago)

to postmaster 
Hi. This is the qmail-send program at nixware.net.
I tried to deliver a bounce message to this address, but the bounce bounced!

:
2a00:1450:4013:0c01:0000:0000:0000:001a does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 q5si14669450wjx.9 - gsmtp
Giving up on 2a00:1450:4013:0c01:0000:0000:0000:001a.

--- Below this line is the original bounce.

Return-Path: &lt;&gt;
Received: (qmail 8634 invoked for bounce); 29 Mar 2015 23:50:02 +0200
Date: 29 Mar 2015 23:50:02 +0200
From: MAILER-DAEMON@nixware.net
To: root@nixware.net
Subject: failure notice

As you can see, the postmaster account was receiving the spam from MAILER-DAEMON and MAILER-DAEMON was forwarding them to my gmail.com account. Pretty nasty…

The fix:
Go to

/var/qmail/alias

do a

ls -alh

and you will see a couple of hidden config files.

Inside each of those file I had my @gmail account. With the next script I overwrote the gmail account with a non-existent email:

 

 

for FILE in ./.qmail-*;do echo "nonexistent@nodomain.tld" > $FILE;done

Restart/reload qmail:

service qmail reload

That’s it! You should not receive any spam from any of the root, mailman or postmaster accounts.