Category Archives: How to

List hardware components with BASH

For troubleshooting purposes you might need to list the hardware components via BASH.

This can be achieved via the following executables.

List all components:
lshw -short

Or individually:

List the installed hard drives (Brand, model).
lshw -class disk

View partition info, including RAID:

View installed processor:

List PCI card and controllers:

List main board Brand and model:
dmidecode -t 2

List network card:
lshw -short | grep network

List RAM modules and capacity:
dmidecode –type 17- see the “part number” and google the code.
Part Number: CT102464BA160B.C16 –> Crucible

Power supply:
dmidecode –type 39

Sensors information:
apt-get install lm-sensors

Posted in How to. Tagged with .

Analyze wordlists to generate password statistics and hashcat mask files

If you want to analyze wordlists and generate password occurrence statistics and generate advanced masks for hashcat from a wordlist or a cracked hashes file, you would need to use the Password Analysis and Cracking Kit.

As the author specifies in the manual, the PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password attacks by analyzing common ways that people create passwords.

To install use git or if you have Kali, PACK should already be installed and ready to use.

git clone
Example usage for a wordlist called hashes2.txt:
sudo python ./pack/ hashes2.txt --output=hashes2.masks

Generating the hashcat masks file from the hashes2.masks file generated from above:

sudo python ./pack/ ./hashes2.masks -o ./hashes1_generated.hcmask --occurrence --pps=100000000


The result of the last command should be a hashcat compatible hcmask file, which can be used to crack hashes:

Example of a hcmask file:


The syntax for hashcat mask attack looks like this:

./hashcat.exe -a 3 -m 0 ./hashes1.txt ./masks/hashes2_generated.hcmask -w 3 –status -O

Happy cracking!

Posted in How to.

The skeptic’s OSCP skills requirements guide

It’s been almost one year since I got my OSCP and I never got the chance to write about it. And since almost everyone does a general review about the Offensive Security Certified Professional certification, I decided to do a short write-up about the actual skill requirements for hacking through the OSCP labs and obtaining the OSCP certification.

So what do you need to know prior to starting the OSCP?

  • general OS internals knowledge (Linux, Windows) – have you ever installed Linux/Win? Know what a partition is? What is a log and where to find it?
  • general networking knowledge (what is a IP subnet, netmask, gateway, how are packets routed)
  • troubleshooting skills
  • using a search engine with advanced parameters (filetype, site, inurl, etc)
  • what is ARP, a firewall, antivirus
  • can you navigate/list/check or change permissions of files with cmd/bash?
  • can you read simple code (BASH, Python, Powershell) scripts?
  • can you write 2 liner scripts in linux?
  • Do you know what this does?

for ip in $(seq 1 254);do ping -c 1 192.168.1.$ip | grep “bytes from”; done

Missing some of the above? You can catch up, it’s not rocket science.

What is not mandatory, but great to have?

  • any kind of programming/scripting experience
  • any kind of experience in the IT Security field
  • experience as a sysadmin, tech support engineer or similar background.

Did OSCP help me with finding a job in IT Security?

  • YES!!

Are you ready for Pain & Sufferance? Brace for impact and register for OSCP. You will bleed, but it will change the way you look at IT Security and Pentesting.

Over and out – OS18010

Posted in How to, OSCP. Tagged with .

Fix bricked Seagate ST31000340AS hard disk. BSY error

9 years ago I had this 1TB Seagate ST31000340AS hard disk that I was using as a primary drive for my OS and also the place to store all my photos, video clips and other important stuff.
At some point it simply failed to work. No strange sounds, no nothing. The BIOS would not recognize it, OS would not see it.

I left it like that for for 6-7 years, but in the last week I started informing myself about how to fix it.
I knew there wasn’t any mechanical issue with it and I was suspecting HDD firmware issues.

And my suspicion was right. There was a known glitch with multiple series of Seagate models, more specific – with their SD15 firmware.
Now the fun begins, because there is a solution to this issue.

  • The materials needed to fix:
    bricked Seagate HDD
  • Torx T6 screwdriver

  • USB to UART Prolific PL2303HX convertor cable (3$). link to Amazon. Also found as “PL2303HX USB to UART TTL Cable Module 4p 4 pin RS232 Converter”.

  • A postit or a piece of paper, folded  2-3 times or any other slim non electric conductive material.
  • Prolific PL2303HX drivers that actually work on Windows 10 (get them from here, not the manufacturer’s website).
  • (optional) External HDD rack or connect the HDD directly to your motherboard via SATA and Molex ATX power cable.

Before we start, please be aware that there is a slight possibility that you will lose your data or break your HDD if you are not careful.

If you have important data that you cannot afford to lose, please go to a data recovery company to fix your hard drive.

Start the fixing process:

  • power off your PC or your external USB hard disk rack.
  • Important: make sure that the SATA or USB cable is disconnected from your PC/external HDD rack.
  • Remove any jumpers from the HDD. If you have any.
  • Take the Torx T6 screw driver and remove all 6 screws and detach the HDD PCB. Remember that the long screws are always connected on the corners of the HDD.
  • Place the folded postit between the PCB and the contacts for the drive head.  Leave the drive motor contacts in place.  Tighten the three screws closest to the motor contacts.  Leave the other three screws loose or removed.

HDD drive head

  • Install the USB adapter’s drivers (from the link provided at the beginning of the post) and make sure that Windows sees it as COM port in Device manager and you don’t have any yellow errors on it. Reboot if necessary.
  • Connect the USB adapter to the PC.
  • Go to Device manager and right click>> properties and make the following settings on you new installed USB/COM adapter:
  • Choose 38400, 8, None, 1, None in the COM properties box.

You will need to connect 3 wires from the USB adapter to the HDD. The 4th is not used:

  • GREEN cable is RX on the USB cable -> connects to TX on HDD
  • WHITE cable is TX on the USB cable -> connects to RX on HDD
  • BLACK cable is the grounding -> connects to the ground pin on HDD
  • You should connect the TX pin of the hard drive to the RX pin of the adapter, and the hard drive’s RX pin to the adapter’s TX pin.  This is the theory. In the real life it worked backwards for me.
  • Connect the 3 pins like this:

These pins are located next to the hard drive’s SATA connector.

If you can’t fit the pins on the HDD, strip the plastic shielding from the pins.

  • After inserting the pins, power on the PC or the external USB rack. The SATA cable should be disconnected from the HDD. Same for the external rack.

RX, TX and ground pins connected to the hdd

(RX, TX and ground pins connected to the HDD)

  1. Download putty from their official site.
  2. Open putty and make these settings. Make sure you are using the correct COM port number. Mine was COM8, but it might be different for you. Go to device manager to check the actual port number.
    • Baud 38400 
    • Data Bits 8 
    • Stop Bits  1 
    • Parity none 
    • Flow Control  none

  • Hit save and open.
  • You should see a blank screen. Hit Ctrl+Z.
  • If you connected the pins correctly you should see a prompt like this:

 F3 T>

If not, you may have the TX & RX wires swapped.  Switch the green wire with the white one and try again

Go to Access Level 2 (type /2):

F3 T>/2   (hit enter)
F3 2>

Wait about 30 seconds, then spin down the motor:

F3 2>Z (enter)

  Spin Down Complete
    Elapsed Time 0.147 msecs
F3 2>

If you instead see a message similar to this:

LED: 000000CE  FAddr: 00280D4D

Then you entered the commands too quickly after supplying power to the drive.

Poweroff the HDD, wait 30 seconds, then begin again.
If everything went smooth until this point, carefully remove the red postit that you placed between the PCB and the drive head contacts.

Tighten the all screws.  Then start the motor:

F3 2>U (enter)

Spin Up Complete
    Elapsed Time 7.093 secs
F3 2>

Next go to Level 1 (type /1):

F3 2>/1  (hit enter)

And do a S.M.A.R.T. erase (create S.M.A.R.T. sector):

F3 1>N1 ( hit enter)

When the prompt comes back up, turn off power to the hard drive, wait a few seconds, then turn it back on.  Wait about 20 seconds, then finally do partition regeneration:

Note, the command bellow contains Zero, not o – as in order.

F3 T>m0,2,2,0,0,0,0,22 (hit enter)

After 15-30 seconds, you should see something like:

Max Wr Retries = 00, Max Rd Retries = 00, Max ECC T-Level = 14, Max Certify Rewrite Retries = 00C8

    User Partition Format 10% complete, Zone 00, Pass 00, LBA 00004339, ErrCode 00000080, Elapsed Time 0 mins 05 secs

    User Partition Format Successful – Elapsed Time 0 mins 05 secs

Do not turn off drive until you see this message.
Once seen, drive can be turned off.
Power down everything, place drive back into your computer, and confirm that it’s working.

Update the firmware to the latest version! Google is your friend.

You are welcome ūüôā

Posted in hacks, hardware, How to. Tagged with , , , , , .

Delete files older than

find ./your_directory/ -mtime +30 -type f -delete
Posted in BASH, How to. Tagged with .

Install truecrypt on Linux CentOS

This is small guide on how to install truecrypt on Linux CentOS.

Truecrypt is probably the greatest encryption software that I’ve used to protect my files, unfortunately it has been discontinued by it’s developers for some very strange reasons.

However, that doesn’t mean that you cannot install it on your Linux machine.
So here goes the install process for truecrypt 7.1a, the console version of this crypto tool:

1.  Download the tar.gz archive from here or use wget from the command line, see below.

- wget

2. Extract the truecrypt archive:

tar -xvf ./ truecrypt-7.1a-linux-console-x86.tar.gz
cd ./truecrypt-7.1a-linux-console-x86

3. Give execution permissions to the installer script.

chmod 755 ./truecrypt-7.1a-linux-console-x86

4.  Install the requirements: and

yum install

5. Run the truecrypt installer:

[root@lnx truecrypt]# ./truecrypt-7.1a-setup-console-x86

– select option 1

6.  Create a new volume with:

/usr/bin/truecrypt -c

– follow the easy steps in the volume setup

7. Mount the container to a specified directory:

[root@nix truecrypt]# truecrypt -t -k "" --protect-hidden=no container1 /media/truecrypt1
Enter password for /home/user1/truecrypt/container1:
[root@nix truecrypt]# cd /media/truecrypt1
[root@nix truecrypt1]# ls
[root@nix truecrypt1]# pwd

8. Dismount a container:

truecrypt -d 

9.  (Optional) Check for some nice info

That’s it. Have fun hiding your stuff!

Posted in How to. Tagged with , , , .

How to empty large log files

If you want to empty large log files (aka lots of GB) without deleting the file, here’s how you can do that:



nix# > mylargelog.log


nix# echo " " > mylargelog.log


Posted in BASH, How to. Tagged with , , , .

Search in archives

When using the linux shell daily we encounter situations when we need to search specific strings in one or more archives. If you are wondering how to search in archives for different patterns or strings, this tutorial will show you how.

You might have an archived log file and you want to search for the word “error”, here’s how you can do it.

Presenting zcat:

zcat is a linux console utility that takes as input compressed data files and send to stdout the results. Used with advanced utilities like cut, grep or awk, zcat becomes a very powerful application that helps the linux system administrator to search through archived files.

Here’s an example.

[root@nyx /]# zcat httpd-log_20140821.gz | awk -F ";" '($6~"error")

[Wed Aug 27 11:08:27 2014] [error] [client] PHP Warning: date_default_timezone_get(): It is not safe to rely on the system's timezone settings.

The explaining:

zcat parses¬†httpd-log_20140821.gz, outputs the lines that have the word “error” in the 6th column of the log file.

Another example:

zcat logs_2014082* | awk -F ";" '($1=="Transaction timed out") | sort -u

Alert: a Transaction timed out error was received at 2014-08-20 1:33

Alert: a Transaction timed out error was received at 2014-08-21 10:03

The explanation:

zcat parses the archived files hat start with ”¬†logs_2014082″, searches if the 1st column contains “Transaction timed out” then sorts the output and removes duplicate lines.

Introducing zgrep.
Like the similar grep command, zgrep is a linux utility that was developed for the sole purpose of matching patters or strings inside an archived file.


zgrep error httpd.log.gz

[Sat Aug 23 06:12:20 2014] [error] [client] File does not exist: /www/html/
[Sat Aug 23 06:12:21 2014] [error] [client] File does not exist: /www/html/


The explanation: zgrep searches the¬†httpd.log.gz file for the “error” word and sends the output to stdout.


– allows you to filter archived or plain text files one screen a a time. As it’s name says it does basically the same thing as more but it can search.

Posted in BASH, How to. Tagged with , , , , .

How to save iptables

In this article you will find out how to save iptables firewall rules in Linux CentOS, Redhat, Debian and Ubuntu.

Iptables  is a Linux application built for the purpose of allowing a system administrator to configure and maintain specific firewall tables/rules provided by the Linux kernel firewall module.
There are currently 3 different kernel modules build for the IPv4, IPv6 and ARP stack protocols (iptables is used for IPv4, ip6tables refferes to IPv6, arptables to Addres Resolution Protocol).

The most used and the one used in this tutorial is iptables. In order to execute iptables related commands you need root privileges or to be in the sudoers file in Debian/Ubuntu OSes.

So here’s how to save iptables and how to list existing ones:

The syntax used to check the iptables service status is:

service iptables status  ##CentOS, Redhat
sudo iptables -L -n -v   ##Debian, Ubuntu


To start iptables:

service iptables start ##CentOS, Redhat
sudo ufw enable ##Ubuntu


To list iptables rules:

iptables -L


Save iptables rules:

iptables-save  #Debian
sudo iptables-save  #Ubuntu
service iptables save #CentOS

On CentOS, for example, you would see an output like this:

iptables save





To restore iptables rules:

~ # iptables-restore < /etc/sysconfig/iptables
~ #
Posted in BASH, How to, linux, Networking, tutorial. Tagged with , , , , , , , , .

Autostart services in Linux

chkconfig is a simple command-line tool that helps a Linux administrator configure,  maintain,  autostart and manage the configuration of the symlinks located in /etc/rc[0-6].d path.

First of all let me show you which are the most used services in a Linux distributuion.

You can find out what services can be started in your server by typing:

chkconfig --list

The output should look something like this:

~ # chkconfig --list
acpid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cgconfig        0:off   1:off   2:off   3:off   4:off   5:off   6:off
cgred           0:off   1:off   2:off   3:off   4:off   5:off   6:off
cmdavd          0:off   1:off   2:off   3:off   4:off   5:off   6:off
cmdmgd          0:off   1:off   2:off   3:off   4:off   5:off   6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
htcacheclean    0:off   1:off   2:off   3:off   4:off   5:off   6:off
httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
ip6tables       0:off   1:off   2:on    3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
mailman         0:off   1:off   2:on    3:on    4:on    5:on    6:off
mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off
named           0:off   1:off   2:on    3:on    4:on    5:on    6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
ntpd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
ntpdate         0:off   1:off   2:off   3:off   4:off   5:off   6:off
portreserve     0:off   1:off   2:on    3:on    4:on    5:on    6:off
psa             0:off   1:off   2:on    3:on    4:on    5:on    6:off
qmail           0:off   1:off   2:on    3:on    4:on    5:on    6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
restorecond     0:off   1:off   2:off   3:off   4:off   5:off   6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
saslauthd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
spamassassin    0:off   1:off   2:on    3:on    4:on    5:on    6:off
squid           0:off   1:off   2:off   3:off   4:off   5:off   6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
xinetd          0:off   1:off   2:on    3:on    4:on    5:on    6:off

xinetd based services:
        chargen-dgram:  off
        chargen-stream: off
        daytime-dgram:  off
        daytime-stream: off
        discard-dgram:  off
        discard-stream: off
        echo-dgram:     off
        echo-stream:    off
        ftp_psa:        on
        poppassd_psa:   on
        rsync:          off
        smtp_psa:       on
        smtps_psa:      on
        submission_psa: on
        tcpmux-server:  off
        time-dgram:     off
        time-stream:    off

The left column contains the name of the process, to the right you have 7 columns, each one represents a Linux runlevel. Usually you will use runlevels 3,4,5. Runlevel 0 and 6 are related to shutdown (0) and reboot (6), so you should never use these.

The “on” and “off” reffer to the fact that a specific service will autostart (on) or will not autostart (off) after a reboot of the server.

The manual of chkconfig can be accesed via the command:

~ # chkconfig --help
chkconfig version - Copyright (C) 1997-2000 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License.usage:   chkconfig [--list] [--type ] [name]
         chkconfig --add 
         chkconfig --del 
         chkconfig --override 
         chkconfig [--level ] [--type ]  <on|off|reset|resetpriorities>
root@nyxware~ #

To autostart a service after each reboot you would use a command like this:

chkconfig --level 345 httpd on

or just

chkconfig httpd on

To stop a process from starting after each reboot enter the command:

chkconfig httpd off

or stop it from running at a specific runlevel:

# chkconfig --level 3 httpd off

Use grep to see the status of a specific service:

~ # chkconfig --list | grep ssh
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
~ #

  * replace httpd with your desired service name.

Posted in BASH, How to. Tagged with , , , .