Tag Archives: bash

How to run airodump-ng in background

May 14, 2016 by admin · Leave a comment

airodump-ng is part of the aircrack-ng suite and is responsible for 802.11 (WLAN) raw frames capturing.
At some point you will need to run airodump-ng in background, which is kind of tricky, but I’ll show you how it’s done properly.

To be able to use airodump you will need to have a WLAN network card capable of functioning in monitor mode.

Monitor mode allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received from the wireless network.

Enable monitor mode:

ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

Standard usage of airodump:

airodump-ng wlan0 // channel hopping

airodump-ng -c 6 wlan0 // monitors channel 6

airodump-ng -c 6 wlan0 -w capture // monitors channel 6 and writes the captured frames to capture.cap file

In Linux, the easiest way to run programs in the background is to use the “&”:

my_script.sh & my_command -options &

This, however, does not work correctly with airdoump and after some trial and error, the most stable way to run airodump-ng in the background is to put the commands in a script file and run the script with:

nohup ./script.sh &

The script:

/bin/bash

airodump-ng -c 11 -K 1 --output-format pcap channel-11.pcap &

The problem with using nohup is that it generates a huge ./nohup.out file.
To fix this, add a cron entry that will clear ./nohup.out every minute:

crontab -e

And add the following line:

* * * * * > /path/to/nohup.out

The nohup file will be generated in the directory from where you started the airodump script.

Other useful commands for frame capturing the WPA handshake:
– Capture traffic of a specific BSSID (router/AP):

airodump-ng -c 7 -K 1 --bssid 12:34:56:78:90:AB -w channel-7.pcap wlan0

//replace 7 with your channel and modify the MAC

– Deauthenticate all sessions of a WLAN with aireplay:

aireplay-ng -0 1 -a 12:34:56:78:90:AB wlan0

– Deauthenticate a client:

aireplay-ng -0 1 -a router_MAC -c client_MAC wlan1

– View hidden ESSID:

airodump-ng --essid-regex "<len "="" wlan1="" <="" pre="">

Cracking the WPA handshakes is a different subject, but it can be done with aircrack-ng or ocl-hashcat (for GPUs with OpenCL or CUDA ).

More info:
www.aircrack-ng.org
hashcat.net/oclhashcat

Please make sure that you try this tutorial on WLANs or equipment that you own or have the right to crack or tamper with. Not following this advice will get you in legal issues.

Posted in hacking, wireless. Tagged with , , , .

Substitution operators

October 2, 2014 by admin · Leave a comment

Substitution operators are used for expanding parameters and variable values.

Examples:

${variablename:-some word}

-If varname exists and isn’t null, return its value; otherwise return word.

Purpose: Returning a default value if the variable is undefined.

[root@euve59329 ~]# echo ${PWDx:-non existent variable}
non existent variable

${varname:=word}
– If varname exists and isn’t null, return its value; otherwise set it to
word and then return its value. Positional and special parameters

[root@euve59329 ~]# echo ${ID:=0}
0

– ID variable does not exist. In this case, the value is set to 0.

Purpose:Setting a variable to a default value if it is undefined.

${varname:?message} 

If varname exists and isn’t null, return its value; otherwise print
varname: followed by message, and abort the current command or
script (non-interactive shells only). Omitting message produces the
default message parameter null or not set.

 

[root@euve59329 ~]# echo ${thevariable:?does not exist}
bash: thevariable: does not exist
[root@euve59329 ~]#

– Purpose: Catching errors that result from variables being undefined.

${varname:+word}

[root@euve59329 ~]# echo ${count:+1}
1
[root@euve59329 ~]# echo ${countX:+1}

Purpose: Testing for the existence of a variable.
Example: ${count:+1} returns 1 (which could mean “true”) if count is
defined.

 

${varname:offset:length}

 

Performs substring expansion.[5] It returns the substring of $varname
starting at offset and up to length characters. The first character in
$varname is position 0. If length is omitted, the substring starts at
offset and continues to the end of $varname. If offset is less than 0 then
the position is taken from the end of $varname. If varname is @, the
length is the number of positional parameters starting at parameter
offset.
Purpose: Returning parts of a string (substrings or slices).
Example:

 

[root@euve59329 ~]# count=MyCoolText
[root@euve59329 ~]# echo ${count:4}
olText
[root@euve59329 ~]# echo ${count:4:4}
olTe
[root@euve59329 ~]#

Inspired from Learning the bash Shell: Unix Shell Programming (In a Nutshell (O’Reilly))

Posted in BASH. Tagged with , , .

String Manipulation and Expanding Variables

October 1, 2014 by admin · Leave a comment

String Manipulation and Expanding Variables

For your ready references here are all your handy bash parameter substitution operators. Try them all; enhance your scripting skills like a pro:

${parameter:-defaultValue} Get default shell variables value
${parameter:=defaultValue} Set default shell variables value
${parameter:?”Error Message”} Display an error message if parameter is not set
${#var} Find the length of the string
${var%pattern} Remove from shortest rear (end) pattern
${var%%pattern} Remove from longest rear (end) pattern
${var:num1:num2} Substring
${var#pattern} Remove from shortest front pattern
${var##pattern} Remove from longest front pattern
${var/pattern/string} Find and replace (only replace first occurrence)
${var//pattern/string} Find and replace all occurrences
REFERENCES:

via http://www.cyberciti.biz/tips/bash-shell-parameter-substitution-2.html

Posted in BASH. Tagged with , .

How to empty large log files

September 30, 2014 by admin · Leave a comment

If you want to empty large log files (aka lots of GB) without deleting the file, here’s how you can do that:

 

 

nix# > mylargelog.log

or 

nix# echo " " > mylargelog.log

Tadaa!!

Posted in BASH, How to. Tagged with , , , .

How to run linux scripts

August 26, 2014 by admin · Leave a comment

Scripts can be defined as a sequence of commands that are stored inside a file and are usually executed in order to automate certain tasks. In the following minutes I’m gonna show you how to run linux scripts from the shell.

In the BASH environment you can find many types of scripts. Depending on the user needs you can find BASH, Python, Perl or other type of scripts.

In some cases they might have an extension like .sh, .bsh, or .py, however this is not a rule. In Linux, files don’t need to have an extension, but they are required to have an shebang.

The shebang is the first line in a script which tells the shell what program to interpret the script with, when executed.

Here’s an example:

~ # more /root/blockip.sh
#!/bin/bash

As you can see, the first line in the script tells us that this is a BASH script.

So, how can we run a script ?

First you need to check the permissions of the script:

~ # ls -l /root/blockip.sh
-r--r--r   1 root     root          156 Jun  1 20:12 /root/blockip.sh
root@nyxware#

In order to execute a script, the user under which the script needs to be executed has to have execution permissions, and the above one doesn’t have that permissions and this is how you can fix it:

chmod + x ./blockip.sh

No check the permissions again:

~ # ls -l /root/blockip.sh
-rwxrwxrwx   1 root     root          156 Jun  1 20:12 /root/blockip.sh
root@nyxware

The permissions are ok now.

Now you can run the script by typing:

root@nyxware
~ # ./blockip.sh
OK
root@nyxware

Alternatively, you can run the same script with it’s absolute path:

root@nyxware
~ # /root/blockip.sh
OK
root@nyxware

A python script can be run like this:

~ # python test.py
Usage: test.py server [options]

Test for SSL heartbeat vulnerability (CVE-2014-0160)

Options:
  -h, --help            show this help message and exit
  -p PORT, --port=PORT  TCP port to test (default: 443)
root@nyxware

~ #

run linux script

 

 

 

 

 

 

In Perl:

root@nyxware#hello-world.pl
Hello world!
Posted in BASH, scripts. Tagged with , , , .

Autostart services in Linux

August 26, 2014 by admin · Leave a comment

chkconfig is a simple command-line tool that helps a Linux administrator configure,  maintain,  autostart and manage the configuration of the symlinks located in /etc/rc[0-6].d path.

First of all let me show you which are the most used services in a Linux distributuion.

You can find out what services can be started in your server by typing:

chkconfig --list

The output should look something like this:

~ # chkconfig --list
acpid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cgconfig        0:off   1:off   2:off   3:off   4:off   5:off   6:off
cgred           0:off   1:off   2:off   3:off   4:off   5:off   6:off
cmdavd          0:off   1:off   2:off   3:off   4:off   5:off   6:off
cmdmgd          0:off   1:off   2:off   3:off   4:off   5:off   6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
htcacheclean    0:off   1:off   2:off   3:off   4:off   5:off   6:off
httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
ip6tables       0:off   1:off   2:on    3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
mailman         0:off   1:off   2:on    3:on    4:on    5:on    6:off
mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off
named           0:off   1:off   2:on    3:on    4:on    5:on    6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
ntpd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
ntpdate         0:off   1:off   2:off   3:off   4:off   5:off   6:off
portreserve     0:off   1:off   2:on    3:on    4:on    5:on    6:off
psa             0:off   1:off   2:on    3:on    4:on    5:on    6:off
qmail           0:off   1:off   2:on    3:on    4:on    5:on    6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
restorecond     0:off   1:off   2:off   3:off   4:off   5:off   6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
saslauthd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
spamassassin    0:off   1:off   2:on    3:on    4:on    5:on    6:off
squid           0:off   1:off   2:off   3:off   4:off   5:off   6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
xinetd          0:off   1:off   2:on    3:on    4:on    5:on    6:off

xinetd based services:
        chargen-dgram:  off
        chargen-stream: off
        daytime-dgram:  off
        daytime-stream: off
        discard-dgram:  off
        discard-stream: off
        echo-dgram:     off
        echo-stream:    off
        ftp_psa:        on
        poppassd_psa:   on
        rsync:          off
        smtp_psa:       on
        smtps_psa:      on
        submission_psa: on
        tcpmux-server:  off
        time-dgram:     off
        time-stream:    off

The left column contains the name of the process, to the right you have 7 columns, each one represents a Linux runlevel. Usually you will use runlevels 3,4,5. Runlevel 0 and 6 are related to shutdown (0) and reboot (6), so you should never use these.

The “on” and “off” reffer to the fact that a specific service will autostart (on) or will not autostart (off) after a reboot of the server.

The manual of chkconfig can be accesed via the command:

~ # chkconfig --help
chkconfig version 1.3.49.3 - Copyright (C) 1997-2000 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License.usage:   chkconfig [--list] [--type ] [name]
         chkconfig --add 
         chkconfig --del 
         chkconfig --override 
         chkconfig [--level ] [--type ]  &lt;on|off|reset|resetpriorities&gt;
root@nyxware~ #

To autostart a service after each reboot you would use a command like this:

chkconfig --level 345 httpd on

or just

chkconfig httpd on

To stop a process from starting after each reboot enter the command:

chkconfig httpd off

or stop it from running at a specific runlevel:

# chkconfig --level 3 httpd off
root@nyxware#

Use grep to see the status of a specific service:

~ # chkconfig --list | grep ssh
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
root@nyxware
~ #

  * replace httpd with your desired service name.

Posted in BASH, How to. Tagged with , , , .

How to delete files in Linux

August 25, 2014 by admin · Leave a comment

During everyday usage of the Linux operating system, you will encounter situations when you will need to delete one or more files from the file system.

The easiest way to delete a file from BASH is to issue the rm command.

In most Linux distributions the rm command is an alias for “rm -i”, so when you enter rm in the shell, the alias points to rm -i (the “i” stands for interactive).

[root@nyx backup]# rm wordpress.sql
rm: remove regular file `wordpress.sql'? y
[root@nyx backup]#

Delete the file without a confirmation:

[root@nyx backup]# rm -f wordpress.sqlwordpress.sql
[root@nyx backup]#

Delete all the files in the folder called “backup”.  -r stand for recursively, -f  is forcing the delete command without a confirmation. Be careful when you use “-r -f” !

[root@nyx backup]# rm -r -f ./backup/
[root@nyx backup]#

rm

 

 

 

Find files older than x days and delete them:

find /home/backup/* -mtime +30 -exec rm {} \;  
## find files older than 30 days from the /home/backup directory and delete them
Posted in BASH, How to. Tagged with , , , , .

View Linux BASH history

August 25, 2014 by admin · Leave a comment

In case you are wondering how to review your latest commands entered in your favorite Unix shell, below you have more than one option to achieve this goal.

The first and most known way is using the history command:

history

By typing  history in your Linux shell will show on your screen the latest commands you entered with the user you are currently logged in.

It is important to mention that the Unix/Linux way of storing your history is pretty simple: basically the OS just stores your commands in a text file. That file can differ from one distro to another, but you can view the exact location of that file by typing echo $HISTFILE. You can see a sample below:

histfile

 

Knowing the file (location) the ways you can manipulate the output are multiple. For example:

cat  $HISTFILE | more    #(you can use less too)

histfile variable

 

View the history in a text editor:

vim $HISTFILE

View only specific columns:

history | cut -d' ' -f 4-

history cut

 

View only the last 20 lines:

history | tail -n 20

Or view the:

  • last 5 “yum-install” commands from your history file:
history | grep "yum-install" | tail -n 5
  • First 5 commands that contain “yum”
history | grep yum | head

history head

Posted in BASH. Tagged with , , , , .

How to run commands from your bash history ?

August 25, 2014 by admin · Leave a comment

Viewing your bash history is pretty easy. Type history in your shell and you will be presented with the latest 500 or 1000 (depends on distro/bash settings, ) commands you entered.
But what if you want to run one or more commands from the history file, how can that be accomplished ?
Well, the not so effective way is to type history | grep mycommand, then copy and paste in the terminal.

However, if your command expands on multiple lines the above procedure is pretty painful.
Here’s a more efficient way:

Introducing History expansion and the event designators:

The command Description
!! Repeat last command
! Start a history substitution
!n Refers to the command line n
!string Invokes the command starting with “string”
!?string Refers to the most recent command containing “string”
^string1^string2 Repeats the last command and replaces string1 with string2

 Here are a couple of practical examples:

Repeats last command, in this case is whoami.

whoami

From the history file it Invokes the latest command containing hostname.

hostname

String replacement:

 

[root@nyx log]# tail /var/log/messages | head -n 2    #showing first 2 lines from /var/log/messages

Aug 22 19:39:56 euve59329 Plesk/Courier authd[20849]: No such user 'cage@nixware.net' in mail authorization database

Aug 22 20:05:26 euve59329 Plesk/Courier authd[21813]: No such user 'psychoza@nixware.net' in mail authorization database

[root@nyx log]# ^messages^mysqld.log     #from the last command replace messages with mysqld.log and execute the command

tail /var/log/mysqld.log | head -n 2

140822  4:03:28 [ERROR] Invalid (old?) table or database name 'comment _subscribers'

140822  4:03:28 [ERROR] Invalid (old?) table or database name 'mp3-players'

[root@nyx log]#
Posted in BASH. Tagged with , , , , .

How to set the date and time in Linux

August 24, 2014 by admin · Leave a comment

To view the current date and time, issue the date command:

date-time-linux

Then view and set your time zone:

cd /usr/share/zoneinfo

timezone-info

I’m going to use the GMT time zone.

Copy the file with your timezone. (this could be ./Europe/London or whatever city you would like to use).

localtime in linux

Change the date and time in Linux via BASH:

For this purpose we will use the following command format:

date 082314422014   ### August/23rd/14:44/2014 ## Date /month/ day/ hour/ minutes/ year

 

date and time in linux bash

 

 

 

Posted in BASH. Tagged with , , , , .