Dienstag, 26. November 2013

Netcat – a couple of useful examples

One of the Linux command line tools I had initially under-estimated is netcat or just nc. By default, netcat creates a TCP socket either in listening mode (server socket) or a socket that is used in order to connect to a server (client mode). Actually, netcat does not care whether the socket is meant to be a server or a client. All it does is to take the data from stdin and transfer it to the other end across the network.

The simplest example of its usage is to create a server-client chat system. Although this is a very primitive way to chat, it shows how netcat works. In the following examples it is assumed that the machine that creates the listening socket (server) has the 192.168.0.1 IP address. So, create the chat server on this machine and set it to listen to 3333 TCP port:

$ nc -l 3333

On the other end, connect to the server with the following:

$ nc 192.168.0.1 3333

In this case, the keyboard acts as the stdin. Anything you type in the server machine’s terminal is transfered to the client machine and vice-versa.

Transfering Files

In the very same way it can be used to transfer files between two computers. You can create a server that serves the file with the following:

$ cat backup.iso | nc -l 3333

Receive backup.iso on the client machine with the following:

$ nc 192.168.0.1 3333 > backup.iso

As you may have noticed, netcat does not show any info about the progress of the data transfer. This is inconvenient when dealing with large files. In such cases, a pipe-monitoring utility like pv can be used to show a progress indicator. For example, the following shows the total amount of data that has been transfered in real-time on the server side:

Of course, the same can be implemented on the client side by piping netcat’s output through pv:

$ nc 192.168.0.1 3333 | pv -b > backup.iso

Other Examples

Netcat is extremely useful for creating a partition image and sending it to a remote machine on-the-fly:

$ dd if=/dev/hdb5 | gzip -9 | nc -l 3333

On the remote machine, connect to the server and receive the partition image with the following command:

$ nc 192.168.0.1 3333 | pv -b > myhdb5partition.img.gz

This might not be as classy as the partition backups using partimage, but it is efficient.

Another useful thing is to compress the critical files on the server machine with tar and have them pulled by a remote machine:

$ tar -czf - /etc/ | nc -l 3333

As you can see, there is a dash in the tar options instead of a filename. This is because tar’s output needs to be passed to netcat.

On the remote machine, the backup is pulled in the same way as before:

$ nc 192.168.0.1 3333 | pv -b > mybackup.tar.gz

Security

It is obvious that using netcat in the way described above, the data travels in the clear across the network. This is acceptable in case of a local network, but, in case of transfers across the internet, then it would be a wise choice to do it through an SSH tunnel.

Using an SSH tunnel has two advantages:

The data is transfered inside an encrypted tunnel, so it is well-protected.
You do not need to keep any open ports in the firewall configuration of the machine that will act as the server, as the connections will take place through SSH.

You pipe the file to a listening socket on the server machine in the same way as before. It is assumed that an SSH server runs on this machine too.

$ cat backup.iso | nc -l 3333

On the client machine connect to the listening socket through an SSH tunnel:

$ ssh -f -L 23333:127.0.0.1:3333 me@192.168.0.1 sleep 10; \
        nc 127.0.0.1 23333 | pv -b > backup.iso

This way of creating and using the SSH tunnel has the advantage that the tunnel is automagically closed after file transfer finishes. For more information and explanation about it please read my article about auto-closing SSH tunnels.

Telnet-like Usage

Netcat can be used in order to talk to servers like telnet does. For example, in order to get the definition of the word “server” from the “WordNet” database at the dict.org dictionary server, I’d do:

$ nc dict.org 2628
220 ..............some WELCOME.....
DEFINE wn server
150 1 definitions retrieved
151 "server" wn "WordNet (r) 2.0"
server
     n 1: a person whose occupation is to serve at table (as in a
          restaurant) [syn: {waiter}]
     2: (court games) the player who serves to start a point
     3: (computer science) a computer that provides client stations
        with access to files and printers as shared resources to a
        computer network [syn: {host}]
     4: utensil used in serving food or drink
.
250 ok [d/m/c = 1/0/18; 0.000r 0.000u 0.000s]
QUIT
221 bye [d/m/c = 0/0/0; 16.000r 0.000u 0.000s]

Works as a Port Scanner too

A useful command line flag is -z. When it is used, netcat does not initiate a connection to the server, but just informs about the open port it has found. Also, instead of a single port, it can accept a port-range to scan. For example:

$ nc -z 192.168.0.1 80-90
Connection to 192.168.0.1 80 port [tcp/http] succeeded!

In this example, netcat scanned the 80-90 range of ports and reported that port 80 is open on the remote machine.

The man page contains some more interesting examples, so take the time to read it.

Notes

All the above examples have been performed on Fedora 5/6. Netcat syntax may vary slightly among Linux distributions, so read the man page carefully.

Netcat provides a primitive way to transfer data between two networked computers. I wouldn’t say it’s an absolutely necessary tool in the everyday use, but there are times that this primitive functionality is very useful.

Sonntag, 24. November 2013

Mathematica und Wolfram Language laufen auf dem Raspberry Pi

Wolfram Research, die Firma hinter der Such- und Wissensmaschine Wolfram Alphaund der Software Mathematica, hat eine Zusammenarbeit mit der Raspberry Pi Foundation bekanntgegeben. In Zukunft ist Mathematica sowie die noch unfertige Programmiersprache Wolfram Language kostenlos Bestandteil des Raspbian-Betriebssystems.

Mathematica ist eines der am weitesten verbreiteten mathematisch-naturwissenschaftlichen Softwarepakete und kam erstmalig 1988 auf den Markt. Bisher war die Software nicht unter rund 150 Euro für eine Studentenlizenz zu bekommen.

3D-Diagramme in Mathematica auf dem Raspberry Pi.

Die erst vor kurzem angekündigte Wolfram Language gibt ihr Debüt auf dem Raspberry Pi. Von Wolfram Research wird sie als Programmiersprache "für die nächste Generation" angekündigt, mit der sich sehr einfach auch komplexe Aufgaben, zum Beispiel Bild- und Sprachverarbeitung erledigen lassen. Dazu bedarf es keiner zusätzlichen Bibliotheken, alle Funktionen sollen Teil des Sprachkerns sein.

Raspbian-User mit mindestens 600 MB freiem Speicher auf der SD-Karte können die Software einfach nachinstallieren:

sudo apt-get update && sudo apt-get install wolfram-engine

Der Firmengründer und Physiker Stephen Wolfram hat große Hoffnungen für die Kollaboration. Denn bereits 1988 wurde Mathematica einmal kostenlos mit einem Computer ausgeliefert: Damals kaufte das CERN Steve Jobs' NeXT-Computer mit der Mathematik-Software – der PC, auf dem Tim Berners-Lee das WWW erfand. (phs)

Donnerstag, 8. November 2012

Windows:Dateien die älter sind als X Tage per Skript / Batch löschen

1 Variante 1: forfiles

Nein, forfiles kannte ich auch noch nicht, scheint aber seit W2003 / XP dabei zu sein:

Forfiles /P E:\Ordner\ /S /M *.* /D -8 /C "cmd /c del /q @path"

/P E:\Ordner               : Pfad auf dem die Suche gestartet werden soll
/S                         : Bitte mit allen Unterordnern
/M *.*                     : Suchmaske - hier alle Dateien (ausser denen ohne Dateiendung)
/D -8                      : Letztes Änderungsdatum älter als 8 Tage zum heutigen Datum
/C "cmd /c del /q @path"   : Befehl der mit diesen Dateien ausgeführt werden soll (hier löschen)

2 Variante 2: robocopy

Per robocopy schummeln wir - wir verschieben alle älteren Dateien in eine neuen Ordner - den wir dann löschen

mkdir E:\TEMP
robocopy.exe E:\Ordner E:\TEMP /E /MOVE /MINAGE:8 /R:1 /W:1
rmdir E:\TEMP /s /q

mkdir E:\TEMP              : Verzeichnis E:\TEMP erstellen

E:\Ordner                  : Quellordner
E:\TEMP                    : Zielordner
/E                         : inklusive Unterverzeichnisse
/MOVE                      : verschieben statt kopieren
/MINAGE:8                  : Mindestalter, Dateien die jünger als 8 Tage sind werden ignoriert
/R:1                       : Bei Fehler 1x noch mal versuchen
/W:1                       : zwischen Wiederholungen 1 Sekunde warten (bei Fehler)

rmdir E:\TEMP /s /q        : Verzeichnis E:\TEMP inklusive Unterverzeichnissen ohne Nachfrage lösche

Mittwoch, 7. November 2012

Admin Password

das mit /active:yes klappt auch nicht im abgesicherten Modus:

Code:
C:\Users\peter> net user Administrator /active:yes
Systemfehler 5 aufgetreten.

Zugriff verweigert

Im abgesicherten Modus kann ich mich auch nur als nicht privilegierter Benutzer anmelden.

Geschafft habe ich es schließlich, indem ich mittels Linux-Tool chntpw den nicht privilegierten Account zum Admin Account zu machen:

Code:
root@sula:~# chntpw -l /mnt/Windows/System32/config/SAM
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
Hive
name (from header): <\SystemRoot\System32\Config\SAM>ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
Page at 0x10000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 7 pages (+ 1 headerpage)
Used for data: 262/54048 blocks/bytes, unused: 16/7168 blocks/bytes.

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 03e8 | admin | ADMIN | dis/lock |
| 01f4 | Administrator | ADMIN | dis/lock |
| 01f5 | Gast | | dis/lock |
| 03e9 | peter | | |
Geändert mittels chntpw Kommando:

Code:
root@sula:~# chntpw -u peter /mnt/Windows/System32/config/SAM
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
Hive
name (from header): <\SystemRoot\System32\Config\SAM>ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
Page at 0x10000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 7 pages (+ 1 headerpage)
Used for data: 262/54048 blocks/bytes, unused: 16/7168 blocks/bytes.

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 03e8 | admin | ADMIN | dis/lock |
| 01f4 | Administrator | ADMIN | dis/lock |
| 01f5 | Gast | | dis/lock |
| 03e9 | peter | | |

---------------------> SYSKEY CHECK <----------------------- font="font">
SYSTEM SecureBoot : -1 -> Not Set (not installed, good!)
SAM Account\F : 0 -> off
SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)
Syskey not installed!

RID : 1001 [03e9]
Username: peter
fullname: peter
comment :
homedir :

User is member of 1 groups:
00000221 = Benutzer (which has 3 members)

Account bits: 0x0010 =
[ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[ ] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |

Failed login count: 0, while max tries is: 0
Total login count: 11

- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
(4 - Unlock and enable user account) [seems unlocked already]
q - Quit editing user, back to user select
Select: [q] > 3
NOTE: This function is still experimental, and in some cases it
may result in stangeness when editing user/group in windows.
Also, users (like Guest often is) may still be prevented
from login via security/group policies which is not changed.
Do you still want to promote the user? (y/n) [n] y
User is member of 1 groups.
User was member of groups: 00000221 =Users,
Deleting user memberships
Adding into only administrators:
Promotion DONE!

Hives that have changed:
# Name
0
Write hive files? (y/n) [n] : y
0
- OKDie Kontrolle sieht gut aus:

Code:
root@sula:~# chntpw -l /mnt/Windows/System32/config/SAM
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
Hive
name (from header): <\SystemRoot\System32\Config\SAM>ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
Page at 0x10000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 7 pages (+ 1 headerpage)
Used for data: 263/54064 blocks/bytes, unused: 18/7152 blocks/bytes.

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 03e8 | admin | ADMIN | dis/lock |
| 01f4 | Administrator | ADMIN | dis/lock |
| 01f5 | Gast | | dis/lock |
| 03e9 | peter | ADMIN | |
root@sula:~#
Beim Booten konnte ich mich normal als nichtprivilegierter Benutzer anmelden und dann lies sich eine cmd.exe auch als Administrator ohne zusätzliche Passwort-Abfrage starten. Darin konnte ich dann mit "net uset admin xyz" das Passwort setzen.

Dienstag, 6. November 2012

IP Änderung per CMD

netsh interface ip set address name="LAN-Verbindung" source=static addr=192.168.1.7 mask=255.255.255.0 netsh interface ip set address name="LAN-Verbindung" gateway=192.168.1.254 gwmetric=0 netsh interface ip set dns name="LAN-Verbindung" source=static addr=192.168.1.254 register=PRIMARY

Citrix ICA Configs

[Desktop 2]
DesiredWinType=16
DesiredHPos=2048
DesiredVPos=0
DesiredHRES=1050
DesiredVRES=1680
PreferredLaunchMonitor=1

Bsp.
[WFClient]
Version=2
xxx.xxx.xxx.xxx
ClientName=

[ApplicationServers]
AMEOS Ticketsystem 2011=

[AMEOS Ticketsystem 2011]
DesiredWinType=16
Address=AMEOS Ticketsystem 2011
InitialProgram=#AMEOS Ticketsystem 2011
Compress=On
TWIMode=On
DesiredHPos=0
DesiredVPos=0
DesiredColor=4
DesiredHRES=1280
DesiredVRES=1024
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
UseLocalUserAndPassword=Off
Domain=HALBERSTADT

Installierte Windows-Drucker mit URL anzeigen

So bekommt man ganz leicht heraus, welche (Netzwerk)-Drucker im aktuellen
Windows hinzugefügt wurden:

Auf Ausführen klicken im Startmenü.
Anschließend "cmd" eingeben und im erscheinenden Fenster dann

reg query "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Devices"

Alle gemappten Drucker löschen mit PS:
Get-WMIObject Win32_Printer | where{$_.Network -eq 'true'} | foreach{$_.delete()}