Skip to content



New server

From today I’m on the new server and I desire you won’t detect any troubles.

Posted in Other.


Extract multiple 7z files in folder (at once)

To extract multiple 7z files at once, use the next script

for fileToExtract in *.7z
do
  7z x "$fileToExtract"
done

Remember, x option means extract files with full paths.

Posted in Tips & Tricks.


GNU bash Environment Variable Command Injection

You can test your server for bash command injection with

[root@ss ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

Update bash with

# yum -y update bash

and you’ll get

[root@ss ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Posted in CentOS.


XSS via DNS

XSS (Cross-Site Scripting) attack is a type of injection, in which malicious scripts are injected into trusted web sites. Your browser has no way to know that the script should not be trusted, and will execute the script. In this case, the script can access any cookies, session tokens, or other sensitive information which can be passed to the attacker.

The golden rule “Do not trust user input” seems forgotten in some cases. The guy succeeded to inject malicious script via TXT record on his domain and the script is promptly executed when you check his domain via Whois services.

The vulnerable sites:

http://who.is/

http://mxtoolbox.com/

http://dig.whois.com.au/

Some of them are already patched but the taste remains :)

The ycombinator discussion: https://news.ycombinator.com/item?id=8336025

The exact TXT content:

comp@comp ~ $ dig txt jamiehankins.co.uk
 
; <<>> DiG 9.9.5-3-Ubuntu <<>> txt jamiehankins.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24931
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 3
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;jamiehankins.co.uk.		IN	TXT
 
;; ANSWER SECTION:
jamiehankins.co.uk.	300	IN	TXT	"google-site-verification=nZUP4BagJAjQZO6AImXyzJZBXBf9s1FbDZr8pzNLTCI"
jamiehankins.co.uk.	300	IN	TXT	"<iframe width='420' height='315' src='//www.youtube.com/embed/dQw4w9WgXcQ?autoplay=0' frameborder='0' allowfullscreen></iframe>"
jamiehankins.co.uk.	300	IN	TXT	"v=spf1 include:spf.mandrillapp.com ?all"
jamiehankins.co.uk.	300	IN	TXT	"<script src='//peniscorp.com/topkek.js'></script>"
 
;; AUTHORITY SECTION:
jamiehankins.co.uk.	172800	IN	NS	hank.ns.cloudflare.com.
jamiehankins.co.uk.	172800	IN	NS	lucy.ns.cloudflare.com.
 
;; ADDITIONAL SECTION:
hank.ns.cloudflare.com.	11832	IN	A	173.245.59.116
hank.ns.cloudflare.com.	11832	IN	AAAA	2400:cb00:2049:1::adf5:3b74
 
;; Query time: 81 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Sep 18 23:21:30 CEST 2014
;; MSG SIZE  rcvd: 481

Posted in DNS, Humor.


AN!Cluster Tutorial

Today I found something very interesting (and large)

https://alteeve.ca/w/AN!Cluster_Tutorial_2

p.s. Please do not bother me for the next 30 days :)

Posted in CentOS.


Samsung printer on Linux – rastertosplc – No such file or directory

If you try to install Samsung printer (in my case ML1675) on Ubuntu 14.04 or Mint 17, you’ll may have some problems with missing file – rastertosplc.

If you added printer via web (http://localhost:631/) or via printer wizard, delete installed printer and follow the next instructions

Download drivers from this page: http://www.samsung.com/pk/support/model/ML-1675/XSG-downloads, extract them and install drivers with:

sudo ./install-printer.sh

(follow the wizard to complete process)

cd into /usr/lib/cups/filter and check the existence of rastertosplc file.

If this file doesn’t exist add symbolic link to /opt/smfp-common/printer/bin/rastertospl with

sudo ln -s /opt/smfp-common/printer/bin/rastertospl rastertosplc

after you should have something like

bla@bla-178 /usr/lib/cups/filter $ ls -la
...
lrwxrwxrwx  1 root root     40 Aug 23 13:39 rastertospl -&gt; /opt/smfp-common/printer/bin/rastertospl
lrwxrwxrwx  1 root root     40 Aug 23 13:51 rastertosplc -&gt; /opt/smfp-common/printer/bin/rastertospl
...

The first file is probably created via install script while the second one is “fix” to “File “/usr/lib/cups/filter/rastertosplc” not available: No such file or directory” problem.

After you did this, add printer via wizard and try to print test page.

ml1675

Posted in Mint Linux, Tips & Tricks.


100% true…

Bs5TSJ7CIAAu0Gt

Posted in Humor.


CentOS server – NFS client/server howto

NFS stands for Network File System and through NFS, a client can read and/or write a remote share on an NFS server (like on local hard disk)

The first step to set up NFS client/server is to install nfs-utils and nfs-utils-lib packages on both systems (server and client)

yum install nfs-utils nfs-utils-lib
chkconfig --levels 235 nfs on 
service nfs start

For example, the server IP is 10.0.0.1 and the client 10.0.0.2.

I’d like to use /test and /var/test directories from the client system. To make them accessible we must “export” them on the server.

From the client system, the NFS share is usually accessed as the user “nobody”. If the directory isn’t owned by nobody, the read/write access from NFS client should be made as root.
In this howto, the /test dir will be used as root while the /var/test will be used as “nobody”. If /var/test directory doesn’t exist, create the dir and change the ownership to the user/group 65534 (nonexistant user/group).

mkdir /var/test
chown 65534:65534 /var/test

The next step (on the server side) is to modify /etc/exports

nano /etc/exports

and add the next lines

/test           10.0.0.2(rw,sync,no_root_squash,no_subtree_check)
/var/test        10.0.0.2(rw,sync,no_subtree_check)

The no_root_squash parameter means access dir as root (all files copied/created from client will be owned by root).

After you modify /etc/exports, run exportfs -a to make the changes effective.

exportfs -a

The next step (on the client side) is to create the directories where you want to mount the NFS shares

mkdir -p /mnt/test
mkdir -p /mnt/var/test

Mount NFS shares with

mount 10.0.0.1:/test /mnt/test
mount 10.0.0.1:/var/test /mnt/var/test

Verify the settings with:

df -h

The result should be something like

[root@client ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
....
10.0.0.1:/test    100G  25G   75G  25% /mnt/test
10.0.0.1:/var/test
                       100G  25G   75G  25% /mnt/var/test

and

mount

The result should be something like

[root@client ~]# mount
....
10.0.0.1:/test on /mnt/test type nfs (rw,addr=10.0.0.1)
10.0.0.1:/var/test on /mnt/var/test type nfs (rw,addr=10.0.0.1)

To mount the NFS shares at boot time, add the next lines in /etc/fstab file

10.0.0.1:/test  /mnt/test   nfs      rw,sync,hard,intr  0     0
10.0.0.1:/var/test  /mnt/var/test   nfs      rw,sync,hard,intr  0     0

Don’t forget to check the settings after reboot

Posted in CentOS, Other, Server project, Tips & Tricks.


DAY AFTER DISASTER

Posted in Other.


TrueType fonts under Debian

If you’re coming from Windows you’ll probably notice the “difference” between the fonts on Linux and Windows. You probably don’t have true type fonts installed which are commonly used on Windows based systems. They are also known as as “Windows Fonts” or “DejaVu fonts”.

You can easily install the true type fonts under Debian Linux:

# sudo apt-get install ttf-mscorefonts-installer

For Debian Lenny and later versions, free alternatives for the common Microsoft fonts Arial, Courier and Times New Roman are available in ttf-liberation package. You can install this package with:

# sudo apt-get install ttf-liberation

Logout from your current session and login again to reload the fonts.

Posted in Mint Linux.