1. # vi /etc/network/if-up.d/iptables
2. #!/bin/sh
3.  
4. PATH=/usr/sbin:/sbin:/bin:/usr/bin
5.  
6. # user defined
7. WAN="eth0"
8. LAN="eth1"
9.  
10. # delete existing rules
11. iptables -F
12. iptables -t nat -F
13. iptables -t mangle -F
14. iptables -X
15.  
16. # always accept loopback traffic
17. iptables -A INPUT -i lo -j ACCEPT
18.  
19. # allow established connections, and those not coming from the outside
20. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
21. iptables -A INPUT -m state --state NEW ! -i $LAN -j ACCEPT
22. iptables -A FORWARD -i $LAN -o $WAN -m state --state ESTABLISHED,RELATED -j ACCEPT
23.  
24. # allow outgoing connections from the LAN side
25. iptables -A FORWARD -i $WAN -o $LAN -j ACCEPT
26.  
27. # masquerade out LAN interface
28. iptables -t nat -A POSTROUTING -o $LAN -j MASQUERADE
29.  
30. # do not forward from wan to lan
31. iptables -A FORWARD -i $WAN -o $LAN -j REJECT
32.  
33. # enable forwarding packets from interface to interface
34. echo 1 > /proc/sys/net/ipv4/ip_forward
35. # chmod +x /etc/network/if-up.d/iptables

BackupPC is an awesome program for backing up your data in an efficient manner. It provides you with an easy to use web interface and some very complete documentation. Read more about it at the BackupPC SourceForge page.

For some reason, the FreeBSD ports tree still does not contain BackupPC! This guide details the configuration steps to get BackupPC running with an Apache (lighttpd also supported, though) web interface on a FreeBSD host.

Upgrading a FreeBSD system is not all that hard. The FreeBSD Handbook obviously has a more verbose look at the whole process, but the following is basically what you will need to do on most systems.

If csup is new to you, man csup for more information. It is a C rewrite of cvsup.

You can easily tar up a Linux box and extract the files on a Linux partition (some version of ext). This can be great for making an image of a dying hard-drive or putting a hard-drive in another box, mounting it, and then making a backup (great if you need to mount read-only).

The following creates an archive, gzips the archive for greater compression, verbosely prints to the screen what is being backed up, preserves all permissions, and stores it in a file "device" /path/to/archive.tar.gz.

History lesson: most implementations of tar still default to using a tape device as output for the file stream!

1. # tar -pczvf /path/to/archive.tar.gz \
2. > --directory=/ \
3. > --exclude=proc --exclude=sys --exclude=dev/pts \
4. > .

To decompress the archive to the current working directory:

1. # tar -pxzvf archive.tar.gz

Use update instead of install chromium-browser if you already have it installed. This will update the previously installed version.

1. $ sudo add-apt-repository ppa:chromium-daily/ppa
2. $ sudo apt-get update
3. $ sudo apt-get -y install chromium-browser

I stumbled across pv the other day and found it interesting. It is not so much a utility as eye-candy, but useful non-the-less.

from the man page: pv allows a user to see the progress of data through a pipeline, by giving information such as time elapsed, percentage completed (with progress bar), current throughput rate, total data transferred, and ETA.

First, install pv with what ever package manager you use.

• # cd /usr/ports/sysutils/pv && make install clean
• # apt-get install pv
• # yum install pv

Using pv is analogous to using cat, only with a progress bar and some extra goodies!

1. # pv file.iso | dd of=/dev/cd0 bs=64k

1. (server)
2. # pv file.iso > nc -l 4444
3. (client)
4. # nc host 444 > file.iso

NanoBSD is an awesome set of scripts contained in the FreeBSD source tree that enables you to easily prepare and install a custom FreeBSD system for an embedded device. It is also highly optimized for Compact Flash media, providing a Read-Only file system and memory disks for the heavily written mount points, namely /etc and /var, to protect against wear-leveling.

I have provided a number of config files for a NanoBSD system that provides various services to get you started on an overlay of custom files that are geared towards making an AP (access point) out of an ALIX2C2 board from http://pcengines.ch (purchased at NetGate [US]), although these files require minor tweaks if you are using another ALIX board or even completely different hardware (mainly just network device names!).

Simply press s immediately after boot time (while RAM is counting up).

1. Boot: 1 PC Engines ALIX.2 v0.99
2. 640 KB Base Memory
3. 261120 KB Extended Memory
4.  
5. 01F0 Master 848A SanDisk SDCFB-1024
6. Phys C/H/S 1986/16/63 Log C/H/S 993/32/63
7.  
8. BIOS setup:
9.  
10. *9* 9600 baud (2) 19200 baud (3) 38400 baud (5) 57600 baud (1) 115200 baud
11. *C* CHS mode (L) LBA mode (W) HDD wait (V) HDD slave (U) UDMA enable
12. (M) MFGPT workaround
13. (P) late PCI init
14. *R* Serial console enable
15. (E) PXE boot enable
16. (X) Xmodem upload
17. (Q) Quit

1. # mkdir /mnt/nanobsd
2. # mount /dev/da0s1a /mnt/nanobsd
3. # mkdir /mnt/nanobsd/usr/ports
4. # mount -t nullfs /usr/ports /mnt/nanobsd/usr/ports
5. # mount /dev/da0s3 /mnt/nanobsd/cfg
6. # chroot /mnt/nanobsd

1. # cd /usr/ports/foo/bar
2. # make install clean
3. # mkdir /cfg/local
4. # cp -R /usr/local/etc/* /cfg/local

1. # exit
2. # umount /mnt/nanobsd/usr/ports
3. # umount /mnt/nanobsd/cfg
4. # umount /mnt/nanobsd

I always seem to forget this command. The following mounts the UFS2 FreeBSD filesystem to /mnt/fbsd directory on a Linux box. Notice the read-only permission. Unfortunately, (as of this writing) Linux does not have write support for UFS2. Please let me know if I am in error.

Change /dev/sda3 to your disk device!

1. # mkdir /mnt/fbsd
2. # mount -t ufs -o ro,ufstype=ufs2 /dev/sda3 /mnt/fbsd

For when you have a brain lapse...

• 2400
• 4800
• 9600
• 19200
• 38400
• 57600
• 115200

You must install the rpm2cpio package on what ever operating system you are running. The following will extract a rpm hierarchy to the current directory.

1. $ mkdir ~/extracted_rpm
2. $ cd ~/extracted_rpm
3. $ rpm2cpio /path/to/FILENAME.rpm | cpio -div

Under construction...

Never edit /boot/grub/grub.cfg directly! You have to make changes in a special file under /etc/grub.d so that your changes will not get overwritten every time you update kernels, etc.

I am using my disk device name here. Make sure you use the one that fits your system.

• hd0       hard drive number
• 3           partition of FreeBSD partition (indexed from 1)
• a           slice of /boot partition

1. # vi /etc/grub.d/40_custom
2. #!/bin/sh
3. exec tail -n +3 $0
4.  
5. menuentry "FreeBSD 8.0-RELEASE" {
6.     insmod ufs2
7.     set root=(hd0,3,a)
8.     chainloader +1
9. }

Run update-grub2 to merge the changes in /etc/grub.d/40_custom. You should also be able to verify that the new entry will be seen next time grub2 is loaded.

1. # update-grub2
2. # cat /boot/grub/grub.cfg | grep FreeBSD

Reboot and give it a try!

First, see what stray packages are on the system so you know what is about to get deleted.

1. $ dpkg -l | grep ^rc | cut -d ' ' -f3 | less

What just happened there? We listed the packages that are installed with dpkg -l, filtered out results to only show lines starting with rc, then further trimmed the output to the third column which contains only the package names. less just allows us to easily scroll through the output in the terminal.

Now that you have verified what packages are going to be deleted and taken care of any loose ends, you should then be able to append a simple command to purge the packages in question.

1. # dpkg -l | grep ^rc | cut -d ' ' -f3 | xargs dpkg -P

You can use sudo on the xargs command if you are a user and need priviledges.

xargs is a handy command that allows you to pipe output delimited by tab, space, etc and do an action on each value. In this case, we have a list of packages that we need to purge, so we run dpkg -P one each package name that we extract.

I was on the hunt for an expect library for PHP and finally found one in PECL, a repository for PHP Extensions. I was surprised this was not a PHP module more easily accessible like php-session, php-mysql, etc... but it works just as well.

Since Metasploit is so dynamic and still changing frequently with full time employees, it is best to just sync a local file tree to the latest code branch when you plan to use it. You can use the /usr/ports/security/metasploit port, but you will find it lagged far behind the latest SVN tree.

Anyways, we need to install subversion to download the Metasploit Framework.

1. # cd /usr/ports/devel/subversion
2. # make install clean distclean

Now make room for Metasploit and download the tree.

1. $ mkdir ~/.msf3
2. $ cd ~/.msf3
3. $ svn co https://www.metasploit.com/svn/framework3/trunk framework

Finally, drag in Ruby and a few supporting modules.

1. # cd /usr/ports/databases/rubygem-activerecord
2. # make install clean distclean
3. # cd /usr/ports/devel/ruby-rreadline
4. # make install

Coming soon...

First, install the necessary dependencies:

1. $ sudo apt-get install ruby subversion libyaml-ruby libzlib-ruby libopenssl-ruby libreadline-ruby libiconv-ruby rubygems

Technically, to use the GUI you need to install libgtk2-ruby and libglade2-ruby, but the GUI is now deprecated and will no longer be developed or updated. I encourage you to forget about using it.

It is great to have a database backend to keep up with data from session to session. A simple sqlite3 backend will do for most, but if you need more robustness and performance, MySQL and Postgres are available to you. Simply install the database server and supporting Ruby library for that specific database server.

1. sudo apt-get install sqlite3 libsqlite3-ruby

1. sudo apt-get install mysql-server libmysql-ruby

1. sudo apt-get install postgresql libpgsql-ruby

Now sync the Metasploit subversion tree into a directory of your choice.

1. $ mkdir ~/.msf3
2. $ cd ~/.msf3
3. $ svn co https://www.metasploit.com/svn/framework3/trunk framework

You should now have the latest and greatest Metasploit tree. For now on, you can simply use the command svn update inside the ~/.msf3/framework directory (or where ever else you synced the svn tree to) and it will sync the latest changes in the repository to your existing Metasploit installation.

1. $ cd ~/.msf3/framework
2. $ svn update

This is my small collection of wallpapers that I enjoy looking at during the long hours I spend at various computers. Enjoy.

A FreeBSD port for the Eclipse AVR add-on has yet to be created and the Eclipse CDT add-on that is contained in even a recent ports tree is too outdated to use with the AVR add-on.

To fix this, I basically started with a naked Eclipse install from ports and installed the extra features manually using Eclipse's update mechanism and each add-on's respective update site.

This uses the new VAP interface setup that comes with FreeBSD 8.0 and newer.

1. # vi /etc/rc.conf
2. --- snip --- snip ---
3. wlans_ath0="wlan0"
4. ifconfig_wlan0="WPA DHCP"

1. # vi /etc/wpa_supplicant.conf
2. network={
3.     ssid="ssid_goes_here"
4.     key_mgmt=WPA-PSK
5.     psk="password_here"
6. }

1. # /etc/rc.d/netif restart

Wait a few seconds for your wireless card to associate with the wireless device and see (1) if you are associated and (2) that you have an IP address.

1. # ifconfig wlan0

If you have multiple access points around and want a certain one over the other, add priority=1 (you change number), to the host's block in /etc/wpa_supplicant.conf. The lower the number, the higher the priority.

Test IP connectivity to the public Internet.

1. # ping 4.2.2.1

Test DNS resolution against a public hostname.

1. # cat /etc/resolv.conf
2. -- list of nameservers from DHCP lease --
3. # ping www.google.com

If you happen to not have anything there, you can try using the 4.2.2.1 and 4.2.2.2 nameservers.

1. # vi /etc/resolv.conf
2. nameserver 4.2.2.1
3. nameserver 4.2.2.2

The FreeBSD Handbook covers most FreeBSD installation topics in depth, but the following is exactly the way I install all of my systems. This process is quick and will get you into a system that you can customize to your liking.

I have compiled a list of system commands that I felt were frequent enough to mention. The list covers commands that you use to ti interact with the file system and network, use the vi/vim editor, and utilize screen to make life easier.

I have put together a basic reference of chmod permissions. Enjoy!

For a more complete "e;guide"e; to little things like this, check out my full guide to using a shell.

R is read   W is write   X is execute

git is an awesome reversion-control system (amougst many other things) Coupled with gitosis for easy user/project/groups/access management and gitweb to get a great visualization of a project's repository, it can quicky scale to any project at hand.

scrotwm is an excellent tiling window manager that I have been doing my development work in lately. I have found it amazingly useful, though the docs on it are pretty scarce. As of this writing, there is still no .deb package for it and it is not in the repository, so I have outlined a quick install.

I was doing some work for the IBM Master the Mainframe 2009 contest and had to write a quickie isPrime() function. After writing it, I was searching for other solutions for a comparison and was surprised at how hard some people made their code! I figured this might come in handy to someone.

This example will only work with input values of -32767 to 32767 due to the (implied) (signed) int data type. To expand the range, just use the other numeric data types where int appears in this code snippet! For example, unsigned int would double the range by using only positive numbers (0 - 65535). Better yet, we can utilize long or unsigned longwhich allows for numbers -2147483647 to 2147483647 and 0 to 4294967295, respectively!

Yes, there is the epic long long, but I neglected to mention it due to it not being in many languages...

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

/*** returns 1 if input is prime, 0 if not ***/
int is_prime (int num)
{
    int n;
 
    // avoid loop;  0 or 1 are never prime
    if (num == 0 || num == 1)
        return 0;
 
    // loop through numbers 0..(n/2)+1, trying to
    // divide one into the other with no remainder.
    for (n=2; n < (num/2)+1; n++) {
 
        // if we had no remainder during a revision,
        // input number has a divisor... NOT PRIME!
        if ((num % n) == 0)
          return 0;
    }
 
 
    // made it through gauntlet...prime!
    return 1;
}

Nothing groundbreaking, but it does the trick with only a few lines of code!

Also, note that this code was originally written in C, but it is generic enough to apply to nearly any popular language. If you need help adapting it to some other language, contact me and I am sure we can knock it out.

Adobe has always denied FreeBSD native flash support, but you can use Linux emulation to get Adobe Flash 10 working on a FreeBSD system with a few simple steps. Although it might have its occasional quirks, Flash works pretty well with anything I have ever thrown at it. It gets better every update!

I had the need to set up irssi on my University shell account with minimal user access, so I took some notes on what I did. I have found out that a lot of people encounter the missing glib dependency, which is absolutely necessary for irssi to execute properly. Due to the problem's popularity, I included installing glib in this guide.

I thought it would be neat to write a program to spider the Web autonomously... so I wrote a Perl script that does just that!

The computer science folks would consider the spidering aspect a breadth first search that uses a queue data-structure to hold the collection of hostnames. That sounds like a mouth full, but the idea is simple (I promise!).

The program basically works by looping through the following phases:

1. do a HTTP dump on a host (port 80) in queue
2. scrape unique hostnames from the output
3. add the found hostnames to the crawl queue
4. do something fun with the output

The link to the code is here if you want to check that out.

To make a long story short, transparency is a P.I.T.A. if you plan on exposing your image to older web browsers. The transparency in your image might appear to work as planned in the more recent browsers, but the same image can often result in an array of funky colors where the transparency is supposed to be in older browsers.

Transparency is a must on today's Web and, unfortunately, old and outdated browsers are still prevalent enough that you have to take them into considering when building/designing a website. Though some statistics might cite that older browsers have a minute market share and choose to neglect them in the design process, those same viewers could be a click on an ad, a purchase at your store, or remain valuable in some other aspect.

Using the GIMP, cross-browser transparency support is easily accomplished with a few clicks. The following list of instructions is, verbatim, what needs to be done to export the image correctly.

1. Image -> Flatten Image
2. Layer -> Transparency -> Add Alpha Channel
3. Select -> By Color OR use the Fuzzy Select Tool with thresholds on the GIMP toolbox
4. Edit -> Clear or DEL on the keyboard
5. Image -> Mode -> Indexed...
6. File -> Save As... -> filename.png
7. (yes to defaults)

Often times, administrators and default installations of various DNS servers (on all platforms) leave the DNS server susceptible to zone transfers. What this basically means is that the DNS server will allow someone to download a dump of all DNS records served for a specific domain. This can obviously pose a moderate to high security risk (but can be disabled on the server quite easily).

The information gained with a successful zone transfer can be very helpful for an intelligence gathering attacker and can ultimately expose the addresses of a huge number of hosts that administrators might not want the public (internet) to know about (and that no one planned to be exposed to internet traffic!).

For example, I have seen zone transfers that listed multiple development servers that were freely accessible, exposing security flaws due to incomplete code. Development boxes are also a good candidate to look for files with incorrect permissions to gain even more information out of the host.

Also, bare in mind the situation where someone gets their hands on a decent sized transfer. Thousands of hosts belonging to a single domain can be easily gleaned in seconds. I think it is also neat how you can quickly read over most zone transfers and easily pick out the devices that belong to the core infrastructure and even addresses of important services used in the domain (due to the verbosity some administrators use in coming up with a hostname).

I wrote a small Perl tool, dig-shovel, to automate the process of finding the list of nameservers for a domain, attempting a domain transfer from each, and finally parsing the addresses contained in the zone transfer into something easily readable and exportable. The tool I wrote can be directly downloaded form this site by with this link (right-click, Save As...) or click through to this post to get the details on dig-shovel.

If your host happens to have weird or non-existent PHP logging features, you can easily enable them in-line with your code as if you had changed php.ini directly.

FreeBSD ships with the internal speaker enabled, which can be very annoying when computing in public! I chose to disable the beep by disabling it at the kernel level with sysctl, instead of doing one-off hacks for each application that uses the system bell.

1. # sysctl hw.syscons.bell=0
2. hw.syscons.bell: 1 -> 0

Now check to see if the beep is still there. If not, do the following to make the change permenant. If the sound is still there, skip to the next heading to see some other methods of disabling the internal speaker.

1. # echo 'hw.syscons.bell=0' >> /etc/sysctl.conf

Unfortunately, spammers of all kinds continuously scan for pages that contain elements in which they, or their bots, can post their spam messages easily. Though the attacks can get sophisticated if they target your exact defense mechanism, you can easily circumvent many of the bots by using a simple captcha.

A captcha is just a method of getting the user to jump through a hoop of some sort to identify

On occasion, I like to get my hands dirty with SQL injection (learning in a controlled environment, of course). If you have ever read about or done SQL injection, you often have to convert text into various other forms to either make the HTTP request happy or avoid one of the server's sanitize methods.

The following are a few that I find useful to have a tool for. Feel free to let me know your ideas on new features and options. I will try to add more as I find the need!

Apache's HTTP Authentication is a fast and easy way to lock down a directory so that it prompts users with a password dialog box to view the files.

This guide assumes that you have Apache2 already up and running.

Most any fresh Linux install, Debian in my specific case, automatically enables a multitude of wonderful high pitched beeps and tones for your listening pleasure. You might have noticed them by hitting a TAB on an invalid auto-complete, when you incorrectly login to GDM, or any of the other seemingly infinite ways to get an ear crunching BEEEEP.

To fix this issue you can go about disabling beeps in individual programs, but I have a better idea! Let's get the job done right and just blacklist the whole internal speaker to get rid of all beeps in all programs. Unless you are listening to motherboard beeps, who really need the internal speaker, anyways?

I use both modules as an example, just note the basic difference is that pcspkr is used in newer kernels. If one command does not work ('Module xxx does not exist' errors, etc), try the other.

Lets try to unload the (possibly) already running module.

1. # rmmod snd_pcsp
2. # rmmod pcspkr

Now we just need to make sure the module does not get loaded on system boot.

1. # echo 'blacklist snd_pcsp' >> /etc/modprobe.d/blacklist
2. # echo 'blacklist pcspkr' >> /etc/modprobe.d/blacklist
3. # reboot

I just noticed FireFox 3.5 is in my ports tree! I upgraded immediately to check out the JavaScript speeds that everyone was always reporting about... and I see why there were ranting so much! All my AJAX scripts that I am used to using are sped up dramatically. I am very impressed, although I find it weird that I have to load a Kernel module to use my browser. Oh, and Firefox 3.0 is in conflict with Firefox 3.5, so you have to remove Firefox 3.0 before you can even install Firefox 3.5. Also worth mentioning is the fact that Firefox 3.5 uses Firefox 3.0's /usr/local/lib/firefox3 directory don't worry about reinstalling plugins or bookmarks!

Check out how to update your ports tree to get the latest and greatest versions and sources for applications.

1. # pkg_delete firefox-3\*
2. # cd /usr/ports/www/firefox35
3. # make install clean distclean
4. # kldload sem
5. # echo 'sem_load="YES"' >> /boot/loader.conf