Tutorial Proggraming Free

- Secure Encryption and Decryption of files and streams - ccrypt

ccrypt is a command line utility for encrypting and decrypting files and streams. It was designed as a replacement for the standard Unix crypt utility, which is notorious for using a very weak encryption algorithm. ccrypt is based on the Rijndael cipher, which is the U.S. government's chosen candidate for the Advanced Encryption Standard (AES). This cipher is believed to provide very strong security. A compatibility mode is included for decrypting legacy "unix crypt" files.

Unlike unix crypt, the algorithm provided by ccrypt is not symmetric, i.e., one must specify whether to encrypt or decrypt. The most common way to invoke ccrypt is via the commands ccencrypt and ccdecrypt. There is also a ccat command for decrypting a file directly to the terminal, thus reducing the likelihood of leaving temporary plaintext files around. In addition, there is a compatibility mode for decrypting legacy unix crypt files. An emacs mode is also supplied for editing encrypted text files.

source:http://linuxpoison.blogspot.com/2011/04/135781677512773.html

- Protect SSH server from dictionary attacks using iptables

iptables is built on top of netfilter, iptables is the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

If you are using SSH then you will sooner or later notice someone trying to hack into your box using dictionary attacks. You can use the iptables module recent to limit a minimum time between new connections from the same IP.

source:http://linuxpoison.blogspot.com/2011/04/135781677519839.html

- SQL injection Tool - Havij

We are NOT responsible for any damage or illegal actions caused by the use of this program.
Use on your own risk!

SQL injection is yet another common vulnerability that is the result of lax input validation. Unlike cross-site scripting vulnerabilities that are ultimately directed at your site’s visitors, SQL injection is an attack on the site itself—in particular its database. The goal of SQL injection is to insert arbitrary data, most often a database query, into a string that’s eventually executed by the database. The insidious query may attempt any number of actions, from retrieving alternate data, to modifying or removing information from the database

source:http://linuxpoison.blogspot.com/2011/05/13578167755772.html

- Allow Remote Ronnections Acess to MySQL Server

MySQL by default allows you to connect to it via localhost, you can not connect to MySQL server directly from some remote IP address.

To enable remote mysql access you just need to perform a little editing in the mysql configuration file. Open the mysql configuration file -- /etc/mysql/my.cnf and look for line

bind-address = 127.0.0.1

Change the above line (Comment out) with following and save the changes

#bind-address = 127.0.0.1

source:http://linuxpoison.blogspot.com/2011/05/13578167756134.html

- UI Forensic Tool for File Information - FileInfo

FileInfo is an GUI forensic tool for Ubuntu Linux written in Python, that helps you in identifying files with specific values for certain attributes in order to search and sort these files and present the results in an easily readable tabular fashion.

Using fileinfo you can access this information for many files at once without opening these files individually with a dedicated application, which can be very time consuming.

FileInfo features includes:

* Meta Data Information

* String ASCII and Unicode

* Hash MD5 and SHA1

* Malicious PDF Analyzer

* Detect and Show PE32 Information

* Detect and Extract Thumbnail from JPEG file

FileInfo Installation:

Download Fileinfo from here and extract the content using command:

$ tar xfz fileinfo-x.tar.gz

Then change into the newly created directory ``fileinfo`` and install `fileinfo` by running the following command::

$ bash fileinfo --install

source:http://linuxpoison.blogspot.com/2011/05/135781677510676.html

- How To Generate QR Code under Ubuntu Linux

A QR Code (it stands for "Quick Response") is a mobile phone readable barcode - simply encode a URL into the QR Code and then point a mobile phone (or other camera-enabled mobile) at it. If the device has had QR Code decoding software installed on it, it will fire up its browser and go straight to that URL.

But it doesn't stop there - a QR Code can also contain a phone number, an SMS message, V-Card data or just plain alphanumeric text, and the scanning device will respond by opening up the correct application to handle the encoded data appropriately courtesy of the FNC1 Application Identifiers that are embedded in the encoded data.

The technical specifications for a QR Code are set down in the ISO-18004 standard so they are the same all over the world, and the only significant variations from one QR code to another (apart from the data it contains) is the number of modules required to store the data.

source:http://linuxpoison.blogspot.com/2011/05/135781677514998.html

- Opensource Profiling and performance tunning for .Net Applications - SlimTune

SlimTune is a free profiler and performance analysis/tuning tool for .NET based applications, including C#, VB.NET, and more. It provides many powerful features, such as remote profiling, real time results, multiple plugin-based visualizations, and much more. The source code is available under the terms of the MIT License.

SlimTune is currently an early beta, but it is fully functional and considered ready for use in most cases. Both x86 and x64 targets are supported, but only sampling based profiling is available in the current release.

SlimTune Features
Live Profiling - Why should you have to wait until your program has ended to see results? SlimTune reports results almost immediately, while your code is still running. See your bottlenecks in real-time, not after the fact.

source:http://linuxpoison.blogspot.com/2011/06/135781677516312.html

- How to Upgrade Ubuntu Using an Alternate ISO Image

If your computer is not able to run the standard Desktop installation CD, you can use an Alternate installation CD instead. The Alternate CD also allows more advanced installation options which are not available with the Standard LiveCD.

To upgrade Ubuntu from an ISO file, you need the Alternate version CD, NOT the regular Ubuntu Desktop CD. Alternate CD ISO image file of any release can be found here: http://releases.ubuntu.com/.

source:http://linuxpoison.blogspot.com/2011/06/13578167758695.html

- How to Create ISO-9660 CD-ROM filesystem images - genisoimage

genisoimage is a pre-mastering program to generate ISO9660/Joliet/HFS hybrid filesystems. genisoimage takes a snapshot of a given directory tree, and generates a binary image which will correspond to an ISO9660 and/or HFS filesystem when written to a block device.

Install genisoimage using command:

sudo apt-get install genisoimage

source:http://linuxpoison.blogspot.com/2011/06/135781677518383.html

- Scan for Potential Security flaws in source code - Graudit

Graudit is a little script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Graudit supports scanning code written in several languages; asp, jsp, perl, php and python.

Graudit Usage:
Graudit supports several options and tries to follow good shell practices. For a list of the options you can run graudit -h or see below. The simplest way to use graudit is;

source:http://linuxpoison.blogspot.com/2011/06/135781677518867.html

- How to Measure the Throughput of a Network- Iperf

Iperf is a commonly used network testing tool for measuring maximum TCP and UDP bandwidth performance (throughput) of a network. Iperf allows the tuning of various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, datagram loss.

Iperf allows the user to set various parameters that can be used for testing a network, or alternately for optimizing or tuning a network. Iperf has a client and server functionality, and can measure the throughput between the two ends, either unidirectonally or bi-directionally. It is open source software and runs on various platforms including Linux, Unix and Windows.

Typical Iperf output contains a timestamped report of the amount of data transferred and the throughput measured. Iperf is significant as it is a cross-platform tool that can be run over any network and output standardized performance measurements. Thus it can be used for comparison of wired and wireless networking equipment and technologies in an unbiased way.

source:http://linuxpoison.blogspot.com/2011/06/135781677511530.html

- How to reinstall GRUB 2 in Ubuntu using Live Distribution CD

GRUB 2 introduces many new changes. GRUB 2 has better portability and modularity, supports non-ASCII characters, dynamic loading of modules, real memory management, and more and is totally different from its predecessor, menu.lst doesn't even exist, it is replaced by grub.cfg which have little resemblance with menu.lst.

Using a Live distribution
The first thing to do is start the live-cd and open a terminal type the following command to see the partitions on different hard disks:

$ sudo fdisk-l

source:http://linuxpoison.blogspot.com/2011/06/13578167754468.html

Labels