ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Anybody here have any favorite scripts/hacks they'd like to share?
I picked up a good one from Hacking: The Art of Exploitation, for defending from port scans.
Code:
#!/bin/sh
HOST="192.168.0.189"
/usr/sbin/tcpdump -e -S -n -p -l "(tcp[13] == 2) and (dst host $HOST)" | /bin/awk '{
# Output numbers as unsigned
CONVFMT="%u";
# Seed the randomizer
srand();
# Parse the tcpdump input for packet information
dst_mac = $2;
src_mac = $3;
split($6, dst, ".");
split($8, src, ".");
src_ip = src[1]"."src[2]"."src[3]"."src[4];
dst_ip = dst[1]"."dst[2]"."dst[3]"."dst[4];
src_port = substr(src[5], 1, length(src[5])-1);
dst_port = dst[5];
# Increment the received seq number for the new ack number
ack_num = substr($10,1,index($10,":")-1)+1;
# Generate a random seq number
seq_num = rand() * 4294967296;
# Precalculate the sequence number for the next packet
seq_num2 = seq_num + 1;
# Feed all this information to nemesis
exec_string = "nemesis tcp -fS -fA -S "src_ip" -x "src_port" -H "src_mac" -D "dst_ip" -y "dst_port" -M "dst_mac" -s "seq_num" -a "ack_num;
# Display some helpful debugging info.. input vs. output
print "[in] "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10;
print "[out] "exec_string;
# Inject the packet with nemesis
system(exec_string);
# Do it again to craft the second packet, this time ACK/PSH with a banner
exec_string = "nemesis tcp -v -fP -fA -S "src_ip" -x "src_port" -H "src_mac" -D "dst_ip" -y "dst_port" -M "dst_mac" -s "seq_num2" -a "ack_num" -P banner";
# Display some helpful debugging info..
print "[out2] "exec_string;
# Inject the second packet with nemesis
system(exec_string);
}'
The following is a script that I add to the beginning of /etc/profile. While
the script is a nice idea, it's very easy for someone to avoid . I've never
had any of my systems cracked since I've started using it, so I have no idea
if this script will actually stop anyone. It would most likely catch someone
in the act, after they exploited a security hole, but before the system has
been r00ted. A r00ted system wouldn't even bother reading /etc/profile.
-- Begin script added to /etc/profile --
# Kick and ban users that are UID 0 but are NOT root!
if [ `id -u` = "0" -a `echo $USER` != "root" ]; then
# Lock the user out
passwd -l $USER
# Save some info
date >> /root/SHIT
netstat -apent >> /root/SHIT
ps auxww >> /root/SHIT
w >> /root/SHIT
w | mail -s "$USER has gained ROOT access" root@localhost
# Let EVERYONE know
wall << EOF
***********************************************************
$USER has gained ROOT access!!!
***********************************************************
EOF
for i in `ls /dev/pts/`; do
echo -e "\n$USER has gained ROOT access!!\n" >> /dev/pts/$i
done
# Log it
logger -is -f /var/log/messages "$USER has gained ROOT access!!"
# Let the luzer know
echo -e "\a\n\n You are _NOT_ root!!\\n\n\a"
# Kill the user and his processes
skill -9 -u $USER
ifconfig eth0 down
# This should be redundant
logout
exit
fi
# Attempt to catch those that su
alias su="su -"
-- End script added to /etc/profile --
Moved to Programming. Note to all: if you see a post which you think should be moved, click the link which reads "Report this post to a moderator". No one gets a slap for genuinely reporting a post, even if we disagree.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.