Basic Linux Commands For Beginners [Part I]

I thought I would be sharing the different linux commands from basic to advanced so that the new linux users will be benefited so I'm starting this post and I'll continue to post more commands. This is the first one with the most basic commands to use in terminal.

Note that the linux commands are case-sensitive so be careful with the case while executing the commands.

cd

Command to change directory

cd /home: This changes the current working directory to /home. The '/' indicates the path relative to root, and the directory will be changed to "/home", no matter what directory you are in when you execute this command.

cd samar: This changes the current working directory to samar, relative to the current location which is "/home". The full path of the new working directory is "/home/samar".

cd ..: This moves to the parent directory from the current directory. Hence on executing this command, our new directory will be "/home".

cd ~: This changes the current directory to the user's home directory which is "/home/samar" for the user "samar". The ~ indicates the home directory of the currently logged in user.

ls

List the files and folders present in the current directory

ls: List the files and folders in the current working directory except those starting with . and only show the file name.

Using the different switches such as ls -lia, ls -al would output other more information such as ownership, chmod info, etc. of the files in the current directory.

cat

concatenate files and send the contents to the standard output. This command comes quite handy in many cases and with the use of the redirection, we can send the contents to other outputs such as files and others.

cat /etc/passwd: sends the file content of the file "/etc/passwd" to the standard output i.e. monitor.

cat /etc/passwd>/home/samar/Desktop/pass.txt: writes the content of the "/etc/passwd" file to the "/home/samar/Desktop/pass.txt" file.

cat file1 file2 > file3.txt: concatenates the content of "file1" with that of "file2" and writes to "file3.txt"

For now, I will leave you to do some study on these commands. You can use man page or info to find more about these commands(I'll leave it for you to research). Have fun. :)

Read more...

Checking MD5 sum of file in Linux

Linux offers a command line tool called md5sum which can be used to find the md5 checksum of the files in LINUX.

The info md5sum displays the following information about this command.

File: *manpages*, Node: md5sum, Up: (dir)

MD5SUM(1) User Commands MD5SUM(1)

NAME
md5sum - compute and check MD5 message digest

SYNOPSIS
md5sum [OPTION] [FILE]...

DESCRIPTION
Print or check MD5 (128-bit) checksums. With no FILE, or when FILE is
-, read standard input.

-b, --binary
read in binary mode

-c, --check
read MD5 sums from the FILEs and check them

-t, --text
read in text mode (default)

The following two options are useful only when verifying checksums:
--status
don't output anything, status code shows success

-w, --warn
warn about improperly formatted checksum lines

--help display this help and exit

--version
output version information and exit

The sums are computed as described in RFC 1321. When checking, the
input should be a former output of this program. The default mode is
to print a line with checksum, a character indicating type (`*' for
binary, ` ' for text), and name for each FILE.

AUTHOR
Written by Ulrich Drepper, Scott Miller, and David Madore.

REPORTING BUGS
Report bugs to .

COPYRIGHT
Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU
GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

SEE ALSO
The full documentation for md5sum is maintained as a Texinfo manual.
If the info and md5sum programs are properly installed at your site,
the command

info md5sum

should give you access to the complete manual.

GNU coreutils 6.9.92.4-f088d-dirtJanuary 2008 MD5SUM(1)



Read more...

Running firefox inside firefox

This is not a useful thing but still is a fun trick to show to your friends.

Just paste the following code in your mozilla firefox address bar and hit ENTER to see the new firefox inside the firefox.

chrome://browser/content/browser.xul

View the screenshot below to see how it looks like:

Read more...

Batch to C Converter

This small snippet of C source code converts the commands of batch (i.e. the commands you type in command prompt) into the C source code. It was compiled in Dev-CPP and is pretty basic. I hope some of you might find it useful. It just uses the system() command of stdlib.h header file.

Source code:

 /*********************************************  
 * Batch DOS To C Source Code Converter v.1.1 *  
 * Coded by Samar Dhwoj Acharya aka $yph3r$am *  
 * Website => http://techgaun.blogspot.com  *  
 * E-mail meh at samar_acharya[at]hotmail.com *  
 * I know to code: PHP, PERL, C, JAVA, PYTHON *  
 *********************************************/  
 //include header files...  
 #include <stdio.h>  
 #include <conio.h>  
 #include <stdlib.h>  
 #include <ctype.h>  
 #include <string.h>  
 int main()  
 {  
   FILE *fp;  
   char filename[30];     //filename for source code  
   // starting header of outputted file  
   char header[300] = "/*\nBatch DOS command To C Source Converter\nBy sam207 (samar_acharya[at]hotmail.com)\nhttp://www.sampctricks.blogspot.com\nhttp://nepali.netau.net\n*/\n";  
   //all the includes in output file  
   char incs[200] = "#include <stdio.h>\n#include <conio.h>\n#include <stdlib.h>\nint main()\n{\n";  
   //end part of output file  
   char end[50] = "\tgetch();\n}";  
   //for command  
   char cmd[150];  
   printf("\t+----------------------------+\n");  
   printf("\t|BATCH TO C SOURCE CONVERTER |\n");  
   printf("\t|CODED BY SAMARDHWOJ ACHARYA |\n");  
   printf("\t+----------------------------+\n");  
   printf("\nEnter the filename(with .c extension): ");  
   scanf("%s",filename);  
   fp = fopen(filename,"w");  
   if (fp==NULL)  
   {  
    printf("Some error occurred while opening file");  
    getch();  
    exit(1);  
   }  
   else  
   {  
     fprintf(fp,"%s%s",header,incs);  
     printf("\nNow start entering DOS commands: \n");  
     printf("When finished, type 'end' for the end of commands\n");  
     printf("\nStart:\n\n");  
     gets(cmd);  
     while (1)  
     {  
        gets(cmd);  
        if (!strcmp(cmd,"end"))  
          {  
          break;       //if end is typed, get out of loop  
          }  
        fprintf(fp,"\tsystem(\"%s\");\n",cmd);  
     }  
     fprintf(fp,"\tprintf(\"\\n\");");  
     fprintf(fp,"\n%s",end);  
     printf("\n\nFile successfully created");  
     printf("\nNow compile it with any C compiler");  
     printf("\nThanks for using this little app");  
     fclose(fp);  
   }  
   getch();  
 }     

Have fun :)

Read more...

Full path disclosure tutorial

Full path disclosure(FPD) is the revelation of the full operating path of a vulnerable script. Full Path Disclosure vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/samar/public_html/. FPD bugs are executed by providing unexpected characters to the vulnerable functions that will in return output the full path of the vulnerable script.

FPD bugs are often overlooked and are not considered as the security threat by many webmasters but that's not true. FPD might be useful for the hackers to determine the structure of the server and they can utilize it to perform other attacks such as file inclusion attacks or load_file() attacks via sql injection.

How to execute FPD
a) Nulled session cookie
Nulled session injection or illegal session injection is done by changing the value of session cookie to an invalid or illegal character.
Illegal Session Injection is made possible via changing the value of the session cookie to an invalid, or illegal character. The most common method is by injecting the NULL character to the PHPSESSID cookie. To inject a PHPSESSID cookie, use JavaScript injection via the URL bar:

javascript:void(document.cookie="PHPSESSID=");

On setting the PHPSESSID cookie value to NULL, we can see the result like:

Warning: session_start() [function.session-start]: The session id contains illegal characters,
valid characters are a-z, A-Z, 0-9 and '-,' in /home/samar/public_html/includes/functions.php on line 3

b) Array parameter injection(Empty array)
This is another common method of executing the full path disclosure vulnerabilities and usually works for me in many sites. There are different PHP functions which will output warning message along with the full path of the script such as htmlentities(), mysql_num_rows(), opendir(), etc.
We can exploit the $_GET variables... Lets take a simple example:

http://localhost/index.php?page=main

Now, lets exploit the $_GET['page'] variable which will look as below:

http://localhost/index.php?page[]=main

The full path disclosure can be prevented by turning off the display of errors either in php.ini configuration file or in the script itself:

php.ini

display_errors = 'off'

in php scripts

error_reporting(0);

//or

ini_set('display_errors', false);

Read more...

Nepali MP3 Songs Downloads [My Playlist]

Some of the nepali songs from my playlist, they are great songs to listen. If you need any other songs, request in this post and I shall try to find them for you.

Download different MP3 songs from the following folder:
Nepali MP3 collection

The songs available for the downloads are:
1) Amar rahos timro maya - phursang lama
2) Antim maya
3) bhoolmaa bhulyo - Robin
4) Bihana pahile ghaama udaune[patriotic song] - Sindhu Jalesa
5) Birsana - Aastha
6) Birshu Bhanchhu - Impulse 21 (confused :p)
7) Harpal tyo timro - Aastha
8) Malai bholi kei bhaye - Karna Das
9) Nabhana mero - Adrian Pradhan [1974 A.D.]
10) Pagal nabhana malai - The Edge
11) Prayas - The Edge
12) Sadhai sadhai
13) Samikshya - Vedh (confused again)
14) timi binaako jeevan
15) timilai odaidiyeko ghumto - sayas
16) Timro sparsa - Basan Shrestha

I'm confused with the name of singers of some songs(I usually don't try to know the artists)...
Enjoy my playlist. :)

Read more...

Edjpgcom - add comments inside a jpg image

We can sometimes exploit the image upload features and then use file inclusion vulnerabilities to get shell in a server. If the image upload form only allows the .jpg and other valid image files and you locate a local file inclusion vulnerability, you can upload the malicious jpg file containing the PHP code as the commment in it.

In order to add the comment easily inside the jpg images, we can use a small tool called edjpgcom, a jpg commenter. You can drag a jpg image to the edjpgcom icon which will open a window to add comment to the jpg image.

Download EDJPGCOM

Read more...

Making a autorun in Pen[USB] drive [autorun.inf]

In this post, I shall be writing about creating autorun file in order to run or execute any program from your pendrive. Autorun.inf is a special file that can contain the information regarding the icon for drive, autorun programs, etc.

Using autorun.inf can also be useful for running the virii and worms automatically from the USB drive.

How to:
1) Open notepad
2) Type the following:

[autorun]
Icon=default
label=[YourLabelHere]
open=targetprogramname.exe

This autorun.inf file now should be saved in the root directory of your USB drive and you'll have your autorun file... :)

Now let me say the way of changing icon of the drive. In order to change the icon of your USB drive, type the following in autorun.inf file.

[autorun]
icon=[youricon.ico]
label=[YourLabelHere]

That's all. :)

Read more...