systemctl

Kek mano systemctl baco konpig pail?

list all service

$ systemctl -a | grep "myservice"



$ systemctl show "mycervice"  | grep -i path

iw tools for wireless network

iw dev

iw dev station dump



hwinfo

mount LVM2 dalam vmdk

verified vmdk has lvm partition (8E)

# vmware-mount -p .vmdk
Nr      Start       Size Type Id Sytem
-- ---------- ---------- ---- -- ------------------------
 1         63     401562 BIOS 83 Linux
 2     401625   10072755 BIOS 8E Unknown

mount vmdk

# vmware-mount -f .vmdk 
# ls 
flat

Get offset of lv partition

# fdisk -lu /mnt/ROOT/flat

You can do this from the extra functions menu.

Disk /mnt/ROOT/flat: 0 MB, 0 bytes
255 heads, 63 sectors/track, 0 cylinders, total 0 sectors
Units = sectors of 1 * 512 = 512 bytes
Disk identifier: 0x0006a266

         Device Boot      Start         End      Blocks   Id  System
/mnt/ROOT/flat1   *          63      401624      200781   83  Linux
/mnt/ROOT/flat2          401625    10474379     5036377+  8e  Linux LVM

Calculate the offset
offset = 401625 * 512      #   >> 205632000   [1 sectors is 512 bytes]

mount to loop device

# losetup -o 205632000 /dev/loop0 /flat

display info

# pvdisplay /dev/loop0
  --- Physical volume ---
  PV Name               /dev/loop0
  VG Name               VolGroup00
  PV Size               4,80 GB / not usable 22,34 MB
  Allocatable           yes
  PE Size (KByte)       32768
  Total PE              153
  Free PE               1
  Allocated PE          152
  PV UUID               MUKx5v-ukpq-fJis-GjpB-Z7dE-nIsI-Xr4bYd

# lvscan
  ACTIVE            '/dev/vg1/isos' [111,79 GB] inherit
  ACTIVE            '/dev/vg0/root' [10,00 GB] inherit
  ACTIVE            '/dev/vg0/swap' [8,00 GB] inherit
  ACTIVE            '/dev/vg0/home' [50,00 GB] inherit
  ACTIVE            '/dev/vg0/data' [164,41 GB] inherit
  inactive          '/dev/VolGroup00/LogVol00' [4,00 GB] inherit
  inactive          '/dev/VolGroup00/LogVol01' [768,00 MB] inherit

incase not active, need to activate the lv
# lvchange -ay /dev/VolGroup00/LogVol00

then, can mount
# mount /dev/VolGroup00/LogVol00


to deactivate lv

# lvchange -an /dev/VolGroup00/LogVol00

to release loop device

# losetup -d /dev/loop0

unmount vmware disk

# vmware-mount -d 

ref: https://xliska.wordpress.com/2010/09/29/access-lvm2-partition-on-vmware-virtual-disk/

dnssec

 1- dnsclient send recursize query  request domain www.DLB.net

2- dns caching server send query ke root

3- dns caching tanya net zone

4- dns caching server tanya DLB zone

5- dns caching server hantar jawapan ke client.

ref:
https://www.youtube.com/watch?v=_8M_vuFcdZU

https://www.first.org/resources/papers/auckland2016/aucklandtc-20160221-edward_lewis-dns_root_zone_dnssec_operations.pdf

Tandatangan Digital

Digital Signing guna asymetric keys(private/public key)

Penghantar:
1- hantar dokumen asal dan digest yg telah diencryptkan.


Penerima:
2- hashkan dokumen utk hasilkan digest.
3- decryptkan(guna public key penghantar)  'encrypted digest'.
4- bandingkan 2 dan 3, jika sama, sah.


Teknologi Priviate/Public key:
- Jika encrypt guna PrivateKey, hanya PublicKey yg boleh decrypt.
- Jika encrypt guna PublicKey, hanya PrivateKey yg boleh decrypt.
(Hebatankan Matematik..)





ref: https://www.youtube.com/watch?v=_8M_vuFcdZU (3:31)

tukar id teamviewer

1- tukar macc address network kad
2 tukar /etc/machine-id


ref: https://theitbros.com/reset-teamviewer-id/



additional
edit:
 Modify /etc/systemd/system/teamviewerd.service:
add:
  ExecStartPre= /sbin/ifconfig eth0 hw ether aa:bb:cc:dd:ee:ff


ref: https://askubuntu.com/questions/423314/how-to-change-teamviewer-id-after-cloning

virtualenv guna python3

1- link python ke python3

update-alternatives --remove python /usr/bin/python2
update-alternatives --install /usr/bin/python python /usr/bin/python3 1

pastikan python --version paparkan python3

2-  link pip ke pip3

  -install

    apt-get install python3-pip

  which pip3

  - link kan

  ln -s /usr/bin/pip3 /usr/bin/pip

  pip -V

3- install virtualenv

  pip install virtualenv

  - setup virtual env for flask(eg)

    virtualenv --python=python3 flask_env

4- enter into flask_env

  source/flask_env/bin/activate

  - prompt will be change

   # (flask_env) mycert@my_dir:

5- nak keluar virt env

   deactivate

ref:

1- https://www.howtoforge.com/tutorial/how-to-install-django-1-10-on-ubuntu-16-04/

2- https://www.howtoforge.com/tutorial/how-to-install-django-on-ubuntu/

copy file keluar dari router

- ls

Router# dir bootflash:
Directory of bootflash:/

1 -rw- 3173128 cat2948g-in-mz.120-7.W5.14.45
2 -rw- 3173364 cat2948g-in-mz.120-7.W5.14.46

- copy from bootflash to tftp server(default port 69)
Router# copy bootflash: tftp: 
Source filename []? cat2948g-in-mz.120-7.W5.14.46 
Address or name of remote host []? 171.10.0.111 
Destination filename [cat2948g-in-mz.120-7.W5.14.46]? yes

-trouble shoot.

 Need to tell router which interface should the packet use to going out.

 Router(config)#ip tftp source-interface gig0/0/0

ref:

1- https://www.cisco.com/c/en/us/support/docs/routers/12000-series-routers/15094-crashinfo.html

2- https://supportforums.cisco.com/t5/lan-switching-and-routing/error-opening-tftp-timed-out/td-p/2255647

bunuh yg kebal

Not able to kill a task using kill -9

# ps aux|grep subl 

 root      3018  2.2  1.0 289008

 61872 ?        Ds   12:30   5:27 /opt/sublime_text/sublime_text 

The D in the STAT column means it's in an in "Uninterruptible sleep". That usually translates to something waiting for an IO command. These cannot be interrupted by kill.

You might be able to jimmy it back to life by unmounting your SSHFS mount.

anti vm

ori: https://www.cyberbit.com/anti-vm-and-anti-sandbox-explained/




1. Checking CPU Instructions: 
The result of the following instructions with specific input can help malware identify virtual environments:

• CPUID: This instruction is executed with EAX=1 as input, the return value describes the processors features. The 31^st bit of ECX on a physical machine will be equal to 0. On a guest VM it will equal to 1.

• “Hypervisor brand”: by calling CPUID with EAX=40000000 as input,1 the malware will get, as the return value, the virtualization vendor string in EAX, ECX, EDX.
  For example:
  
  • Microsoft: “Microsoft HV”
  • VMware : “VMwareVMware”

• MMX: an Intel instruction set, designed for faster processing of graphical applications. These are usually not supported in Virtual Machines so their absence may indicate that the malware is running in a VM.
  For example:

• IN – “VMWare Magic Number”: this technique is useful for detecting a VMware environment. In VMWare, communication with the host is done through a specific I/O port. The code below will execute successfully if running inside a VM. Otherwise it will fail.

2. Checking for Known Mac Addresses: 
Prefixes of MAC addresses indicate the network adapter’s vendor. The MAC address can be retrieved in multiple ways, including the using of WMIC (wmic -> nic list)

• 00:05:69 (Vmware)
• 00:0C:29 (Vmware)
• 00:1C:14 (Vmware)
• 00:50:56 (Vmware)
• 08:00:27 (VirtualBox)

3. Checking for Registry Keys 
The existence of the following registry entries indicates the existence of virtualization software:

• HKLM\SOFTWARE\Vmware Inc.\\\Vmware Tools
• HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0\Identifier
• SYSTEM\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S
• SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#vmwvmcihostdev
• SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers

4. Checking for Processes Indicating a VM
Any of the following processes may indicate a virtual environment. Malware can retrieve this info in multiple ways like: WMIC, Win API and CMD. WMIC (wmic -> process list), Win API (Process32First, Process32Next), and Tasklist.exe.

• Vmware
  • Vmtoolsd.exe
  • Vmwaretrat.exe
  • Vmwareuser.exe
  • Vmacthlp.exe
• VirtualBox
  • vboxservice.exe
  • vboxtray.exe

5. Checking for Existence of Files Indicating a VM 
When these files are found to exist in the file system, this may indicate the existence of virtualization software. These can also be retrieved in multiple ways like: WMIC, Win API and CMD.

• VMware

C:\windows\System32\Drivers\Vmmouse.sys
C:\windows\System32\Drivers\vm3dgl.dll
C:\windows\System32\Drivers\vmdum.dll
C:\windows\System32\Drivers\vm3dver.dll
C:\windows\System32\Drivers\vmtray.dll
C:\windows\System32\Drivers\VMToolsHook.dll
C:\windows\System32\Drivers\vmmousever.dll
C:\windows\System32\Drivers\vmhgfs.dll
C:\windows\System32\Drivers\vmGuestLib.dll
C:\windows\System32\Drivers\VmGuestLibJava.dll
C:\windows\System32\Driversvmhgfs.dll

• VirtualBox

C:\windows\System32\Drivers\VBoxMouse.sys
C:\windows\System32\Drivers\VBoxGuest.sys
C:\windows\System32\Drivers\VBoxSF.sys
C:\windows\System32\Drivers\VBoxVideo.sys
C:\windows\System32\vboxdisp.dll
C:\windows\System32\vboxhook.dll
C:\windows\System32\vboxmrxnp.dll
C:\windows\System32\vboxogl.dll
C:\windows\System32\vboxoglarrayspu.dll
C:\windows\System32\vboxoglcrutil.dll
C:\windows\System32\vboxoglerrorspu.dll
C:\windows\System32\vboxoglfeedbackspu.dll
C:\windows\System32\vboxoglpackspu.dll
C:\windows\System32\vboxoglpassthroughspu.dll
C:\windows\System32\vboxservice.exe
C:\windows\System32\vboxtray.exe
C:\windows\System32\VBoxControl.exe
6. Checking for Running Services
Identifying whether one the following processes is running indicates a virtual environment.
These can also be retrieved in multiple ways WMIC, Win API and CMD
(wmic -> Service list, sc.exe /query) 

• VMTools
• Vmhgfs
• VMMEMCTL
• Vmmouse
• Vmrawdsk
• Vmusbmouse
• Vmvss
• Vmscsi
• Vmxnet
• vmx_svga
• Vmware Tools
• Vmware Physical Disk Helper Service

chanel sebelah dan larian spekulasi

side_channel dan speculative_execution

https://www.youtube.com/watch?v=mgAN4w7LH2o

gnome3 alt+tab cuurent workspace only

ciri asal gnome3 utk ALT+TAB, akan papar windows dari semua workspace.
Utk papar windows dlm workspace semasa sahaja:

gsettings set org.gnome.shell.app-switcher current-workspace-only true