Журнал лабораторных работ

Содержание

Журнал

Среда (12/17/08)

/dev/pts/4
12:05:36
#apt-get install whois
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  whois
0 upgraded, 1 newly installed, 0 to remove and 375 not upgraded.
Need to get 54.6kB of archives.
After this operation, 332kB of additional disk space will be used.
Get:1 http://10.0.35.1 sid/main whois 4.7.29 [54.6kB]
Fetched 54.6kB in 0s (98.9kB/s)
Selecting previously deselected package whois.
(Reading database ... 40720 files and directories currently installed.)
Unpacking whois (from .../archives/whois_4.7.29_i386.deb) ...
Setting up whois (4.7.29) ...
12:05:50
#whois 212.92.224.144
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag
% Information related to '212.92.224.0 - 212.92.239.255'
inetnum:        212.92.224.0 - 212.92.239.255
netname:        WPARK
...
nic-hdl:        OAC4-RIPE
source:         RIPE # Filtered
mnt-by:         WILDPARK-MNT
% Information related to '212.92.224.0/19AS31272'
route:          212.92.224.0/19
descr:          WildPark Co
descr:          PROVIDER Local Registry
origin:         AS31272
mnt-by:         WILDPARK-MNT
source:         RIPE # Filtered
12:05:56
#whois 212.92.224.144 | less
12:06:11
#rnd_ua_ips 3
193.239.238.190,195.62.36.23,193.23.183.160
12:06:15
#whois 195.62.36.23
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.
% Information related to '195.62.36.0 - 195.62.37.255'
inetnum:        195.62.36.0 - 195.62.37.255
netname:        GEONIC-NET
...
abuse-mailbox:  invisible@u.od.ua
nic-hdl:        INV13-RIPE
mnt-by:         INV-MNT
source:         RIPE # Filtered
% Information related to '195.62.36.0/23AS41867'
route:          195.62.36.0/23
descr:          GEONIC-NET
origin:         AS41867
mnt-by:         GEONIC-MNT
source:         RIPE # Filtered
12:06:23
#nmap -T5 -sS -D `rnd_ua_ips 5` -O 192.168.15.5
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 10:06 UTC
Interesting ports on 192.168.15.5:
Not shown: 1712 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
3389/tcp open  ms-term-serv
5900/tcp open  vnc
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.24
Uptime: 0.067 days (since Wed Dec 17 08:31:08 2008)
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.505 seconds
12:07:23
#nmap -T5 -sS -D `rnd_ua_ips 5` -O 192.168.15.2
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 10:07 UTC
Interesting ports on 192.168.15.2:
Not shown: 1703 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
110/tcp  open  pop3
143/tcp  open  imap
465/tcp  open  smtps
504/tcp  open  citadel
...
2020/tcp open  xinupageserver
3389/tcp open  ms-term-serv
5900/tcp open  vnc
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.24
Uptime: 2.060 days (since Mon Dec 15 08:41:52 2008)
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.539 seconds
12:07:46
#nmap -T5 -sS -D `rnd_ua_ips 5` --ttl 10 -O 192.168.15.5
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 10:11 UTC
Interesting ports on 192.168.15.5:
Not shown: 1712 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
3389/tcp open  ms-term-serv
5900/tcp open  vnc
Aggressive OS guesses: Linux 2.6.13 - 2.6.24 (96%), Linux 2.6.22 - 2.6.23 (95%), Linux 2.6.17 - 2.6.21 (95%), Siemens Gigaset SE515dsl wireless broadband router (94%), Linux 2.6.16.21 (openSUSE 10.2, x86_64) (94%), Aladdin eSafe security gateway (runs Linux 2.4.21) (94%), Linux 2.6.23 (93%), Linux 2.6.5-7.283-smp (SuSE Enterprise Server 9, x86) (93%), Belkin F5D7633uk4A, Inventel Livebox, or T-Sin
No exact OS matches for host (test conditions non-ideal).
Uptime: 0.069 days (since Wed Dec 17 08:32:42 2008)
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.220 seconds
12:11:39
#cd ; wget http://xgu.ru/download/tracemap.pl
--10:17:52--  http://xgu.ru/download/tracemap.pl
           => `tracemap.pl'
Resolving xgu.ru... 194.150.93.78
Connecting to xgu.ru|194.150.93.78|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5,108 (5.0K) [text/x-perl]
100%[====================================>] 5,108         --.--K/s
10:17:52 (347.95 MB/s) - `tracemap.pl' saved [5108/5108]
12:17:52
#vi tracemap.pl
12:18:01
#:q!
Can't locate Net/IP.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at tracemap.pl line 3.
BEGIN failed--compilation aborted at tracemap.pl line 3.
12:18:09
#apt-cache search perl-net-ip

12:18:44
#apt-cache search net ip perl
amanda-server - Advanced Maryland Automatic Network Disk Archiver (Server)
amtterm - Serial-over-lan (sol) client for Intel AMT, console version
apt-mirror - APT sources mirroring tool
bayonne - Telephony server of the GNU project
c++-annotations - Extensive tutorial and documentation about C++
collectd - statistics collection and monitoring daemon
cups-pdf - PDF printer for CUPS
devscripts - scripts to make the life of a Debian Package maintainer easier
edbrowse - A /bin/ed-alike webbrowser written in C
empty-expect - Run processes and applications under pseudo-terminal
...
ngs-js - The NGS JavaScript interpreter
php4 - server-side, HTML-embedded scripting language (meta-package)
php4-cgi - server-side, HTML-embedded scripting language (CGI binary)
php4-cli - command-line interpreter for the php4 scripting language
php4-common - Common files for packages built from the php4 source
php4-imagick - ImageMagick module for php4
php4-syck - YAML parser kit -- PHP4 bindings
php4-uuid - OSSP uuid module for php4
phpgroupware-phpgwapi - library of common phpGroupWare functions
pkf - Perl Kanji code conversion Filter
12:18:52
#apt-cache search net ip perl | less
12:19:09
#apt-get install libnet-ip-perl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  libnet-ip-perl
0 upgraded, 1 newly installed, 0 to remove and 375 not upgraded.
Need to get 30.2kB of archives.
After this operation, 168kB of additional disk space will be used.
Get:1 http://10.0.35.1 sid/main libnet-ip-perl 1.25-2 [30.2kB]
Fetched 30.2kB in 0s (384kB/s)
Selecting previously deselected package libnet-ip-perl.
(Reading database ... 40741 files and directories currently installed.)
Unpacking libnet-ip-perl (from .../libnet-ip-perl_1.25-2_all.deb) ...
Setting up libnet-ip-perl (1.25-2) ...
12:19:16
#echo ya.ru | perl tracemap.pl
readline() on closed filehandle PREFIXES at tracemap.pl line 44.
Tracing path to ya.ru..........Done [last 53.431, total 315.154]
12:20:45
#ls
Desktop  arp.log  log.eci  pic1.xcf      tracemap.pl   tracemap.svg
arp.dot  arp.png  log.ecp  tracemap.dot  tracemap.png
12:20:47
#gqview tracemap.png
(gqview:3096): Gtk-WARNING **: cannot open display:
12:20:54
#perl tracemap.pl
ya.ru
i.ua
ukr.net
bir^H^@^Hgmir.net
osn,org.ua^H^H^H^H^H^H^H
\
osdn.org.ua
readline() on closed filehandle PREFIXES at tracemap.pl line 44.
Tracing path to ya.ru..........Done [last 40.994, total 279.637]
Tracing path to i.ua........Done [last 21.349, total 257.417]
Tracing path to ukr.net.......Done [last 21.476, total 106.065]
Tracing path to bgmir.netbi: Name or service not known
Cannot handle "host" cmdline arg `bi' on position 1 (argc 4)
Done [last 21.476, total 0]
Tracing path to osnosn: Name or service not known
Cannot handle "host" cmdline arg `osn' on position 1 (argc 4)
Done [last 21.476, total 0]
Tracing path to \Specify "host" missing argument.
Done [last 21.476, total 0]
Tracing path to osdn.org.ua.........Done [last 20.740, total 144.495]
12:22:25
#(echo ya.ru; echo yandex.ru; echo kernel.org) | perl tracemap.pl
readline() on closed filehandle PREFIXES at tracemap.pl line 44.
Tracing path to ya.ru.Done [last 30.704, total 30.704]
Tracing path to yandex.ru........Done [last 35.258, total 140.834]
Tracing path to kernel.org.............Done [last 223.385, total 1315.708]
12:24:51
#(echo bigmir.net ; echo meta.ua; echo xen.org; echo yandex.ru; ec
o k
readline() on closed filehandle PREFIXES at tracemap.pl line 44.
Tracing path to bigmir.net........Done [last 19.933, total 193.496]
Tracing path to meta.ua........Done [last 18.791, total 112.156]
Tracing path to xen.org..................Done [last 222.969, total 2455.123]
Tracing path to yandex.ru..........Done [last 36.085, total 210.276]
Tracing path to kernel.org...........Done [last 233.711, total 904.861]
12:26:39
#apt-get install nbtscan
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  nbtscan
0 upgraded, 1 newly installed, 0 to remove and 375 not upgraded.
Need to get 17.8kB of archives.
After this operation, 41.0kB of additional disk space will be used.
Get:1 http://10.0.35.1 sid/main nbtscan 1.5.1-4 [17.8kB]
Fetched 17.8kB in 0s (36.1kB/s)
Selecting previously deselected package nbtscan.
(Reading database ... 40753 files and directories currently installed.)
Unpacking nbtscan (from .../nbtscan_1.5.1-4_i386.deb) ...
Setting up nbtscan (1.5.1-4) ...
12:28:44
#nbtscan 10.0.35.0/24
Doing NBT name scan for addresses from 10.0.35.0/24
IP address       NetBIOS Name     Server    User             MAC address
------------------------------------------------------------------------------
10.0.35.9        XNT1             <server>  XNT1             00:00:00:00:00:00
10.0.35.112      ADMIN-49BDCA3D7  <server>  <unknown>        00:0c:29:31:a2:6e
12:29:03
#nbtscan 10.0.35.0/24
Doing NBT name scan for addresses from 10.0.35.0/24
IP address       NetBIOS Name     Server    User             MAC address
------------------------------------------------------------------------------
10.0.35.9        XNT1             <server>  XNT1             00:00:00:00:00:00
10.0.35.112      ADMIN-49BDCA3D7  <server>  <unknown>        00:0c:29:31:a2:6e
12:29:18
#nbtscan 10.0.0.0/16
10.0.6.1        Sendto failed: No buffer space available
10.0.6.2        Sendto failed: No buffer space available
10.0.6.3        Sendto failed: No buffer space available
10.0.6.4        Sendto failed: No buffer space available
10.0.6.5        Sendto failed: No buffer space available
10.0.6.6        Sendto failed: No buffer space available
10.0.6.7        Sendto failed: No buffer space available
10.0.6.8        Sendto failed: No buffer space available
10.0.6.9        Sendto failed: No buffer space available
10.0.6.10       Sendto failed: No buffer space available
...
10.0.6.140      Sendto failed: No buffer space available
10.0.6.141      Sendto failed: No buffer space available
10.0.6.142      Sendto failed: No buffer space available
10.0.6.143      Sendto failed: No buffer space available
10.0.6.144      Sendto failed: No buffer space available
10.0.6.145      Sendto failed: No buffer space available
10.0.6.146      Sendto failed: No buffer space available
10.0.6.147      Sendto failed: No buffer space available
10.0.6.148      Sendto failed: No buffer space available
10.0.6.149      Sendto failed: No buffer space available
12:29:57
#for i in {1..254} ; do nbtscan 10.0.$i.0/24 ; sleep 1 ; done
10.0.6.70       Sendto failed: No buffer space available
10.0.6.71       Sendto failed: No buffer space available
10.0.6.72       Sendto failed: No buffer space available
10.0.6.73       Sendto failed: No buffer space available
10.0.6.74       Sendto failed: No buffer space available
10.0.6.75       Sendto failed: No buffer space available
10.0.6.76       Sendto failed: No buffer space available
10.0.6.77       Sendto failed: No buffer space available
10.0.6.78       Sendto failed: No buffer space available
10.0.6.79       Sendto failed: No buffer space available
...
10.0.6.208      Sendto failed: No buffer space available
10.0.6.209      Sendto failed: No buffer space available
10.0.6.210      Sendto failed: No buffer space available
10.0.6.211      Sendto failed: No buffer space available
10.0.6.212      Sendto failed: No buffer space available
10.0.6.213      Sendto failed: No buffer space available
10.0.6.214      Sendto failed: No buffer space available
10.0.6.215      Sendto failed: No buffer space available
10.0.6.216      Sendto failed: No buffer space available
10.0.6.217      Sendto failed: No buffer space available
12:30:41
#kill %1
[1]+  Terminated              nbtscan 10.0.$i.0/24
12:30:45
#l3mass_upload /home/user/rdp-mx.png
Uploaded file name is 2728266053103031822-1229503882_1229510013_rdp-mx.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229510013_rdp-mx.png
screenshot id 2728266053103031822-1229503882_1229510013_rdp-mx.png
12:33:34
#l3mass_upload /home/user/halp-open-scan.png
Uploaded file name is 2728266053103031822-1229503882_1229510019_halp-open-scan.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229510019_halp-open-scan.png
12:33:39
#l3mass_upload /home/user/ipfw.png
Uploaded file name is 2728266053103031822-1229503882_1229511211_ipfw.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229511211_ipfw.png
screenshot id 2728266053103031822-1229503882_1229510019_halp-open-scan.png
прошло 19 минут
12:53:31
#l3mass_upload /home/user/iptables-*
Uploaded file name is 2728266053103031822-1229503882_1229511222_iptables-filter.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229511222_iptables-filter.png
Uploaded file name is 2728266053103031822-1229503882_1229511222_iptables-filter.xcf
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229511222_iptables-filter.xcf
Uploaded file name is 2728266053103031822-1229503882_1229511223_iptables-nat.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229511223_iptables-nat.png
screenshot id 2728266053103031822-1229503882_1229511211_ipfw.png
screenshot id 2728266053103031822-1229503882_1229511222_iptables-filter.png
12:53:43
#date
Wed Dec 17 10:53:48 UTC 2008
screenshot id 2728266053103031822-1229503882_1229511223_iptables-nat.png
12:54:43
#ping 192.168.15.31
PING 192.168.15.31 (192.168.15.31) 56(84) bytes of data.
--- 192.168.15.31 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
13:01:48
#ping 192.168.15.31
PING 192.168.15.31 (192.168.15.31) 56(84) bytes of data.
--- 192.168.15.31 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3009ms
13:02:21
#ping 192.168.15.31
PING 192.168.15.31 (192.168.15.31) 56(84) bytes of data.
--- 192.168.15.31 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3007ms
13:02:30
#ping 192.168.15.31
PING 192.168.15.31 (192.168.15.31) 56(84) bytes of data.
--- 192.168.15.31 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1003ms
13:02:50
#ping 192.168.15.31
PING 192.168.15.31 (192.168.15.31) 56(84) bytes of data.
--- 192.168.15.31 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7014ms
13:03:14
#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
0.0.0.0         10.0.35.1       0.0.0.0         UG    0      0        0 eth0
13:03:19
#l3mass_upload /home/user/ipfw.png
Uploaded file name is 2728266053103031822-1229503882_1229515299_ipfw.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229515299_ipfw.png
прошло 58 минут
14:01:39
#l3mass_upload /tmp/ipfw-show.png
Uploaded file name is 2728266053103031822-1229503882_1229515387_ipfw-show.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229515387_ipfw-show.png
screenshot id 2728266053103031822-1229503882_1229515299_ipfw.png
14:03:07
#l3mass_upload /tmp/ip.png
Uploaded file name is 2728266053103031822-1229503882_1229515417_ip.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229515417_ip.png
Kak delat' screenshoty
14:03:47
#l3mass_upload /tmp/ipfw-show.png
Uploaded file name is 2728266053103031822-1229503882_1229515472_ipfw-show.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229515472_ipfw-show.png
screenshot id 2728266053103031822-1229503882_1229515472_ipfw-show.png
14:04:33
#date
Wed Dec 17 12:04:35 UTC 2008
14:04:35
#l3mass_upload /tmp/ip.png
Uploaded file name is 2728266053103031822-1229503882_1229515490_ip.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229515490_ip.png
Kak delat' screenshoty
14:04:54
#nmap 192.168.15.31
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:09 UTC
14:09:46
#nmap -T4 -P0 192.168.15.31
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:09 UTC
Interesting ports on 192.168.15.31:
Not shown: 1714 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 1 IP address (1 host up) scanned in 9.173 seconds
14:10:03
#./exploit 192.168.15.31

прошло 19 минут
14:29:55
#apt-get install john
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  john-data
The following NEW packages will be installed:
  john john-data
...
Get:2 http://10.0.35.1 sid/main john 1.7.2-3 [251kB]
Fetched 899kB in 0s (5729kB/s)
Selecting previously deselected package john-data.
(Reading database ... 40759 files and directories currently installed.)
Unpacking john-data (from .../john-data_1.7.2-3_all.deb) ...
Selecting previously deselected package john.
Unpacking john (from .../archives/john_1.7.2-3_i386.deb) ...
Setting up john-data (1.7.2-3) ...
Setting up john (1.7.2-3) ...
mode of `/var/run/john' changed to 0700 (rwx------)
14:30:04
#john --user=user /etc/shadow
Created directory: /root/.john
Loaded 1 password hash (FreeBSD MD5 [32/32])
password         (user)
guesses: 1  time: 0:00:00:00 100% (2)  c/s: 5432  trying: password
14:30:12
#less /usr/share/dict/
14:30:12
#less /usr/share/dict/words
14:32:37
#wc -l /usr/share/dict/words
234937 /usr/share/dict/words
14:32:38
#wget -r nt.com.ua
    [ <=>                                 ] 25,169        --.--K/s
12:35:40 (289.35 KB/s) - `nt.com.ua/about/pr/2004/05/17/index.shtml' saved [25169]
--12:35:40--  http://nt.com.ua/about/pr/2004/04/14/index.shtml
           => `nt.com.ua/about/pr/2004/04/14/index.shtml'
Connecting to nt.com.ua|212.40.34.157|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
    [ <=>                                 ] 25,543        --.--K/s
12:35:40 (298.87 KB/s) - `nt.com.ua/about/pr/2004/04/14/index.shtml' saved [25543]
--12:35:40--  http://nt.com.ua/about/pr/2004/03/09/index.shtml
...
           => `nt.com.ua/about/pr/2003/06/05/index.shtml'
Connecting to nt.com.ua|212.40.34.157|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
    [ <=>                                 ] 23,762        --.--K/s
12:35:43 (344.00 KB/s) - `nt.com.ua/about/pr/2003/06/05/index.shtml' saved [23762]
--12:35:43--  http://nt.com.ua/about/
           => `nt.com.ua/about/index.html'
Connecting to nt.com.ua|212.40.34.157|:80... connected.
HTTP request sent, awaiting response...
14:35:43
#ls
Desktop  arp.log  log.eci  nt.com.ua  tracemap.dot  tracemap.png
arp.dot  arp.png  log.ecp  pic1.xcf   tracemap.pl   tracemap.svg
14:35:46
#ls nt.com.ua/
about  courses  index.html  pic  schedule  shared  tmpimg
14:35:49
#find nt.com.ua/ -name *.html
nt.com.ua/index.html
14:36:02
#find nt.com.ua/ -name *html
nt.com.ua/courses/microsoft/M2500.shtml
nt.com.ua/courses/microsoft/M2262.shtml
nt.com.ua/courses/microsoft/M2732.shtml
nt.com.ua/courses/microsoft/NT-PM101.shtml
nt.com.ua/courses/microsoft/mscourses.shtml
nt.com.ua/courses/microsoft/M2710.shtml
nt.com.ua/courses/microsoft/M2395.shtml
nt.com.ua/courses/microsoft/M2565.shtml
nt.com.ua/courses/microsoft/M2283.shtml
nt.com.ua/courses/microsoft/M2400.shtml
...
nt.com.ua/about/pr/2003/12/18/index.shtml
nt.com.ua/about/pr/2003/07/29/index.shtml
nt.com.ua/about/pr/2005/05-30.shtml
nt.com.ua/about/pr/2005/01-18.shtml
nt.com.ua/about/pr/2005/04-13.shtml
nt.com.ua/about/pr/2005/04-12.shtml
nt.com.ua/about/pr/2005/05-17.shtml
nt.com.ua/about/pr/2005/02-07.shtml
nt.com.ua/schedule/kiev/index.shtml
nt.com.ua/index.html
14:36:06
#find nt.com.ua/ -name *html | xargs cat | less
14:36:22
#find nt.com.ua/ -name *html | xargs cat | iconv -f CP1251 | less
14:36:46
#apt-get install locales
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following packages will be upgraded:
  locales
1 upgraded, 0 newly installed, 0 to remove and 374 not upgraded.
Need to get 4491kB of archives.
After this operation, 8192B of additional disk space will be used.
Get:1 http://10.0.35.1 sid/main locales 2.7-16 [4491kB]
Fetched 4491kB in 4s (1101kB/s)
Preconfiguring packages ...
(Reading database ... 40809 files and directories currently installed.)
Preparing to replace locales 2.7-9 (using .../locales_2.7-16_all.deb) ...
Unpacking replacement locales ...
Setting up locales (2.7-16) ...
Generating locales (this might take a while)...
  ru_RU.UTF-8... done
Generation complete.
14:37:01
#dpkg-reconfigure locales
Package configuration
 lqqqqqqqqqqqqqqqqqqqqqqqqqqu Configuring locales tqqqqqqqqqqqqqqqqqqqqqqqqqqk
 x Locales are a framework to switch between multiple languages and allow    x
 x users to use their language, country, characters, collation order, etc.   x
 x                                                                           x
 x Please choose which locales to generate. UTF-8 locales should be chosen   x
 x by default, particularly for new installations. Other character sets may  x
 x be useful for backwards compatibility with older systems and software.    x
 x                                                                           x
 x Locales to be generated:                                                  x
 x                                                                           x
 x    [ ] en_US.UTF-8 UTF-8                                              -   x
 x    [ ] en_ZA ISO-8859-1                                               0   x
 x    [ ] en_ZW ISO-8859-1                                               .   x
 x    [ ] en_ZA.UTF-8 UTF-8                                              a   x
 x                                                                           x
 x                    <Ok>                        <Cancel>                   x
 x                                                                           x
 mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
14:38:37
#setxkbmap -layout "us,ru"
Cannot open display "default display"
14:43:05
#date
Wed Dec 17 12:43:10 UTC 2008
14:43:10
#LANG=ru_RU.UTF-8 date
Срд Дек 17 12:43:19 UTC 2008
14:43:19
#LANG=de_DE.UTF-8 date
Mi 17. Dez 12:44:17 UTC 2008
14:44:17
#LANG=fr_FR.UTF-8 date
mercredi 17 décembre 2008, 12:44:27 (UTC+0000)
14:44:27
#LANG=ru_RU.UTF-8 date
Срд Дек 17 12:44:46 UTC 2008
14:44:46
#apt-get install x11-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  libdrm2 xserver-xorg xserver-xorg-core
The following packages will be upgraded:
  libdrm2 x11-common xserver-xorg xserver-xorg-core
...
Unpacking replacement xserver-xorg ...
Selecting previously deselected package x11-common.
Unpacking x11-common (from .../x11-common_1%3a7.3+18_all.deb) ...
Setting up libdrm2 (2.3.1-2) ...
Setting up x11-common (1:7.3+18) ...
Installing new version of config file /etc/X11/Xsession.d/90x11-common_ssh-agent ...
Installing new version of config file /etc/init.d/x11-common ...
Setting up xserver-xorg-core (2:1.4.2-9) ...
Setting up xserver-xorg (1:7.3+18) ...
 Removing any system startup links for /etc/init.d/xserver-xorg ...
прошло 11 минут
14:56:12
#nmap 192.168.15.31
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:56 UTC
14:56:22
#nmap -T4 192.168.15.3D1
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:56 UTC
Failed to resolve given hostname/IP: 192.168.15.3D1.  Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 1.362 seconds
14:56:30
#nmap -T4 192.168.15.31
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:56 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.095 seconds
14:56:33
#nmap -T4 -P0 192.168.15.31
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:56 UTC
Interesting ports on 192.168.15.31:
Not shown: 1714 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 1 IP address (1 host up) scanned in 9.053 seconds
14:56:48
#touch .hushlogin

turn motd off
14:59:15
#ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
e8:fb:1b:30:c3:44:b7:a7:99:f2:4b:67:9b:07:6b:b6 root@wb1.unix.nt
generate a pair of SSH keys (public + private)
install the public key into home directory of remote user
15:00:20
#ssh 192.168.15.31
l3-agent is already running: pid=18734; pidfile=/root/.lilalo/l3-agent.pid
[root@fbsd1 ~]# exit
logout
Connection to 192.168.15.31 closed.
15:00:39
#ssh-keygen -P
ssh-keygen: option requires an argument -- P
Usage: ssh-keygen [options]
Options:
  -a trials   Number of trials for screening DH-GEX moduli.
  -B          Show bubblebabble digest of key file.
  -b bits     Number of bits in the key to create.
  -C comment  Provide new comment.
  -c          Change comment in private and public key files.
  -e          Convert OpenSSH to RFC 4716 key file.
  -F hostname Find hostname in known hosts file.
...
  -p          Change passphrase of private key file.
  -q          Quiet.
  -R hostname Remove host from known_hosts file.
  -r hostname Print DNS resource record.
  -S start    Start point (hex) for generating DH-GEX moduli.
  -T file     Screen candidates for DH-GEX moduli.
  -t type     Specify type of key to create.
  -v          Verbose.
  -W gen      Generator to use for generating DH-GEX moduli.
  -y          Read private key file and print public key.
15:02:41
#ssh-keygen -p
Enter file in which the key is (/root/.ssh/id_rsa):
/root/.ssh/id_rsa: No such file or directory
15:02:51
#ssh-keygen -p
Enter file in which the key is (/root/.ssh/id_rsa): /root/.ssh/id_dsa
Key has comment '/root/.ssh/id_dsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
passphrase too short: have 3 bytes, need > 4
Saving the key failed: /root/.ssh/id_dsa.
15:03:06
#ssh-keygen -p
Enter file in which the key is (/root/.ssh/id_rsa): /root/.ssh/id_dsa
Key has comment '/root/.ssh/id_dsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
15:03:22
#ssh 192.168.15.31
Enter passphrase for key '/root/.ssh/id_dsa':
l3-agent is already running: pid=18734; pidfile=/root/.lilalo/l3-agent.pid
[root@fbsd1 ~]# exit
logout
Connection to 192.168.15.31 closed.
15:03:33
#eval `ssh-agent`
Agent pid 5862
15:03:44
#ssh-add
Enter passphrase for /root/.ssh/id_dsa:
Identity added: /root/.ssh/id_dsa (/root/.ssh/id_dsa)
15:03:50
#ssh 192.168.15.31
l3-agent is already running: pid=18734; pidfile=/root/.lilalo/l3-agent.pid
[root@fbsd1 ~]# exit
logout
Connection to 192.168.15.31 closed.
15:03:57
#eval $(ssh-agent)

install the public key into home directory of remote user
install the public key into home directory of remote user
15:04:24
#ssh 192.168.15.31
l3-agent is already running: pid=18734; pidfile=/root/.lilalo/l3-agent.pid
[root@fbsd1 ~]#
[root@fbsd1 ~]#
[root@fbsd1 ~]# ipfw list
00100 allow tcp from any to me dst-port 22
00200 allow tcp from me 22 to any
00300 allow udp from me to any dst-port 53 keep-state
00400 allow icmp from me to any keep-state
65535 deny ip from any to any
[root@fbsd1 ~]# ipfw add 65000 reset tcp from any to any
65000 reset tcp from any to any
[root@fbsd1 ~]# exit
logout
Connection to 192.168.15.31 closed.
прошло 22 минуты
15:26:50
#nmap -T 192.168.15.31
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 13:26 UTC
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.022 seconds
15:26:58
#nmap -T4 192.168.15.31
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 13:27 UTC
Interesting ports on 192.168.15.31:
Not shown: 1714 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 1 IP address (1 host up) scanned in 2.901 seconds
15:27:04
#ssh 192.168.15.31
l3-agent is already running: pid=18734; pidfile=/root/.lilalo/l3-agent.pid
[root@fbsd1 ~]# ipfw list
00100 allow tcp from any to me dst-port 22
00200 allow tcp from me 22 to any
00300 allow udp from me to any dst-port 53 keep-state
00400 allow icmp from me to any keep-state
65000 reset tcp from any to any
65535 deny ip from any to any
[root@fbsd1 ~]# exit
logout
Connection to 192.168.15.31 closed.
15:29:06
#ssh 192.168.15.7
ssh: connect to host 192.168.15.7 port 22: No route to host
15:29:43
#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
0.0.0.0         10.0.35.1       0.0.0.0         UG    0      0        0 eth0
прошло 42 минуты
16:12:15
#ping google.com
PING google.com (72.14.205.100) 56(84) bytes of data.
64 bytes from qb-in-f100.google.com (72.14.205.100): icmp_seq=1 ttl=245 time=206 ms
64 bytes from qb-in-f100.google.com (72.14.205.100): icmp_seq=2 ttl=245 time=163 ms
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1003ms
rtt min/avg/max/mdev = 163.357/184.757/206.157/21.400 ms
16:12:19
#ping mail.ru
PING mail.ru (10.0.35.1) 56(84) bytes of data.
64 bytes from 10.0.35.1: icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from 10.0.35.1: icmp_seq=2 ttl=64 time=0.105 ms
--- mail.ru ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.086/0.095/0.105/0.013 ms
16:12:51
#ping yandex.ru
PING yandex.ru (10.0.35.1) 56(84) bytes of data.
64 bytes from 10.0.35.1: icmp_seq=1 ttl=64 time=0.081 ms
--- yandex.ru ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.081/0.081/0.081/0.000 ms
16:12:56
#dig mail.ru ns
l3script: dig: command not found

Статистика

Время первой команды журнала12:05:36 2008-12-17
Время последней команды журнала16:12:56 2008-12-17
Количество командных строк в журнале94
Процент команд с ненулевым кодом завершения, %14.89
Процент синтаксически неверно набранных команд, % 1.06
Суммарное время работы с терминалом *, час 2.44
Количество командных строк в единицу времени, команда/мин 0.64
Частота использования команд
nmap11|=========| 9.40%
l3mass_upload9|=======| 7.69%
ping8|======| 6.84%
#^7|=====| 5.98%
apt-get6|=====| 5.13%
less6|=====| 5.13%
ssh6|=====| 5.13%
ssh-keygen5|====| 4.27%
find4|===| 3.42%
nbtscan3|==| 2.56%
perl3|==| 2.56%
echo3|==| 2.56%
ls3|==| 2.56%
date3|==| 2.56%
apt-cache3|==| 2.56%
whois3|==| 2.56%
eval2|=| 1.71%
LANG=ru_RU.UTF-82|=| 1.71%
wget2|=| 1.71%
(echo2|=| 1.71%
route2|=| 1.71%
xargs2|=| 1.71%
sleep1|| 0.85%
LANG=de_DE.UTF-81|| 0.85%
:q!1|| 0.85%
cd1|| 0.85%
dpkg-reconfigure1|| 0.85%
wc1|| 0.85%
rnd_ua_ips1|| 0.85%
do1|| 0.85%
gqview1|| 0.85%
iconv1|| 0.85%
dig1|| 0.85%
touch1|| 0.85%
ssh-add1|| 0.85%
for1|| 0.85%
john1|| 0.85%
ec1|| 0.85%
vi1|| 0.85%
kill1|| 0.85%
exploit1|| 0.85%
LANG=fr_FR.UTF-81|| 0.85%
setxkbmap1|| 0.85%
done1|| 0.85%
____
*) Интервалы неактивности длительностью 30 минут и более не учитываются

Справка

Для того чтобы использовать LiLaLo, не нужно знать ничего особенного: всё происходит само собой. Однако, чтобы ведение и последующее использование журналов было как можно более эффективным, желательно иметь в виду следующее:
  1. В журнал автоматически попадают все команды, данные в любом терминале системы.

  2. Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.

  3. Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
    $ l s-l
    bash: l: command not found
    

  4. Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
    $ test 5 -lt 4
    Обратите внимание на то, что код завершения команды может быть отличен от нуля не только в тех случаях, когда команда была выполнена с ошибкой. Многие команды используют код завершения, например, для того чтобы показать результаты проверки

  5. Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
    $ find / -name abc
    find: /home/devi-orig/.gnome2: Keine Berechtigung
    find: /home/devi-orig/.gnome2_private: Keine Berechtigung
    find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
    find: /home/devi-orig/.metacity: Keine Berechtigung
    find: /home/devi-orig/.inkscape: Keine Berechtigung
    ^C
    

  6. Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
    # id
    uid=0(root) gid=0(root) Gruppen=0(root)
    

  7. Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
    $ vi ~/.bashrc
    2a3,5
    >    if [ -f /usr/local/etc/bash_completion ]; then
    >         . /usr/local/etc/bash_completion
    >        fi
    

  8. Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
    $ patch ~/.bashrc
    В данном случае изменения применяются к файлу ~/.bashrc

  9. Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.

    Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.

  10. Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.

  11. Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора

  12. Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.

  13. Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.

  14. Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:

    $ whoami
    
    user
    
    $ #^ Интересно, кто я?
    
    в журнале это будет выглядеть так:
    $ whoami
    
    user
    
    Интересно, кто я?

  15. Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:

    $ whoami
    
    user
    
    $ cat > /dev/null #^ Интересно, кто я?
    
    Программа whoami выводит имя пользователя, под которым 
    мы зарегистрировались в системе.
    -
    Она не может ответить на вопрос о нашем назначении 
    в этом мире.
    
    В журнале это будет выглядеть так:
    $ whoami
    user
    
    Интересно, кто я?
    Программа whoami выводит имя пользователя, под которым
    мы зарегистрировались в системе.

    Она не может ответить на вопрос о нашем назначении
    в этом мире.
    Для разделения нескольких абзацев между собой используйте символ "-", один в строке.

  16. Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=

  17. Содержимое файла может быть показано в журнале. Для этого его нужно вывести с помощью программы cat. Если вывод команды отметить симоволами #!, содержимое файла будет показано в журнале в специально отведённой для этого секции.
  18. Для того чтобы вставить скриншот интересующего вас окна в журнал, нужно воспользоваться командой l3shot. После того как команда вызвана, нужно с помощью мыши выбрать окно, которое должно быть в журнале.
  19. Команды в журнале расположены в хронологическом порядке. Если две команды давались одна за другой, но на разных терминалах, в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.
    1
        2
    3   
        4
    
    Группы команд, выполненных на разных терминалах, разделяются специальной линией. Под этой линией в правом углу показано имя терминала, на котором выполнялись команды. Для того чтобы посмотреть команды только одного сенса, нужно щёкнуть по этому названию.

О программе

LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008

$Id$