[ править ]

Журнал лабораторных работ

Содержание

Журнал

Среда (12/17/08)

Файлы
Статистика
Справка
О программе

Журнал

Среда (12/17/08)

/dev/pts/4

12:05:36

#apt-get install whois

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  whois
0 upgraded, 1 newly installed, 0 to remove and 375 not upgraded.
Need to get 54.6kB of archives.
After this operation, 332kB of additional disk space will be used.
Get:1 http://10.0.35.1 sid/main whois 4.7.29 [54.6kB]
Fetched 54.6kB in 0s (98.9kB/s)
Selecting previously deselected package whois.
(Reading database ... 40720 files and directories currently installed.)
Unpacking whois (from .../archives/whois_4.7.29_i386.deb) ...
Setting up whois (4.7.29) ...

12:05:50

#whois 212.92.224.144

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag
% Information related to '212.92.224.0 - 212.92.239.255'
inetnum:        212.92.224.0 - 212.92.239.255
netname:        WPARK
...
nic-hdl:        OAC4-RIPE
source:         RIPE # Filtered
mnt-by:         WILDPARK-MNT
% Information related to '212.92.224.0/19AS31272'
route:          212.92.224.0/19
descr:          WildPark Co
descr:          PROVIDER Local Registry
origin:         AS31272
mnt-by:         WILDPARK-MNT
source:         RIPE # Filtered

12:05:56

#whois 212.92.224.144 | less

12:06:11

#rnd_ua_ips 3

193.239.238.190,195.62.36.23,193.23.183.160

12:06:15

#whois 195.62.36.23

% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.
% Information related to '195.62.36.0 - 195.62.37.255'
inetnum:        195.62.36.0 - 195.62.37.255
netname:        GEONIC-NET
...
abuse-mailbox:  invisible@u.od.ua
nic-hdl:        INV13-RIPE
mnt-by:         INV-MNT
source:         RIPE # Filtered
% Information related to '195.62.36.0/23AS41867'
route:          195.62.36.0/23
descr:          GEONIC-NET
origin:         AS41867
mnt-by:         GEONIC-MNT
source:         RIPE # Filtered

12:06:23

#nmap -T5 -sS -D `rnd_ua_ips 5` -O 192.168.15.5

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 10:06 UTC
Interesting ports on 192.168.15.5:
Not shown: 1712 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
3389/tcp open  ms-term-serv
5900/tcp open  vnc
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.24
Uptime: 0.067 days (since Wed Dec 17 08:31:08 2008)
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.505 seconds

12:07:23

#nmap -T5 -sS -D `rnd_ua_ips 5` -O 192.168.15.2

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 10:07 UTC
Interesting ports on 192.168.15.2:
Not shown: 1703 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
110/tcp  open  pop3
143/tcp  open  imap
465/tcp  open  smtps
504/tcp  open  citadel
...
2020/tcp open  xinupageserver
3389/tcp open  ms-term-serv
5900/tcp open  vnc
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.24
Uptime: 2.060 days (since Mon Dec 15 08:41:52 2008)
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.539 seconds

12:07:46

#nmap -T5 -sS -D `rnd_ua_ips 5` --ttl 10 -O 192.168.15.5

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 10:11 UTC
Interesting ports on 192.168.15.5:
Not shown: 1712 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
3389/tcp open  ms-term-serv
5900/tcp open  vnc
Aggressive OS guesses: Linux 2.6.13 - 2.6.24 (96%), Linux 2.6.22 - 2.6.23 (95%), Linux 2.6.17 - 2.6.21 (95%), Siemens Gigaset SE515dsl wireless broadband router (94%), Linux 2.6.16.21 (openSUSE 10.2, x86_64) (94%), Aladdin eSafe security gateway (runs Linux 2.4.21) (94%), Linux 2.6.23 (93%), Linux 2.6.5-7.283-smp (SuSE Enterprise Server 9, x86) (93%), Belkin F5D7633uk4A, Inventel Livebox, or T-Sin
No exact OS matches for host (test conditions non-ideal).
Uptime: 0.069 days (since Wed Dec 17 08:32:42 2008)
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.220 seconds

12:11:39

#cd ; wget http://xgu.ru/download/tracemap.pl

--10:17:52--  http://xgu.ru/download/tracemap.pl
           => `tracemap.pl'
Resolving xgu.ru... 194.150.93.78
Connecting to xgu.ru|194.150.93.78|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5,108 (5.0K) [text/x-perl]
100%[====================================>] 5,108         --.--K/s
10:17:52 (347.95 MB/s) - `tracemap.pl' saved [5108/5108]

12:17:52

#vi tracemap.pl

12:18:01

#:q!

Can't locate Net/IP.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at tracemap.pl line 3.
BEGIN failed--compilation aborted at tracemap.pl line 3.

12:18:09

#apt-cache search perl-net-ip

12:18:44

#apt-cache search net ip perl

amanda-server - Advanced Maryland Automatic Network Disk Archiver (Server)
amtterm - Serial-over-lan (sol) client for Intel AMT, console version
apt-mirror - APT sources mirroring tool
bayonne - Telephony server of the GNU project
c++-annotations - Extensive tutorial and documentation about C++
collectd - statistics collection and monitoring daemon
cups-pdf - PDF printer for CUPS
devscripts - scripts to make the life of a Debian Package maintainer easier
edbrowse - A /bin/ed-alike webbrowser written in C
empty-expect - Run processes and applications under pseudo-terminal
...
ngs-js - The NGS JavaScript interpreter
php4 - server-side, HTML-embedded scripting language (meta-package)
php4-cgi - server-side, HTML-embedded scripting language (CGI binary)
php4-cli - command-line interpreter for the php4 scripting language
php4-common - Common files for packages built from the php4 source
php4-imagick - ImageMagick module for php4
php4-syck - YAML parser kit -- PHP4 bindings
php4-uuid - OSSP uuid module for php4
phpgroupware-phpgwapi - library of common phpGroupWare functions
pkf - Perl Kanji code conversion Filter

12:18:52

#apt-cache search net ip perl | less

12:19:09

#apt-get install libnet-ip-perl

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  libnet-ip-perl
0 upgraded, 1 newly installed, 0 to remove and 375 not upgraded.
Need to get 30.2kB of archives.
After this operation, 168kB of additional disk space will be used.
Get:1 http://10.0.35.1 sid/main libnet-ip-perl 1.25-2 [30.2kB]
Fetched 30.2kB in 0s (384kB/s)
Selecting previously deselected package libnet-ip-perl.
(Reading database ... 40741 files and directories currently installed.)
Unpacking libnet-ip-perl (from .../libnet-ip-perl_1.25-2_all.deb) ...
Setting up libnet-ip-perl (1.25-2) ...

12:19:16

#echo ya.ru | perl tracemap.pl

readline() on closed filehandle PREFIXES at tracemap.pl line 44.
Tracing path to ya.ru..........Done [last 53.431, total 315.154]

12:20:45

#ls

Desktop  arp.log  log.eci  pic1.xcf      tracemap.pl   tracemap.svg
arp.dot  arp.png  log.ecp  tracemap.dot  tracemap.png

12:20:47

#gqview tracemap.png

(gqview:3096): Gtk-WARNING **: cannot open display:

12:20:54

#perl tracemap.pl

ya.ru
i.ua
ukr.net
bir^H^@^Hgmir.net
osn,org.ua^H^H^H^H^H^H^H
\
osdn.org.ua
readline() on closed filehandle PREFIXES at tracemap.pl line 44.
Tracing path to ya.ru..........Done [last 40.994, total 279.637]
Tracing path to i.ua........Done [last 21.349, total 257.417]
Tracing path to ukr.net.......Done [last 21.476, total 106.065]
Tracing path to bgmir.netbi: Name or service not known
Cannot handle "host" cmdline arg `bi' on position 1 (argc 4)
Done [last 21.476, total 0]
Tracing path to osnosn: Name or service not known
Cannot handle "host" cmdline arg `osn' on position 1 (argc 4)
Done [last 21.476, total 0]
Tracing path to \Specify "host" missing argument.
Done [last 21.476, total 0]
Tracing path to osdn.org.ua.........Done [last 20.740, total 144.495]

12:22:25

#(echo ya.ru; echo yandex.ru; echo kernel.org) | perl tracemap.pl

readline() on closed filehandle PREFIXES at tracemap.pl line 44.
Tracing path to ya.ru.Done [last 30.704, total 30.704]
Tracing path to yandex.ru........Done [last 35.258, total 140.834]
Tracing path to kernel.org.............Done [last 223.385, total 1315.708]

12:24:51

#(echo bigmir.net ; echo meta.ua; echo xen.org; echo yandex.ru; ec

o k
readline() on closed filehandle PREFIXES at tracemap.pl line 44.
Tracing path to bigmir.net........Done [last 19.933, total 193.496]
Tracing path to meta.ua........Done [last 18.791, total 112.156]
Tracing path to xen.org..................Done [last 222.969, total 2455.123]
Tracing path to yandex.ru..........Done [last 36.085, total 210.276]
Tracing path to kernel.org...........Done [last 233.711, total 904.861]

12:26:39

#apt-get install nbtscan

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  nbtscan
0 upgraded, 1 newly installed, 0 to remove and 375 not upgraded.
Need to get 17.8kB of archives.
After this operation, 41.0kB of additional disk space will be used.
Get:1 http://10.0.35.1 sid/main nbtscan 1.5.1-4 [17.8kB]
Fetched 17.8kB in 0s (36.1kB/s)
Selecting previously deselected package nbtscan.
(Reading database ... 40753 files and directories currently installed.)
Unpacking nbtscan (from .../nbtscan_1.5.1-4_i386.deb) ...
Setting up nbtscan (1.5.1-4) ...

12:28:44

#nbtscan 10.0.35.0/24

Doing NBT name scan for addresses from 10.0.35.0/24
IP address       NetBIOS Name     Server    User             MAC address
------------------------------------------------------------------------------
10.0.35.9        XNT1             <server>  XNT1             00:00:00:00:00:00
10.0.35.112      ADMIN-49BDCA3D7  <server>  <unknown>        00:0c:29:31:a2:6e

12:29:03

#nbtscan 10.0.35.0/24

Doing NBT name scan for addresses from 10.0.35.0/24
IP address       NetBIOS Name     Server    User             MAC address
------------------------------------------------------------------------------
10.0.35.9        XNT1             <server>  XNT1             00:00:00:00:00:00
10.0.35.112      ADMIN-49BDCA3D7  <server>  <unknown>        00:0c:29:31:a2:6e

12:29:18

#nbtscan 10.0.0.0/16

10.0.6.1        Sendto failed: No buffer space available
10.0.6.2        Sendto failed: No buffer space available
10.0.6.3        Sendto failed: No buffer space available
10.0.6.4        Sendto failed: No buffer space available
10.0.6.5        Sendto failed: No buffer space available
10.0.6.6        Sendto failed: No buffer space available
10.0.6.7        Sendto failed: No buffer space available
10.0.6.8        Sendto failed: No buffer space available
10.0.6.9        Sendto failed: No buffer space available
10.0.6.10       Sendto failed: No buffer space available
...
10.0.6.140      Sendto failed: No buffer space available
10.0.6.141      Sendto failed: No buffer space available
10.0.6.142      Sendto failed: No buffer space available
10.0.6.143      Sendto failed: No buffer space available
10.0.6.144      Sendto failed: No buffer space available
10.0.6.145      Sendto failed: No buffer space available
10.0.6.146      Sendto failed: No buffer space available
10.0.6.147      Sendto failed: No buffer space available
10.0.6.148      Sendto failed: No buffer space available
10.0.6.149      Sendto failed: No buffer space available

12:29:57

#for i in {1..254} ; do nbtscan 10.0.$i.0/24 ; sleep 1 ; done

10.0.6.70       Sendto failed: No buffer space available
10.0.6.71       Sendto failed: No buffer space available
10.0.6.72       Sendto failed: No buffer space available
10.0.6.73       Sendto failed: No buffer space available
10.0.6.74       Sendto failed: No buffer space available
10.0.6.75       Sendto failed: No buffer space available
10.0.6.76       Sendto failed: No buffer space available
10.0.6.77       Sendto failed: No buffer space available
10.0.6.78       Sendto failed: No buffer space available
10.0.6.79       Sendto failed: No buffer space available
...
10.0.6.208      Sendto failed: No buffer space available
10.0.6.209      Sendto failed: No buffer space available
10.0.6.210      Sendto failed: No buffer space available
10.0.6.211      Sendto failed: No buffer space available
10.0.6.212      Sendto failed: No buffer space available
10.0.6.213      Sendto failed: No buffer space available
10.0.6.214      Sendto failed: No buffer space available
10.0.6.215      Sendto failed: No buffer space available
10.0.6.216      Sendto failed: No buffer space available
10.0.6.217      Sendto failed: No buffer space available

12:30:41

#kill %1

[1]+  Terminated              nbtscan 10.0.$i.0/24

12:30:45

#l3mass_upload /home/user/rdp-mx.png

Uploaded file name is 2728266053103031822-1229503882_1229510013_rdp-mx.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229510013_rdp-mx.png

screenshot id 2728266053103031822-1229503882_1229510013_rdp-mx.png

12:33:34

#l3mass_upload /home/user/halp-open-scan.png

Uploaded file name is 2728266053103031822-1229503882_1229510019_halp-open-scan.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229510019_halp-open-scan.png

12:33:39

#l3mass_upload /home/user/ipfw.png

Uploaded file name is 2728266053103031822-1229503882_1229511211_ipfw.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229511211_ipfw.png

screenshot id 2728266053103031822-1229503882_1229510019_halp-open-scan.png

прошло 19 минут

12:53:31

#l3mass_upload /home/user/iptables-*

Uploaded file name is 2728266053103031822-1229503882_1229511222_iptables-filter.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229511222_iptables-filter.png
Uploaded file name is 2728266053103031822-1229503882_1229511222_iptables-filter.xcf
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229511222_iptables-filter.xcf
Uploaded file name is 2728266053103031822-1229503882_1229511223_iptables-nat.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229511223_iptables-nat.png

screenshot id 2728266053103031822-1229503882_1229511211_ipfw.png

screenshot id 2728266053103031822-1229503882_1229511222_iptables-filter.png

12:53:43

#date

Wed Dec 17 10:53:48 UTC 2008

screenshot id 2728266053103031822-1229503882_1229511223_iptables-nat.png

12:54:43

#ping 192.168.15.31

PING 192.168.15.31 (192.168.15.31) 56(84) bytes of data.
--- 192.168.15.31 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

13:01:48

#ping 192.168.15.31

PING 192.168.15.31 (192.168.15.31) 56(84) bytes of data.
--- 192.168.15.31 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3009ms

13:02:21

#ping 192.168.15.31

PING 192.168.15.31 (192.168.15.31) 56(84) bytes of data.
--- 192.168.15.31 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3007ms

13:02:30

#ping 192.168.15.31

PING 192.168.15.31 (192.168.15.31) 56(84) bytes of data.
--- 192.168.15.31 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1003ms

13:02:50

#ping 192.168.15.31

PING 192.168.15.31 (192.168.15.31) 56(84) bytes of data.
--- 192.168.15.31 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7014ms

13:03:14

#route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
0.0.0.0         10.0.35.1       0.0.0.0         UG    0      0        0 eth0

13:03:19

#l3mass_upload /home/user/ipfw.png

Uploaded file name is 2728266053103031822-1229503882_1229515299_ipfw.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229515299_ipfw.png

прошло 58 минут

14:01:39

#l3mass_upload /tmp/ipfw-show.png

Uploaded file name is 2728266053103031822-1229503882_1229515387_ipfw-show.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229515387_ipfw-show.png

screenshot id 2728266053103031822-1229503882_1229515299_ipfw.png

14:03:07

#l3mass_upload /tmp/ip.png

Uploaded file name is 2728266053103031822-1229503882_1229515417_ip.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229515417_ip.png

Kak delat' screenshoty

14:03:47

#l3mass_upload /tmp/ipfw-show.png

Uploaded file name is 2728266053103031822-1229503882_1229515472_ipfw-show.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229515472_ipfw-show.png

screenshot id 2728266053103031822-1229503882_1229515472_ipfw-show.png

14:04:33

#date

Wed Dec 17 12:04:35 UTC 2008

14:04:35

#l3mass_upload /tmp/ip.png

Uploaded file name is 2728266053103031822-1229503882_1229515490_ip.png
Upload complete
/var/www/xguru/l3shot/2728266053103031822-1229503882_1229515490_ip.png

Kak delat' screenshoty

14:04:54

#nmap 192.168.15.31

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:09 UTC

14:09:46

#nmap -T4 -P0 192.168.15.31

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:09 UTC
Interesting ports on 192.168.15.31:
Not shown: 1714 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 1 IP address (1 host up) scanned in 9.173 seconds

14:10:03

#./exploit 192.168.15.31

прошло 19 минут

14:29:55

#apt-get install john

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  john-data
The following NEW packages will be installed:
  john john-data
...
Get:2 http://10.0.35.1 sid/main john 1.7.2-3 [251kB]
Fetched 899kB in 0s (5729kB/s)
Selecting previously deselected package john-data.
(Reading database ... 40759 files and directories currently installed.)
Unpacking john-data (from .../john-data_1.7.2-3_all.deb) ...
Selecting previously deselected package john.
Unpacking john (from .../archives/john_1.7.2-3_i386.deb) ...
Setting up john-data (1.7.2-3) ...
Setting up john (1.7.2-3) ...
mode of `/var/run/john' changed to 0700 (rwx------)

14:30:04

#john --user=user /etc/shadow

Created directory: /root/.john
Loaded 1 password hash (FreeBSD MD5 [32/32])
password         (user)
guesses: 1  time: 0:00:00:00 100% (2)  c/s: 5432  trying: password

14:30:12

#less /usr/share/dict/

14:30:12

#less /usr/share/dict/words

14:32:37

#wc -l /usr/share/dict/words

234937 /usr/share/dict/words

14:32:38

#wget -r nt.com.ua

    [ <=>                                 ] 25,169        --.--K/s
12:35:40 (289.35 KB/s) - `nt.com.ua/about/pr/2004/05/17/index.shtml' saved [25169]
--12:35:40--  http://nt.com.ua/about/pr/2004/04/14/index.shtml
           => `nt.com.ua/about/pr/2004/04/14/index.shtml'
Connecting to nt.com.ua|212.40.34.157|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
    [ <=>                                 ] 25,543        --.--K/s
12:35:40 (298.87 KB/s) - `nt.com.ua/about/pr/2004/04/14/index.shtml' saved [25543]
--12:35:40--  http://nt.com.ua/about/pr/2004/03/09/index.shtml
...
           => `nt.com.ua/about/pr/2003/06/05/index.shtml'
Connecting to nt.com.ua|212.40.34.157|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
    [ <=>                                 ] 23,762        --.--K/s
12:35:43 (344.00 KB/s) - `nt.com.ua/about/pr/2003/06/05/index.shtml' saved [23762]
--12:35:43--  http://nt.com.ua/about/
           => `nt.com.ua/about/index.html'
Connecting to nt.com.ua|212.40.34.157|:80... connected.
HTTP request sent, awaiting response...

14:35:43

#ls

Desktop  arp.log  log.eci  nt.com.ua  tracemap.dot  tracemap.png
arp.dot  arp.png  log.ecp  pic1.xcf   tracemap.pl   tracemap.svg

14:35:46

#ls nt.com.ua/

about  courses  index.html  pic  schedule  shared  tmpimg

14:35:49

#find nt.com.ua/ -name *.html

nt.com.ua/index.html

14:36:02

#find nt.com.ua/ -name *html

nt.com.ua/courses/microsoft/M2500.shtml
nt.com.ua/courses/microsoft/M2262.shtml
nt.com.ua/courses/microsoft/M2732.shtml
nt.com.ua/courses/microsoft/NT-PM101.shtml
nt.com.ua/courses/microsoft/mscourses.shtml
nt.com.ua/courses/microsoft/M2710.shtml
nt.com.ua/courses/microsoft/M2395.shtml
nt.com.ua/courses/microsoft/M2565.shtml
nt.com.ua/courses/microsoft/M2283.shtml
nt.com.ua/courses/microsoft/M2400.shtml
...
nt.com.ua/about/pr/2003/12/18/index.shtml
nt.com.ua/about/pr/2003/07/29/index.shtml
nt.com.ua/about/pr/2005/05-30.shtml
nt.com.ua/about/pr/2005/01-18.shtml
nt.com.ua/about/pr/2005/04-13.shtml
nt.com.ua/about/pr/2005/04-12.shtml
nt.com.ua/about/pr/2005/05-17.shtml
nt.com.ua/about/pr/2005/02-07.shtml
nt.com.ua/schedule/kiev/index.shtml
nt.com.ua/index.html

14:36:06

#find nt.com.ua/ -name *html | xargs cat | less

14:36:22

#find nt.com.ua/ -name *html | xargs cat | iconv -f CP1251 | less

14:36:46

#apt-get install locales

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following packages will be upgraded:
  locales
1 upgraded, 0 newly installed, 0 to remove and 374 not upgraded.
Need to get 4491kB of archives.
After this operation, 8192B of additional disk space will be used.
Get:1 http://10.0.35.1 sid/main locales 2.7-16 [4491kB]
Fetched 4491kB in 4s (1101kB/s)
Preconfiguring packages ...
(Reading database ... 40809 files and directories currently installed.)
Preparing to replace locales 2.7-9 (using .../locales_2.7-16_all.deb) ...
Unpacking replacement locales ...
Setting up locales (2.7-16) ...
Generating locales (this might take a while)...
  ru_RU.UTF-8... done
Generation complete.

14:37:01

#dpkg-reconfigure locales

Package configuration
 lqqqqqqqqqqqqqqqqqqqqqqqqqqu Configuring locales tqqqqqqqqqqqqqqqqqqqqqqqqqqk
 x Locales are a framework to switch between multiple languages and allow    x
 x users to use their language, country, characters, collation order, etc.   x
 x                                                                           x
 x Please choose which locales to generate. UTF-8 locales should be chosen   x
 x by default, particularly for new installations. Other character sets may  x
 x be useful for backwards compatibility with older systems and software.    x
 x                                                                           x
 x Locales to be generated:                                                  x
 x                                                                           x
 x    [ ] en_US.UTF-8 UTF-8                                              -   x
 x    [ ] en_ZA ISO-8859-1                                               0   x
 x    [ ] en_ZW ISO-8859-1                                               .   x
 x    [ ] en_ZA.UTF-8 UTF-8                                              a   x
 x                                                                           x
 x                    <Ok>                        <Cancel>                   x
 x                                                                           x
 mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

14:38:37

#setxkbmap -layout "us,ru"

Cannot open display "default display"

14:43:05

#date

Wed Dec 17 12:43:10 UTC 2008

14:43:10

#LANG=ru_RU.UTF-8 date

Срд Дек 17 12:43:19 UTC 2008

14:43:19

#LANG=de_DE.UTF-8 date

Mi 17. Dez 12:44:17 UTC 2008

14:44:17

#LANG=fr_FR.UTF-8 date

mercredi 17 décembre 2008, 12:44:27 (UTC+0000)

14:44:27

#LANG=ru_RU.UTF-8 date

Срд Дек 17 12:44:46 UTC 2008

14:44:46

#apt-get install x11-common

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python2.4-minimal python2.4 libttf2 cpp-4.2
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  libdrm2 xserver-xorg xserver-xorg-core
The following packages will be upgraded:
  libdrm2 x11-common xserver-xorg xserver-xorg-core
...
Unpacking replacement xserver-xorg ...
Selecting previously deselected package x11-common.
Unpacking x11-common (from .../x11-common_1%3a7.3+18_all.deb) ...
Setting up libdrm2 (2.3.1-2) ...
Setting up x11-common (1:7.3+18) ...
Installing new version of config file /etc/X11/Xsession.d/90x11-common_ssh-agent ...
Installing new version of config file /etc/init.d/x11-common ...
Setting up xserver-xorg-core (2:1.4.2-9) ...
Setting up xserver-xorg (1:7.3+18) ...
 Removing any system startup links for /etc/init.d/xserver-xorg ...

прошло 11 минут

14:56:12

#nmap 192.168.15.31

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:56 UTC

14:56:22

#nmap -T4 192.168.15.3D1

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:56 UTC
Failed to resolve given hostname/IP: 192.168.15.3D1.  Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 1.362 seconds

14:56:30

#nmap -T4 192.168.15.31

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:56 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.095 seconds

14:56:33

#nmap -T4 -P0 192.168.15.31

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 12:56 UTC
Interesting ports on 192.168.15.31:
Not shown: 1714 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 1 IP address (1 host up) scanned in 9.053 seconds

14:56:48

#touch .hushlogin

turn motd off

14:59:15

#ssh-keygen -t dsa

Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
e8:fb:1b:30:c3:44:b7:a7:99:f2:4b:67:9b:07:6b:b6 root@wb1.unix.nt

generate a pair of SSH keys (public + private)
install the public key into home directory of remote user

15:00:20

#ssh 192.168.15.31

l3-agent is already running: pid=18734; pidfile=/root/.lilalo/l3-agent.pid
[root@fbsd1 ~]# exit
logout
Connection to 192.168.15.31 closed.

15:00:39

#ssh-keygen -P

ssh-keygen: option requires an argument -- P
Usage: ssh-keygen [options]
Options:
  -a trials   Number of trials for screening DH-GEX moduli.
  -B          Show bubblebabble digest of key file.
  -b bits     Number of bits in the key to create.
  -C comment  Provide new comment.
  -c          Change comment in private and public key files.
  -e          Convert OpenSSH to RFC 4716 key file.
  -F hostname Find hostname in known hosts file.
...
  -p          Change passphrase of private key file.
  -q          Quiet.
  -R hostname Remove host from known_hosts file.
  -r hostname Print DNS resource record.
  -S start    Start point (hex) for generating DH-GEX moduli.
  -T file     Screen candidates for DH-GEX moduli.
  -t type     Specify type of key to create.
  -v          Verbose.
  -W gen      Generator to use for generating DH-GEX moduli.
  -y          Read private key file and print public key.

15:02:41

#ssh-keygen -p

Enter file in which the key is (/root/.ssh/id_rsa):
/root/.ssh/id_rsa: No such file or directory

15:02:51

#ssh-keygen -p

Enter file in which the key is (/root/.ssh/id_rsa): /root/.ssh/id_dsa
Key has comment '/root/.ssh/id_dsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
passphrase too short: have 3 bytes, need > 4
Saving the key failed: /root/.ssh/id_dsa.

15:03:06

#ssh-keygen -p

Enter file in which the key is (/root/.ssh/id_rsa): /root/.ssh/id_dsa
Key has comment '/root/.ssh/id_dsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.

15:03:22

#ssh 192.168.15.31

Enter passphrase for key '/root/.ssh/id_dsa':
l3-agent is already running: pid=18734; pidfile=/root/.lilalo/l3-agent.pid
[root@fbsd1 ~]# exit
logout
Connection to 192.168.15.31 closed.

15:03:33

#eval `ssh-agent`

Agent pid 5862

15:03:44

#ssh-add

Enter passphrase for /root/.ssh/id_dsa:
Identity added: /root/.ssh/id_dsa (/root/.ssh/id_dsa)

15:03:50

#ssh 192.168.15.31

l3-agent is already running: pid=18734; pidfile=/root/.lilalo/l3-agent.pid
[root@fbsd1 ~]# exit
logout
Connection to 192.168.15.31 closed.

15:03:57

#eval $(ssh-agent)

install the public key into home directory of remote user
install the public key into home directory of remote user

15:04:24

#ssh 192.168.15.31

l3-agent is already running: pid=18734; pidfile=/root/.lilalo/l3-agent.pid
[root@fbsd1 ~]#
[root@fbsd1 ~]#
[root@fbsd1 ~]# ipfw list
00100 allow tcp from any to me dst-port 22
00200 allow tcp from me 22 to any
00300 allow udp from me to any dst-port 53 keep-state
00400 allow icmp from me to any keep-state
65535 deny ip from any to any
[root@fbsd1 ~]# ipfw add 65000 reset tcp from any to any
65000 reset tcp from any to any
[root@fbsd1 ~]# exit
logout
Connection to 192.168.15.31 closed.

прошло 22 минуты

15:26:50

#nmap -T 192.168.15.31

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 13:26 UTC
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.022 seconds

15:26:58

#nmap -T4 192.168.15.31

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-17 13:27 UTC
Interesting ports on 192.168.15.31:
Not shown: 1714 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 1 IP address (1 host up) scanned in 2.901 seconds

15:27:04

#ssh 192.168.15.31

l3-agent is already running: pid=18734; pidfile=/root/.lilalo/l3-agent.pid
[root@fbsd1 ~]# ipfw list
00100 allow tcp from any to me dst-port 22
00200 allow tcp from me 22 to any
00300 allow udp from me to any dst-port 53 keep-state
00400 allow icmp from me to any keep-state
65000 reset tcp from any to any
65535 deny ip from any to any
[root@fbsd1 ~]# exit
logout
Connection to 192.168.15.31 closed.

15:29:06

#ssh 192.168.15.7

ssh: connect to host 192.168.15.7 port 22: No route to host

15:29:43

#route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
0.0.0.0         10.0.35.1       0.0.0.0         UG    0      0        0 eth0

прошло 42 минуты

16:12:15

#ping google.com

PING google.com (72.14.205.100) 56(84) bytes of data.
64 bytes from qb-in-f100.google.com (72.14.205.100): icmp_seq=1 ttl=245 time=206 ms
64 bytes from qb-in-f100.google.com (72.14.205.100): icmp_seq=2 ttl=245 time=163 ms
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1003ms
rtt min/avg/max/mdev = 163.357/184.757/206.157/21.400 ms

16:12:19

#ping mail.ru

PING mail.ru (10.0.35.1) 56(84) bytes of data.
64 bytes from 10.0.35.1: icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from 10.0.35.1: icmp_seq=2 ttl=64 time=0.105 ms
--- mail.ru ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.086/0.095/0.105/0.013 ms

16:12:51

#ping yandex.ru

PING yandex.ru (10.0.35.1) 56(84) bytes of data.
64 bytes from 10.0.35.1: icmp_seq=1 ttl=64 time=0.081 ms
--- yandex.ru ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.081/0.081/0.081/0.000 ms

16:12:56

#dig mail.ru ns

l3script: dig: command not found

Статистика

Время первой команды журнала 12:05:36 2008-12-17

Время последней команды журнала 16:12:56 2008-12-17

Количество командных строк в журнале 94

Процент команд с ненулевым кодом завершения, % 14.89

Процент синтаксически неверно набранных команд, % 1.06

Суммарное время работы с терминалом ^*, час 2.44

Количество командных строк в единицу времени, команда/мин 0.64

Частота использования команд

`nmap`	11	\|=========\| 9.40%
`l3mass_upload`	9	\|=======\| 7.69%
`ping`	8	\|======\| 6.84%
`#^`	7	\|=====\| 5.98%
`apt-get`	6	\|=====\| 5.13%
`less`	6	\|=====\| 5.13%
`ssh`	6	\|=====\| 5.13%
`ssh-keygen`	5	\|====\| 4.27%
`find`	4	\|===\| 3.42%
`nbtscan`	3	\|==\| 2.56%
`perl`	3	\|==\| 2.56%
`echo`	3	\|==\| 2.56%
`ls`	3	\|==\| 2.56%
`date`	3	\|==\| 2.56%
`apt-cache`	3	\|==\| 2.56%
`whois`	3	\|==\| 2.56%
`eval`	2	\|=\| 1.71%
`LANG=ru_RU.UTF-8`	2	\|=\| 1.71%
`wget`	2	\|=\| 1.71%
`(echo`	2	\|=\| 1.71%
`route`	2	\|=\| 1.71%
`xargs`	2	\|=\| 1.71%
`sleep`	1	\|\| 0.85%
`LANG=de_DE.UTF-8`	1	\|\| 0.85%
`:q!`	1	\|\| 0.85%
`cd`	1	\|\| 0.85%
`dpkg-reconfigure`	1	\|\| 0.85%
`wc`	1	\|\| 0.85%
`rnd_ua_ips`	1	\|\| 0.85%
`do`	1	\|\| 0.85%
`gqview`	1	\|\| 0.85%
`iconv`	1	\|\| 0.85%
`dig`	1	\|\| 0.85%
`touch`	1	\|\| 0.85%
`ssh-add`	1	\|\| 0.85%
`for`	1	\|\| 0.85%
`john`	1	\|\| 0.85%
`ec`	1	\|\| 0.85%
`vi`	1	\|\| 0.85%
`kill`	1	\|\| 0.85%
`exploit`	1	\|\| 0.85%
`LANG=fr_FR.UTF-8`	1	\|\| 0.85%
`setxkbmap`	1	\|\| 0.85%
`done`	1	\|\| 0.85%

____
*) Интервалы неактивности длительностью 30 минут и более не учитываются

Справка

Для того чтобы использовать LiLaLo, не нужно знать ничего особенного: всё происходит само собой. Однако, чтобы ведение и последующее использование журналов было как можно более эффективным, желательно иметь в виду следующее:

В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l

bash: l: command not found
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4
Обратите внимание на то, что код завершения команды может быть отличен от нуля не только в тех случаях, когда команда была выполнена с ошибкой. Многие команды используют код завершения, например, для того чтобы показать результаты проверки

Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

$ find / -name abc

find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C

Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id

uid=0(root) gid=0(root) Gruppen=0(root)
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc

2a3,5 > if [ -f /usr/local/etc/bash_completion ]; then > . /usr/local/etc/bash_completion > fi
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc
В данном случае изменения применяются к файлу ~/.bashrc
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.

Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
```
$ whoami
```
```
user
```
```
$ #^ Интересно, кто я?
```
в журнале это будет выглядеть так:
```
$ whoami
```
```
user
```
Интересно, кто я?

Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:

$ whoami

user

$ cat > /dev/null #^ Интересно, кто я?

Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

В журнале это будет выглядеть так:

$ whoami

user

Интересно, кто я?

Программа whoami выводит имя пользователя, под которым
мы зарегистрировались в системе.

Она не может ответить на вопрос о нашем назначении
в этом мире.

Для разделения нескольких абзацев между собой используйте символ "-", один в строке.

Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=

Содержимое файла может быть показано в журнале. Для этого его нужно вывести с помощью программы cat. Если вывод команды отметить симоволами #!, содержимое файла будет показано в журнале в специально отведённой для этого секции.

Для того чтобы вставить скриншот интересующего вас окна в журнал, нужно воспользоваться командой l3shot. После того как команда вызвана, нужно с помощью мыши выбрать окно, которое должно быть в журнале.

Команды в журнале расположены в хронологическом порядке. Если две команды давались одна за другой, но на разных терминалах, в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.
```
1
    2
3   
    4
```
Группы команд, выполненных на разных терминалах, разделяются специальной линией. Под этой линией в правом углу показано имя терминала, на котором выполнялись команды. Для того чтобы посмотреть команды только одного сенса, нужно щёкнуть по этому названию.

О программе

LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008

$Id$