Nmap Cheat Sheet

Posted on by phong

https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/

Nmap has a multitude of options and when you first start playing with this excellent tool it can be a bit daunting. In this cheat sheet you will find a series of practical example commands for running Nmap and getting the most of this powerful tool.

Keep in mind that this cheat sheet merely touches the surface of the available options. The Nmap Documentation portal is your reference for digging deeper into the options available.

Nmap Target Selection

Scan a single IP nmap 192.168.1.1
Scan a host nmap www.testhostname.com
Scan a range of IPs nmap 192.168.1.1-20
Scan a subnet nmap 192.168.1.0/24
Scan targets from a text file nmap -iL list-of-ips.txt

These are all default scans, which will scan 1000 TCP ports. Host discovery will take place.

Nmap Port Selection

Scan a single Port nmap -p 22 192.168.1.1
Scan a range of ports nmap -p 1-100 192.168.1.1
Scan 100 most common ports (Fast) nmap -F 192.168.1.1
Scan all 65535 ports nmap -p- 192.168.1.1

Nmap Port Scan types

Scan using TCP connect nmap -sT 192.168.1.1
Scan using TCP SYN scan (default) nmap -sS 192.168.1.1
Scan UDP ports nmap -sU -p 123,161,162 192.168.1.1
Scan selected ports – ignore discovery nmap -Pn -F 192.168.1.1

Privileged access is required to perform the default SYN scans. If privileges are insufficient a TCP connect scan will be used. A TCP connect requires a full TCP connection to be established and therefore is a slower scan. Ignoring discovery is often required as many firewalls or hosts will not respond to PING, so could be missed unless you select the -Pn parameter. Of course this can make scan times much longer as you could end up sending scan probes to hosts that are not there.

Take a look at the Nmap Tutorial for a detailed look at the scan process.

Service and OS Detection

Detect OS and Services nmap -A 192.168.1.1
Standard service detection nmap -sV 192.168.1.1
More aggressive Service Detection nmap -sV –version-intensity 5 192.168.1.1
Lighter banner grabbing detection nmap -sV –version-intensity 0 192.168.1.1

Service and OS detection rely on different methods to determine the operating system or service running on a particular port. The more aggressive service detection is often helpful if there are services running on unusual ports. On the other hand the lighter version of the service will be much faster as it does not really attempt to detect the service simply grabbing the banner of the open service.

Nmap Output Formats

Save default output to file nmap -oN outputfile.txt 192.168.1.1
Save results as XML nmap -oX outputfile.xml 192.168.1.1
Save results in a format for grep nmap -oG outputfile.txt 192.168.1.1
Save in all formats nmap -oA outputfile 192.168.1.1

The default format could also be saved to a file using a simple file redirect command > file. Using the -oN option allows the results to be saved but also can be monitored in the terminal as the scan is under way.

Digging deeper with NSE Scripts

Scan using default safe scripts nmap -sV -sC 192.168.1.1
Get help for a script nmap –script-help=ssl-heartbleed
Scan using a specific NSE script nmap -sV -p 443 –script=ssl-heartbleed.nse 192.168.1.1
Scan with a set of scripts nmap -sV –script=smb* 192.168.1.1

According to my Nmap install there are currently 471 NSE scripts. The scripts are able to perform a wide range of security related testing and discovery functions. If you are serious about your network scanning you really should take the time to get familiar with some of them.

The option --script-help=$scriptname will display help for the individual scripts. To get an easy list of the installed scripts try locate nse | grep script.

You will notice I have used the -sV service detection parameter. Generally most NSE scripts will be more effective and you will get better coverage by including service detection.

A scan to search for DDOS reflection UDP services

Scan for UDP DDOS reflectors nmap –sU –A –PN –n –pU:19,53,123,161 –script=ntp-monlist,dns-recursion,snmp-sysdescr 192.168.1.0/24

UDP based DDOS reflection attacks are a common problem that network defenders come up against. This is a handy Nmap command that will scan a target list for systems with open UDP services that allow these attacks to take place. Full details of the command and the background can be found on the Sans Institute Blog where it was first posted.

HTTP Service Information

Gather page titles from HTTP services nmap –script=http-title 192.168.1.0/24
Get HTTP headers of web services nmap –script=http-headers 192.168.1.0/24
Find web apps from known paths nmap –script=http-enum 192.168.1.0/24

There are many HTTP information gathering scripts, here are a few that are simple but helpful when examining larger networks. Helps in quickly identifying what the HTTP service is that is running on the open port. Note the http-enumscript is particularly noisy. It is similar to Nikto in that it will attempt to enumerate known paths of web applications and scripts. This will inevitably generated hundreds of 404 HTTP responses in the web server error and access logs.

Detect Heartbleed SSL Vulnerability

Heartbleed Testing nmap -sV -p 443 –script=ssl-heartbleed 192.168.1.0/24

Heartbleed detection is one of the available SSL scripts. It will detect the presence of the well known Heartbleed vulnerability in SSL services. Specify alternative ports to test SSL on mail and other protocols (Requires Nmap 6.46).

IP Address information

Find Information about IP address nmap –script=asn-query,whois,ip-geolocation-maxmind 192.168.1.0/24

Gather information related to the IP address and netblock owner of the IP address. Uses ASN, whois and geoip location lookups. See the IP Tools for more information and similar IP address and DNS lookups.

Remote Scanning

Testing your network perimeter from an external perspective is key when you wish to get the most accurate results. By assessing your exposure from the attackers perspective you can validate firewall rule audits and understand exactly what is allowed into your network. This is the reason we offer a hosted or online version of the Nmap port scanner. To enable remote scanning easily and effectively because anyone who has played with shodan.io knows very well how badly people test their perimeter networks.

Additional Resources

The above commands are just a taste of the power of Nmap. Check out the full set of features by running Nmap with no options. The creator of Nmap Fyodor has a book available that covers the tool in depth. You could also check out our Nmap Tutorial that has more information and tips.

Install Kopano on Debian 8

Posted on by phong

https://www.pc-howto.com/kopano-der-neue-stern-am-groupwarehimmel-teil-1/

What is Kopano?

Kopano is a fork (a spin-off) of Zarafa. Some components have been adopted, others written from scratch. Kopano is open source, offers a wide range of functions and has a modular structure:

  • core (base for all other components)
  • webapp (fully equipped web GUI a la Outlook Web Access)
  • files (integration of various cloud services, for example: Owncloud / Nextcloud)
  • Web meetings
  • deskapp (Full desktop email client based on a modified Chromium browser! -> Send to … works! -> no Outlook!)
  • mdm (mobile device management)

Operating system platform

As operating system I have (as so often) Debian GNU Linux “Jessie” in use. The base of the installation is basically a LAMP installation. PHP should run as mod_php. Apart from that, there are of course some dependencies that need to be met when installing Kopano.

Sounds complicated, but it is not!

Of course, some other distributions are also supported, such as: OpenSuse, Ubuntu, Fedora, RHEL, SLE ….

If you like working “from scratch”, you can also compile everything yourself. However, this is “not my construction site” ;-).

Where do you get the packages from Kopano?

The community edition packages can be downloaded from the website https://download.kopano.io/community/ . Each directory corresponds to a module (core, deskapp, files …).

Community Edition vs. subscription

If Kopano Community Edition is used, the packages are given in the form of a bleeding edge variant. The packages are nightly-builds.

The packages can / must be downloaded via wget . The installation is done by dpkg .

If a subscription is available , it will be more convenient, because then the Kopano repository can be integrated, which means that the entire package management can be done via apt-get .

Mobile phone synchronization Z-Push

Smartphone users are not too short. Per z-push , which is available for free, ActiveSync is implemented.

Installation LAMP

I’m not going to talk about installing Debian GNU Linux “from scratch” here. I assume that we start from a basic installation.

Since it is also necessary to provide a database and to edit various settings, I also install the phpmyadmin package .

apt-get install mysql-server apache2 phpmyadmin

MySQL facility

There is not much to say about that. Apt-get asks during the setup for a password for the MySQL superadmin “root”. You should definitely set a password here.

As a web server Apache2 is used. This should also be selected in the setup dialog.

Finally , the command mysql_secure_installation should be called. (Remove anonymous user (yes), Dissalid root login remotely (yes), remove Testdb (yes), Reload privilege tables now (yes).

phpmyadmin

For easier management of databases, phpmyadmin will be installed. Again, the setup is completed quickly. After completing the question “Configuring the database for phpmyadmin with dbconfig-common” with YES, entering the MySQL root password and confirming the question for a password for the phpmyadmin user with a return, the installation is complete.

Phpmyadmin should now be accessible via the Internet browser.

Thus, we have created a LAMP basis and can now dedicate ourselves to the Kopanoinstallation.

Install Kopano

Download packages

Kopano’s packages can be downloaded via wget if you do not have a subscription. (Note: subscribers can access the packages directly via apt-get.)

When working with wget, https://download.kopano.io/community/ is the address of choice.

On the Linux server itself, you can create a directory to download the packages into, or you can access the / tmp directory.

cd / tmp

 

wget https://download.kopano.io/community/core:/core-8.4.0~35_19.1-Debian_8.0-amd64.tar.gz

 

wget https://download.kopano.io/community/webapp:/webapp-3.3.0.524_391-Debian_8.0-all.tar.gz

 

wget https://download.kopano.io/community/files:/files-2.1.0.74-Debian_8.0-amd64.tar.gz
wget https://download.kopano.io/community/mdm:/mdm-2.1 .0.20_16-Debian_8.0-all.tar.gz

Note: The file names change daily (version number -> da nightlies)

After downloading, the * .tar.gz files will be unpacked. Per unpacked file, a corresponding subdirectory is automatically created.

Unzip and install the Kopano-core

tar xfvz core-8.4.0 ~ 35_19.1-Debian_8.0-amd64.tar.gz

cd core-8.4.0 ~ 35_19.1-Debian_8.0-amd64

dpkg -i * .deb

The installation attempt fails because there are unresolved dependencies. In fact, you get the message: “Errors occurred while editing:”

Clean up unresolved dependencies

Apt would not be apt if there were no easy solution to this circumstance.

apt-get install -f

This command will “trace” all missing packets.

Kopano-core – second attempt

At the Instano of Kopano-Core no unresolved dependencies should be displayed anymore.

Kopano Webapp

When installing the webapp is now the same procedure, as in “Core”. Unpack the tag.gz file, change to the directory where the unpacked .deb files are located + install with dpkg.

tar xvfz webapp-3.3.0.524_391-Debian_8.0-all.tar.gz
cd webapp-3.3.0.524_391-Debian_8.0-all
dpkg -i * .deb

Again, missing dependencies will lead to problems during installation. Again, apt-get solves the problem.

apt-get -f install

Finally, the installation of the webapp is no longer a problem. (In the directory where the unpacked files of the webapp are):

dpkg -i * .deb

In order to activate the configuration of the Webbapp, the Apache web server must be restarted or the configuration must be read in again.

service apache2 reload

or

service apache2 restart

Is the webapp available?

This can be tested very easily using a browser.

http: // <FQDN or IP> / webapp

The basic installation of Kopano-Core and the webapp are now complete. But this is so far purely the frontend! The database connection is not yet available.

Set up MySQL database

By phpmyadmin this project is not too big a problem.

First, create a new database.

and a user

The conclusion is the assignment of user authorizations. (Database kopano / user kopano)

Customize the Kopano-Core configuration file

For Kopano to get something from the database, the configuration file has to be adjusted.

vim /etc/kopano/server.cfg

In the MYSQL SETTINGS section   (for database_engine = mysql) , the host, DB, DB user and DB password must be stored.

Start Kopano Server

The start of the server should now cause the previously created database to be filled with the necessary tables / fields.

First we stop a running Kopano server.

service copano-server stop

The start

service copano-server start

and the following status check, should give the following picture.

Kopano user

The Kopanobenutzer come in this configuration from the MySQL database and must be created via the Linux console.

Subsequently, a user “gestl” including mail address is created. The user is an administrator and therefore also receives a parameter along the way (-a1).

 kopano-admin -c gestl -p 12init34 -e daniel.gestl@it-yourself.at -f “Daniel Gestl” -a1

Login to the webapp

In order to check whether the configuration work was successful, the login attempt is finally completed.

http: // <FQDN / IP> / webapp

As you can see, the installation is no magic. However, the integration of Postfix is ​​still missing, so that emails can be sent and received. (… and a little finetuning).

I will deal with that in a second article on “Kopano”.

PS: Kopano can do much more!

SALT – BOOTSTRAP – MULTI-PLATFORM

Posted on by phong

https://github.com/saltstack/salt-bootstrap

Salt Bootstrap is a shell script that detects the target platform and selects the best installation method. (Supported Platforms)

ON THE SALT MASTER

Run these commands on the system that you want to use as the central management point.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P -M

Your Salt master can manage itself, so a Salt minion is installed along with the Salt master. If you do not want to install the minion, also pass the -N option.

ON EACH SALT MINION

Run these commands on each system that you want to manage using Salt.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P

https://docs.saltstack.com/en/latest/ref/configuration/index.html

OEM installation and image Ubuntu 18.04

Posted on by phong

You can boot the Ubuntu installer in OEM mode to achieve the result you are after.

When you boot the installation media, hit SHIFT to get to the installation menu, then hit F4 and select ‘OEM Install’.
When Ubuntu has finished booting install the system as usual, you will be prompted for a temporary username and password.

When installation has finished, boot the system and log on with the temporary username and password you created earlier, you can now make any other alterations to the system that you want, for example installing extra software. When you’re all done just double-click on the ‘Prepare for shipping to end user’ icon on the desktop and then shut down the machine, it’s now time to take your image of the drive.

Next time the machine is booted the user will be asked to set up their account.

Enable remote desktop on ubuntu 16.04

Posted on by phong

https://www.krizna.com/ubuntu/enable-remote-desktop-ubuntu-16-04-vnc/

This article explains how to enable remote desktop on ubuntu 16.04 server and cloud versions. Maybe it can be used for desktop versions.
We are going to use VNC package to enable remote desktop connection. So here we can see about installing and configuring VNC service on ubuntu 16.04.

Package installation

First of all we have to install ubuntu desktop and supported packages in order to enable remote desktop on ubuntu server.
So we are going to install ubuntu desktop environment with minimal packages to keeps your server lightweight.
Step 1 » Let’s start. Update the repositories and start installing packages with minimal option. It would take some time to complete.
krizna@leela:~$ sudo apt update
–no-install-recommends key is used to ignore most of all default softwares. So therefore below command only install base packages which is really needed for GUI.
krizna@leela:~$ sudo apt install --no-install-recommends ubuntu-desktop
Step 2 » Now install some additional gnome packages. Most probably these packages will give you best ubuntu look.
krizna@leela:~$ sudo apt install gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal
Step 3 » And finally install vnc4server package.
krizna@leela:~$ sudo apt install vnc4server

Enable remote desktop on ubuntu 16.04

Step 4 » Create a backup of the original vncserver file so that you can restore in case of any issues.
krizna@leela:~$sudo cp /usr/bin/vncserver /usr/bin/vncserver.bkp
Step 5 » And now edit /usr/bin/vncserver file as below.
Find this line
"# exec /etc/X11/xinit/xinitrc\n\n".And add these lines below.
"gnome-session &\n".
"gnome-panel &\n".
"gnome-settings-daemon &\n".
"metacity &\n".
"nautilus &\n".
"gnome-terminal &\n".
Step 5 » Now login as the user and type “vncserver” command to create vnc password and as well as it enables VNC session.
harry@leela:~$ vncserver
You will require a password to access your desktops.
Password:
Verify:
xauth: file /home/harry/.Xauthority does not exist
New 'leela:1 (harry)' desktop is leela:1
Creating default startup script /home/harry/.vnc/xstartup
Starting applications specified in /home/harry/.vnc/xstartup
Log file is /home/harry/.vnc/leela:1.log
Step 6 » So now VNC session is started with session number 1.
Enable remote desktop on ubuntu

You can access using VNC client ( TightVNC ) with ServerIP:sessionnumber ( Ex: 192.168.0.16:1 ) .

Probably you can have multiple sessions by issuing “vncserver” command multiple times and Also you can access using session numbers 192.168.0.16:2, :3 and so on.
Enable remote desktop on ubuntu 16.04

Remote desktop as service

In addition we can configure VNC session as services so that it would start sessions automatically while rebooting the server.
Step 7 » Create service file vncharry@1.service under /etc/systemd/system/ and add below lines.
Replace user name with yours.
So if you want multiple sessions, you need to create another file with same content and have another session number vncharry@2.service.

Step 8 » Start the service and check the status. Before starting the service you must create VNC session password by using “vncserver” or “vncpasswd” command as the user( Refer step 5 ).
krizna@leela:~$ sudo systemctl daemon-reloadkrizna@leela:~$ sudo systemctl start vncharry@1.service
Now check the status . It Should be active and running.
krizna@leela:~# sudo systemctl status vncharry@1.service
● vncharry@1.service - Start TightVNC server at startup
Loaded: loaded (/etc/systemd/system/vncharry@1.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2017-03-29 12:23:18 IST; 3min 47s ago
Process: 2205 ExecStart=/usr/bin/vncserver -depth 24 :%i (code=exited, status=0/SUCCESS)
Process: 2189 ExecStartPre=/usr/bin/vncserver -kill :%i > /dev/null 2>&1 (code=exited, status=2)
Main PID: 2228 (Xvnc4)
CGroup: /system.slice/system-vncharry.slice/vncharry@1.service
‣ 2228 Xvnc4 :1 -desktop leela:1 (harry) -auth /home/harry/.Xauthority -geometry 1024x768 -depth 24 -rfbwait 30000 -rfbauth /home/harry/.vnc/passwd -rfbport 5901 -pn -fp /usr/X
Mar 29 12:23:15 leela systemd[1]: Starting Start TightVNC server at startup...
Mar 29 12:23:15 leela systemd[2189]: pam_unix(login:session): session opened for user harry by (uid=0)
Step 9 » Finally issue below command to make it auto start while reboot.
krizna@leela:~$ sudo systemctl enable vncharry@1.service
Created symlink from /etc/systemd/system/multi-user.target.wants/vncharry@1.service to /etc/systemd/system/vncharry@1.service.
Now the session will be started automatically after the reboot.

Few additional commands

» Restart session using service. You can issue stop and start with the same command.
krizna@leela:~$ sudo systemctl restart vncharry@1.service
» In order to kill particular session manually
harry@leela:~$ vncserver -kill :1
Killing Xvnc4 process ID 1137
» You can set custom screen resolution using -geometry 1280×1024
harry@leela:~$ vncserver -geometry 1280x1024[or]
In the service file edit Execstart line as below
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x1024 :%I
As a result remote desktop window is viewed in 1280×1024 resolution.
» You can reset vnc password using vncpasswd command
harry@leela:~$ vncpasswd
Password:
Verify:

That’s it
Have a good day.

 

Quickly copy a GPT partition scheme from one hard drive to another?

Posted on by phong

https://askubuntu.com/questions/57908/how-can-i-quickly-copy-a-gpt-partition-scheme-from-one-hard-drive-to-another

On a non GPT partition table I can do

sfdisk -d /dev/sda | sfdisk /dev/sdb.

But sfdisk doesn’t support GPT partition tables. What can I use instead?

Solution for GPT:

Install gdisk which is available in the Ubuntu Universe repositories.

Then use the sgdisk command (man page here) to replicate the partition table:

sgdisk /dev/sdX -R /dev/sdY 
sgdisk -G /dev/sdY

The first command copies the partition table of sdX to sdY (be careful not to mix these up). The second command randomizes the GUID on the disk and all the partitions. This is only necessary if the disks are to be used in the same machine, otherwise it’s unnecessary.

 

 

Create RAID with LVM

Posted on by phong

https://blog.programster.org/create-raid-with-lvm

Many Linux users have created RAID arrays using mdadm and do not realize that you can also create a RAID array without it by using LVM.

Installing LVM

You may need to install the LVM packages in order to build these arrays.

sudo apt-get install lvm2
Copy to clipboard

Creating RAID 0

sudo vgcreate [vg name] /dev/sd[x]1 /dev/sd[x2]1 ...
lvcreate -i[num drives] -I[strip size] -l100%FREE -n[lv name] [vg name]
sudo mkfs.[ext4/xfs] /dev/[vg name]/[lv name]
Copy to clipboard
  • Stripe size needs to be a number of the power 2, starting with 4. E.g. 4, 8, 16, 32, 64. If your data is mostly small text files, then use 4. If you are mostly dealing with media then you may want something larger.
  • If you want to use the xfs filesystem, you may need to install xfprogs with sudo apt-get install xfsprogs -y

Creating this RAID array will remove the ability to remove a drive from the VOLUME group later.

Creating RAID 1 (Mirror)

VG_NAME="vg1"
LV_NAME="lvm_raid1"

sudo vgcreate vg1 /dev/sd[x]1 /dev/sd[x]1

sudo lvcreate \
--mirrors 1 \
--type raid1 \
-l 100%FREE \
--nosync \
-n $LV_NAME $VG_NAME

sudo mkfs.[ext4/xfs] /dev/$VG_NAME/$LV_NAME
Copy to clipboard

Creating RAID 5 (Parity)

VG_NAME="vg1"
LV_NAME="lvm_raid1"

sudo vgcreate vg1 /dev/sd[x]1 /dev/sd[x]1 /dev/sd[x]1

sudo lvcreate \
--type raid5 \
-l 100%FREE \
--nosync \
-n $LV_NAME $VG_NAME

sudo mkfs.[ext4/xfs] /dev/$VG_NAME/$LV_NAME