:::: MENU ::::

Posts Categorized / Linux

  • Dec 02 / 2014
  • 0

Testing an ISO or an USB bootable drive with QEMU

If you want to test an ISO image or a bootable USB drive you just prepared, you can do it very easily thanks to QEMU with a simple command-line. Obviously, you will need to install the QEMU package first so you can use it. For example on a Debian-based distribution:

sudo apt-get install qemu qemu-system qemu-utils

For USB drive testing, plug the USB key and get the name of device (checking dmesg if necessary and ensure that the drive is not mounted automatically). Afterwards you can launch:

sudo /usr/bin/qemu-system-x86_64 -hda /dev/sdb -m 1G

For ISO testing, just get the path of your ISO image and launch:

sudo /usr/bin/qemu-system-x86_64 -cdrom /path/to/image.iso -m 1G

It will launch an emulator with 1G RAM (-m option). As it’s emulated, there is a lot of things that won’t work and I recommend you to use this only for simple testing purposes (no network access or usb port enabled by default for example). All of these can surely be configured with a more complete command-line, but I invite you to read full QEMU documentation for doing that.

Here you go ūüėČ !

  • Nov 24 / 2014
  • 0

NMap main command-lines

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Standard scan with OS/Version discovery using SYN messages (option -n implies DNS resolution)

nmap -A -sS [host]
nmap -A -sS -n [host]

Scan without usual active hosts discovery

nmap -A -PN [host]

Scan of all opened UDP ports on host

nmap -A -sU [host]

Specify ports you want to scan (UDP and/or TCP)

nmap -pU:53,137,T:21-25,80,8080 [host]

Check if an host is existing on network

nmap -sP [host]

Scan an entire IP range

nmap -A 192.168.0-255

Usurp source IP address. Here, we are scanning [host] through eth1 interface using ip from port 443

nmap -S -g 443 -e eth1 -P0 [host]

Usurp MAC address

nmap --spoof-mac 00:01:02:03:04:05 [host]
nmap --spoof-mac Cisco [host]

Trace  packets and data you just sent/received (can be used when you are using usurpation)

nmap --packet-trace -S192.168.0.1 -eth1 [host]

Choose an output file for getting results

nmap -oN results [host]
nmap -oX results.xml [host]

For each of previous commands, you can use:

  • -v to get a verbose mode
  • -T[0-5] to define an “aggressivity” profile for the scan (usually, T4 is used)

More information on official website : http://www.nmap.org

  • Nov 18 / 2014
  • 0

Find main DNS servers for a given domain name

It can be useful to find the main DNS servers for a domain name and see if you can query it directly to ensure the value you got from your DNS server is the most recent. For this, you can simply use nslookup tools, which is available by default on either most Unix distributions and also on Windows.

~$ nslookup
> set querytype=soa
> python.org

Non-authoritative answer:
	origin = ns1.p11.dynect.net
	mail addr = infrastructure-staff.python.org
	serial = 2014110501
	refresh = 3600
	retry = 600
	expire = 604800
	minimum = 3600

Authoritative answers can be found from:
python.org	nameserver = ns2.p11.dynect.net.
python.org	nameserver = ns4.p11.dynect.net.
python.org	nameserver = ns1.p11.dynect.net.
python.org	nameserver = ns3.p11.dynect.net.
ns1.p11.dynect.net	internet address =
ns2.p11.dynect.net	internet address =
ns3.p11.dynect.net	internet address =
ns4.p11.dynect.net	internet address =

Here you can see you got the main NS servers for the domain name “python.org” with the IP addresses associated for each NS.

  • Jul 25 / 2014
  • 0

Encrypt Hard Drive Disk under Linux – LUKS and cryptsetup

You want to add a new hard drive disk (or a new partition) to your Linux system but this disk will contain some private data then you want it to be encrypted so you can restrict its access to whom will have the key.

Be careful, there are some parameters you have to take in consideration before performing these actions:

  • The passphrases used for encryption will never been saved, you have to be really careful about this and do not lose it. If you do, it will be impossible to retrieve data on this disk.
  • The encryption will impact your system performances (due to the CPU usage for encrypt/decrypt actions). Be sure that you use this disk for passive data (avoid any executables files for example), and prefer newest CPU with latest instructions set for AES so the performances can be improved (AES-NI).

I am going to present here the encryption of a new disk (pretty small, a 1GB disk for the example) identified as /dev/sdb on the system:

~$ sudo fdisk -l /dev/sdb

Disk /dev/sdb: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/sdb doesn't contain a valid partition table

First of all, we need to install tools, like cryptsetup that we will use to encrypt/decrypt our disk (it’s a system tool allowing dm-crypt/LUKS encryption on hard drive, partition or even file):

~$ sudo apt-get install cryptsetup

We can now indicate that we want to crypt our /dev/sdb disk using AES and a hash alorithm SHA-256:

~$ sudo cryptsetup luksFormat -c aes -h sha256 /dev/sdb

You will get a confirmation message to which you will have to type “YES” to validate. Then, you will be asked for the passphrase you want to use (this password won’t be saved, so don’t forget it!) to encrypt your data:

This will overwrite data on /dev/sdb irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:

If you want to add some other keys for this encryption, you can do it using this following command:

~$ sudo cryptsetup luksAddKey /dev/sdb

Thanks to this command, you can add up to 8 different keys for the disk, allowing up to 8 different users to access to these data (by using each one its own passphrase):

You can also check whenever you want the state of the slots (used or not) so you can manage the keys. For that, you can just use this command:

~$ sudo cryptsetup luksDump /dev/sdb
LUKS header information for /dev/sdb

Version:        1
Cipher name:    aes
Cipher mode:    cbc-plain
Hash spec:      sha256
Payload offset: 4096
MK bits:        256
MK digest:      48 1c 08 25 ff 51 ad 53 ff f1 07 5d f9 b1 c2 10 21 70 d9 9e
MK salt:        c4 6b b3 d5 b5 18 ac ce 2d e6 84 14 0b c3 74 82
                46 7f 8a ae 77 29 85 34 70 7a 19 21 4b e5 ac 4c
MK iterations:  22625
UUID:           441706d5-9c07-4b33-bff0-ccd9232a0da3

Key Slot 0: ENABLED
        Iterations:             90691
        Salt:                   38 3a 7c eb 7f 17 b3 72 eb 6d 7b 80 c9 f0 1e 77
                                a5 56 28 a5 eb 7c 4a 1e b4 e4 a7 b9 e1 7c 88 b4
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Now that the disk is encrypted, we need to create our partition and our file system so we can use it. We will decrypt our disk in a first time and create the mapping with a custom name encrypteddata:

~$ sudo cryptsetup luksOpen /dev/sdb encrypteddata

Right now, we can find this new mapping under /dev/mapper:

~$ ls /dev/mapper/
control  encrypteddata

We can now work with this new mapping point. A mapping for an encrypted disk can be checked at any time by using the parameter status of cryptsetup command:

~$ sudo cryptsetup -v status encrypteddata
/dev/mapper/encrypteddata is active.
  type:    LUKS1
  cipher:  aes-cbc-plain
  keysize: 256 bits
  device:  /dev/sdb
  offset:  4096 sectors
  size:    2093056 sectors
  mode:    read/write
Command successful.

Then, we will create our partition and our file system with ext3:

~$ sudo mkfs.ext3 /dev/mapper/encrypteddata
mke2fs 1.42 (29-Nov-2011)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
65408 inodes, 261632 blocks
13081 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=268435456
8 block groups
32768 blocks per group, 32768 fragments per group
8176 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376

Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

We are now able to mount our new decrypted disk on any local point to read/write its content:

~$ sudo mount -t ext3 /dev/mapper/encrypteddata /mnt/

Our disk is now available on /mnt:

~$ ls /mnt/

To close an encrypted disk, you will need to unmount it and then use the luksClose method:

~$ sudo umount /mnt
~$ sudo cryptsetup luksClose /dev/mapper/encrypteddata

The disk is now closed and encrypted again until someone will open it.

You can also choose to mount thi sdisk automatically on system start-up. For that, you will use /etc/crypttab file to define the encrypted volume configuration and then the /etc/fstab to define its mount (as you used to do for a standard disk). Using this mechanism, the key to decrypt the disk will be asked on system start-up:

~$ cat /etc/crypttab
encrypteddata   /dev/sdb        none       luks
~$ cat /etc/fstab
# /etc/fstab: static file system information.
/dev/mapper/encrypteddata       /mnt            ext3    defaults        0       1

Warning: if there is already a line existing in /etc/fstab for this disk, you will need to comment it so you don’t get any error on start-up.

Right now, you know how to encrypt your own disk ūüėČ !

  • Jun 06 / 2014
  • 0

Testing website using telnet (SSL/HTTPS)

When developping a website, you could need to send custom requests to your server so you can analyze its behavior and its responses.

If you’re not using secured protocol, that’s easy, you just need to connect to port 80 (usually) on your server and send your request as:

telnet www.python.org 80
GET /index.html HTTP/1.1
Host: www.python.org

You will immediately get the server response with the headers:

HTTP/1.1 301 Moved Permanently
Server: Varnish
Retry-After: 0
Location: https://www.python.org/index.html
Content-Length: 0
Accept-Ranges: bytes
Date: Fri, 06 Jun 2014 22:14:49 GMT
Via: 1.1 varnish
Connection: close
X-Served-By: cache-fra1229-FRA
X-Cache: MISS
X-Cache-Hits: 0
Strict-Transport-Security: max-age=63072000; includeSubDomains

But now, if you want to send the same request to a server running on secured protocol (as HTTPS on port 443), you can’t use this method given that the request will be sent in plain text and the server won’t be able to understand¬†it.

You will need to use the tool s_client provided with openssl. Once the tool is started, you wil immediately receive the certificate informations and will be able to send your request:

openssl s_client -connect www.python.org:443
GET /index.html HTTP/1.1
Host: www.python.org

You will immediately get the server response with the headers as previously (in my example, a 404 error is sent back due to a non-existing page requested):

Date: Fri, 06 Jun 2014 22:23:47 GMT
Server: nginx
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Content-Length: 28918
Accept-Ranges: bytes
Via: 1.1 varnish
Age: 0
X-Served-By: cache-lcy1128-LCY
X-Cache: MISS
X-Cache-Hits: 0
Vary: Cookie
Strict-Transport-Security: max-age=63072000; includeSubDomains

That’s all folk¬†ūüėČ !

  • Apr 03 / 2014
  • 0

Setup multiple default routes on Linux

The problem ?

Your system is running on Linux with multiple physical network interface cards (NIC) and each card has its own default gateway. By default, you can only set up a single default gateway on a system.

In our example, we will consider 2 NICs (eth0 and eth1) enabled with default gateway configured on eth0 interface.


On this scheme, we can imagine two different cases:

  1. The flow coming into eth0 will be returned through eth0 (default gateway)
  2. The flow coming into eth1 will be returned through eth0 (default gateway)

In the first case, there is no problem, each NIC will work independently but in the second case, if you configured default gateway on eth0, whatever the network card receiving the request, it will answer through eth0 which is the default gateway.


The solution will be to use a program called iproute2, which is included and installed in all current Linux distributions. The expected result is:

  1. The flow coming into eth0 is returned through eth0
  2. The flow coming into eth1 is returned through eth1

It should so look like the following scheme:


First of all, you will have to define new routing tables in the file /etc/iproute2/rt_tables by defining your own tables. Here, we are defining two new tables called rt0 and rt1:

# reserved values
255     local
254     main
253     default
0       unspec
# local
125     rt0
225     rt1

Afterwards, you will have to configure your network cards (under /etc/network/interfaces if you’re running on a Debian-like system) as below:

auto eth0
iface eth0 inet static
        post-up /sbin/ip route add default via dev eth0 table rt0
        post-up /sbin/ip rule add from table rt0
        pre-down /sbin/ip route del default via dev eth0 table rt0
        pre-down /sbin/ip rule del from table rt0

auto eth1
iface eth1 inet static
        post-up /sbin/ip route add default via dev eth1 table rt1
        post-up /sbin/ip rule add from table rt1
        pre-down /sbin/ip route del default via dev eth1 table rt1
        pre-down /sbin/ip rule del from table rt1

And now, restart your networking service to set this new configuration up. This will be permanent.

You can now connect to your server using both interfaces, and it will automatically answer correctly through the good gateway !

Question ? Contact