Wednesday, August 31, 2011

Grep and MD5SUM recursively :-)

If we need to grep for a particular word "cursor.execure" recursively with respect to current directory and all the subfolders do as shown below.

root@ubuntu:/var/www/cuckoo/cuckoo# grep -i "cursor.execute" -R .
./submit.py:    cursor.execute("SELECT * FROM queue WHERE target
./submit.py:    cursor.execute(sql)
./cuckoo/db.py: cursor.execute("CREATE TABLE queue (\n"               \
./cuckoo/db.py: self._cursor.execute("SELECT * FROM queue "        \
./cuckoo/db.py: self._cursor.execute("SELECT id FROM queue WHERE
./cuckoo/db.py: self._cursor.execute("UPDATE queue SET lock = 1 WHE
./cuckoo/db.py: self._cursor.execute("SELECT id FROM queue WHERE id = ./cuckoo/db.py: self._cursor.execute("UPDATE queue SET lock = 0 WHERE ./cuckoo/db.py: self._cursor.execute("SELECT id FROM queue WHERE id ./cuckoo/db.py: self._cursor.execute("UPDATE queue SET lock = 0, "  
root@ubuntu:/var/www/cuckoo/cuckoo#


To do MD5Sum recursively :-)

find . -type f -print0 | xargs -0 md5sum
 
85d745532558a575c1809fa35ac50ff2  ./impress.js
402f032048a9f560a4b18010509583dc  ./index.html
85d745532558a575c1809fa35ac50ff2  ./bala/impress.js 

Creating Chart in OpenOffice

Hi

Watch this small screen casting which I made to show how to create Chart using OpenOffice.


http://www.youtube.com/watch?v=zK0qBGO5G58

I found this very useful link too,  I am no way endorsing that link, however I liked it :-)

http://www.learnopenoffice.org/calccontents.htm

Sunday, August 28, 2011

Adding htpasswd to Apache

If we want to protect certain directories in Apache with a password then we need to edit the file

/etc/apache2/sites-available/default

STEP1: Copy paste these lines in there, base is the folder which I am trying to protect.

   

STEP2: Now restart apache.

root@test:/etc/apache2# /etc/init.d/apache2 restart
 * Restarting web server apache2   .... Waiting [ OK ]
root@test:/etc/apache2#


STEP3: Now we need to create a file called as .htaccess under the folder we want to protect and enter these lines in there.

AuthUserFile /etc/apache2/base_passwords
AuthName "Authorization Required"
AuthType Basic
require valid-user

Here base_passwords is the file which will store the passwords.

STEP4:To create base_passwords follow the steps give below.

root@test:/etc/apache2# htpasswd -c base_passwords bala
New password:
Re-type new password:
Adding password for user bala
root@test:/etc/apache2# cat base_passwords
bala:.GaT2yBDJ4Mu2ser4DR54GRR3


Wola now when we type the url http://localhost/base we will get an authorization prompt.

PHP installation on Ubuntu

https://help.ubuntu.com/10.04/serverguide/C/php5.html


PHP5 - Scripting Language

PHP is a general-purpose scripting language suited for Web development. The PHP script can be embedded into HTML. This section explains how to install and configure PHP5 in Ubuntu System with Apache2 and MySQL.
This section assumes you have installed and configured Apache2 Web Server and MySQL Database Server. You can refer to Apache2 section and MySQL sections in this document to install and configure Apache2 and MySQL respectively.

Installation

The PHP5 is available in Ubuntu Linux.
  • To install PHP5 you can enter the following command in the terminal prompt:
    sudo apt-get install php5 libapache2-mod-php5

    You can run PHP5 scripts from command line. To run PHP5 scripts from command line you should install php5-cli package. To install php5-cli you can enter the following command in the terminal prompt:
    sudo apt-get install php5-cli

    You can also execute PHP5 scripts without installing PHP5 Apache module. To accomplish this, you should install php5-cgi package. You can run the following command in a terminal prompt to install php5-cgi package:
    sudo apt-get install php5-cgi

    To use MySQL with PHP5 you should install php5-mysql package. To install php5-mysql you can enter the following command in the terminal prompt:
    sudo apt-get install php5-mysql

    Similarly, to use PostgreSQL with PHP5 you should install php5-pgsql package. To install php5-pgsql you can enter the following command in the terminal prompt:
    sudo apt-get install php5-pgsql

Configuration

Once you install PHP5, you can run PHP5 scripts from your web browser. If you have installed php5-cli package, you can run PHP5 scripts from your command prompt.
By default, the Apache 2 Web server is configured to run PHP5 scripts. In other words, the PHP5 module is enabled in Apache2 Web server automatically when you install the module. Please verify if the files /etc/apache2/mods-enabled/php5.conf and /etc/apache2/mods-enabled/php5.load exist. If they do not exists, you can enable the module using a2enmod command.
Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you should restart Apache2 Web server to run PHP5 scripts. You can run the following command at a terminal prompt to restart your web server:
sudo /etc/init.d/apache2 restart 

Testing

To verify your installation, you can run following PHP5 phpinfo script:
phpinfo();
?>
You can save the content in a file phpinfo.php and place it under DocumentRoot directory of Apache2 Web server. When point your browser to http://hostname/phpinfo.php, it would display values of various PHP5 configuration parameters.

Saturday, August 27, 2011

WOW BIGBLUEBUTTON :-)

http://code.google.com/p/bigbluebutton/

I would like to have this built for myself, to host my own meeting :-)

Slidecasting-recorder

http://code.google.com/p/slidecasting-recorder/

I don't think that this would be able to show mouse movements oppose to gtk record my desktop.

SANS Cheat Sheet


www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

Sunday, August 21, 2011

Snort libdnet

http://forums.snort.org/forums/snort-newbies/topics/libdnet-not-found

whereis libdnet

LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH

Syslogging in Ubuntu

In order to log something to syslog in Ubuntu we need to edit the file.

#gedit /etc/rsyslog.d/50-default.conf

#Snort - Alerts
local0.*            /var/log/snort/snort_alerts_syslog.log

Then we need to restart the syslog so that it will reread the config file.

#service rsyslog restart

Now once this is done we can go inside the /var/log/snort/ folder and list it to see if the new file is created or not.

Friday, August 19, 2011

VirtualBox just permanent share

bala@bala-desktop:~$ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
#              
HOST_SHARE    /home/bala/share1    vboxsf    rw,uid=1000,gid=1000    0    0
bala@bala-desktop:~$

Wednesday, August 17, 2011

Tasklist & taskkill

c:\Temp>tasklist /FI "IMAGENAME eq USBDeview.exe"

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
USBDeview.exe                 9860 Services                   0      5,308 K

c:\Temp>taskkill /FI "IMAGENAME eq USBDeview.exe"
ERROR: The process with PID 9860 could not be terminated.
Reason: This process can only be terminated forcefully (with /F option).

c:\Temp>taskkill /F /FI "IMAGENAME eq USBDeview.exe"
SUCCESS: The process with PID 9860 has been terminated.

c:\Temp>del /F USBDeview.exe

c:\Temp>del /F usb.html

Sunday, August 14, 2011

Awk command in Linux

root@ubuntu-mrt:/etc/snort/snortrules/rules# ls -ltr | awk '{ print $8 }'

experimental.rules
VRT-License.txt
x11.rules
web-php.rules
web-misc.rules
web-iis.rules

Saturday, August 13, 2011

Friday, August 12, 2011

List of useful URL

IP converstion.

http://www.searchlores.org/sonjas33.htm


Checking a website for Malware

http://www.antihacksecurity.com/scan-a-website-for-virus-malware

http://www.avg.com.au/resources/web-page-scanner/
http://www.virustotal.com/index.html#url-submission
http://siteinspector.comodo.com/

http://www.virustotal.com/
http://virusscan.jotti.org/en

5 steps for analysing Malware

http://zeltser.com/malware-analysis-toolkit/#utilize-online-analysis-tools

Sunday, August 7, 2011

Using dd to aquire Memory or host drive

Acquire Memory:

C:\Tools>dd.exe if=\\.\PhysicalMemory of="E:\images\host1-memoryimage-20110807.dd"
conv=sync,noerror --md5sum --verifymd5 --md5out="E:\images\host1-memoryimage-20110807.dd.md5" --log="E:\images\host1-memoryimage-20110807.dd_audit.log"

Acquire Harddisk

C:\Tools>dd.exe if=\\.\PhysicalDrive0 of="E:\images\host1-diskimage-20110807.dd"
conv=sync,noerror --md5sum --verifymd5 --md5out="E:\images\host1-diskimage-20110807.dd.md5" --log="E:\images\host1-diskimage-20110807.dd_audit.log"

Collecting Contents from Clipboard

We can see what is there in the system Memory with the help of this tool

http://www.nirsoft.net/utils/inside_clipboard.html




Scheduled Tasks

We can use the inbuilt at command.

c:\Tools>at
Status ID   Day                     Time          Command Line
----------------------------------------------------------------------------
        1   Today                   14:05         cmd.exe
        2   Today                   14:05         calc.exe

c:\Tools>tasklist | find "calc"
calc.exe                      1308 Services                   0      3,276 K


We can also use the inbuilt schtasks command.

c:\Tools>schtasks /Query /FO LIST /V

Folder: \
HostName:                             BALA-PC
TaskName:                             \At1
Next Run Time:                        N/A
Status:                               Running
Logon Mode:                           Interactive/Background
Last Run Time:                        07-08-2011 14:05:00
Last Result:                          267009
Author:                               N/A
Task To Run:                          cmd.exe
Start In:                             N/A
Comment:                              N/A
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode, No Start On Batteries
Run As User:                          AtServiceAccount
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        One Time Only
Start Time:                           14:05:00
Start Date:                           07-08-2011
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

HostName:                             BALA-PC
TaskName:                             \At2
Next Run Time:                        N/A
Status:                               Running
Logon Mode:                           Interactive/Background
Last Run Time:                        07-08-2011 14:05:00
Last Result:                          267009
Author:                               N/A
Task To Run:                          calc.exe
Start In:                             N/A
Comment:                              N/A
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode, No Start On Batteries
Run As User:                          AtServiceAccount
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        One Time Only
Start Time:                           14:05:00
Start Date:                           07-08-2011
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled



Determining Open Files

We can see what are all the files which are locally open with the link http://www.nirsoft.net/utils/opened_files_view.html


We can see what are all the files which are remotely open with the link


c:\Tools>net file

ID         Path                                    User name            # Locks

-------------------------------------------------------------------------------
12         C:\\                                    Bala                  0
230        C:\\                                    Bala                  0
233        C:\\Tools                               Bala                  0
689        C:\\Tools                               Bala                  0
The command completed successfully.

http://technet.microsoft.com/en-us/sysinternals/bb897552.aspx

c:\Tools>Psfile.exe

psfile v1.02 - psfile
Copyright ⌐ 2001 Mark Russinovich
Sysinternals

Files opened remotely on BALA-PC:

[12] C:\\
    User:   Bala
    Locks:  0
    Access: Read
[230] C:\\
    User:   Bala
    Locks:  0
    Access: Read
[233] C:\\Tools
    User:   Bala
    Locks:  0
    Access: Read
[689] C:\\Tools
    User:   Bala
    Locks:  0
    Access:

c:\Tools>

We can see all the recently accessed Documentation and Pictures with this command

http://www.nirsoft.net/utils/recent_files_view.html


Collecting Command Prompt History

We can see all the recently entered command in cmd prompt with the following command or F7.

c:\Tools>doskey /history
cls
serviwin.exe
net native start
net start
cls
svcutil.exe
svcutil.exe stop
svcutil.exe STOP

Identify Shares on the infected system
  
c:\Tools>net share

Share name   Resource                        Remark
-----------------------------------------------------------------------------
C$                  C:\                                     Default share
IPC$                                                        Remote IPC
ADMIN$         C:\Windows                      Remote Admin
The command completed successfully.


Finding the Services and Drivers

Often Malware makes itself as a service on the running system.

We can find the services which are running under a process with the command

c:\Tools>tasklist /svc

Image Name                     PID Services
========================= ======== =======
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       380 N/A
csrss.exe                      456 N/A
wininit.exe                    500 N/A
services.exe                   584 N/A
lsass.exe                      600 ProtectedStorage, SamSs
lsm.exe                        608 N/A
svchost.exe                    764 DcomLaunch, PlugPlay
VBoxService.exe                808 VBoxService
svchost.exe                    856 RpcSs
svchost.exe                    892 WinDefend
svchost.exe                   1012 Audiosrv, Dhcp, Eventlog, lmhosts, wscsvc
svchost.exe                   1056 AudioEndpointBuilder, EMDMgmt, Netman,
                                   PcaSvc, SysMain, TabletInputService,
                                   TrkWks, UxSms, WdiSystemHost, WPDBusEnum,
                                   wudfsvc
svchost.exe                   1072 AeLookupSvc, Appinfo, BITS, IKEEXT,
                                   iphlpsvc, LanmanServer, MMCSS, ProfSvc,
                                   RasMan, Schedule, seclogon, SENS,
                                   ShellHWDetection, Themes, Winmgmt, wuauserv
audiodg.exe                   1136 N/A
svchost.exe                   1160 gpsvc
SLsvc.exe                     1180 slsvc
svchost.exe                   1208 EventSystem, FDResPub, LanmanWorkstation,
                                   netprofm, nsi, SLUINotify, SSDPSRV,
                                   SstpSvc, upnphost, W32Time, WebClient
svchost.exe                   1364 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv,
                                   TermService
spoolsv.exe                   1496 Spooler
svchost.exe                   1520 BFE, DPS, MpsSvc
svchost.exe                    280 PolicyAgent
taskeng.exe                    288 N/A
svchost.exe                    648 WerSvc
SearchIndexer.exe             1888 WSearch
csrss.exe                     2500 N/A
winlogon.exe                  2532 N/A
taskeng.exe                   2884 N/A
dwm.exe                       3868 N/A
explorer.exe                  3904 N/A
MSASCui.exe                   3996 N/A
VBoxTray.exe                  4004 N/A
sidebar.exe                   4012 N/A
wuauclt.exe                   3328 N/A
cmd.exe                       3464 N/A
tasklist.exe                  3704 N/A
WmiPrvSE.exe                  2828 N/A

c:\Tools>


We can get a whole list of details from PsService.exe
 http://technet.microsoft.com/en-us/sysinternals/bb897542.aspx
c:\Tools>PsService.exe

PsService v2.24 - Service information and configuration utility
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: AeLookupSvc
DISPLAY_NAME: Application Experience
Processes application compatibility cache requests for applications as they are launched
        TYPE              : 20 WIN32_SHARE_PROCESS
        STATE             : 4  RUNNING
                               (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE   : 0  (0x0)
        SERVICE_EXIT_CODE : 0  (0x0)
        CHECKPOINT        : 0x0
        WAIT_HINT         : 0 ms

SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
        TYPE              : 10 WIN32_OWN_PROCESS
        STATE             : 1  STOPPED
                               (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE   : 1077 (0x435)
        SERVICE_EXIT_CODE : 0  (0x0)
        CHECKPOINT        : 0x0
        WAIT_HINT         : 0 ms

We can also use Serviwin from http://www.nirsoft.net/utils/serviwin.html to get all the details about services.




We can also user servicelist from http://www.pathsolutions.com/support/tools.asp

c:\Tools>ServiceList.exe -t \\bala-pc
Service Name    Display Name    State   Win Own Process Win Shared Process      Kernel Device Driver
File System Driver      Desktop Interactive Process     Start   Stop    Pause   Continue        System
 Shutdown
AeLookupSvc     Application Experience  Running         X                               X       X

ALG     Application Layer Gateway Service       Stopped X

Appinfo Application Information Running         X                               X       X


We can also user a native utility such as.

c:\Tools>net start
These Windows services are started:

   Application Experience
   Application Information
   Background Intelligent Transfer Service
   Base Filtering Engine
   COM+ Event System

We can also user another tool called SvcUtil

http://www.joeware.net/freetools/tools/svcutil/index.htm

c:\Tools>svcutil.exe "Application Experience"

SvcUtil V02.04.00cpp  Joe Richards (joe@joeware.net) June 2005

SERVICE_NAME: AeLookupSvc
DISPLAY NAME: Application Experience
        TYPE                 : 32  WIN32_SHARE_PROCESS
        STATE                : 4  RUNNING
                                  (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE      : 0  (0x0)
        SERVICE_EXIT_CODE    : 0  (0x0)
        CHECKPOINT           : 0x0
        WAIT_HINT            : 0x0

c:\Tools>


We can find details about common Services and functions in the link

http://msdn2.microsoft.com/en-us/library/ms681921
http://www.theeldergeek.com/services_guide.htm#Services
http://msdn2.microsoft.com/en-us/library/ms685942


Drivers
we can see the drives on the system with the help of DriverView from http://www.nirsoft.net/utils/driverview.html

Here all Non-Microsoft Drivers will be highlighted.


This tool does the same thing over Command Line.

http://download.microsoft.com/download/win2000platform/drivers/1.0/NT5/EN-US/drivers.exe

c:\Tools>drivers.exe
  ModuleName    Code    Data     Bss   Paged    Init          LinkDate
------------------------------------------------------------------------------
ntoskrnl.exe  942080  290816       0 1966080  262144  Thu Oct 14 20:08:16 2010
     hal.dll   73728   16384       0   36864   16384  Sat Jan 19 10:57:20 2008
   kdcom.dll    4096    4096       0    4096    4096  Sat Jan 19 13:01:53 2008
mcupdate_GenuineIntel.dll    4096    4096       0  364544    4096  Sat Jan 19 12:59:43 2008
   PSHED.dll   12288   12288       0    8192    8192  Sat Jan 19 13:01:21 2008
 BOOTVID.dll    8192    4096       0       0    4096  Sat Jan 19 12:57:15 2008
    CLFS.SYS   77824   12288       0  131072    8192  Sat Jan 19 10:58:01 2008
      CI.dll  520192  303104       0   61440    4096  Fri Feb 22 10:30:56 2008






Associating Running processes and programs with open ports.

We can find a list of open ports on our machine with the command

c:\Tools>netstat -aon

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       856
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       500
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       1012
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       1072
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       600
  TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING       584
  TCP    10.0.2.15:139          0.0.0.0:0              LISTENING       4
  TCP    [::]:135               [::]:0                 LISTENING       856
  TCP    [::]:445               [::]:0                 LISTENING       4
  TCP    [::]:5357              [::]:0                 LISTENING       4
  TCP    [::]:49152             [::]:0                 LISTENING       500
  TCP    [::]:49153             [::]:0                 LISTENING       1012
  TCP    [::]:49154             [::]:0                 LISTENING       1072
  TCP    [::]:49155             [::]:0                 LISTENING       600
  TCP    [::]:49156             [::]:0                 LISTENING       584
  UDP    0.0.0.0:123            *:*                                    1208
  UDP    0.0.0.0:500            *:*                                    1072
  UDP    0.0.0.0:4500           *:*                                    1072
  UDP    0.0.0.0:5355           *:*                                    1364
  UDP    10.0.2.15:137          *:*                                    4
  UDP    10.0.2.15:138          *:*                                    4
  UDP    10.0.2.15:1900         *:*                                    1208
  UDP    127.0.0.1:1900         *:*                                    1208
  UDP    127.0.0.1:64594        *:*                                    1208
  UDP    [::]:123               *:*                                    1208
  UDP    [::]:500               *:*                                    1072
  UDP    [::1]:1900             *:*                                    1208
  UDP    [::1]:64593            *:*                                    1208
  UDP    [fe80::100:7f:fffe%11]:1900  *:*                                    1208
  UDP    [fe80::2031:52a2:cbee:b0b3%17]:1900  *:*                                    1208

We can find the executable associated with the ports number with the command

c:\Tools>netstat -anb

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  RpcSs
 [svchost.exe]
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING

 Can not obtain ownership information

x: Windows Sockets initialization failed: 5
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING

 Can not obtain ownership information

x: Windows Sockets initialization failed: 5
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING
 [wininit.exe]
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING
  Eventlog
 [svchost.exe]
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING
  Schedule
 [svchost.exe]
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING
 [lsass.exe]
  TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING
 [services.exe]
  TCP    10.0.2.15:139          0.0.0.0:0              LISTENING

 Can not obtain ownership information

x: Windows Sockets initialization failed: 5
  TCP    [::]:135               [::]:0                 LISTENING
  RpcSs
 [svchost.exe]
  TCP    [::]:445               [::]:0                 LISTENING

 Can not obtain ownership information

x: Windows Sockets initialization failed: 5
  TCP    [::]:5357              [::]:0                 LISTENING

 Can not obtain ownership information

x: Windows Sockets initialization failed: 5
  TCP    [::]:49152             [::]:0                 LISTENING
 [wininit.exe]
  TCP    [::]:49153             [::]:0                 LISTENING
  Eventlog
 [svchost.exe]
  TCP    [::]:49154             [::]:0                 LISTENING
  Schedule
 [svchost.exe]
  TCP    [::]:49155             [::]:0                 LISTENING
 [lsass.exe]
  TCP    [::]:49156             [::]:0                 LISTENING
 [services.exe]
  UDP    0.0.0.0:123            *:*
  W32Time
 [svchost.exe]
  UDP    0.0.0.0:500            *:*
  IKEEXT
 [svchost.exe]
  UDP    0.0.0.0:4500           *:*
  IKEEXT
 [svchost.exe]
  UDP    0.0.0.0:5355           *:*
  Dnscache
 [svchost.exe]
  UDP    10.0.2.15:137          *:*

 Can not obtain ownership information

x: Windows Sockets initialization failed: 5
  UDP    10.0.2.15:138          *:*

 Can not obtain ownership information

x: Windows Sockets initialization failed: 5
  UDP    10.0.2.15:1900         *:*
  SSDPSRV
 [svchost.exe]
  UDP    127.0.0.1:1900         *:*
  SSDPSRV
 [svchost.exe]
  UDP    127.0.0.1:64594        *:*
  SSDPSRV
 [svchost.exe]
  UDP    [::]:123               *:*
  W32Time
 [svchost.exe]
  UDP    [::]:500               *:*
  IKEEXT
 [svchost.exe]
  UDP    [::1]:1900             *:*
  SSDPSRV
 [svchost.exe]
  UDP    [::1]:64593            *:*
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::100:7f:fffe%11]:1900  *:*
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::2031:52a2:cbee:b0b3%17]:1900  *:*
  SSDPSRV
 [svchost.exe]

c:\Tools>

We can obtain a similar information from openports http://www.diamondcs.com.au/openports/

c:\Tools>openports.exe -list -path
DiamondCS OpenPorts v1.0  (-? for help)
Copyright (C) 2003, DiamondCS - http://www.diamondcs.com.au/openports/
Free for personal and educational use only. See openports.txt for more details.
_______________________________________________________________________________

SYSTEM [0]
  TCP  0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP  10.0.2.15:139          0.0.0.0:0              LISTENING
  TCP  0.0.0.0:49152          0.0.0.0:0              LISTENING
  TCP  0.0.0.0:49153          0.0.0.0:0              LISTENING
  TCP  0.0.0.0:49154          0.0.0.0:0              LISTENING
  TCP  0.0.0.0:49155          0.0.0.0:0              LISTENING
  TCP  0.0.0.0:49156          0.0.0.0:0              LISTENING
  TCP  0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP  0.0.0.0:5357           0.0.0.0:0              LISTENING
  UDP  0.0.0.0:68             0.0.0.0:0              LISTENING
  UDP  0.0.0.0:123            0.0.0.0:0              LISTENING
  UDP  10.0.2.15:137          0.0.0.0:0              LISTENING
  UDP  10.0.2.15:138          0.0.0.0:0              LISTENING
  UDP  0.0.0.0:500            0.0.0.0:0              LISTENING
  UDP  10.0.2.15:1900         0.0.0.0:0              LISTENING
  UDP  127.0.0.1:1900         0.0.0.0:0              LISTENING
  UDP  0.0.0.0:4500           0.0.0.0:0              LISTENING
  UDP  0.0.0.0:5355           0.0.0.0:0              LISTENING
  UDP  127.0.0.1:64594        0.0.0.0:0              LISTENING

c:\Tools>

http://www.iana.org/assignments/port-numbers

We can obtain a detailed information with CurrPorts from this following link

http://www.nirsoft.net/utils/cports.html




The TCPView utility can also provide the same kind of output.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx


Saturday, August 6, 2011

Airtel

https://ebpp.airtelworld.com/cares/wps/myportal

Python Strings2

#!/usr/bin/python

import string

name = "balasubramaniam natarajan"

#Type "import string" at the python command prompt so that we can manipulate
#strings with greater flexibility.

print name

name = string.upper(name)

print "The string in upper case is :",name

name = string.lower(name)

print "The string in lower case is :",name

print "The string in Capitalization is :", string.capitalize(name)

print "The string in Capwords is :", string.capwords(name)

split = string.split(name)

print split

print "The joined value is :",string.join(split)

******************************************************************************
bala@bala-laptop:~/python$ python 7Stringii.py
balasubramaniam natarajan
The string in upper case is : BALASUBRAMANIAM NATARAJAN
The string in lower case is : balasubramaniam natarajan
The string in Capitalization is : Balasubramaniam natarajan
The string in Capwords is : Balasubramaniam Natarajan
['balasubramaniam', 'natarajan']
The joined value is : balasubramaniam natarajan
bala@bala-laptop:~/python$


Mozilla Firefox contacting fxfeeds.mozilla.com

Crap man my mozilla tries to communicate to fxfeeds.mozilla.com and I did not know it up to now, damn I am deleting that right away.

http://fxfeeds.mozilla.com/en-US/firefox/headlines.xml

http://www.bbc.co.uk/go/rss/int/news/-/news/


Python Strings1

#!/usr/bin/python

name  = "Balasubramaniam Natarajan"
print name
print "The length of the name variable is :", len(name)

#We can print characters forward.

print name[0]

# the colon dentoes through, 0 is the first character we need and 4 is one before the last character.

print name[0:4]

print name[16:25]

#The next line of for loop should be indented if not we would get an error.

for letter in name:
    print letter

name2 = "Revathi Balasubramaniam"

if name == name2:
    print "The two names Match"

bala@bala-laptop:~/python$ python 6Stringi.py
Balasubramaniam Natarajan
The length of the name variable is : 25
B
Bala
Natarajan
B
a
l
a
s
u
b
r
a
m
a
n
i
a
m

N
a
t
a
r
a
j
a
n

Python Standard Input to Python script

#!/usr/bin/python

#Now we will see the Concatination in Python

print "Balasubramaniam", "Natarajan"

#If we want it to print without space

print "Balasubramaniam"+"Natarajan"

#If we want python to print Bala fivetimes

print "Bala\n"*3

# We can get the values from STDIN using the raw_input (for strings) or input (for integer) function.

flname = raw_input("What is your name?")

print "The name you have typed here is :", flname

rupees = input("How much is a liter of water?")

print "One Liter of water cost : RS", rupees

print "So 10 Liters of water would cost : RS", rupees*10

*******************************************************************************
bala@bala-laptop:~/python$ python 5STDIN.py
Balasubramaniam Natarajan
BalasubramaniamNatarajan
Bala
Bala
Bala

What is your name?Bala
The name you have typed here is : Bala
How much is a liter of water?20
One Liter of water cost : RS 20
So 10 Liters of water would cost : RS 200
bala@bala-laptop:~/python$


Python Mathematical Operation

#!/usr/bin/python

#BEMDAS (Brackets, Exponents, Mul, Div, Add, SUB)

print "2 ** 2 = ", 2 ** 2
print "2 ** 2 * 2 = ", 2 ** 2 * 2
print "2 ** 2 * 2 / 2 = ", 2 ** 2 * 2 / 2
print "2 ** 2 * 2 / 2 + 2 = ", 2 ** 2 * 2 / 2 + 2
print "2 ** 2 * 2 / 2 + 2 - 2 = ", 2 ** 2 * 2 / 2 + 2 - 2

#If we need to know the remainder we use the Modulus operator %

print "The answer for 10 / 3 is = ", 10/3, "and the remainder is = ", 10 % 3

*****************************************************************************

bala@bala-laptop:~/python$ python MathOperations.py
2 ** 2 =  4
2 ** 2 * 2 =  8
2 ** 2 * 2 / 2 =  4
2 ** 2 * 2 / 2 + 2 =  6
2 ** 2 * 2 / 2 + 2 - 2 =  4
The answer for 10 / 3 is =  3 and the remainder is =  1
bala@bala-laptop:~/python$

Python Variable

#!/usr/bin/python

message = "Hello Bala"
print "\t", message, "\n"

#END

bala@bala-laptop:~/python$ python variable.py
    Hello Bala

bala@bala-laptop:~/python$

Variables are case sensitive so make sure you are printing the correct variable.

*******************************************************************************

#!/usr/bin/python

#Let us assign a string to a variable product

product = "Hi there how are you?"

print product

#type will tell us what type of variable is product

print "The variable product is of the type \t", type(product)


Int_Ten = 10

print "The variable Int_Ten is of the type \t", type(Int_Ten)

Float_Fifty = 50.00

print "The variable Float_Fifty is of the type \t", type(Float_Fifty)

#The memory location where 50 is stored can by give by a function called ID

print "The memory location of Float_Fifty is \t", id(Float_Fifty)

New_Variable = Float_Fifty

print "The memory location of New_Variable is \t", id(New_Variable)

Float_Fifty = 60.00

print "The mem locatn of Float_Fifty is \t", id(Float_Fifty), Float_Fifty

print "The mem locatn of New_Variable is still \t", id(New_Variable), New_Variable

*******************************************************************************

bala@bala-laptop:~/python$ python variabletype.py
Hi there how are you?
The variable product is of the type    
The variable Int_Ten is of the type    
The variable Float_Fifty is of the type    
The memory location of Float_Fifty is     27887104
The memory location of New_Variable is     27887104
The mem locatn of Float_Fifty is     27887080 60.0
The mem locatn of New_Variable is still     27887104 50.0
bala@bala-laptop:~/python$