linux user without password – just press enter to destroy everything ;-)

Saturday, 25. January 2014

i would definitely NOT RECOMMEND this but if you must do it..  here is a way to do it 

 

open a terminal…

sudo nano -B /etc/shadow

This will open the /etc/shadow file (the one that contains all the passwords) in a text editor called Nano.

Once you have it open, find the appropriate line for the account in question. It’ll look something like this:

guest:$1$2TUdk8Z0$tb2Fn6Idgo8dq9EgYv4xZ0:13721:0:99999:7:::

Change the second part (in bold here) to match this second part (also in bold):

guest:U6aMy0wojraho:13721:0:99999:7:::

Then save the file (Control-X, Y, Enter).

hide the cashew (kde plasma)

Thursday, 23. January 2014

hide the cashew 

i know that aaron seigo wouldn’t like this very much but if you are smart enough to NOT disable the rightclick on the desktop and NOT disable the run command interface while removing all the panels.. you could remove the cashew without ending up with an unconfigurable desktop..

how to remove the cashew? 

sudo chmod 600 /usr/lib/kde4/plasma_toolbox_desktoptoolbox.so

this will last until the next plasma update that touches this file.. (unless you make it immutable)
but it’s a oneliner.. just do it again after the update 🙂

KDE SC | Plasma KIOSK Framework – far from perfect but functional

Friday, 13. December 2013

Did you install a kde-centric distribution on your parents pc? do you want to set up an internet terminal in a public area or in your office and you are tired of being called because a toolbar or an important widget has suddenly disappeared ?

the solution seems easy..  lock down plasma-desktop !

there is one preferred way to do so..  the kiosk framework

http://techbase.kde.org/KDE_System_Administration/Kiosk/Keys

 

Create a file called  /etc/kde4/kdeglobals (or add your options to ~/.kde/share/config/kdeglobals) and write something like the following in it:  (there was a GUI for that in development but it seems dead by now)

[KDE Action Restrictions][$i]
action/lock_screen=false #hide rightclick unlock option
movable_toolbars=false #lock toolbars
run_command=false #disable krunner (alt-f2)
action/run_command=false #disable krunner (rightclick)
plasma-desktop/add_activities=false # not working right now
action/kwin_rmb=false # disable kwin context menu
action/logout=false # disable logout option
plasma/containment_actions=false
plasma/containment_context_menu=false
plasma/allow_configure_when_locked=false #no rightclick on plasmoids
plasma/plasma-desktop/unlockedDesktop=false #this is new

The [$i] will make the whole section immutable – that means it will not be overwritten by any user config-files read afterwards. (the given example will remove the lock-screen option, disable the run-command interface (krunner), lock application toolbars and (maybe in the future) disable the add activities feature, also the option to remove the logout entry and completely disable the context menu on kwin’s titlebar is working in 4.11  yay!!!)

 ____________________________________________________

Unfortunately some of the options in the kiosk documentation (especially the plasma specific ones) are not up2date therefore you will not be able to lock down plasma completely (at least not right now) but there is another solution to lock down plasma and make the “unlock widgets” entry disappear !

just write a single [$i] in the first line of  ~/.kde/share/config/plasma-desktop-appletsrc  -and- ~/.kde/share/config/plasma-desktoprc this will make the whole file immutable and hide the unlock widgets context menu entry.

Of course [$i] can be used to lock down specific widgets(sections) or just single options like height or width of the folder view widget for example.

Be aware that anybody who knows how to find those config files is still able to alter them e.g. remove the [$i]! 

In order to secure the desktop completely you’ll have to copy those files  to /etc/kde4  and go one step further…. disable rightclick on the plasma desktop containment: rightclick on the desktop – Mouse Actions – remove “Right-Button”

 ____________________________________________________

It is really hard to lock linux/plasma down..  there are still several ways to get control of the system when you know your way around keyboard shortcuts..  you could change to a new tty for example.. or just invoke any suitable keyboard shortcut. In my special case there is actually no need for a keyboard so i managed to lock down almost everything …  only the cashew with it’s “add activities” feature remains..  since there is no reliable way to remove the cashew and no way to remove the activities feature this leaves plenty of space to mess around with the desktop and make it unusable for the next user at the KIOSK PC.   (activities can be added but interestingly you can’t remove them afterwards in the locked state ^^)

 for now the only way i found to restrict everything was to remove the cashew completely by setting the rights of the cashew library to forbidden:

sudo chmod 600 /usr/lib/kde4/plasma_toolbox_desktoptoolbox.so 

 

So after all i got this totally locked down system where the only thing a user is allowed to do is to start one single task ( a unique one click live-linux-usb installer based on kubuntu 😉  http://life-edu.eu/

 

With a keyboard attached i’m able to administer the complete system thx to “krunner” (the only shortcut left alive) and with the two scripts i wrote, “desktop-lock” and “desktop-unlock”, im able to toggle the KIOSK mode in seconds ^^

make-life1

 

KIOSK.zip  (bash scripts – you should know what you are doing)

 

 

 

 

 

Owncloud 6/7 with User Self Registration

Saturday, 23. November 2013

 

This Post is outdated!

Please use this Owncloud Application for owncloud 9 and higher!

thx
______________________________

On my school everyone is using some sort of cloud storage nowadays. there’s skydrive, googledrive, icloud and of course dropbox.  So i thought i’ll give them ONE cloud where they can share easily with each other and are in full control of their data.  There’s only one little problem. i don’t want to create 700-1000 accounts for students and teachers so it was clear that the users need to be able to register by themselves. it is enough work to delete all the accounts of dropouts and graduates anyway 🙂

since this feature is not implemented i decided to search the internet and i found a 4 months old ‘sort of functional’ implementation of the user “pellaeon” on github in a subtree (linked on mailing lists and forums).

i found out what is needed to make it work, fixed a lot of php bugs (introduced new ones ^^), CSS’ed it to fit in, ported it to owncloud 6 and added the option to filter “trusted” networks and only allow one registration per email address.

 

well there it is 🙂

registration (72KB zip)

(this file is containing the /registration/ folder – you can forget about the other files – they are for reference and information only)

 

loginemailcreate account

 

How To Install

1.) get OC 7

 https://owncloud.org/install/

 

2.) do not configure OC or create an admin user before finishing step 4 !

to install this on finalized installation you could always add the database table
‘pending_regist’ manually with an sqlite editor or phpmyadmin

3.) copy /registration/ folder into /core/ ( /core/registration/ )

4.) append table “pending_regist” to /db_structure.xml     ( right before the </database> closing tag )

<table>
<name>*dbprefix*pending_regist</name>
<declaration>
<field>
<name>email</name>
<type>text</type>
<default></default>
<notnull>true</notnull>
<length>64</length>
</field>
<field>
<name>token</name>
<type>text</type>
<default></default>
<notnull>false</notnull>
<length>256</length>
</field>
<field>
<name>requested</name>
<type>integer</type>
<default></default>
<notnull>true</notnull>
</field>
<index>
<name>pending_regist_pKey</name>
<primary>true</primary>
<field>
<name>requested</name>
<sorting>descending</sorting>
</field>
</index>
</declaration>
</table>

5.) append the following $classpath to /core/routes.php    ( last line )

OC::$CLASSPATH[‘OC_Core_Registration_Controller’] = ‘core/registration/controller.php’;
$this->create(‘core_registration_index’, ‘/register/’)
->get()
->action(‘OC_Core_Registration_Controller’, ‘index’);
$this->create(‘core_registration_send_email’, ‘/register/’)
->post()
->action(‘OC_Core_Registration_Controller’, ‘sendEmail’);
$this->create(‘core_registration_register_form’, ‘/register/verify/{token}’)
->get()
->action(‘OC_Core_Registration_Controller’, ‘registerForm’);
$this->create(‘core_registration_create_account’, ‘/register/verify/{token}’)
->post()
->action(‘OC_Core_Registration_Controller’, ‘createAccount’);

6.) append the following php code to /core/templates/login.php  ( last line )

require_once(‘core/registration/ip.php’);
if(fnmatch(“$iprange”, $_SERVER[‘REMOTE_ADDR’])){
$reglink = OC_Helper::linkToRoute(‘core_registration_index’);
echo “<p class=’info’> new to owncloud? <a href=’$reglink’ target=’_blank’> register! </a></p>”;
return;
}

 

7.) configure OC – create admin user (database with the new tables will be created)

8.) create a group for the new users called “selfregistered”

9.) logout

10.) give it a try

11.) change the value of $iprange in ‘core/registration/ip.php’ to your needs

wildcards allowed !
*    (everyone is allowed to register)
10.* ( registration is only available from local area network 10.xxx.xxx.xxx)
10.1.2.* (only subnet is allowed to register)

 

this is definitely an experiment. i’m no owncloud developer and i don’t have enough sparetime for doing it “right” (as owncloud APP for example)

the original creator stopped working on this 8 months ago so this is probably the best you can get right now..  if finally someone found the time to implement this as app – please let me know.. (email in the about.txt)

glhf

 

Passwörter knacken mit John The Ripper

Sunday, 17. November 2013

1) Download JTR.

http://www.openwall.com/john/

 

Download:

John the Ripper 1.8.0 (Unix – sources, tar.xz, 4.3 MB)

John the Ripper 1.8.x extra charset files archive (tar.xz, 4.5 MB)

 

 

2) Entpacken

tar -xzf john-1.8.0.tar.gz
tax -xzf john-extra.tar.xz

(copy contents of john-extra to john-1.8.0/run)

 

3) Kompilieren

cd john-1.8.0
cd src
make
make clean generic
 
cd ../run
./john (see info)

 

4) Verschlüsseltes Testpasswort erstellen (und in crackme.txt datei schreiben)

md5pass haus > crackme.txt
 
cat crackme.txt
$1$XLnBo3PA$KcSl0SOrz.fn0FLiTFfS.1

 

5) passwort knacken mit wordlist

./john --wordlist:password.lst crackme.txt

 

(Die Datei password.lst dient als passwort Wörterbuch. Umso mehr Einträge in dieser Datei zu finden sind umso höher die Chance das Passwort zu knacken. Man kann diese simple Textdatei selber beliebig erweitern)

 

6) passwort knacken – bruteforce (dauert sehr lange, probiert selbsttätig verschiedenste kombinationen aus und hängt nicht von einem wörterbuch ab)

./john -incremental:alpha crackme.txt (only letters)
./john -incremental:digits crackme.txt (only numbers)
./john -incremental:all crackme.txt (all characters)

 

7) Gefundene Passwörter anzeigen

john -show crackme.txt

 

8) Rainbowtables verwenden:

http://project-rainbowcrack.com/

 

http://de.wikipedia.org/wiki/Rainbow_Table

 

 

Create *ubuntu LIVE-USB from the command line

Thursday, 14. November 2013

You can hack usb-creator to do this.  (special thx to  Jay _silly_evarlast_ Wren who wrote about this at askubuntu.com)

You should already have a single vfat partition as partition 1 on the usb device and it should be marked bootable.

You could do this with a simple shellscript:

SDX="/dev/sdb"
sudo sfdisk -R $SDX
sudo sfdisk $SDX -D -uM << EOF
,4000
,2400
,;
EOF
sleep 4
sudo sfdisk $SDX -A 2
sudo sfdisk --id $SDX 2 b
sudo sfdisk -R $SDX
sudo mkfs.vfat -F 32 -n winshare ${SDX}1
sudo mkfs.vfat -F 32 -n system ${SDX}2
sudo mkfs.ext4 -L casper-rw ${SDX}3
sleep 1
sudo sfdisk -R $SDX

(this would create 3 partitions on sdb (winshare/system/casper-rw) casper-rw would come in place if you chose to add persistent to the syslinux.cfg file and store all the changes and  “system” would be the bootable installation target (sdb2) – winshare speaks for itself)

Next, we will get usb-creator python code to assist us. (we need bzr to get the sourcecode)

$ sudo apt-get install bzr

then…

$ bzr branch lp:usb-creator

create a file with this content and name it usb-creator-cli, place this file in the usb-creator directory (root of bzr branch)

#!/usr/bin/env python
from __future__ import print_function
from usbcreator.misc import sane_path, setup_gettext, setup_logging, text_type

from usbcreator.install import install

sane_path()
setup_logging()
setup_gettext()

#/dev/sdb1 should be mounted on /mnt
#iso should be mounted to /iso

dev = '/dev/sdb2' source = '/iso' target = '/mnt' ugh = install(source, target, False, device=dev) ugh.success = print ugh.failure = print ugh.progress = print ugh.progress_message = print ugh.progress_pulse = print ugh.progress_pulse_stop = print ugh.retry = print ugh.run()

Make it executeable

$ chmod +x usb-creator-cli

Now mount your iso to /iso and mount your usb device to /mnt

$ sudo mkdir /iso ; sudo mount ubuntu-server-12.10-amd64.iso /iso
$ sudo mount /dev/sdb1 /mnt

If you want very verbose messages at your console you can tail ~/.cache/usb-creator.log

$ tail -f ~/.cache/usb-creator.log &

Now run that usb-creator-cli script

$ sudo ./usb-creator-cli

And watch all the messages scroll by.

When you return to the prompt, don’t forget to unmount /mnt before you yank your usb storage device.

 

 

how to start a simple (temporary) webserver in current directory (with php support)

Sunday, 10. November 2013

With python 2.4 and later you can use the SimpleHTTPServer module like this

python -m SimpleHTTPServer [port]

This will start a HTTP server on port 8000 (if no port is specified) serving the files and directories which are in the current working dir.

for Python 3 use

 

python -m http.server [port]

 

If you need the web server to parse php files you should use the php webserver instead of the python webserver:

php -S 127.0.0.1:80 

Dsniff / Arpspoof HowTo

Saturday, 2. November 2013

 

This is a direct copy of  http://failshell.io/hacking/dsniff-howto/

Thank you for this neat howto!

 

Requirements

  • dsniff
  • arpspoof
  • the IP of your gateway
  • Linux machine (BSD would work too)
  • Enable IP forwarding (VERY IMPORTANT)

dsniff/arpspoof website

NOTE: On Debian/Ubuntu systems, both tools are packaged under ‘dsniff’.

Get your gateway’s IP

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.255.251.0    0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
0.0.0.0         10.255.251.1    0.0.0.0         UG    0      0        0 br0

In this case, it would be 10.255.251.1.

Enable IP forwarding

Linux

# echo 1 > /proc/sys/net/ipv4/ip_forward

To make it permanent, add this line to /etc/sysctl.confnet.ipv4.ip_forward = 1

NOTE: If you don’t do this, no one will be able to use the network as your machine will refuse to forward packets to the gateway. You have been warned!

Arpspoof

This will make the clients on the network believe that your computer is the gateway. So make sure you enabled forwarding.

# arspoof 10.255.251.1

dsniff

This tool will sniff the traffic for unencrypted login and passwords. When it finds one, it will print it to stdout.

# dsniff -i br0 -mc

WARNING

Make sure you’re authorized to do this, because in many countries, that could be seen as hacking and/or spying. Laws differ in every country, but the results are often jail.

Share Internet Connection from GNU/Linux Systems

Saturday, 2. November 2013

this is a direct copy of http://saikatbasak.com/share-internet-connection/  Thank you for this neat howto!

_________________________ 

Now, here we have,

A computer connected to the Internet via the eth0 port (if you have a mobile broadband it would be ppp0).

We want to share the connection via the eth1 port of the same computer.

What we need,

We need basic networking utilities that is, in most cases, comes pre-installed in your GNU/Linux distribution (iptablesifconfig to be precise).

Yes, we do need some Lan Cables (Crossover cable) to share the connection via the eth1 port of the above mentioned computer.

So, let us begin. Connect your computer to the Internet. If u have a dhcp connection you may use dhclient or dhcpcd. Just do, as root, ‘dhclient eth0′, without the quotes. For connecting to mobile broadband you may use wvdial.

Flush iptables rules:

# iptables -F
# iptables -t nat -F
# iptables -t mangle -F
# iptables -X
# iptables -t nat -X
# iptables -t mangle -X

Enable kernel routing mode:

# echo 1 > /proc/sys/net/ipv4/ip_forward

Also, you can make ip forward permanent by editing /etc/sysctl.conf and set net.ipv4.ip_forward = 1

Setup eth1:

# ifconfig eth1 10.10.10.1 netmask 255.255.255.0
# ifconfig eth1 up

( you may consider using a different ip address)

Set iptables rules for port forwarding:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

That’s it. Now connect one end of the cable to the eth1 port of your server. Connect the other end to any computer or device such as a router or a switch.

Client side configuration example:

Ip address: 10.10.10.2
netmask: 255.255.255.0
gateway: 10.10.10.1
DNS server address: Same as the server (you may also use Google DNS or any other DNS of your preference)

# ifconfig eth0 10.10.10.2 netmask 255.255.255.0
# ifconfig eth0 up
# route add default gw 10.10.10.1 eth0
# echo "nameserver 8.8.8.8" > /etc/resolv.conf

Happy surfing.

 

____________________-

KDE SC – KMix – Change Volume Percentage Step and add Audio Feedback

Sunday, 31. March 2013

While hovering over the KMix systray-icon using the mousewheel will increase (or decrease) the volume by min. 12% .. so the sound volume becomes “just too loud” or “just too soft”

The following change in the KMix config file will change that behaviour. The mouse wheel (or volume buttons) will increase the volume by approximately 4% instead of 12% after the change.

  1. Stop KMix  (right-click on the kmix icon in the systray and select “exit”)
  2. Edit the config file ( nano ~/.kde/share/config/kmixrc )
  3. Add the following line to the [Global] section:   VolumePercentageStep=1.2
  4. Set the value for VolumeFeedback to true
  5. Save the config file
  6. Start KMix
  7. Enjoy your fine granied KMix control with audible feedback! 

thx to eric hameleers for the percentage step – tip 🙂

 

EDIT:   (audiofeedback)

or.. you can just enable the audio feedback in the GUI 🙂

 

kmix