Attackr.com » Developer Portal for web designers, developers and programmers

Setting Up A SSH Trusted Connection & Bash Alias To Speed Up Automated Scripts

Gregory Milby — Wed, 07 Jul 2010 13:19:00 +0000

Need to automate some scripts? Tired of constantly entering ssh user@server.address, then the password? Having a trusted connection can drastically improve productivity if it is used in the correct conditions. If you’re using a public machine, then this is NOT SMART. If you’re using a machine that anyone else has access to, then again, this is not a solution, and shouldn’t be considered as an option.

However, if you have a private machine that you keep secure, and you want to setup some quick access to remote server, setup automatic backup scripts, take snapshots of drive data structures, then this will get you going quick!

Here’s the quick steps to get you on the road to automated scripts:

On your box, generate the ssh public key:

On your box, generate the ssh public key:
ssh-keygen -t dsa
when it asks for a passphrase, just hit return.
go to your home directory, then type, cd .ssh
cat id_dsa.pub – this is the generated ssh key you will give to the remote host.
On the remote host, as username@yourdomain.com
vi .ssh/authorized_keys
insert your ssh public key – the text from the .ssh/id_dsa.pub file on your box
make sure the text you copy is on a single line (it will not work if it’s not on a single line)
verify trusted SSH
In a terminal window type, ssh -Y username@yourdomain.com

If you want to take this one step further, and make it ever ‘faster’, setup an alias in the .bashrc file.

just add this line to your .bashrc in your home dir, and do not forget to close/reopen your terminal after you add this line, or you will not see it work (the config file will not be loaded):

alias home=’ssh username@yourdomain.com’

at the command prompt in terminal (after you’ve remembered to close & reopen it!) is type “home” and hit the enter key.

So, now you can type one word, get to your remote server in seconds rather than hassling through typing out the same info over and over.

One of your first tasks should be to write a backup script to backup your critical files like your .bashrc!

Enjoy,

Need a “Pick-Me-Up?”

No Related Posts

15 Best Of The Best Windows 7 Tips & Tricks

Gregory Milby — Sun, 22 Nov 2009 15:58:56 +0000

Windows 7 has even won the hearts of the opensource crowd (tough bunch to please), and getting the most out of this new version of Windows seems to be something almost everyone is interested in:

Windows 7 may be Microsoft’s most anticipated product ever. It builds on Windows Vista’s positives, and eliminates many of that OS’s negatives. It adds new functionality, too – together in a non-piggish/process UN-intensive package.

1. A useful way to track problems… imagine that? Record Problems. The Problem Steps Recorder (PSR) is a great new feature that helps in troubleshooting a system (see Figure 1). At times, Remote Assistance may not be possible. However, if a person types psr in their Instant Search, it will launch the recorder. Now they can perform the actions needed to recreate the problem and each click will record the screen and the step. They can even add comments. Once complete, the PSR compiles the whole thing into an MHTML file and zips it up so that it can be e-mailed for analysis to the network admin (or family problem solver, depending on how it’s being used).

Figure 1 The Problem Steps Recorder dramatically speeds up troubleshooting. (Click the image for a larger view)

2. Make Training Videos. Use a tool like Camtasia to record short, two to three minute video tutorials to help your users find relocated features, operate the new Taskbar and so forth. Animations are now easily implemented into a web environment with any variety of html/editor tools.

3. “UPGRADES ARE BAD”. Consider Clean Installs. Even when upgrading Windows Vista machines, consider a clean install rather than an in-place upgrade. Yes, it’s more hassle, but it’ll produce a more trouble-free computer in the long run.

4. Find New Tools. Within Control Panel is a single Troubleshooting link that leads you to all of your diagnostic tools on the system. There are additional tools, however, not installed by default. Selecting the “View all” link in the top left-hand corner will help you to see which troubleshooting packs are local and which ones are online. If you find a tool that you don’t have, you can grab it from here.

5. *An amazing benefit if you are a developer or want to see how your projects will be viewed in other operating systems. Understand Virtual Desktop Infrastructure (VDI). Windows 7 plays an important role in Microsoft’s VDI strategy, where virtualized Windows 7 machines are hosted on a central virtualization server using a special blanket “Enterprise Centralized Desktop” license. Read up and figure out if you can take advantage of this new strategy.

6. Get Snippy (better than Snag-it/Hyperionics hypersnap, imho). The snipping tool has also been around in various incarnations but it’s even easier to use in Windows 7. Launch the tool, then drag and drop any part of your screen. The tool will snip the selection. You can save it as a graphic file or annotate with basic drawing tools. Teach your end users how to use this tool so they can grab the snapshots of their problems and send them to the help desk. Or create your own library of visual notes or drag into outlook for quick details that only can be more easily explained with an image.

7. Click & Drool Administrator. Windows 7 makes it easy to gain admin rights with a keyboard shortcut. Click on Ctrl+Shift on a taskbar-locked icon, and voila! You’ve launched it with appropriate admin rights.

8. Burn Discs with a Click. Or two; double-click an ISO file to burn it to your CD or DVD writer (*Really, 1 click….).

9. Configure User Account Control (UAC). Even if you’re a UAC hater, give it another try. Go to the Control Panel to configure its behavior to something slightly less obnoxious than what Windows Vista had, and see if you can’t live with the extra protection it offers.

10. Simplify Cloned Machine Setups. You can’t run Sysinternals’ newsid utility to change the identity of a cloned Windows 7 machine (either a virtual machine or imaged PC). Instead, create a template installation then run sysprep /oobe /generalize /reboot /shutdown /unattend:scriptfile. Clone or copy this virtual machine file. When it launches, it will get a new SID and you can fill in the name. The reference for building unattended script files is at tinyurl.com/winunattend.

11. Manage Passwords. Control Panel includes a new application called Credential Manager. This may appear to be a completely new tool that allows you to save your credentials (usernames and passwords) for Web sites you log into and other resources you connect to (such as other systems). Those credentials are saved in the Windows Vault, which can be backed up and restored. However, you might see this as similar to a tool we have in XP and Vista. From the Instant Search, type in control /userpasswords2 and you will be brought to the Advanced User Accounts Control Panel, where you can also manage passwords for your account.

The Credential Manager provides a handy, secure place to store passwords.

12. Analyze Processes. One of the coolest new features in the revamped Resource Monitor (resmon) is the ability to see the “wait chain traversal.” An unresponsive process will be shown in red in the Resource Monitor; right-click the process and choose Analyze Process. This will show the threads in the process and see who holds the resources that are holding up the process itself. You can then kill that part of the process if you like.

13. Create Virtual Worlds. Virtualization capability has been added to the Disk Management tools. If you open Computer Management, go to the Disk Manager tool and then click the Action button at top, you will see the options Create VHD and/or Attach VHD. This allows you to create and mount a virtual hard drive directly from within the GUI. Note: With Windows 7 you even have the ability to boot a Windows 7 VHD.

Windows 7 adds a great deal of virtualization support, including the ability to create and attach virtual hard drives from the GUI.

14. Encrypt USB Sticks. Use BitLocker To Go. Maybe you’ve managed to never misplace or lose a USB key, but for the rest of us mere mortals, it’s a fact of life. Most of the time it’s no big deal, but what if it contains sensitive data? BitLocker To Go enables you to encrypt data on removable storage devices with a password or a digital certificate stored on a smart card.

15. The 14 Best Windows 7 Keyboard Shortcuts

The Windows key now performs a wide variety of functions. Here are a handful of the most useful ones:
Win+h – Move current window to full screen
Win+i – Restore current full screen window to normal size or minimize current window if not full screen
Win+Shift+arrow – Move current window to alternate screen
Win+D – Minimize all windows and show the desktop
Win+E – Launch Explorer with Computer as the focus
Win+F – Launch a search window
Win+G – Cycle through gadgets
Win+L – Lock the desktop
Win+M – Minimize the current window
Win+R – Open the Run window
Win+T – Cycle through task bar opening Aero Peek for each running item
Win+U – Open the Ease of Use center
Win+Space – Aero Peek the desktop
Ctrl+Win+Tab – Open persistent task selection window, roll mouse over each icon to preview item and minimize others

Don’t forget to enter the Antispyware Give-away for December 2009!
Two lucky winners have won a free professional license of Superantispyware!

If you liked this post, please follow me on Twitter

—–Ammendment—

I found a complete list of shortcuts for Win7 – 99 Windows 7 Shortcuts

this list was mined from http://www.7tutorials.com/biggest-library-windows-7-shortcuts they seem to have several great no non-sense tutorials regarding windows 7

No Related Posts

Free Software Give-Away – Enter Today!

Gregory Milby — Wed, 09 Sep 2009 22:35:58 +0000

Anyone who knows me, knows that I do not endorse many things, and the things I endorse are usually freeware or opensource. Despite my warnings, my wife and all of our friends & family use windows as their primary operating system. Yours truly is the designated help desk for any and all emergencies.
During the past 4 years (that’s about 20+ virus & trojan emergencies [per year]), I stumbled across a product that actually works as described. It’s rare to find something that completely works, but I’ve yet to find anything malware, spyware, trojan issue that this software cannot handle – COMPLETELY HANDLE and REMOVE.

During some conversations with the Marketing Director (Mike Duncan), we decided to share the experience by offering a free PROFESSIONAL license for the product – which carries a life time subscription (hence, no surprises later). We will be awarding one license per month for the next three months. You need to enter each month in order to be eligible. If you would like to register for a chance to win one of the free lifetime license keys – click on the following link:

Enter The SUPERANTISPYWARE Give-Away

The best part is that you can try this software for free, “NOW” and they even offer a free version. The free version offers some limited features & does not offer the proactive features, but it still will removes ALL of the malware, spyware, and trojans. It just will not self-update, run 24/7/365 and do scheduled scans/remove all the bad things automatically like the professional version does.
If you decide to try the freeware version, there is no nagware – no aggrivating things asking for your information/etc. Either way you’ll be pleasantly surprised at the experience, and more importantly you’ll be shocked at what it finds & removes from your system.

Follow Me On Twitter!

====Ammendment====
Congrat’s to Jonathan Pereira our final SuperAntiSpyware Pro License winner for December 2009!
Need a RELIABLE Web Host?

No Related Posts

Geo Caching For Fun & Profit (a.k.a How to find your arse with a funnel script)

Gregory Milby — Tue, 26 May 2009 13:18:22 +0000

www.syrbot.com – when you visit the site it should say, “Thanks for visiting from ______ . This can be a critical component since you could ideally store the information from this visit in a database, recording exact zip code regions that your are targeting your marketing to.
If you have any intention of selling advertising, this can be good ammunition to show that you know who your audience is – where they’re located and their demographic profile.
To get an idea of how many variables are available about the person browsing your web page – look at this test page for syrbot.com: Test Page.
The first part of the test page is the geo caching element (finding out where you are, the apache var’s profile you as to which os you’re using, resolution and on and on. All critical info when you want to find out who you’re designing your site for. Knowing if your visitors are all using handheld devices would be a critical piece of knowledge – especially if you think you need to have a heavy flash site or graphic rich site. You could make all your customers happy by trimming the site down to streamlined graphics and mostly text arranged in a friendly format for a tiny pocket pc or iphone/palm browser.
It’s an easy argument to stress the importance of keeping up with who you are serving your pages to.
Please leave a comment if you know of any uses for geo caching/etc that would be useful to other people. A stronger point is to have ammunition when assisting a client with assessing their needs. Here is a good link if you want to keep tabs on a good thread for how to get started with geo caching. The link is updated periodically – mostly questions, but some time saving advice if you can read between the lines.

Dare I Dream of Becomming Bigger Than Craigs List?

How to prevent both users and bots from registering using image verification

niemi — Mon, 24 Nov 2008 10:00:06 +0000

So I’ve been thinking a while about joining Yahoo’s excellent answers site. You know, thinking about all the big questions in life like “which shoe-size does almighty Google Larry use” and “where can I bury my dead pixels”.

Registering for Yahoo

As far as I can remember I’ve never used Yahoo for anything. I AM the Google generation. Walking across the road, joining the darker side, was a scary thought, but when I saw the short registering procedure I calmed down.

The way they have set up their registering procedure is just about as good as it could get.

As you can see everything is where you expect it to be, divided into chunks like “Tell us about yourself…” and “Select an ID and password”. Even the less web savvy users might think “voilÃ this is done in 30 seconds”. And they would be right if it wasn’t for that #¤%)/(&=#087AAARGH”#(¤¤//!!…

Freaking spam protection!

I had used only one or two minutes entering my personal information, even choosing a decent account name. Everything went my way just until now. I saw the image representation of something that might look like text. Skewed, distorted, blurred.

Now you say, where have you been? Never seen that kind of spam protection before? Yes I have. Several times. And usually I don’t even think about it. This time I had plenty of time to think about. I just couldn’t get it right.

For example, what letters to the image above represent? If you guessed z7neG6Bz you would have been wrong. I never had a second chance, because now a new image was presented. Impossible to read. The third was even worse. Now at my fourth try I was sure I couldn’t be wrong. I probably wasn’t, but because I had typed in some wrong characters just before Yahoo had thrashed my password. So instead of accepting my, assumingly correct interpretation of the letters, I had re-type my password and then interpret yet another image.

For a moment let’s leave my Yahoo story and have a look at some other examples.

Examples of good and bad image verification

Example 2, 3. – http://google.com/

These examples are pretty similar to my Yahoo experience. The letters are skewed and the tracking (space between each letter) is set to about -150. It is, at best, very hard to guess the letters.

Example 1. – http://flatpanels.dk/

In this example from http://flatpanels.dk the letters are not skewed and the tracking is increased to make it easier to separate one letter from another. Instead a hefty grain filter has been applied. This makes it hard for machines to decode, but users without serious visual disabilities should not have any problems. The letters placement is vertically inconsistent, again this should make the bots have a hard time, but users can easily overcome this hurtle.

Conclusion

We see that Google and Yahoo uses the same hard-to-breakdown image-verification method. The image is very hard to interpret for both machines and real users. They have to do something about those nasty abusive bots, but when it happens at the cost of usability the battle against the machines has been lost.

Back to the Yahoo story. Yes, I did succeed after several tries. Not all the letters were hard to guess, but a image verification method is not good enough if only some of the images produced are readable. Back to the drawing board Yang and Page!

How Secure Are You Really?

Karen — Tue, 23 Sep 2008 17:28:33 +0000

At the end of August this year right before I was to move, I got a very rude awakening. I was searching for an mp3 for a personal project and I accidently clicked on an attack site containing nasty malware. At the time, I was using ZoneAlarm and an alert popped up to allow svchost.exe access.

Now, normally I deny all ZoneAlarm program alerts I don’t recognize as something I want to give access to, but I was really tired that night, and my hand actually twitched and I clicked accept! Honestly, I did not want to click that but it happened! And the next thing you know, my desktop was hijacked, my browsers were hijacked, and it took me almost a week to get rid of this malicious trojan – the AntiVirus XP 2008 trojan, a rogue anti-spyware program. This trojan takes over your hosts file, your desktop, your browsers, and who knows what else. It was nasty!

Now, if a web-savy techie, geeky, internet consultant/marketer like me – who’s been online making a living since 1997 – can get infected accidently by malware or viruses, etc., can you imagine what’s happening to most people who aren’t so savy and have no idea they even have spyware or malware on their computers? They are mostly using Intenet Explorer and if they are not getting regular Windows updates on patch Tuesdays and if they are not using a proper firewall with proper browser settings and tools, or updated antivirus software, then they are very vulnerable and at risk.

Good old Microsoft Windows and Intenet Explorer is so full of security leaks. Ah, but Internet Explorer is not the only browser at risk anymore. Because of the huge popularity of Firefox, it is vulnerable too. I was using Firefox 3 when I got attacked. In fact, 3 of my browsers got hijacked: Internet Explorer 7, Firefox 3 amd Opera 9.52. Luckily Netscape 8 was not affected and I was able to find solutions to get rid of the problem.

Now I use a really good Firefox add-on called NoScript . I enable scripts at sites I trust, only. I have a better firewall and I do regular port scans using SheildsUp at Gibson Research. I am just more vigilant about updating my anti-virus/anti-spyware programs. I can only suggest that you do the same.

The Internet is wonderful most of the time, thank goodness. Just make Intenet security a priority and you’re good to go.

Enjoy the ride!

Crack Windows Passwords

Sean — Sun, 17 Jun 2007 17:13:31 +0000

Have you ever tried to log into a Windows computer for a few minutes and you finally realize that you forgot the password?

There’s a way to crack the password and it doesn’t involve reformatting and reinstalling Windows.

The solution is called @stake LC4 (formerly L0phtCrack), however since Symantec stopped development of L0phtcrack, I’m going to let you in on a program called LC5.

Just like L0phtCrack, LC5 attacks your Windows machine with a combination of dictionary and brute force attacks.

LC5 can crack almost all common passwords in seconds. More advanced passwords with numbers and characters takes longer.

The main purpose of the LCP program is user account passwords auditing and recovery in Windows NT/2000/XP.

I haven’t tested it against Windows Vista yet, so I’m not sure if it will work. Your mileage may very either way.

How it works:

Windows NT, 2000 and XP passwords are stored as encrypted hash marks. LC5 attacks these hash marks with hundreds of passwords per minute.

Eventually the correct password will be sent and then displayed to the screen.

Good intentions:

System administrators can find weak passwords within minutes. Sys admins can then change the passwords to make them more secure.
LC5 can be used to access computers of users who forget passwords.
In companies, it can be used to access computers of employees who have left the company.

Bad intentions:

Hackers can use LC5 to sniff passwords over networks.
Hackers can install this application onto a primary domain controller and steal hundreds of passwords within minutes.

Please note that I am not the author of this software. Be advised that if you use this software, you do so at your own risk without any warranty expresses or implied by Geek With Laptop.

Download LC5 (v5.04):

English version (with installer) – 2.29 MB
English version (without installer, ZIP) – 1.86 MB
English version (without installer, RAR) – 1.66 MB

Software License: LCP is a freeware program. The program may be distributed under condition of saving all files contents and structure of installation package.

Cross-site Scripting

graystatic — Wed, 06 Jun 2007 05:28:57 +0000

With all the buzz about web 2.0 and the growing open source community the importance of security is sometimes forgotten. When you want something cool and snazzy for your site and you find a open source solution, it’s easy to install the app on your site and forget about it. When the app, tool, forum, or whatever is so easy to set up, it’s easy to not think about testing it or updating it with security patches.

Cross-site scripting is a very relevant security problem on the web today. One of the big parts of web 2.0 is user interaction. That is where the problem can happen when a server takes user input and redisplays it. If the code taking the users input doesn’t properly validate it before the script uses it.

If a user were to put in certain script tags into a forum entry form and the data was not checked before being redisplayed, that forum could potentially run the script in somebody’s browser that just views the page the data was posted to.

Another example is a login form. If the input data is directly used, without validation, in a database query, someone could purposely input commands that your server would then execute.

This might not seem so bad, who cares if a little guestbook or forum app on your site is hacked, but this is a potentially big problem. One bad form on one page of your site could make your whole server vulnerable. One vulnerable could also make your database, which may run the rest of your site, vulnerable.

So how can you make sure your site is secure? VALIDATE, VALIDATE, and VALIDATE, make sure you validate all potentially malicious input data. Also make sure you check for updates. The security of your entire site could depend on it. Nobody is above being attacked. Some famous examples include big names such as MySpace and CBS News. For more real-world examples visit Wikipedia.

Popup Blockers

kirby145 — Fri, 02 Feb 2007 16:07:52 +0000

Popups are a major pain and internet security risk. They jump out and get in your way when you are browsing. Due to the use of popup blockers, many sites have stopped using them.

However, there are sites with popups. These sites often tend to be on the bad side. Anyway, let’s look at popup blocking.

To begin, most modern browsers come equipped with popup blockers, or it can be made in the settings. For Internet Explorer6 and 7, go under tools>turn on popup blocker. From here I suggest you turn it on to high and if you are using ie6 turn off the annoying information bar and popup sounds. Please note the high setting requires you to press control+click to open a new window, but you will get used to it and it is worth it to block the annoying ads.

In other browsers such az Mozilla Firefox and Opera, popups are automatically blocked (usually). As mentioned earlier you can edit these settings by certain browser types.

Finally, if you think this is too complicated or it won’t work for you, just go download the Google toolbar. It has a popup blocker and it’s better to trust Google than any other toolbar maker. This blocker is great and the toolbar is handy.

Stop popups today- Set up your browser.

Attackr.com » Developer Portal for web designers, developers and programmers

Setting Up A SSH Trusted Connection & Bash Alias To Speed Up Automated Scripts

Related Posts:

15 Best Of The Best Windows 7 Tips & Tricks

Related Posts:

Free Software Give-Away – Enter Today!

Enter The SUPERANTISPYWARE Give-Away

Follow Me On Twitter!

Related Posts:

Geo Caching For Fun & Profit (a.k.a How to find your arse with a funnel script)

Related Posts:

How to prevent both users and bots from registering using image verification

Registering for Yahoo

Freaking spam protection!

Examples of good and bad image verification

Conclusion

Related Posts:

How Secure Are You Really?

Related Posts:

Crack Windows Passwords

Related Posts:

Cross-site Scripting

Related Posts:

Popup Blockers

Related Posts: