Thursday, March 14, 2013

PPT Macro for Formatting multiple slides


Dear All,

Many times we come across situation in which we need to format 100's of slides withing specified amount of time, and doing it manually is really not a smart way thats where macro comes in picture.

Below is sample macro I have written for formatting active slides :

I hope you know how to run macros ;) else you can always take help from Google!!!!!!


Dim myvar As Slide
Dim myvar1 As Shape


For Each myvar In ActivePresentation.Slides
For Each myvar1 In myvar.Shapes


With myvar1
.Left = 50
.Top = 71
.LockAspectRatio = msoFalse
.Height = 410
.Width = 624
.Line.Visible = msoTrue
.Line.ForeColor.RGB = RGB(255, 0, 0)
.Line.Weight = 0.5

 
End With

Next
Next


Above macro will simple change formatting for all active slides ;)

Hope you enjoyed!!

Best Regards,
Girish

Saturday, November 24, 2012

iBall Groovy Bluetooth Neckphone With Mic


Hello Friends,

Just a little Review on iball Groovy .


  1. Effective range : 10 m
  2. Working Time : 6-7 Hours
  3. Supported Profiles : HSP, HFP, A2DP, AVRCP
Pairing with device :

  1. Switch on by pressing power button for 5-6 seconds till alternate RED , BLUE LED blinks , which means you are in Pairing Mode
  2. Search from Laptop Bluetooth Devices > Add a Bluetooth Device > My Device is Setup and ready to find 
  3. It will start Bluetooth device search  , select iBall-Groovy 
  4. Select --> Use Passkey Found in Documentation
  5. For iBall-Groovy passkey is 0000 .
  6. Once done , you need to click on Audio Icon at bottom right 
  7. Click on Devices > Independent (R.T.C.) Headphones (IDT High Defination Audio CODEC)
  8. Unmute selected volume and that should work!!!!

iBall-Groovy Main Pannel

Playback Interface 


Blue LED




  • Simple and Slim design 
  • Nice audio quality 
  • Mic works absolutely fine , with clarity
  • affordable price


I Personally Enjoying iBall Groovy!!!! Your reviews and experience is welcome here , any problems issues it will be nice if all of you can post here, I know this was just a little overview and not a complete analysis

Best Regards,
Girish

Tuesday, November 20, 2012

Squid Proxy Configuration RHEL5

Hello Friends,

Squid is very popular proxy used on Redhat servers , here is little tutorial on configuring sqid , checking squid logs , Hope you will enjoy!

SQUID Configuration :
---------------------------

1. yum install squid*
2. vi /etc/squid/squid.conf

Parameters to configure :
-----------------------------

By Default no machine is allowed to connect proxy server except localhost so need to allow access
to our subnet 192.168.0.0/24 (Need to create acl Step 3)

1. visible_hostname universe.server.com    # universe.server.com is my Servers Hostname
2. http_port 192.168.0.60:8080             # My Servers Ip : 192.168.0.60 , Port 8080
3. acl mylan src 192.168.0.0/255.255.255.0 # mylan is name given to ACL
4. http_access allow mylan
5. http_access deny !mylan
6. Save changes and Exit
7. service squid start

On Client :
---------------
1. Open browser
2. Edit > Preferences > Connection settings > 
3. Manual Proxy Configuration > Http Proxy > 192.168.0.60 , Port 8080

Thats it!!!!
You should be able to browse websites here onwards!!!



Additional Configuration :
-------------------------------
http://www.redhat.com/archives/ext3-users/2010-August/msg00003.html
1. vi /etc/squid/squid.conf
2. cache_dir ufs /var/spool/squid 100 16 256 
Amount of Disk in MB to be used for Caching             : 100
Number of First  Level cache directories to be created  : 16
NUmber of Second Level cache directories to be created  : 256

Default Squid Cache directory  : /var/spool/squid/(16 dirs)/(256 dirs)/(the small files)

'Level-1' is the number of first-level subdirectories which will be created under the 'Directory'--> The default is 16.
'Level-2' is the number of second-level subdirectories which will be created under each first-level directory -->  The default is 256.

Where to check Squid Access Logs ? Who visited XYZ Sites?
-----------------------------------------------------------
Log File : /var/log/squid/access.log
Sample Logs :
---------------
[root@universe squid]# tail -f /var/log/squid/access.log
1350983287.130   2452 192.168.0.254 TCP_MISS/200 83569 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_35.png - DIRECT/125.99.127.201 image/png
1350983287.865   3913 192.168.0.254 TCP_MISS/200 61282 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_31.png - DIRECT/125.99.127.209 image/png
1350983288.327   1746 192.168.0.254 TCP_MISS/200 44226 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_08.png - DIRECT/125.99.127.209 image/png
1350983290.043   1595 192.168.0.254 TCP_MISS/200 22004 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_10.png - DIRECT/125.99.127.201 image/png
1350983290.214   2348 192.168.0.254 TCP_MISS/200 32779 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_26.png - DIRECT/125.99.127.209 image/png
1350983290.553   3932 192.168.0.254 TCP_MISS/200 66018 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_17.png - DIRECT/125.99.127.201 image/png
1350983291.331    777 192.168.0.254 TCP_MISS/200 830 GET http://metrics.htc.com/b/ss/htcww-en-prod,htcglobal-prod/1/H.25.2T/s3457431454036? - DIRECT/66.235.142.3 image/gif
1350983291.525   3197 192.168.0.254 TCP_MISS/200 79093 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_01.png - DIRECT/125.99.127.209 image/png
1350983292.021   1806 192.168.0.254 TCP_MISS/200 32147 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_28.png - DIRECT/125.99.127.209 image/png
1350983292.572   2529 192.168.0.254 TCP_MISS/200 66253 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_19.png - DIRECT/125.99.127.201 image/png

Squid Forensics :
----------------------
http://philosecurity.org/2009/04/19/squid-forensics
Where in cache , file xyz.jpg stored ?
------------------------------------------
grep -r “xyz.jpg” /var/spool/squid/    --> recursively search

Monitoring and Displaying squid logs in a nice fashion, and may then go deeper with searching and reporting functions --> squidview
Squidview Tool   : http://www.rillion.net/squidview/
Sarg tool        : http://sarg.sourceforge.net/sarg.php

Squidview :
---------------
1. wget http://www.rillion.net/squidview/squidview-0.79.tar.gz
2. tar -zxvf squidview-0.79.tar.gz
3. cd squidview-0.79/
4. ./configure
5. make
6. cp Makefile.old Makefile
7. make oldgcc
Launch squidview : ./squidview


Best Regards,
Girish







 

Snort Tutorials

Snort Tutorial :
-------------------

3 Basic Modes :
--------------------
1. Sniffer Mode
2. Packet Logger Mode (Logs Packets to disk)
3. Network Intrusion Detection System (NIDS) , analyze network traffic as per Rules Defined by users.

Sniffer Mode :
------------------
[root@universe rules]# snort -v
10/23-16:53:37.964423 192.168.0.104:22 -> 192.168.0.102:51490
TCP TTL:64 TOS:0x10 ID:9175 IpLen:20 DgmLen:712 DF
***AP*** Seq: 0xE9BBEF63  Ack: 0x7C361CE8  Win: 0x4B60  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2482891 2406025
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/23-16:53:37.964504 192.168.0.104:22 -> 192.168.0.102:51490
TCP TTL:64 TOS:0x10 ID:9176 IpLen:20 DgmLen:360 DF
***AP*** Seq: 0xE9BBF1F7  Ack: 0x7C361CE8  Win: 0x4B60  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2482891 2406025
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


Display packet data + Headers :
---------------------------------
[root@universe rules]# snort -vd
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/23-16:55:25.083474 192.168.0.104:22 -> 192.168.0.102:51490
TCP TTL:64 TOS:0x10 ID:10322 IpLen:20 DgmLen:168 DF
***AP*** Seq: 0xE9C66BA7  Ack: 0x7C364A68  Win: 0x4B60  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2509669 2416736
87 45 00 A3 DC 71 91 72 AE 1E 8B B0 A6 A6 2E 56  .E...q.r.......V
9A 29 BE 45 64 80 28 71 5C 46 02 FF 52 FF 54 8B  .).Ed.(q\F..R.T.
51 39 5D B0 3E 14 BA 5D 99 27 FA 89 D8 0C DC EC  Q9].>..].'......
46 5A 27 29 DB DA E4 20 00 3B 93 3A C6 A4 43 A9  FZ')... .;.:..C.
E9 99 30 EC 69 5B 83 8D 46 9D DF FA C8 93 F9 04  ..0.i[..F.......
A4 02 28 33 4F CF 2D 15 EB 48 1D 55 C7 17 20 2A  ..(3O.-..H.U.. *
F3 58 C7 73 EA A5 2D 3F 66 82 64 F3 AE 76 C3 42  .X.s..-?f.d..v.B
C8 52 A5 88                                      .R..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/23-16:55:25.084084 192.168.0.104:22 -> 192.168.0.102:51490
TCP TTL:64 TOS:0x10 ID:10323 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE9C66C1B  Ack: 0x7C364A68  Win: 0x4B60  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2509669 2416736
46 18 30 B7 BD 5C A8 16 E8 38 87 49 A7 CA DF 6C  F.0..\...8.I...l
AD 79 02 5F 17 A5 AF 17 6D 66 F6 E0 1F 3C 5B F9  .y._....mf...<[.
47 D4 CD 3C 62 03 D6 09 FB B3 B2 F5 4F 10 3C 05  G..34 BA 04 EB 0C EF 2A 7D 79 63 AE 3B AB 22 DE 2E  4.....*}yc.;."..
CE 79 D1 FB                                      .y..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

3 Main Commands :
--------------------
snort -v                 --> Headers
snort -dv                --> Headers + Packet Data
snort -dev               --> Headers + Packet Data + Data Link Layer
snort -dev -l ./log      --> -l for specifying Log Directory
snort -dev -l ./log -h 192.168.0.0/24   --> Log data with specified network range
snort -dev -l ./log -b  --> Binary mode logging
snort -dev -r packet.log --> Read packets with -r switch


Links :
----------
http://seclists.org/snort/2010/q4/533

How to create own snort Rules :
--------------------------------------
SQL Injections are becoming very common attacks on websites , in such cases we can detect attemps on IDS like snort
We need to find signature for most common SQL Injection Queries
Ex.
' or 1=1--  -->  %27+or+1%3D1--
Rule for attack :
--------------------
alert tcp any any -> any any (content:"%27+or+1%3D1--";msg:"Dude Someone is performing SQL INJECTION";sid:1000003;rev:1;)

Content = %27+or+1%3D1--
msg     = Message you want to display
sid     = Unique ID assigned to this rule
sid & rev uniquely identify the rule

Implement Rule in Snort :
-------------------------------
1. vi sqlinjection.rules     (I created this file /etc/snort/rules )
2. alert tcp any any -> any any (content:"%27+or+1%3D1--";msg:"Dude Someone is performing SQL INJECTION";sid:1000003;rev:1;)
3. Save and Exit
4. vi /etc/snort/snort.conf
5. Edit As Below :
   ----------------------------------
   include $RULE_PATH/youtube.rules
   include $RULE_PATH/sqlinjection.rules
   ----------------------------------
   In our case #RULE_PATH = /etc/snort/rules/
6. Save and Exit

7. snort -v -i eth0 -l . -c /etc/snort/snort.conf --snaplen 1518 
-l .             --> Save files in current directory
-c               --> Snort configuration file
--snaplen 1518   -->

8. Execute attack on client machine
 
Snort Output :
-----------------
Action Stats:
     Alerts:            5 (  0.074%)   --> We successfully caught ATTACK!!!
     Logged:            5 (  0.074%)
     Passed:            0 (  0.000%)

9. Check file alert in current directory
[root@universe rules]# pwd
/etc/snort/rules
[root@universe rules]# cat alert
[**] [1:1000003:1] Dude Someone is performing SQL INJECTION [**]
[Priority: 0]
10/23-20:05:06.145217 192.168.0.101:45670 -> 192.168.0.13:8080
TCP TTL:64 TOS:0x0 ID:2665 IpLen:20 DgmLen:332 DF
***AP*** Seq: 0x6564F124  Ack: 0x28B08D67  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 42526540 5354755
[**] [1:1000003:1] Dude Someone is performing SQL INJECTION [**]
[Priority: 0]
10/23-20:05:06.230814 192.168.0.104:28692 -> 220.226.205.30:80
TCP TTL:64 TOS:0x0 ID:41431 IpLen:20 DgmLen:260 DF
***AP*** Seq: 0x29121933  Ack: 0x43B3A536  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5354776 23618074

Now we have All required information about ongoing Attack!!!!


Why we used --snaplen ??
------------------------------
Command : snort -V
My Current Snort version : Version 2.9.0.5
When I use snort without --snaplen option , I was not able to collect alerts , nor any alert file was generated
With reference to : http://seclists.org/snort/2010/q4/533
The IPQ and NFQ DAQs had an internal buffer limitation that is fixed in the latest release.




Will be adding more soon.....

Best Regards,
Girish

Installation Snort IDS for FUN in 2 Minutes

Hello Friends,


As a beginner I struggled to run Snort IDS (Intrusion Detection System) on my Personal  RHEL 5 ,

Its absolutely easy but , was not for me on RHEL 5 especially , due to dependencies.


Snort Download Link                                 : http://www.snort.org/snort-downloads

RHEL5, Cent OS 5.5, or Fedora Core 11 : http://www.snort.org/snort-downloads/rhel5/


My Snort Version : Snort 2.9.0

Linux Kernel        : 2.6.18-8.el5xen

Linux OS             : RHEL 5


I am uploading all required dependencies for snort 2.9.0 here , you need to follow simple steps to install snort in 2 minutes.

After installation comes gr8 part of IDS World!!!!!

Soon will be adding snort tutorials!!!

Best Regards,
Girish





Tuesday, October 9, 2012

Keylogger source code


Hello Friends,

Here I am releasing Simple Keylogger's Source code (Visual Basic) , so that you can use it and create a better future :)

Let me know if you have any queries and questions , its a very basic keylogger , when you start it ,
Keystrokes will be recorded in txt file

Download

For simplicity I have included KEYLOGGER.txt file containing keystrokes with corresponding ASCII code.

Thanks & Regards,
Girish


HP-UX commands


 Hello ,

 It was gr8 experience for me to use HP-UX box , not upto expert level , but at certain comfort !
 While working with HP-UX , I decided to create one small draft of common commands used
 
 Below are Common HP-UX commands with their appropriate output 


HP-UX :
=======

Complete command or filename --> type few characters and press ESC key 2 times

List multiple files starting with "T" -->  type "p" then "ESC" then "="

# cd p

1) pids/
2) probes/


Rexecute command numbers 562 :
==============================

561     cd ..
562     ls
563     hios

[root@fwa-integ02] [/opt/nimbus]
# r 562
ls
bin       niscache  pids      probes    robot     tmp
[root@fwa-integ02] [/opt/nimbus]



Execute Last Command --> ESC + k



To display current baud rate, start/stop bits, parity, flow control, and other information 
==========================================================================================

# stty -a
speed 38400 baud; line = 0;
rows = 24; columns = 80
min = 4; time = 0;
intr = ^C; quit = ^\; erase = ^H; kill = ^U
eof = ^D; eol = ^@; eol2 ; swtch
stop = ^S; start = ^Q; susp ; dsusp
werase ; lnext
-parenb -parodd cs8 -cstopb hupcl cread -clocal -loblk -crts
-ignbrk brkint -ignpar -parmrk -inpck istrip -inlcr -igncr icrnl -iuclc
ixon ixany ixoff -imaxbel -rtsxoff -ctsxon -ienqak
isig icanon -iexten -xcase echo echoe echok -echonl -noflsh
-echoctl -echoprt -echoke -flusho -pendin
opost -olcuc onlcr -ocrnl -onocr -onlret -ofill -ofdel -tostop tab3
[root@fwa-integ02] [/opt/nimbus/bin]



Software removal process logged into /var/adm/sw/swremove.log



Find and remove unused softwares :
==================================

freedisk 


swremove 


Verifying Installed software :
==============================

swremove 

log of the command is recorded in /var/adm/sw/swverify.log



What is Software Depot :
========================

Software depots are places where filesets, products, and bundles are stored. A software depot may a directory on your disk, a CD-ROM, or a tape (DDS, DAT) used for 

distributing software

By default, the software depot directory is /var/spool/sw

(Its like Repository in RHEL , we can add , remove list packages from it.)


HP-UX Patches
==============

Patch Sources
Patches can be obtained using your Web browser through WWW or FTP. The WWW site address is:

http://ITResourceCenter.hp.com

The FTP site address is:

ftp://us-ffs.external.hp.com/hp-ux_patches

You can also order a patch CD-ROM from Hewlett-Packard to obtain a collection of all patches.


CUSTOM PATCH MANAGER
--------------------

This tool is available on the Hewlett-Packard Web site. It can be used to take inventory of existing software installed on your system and suggest needed patches. To 

use the custom patch manager, your system needs to be connected to the Internet and you must have a Personalized System Support Agreement with Hewlett-Packard.


Command patches   : CO
Kernel patches    : KL
Network patches   : NE
Subsystem patches : SS

Some example patch names are:
-----------------------------

PHSS_16473

PHSS_14158

PHCO_15623

PHKL_16189

Usually you need to reboot the system after installing a kernel patch



Check HP-UX Version :
======================

# uname -a
HP-UX fwa-inte B.11.23 U ia64 2745059608 unlimited-user license
[root@fwa-integ02] [/var/spool]
# uname -r
B.11.23


List Installed Patches :
=========================

swlist -l patch


HP-UX Patch Installing :
========================

Obtaining Patches
HP-UX patches are distributed as shar files. When you download a patch from the Hewlett-Packard FTP or Web site, use the sh command to unshar it. For example, to 

download the patch, PHCO_15220


ftp> get PHCO_15220
200 PORT command successful.
150 Opening BINARY mode data connection for PHCO_15220 (46784 bytes).
226 Transfer complete.
46784 bytes received in 1.04 seconds (44.02 Kbytes/s)

Step 1:
-------

After downloading, use the following command to unshar the patch.

$ sh PHCO_15220
x - PHCO_15220.text
x - PHCO_15220.depot [compressed]
$

Step 2:
-------

To add the patch to the /var/spool/sw depot, use this command.

swcopy -s PHCO_15220.depot PHCO_15220 @ /var/spool/sw



Step 3:
-------

swinstall -s /var/spool/sw



Important HP-UX commands :
===========================

swinstall  Install software  
swremove  Remove installed software; also remove software from a depot  
swlist  List installed software or software in a depot  
swcopy  Copy software components to a software depot  
swpackage  Package software in a depot  
swreg  Make a software depot visible to other systems on the network  
swverify  Verify integrity of installed software  
swagentd  SD-UX daemon  
swagent  SD-UX agent  
swacl  Control access to software  
swconfig  Configure installed software  


Default Kernel Configuration 


Find Server Model HP-UX :
==========================

# model
ia64 hp server BL860c



File system Utilization Monitoring :
=====================================

# bdf
Filesystem          kbytes    used   avail %used Mounted on
/dev/vg00/lvol3    1081344  296176  779104   28% /
/dev/vg00/lvol1    1835008  196192 1626112   11% /stand
/dev/vg00/lvol8    8912896 4506360 4372760   51% /var
/dev/vg00/lvol7    8454144 3328056 5086088   40% /usr
/dev/vg16/lvol01   312999936 289737520 21808526   93% /u16
/dev/vg15/u15      314179584 283827012 28455571   91% /u15
/dev/vg14/u14      314179584 288006701 24537156   92% /u14
/dev/vg13/u13      156893184 136963119 18684583   88% /u13
/dev/vg12/u12      156893184 132970698 22427429   86% /u12
/dev/vg11/u11      156893184 142032054 13932411   91% /u11
/dev/vg10/u10      156893184 133122858 22284868   86% /u10
/dev/vg09/u09      156893184 110786172 43225383   72% /u09
/dev/vg08/u08      156893184 81202860 70959740   53% /u08
/dev/vg07/u07      156893184 133755749 21691380   86% /u07
/dev/vg06/u06      156893184 129073047 26081532   83% /u06
/dev/vg05/u05      156893184 114496003 39747382   74% /u05
/dev/vg04/u04      156893184 136765202 18870135   88% /u04
/dev/vg03/u03      104595456 79934663 23119538   78% /u03
/dev/vg02/u02      104595456 89832217 13840545   87% /u02
/dev/vg01/u01      52297728 32247437 18808615   63% /u01
/dev/vg00/lvol4    2097152  140024 1942056    7% /tmp
/dev/vg00/lvol6    11239424 5844128 5353184   52% /opt
/dev/vg00/lvol5    2097152   18488 2065672    1% /home
/dev/vg00/lvol10    131072    1153  121806    1% /appl
[root@fwa-integ02] [/dev]




The timex command is used to report process and system activity. This command can be used to calculate the time used by a command or set of commands. For example, to 

check user and system time used during the execution of the ll /etc command, use the following command.

timex ll /etc

Display Swap Info :
===================

# swapinfo
             Kb      Kb      Kb   PCT  START/      Kb
TYPE      AVAIL    USED    FREE  USED   LIMIT RESERVE  PRI  NAME
dev     8388608       0 8386560    0%       0       -    1  /dev/vg00/lvol2
dev     41943040       0 41932800    0%       0       -    1  /dev/vg00/lvol9
reserve       - 12152220 -12152220
memory  33523432 5185588 28337844   15%



Command to check MAC Address :
===============================

# lanscan
Hardware Station        Crd Hdw   Net-Interface  NM  MAC       HP-DLPI DLPI
Path     Address        In# State NamePPA        ID  Type      Support Mjr#
0/2/2/0  0x002655F377E4 2   UP    lan2 snap2     1   ETHER     Yes     119
0/1/1/0  0x002655F377FE 0   UP    lan0 snap0     2   ETHER     Yes     119
0/1/1/1  0x002655F377FF 1   UP    lan1 snap1     3   ETHER     Yes     119
0/2/2/1  0x002655F377E5 3   UP    lan3 snap3     4   ETHER     Yes     119

Netstat with In/out packets :
============================

#  netstat -in
Name      Mtu  Network         Address         Ipkts   Ierrs Opkts   Oerrs Coll
lan0      1500 10.0.24.0       10.0.24.19     328560185 0     587394030 0     0
lo0       4136 127.0.0.0       127.0.0.1       2602919 0     2602921 0     0


Hope this article will be helpful for you guys.

Best Regards,
Girish