Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 9 years ago.
Improve this question
How do I go about figuring out the manual commands being run by things like nmap and aircrack? In other words, I want to figure out exactly what commands are being run in the background that we can't see, the commands that are being automated by these programs information. A google search of "manually portscan without nmap" only leads to links about automating nmap scans.
So for example, if I ran the command: nmap -sS 192.168.1.*, what is actually happening behind the scenes? How would I do the same thing manually? Thanks.
For open source tools like nmap, your best bet is to download the source code yourself,
then step through it (conceptually, or with the aid of a debugger) to see exactly what the program is doing. If you're lucky, there will be helpful comments in the source.
If you don't have access to the source code, you can use system call tracing tools
(for example, strace on Linux), which can give you some hints about what is going on "under the hood" (e.g. which files or sockets are being opened).
More likely these are issuing operating system calls, not things easily invoked manually.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have program that I need to run and then see how much resources it uses in unix by using top command. But I don't know how to do it because if i run it from command line I cant use top command till program is finished and vice versa. How can I do it. I tried doing:
sleep 10s
top
./myProgram
But its not working
Open two terminals; run your program in one terminal and top in another.
If you're in a graphical environment, you can just start the terminal a second time.
If you're on the text-only console, you can switch between terminals using Ctrl-Alt-F1..F6 (possibly more) or Alt-Left/Right.
If you connect via SSH, just open multiple terminal sessions in your SSH client.
(Also, I'd hint to use htop instead of top, but you may need to install it first.)
In case your program is too short-lived to show up on top/htop, you might need to run it using Valgrind.
Open two terminals one for running top, and run your program in the other.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
How to restrict specific commands (for example "kill") in Linux for the specific local user?
I am trying to restrict the "kill" command.
this is not possible.
(unless you patch then recompile your Linux kernel; see also kernelnewbies.org; another possibility might be to code your own Unix shell - see also chsh(1) and passwd(5) - or patch and improve an existing open source shell such as GNU bash or zsh to forbid using the kill(1) command. Be then however aware of Rice's theorem).
As documented, the kill(1) command uses the kill(2) system call. Read also of course sigaction(2), syscalls(2), signal(7) and signal-safety(7) and Advanced Linux Programming
Any advanced Linux user could download or recompile (using GCC) his equivalent of the kill(1) command (or use e.g. some interpreter like Python or Guile doing so). You might configure his/her $PATH variable (see environ(7) and exec(3)...) to make more difficult the accidental use of the kill(1) command, but there is No silver bullet since your user could run /bin/kill in his/her terminal. Read also a good operating system textbook.
Look for inspiration into the source code of existing open source software (also use strace(1) and gdb(1) to understand their dynamic behavior), such as Qt, GNU bash,
RefPerSys, FLTK, POCO, GNU make, etc and many others on github or gitlab.
So you need to design your solution in the dual way: properly implement (perhaps with signalfd(2) used with poll(2)...) a good enough signal handler.
Read also credentials(7), namespaces(7), pid_namespaces(7), capabilities(7) and consider using carefully setuid techniques in your software stack.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
I am a IT Security student and I have to write a paper about a vulnerability in a real life case. I chose a small application that allows to create icons under Windows, which is vulnerable to a stack buffer overflow.
I've already had to do manipulations on exercise scripts (injecting shell code into a script that can be used in the Linux command line, etc.) but never on a real application.
Is it possible for you to help me to use the vulnerability to carry out some kind of "attack" or to execute a program function not supposed to be executed at that moment?
I didn't try to reverse the code yet, I will try to find where the program is storing the long string I use to make it crash, the size of the memory for this variable and the return address.
I found this app when trying to find a vulnerable app on Vulnerability Lab : https://www.vulnerability-lab.com/get_content.php?id=1609
You can also download the app from this link (the vulnerability is still present in the last version): http://www.aha-soft.com/iconlover/
PS : I've only been studying IT Security for a year and a half, so I am a beginner. Sorry if there are some mistakes in my text, I am french. This is one of my first post on this forum, I hope I did it well.
There are already ready made exploits to do what you are asking for iconlover. see here. The script forces the application to open up calculator.exe which indicates a very severe security issue.
You can modify the given shellcode for RCE or to execute malicious programs (assuming you already have some form of access to the target system.)
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've often seen tech tutorials in which I'm supposed to open a terminal per program/process where actually I feel no need for doing so (no output on terminals, no termination via terminal etc.), and instead I can run all programs background with & at the end. Is there still advantages / technical reasons for using multiple terminals?
(not versatile at all but an example is this tutorial)
It is probably largely because it's easier to explain that than it is to explain how to start a program in the background. A part may also be that instructions use something like "export X=something" and they don't want to cause problems for another process later on, that may not behave as expected from this.
But generally, you can just use one terminal window, or one terminal with several tabs, if you prefer that solution. Different people have different ideas of "the right way to do things" - as long as it works as expected and every time, it's not a huge issue which way you do it.
Aside from envirnonment variables, I don't see any technical reason to have multiple terminals.
commands that you run on the terminal will use the same terminal (stdout) to flush info/warning or error messages. You can run all those commands in background if you want, like you said using & but then it gets difficult to keep track of any messages that those programs may produce. everything will be displayed on same console.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm looking for a tool that will tell me what my keyboard is sending to the operating system when i push different keys.
This is to help me answer this question How to get Cmd-left/right working with iTerm2 and Vim (without requiring .vimrc changes)? which has me trying to figure out why Vim treats my iTerm2 mapping of Cmd-left to Escape-[H differently from Home.
I tried unix's read, and it says that Home and Cmd-left both produce "^[[H". I'm hoping that read is misleading me, and that some other tool will show how Home and Cmd-left are different (note: when I say, Cmd-left in this paragraph, it is when iTerm2's mapping is turned on).
Thanks!
You're doing all this in a terminal, right?
I'm afraid you're not going to do much better than read (my preferred approach is to do cat > file, type, press ^D, and then look at the file in a hex editor).
With regard to the underlying question, it's worth hunting for options in your terminal emulator. Right now it's emulating a terminal which doesn't distinguish between HOME and CMD+LEFT. It may be possible to tell it to emulate a different terminal, which does.