Category Archives: Kompai

Viskas apie kompus

(!COPY!) How to Hack wifi (and how to avoid being hacked) WEP/WPA/WPA2 (!COPY!)

This guide is meant to show how easy it is to hack wireless networks if the proper security measures are not in place. First I will show how to hack a WEP or WPA/WPA2 Network and then I will give tips on how to avoid getting hacked.

This is important information in our techno-savy culture. If your wireless network is compromised you can be liable for any illegal activity on it. There are numerous stories of child pornographers and black-hat hackers using other peoples wireless networks.

NOTE: Hacking your neighbors or anyone else’s Wifi without their permission is ILLEGAL. Be smart!
Step 1What you Need

-A Computer. (A Laptop works best)

-A Wireless Card capable of packet injection.
-If your laptop wireless card can’t do packet injection you can purchase a wireless adapter such as the Netgear WG111 v2 for around $8-$12 on eBay.

-A Live installation of BackTrack either on a CD or USB stick.
-BackTrack 5 Can be found Here
-Create a Live USB Install Here
Step 2Hack WEP

WEP is the predecessor of WPA and has been hacked for the past 5+ years yet people continue to use it. With the instructions below we can crack WEP in under 15 minutes.

You can crack WEP from the command line but there is an easy GUI interface in backtrack which makes it a much less painful experience for those who are scared of command prompts.

1. Boot into BackTrack

2. Click on the Backtrack applications menu -> Backtrack -> Exploitation tools -> Wireless exploitation -> WLAN Exploitation -> gerix-wifi-cracker-ng (This will open up the GUI interface seen in the picture).

3. Go to the configuration menu and select the wireless interface wlan0
-Click on Enable/Disable Monitor Mode (this will put the wireless card into monitor mode).
-Select the newly created mon0 interface.

4. Now click on the WEP tab at the top of the window.
-Click on “Start sniffing and logging” and leave the terminal open.
-Once the wireless network you want to crack* shows up (it has to be WEP encryption of course) select the WEP Attacks (with clients). *note that the PWR has to be high enough to work so the closer you can get, the better.
-There you click on “Associate with AP using fake auth”, wait a few seconds and click on “ARP request replay”.

5. Once the Data number reaches over 10,000 you are ready to try (if the data is coming fast wait until 20 or 30,000 to be safe) and crack the key, but don’t close any windows yet.
-Go to the cracking tab and click on “Aircrack-ng – Decrypt WEP password” under Wep Cracking.

It will take a few seconds to minutes to crack the password and then you are good to go.
Step 3Hack WPA/WPA2

At least WPA and WPA2 are safe right? Wrong. WPA and WPA2 are both crackable but the time it takes to crack depends on the strength of their password.

-Boot into BackTrack
-Open up Konsole which is a command line utility built into BackTrack. It is the Black Box in the Lower-Left Hand Corner (See Image).
We will now be entering the following commands into the command line noted by Bold as well as explanations as to what they do:

-The following commands stop the wireless interface so you can change your mac address, this is important because your mac address is a unique identifier so faking one is a good idea if you are accessing a network you don’t have permission to. (which by the way I wholly condemn)

airmon-ng stop wlan0
ifconfig wlan0 down
macchanger –mac 00:11:22:33:44:55 wlan0
airmon-ng start wlan0

-Now we will put the airodump-ng tool into monitor mode, this will allow us to see all of the wireless networks around us (See the first Picture).

airodump-ng mon0

Now choose the network you want to hack and take note of the BSSID, and the Channel it is one as well as the ESSID. The PWR has to be fairly high to be able to hack it, this is determined by how close you are to the wireless router. The closer you are, the better.

Once you have chosen the wireless network enter the following into the terminal:
This will write capture packets and put them into the “filename” file, we are trying to capture the handshake between the router and wireless connection which will give us the key we need to crack.

airodump-ng mon0 –channel * –bssid **:**:**:**:**:** -w filename

The following step is optional but is highly recommended as it will speed up the process a great deal.

Once “WPA handshake: **:**:**:**:**:**” appears in the top right-hand corner we can move on. If you are having trouble getting the WPA handshake to occur then do step 4.

aireplay-ng -0 1 -a **:**:**:**:**:** -c **:**:**:**:**:** mon0

What this step (4) does is it deauthorizes a wireless connection and trie to re-establish it so it will generate a new handshake to capture. This step ends once you have captured the handshake.

aircrack-ng –w wordlist.lst -b **:**:**:**:**:** filename.cap

Step 5 is now trying to crack the password in “filename.cap” using a list of words, here called “wordlist.lst” you can download a good 200 million word dictionary here (128MB but unzipped is 800MB).

Your computer has to compute the hash value of every password in that list but a computer can go through those 200 million passwords in 6-12 hours.


If the password isn’t found in the dictionary you can try and brute-force the password with this command: (Note this could take a very long time depending on their password strength).

/pentest/password/jtr/john –stdout –incremental:all | aircrack-ng -b **:**:**:**:**:** -w – filename.cap
Step 4Secure Your Own Wireless Network

Hopefully you gained some insight into how to not get your own wireless connection hacked:

1. Use WPA2 (WPA2-AES) if available and by all means never use WEP.
2. Don’t base your password on a dictionary word. The next section focuses on passwords in general.
3. In your router settings you can usually hide your ESSID (the name of the wireless network) this will add a small layer of security.
4. In your router there is probably a mac-address filtering service where you can specify the mac addresses that are allowed to connect. This will make sure that only your approved devices can connect to your network. (obviously a problem though if you have a guest over and wants to connect to your Wifi).
Step 5Passwords

You have to have good passwords in this day and age. If not your credit card information, your personal information and identity are available to those who want to use it and abuse it. Here are some guidelines to coming up with a secure password:

1. At least 8 characters.
2. At least one number, letter and special character ie: $ # % ^ @ !
3. NOT based on a dictionary word
4. Multiple transitions: ie: aaa111aaa111 not aaaa11111.

How can I remember these passwords?

Come up with a word such as: calculus and substitute numbers and other characters for letters ie: c@1cu1u$
This is still based on a dictionary word though so you should still make it harder such as appending something to the end or beginning.

I also highly recommend using a different password for every website, how can you do this easily? Remember random variables in algebra? Have a random variable in your password that is based on the website or some other information.

IE: XpasswordY where the first X is the last letter of the website name and the last Y is the first letter of the website name:

So the Instructables website password would be SpasswordI or your Facebook password would be KpasswordF and your Hotmail password will be LpasswordH.

It might seem like a lot but it’s worth the time to prevent the potential theft of your money, identity and your life ruined.

External Link:

How to Hack wifi (and how to avoid being hacked) WEP/WPA/WPA2

SNMP reikšmės

snmpwalk -v2c -O n -c local . #- uptime
snmpwalk -v2c -O n -c local . #- uptime
snmpwalk -v2c -O n -c local . # – TCP listenning ir uzmegstos sesijos.
snmpwalk -v2c -O n -c local . #- Total disk space
snmpwalk -v2c -O n -c local . #- Disk Used
snmpwalk -v2c -O n -c local . #- Disk Reads ir writes: Linux only
snmpwalk -v2c -O n -c local . #- Total size of the disk/partion (kBytes): Linux Only
snmpwalk -v2c -O n -c local . #- Available space on the disk: Linux Only
snmpwalk -v2c -O n -c local . #- Used space on the disk: Linux Only
snmpwalk -v2c -O n -c local . #- Percentage of space used on disk: Linux Only
snmpwalk -v2c -O n -c local . #- Percentage of inodes used on disk: Linux Only
snmpwalk -v2c -O n -c local . #- Procesai veikiantys
snmpwalk -v2c -O n -c local . #- Procesai maks

Išorinė medžiaga: HOST RESOURCES MIB

NTP (Network Time Protocol) ir ntpdate


Dažnai susiduriate su problema, kad jūsų kompiuterio laikrodis rodo vieną laiką, namie esantys laikrodžiai rodo kitą laiką, kiek šiuo metu laiko, sužinoti, tampa ganėtinai sunku, anksčiau buvo telefono numeris, kuriuo paskambinus buvo pasakomas laikas… Jei turite interneto prieigą, tai galite užeiti į kokį puslapį… Bet ar ten rodo gerą laiką? Net jei ir puslapis yra iš Lietuvos ir Lietuvių kalba, ir skirtas Lietuvos auditoriai (lankytojams) vistiek, puslapio rodomas laikas gali sutapti su Jūsų kompiuterio rodomu laiku, nes galimi du variantai, Jūsų kompiuteris rodo tikslų laiką, arba Tiesiog puslapis nesivargina, o um parodo Jūsų kompiuteryje rodomą laiką… 🙂 Dauguma tinklapių kūrėju mano, kad Jūsų kompiuteris rodo Jums priimtiną laiką… Kaipgi dabar užtikrinti, kad Jūsų kompiuteris taip elgtųsi… Paprasta, Jei naudojame Linux:


Jei Windows, atidarykite komandinę eilutę, Paspaudus „Windows“ prekinį ženklą atsiradusio meniu apačioje, įvesties laukely, įraūykite cmd Jei tokio įvesties laukelio nėra, spauskite Run ir atsiradusiame lange įrašykite cmd. Dabar beliko pridėti:

w32tm /config /syncfromflags:manual /,,,
net time /setsntp:"" Kažkaip taip… 🙂

Bash File Testing

Bash File Testing
-b filename Block special file
-c filename Special character file
-d directoryname Check for directory existence
-e filename Check for file existence
-f filename Check for regular file existence not a directory
-G filename Check if file exists and is owned by effective group ID.
-g filename true if file exists and is set-group-id.
-k filename Sticky bit
-L filename Symbolic link
-O filename True if file exists and is owned by the effective user id.
-r filename Check if file is a readable
-S filename Check if file is socket
-s filename Check if file is nonzero size
-u filename Check if file set-ser-id bit is set
-w filename Check if file is writable
-x filename Check if file is executable

Atviras kodas bei jo svarba nūdienos visuomenėje

Video: Atviras kodas bei jo svarba nūdienos visuomenėje

Prezentacija: Atviras kodas bei jo svarba nūdienos visuomenėje

Prezentacija (Atviras kodas bei jo svarba nūdienos visuomenėje) su public RW teisėmis

Creative Commons Licence
Atviras kodas bei jo svarba nudienos visuomeneje by Ruslanas Gžibovskis is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
Based on a work at
Permissions beyond the scope of this license may be available at

meta tagai HTML’e

Sveiki, radau toki straipsniuką, kur išrašyti visi meta htmltag’o parametriukai.

Atributas Šaltinis Apibūdinimas
Allow rfc1945 Gives allowed http methods
Alternates rfc2068 List alternate representations
Bulletin-Date Lotus Date, e.g. 1997-03-24 15:57
Bulletin-Text Lotus Document description
Cache-Control rfc2068 Directives to cacheing mechanisms
Content-Base rfc2068 Specify base URL for entity
Content-Disposition rfc2183 Specify content handler (Microsoft)
Content-Encoding rfc1945 Gives compression scheme
Content-language rfc1945 Natural Language of document
Content-Length rfc1945 Size of body in bytes
Content-Location rfc2068 Resource location for entity
Content-MD5 rfc2068 MD5 digest of entity body
Content-Range rfc2068 Range of partial response
Content-Script-Type html40 Specifies default scripting language
Content-Style-Type html40 Specifies default style sheet language
Content-Type rfc1945 Media type
Content-type rfc1945
Content-Version rfc2068 Version tag of evolving entity
Date rfc1945 Date message originated (HTTP format)
Default-Style html40 Set preferred style sheet
Derived-From rfc2068 Version tag of previous version
ETag rfc2068 Entity tag for resource identification
Expires rfc1945 Expiry date of document (HTTP date format)
Ext-cache Netscape Alternate cache path
Instance-Delegate SHOE Pointer to Ontology Key
Instance-Key SHOE Ontology Key
Last-Modified rfc1945 Date resource was last changed
Link rfc1945 Relationship to other resources
Location rfc1945 URL of resource
MIME-Version rfc1945 May indicate MIME-compliance. Ignore.
Page-Enter MSIE 4 Sets page entry transistion
Page-Exit MSIE 4 Sets page exit transistion
PICS-Label PICS Document content labelling
Pragma rfc1945 no-cache prevents cacheing
Public rfc2068 List of supported methods by server
Range rfc2068 Specify subrange (bytes)
Refresh Netscape Delay till browser reloads (optional URL)
Server rfc1945 Gives information about server
Set-Cookie Netscape Sets cookie value
Site-Enter MSIE 4 Sets site entry transistion
Site-Exit MSIE 4 Sets site exit transistion
Title rfc1945 Title of entity (obsoleted in rfc2068)
Transfer-Encoding rfc2068 Specify transfer (cf. entity) encoding
URI rfc1945 URIs by which resource is located. (obsoleted in rfc2068)
Vary rfc2068 Specify that request was selected from alternates (e.g. different languages)
Via rfc2068 Generated by gateways
Warning rfc2068 Warning about cache problems, etc.
Window-target Netscape Specify target window of current document OpenSSH Root user account restriction – revisited – Lietuviškai


– čia pateikiamas tik vertimas!

Jei norite leisti prisijungti root naudotojui per SSH tik iš vieno IP, o kitiems naudotojams iš betkur kitur. Tokį sprendimą galime realizuoti per PAM autentifikacijos modulius. Naudosime pam_access PAM modulį, kuris naudojamas prieigos valdymui. Šis suteikia galimybę kontroliuoti prisijungimus atsižvelgiant į:

  • Naudotojo prisijungimo vardą (Login names)
  • Kompą ar domeną (Host or domain names)
  • IP ar IP tinklas (Internet addresses or network IP numbers)
  • Terminal line names etc

Kam naudojam pam_access?

Prie serverio gali reikėti prisijungti iš betkurio tinkle esančio kompiuterio. taigi turime pasirūpinti gera prieigos kontrole, naudojant OpenSSH servisą.

Kaip susikonfiguruoti pam_access?

Reikės keisti šiuos failiukus:

  1. /etc/pam.d/sshd
  2. Linux PAM konfiguracinis failas.

  3. /etc/security/access.conf
  4. Taisyklių paėmimui pagal nutylėjimą yra naudojamas šis failas.

Kai kasnors jungiasi, perbėgama per 2 bylos turinį ir jei yra sutapimas įvykdoma taisyklė. Mes galime nurodyti, ar priimti tokį prisijungimą ar atmesti. sintaksė: permission : username: origins kur:
permission : Teisių laukelis “+” (prieiga suteikiama) ar “-” (prieiga atšaukiama)
username : Linux sisteminis naudotojas (username)/login‘as (root ir kiti). Galima nurodyti ir grupės vardą. Arba galima nurodyti specialų trumpinį: ALL (Jei norime, kad tai būtų skirta visiems).
origins : Čia pateikiamas sąrašas terminalo langų, kompo vardų, IP adresų, domenų, kurie prasideda . ar specialų trumpinį ALL ar LOCAL

Visų pirma, kad tolesni pakeitimai veiktų reikia įjungti pam_access palaikymą byloje /etc/pam.d/sshd:

# vi /etc/pam.d/sshd
# Papildome eilute:
account required

Išsaugome ir uždarome.

Tarkime norime leisti naudotojam root ir lpic prisijungti tik iš IP adreso

Atidarome bylą: /etc/security/access.conf su root’o teisėmis:

# vi /etc/security/access.conf
# Papildome eilute:
-: ALL EXCEPT root lpic:

Išsaugome bylą.

Dabar SSH leis prisijungimus naudotojų root ir lpic tik iš IP adreso. Jei naudotojas root ir lpic bandys jungtis iš kito IP adreso, jiems parašys: ‘Connection closed by’ ir error pranešimu turėtų būti papildytas Jūsų žurnaliukas (log’as):

# tailf /var/log/message
Feb 20 19:02:39 hostname pam_access[2091]: access denied for user `lpic' from `'

Kur, jau kaip ir minėjau
Beje, jei įrašėte savo naudotojo vardą ir išsaugojote… VISOS TAISYKLĖS taikomos IŠKART po IŠSAUGOJIMO /etc/security/access.conf bylos! Būkite atsargūs!

Daugiau pavyzdukų:

a) Kartais reiktų sukurti taisykles, kurios leistų prisijungti visiems išskyrus rootbetkur, o root tik iš localhost:

# ar
-:root:ALL EXCEPT localhost

b) Deny network and local login to all users except for user root and vivek:

-:ALL EXCEPT root vivek:ALL

c) Tik iš leisti prisijungti root naudotoju:

+ : root :

Pastebėjimas: taip galime leisti ir drausti jungtis visoms tarnyboms, kurios naudoja PAM, pvz.: ftpd, telnet ir t.t.

P.S. + : root : yyy.yyy.yyy.yyy
- : root : ALL