alias Create an alias • apropos Search Help manual pages (man -k) apt-get Search for and install software packages Debian/Ubuntu aptitude Search for and install software packages Debian/Ubuntu aspell Spell Checker awk Find and Replace text, database sort/validate/index b basename Strip directory and suffix from filenames bash GNU Bourne-Again SHell bc Arbitrary precision calculator language bg Send to background break Exit from a loop • builtin Run a shell builtin bzip2 Compress or decompress named file(s) c cal Display a calendar case Conditionally perform a command cat Concatenate and print (display) the content of files cd Change Directory cfdisk Partition table manipulator for Linux chgrp Change group ownership chmod Change access permissions chown Change file owner and group chroot Run a command with a different root directory chkconfig System services (runlevel) cksum Print CRC checksum and byte counts clear Clear terminal screen cmp Compare two files comm Compare two sorted files line by line command Run a command - ignoring shell functions • continue Resume the next iteration of a loop • cp Copy one or more files to another location cron Daemon to execute scheduled commands crontab Schedule a command to run at a later time csplit Split a file into context-determined pieces cut Divide a file into several parts d date Display or change the date & time dc Desk Calculator dd Convert and copy a file, write disk headers, boot records ddrescue Data recovery tool declare Declare variables and give them attributes • df Display free disk space diff Display the differences between two files diff3 Show differences among three files dig DNS lookup dir Briefly list directory contents dircolors Colour setup for `ls' dirname Convert a full pathname to just a path dirs Display list of remembered directories dmesg Print kernel & driver messages du Estimate file space usage e echo Display message on screen • egrep Search file(s) for lines that match an extended expression eject Eject removable media enable Enable and disable builtin shell commands • env Environment variables ethtool Ethernet card settings eval Evaluate several commands/arguments exec Execute a command exit Exit the shell expect Automate arbitrary applications accessed over a terminal expand Convert tabs to spaces export Set an environment variable expr Evaluate expressions f false Do nothing, unsuccessfully fdformat Low-level format a floppy disk fdisk Partition table manipulator for Linux fg Send job to foreground fgrep Search file(s) for lines that match a fixed string file Determine file type find Search for files that meet a desired criteria fmt Reformat paragraph text fold Wrap text to fit a specified width. for Expand words, and execute commands format Format disks or tapes free Display memory usage fsck File system consistency check and repair ftp File Transfer Protocol function Define Function Macros fuser Identify/kill the process that is accessing a file g gawk Find and Replace text within file(s) getopts Parse positional parameters grep Search file(s) for lines that match a given pattern groupadd Add a user security group groupdel Delete a group groupmod Modify a group groups Print group names a user is in gzip Compress or decompress named file(s) h hash Remember the full pathname of a name argument head Output the first part of file(s) help Display help for a built-in command • history Command History hostname Print or set system name i iconv Convert the character set of a file id Print user and group id's if Conditionally perform a command ifconfig Configure a network interface ifdown Stop a network interface ifup Start a network interface up import Capture an X server screen and save the image to file install Copy files and set attributes j jobs List active jobs • join Join lines on a common field k kill Stop a process from running killall Kill processes by name l less Display output one screen at a time let Perform arithmetic on shell variables • ln Create a symbolic link to a file local Create variables • locate Find files logname Print current login name logout Exit a login shell • look Display lines beginning with a given string lpc Line printer control program lpr Off line print lprint Print a file lprintd Abort a print job lprintq List the print queue lprm Remove jobs from the print queue ls List information about file(s) lsof List open files m make Recompile a group of programs man Help manual mkdir Create new folder(s) mkfifo Make FIFOs (named pipes) mkisofs Create an hybrid ISO9660/JOLIET/HFS filesystem mknod Make block or character special files more Display output one screen at a time mount Mount a file system mtools Manipulate MS-DOS files mtr Network diagnostics (traceroute/ping) mv Move or rename files or directories mmv Mass Move and rename (files) n netstat Networking information nice Set the priority of a command or job nl Number lines and write files nohup Run a command immune to hangups notify-send Send desktop notifications nslookup Query Internet name servers interactively o open Open a file in its default application op Operator access p passwd Modify a user password paste Merge lines of files pathchk Check file name portability ping Test a network connection pkill Stop processes from running popd Restore the previous value of the current directory pr Prepare files for printing printcap Printer capability database printenv Print environment variables printf Format and print data • ps Process status pushd Save and then change the current directory pwd Print Working Directory q quota Display disk usage and limits quotacheck Scan a file system for disk usage quotactl Set disk quotas r ram ram disk device rcp Copy files between two machines read Read a line from standard input • readarray Read from stdin into an array variable • readonly Mark variables/functions as readonly reboot Reboot the system rename Rename files renice Alter priority of running processes remsync Synchronize remote files via email return Exit a shell function rev Reverse lines of a file rm Remove files rmdir Remove folder(s) rsync Remote file copy (Synchronize file trees) s screen Multiplex terminal, run remote shells via ssh scp Secure copy (remote file copy) sdiff Merge two files interactively sed Stream Editor select Accept keyboard input seq Print numeric sequences set Manipulate shell variables and functions sftp Secure File Transfer Program shift Shift positional parameters shopt Shell Options shutdown Shutdown or restart linux sleep Delay for a specified time slocate Find files sort Sort text files source Run commands from a file `.' split Split a file into fixed-size pieces ssh Secure Shell client (remote login program) strace Trace system calls and signals su Substitute user identity sudo Execute a command as another user sum Print a checksum for a file suspend Suspend execution of this shell • symlink Make a new name for a file sync Synchronize data on disk with memory t tail Output the last part of file tar Tape ARchiver tee Redirect output to multiple files test Evaluate a conditional expression time Measure Program running time times User and system times touch Change file timestamps top List processes running on the system traceroute Trace Route to Host trap Run a command when a signal is set(bourne) tr Translate, squeeze, and/or delete characters true Do nothing, successfully tsort Topological sort tty Print filename of terminal on stdin type Describe a command • u ulimit Limit user resources • umask Users file creation mask umount Unmount a device unalias Remove an alias • uname Print system information unexpand Convert spaces to tabs uniq Uniquify files units Convert units from one scale to another unset Remove variable or function names unshar Unpack shell archive scripts until Execute commands (until error) uptime Show uptime useradd Create new user account userdel Delete a user account usermod Modify user account users List users currently logged in uuencode Encode a binary file uudecode Decode a file created by uuencode v v Verbosely list directory contents (`ls -l -b') vdir Verbosely list directory contents (`ls -l -b') vi Text Editor vmstat Report virtual memory statistics w wait Wait for a process to complete • watch Execute/display a program periodically wc Print byte, word, and line counts whereis Search the user's $path, man pages and source files for a program which Search the user's $path for a program file while Execute commands who Print all usernames currently logged in whoami Print the current user id and name (`id -un') wget Retrieve web pages or files via HTTP, HTTPS or FTP write Send a message to another user x xargs Execute utility, passing constructed argument list(s) xdg-open Open a file or URL in the user's preferred application. yes Print a string until interrupted . Run a command script in the current shell !! Run the last command again ### Comment / Remark
Sunday, 20 January 2013
Linux command list
Recover Deleted Files with Foremost, scalpel in Ubuntu, Pandora in Windows
Foremost and Scalpel are not interested in the underlying filesystem. They simply expect the data blocks of the files to reside sequentially in the image under investigation. The tools will find images in dd dumps, RAM dumps, or swap files.Carving will help to identify and reconstruct files on corrupt filesystems, in slack space, or even after installation of a new operating system, as long as the required data blocks still exist.
Forensics application to recover data.Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.
http://www.pandorarecovery.com/
Forensics application to recover data.Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.
Install foremost in Ubuntu
sudo aptitude install foremost
This will complete the installation.
Using Foremost
Foremost Syntax
foremost [-h][-V][-d][-vqwQT][-b<blocksize>][-o<dir>] [-t<type>][-s<num>][-i<file>]
Available Options
-h Show a help screen and exit.
-V Show copyright information and exit.
-d Turn on indirect block detection, this works well for Unix file systems.
-T Time stamp the output directory so you don't have to delete the output dir when running multiple times.
-v Enables verbose mode. This causes more information regarding the current state of the program to be dis-played on the screen, and is highly recommended.
-q Enables quick mode. In quick mode, only the start of each sector is searched for matching headers. That is,the header is searched only up to the length of the longest header. The rest of the sector, usually about 500 bytes, is ignored. This mode makes foremost run con- siderably faster, but it may cause you to miss files that are embedded in other files. For example, using quick mode you will not be able to find JPEG images embedded in Microsoft Word documents.
-V Show copyright information and exit.
-d Turn on indirect block detection, this works well for Unix file systems.
-T Time stamp the output directory so you don't have to delete the output dir when running multiple times.
-v Enables verbose mode. This causes more information regarding the current state of the program to be dis-played on the screen, and is highly recommended.
-q Enables quick mode. In quick mode, only the start of each sector is searched for matching headers. That is,the header is searched only up to the length of the longest header. The rest of the sector, usually about 500 bytes, is ignored. This mode makes foremost run con- siderably faster, but it may cause you to miss files that are embedded in other files. For example, using quick mode you will not be able to find JPEG images embedded in Microsoft Word documents.
Quick mode should not be used when examining NTFS file systems. Because NTFS will store small files inside the Master File Table, these files will be missed during quick mode.
-Q Enables Quiet mode. Most error messages will be sup-pressed.
-w Enables write audit only mode. No files will be extracted.
-a Enables write all headers, perform no error detection in terms of corrupted files.
-b number Allows you to specify the block size used in foremost. This is relevant for file naming and quick searches. The default is 512. ie. foremost -b 1024 image.dd
-k number Allows you to specify the chunk size used in foremost.This can improve speed if you have enough RAM to fit the image in. It reduces the checking that occurs between chunks of the buffer. For example if you had > 500MB of RAM. ie. foremost -k 500 image.dd
-w Enables write audit only mode. No files will be extracted.
-a Enables write all headers, perform no error detection in terms of corrupted files.
-b number Allows you to specify the block size used in foremost. This is relevant for file naming and quick searches. The default is 512. ie. foremost -b 1024 image.dd
-k number Allows you to specify the chunk size used in foremost.This can improve speed if you have enough RAM to fit the image in. It reduces the checking that occurs between chunks of the buffer. For example if you had > 500MB of RAM. ie. foremost -k 500 image.dd
-i file The file is used as the input file. If no input file is specified or the input file cannot be read then stdin is used.
-o directory Recovered files are written to the directory directory.
-c file Sets the configuration file to use. If none is speci-fied, the file "foremost.conf" from the current direc-tory is used, if that doesn't exist then "/etc/fore-most.conf" is used. The format for the configuration file is described in the default configuration file included with this program. See the CONFIGURATION FILE section below for more information.
-s number Skips number blocks in the input file before beginning the search for headers. ie. foremost -s 512 -t jpeg -i /dev/hda1
Foremost examples
Search for jpeg format skipping the first 100 blocks
sudo foremost -s 100 -t jpg -i image.dd
Only generate an audit file, and print to the screen (verbose mode)
sudo foremost -av image.dd
Search all defined types
sudo foremost -t all -i image.dd
Search for gif and pdf
sudo foremost -t gif,pdf -i image.dd
Search for office documents and jpeg files in a Unix file sys-tem in verbose mode.
sudo foremost -v -t ole,jpeg -i image.dd
Run the default case
sudo foremost image.dd
image.dd means you need to enter your hardisk mount point i.e /dev/sda1 or /dev/sda2
scalpel
A Frugal, High Performance File CarverA fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitions. It is useful for both digital forensics investigation and file recovery.
Install scalpel in Ubuntu
sudo aptitude install scalpel
This will complete the installation
Using scalpel
By default, all file types in the database (/etc/scalpel/scalpel.conf) are commented out. To specify which filetypes you want to carve, you need to edit the file and uncomment each line.
By default, all file types in the database (/etc/scalpel/scalpel.conf) are commented out. To specify which filetypes you want to carve, you need to edit the file and uncomment each line.
sudo scalpel FILE -o Directory
Where FILE is the image file (or device) and Directory is the output directory.
source: http://www.ubuntugeek.com
PANDORA free recovery tool
TCP Server-JAVA
// tcpServer.java by fpont 3/2000
// usage : java tcpServer <port number>.
// default port is 1500.
// connection to be closed by client.
// this server handles only 1 connection.
import java.net.*;
import java.io.*;
public class tcpServer {
public static void main(String args[]) {
ServerSocket server_socket=null;
BufferedReader input;
try {
server_socket = new ServerSocket(0);
System.out.println("Server waiting for client on port " +
server_socket.getLocalPort());
// server infinite loop
Socket socket = server_socket.accept();
System.out.println("New connection accepted " +
socket.getInetAddress() +
":" + socket.getPort());
input = new BufferedReader(new InputStreamReader(socket.getInputStream()));
// print received data
try {
while(true) {
String message = input.readLine();
if (message.equals("quit")) break;
System.out.println(message.toUpperCase());
}
}
catch (IOException e) {
System.out.println(e);
}
// connection closed by client
try {
socket.close();
System.out.println("Connection closed by client");
server_socket.close();
System.exit(1);
}
catch (IOException e) {
System.out.println(e);
}
}
catch (IOException e) {
System.out.println(e);
}
}}
TCP Client-JAVA
// usage : java tcpClient <server> <port>
import java.net.*;
import java.io.*;
public class tcpClient {
public static void main(String[] args) {
Socket socket = null;
String lineToBeSent;
String server="localhost";
BufferedReader input;
PrintWriter output;
int port=1500;
// read arguments
try {
server = args[0];
port = Integer.parseInt(args[1]);
}
catch (Exception e) {
System.out.println("Wrong input");
}
// connect to server
try {
socket = new Socket(server, port);
System.out.println("Connected with server " +
socket.getInetAddress() +
":" + socket.getPort());
}
catch (UnknownHostException e) {
System.out.println(e);
System.exit(1);
}
catch (IOException e) {
System.out.println(e);
System.exit(1);
}
try {
input = new BufferedReader(new InputStreamReader(System.in));//for reading the entry from the keyboard
output = new PrintWriter(socket.getOutputStream(),true); //for sending input data to the Server through the socket
// get user input and transmit it to server
while(true) {
lineToBeSent = input.readLine();
// stop if input line is "."
if(lineToBeSent.equals(".")){break;
}
output.println(lineToBeSent);
}
}
catch (IOException e) {
System.out.println(e);
}
try {
socket.close();
}
catch (IOException e) {
System.out.println(e);
}
}
}
Subscribe to:
Posts (Atom)