Python install package

*Open package management PIP install

You should install the pip :
 #download get-pip.py and exeic
py get-pip.py
Requirement already up-to-date: pip in c:\users\andychung\appdata\local\programs\python\python35-32\lib\site-packages

# check the pip tools
pip list
hexdump (3.3)
pip (8.1.2)
python-evtx (0.5.0)
setuptools (20.10.1)
simplejson (3.8.2)
six (1.10.0)
wheel (0.29.0)


Ref: https://packaging.python.org/installing/#use-pip-for-installing

*Self PACKAGE  install

 python setup.py install

example:
git clone https://github.com/williballenthin/python-evtx

Reference: https://packaging.python.org/distributing/#setup-py

python sqlite interface

1.  Connection to DB and import many records



import sqlite3
conn = sqlite3.connect('C:\\sqlite\\IE11.sqlite')
c = conn.cursor()
c.executemany('INSERT INTO PCInfo(log,ip,pcname,IE,home) VALUES (?,?,?,?,?)', records)
conn.commit()



REF
official sqlite3

sqlite install in windows 64bits

1. Download from sqlite  https://sqlite.org/download.html

sqlite-dll-win64-x64-3140100.zip
sqlite-tools-win32-x86-3140100.zip

2. Create Folder and unzip 

.mkdir  in C:\sqlite
.unzip above  two zip

3. launch the sqlite 

cd c:\sqlite
sqlite3.exe

SQLite version 3.14.1 2016-08-11 18:53:32
Enter ".help" for usage hints.
Connected to a transient in-memory database.
Use ".open FILENAME" to reopen on a persistent database.

4. How to use 

.open test.sqlite

CREATE TABLE users (id integer primary key autoincrement, name text not null);

insert into users (name) values('jon');
insert into users (name) values('paul');

sqlite> select * from users;
1|john
2|paul

the .open is the command for create/connection database
other .tables or .drop



Reference :
First_Installing-and-Using-SQLite-on-Windows
Appropriate Uses For SQLite
SQLite vs MySQL

Python 3.5 windows install

1. Download site  https://www.python.org/downloads/

2.  Install it and will in the
C:\Users\andychung\AppData\Local\Programs\Python\Python35-32

3. default python will launch by py
cmd
py some_script

InstallREference GOOD
https://docs.python.org/3/using/windows.html
https://docs.python.org/3.3/using/windows.html

windows Regedit File Command add / delete

Using the reg command
Action: add, delete

If delete:

reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /f




From REF

修改（包括新增）登錄檔。範例：

reg add "HKCU\Keyboard Layout\Toggle" /v "Layout Hotkey" /d "2" /t REG_SZ /f

HKCU 是 HKEY_CURRENT_USER 的縮寫。
/v 後面寫：regedit 登錄編輯程式右半邊視窗登錄檔條目的名稱。
/d 後面寫：regedit 登錄編輯程式右半邊視窗登錄檔條目的數值。
/t 後面寫：regedit 登錄編輯程式右半邊視窗登錄檔條目的類型。如果你不知道你要修改的登錄檔是什麼類型，就到登錄編輯程式右半邊視窗那裡看一下，常見的有 REG_SZ、REG_DWORD。

VBS parameter space especialy using path

Solution:
Using the chr(34) and eval to run the command like linux eval run raw command


Example:
 strCommand =
 "%comspec% /c move %USERPROFILE%\IE11Doc.bat  %USERPROFILE%\" & chr(34) & "A BC" & chr(34)

#comspec is the exec, /c is close message, chr(34) mean qute

Wscript.Echo  strCommand
# the content will be presented %comspec% /c move  %userprofile%\IE11Doc.bat  %userprofile%\"A BC"

oShell.Run  strCommand, 0, True
# equal eval and runit, notice not using the run(...) no ( )


Noteice:
' K and run osrun/1 is show content for debug, convesty is  /c and 0 is no message

WIndow 自動啟動程式地方

Position 
1. 
C:\Users\使用者帳號\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup


2. 
上圖為 Windows 7 左下角「開始」鍵打開後的搜尋框，請直接輸入「msconfig」並按下 ENTER 即可。




REF

ICMP Protocol

Introduction:

ICMP will check the flow control, detect the remote machine,
It is on the IP layer and no port concept


It is on the IP above




It's  Package format

ICMP 在溝通之中，主要是透過不同的類別( Type )與代碼( Code ) 讓機器來識別不同的連線狀況。常用的類別如下表所列﹕

類別	名稱	代表意思
0	Echo Reply	是一個回應信息。
3	Distination Unreachable	表示目的地不可到達。
4	Source Quench	當 router 負載過時﹐用來竭止來源繼續發送訊息。
5	Redirect	用來重新導向路由路徑。
8	Echo Request	請求回應訊息。
11	Time Exeeded for a Datagram	當資料封包在某些路由現象中逾時﹐告知來源該封包已被忽略忽略。

REF: chinese network_ip_icmp

Netstat For Network Statistics

Format:

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

  -a            Displays all connections and listening ports.
  -e            Displays Ethernet statistics. This may be combined with the -s
                option.
  -n            Displays addresses and port numbers in numerical form.
  -o            Displays the owning process ID associated with each connection.
  -p proto      Shows connections for the protocol specified by proto; proto
                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
                option to display per-protocol statistics, proto may be any of:
                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  -r            Displays the routing table.
  -s            Displays per-protocol statistics.  By default, statistics are
                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
                the -p option may be used to specify a subset of the default.
  interval      Redisplays selected statistics, pausing interval seconds
                between each display.  Press CTRL+C to stop redisplaying
                statistics.  If omitted, netstat will print the current
                configuration information once.

Example
A Look all content
netstat 
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 127.0.0.1:6666              127.0.0.1:48858             ESTABLISHED
tcp        0      0 127.0.0.1:13666             127.0.0.1:44115             ESTABLISHED
tcp        0      0 127.0.0.1:7777              127.1.1.2:20247             ESTABLISHED

B Look TCP connection

netstat -tn | head

Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 127.0.0.1:6666              127.0.0.1:48858             ESTABLISHED
tcp        0      0 127.0.0.1:13666             127.0.0.1:44115             ESTABLISHED
tcp        0      0 127.0.0.1:7777              127.1.1.2:20247             ESTABLISHED
tcp        0      0 127.0.0.1:13666             127.0.0.1:44124             ESTABLISHED




C  LOOK UDP connection

netstat -un | head

udp        0      0 127.0.0.1:53925             127.0.0.1:14756             ESTABLISHED
udp        0      0 127.0.0.1:48294             127.0.0.1:14756             ESTABLISHED
udp        0      0 127.0.0.1:50087             127.0.0.1:14756             ESTABLISHED
udp        0      0 127.0.0.1:60208             127.0.0.1:14756             ESTABLISHED

udp        0      0 127.0.0.1:46913             127.0.0.1:14756             ESTABLISHED

D: Look Process 

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        1      0 ramesh-laptop.loc:47212 192.168.185.75:www        CLOSE_WAIT  2109/firefox
tcp        0      0 ramesh-laptop.loc:52750 lax:www ESTABLISHED 2109/firefox

REference
netstat-command-examples
Search IP connect

SS comand

Introduction

• ss is one another utility to investigate sockets
• The third: default is to dump only TCP sockets, rather than all of the types

2 Basic Usage

• ss -t : -a dumps all TCP sockets
• ss -u : -a dumps all UDP sockets
• ss -w : -a dumps all RAW sockets
• ss -x : -a dumps all UNIX sockets

3 State Fileter

ss state bucket

State       Recv-Q Send-Q                               Local Address:Port                                   Peer Address:Port

TIME-WAIT   0      0                                 ::ffff:127.0.0.1:https                              ::ffff:127.0.0.1:48207

TIME-WAIT   0      0                                 ::ffff:127.0.0.1:https                              ::ffff:127.0.0.1:48211

TIME-WAIT   0      0                                 ::ffff:127.0.0.1:https                              ::ffff:127.0.0.1:48209

TIME-WAIT   0      0                                 ::ffff:127.0.0.1:https                              ::ffff:127.0.0.1:48215

TIME-WAIT   0      0                                 ::ffff:127.0.0.1:https                              ::ffff:127.0.0.1:48208

More detail

• All standard TCP states: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait,last-ack, listen and closing.
• all - for all the states
• connected - all the states except for listen and closed
• synchronized - all the connected states except for syn-sent
• bucket - states, which are maintained as minisockets, i.e. time-wait and syn-recv.
• big - opposite to bucket

From: PIC LInk , tcp-timewait

4 Addreess filter

 ss   -a  dst 192.168.168.0/24

State       Recv-Q Send-Q    Local Address:Port        Peer Address:Port

ESTAB       0      0         ::ffff:127.0.0.1:ssh    ::ffff:192.168.168.140:63563

ESTAB       0      52        ::ffff:127.0.0.1:ssh    ::ffff:192.168.168.140:52859

More detail

• dst ADDRESS_PATTERN - matches remote address and port
• src ADDRESS_PATTERN - matches local address and port
• dport RELOP PORT - compares remote port to a number
• sport RELOP PORT - compares local port to a number

5  Name address

 ss -ar   dst 192.168.168.0/24

ate       Recv-Q Send-Q                               Local Address:Port                                   Peer Address:Port

ESTAB       0      0                            localhost.localdomain:ssh                          who:63563

ESTAB       0      52                           localhost.localdomain:ssh                            who:52859

6.  Process -p

ss  -p  -a  dst 192.168.168.0/24

State       Recv-Q Send-Q    Local Address:Port       Peer Address:Port

ESTAB       0      0      ::ffff:127.0.0.1:ssh      ::ffff:192.168.168.140:63563  users:(("sshd",4219,3))

ESTAB       0      52   ::ffff:127.0.0.1:ssh      ::ffff:192.168.168.140:52859    users:(("sshd",31086,3))

7. Look time -o

ate       Recv-Q Send-Q                               Local Address:Port                                   Peer Address:Port

ESTAB       0      0     ::ffff:127.0.0.1:ssh       ::ffff:IP:63563    timer:(keepalive,18min,0)

ESTAB       0      52      ::ffff:127.0.0.1:ssh    ::ffff:IP:52859    timer:(on,420ms,0)

8. Sumaary -s

Reference

Look ss linux-investigate-sockets-network-connections

tcpdump For Network Packet Analyzer

Introduction:  It will by time to capture the package

Format: 

tcpdump [options] [filter express]

Option : Ref tcpdump example

．-n：以數字顯示，不對 IP 作反解，但仍顯示服務名稱。
．-nn：直接以 IP 及 port number 顯示，而非主機名與服務名稱。
．-p：不要以 promiscuous mode 執行。
．-t：不要顯示 timestamp。
．-i：指令要監控的網路介面，如 eth0、lo、any 等。
．-e：使用資料連接層 (OSI 第二層) 的 MAC 封包資料來顯示。
．-c：監聽的封包數，如果沒有這個參數，tcpdump 會持續不斷的監聽，直到使用者輸入 [ctrl]-c 為止。
．-q：僅列出較為簡短的封包資訊，每一行的內容比較精簡。
．-s：抓比較長的 data 做一筆記錄。
．-v：輸出一個稍微詳細的資訊，例如在 IP 封包中可以包括 ttl 和服務類型的資訊。
．-A：封包的內容以 ASCII 顯示，通常用來捉取 WWW 的網頁封包資料。
．-X：可以列出十六進位 (hex) 以及 ASCII 的封包內容，對於監聽封包內容很有用。
．-w：如果你要將監聽所得的封包資料儲存下來，用這個參數就對了！後面接檔名。
．-r：從後面接的檔案將封包資料讀出來。那個『檔案』是已經存在的檔案，並且這個『檔案』是由 -w 所製作出來的。

Expression:

(Protocol ) (port) (host)
protocol: tcp, udp, icmp
port: number, ssh
host:  host IP or net CIDR

addrest: src, dst



 #tcpdump  -t  -nn -i eth0  "tcp port https and src  host 192.168.70.2"



Exampl2:
Capture ICMP Package




Reference:
tcpdump-6up.pdf
Chinese_Exaplaination
Good example tcpdump

lsof list open file

FROM lsof-command-examples

Introduction:
By default One file per line is displayed. Most of the columns are self explanatory. We will explain the details about couple of cryptic columns (FD and TYPE).

FD – Represents the file descriptor. Some of the values of FDs are,

• cwd – Current Working Directory
• txt – Text file
• mem – Memory mapped file
• mmap – Memory mapped device
• NUMBER – Represent the actual file descriptor. The character after the number i.e ‘1u’, represents the mode in which the file is opened. r for read, w for write, u for read and write.

TYPE – Specifies the type of the file. Some of the values of TYPEs are,

• REG – Regular File
• DIR – Directory
• FIFO – First In First Out
• CHR – Character special file

Docker reference

Simple :

1 slide Chinese docker-61214768

Setting NAT And host only netwoking

1.  In virtual box create two interface, first is host-only (eht0), second is NAT (eht1)


2. In kali, edit the /etc/network/interfaces

auto eth1
iface eth1 inet dhcp

3. restart the networking 
/etc/init.d/networking restart


linux-network-config.html
linux-network-set-example-2011
3
ubuntu-dhcp-ip.html

Ptt 使用

1. Google 新增plugin

2. 加入已知看板
    按下小 s  在上方輸入 看版
    a. 買賣 forsale



3. 加入我的最愛
   於我的最愛內,     按下小 i 輸入
   



REF
Popular Board

Centos 7 mininal install in VM

Problem: setting the Network

If you should connection network Just following the aricle
how-to-setup-network-after-rhelcentos-7-minimal-installation/



If you should ssh connection, try
nstall-centos-7-minimal-in-virtualbox

Windows 亂碼

問題:
有時在 IE 或 outlook 會看到某些字形為亂碼


Solution: 主要是被設定為簡體中文，一下列步驟可改成繁體

REF Windows language code