July 20, 2017

Setting ssh server to an user to only SFTP to the user's home directory

Here is a guide for setting up SFTP users who’s access is restricted to their home directory.

Add the following to the end of the /etc/ssh/sshd_config file:
Subsystem sftp internal-sftp

# This section must be placed at the very end of sshd_config
Match Group sftponly
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no

This means that all users in the ‘sftponly’ group will be chroot’d to their home directory, where they only will be able to run internal SFTP processes.

Now you can create the group sftponly by running the following command:
$ groupadd sftponly
Set a user’s group:
$ usermod steve -g sftponly
To deny SSH shell access, run the following command:
$ usermod steve -s /bin/false
And set the user’s home directory:
$ sudo chown root /home/steve
$ sudo chmod go-w /home/steve
$ sudo mkdir /home/steve/writable
$ sudo chown steve:sftponly /home/steve/writable
$ sudo chmod ug+rwX /home/steve/writable


Finally, you probably need to restart SSH
$ service ssh restart

The SSH part should now be in order, but you should make sure that file permissions also are correct. If the chroot environment is in a user’s home directory both /home and /home/username must be owned by root and should have permissions along the lines of 755 or 750.
In other words, every folder leading up to and including the home folder must be owned by root, otherwise you will get the following error after logging in:
Write failed: Broken pipe
Couldn't read packet: Connection reset by peer

June 15, 2017

xxd reverse with an offset

When using xxd to reverse a hex dump file, if you hexdump file has a non-0 offset like this:

bc000000: 01 02 03 04 05 06 07 08  ........

You would need to use the "-s offset" option of the xxd. However, there is a bug in the code that makes this options only works as the FIRST option. Otherwise, it wouldn't work.

You want to do this:

xxd -s -0xbc000000 -r -g 1 test.dump test.bin

Basically the xxd is hardcoded to look for the offset at argv[2].

Another alternative:
https://github.com/pheehs/hexdump2bin/blob/master/hexdump2bin.py


May 17, 2017

ios command line console log viewing

use "idevice_id --list" to list the UUIDs.
use "deviceconsole" to actually view the logs
deviceconsole -u <UUID>



May 16, 2017

unbrick TPLINK Archer C7 V2 (2017-05 from Amazon)

I bricked my Archer C7 v2 with bad configuration.

TFTP boot didn't work for me. It turned out that the product id doesn't match.

Had to connect to console.

1. The pinout is as follows. The warning on this page (https://wiki.openwrt.org/toh/tp-link/tl-wdr7500#tftp_recovery_de-bricking) itself is wrong.

2. I used the Openwrt Snapshot image. I tried the official image from TPLink website but that didn't work. I didn't try the "cut" process described in the above link.

3. The command is as follows

type "tpl" really fast at boot time to stop the autoboot

tftpboot 0x81000000 [name of your firmware file].bin
erase 0x9f020000 +f80000
cp.b 0x81000000 0x9f020000 0xf80000
reset

That's it.

May 11, 2017

socket buffer size

To find the current socket buffer size:

getsockopt(fdsocket,SOL_SOCKET,SO_RCVBUF,(void *)&n, &m);

getsockopt(fdsocket,SOL_SOCKET,SO_SNDBUF,(void *)&n, &m);

To find out more, do "man getsockopt"

To find the current bytes in the socket's buffer:
ioctl(fd,FIONREAD,&bytes_available)
ioctl(fd,FIONWRITE,&bytes_available)

To find out more, do "man ioctl"


May 8, 2017

FreeBSD recompile kernel

Download:
ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.3-RELEASE/src.txz

untar this to /usr/src

Go to the kernel source directory which contains the configurations.
cd /usr/src/sys/amd64/conf
Create a folder named kernel in the home directory of root user i.e. /root.
mkdir /root/kernels

config -x /root/kernels/MYKERNEL

The above command generates the current configuration of the kernel

Now you can add the options you want to change.

Create a soft link in the /usr/src/sys/amd64/conf named “MYKERNEL” which links to /root/kernels/MYKERNEL file.

ln -s /root/kernels/MYKERNEL

Goto the folder created above.
cd /root/kernels/

To build a file which contains all available options, run the following commands.
cd /usr/src/sys/amd64/conf
make LINT
Goto the main source folder.
cd /usr/src
Build and Install the new kernel with reference from the file “MYKERNEL”.
make buildkernel KERNCONF=MYKERNEL
make installkernel KERNCONF=MYKERNEL
Now reboot the machine to boot into the new kernel you just created now.

use "uname -a" and "sysctl -a" to check


Enable multi routing table in the kernel:
https://www.mmacleod.ca/2011/06/source-based-routing-with-freebsd-using-multiple-routing-table/


FreeBSD dump current kernel config

config -x /boot/kernel/kernel