Commands by bhbmaster (7)

  • wmr - | pv -s $SIZEOFMEM | ssh -p 40004 -c arcfour,blowfish-cbc -C [email protected] "cat - > /forensics/T430-8gb-RAM1.dd" Run above command from Windows Cygwin: On Windows: Install Cygwin, and copy WMR (windows memory reader 1.0) memory diagnostic into cygwin\bin folder, also install cygwins netcat and ssh (openssh). I recommend installing apt-cyg and running " On Linux: Have an SSH Server SIMPLEST FORM: WINDOWS: # wmr - | ssh [email protected] "cat - > /tmp/FileToSave.dd" For more details on how to extract information from memory dump: apt-get install foremost foremost -t all -T -i /forensics/T430-8gb-RAM1.dd For more information: http://www.kossboss.com/memdump-foremost Show Sample Output


    0
    wmr - | pv -s $SIZEOFMEM | ssh -p 40004 -c arcfour,blowfish-cbc -C [email protected] "cat - > /forensics/T430-8gb-RAM1.dd"
    bhbmaster · 2013-05-31 00:04:19 0
  • Most of the commands require the jpegs a certain format, not this, it just follows alphabetical order. The same order you follow if you do "ls -lisah" from top to bottom, top frame is first, bottom is last... This goes perfectly with a webcam timelapse... I have just the script for it: http://www.kossboss.com/linux---app-script---timelapse---capush Show Sample Output


    0
    mencoder mf://*.jpg -mf fps=50:type=jpg -ovc raw -oac copy -o out50fps.avi
    bhbmaster · 2013-05-30 07:49:36 0
  • NOTE: When opening the files you might need to strip the very top line with notepad++ as its a mistake header This is useful when the local machine where you need to do the packet capture with tcpdump doesn?t have enough room to save the file, where as your remote host does tcpdump -i eth0 -w - | ssh forge.remotehost.com -c arcfour,blowfish-cbc -C -p 50005 "cat - | gzip > /tmp/eth0.pcap.gz" Your @ PC1 doing a tcpdump of PC1s eth0 interface and its going to save the output @ PC2 who is called save.location.com to a file /tmp/eth0-to-me.pcap.gz again on PC2 More info @: http://www.kossboss.com/linuxtcpdump1 Show Sample Output


    1
    tcpdump -i eth0 -w - | ssh forge.remotehost.com -c arcfour,blowfish-cbc -C -p 50005 "cat - | gzip > /tmp/eth0.pcap.gz"
    bhbmaster · 2013-05-30 07:41:22 0
  • This is useful when the local machine where you need to do the packet capture with tcpdump doesn?t have enough room to save the file, where as your remote host does tcpdump -i eth0 -w - | ssh savelocation.com -c arcfour,blowfish-cbc -C -p 50005 "cat - > /tmp/eth0.pcap" Your @ PC1 doing a tcpdump of PC1s eth0 interface and its going to save the output @ PC2 who is called save.location.com to a file /tmp/ppp1-to-me.pcap.gz again on PC2 More info @: http://www.kossboss.com/linuxtcpdump1 Show Sample Output


    0
    tcpdump -i eth0 -w - | ssh savelocation.com -c arcfour,blowfish-cbc -C -p 50005 "cat - > /tmp/eth0.pcap"
    bhbmaster · 2013-05-30 07:33:48 1
  • NOTE: When doing these commands when asked for questions there might be flowing text from the pv doing the progress bar just continue typing as if its not there, close your eyes if it helps, there might be a yes or no question, type "yes" and ENTER to it, and also it will ask for a password, just put in your password and ENTER I talk alot more about this and alot of other variations of this command on my site: http://www.kossboss.com/linuxtarpvncssh Show Sample Output


    0
    cd /srcfolder; tar -czf - . | pv -s `du -sb . | awk '{print $1}'` | ssh -c arcfour,blowfish-cbc -p 50005 [email protected] "tar -xzvf - -C /dstfolder"
    bhbmaster · 2013-05-30 07:21:06 0
  • Where filein is the source file, destination.com is the ssh server im copying the file to, -c arcfour,blowfish-cbc is selecting the fastest encryption engines, -C is for online compressions and decompression when it comes off the line - supposed to speed up tx in some cases, then the /tmp/fileout is how the file is saved... I talk more about it on my site, where there is more room to talk about this: http://www.kossboss.com/linuxtarpvncssh and http://www.kossboss.com/linux---transfer-1-file-with-ssh Show Sample Output


    0
    cat filein | ssh destination.com -c arcfour,blowfish-cbc -C -p 50005 "cat - > /tmp/fileout"
    bhbmaster · 2013-05-30 07:18:46 0
  • Do above at the Destination aka The Server. Do the following at the Source aka The Client: tar -cf - /srcfolder | pv | nc www.home.com 50002 If you want ETAs and stuff: tar -cf - /srcfolder | pv -s `du -sb /srcfolder | awk '{print $1}'` | nc www.home.com 50002 If you dont care about progress bars @ server/destination: tar -cf - /srcfolder | pv | nc www.home.com 50002 If you dont care about progress bars @ client/source: tar -cf - /srcfolder | pv -s `du -sb /srcfolder | awk '{print $1}'` | nc www.home.com 50002 I have this in alot better detail where there is more room to talk about it on my site: http://www.kossboss.com/linuxtarpvncssh Show Sample Output


    0
    while true; do nc -l -p 50002 | pv | tar -xf -; done
    bhbmaster · 2013-05-30 07:17:23 0

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Mute speakers after an hour
Mutes the speakers after an hour, in case you fall asleep watching a video...

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Scan for new SCSI devices
Issues a scan command on the given scsi host adapter (ex. a fibre channel adapter, in the example above on host0). Output can be watched in the messages log or in "dmesg"

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Printable random characters
Reads psuedorandom bytes from /dev/urandom, filtering out non-printable ones. Other character classes can be used, such as [:alpha:], [:digit:] and [:alnum:]. To get a string of 10 lowercase letters: $ tr -dc '[:lower:]' < /dev/urandom | head -c 10

Simplest way to get size (in bytes) of a file

Match a URL
For the record: I didn't build this. Just shared what I found that worked. Apologies to the original author! I decided I should fix the case where http://example.com is not matched for the next time I need this. So I read rfc1035 and formalized the host name regex. If anyone finds any more holes, please comment.

Change mysql prompt to be more verbose
You can put this into your shell sourced file like .bashrc or .zshrc to have a different mysql prompt. See http://dev.mysql.com/doc/refman/5.1/de/mysql-commands.html for more informations. Beware that currently with mysql 5.5 the seconds are buggy and won't be displayed if you put this into a .cnf file. With the enironment variable this will work.

Rip a video for archiving, from any site
Download video files from a bunch of sites (here is a list https://rg3.github.io/youtube-dl/supportedsites.html). The options say: base filename on title, ignores errors and continue partial downloads. Also, stores some metadata into a .json file plz. Paste youtube users and playlists for extra fun. Protip: git-annex loves these files

Are the two lines anagrams?
This works by reading in two lines of input, turning each into a list of one-character matches that are sorted and compared.


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: