mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-03-27 02:30:10 +08:00
20131014-3 选题
This commit is contained in:
DeadFire
parent
89558266f7
commit
8078b387f2
104
sources/A Pentesting Release for the Raspberry Pi.md
Normal file
104
sources/A Pentesting Release for the Raspberry Pi.md
Normal file
@ -0,0 +1,104 @@
|
||||
A Pentesting Release for the Raspberry Pi
|
||||
================================================================================
|
||||
**The Raspberry Pi** is a credit-card-sized single-board computer developed in the UK by the Raspberry Pi Foundation with the intention of promoting the teaching of basic computer science in schools. The Raspberry Pi is manufactured through licensed manufacturing deals with **Newark element14 (Premier Farnell), RS Components** and **Egoman**. All of these companies sell the Raspberry Pi online. Egoman produces a version for distribution solely in China and Taiwan, which can be distinguished from other Pis by their red coloring and lack of FCC/CE marks. The hardware is the same across all manufacturers. (wikipedia)
|
||||
|
||||
Pwnie Express team has announced the initial release of Raspberry Pwn which can be used to turn your raspberry pi into a full-featured security penetration testing and auditing platform. This release of Raspberry Pwn and includes all the tool needed to perform a penetration testing. So, doing penetration testing from your raspberry pi, how does that make you feel? Sqlmap, nmap, wireshark, scapy, nikto, xprobe, socat, do you want more tools for pentesting your network?
|
||||
|
||||
Raspberry Pwn comes with the following tools:
|
||||
|
||||
- nmap
|
||||
- dsniff
|
||||
- netcat
|
||||
- nikto
|
||||
- xprobe
|
||||
- scapy
|
||||
- wireshark
|
||||
- tcpdump
|
||||
- ettercap
|
||||
- hping3
|
||||
- medusa
|
||||
- macchanger
|
||||
- nbtscan
|
||||
- john
|
||||
- ptunnel
|
||||
- p0f
|
||||
- ngrep
|
||||
- tcpflow
|
||||
- openvpn
|
||||
- iodine
|
||||
- httptunnel
|
||||
- cryptcat
|
||||
- sipsak
|
||||
- yersinia
|
||||
- smbclient
|
||||
- sslsniff
|
||||
- tcptraceroute
|
||||
- pbnj
|
||||
- netdiscover
|
||||
- netmask
|
||||
- udptunnel
|
||||
- dnstracer
|
||||
- sslscan
|
||||
- medusa
|
||||
- ipcalc
|
||||
- dnswalk
|
||||
- socat
|
||||
- onesixtyone
|
||||
- tinyproxy
|
||||
- dmitry
|
||||
- fcrackzip
|
||||
- ssldump
|
||||
- fping
|
||||
- ike-scan
|
||||
- gpsd
|
||||
- darkstat
|
||||
- swaks
|
||||
- arping
|
||||
- tcpreplay
|
||||
- sipcrack
|
||||
- proxychains
|
||||
- proxytunnel
|
||||
- siege
|
||||
- sqlmap
|
||||
- wapiti
|
||||
- skipfish
|
||||
- w3af
|
||||
|
||||
Let us me give you a short description of the above tools. I am not gonna explain everything. Just want to explain a two or three tools. A simple Google search will help you to find the details of the remaining tools.
|
||||
|
||||
**Nmap**
|
||||
|
||||
Nmap is a free and open-source tool for network discovery, helping us to map the network. Network administrators find it very useful in their daily job, so if you are planning to be a network administrator you should learn how to use Nmap. Nmap can help us to discover how many hosts are in a network, what operating systems are they running, what open ports do they have and services running in these open ports. It is a command line tool but for those that do not like to remember many commands there is a graphical version of Nmap that is called Zenmap. Both Nmap and Zenmap are multi-platform (Linux, Windows, Mac OS, BSD, etc.), so you do not have to worry about the operating system you need in order to use these tools. Nmap has the ability to save scan results to files and we can use these files for later analyzes. The great thing that I like about Nmap is its scripting engine (NSE). We can write our own scripts and use them with Nmap. See more at: [http://www.unixmen.com/scan-your-home-network-with-nmap/][1]
|
||||
|
||||
**Netcat**
|
||||
|
||||
Netcat is a command-line networking tool which is able to read and write data across Transmission Control Protocol TCP and User Datagram Protocol. Originally coded for Unix, it was released in 1996 and has been ported to a number of operating systems and facts tell that it still stays strong in the game. It has been 17 years and netcat belongs in every network admin/security professional’s toolbox. People say “old is gold” and in my opinion this is true when it comes to netcat. Virtually, you can use netcat for everything and your imagination is the limit. Depending on what your intentions are you can use it for good or you can use it for bad. Netcat operates as a client and as a server. Even if there are few exceptions, netcat’s command options are the same for both Windows and Linux and this makes netcat a more powerful tool. In the next article you will be introduced to netcat command options and will learn how perform some basic operations with netcat. – See more at: [http://www.unixmen.com/short-introduction-to-netcat][2]
|
||||
|
||||
**Sqlmap**
|
||||
|
||||
If you need a tool to exploit sql injection flaws in your web application or taking over database servers, sqlmap is the right one. Sqlmap is a tool used by penetration testers all over the world and it is full of feaures. Some of its features are:
|
||||
|
||||
- Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
|
||||
- Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
|
||||
- Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
|
||||
- Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
|
||||
- Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
|
||||
- Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
|
||||
- Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables.
|
||||
|
||||
**Medusa**
|
||||
|
||||
Do you need a login brute-forcer? Medusa was developed on Gentoo Linux and FreeBSD for bruteforcing network services. Medusa works with FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL,rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN and many other services. You can read more about Medusa here.
|
||||
|
||||
As you can see there are all tools you need for penetration testing in this release of Raspberry Pwn. Do you have a pi? Then go and turn it into a pentester machine.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.unixmen.com/pentesting-release-raspberry-pi/
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
[1]:http://www.unixmen.com/scan-your-home-network-with-nmap/
|
||||
[2]:http://www.unixmen.com/short-introduction-to-netcat/
|
||||
60
sources/Calibre 1.6 released with handy mark-book feature.md
Normal file
60
sources/Calibre 1.6 released with handy mark-book feature.md
Normal file
@ -0,0 +1,60 @@
|
||||
Calibre 1.6 released with handy mark-book feature
|
||||
================================================================================
|
||||
[Calibre][1] is a free open-source ebook library management tool, designed in mind with satisfying a diverse and complex range of ebook-related requirements and necessities, offering powerful conversion process, dedicated ebook reader, hassle-free library creation and management, online service integration, etc, basically, a modern ebook experience.
|
||||
|
||||
Calibre has been updated to version **1.6**, introducing an exciting **book-marking** feature, as well as numerous new fixes and enhancements.
|
||||
|
||||
The book-marking feature presents itself as a handy manner of **temporarily** (restarting Calibre, loses the marking) selecting books, functionality allowing the user to mark books and to act on the marked books 1-click away, feature proving itself handy in multiple situations.
|
||||
|
||||
The newly-implemented book-marking feature is disabled by default, yet, enabling it is as simple as navigating to `Preferences-->Toolbar-->The main toolbar-->`click on `Mark Books-->hit the left-pointed arrow-->Apply`, action that adds the `Mark Books` button on its toolbar.
|
||||
|
||||
**Marking**, for example, three books is to be achieved by manually selecting the books (holding the Ctrl key and clicking on the three preferred to-be-marked books) and directly clicking on the toolbar's Mark Books button, action that marks the books.
|
||||
|
||||
The **result**: the newly-marked three books gain a marking-specific icon, thus the user is able to clearly observe marked books.
|
||||
|
||||
|
||||
|
||||
After the books have been marked, the user can act on the marked books by `right-clicking on the toolbar's Mark Books-->Show marked books`, action that displays on Calibre's main view only the marked books, while hiding the non-marked regular books.
|
||||
|
||||
The book-marking functionality allows users to hassle-free isolate preferred books in a matter of seconds by simply clicking on the mentioned button, isolation process fully exposing to the user only certain books, while clearing the view from at-the-moment unwanted books.
|
||||
|
||||
Reselecting the marked books and clicking again on the `Mark Books` button, unmarks the books, button acting as a mark/unmark toggle.
|
||||
|
||||
Calibre comes by default with a handy ebook viewer, ebook viewer enriched in the 1.6 release with extra configurable keyboard shortcuts, meaning, the user is now able to select a different **keyboard shortcut** (for example) for zoom in/out when reading ebooks.
|
||||
|
||||
Adjusting a keyboard shortcut is to be preformed by opening E-book Viewer, clicking on the sidebar's Preferences and navigating to `Keyboard shortcuts`, where double-clicking on an entry, makes the entry fully editable.
|
||||
|
||||
|
||||
|
||||
The mentioned features, along with numerous bug fixes, new news sources (various Uruguyan news) and improved news sources (National Geographic Magazine, New York Review of Books, Focus, Carta Capital, Ming Pao, Neu Osnabrucker Zeitung), come to deliver a more strengthened solid Calibre.
|
||||
|
||||
How do we **install** Calibre 1.6?
|
||||
|
||||
Paste the following command into a terminal
|
||||
|
||||
sudo python -c "import sys; py3 = sys.version_info[0] > 2; u = __import__('urllib.request' if py3 else 'urllib', fromlist=1); exec(u.urlopen('http://status.calibre-ebook.com/linux_installer').read()); main()"
|
||||
|
||||
and hit the `Enter` key on the `Enter the installation directory for calibre [/opt]` (command that will appear in the terminal after pasting the above-presented command)
|
||||
|
||||
**For users** having Calibre installed via PPA, type in a terminal (**before** pasting the above command)
|
||||
|
||||
sudo apt-get remove calibre calibre-bin
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://iloveubuntu.net/calibre-16-released-handy-mark-book-feature
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
[1]:http://calibre-ebook.com/
|
||||
[2]:
|
||||
[3]:
|
||||
[4]:
|
||||
[5]:
|
||||
[6]:
|
||||
[7]:
|
||||
[8]:
|
||||
[9]:
|
||||
[10]:
|
||||
@ -0,0 +1,26 @@
|
||||
Powerful chess application PyChess 0.12 BETA 4 released with new improvements
|
||||
================================================================================
|
||||
[PyChess][1] is a lovely enjoyable chess application presenting itself as an advanced manner of digesting chess activities, stressing one's brain and chess skills with intelligent computer opponents, while exposing its activities with user-friendly intuitive visuals and details.
|
||||
|
||||
PyChess displays on its main view relevant chess components, translating professional chess activities into a computing experience, where animated table, specific sounds, written-in-real-time movements, hints, annotations, offer draw/abort, chronometer are to fully immerse the user in solid chess actions.
|
||||
|
||||
**PyChess 0.12 Anderssen BETA 4** has been released, unstable version marking the fourth iteration of the interesting BETA journey, 0.12 series bringing a significant amount of changes and improvements spanning across multiple levels, [including][2] new themes, new menu options, as well as computer-resources optimizations (removing the high CPU usage).
|
||||
|
||||
|
||||
|
||||
The BETA 4 comes with extended support for extra [FICS][3] variants (Free Internet Chess Server), as well as various fixes and improvements, version further strengthening the powerful chess application.
|
||||
|
||||
PyChess 0.12 BETA 4 is available for download on [http://pychess.googlecode.com/files/pychess_0.12beta4-1_all.deb][4]
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://iloveubuntu.net/powerful-chess-application-pychess-012-beta-4-released-new-improvements
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
[1]:http://pychess.org/
|
||||
[2]:http://iloveubuntu.net/powerful-chess-game-pychess-012-beta-3-released-numerous-new-features-and-improvements
|
||||
[3]:http://www.freechess.org/
|
||||
[4]:http://pychess.googlecode.com/files/pychess_0.12beta4-1_all.deb
|
||||
37
sources/Thoughts on Mir and the community.md
Normal file
37
sources/Thoughts on Mir and the community.md
Normal file
@ -0,0 +1,37 @@
|
||||
Thoughts on Mir and the community
|
||||
================================================================================
|
||||
I realized this week I needed a break from sampling distributions. I love technology, especially when it involves open source software, but this past week I realized I'd had too much of a good thing. As I scrolled through the list of distributions released over the previous two weeks and combed my inbox for suggestions I realized few of the distributions jumped out at me. My reaction to reading descriptions such as "The last distribution you will ever try" or "Just works" was skepticism. Most of the releases announced over these past two weeks have been niche players and beta releases anyway, so this seemed like a good time to take a break, to take a week off from installing open source operating systems, to have a week off from taking notes on the Linux community's latest and greatest. This week I would like to turn my focus (and yours, if you will indulge me) on Canonical's new display server, [Mir][1].
|
||||
|
||||
Mir, for those of you who are not familiar, is a display server designed to replace the X graphics software common to most Linux (and UNIX) operating systems. The Mir software is designed to work on desktops, laptops, tablets and phones. If all goes as planned, Mir will provide better performance and use less energy than X. The name Mir is a Russian term meaning community or the world (as well as "peace") and fits the naming pattern of other Canonical projects which include Ubuntu and Unity.
|
||||
|
||||
Right from the start Mir generated some controversy. Originally Canonical (and several other open source contributors) had been putting their development efforts into a new display server technology called [Wayland][2]. Wayland was also supposed to be a faster, lighter, less cumbersome display technology that would someday replace X on most devices. However, development on Wayland was slow and not going in quite the direction Canonical had hoped and thus Mir was born. Right away many people expressed concern that Canonical was dividing the Linux ecosystem by introducing a new display server, a technology which would use different drivers than Wayland and, therefore, possibly divide development efforts. There were also questions as to why Canonical needed to make their own display server rather than influencing Wayland's development, questions Canonical kindly [answered][3].
|
||||
|
||||
For a while all seemed quiet, but then, during the month of September, Intel (a Wayland contributor) [rejected software patches][4] provided by Canonical which would allow Intel's drivers to work with Mir. This was a reversal of Intel's earlier [apparent support][5] for Canonical's new display server. The reasoning was not clear, but it seemed as though Intel was unwilling to continue support for Mir, either in an effort to avoid cluttering up their own driver code or because Intel's focus was on Wayland. Either way, it meant more work for the Canonical developers who will need to maintain the driver code themselves. Then, at the start of October, Canonical [announced][6] Mir would not ship by default in the upcoming release of Ubuntu 13.10. The developers had decided there were still bugs to work through, features to complete, and it was decided Mir would be delayed for a release cycle.
|
||||
|
||||
Given Mir's status this seemed like a reasonable move, at least to me. In the past Canonical has released buggy code into its products (PulseAudio and the Unity desktop spring to mind) and it seemed as though the company was taking a more conservative approach, protecting its users from experimental code, trying to insure a better user experience. Yet, for some reason, people's reactions have been mostly [negative][7]. Mir's temporary delay seems to be blood in the water for critics of the display server. Commentators are taking the opportunity to claim the project was poorly planned, that the technology is under-supported, that it won't be able to complete with Wayland, which has recently been [gaining][8] [momentum][9].
|
||||
|
||||
As someone who does not have a horse in this race, as someone who does not care if his desktop is running Mir, Wayland or X, it has been a puzzling few weeks. It seems as though the community at large, not just a vocal minority of idle commentators, but active developers, are betting against Mir before the software gets a trial run. Intel's move, for example, of not only refusing to assist in driver development, but actively blocking support, is troublesome. Former Red Hat employee, Matthew Garrett, taking shots at Mir also strikes me as a poor use of time and energy. Critics claiming Ubuntu being the only distribution to currently adopt Mir is [a sign Mir won't be successful][10] seems to me to be an odd and unrealistic viewpoint. Wayland has yet to be included as the default display server in any mainstream distributions and critics are not complaining about its delay.
|
||||
|
||||
Most of us see the open source world as a place where anybody can scratch an itch, develop a new idea and release it into the wild. It doesn't need to have mass appeal, it does not need to sell a certain number of units, developers are able to create their visions and share them freely. At least it seems as though developers can do this as long as they do not work for commercial companies. The more feedback I hear about Mir (especially negative feedback) the more I get the impression critics are opposed to Mir not on the technology's merits, but because Canonical is behind its development. Ubuntu is a widely used and popular distribution and, when one is king of the hill, everyone wants to push you. The development of Mir isn't hurting anyone, it isn't being forced on other distributions (even Ubuntu community distributions can use Mir or ignore it as they like), and [Mir is open source][11]. Mir represents a fresh solution to a long-standing concern -- the imperfections in X -- and Canonical has shown a willingness to develop and even maintain drivers to prevent diluting efforts from third-party coders. Canonical has basically said they want to try something new, do not expect any help or cooperation and will not push their technology out to the public before it is ready. Despite their best efforts many people in the open source community appear to want them to fail.
|
||||
|
||||
Earlier I mentioned that my review options were limited this week as many recent distribution releases have been beta tests rather than full releases. My point of view is that developers should be given the time to get their projects to a stable release before the software is judged. When I review a distribution I try to focus on stable releases and I attempt to avoid reading other reviews of the same project and anything about the developers' personal lives. I want to evaluate a project based on its strengths and problems, as free as possible from the taint of public opinion or past releases. It's not always possible, I am human and flawed, prone to being subjective. Still, I feel the community at large should take the same approach when it comes to Mir. Perhaps the technology will always be buggy or maybe it will be stellar. In either case no one is forcing Mir onto the open source community as a whole, it is Canonical's pet project, and I think the community should be cheering them on for trying something new. Canonical, as with any other open source developer, is free to dedicate its resources to scratching its own itch and seeing what comes about as a result. I, for one, am looking forward to comparing Wayland, Mir and X over the coming year to see which one best serves my needs. When we have options we all win.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://distrowatch.com/weekly.php?issue=20131014
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
[1]:https://wiki.ubuntu.com/Mir/
|
||||
[2]:http://wayland.freedesktop.org/
|
||||
[3]:https://wiki.ubuntu.com/Mir/Spec?action=show&redirect=MirSpec#Why_Not_Wayland_.2BAC8_Weston.3F
|
||||
[4]:http://arstechnica.com/information-technology/2013/09/intel-rejection-of-ubuntus-mir-patch-forces-canonical-to-go-own-way/
|
||||
[5]:http://www.phoronix.com/scan.php?page=news_item&px=MTQ1MzU
|
||||
[6]:http://fridge.ubuntu.com/2013/10/01/xmir-update-for-ubuntu-13-10/
|
||||
[7]:http://mjg59.dreamwidth.org/28032.html
|
||||
[8]:http://wayland.freedesktop.org/toolkits.html
|
||||
[9]:http://sourceforge.net/projects/rebeccablackos/
|
||||
[10]:http://lwn.net/Articles/556591/
|
||||
[11]:https://wiki.ubuntu.com/Mir/License
|
||||
77
sources/apt-fast--Improve apt-get Download Speed.md
Normal file
77
sources/apt-fast--Improve apt-get Download Speed.md
Normal file
@ -0,0 +1,77 @@
|
||||
apt-fast: Improve apt-get Download Speed
|
||||
================================================================================
|
||||
**[apt-fast][1]** is a “**shell script wrapper**” for **apt-get** and **aptitude** that can drastically improve APT download times by downloading packages with multiple connections per package. apt-fast uses **aria2c** or **axel** download managers to speed up the APT download time. Just like the traditional apt-get package manager, apt-fast supports almost all apt-get functions such as **install, remove, update, upgrade, dist-upgrade** etc. And one more notable feature is it supports proxy too.
|
||||
|
||||
**Install apt-fast On Ubuntu**
|
||||
|
||||
Use the following PPA to install apt-fast. apt-fast developer says “**Some distros, such as PCLinuxOS include apt-fast in their default repos**”. I expect the same in Ubuntu/Debian default repositories.
|
||||
|
||||
To Add apt-fast PPA, enter the following command in Terminal.
|
||||
|
||||
sudo add-apt-repository ppa:apt-fast/stable
|
||||
|
||||
Update the sources list with command:
|
||||
|
||||
sudo apt-get update
|
||||
|
||||
Now install it using command:
|
||||
|
||||
sudo apt-get install apt-fast
|
||||
|
||||
During installation it will ask you to select the maximum number connections to download packages.
|
||||
|
||||
|
||||
|
||||
Select No and continue installation. If you select Yes, apt-get won’t ask you the confirmation during any package installation.
|
||||
|
||||
|
||||
|
||||
I found **aria2** download manager has been installed along with apt-fast installation automatically. So you don’t have to install it separately.
|
||||
|
||||
If you want re-configure apt-fast options, you can do it using command:
|
||||
|
||||
sudo dpkg-reconfigure apt-fast
|
||||
|
||||
**Usage**
|
||||
|
||||
Similar to apt-get functions, we can use:
|
||||
|
||||
apt-fast install package
|
||||
|
||||
apt-fast remove package
|
||||
|
||||
apt-fast update
|
||||
|
||||
apt-fast upgrade
|
||||
|
||||
apt-fast dist-upgrade
|
||||
|
||||
and more.
|
||||
|
||||
apt-fast package manager in action:
|
||||
|
||||
|
||||
|
||||
**Create alias (Optional)**
|
||||
|
||||
Edit **~/.bashrc** file and add the following line at the end.
|
||||
|
||||
alias apt-get='apt-fast'
|
||||
|
||||
Or simply run the following command to add it in your **~/.bashrc** file.
|
||||
|
||||
sudo echo "alias apt-get='apt-fast'" >> ~/.bashrc
|
||||
|
||||
From now whenever you run apt-get command to install, remove, update and upgrade packages, it will use apt-fast automatically in the background. Sounds cool? Yes it should.
|
||||
|
||||
During testing i found it very fast compared to apt-get when downloading packages. Give it a try, you will agree with me. Cheers!!
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.unixmen.com/improve-apt-get-download-speed-apt-fast/
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
[1]:https://github.com/ilikenwf/apt-fast
|
||||
Loading…
Reference in New Issue
Block a user