Network Bandwidth Checker

Posted on Updated on

This post concentrates on development of an automated Bash Linux tool for checking Internet connection bandwidth provided by Internet Service Providers (ISPs), periodically. The tool outputs data in .csv format so that “spreadsheet” software such as Microsoft Excel or LibreOffice Calc is able to read data and construct charts. The tool was created primarily to conduct an assessment of the reliability of ISPs.

NOTE: The tool utilises directories that might not be present on your system. Directory adjustments are required in order to implement the tool onto your system.



speedtest-cli – provides Internet connection upload and download bandwidth data for the tool to format. To download speedtest-cli do:

wget -O speedtest-cli



The tool invokes speedtest-cli and stores its output into a temporary file.

(/root/programs/network-checker/speedtest-cli --secure) > /root/programs/network-checker/tmp/.tmp.txt

Then the tool utilises grep and awk to filter out necessary information, and stores those values into variables download_info and upload_info.

download_info=$(cat /root/programs/network-checker/tmp/.tmp.txt | grep 'Download' | awk '{print $2}')

upload_info=$(cat /root/programs/network-checker/tmp/.tmp.txt | grep 'Upload' | awk '{print $2}')

The tool then inputs variables download_info and upload_info as well as the current time in HH:MM format into a CSV file, in this order Time Download Upload.

These variables are inputted in a CSV file that is created utilising $(date +%d-%m-%y).csv. This means that the filename will contain date the tool was ran and the time entry in the file will contain the exact time the tool was ran.

echo $(date +%H:%M)","$download_info","$upload_info >> /root/programs/network-checker/status-files/$(date +%d-%m-%y).csv

The tool also contains an IF statement which decides whether directory that is supposed to contain CSV status files, contains one from the day the tool is ran.

If the file is not found the tool creates the file in this format "$(date +%d-%m-%y).csv" and adds a header “Time,Download,Upload” and proceeds with grabbing Download and Upload values and input them into the CSV file.

If the file is found the tool proceeds to grab Download and Upload values and input them into today’s CSV file.

The CSV file should look something like this. This is just a test file.

status file exasmple





(/root/programs/network-checker/speedtest-cli --secure) > /root/programs/network-checker/tmp/.tmp.txt

download_info=$(cat /root/programs/network-checker/tmp/.tmp.txt | grep 'Download' | awk '{print $2}')

upload_info=$(cat /root/programs/network-checker/tmp/.tmp.txt | grep 'Upload' | awk '{print $2}')

echo $(date +%H:%M)","$download_info","$upload_info >> /root/programs/network-checker/status-files/$(date +%d-%m-%y).csv


if ls -al /root/programs/network-checker/status-files/ | grep -q $(date +%d-%m-%y); then



touch "/root/programs/network-checker/status-files/$(date +%d-%m-%y).csv"

echo "Time,Download,Upload" > /root/programs/network-checker/status-files/$(date +%d-%m-%y).csv





For me personally, I have added the script into crontab for root user, to be ran every 30 minutes at 0 and 30 minutes of every hour.

crontab -e -u root

And added a line.
0,30 * * * * /root/programs/network-checker/

The result is.


status file

I inputted the CSV file into LibreOffice Calc and I assembled a graph of my bandwidth readings during 29th of November.



The tool will automatically assemble a graph in LibreOffice Calc and output a PNG file.


4000 Series Checkpoint Firewall RAM Upgrade

Posted on Updated on


This short post concentrates on upgrading RAM memory on 4000 Series Checkpoint Firewall. The post will describe the technical process by which to upgrade this device.

The upgrade needs to be planned and consulted as the warranty will be terminated once the device is opened.


The device can be upgraded racked or not racked as screws that are necessary to take out during the upgrade are accessible with rails fitted. The position of the device is shown in the figure below.

The back of the firewall. It’s the one fitted with rails.


Power the device off with a switch in the back of it illustrated in figure above. Take out ear screws.

Unplug all data cables and power cables and drag out the device. Don’t forget to label the cables or take notes where cables were initially plugged in. Labelling and note taking will prevent unnecessary mess and stress.

The screws at the back of the device need to be taken out on both sides.
Side Screw Arr

Two screws at the back of the device need to be taken out also. Note that one is covered with a warranty label. If the label is damaged the warranty will be terminated, therefore it is necessary to consult this upgrade before opening the device.
Back Screw 1 ARR

Back Screw 2 ARR

Slide the top cover to the back after removing the screws and lift the cover to expose the internals of the firewall.



Attach yourself to the device which will level electricity levels of both yourself and the device to avoid static discharges that can damage the components of the device. This particular antistatic wrist strap was added to the RAM upgrade box provided by Check Point.



Upgrade box provided by Check Point containing 4GB of RAM, screw driver, antistatic wrist strap and few manuals.

Open the additional RAM slot on the device.


Push the RAM stick into the opened slot.until white brackets click into place. If the device is new, this will require some force.


Close the firewall, remove the antistatic wrist strap, rack the device again and power on the device. All done.


I have connected to our network monitoring solution to find out whether the RAM was accepted and successfully installed. The statistics show that Physical Memory statistic has changed.

Statistics before the upgrade.
Physical memory Screenshot

Statistics after the upgrade.

Arch Linux as a Penetration Testing Platform

Posted on Updated on


This post concentrates on addition of penetration testing tool repository provided by the BlackArch Linux team and other external parties to a basic Arch Linux distribution. By installing this repository, the distributions package management (Pacman by default) will gain access to over 1000 penetration testing tools, which are updated on daily bases. Because the repository is reinstalled on this Arch distribution previously, you might see different command outputs on your own Arch distro. The tutorial proposed in this post works every time, regardless of previous actions on the distribution. This post does not describe how to install Arch Linux, as that’s beyond the scope of this post.


pacman -S wget —installs wget.

pacman -S gnupg —installs gpg.

pacman -S nano —installs nano (nano should be installed by default).

pacman -S grep —installs grep (grep should be installed by default).




By default, a standard install of Arch Linux provides a user with core, community, extra, multilib and other repositories described here. These repositories can be disabled by adding a hash in front of unwanted repository in /etc/pacman.conf as shown below.

dis repo arr

As illustrated below, penetration testing tools are missing from default Arch repositories.



As mentioned above, BlackArch repositories are reinstalled on this platform therefore some commands might output differently on distributions where this had not been done.

wget{,.sig} —downloads necessary package.

gpg --keyserver hkp:// --recv 4345771566D76038C7FEB43863EC0ADBEA87E4E3 —exports specified fingerprint to a keyserver hkp://

gpg --keyserver-o no-auto-key-retrieve --with-f blackarch-keyring.pkg.tar.xz.sig

pacman-key --init

rm blackarch-keyring.pkg.tar.xz.sig —cleans up unwanted package.

pacman --noc -U blackarch-keyring.pkg.tar.xz —installs a local package (blackarch-keyring.pkg.tar.xz) that doesn’t belong to any remote repository.

nano /etc/pacman.conf

At the end of the text file there should be disabled custom repository as illustrated below.

Change it to the following.



pacman -Syyu —synchronises repositories and updates the system and outdated packages based on the new repository and old ones. It is advisable to update all the packages therefore type Y and confirm.

The distribution has quite a few outdated system and software packages.



As illustrated previously, pacman wasn’t able to install sqlmap and sqlninja as these were not included in default Arch repositories. However, with BlackArch repository penetration testing tools are available.




BlackArch repository comes with the option to install multiple tools that are assigned to a particular group, such as scanning, password cracking, and many other groups.

pacman -Sg | grep blackarch —displays all BlackArch categories.

pacman -S blackarch-<category> —installs all tools from specified category. The command will ask the user whether all tools can be installed, if you do not want all the tools belonging to specified category, write down the numbers corresponding to each desired tool and confirm.


Automatic Nmap Script

Posted on Updated on

This short post concentrates on presenting a Bash script that I’ve written few months ago as I thought it’d be quite useful to test feasibility or real time impact of various attacks. This script will automatically try and scan a specified port. If the port is closed or filtered the script immediately restarts, if the port becomes opened e.g. during backdoor or trojan upload, the script will output a message with the time when it opened and terminates itself, giving penetration testers real time information about succession of their exploitation. Nmap flags can be changed based on preference of course.


The script will prompt the user for the desired port number and IP address.

If the port is closed or filtered it will output message with a number of failed scans.

When the port finally becomes opened the script will output time when it became online and terminate.


echo -e -n "\e[44m PORT: \e[0m " ; read portnum
p="-p "
echo -e -n "\e[44m IP: \e[0m " ; read ip
while :
    nmap -sV $port $ip | cat >> $temp
        if grep -q "open" $temp && ! grep "filtered" $temp; then
            time=$(date +"%T")
            echo -e "\e[41m PORT $portnum OPENED AT $time \e[0m"
            rm $temp

            echo "PORT $portnum CLOSED OR FILTERED. SCAN NUMBER: " $scannum
            rm $temp

Cisco 3750 IOS Update

Posted on Updated on

This post demonstrates an Internetwork Operating System (IOS) replacement on a Cisco 3750 48-Port Layer 3 switch. The demonstration utilises various types of hardware and software all described further in the post.


CISCO 3750 48-Port Switches

The initial connections have to be established to the first switch to begin this test. Of course power on the right side and a console cable on the left.

The console cable has to be converted to a USB cable with a serial to USB converter.


PUTTY.EXE is used to create a serial connection between the laptop and the switch. Putty is a simple to use tool, usually utilised to establish SSH or Telnet communication to remote systems.

To establish the connection open up Putty, choose a Serial connection, keep the speed default and write appropriate channel number of the serial connection and hit Open. That should open up an empty command-line type window.
putty session

To find the channel number visit Computer Manager or Device Manager on newer Windows machines.
com number

3CDAEMON is utilised to transfer the new IOS image into the switch via switch’s TFTP server. 3CDaemon is usually used by network admins for FTP and TFTP servers or clients. Its usage in this demonstration is described later on.


The first PoE switch required some credentials to login.

The login credentials are located within conf.text file in flash memory of the switch, however without the credentials conf.text cannot be accessed. There’s a technique to prevent conf.text from booting at the start and prompting the user for credentials. By renaming the conf.text the switch will not rercognise it as a valid start-up configuration file.

The only way to have any access to the filesystem is to enter switch’s recovery mode. To access the recovery mode it is required to reboot the switch and hold the MODE button during the boot up until the Putty session returns command prompt switch: which means that the switch is in the recovery mode and the file system is marginally accessible.

MODE button can be located on different places depending on the model of the switch.

Recovery mode.

switch: flash_init —initialises the flash memory in the recovery mode.

switch: dir —shows directories located on the switch

switch: dir flash: —shows contents of flash directory

switch: rename flash:conf.text flash:old.text —renames conf.text to old.text to avoid being detected as a valid configuration file at boot up.

switch: reset —reboots the switch with the renamed conf.text file.

The old.text has not been read by the switch as a valid configuration file, therefore doesn’t ask for credentials. The switch should prompt the user whether he wants to enter a configuration dialog. If answered NO the switch will return switch>. We are in!!!



It is up to the user to decide whether to use FTP or TFTP for the file transfer, between the switch and the computer. Because this demonstration only utilises P2P network, no extra security is needed so I decided to use TFTP for the ease of use and no extra configuration. First, it is required to connect the switch and the computer with an Ethernet cable and set static IP addresses for the switch and the PC.

Because an Ethernet port is utilised for the data transfer it’s imperative to check what ports belong to what VLANs in the VLAN database. If a particular port does not belong to VLAN 1, the file transfer will not work, as the port requires extra configuration e.g. trunk link configuration. With this particular switch all ports were assigned to VLAN 1.

switch# show vlan —shows all VLAN and port assignment information

In a different scenario the ports might be taken by VLANs. If that’s the case, perform VLAN database clearing by removing vlan.dat from flash: directory, where VLAN entries are stored.

switch# delete flash: —deletes a particular file/files in flash: directory.

Because 3750 switches only have 16MB of flash memory, delete the old IOS image to free up some space as you won’t be able to fit both of the images in. I deleted renamed conf.text just to reduce the clutter.

DO NOT REBOOT ONCE YOU DELETED THE OLD IMAGE!!! You will have to access the switch via Hyper Terminal to upload and execute the binary, and it takes forever!!!

Next step is to assign static IP addresses for both PC and the switch to place them on the same network and connect the PC and the switch via an Ethernet cable.

After a while the switch recognises the connection, outputs acknowledgement messages and changes the light to green.

switch# conf t
switch (config)# int vlan 1
switch (config-if)# ip address

Same for the PC.

IP: MASK: for the switch.
IP: MASK: for the PC.

Make sure you can ping the switch, otherwise the transfer will fail.

Open up 3CDaemon and check where the TFTP directory is located, by default it’s C:\TFTP\. Drag and drop the new image in C:\TFTP\.

switch# copy tftp flash: —opens up a TFTP client with flash: as the desired directory to transfer files in. This command will require IP address of the TFTP server as well as source and destination filenames.

Address or name of remote host []?

Source filename []? c3750-ipbasek9-mz.122-55.SE1.bin

Destination filename [c3750-ipbasek9-mz.122-55.SE1.bin]? <ENTER>


3CDaemon shows that 12MB have been successfully transferred.

If the switch is rebooted at this point it will load the new image successfully, however the boot-up process will display a small error regarding the naming of the IOS image. The error occurs because the switch cannot find a binary image named as the default image name specified by the boot configuration file, if the switch doesn’t find the filename, it’ll boot from next available binary located in flash:. The error does not mean that the switch will not boot, it’s just cosmetic and I need it perfect without the error!

switch# conf t
switch (config)# boot system c3750-ipbasek9-mz.122-55.SE1.bin —changes the name of the default boot-up binary.

I have made a mistake here, I didn’t specify the flash: directory that the image resides in. This command says to look for the image in the root directory of the switch.

switch (config)# boot system flash:c3750-ipbasek9-mz.122-55.SE1.bin —the correct command.

You can also notice that the last screenshot still contains the boot error. I’ll repair the screenshots as soon as I get a change to play around with the switches again.

switch# reload

The switch realises that the boot configuration changed and prompts the user to confirm and save the changes.

New image booting up.

Learning MySQL (Part II)

Posted on Updated on

This post concentrates on establishing a remote connection to the Ubuntu MySQL server created in Learning MySQL (Part I), where I have gone through installation and basic SQL commands as well as randomly generating and importing database table. The practical demonstration of this post shows how to configure the server to accept remote connections and how to establish a connection from a remote client. This post also shows how to create a simple table and fill the table with basic data remotely. This post also contains an Appendix at the end with some useful commands.


First of all, we need to set MySQL server to listen to other connections other than local host

$ sudo nano -c /etc/mysql/my.cnf

Line 47, change bind-address to the MySQL server local IP address. If you don’t want to specify, or if your server’s IP address regularly changes, type This will enable the server to accept remote connections.

Change local host

Restart MySQL with the new configuration entry.
$ sudo service mysql restart

If the my.cnf hasn’t been modified correctly the server will fail to start.

Find out if the server started to listen for other connections on SQL port 3306.
$ sudo lsof -P -i | grep mysql —finds the service by name
$ sudo lsof -P -i | grep :3306 —finds the service by port

The output should look this if you specify bind-address as
mysqld  4183  mysql  10u  IPv4  18079  0t0  TCP *:3306 (LISTEN)

The output should look this if you specify bind-address as your server’s IP address.
mysqld  4183  mysql  10u  IPv4  18079  0t0  TCP <hostname>.local:3306 (LISTEN)

If server restart hasn’t been successful the server will listen only on localhost.
mysqld  4183  mysql  10u  IPv4  18079  0t0  TCP localhost:3306 (LISTEN)

Login to the server locally to create a new user with correct privileges that will access the server remotely.
$ mysql -u root -p

Create user named remote with password as the password.
mysql> CREATE USER 'remote'@'%' IDENTIFIED BY 'password';

Give remote all privileges.
mysql> GRANT ALL ON *.* TO 'remote'@'%';

Few online tutorials stated that the remote user requires to be set as a localhost also. However, I found that connections to the server work locally and remotely with only wildcard ‘%’ specified.


Finally user remote is able to remotely connect to the server. Kali Linux is utilised for the remote connection.
# mysql --host= --user=remote --password=password

There’s more types of connections that you can establish with the server. This website includes all relevant information regarding remote connections.

If you don’t want your password to be seen on the terminal window use this code. You’ll be prompted for the password after executing this command.
# mysql --host= --user=remote --password

remote connection

Wireshark packet capture shows unencrypted communication between the server and the client. Username in plain text and the password hashed utilising a mix of SHA-1 and 20 bytes of salts, sent after a TCP channel is established. The packet containing the salts is called the Server Greeting illustrated below. Complete packet capture session can be downloaded here.

Although MySQL utilises a complex algorithm to hash the password, it’s insecure. If the attacker intercepts the login packets it’s only a matter of time before a successful crack. After the authentication, commands entered remotely are in plain text which will be illustrated later on in the report.

SHA1( password ) XOR SHA1( "20-bytes random data from server" SHA1( SHA1( password ) ) )

Login Detail Packet
wireshark capture

Server Greeting Packet


Assembling a new table in MySQL requires to specify the names of columns, their datatype, maximum length of entry and some optional information. In this example the table mytable will contain 4 columns id, first, last and password. The datatype for columns first, last and password are VARCHAR with the maximum lengths of 30 and 20. Column id will hold datatype int. The length is not required as int has a fixed maximum length programmed in. Column id is also a PRIMARY KEY column, which will assign a unique identifier to each row. Full list of datatypes and various other options here.

mysql> CREATE TABLE mytable(id int, first varchar(30), last varchar(30), password varchar(20), PRIMARY KEY (id));

Create table easier

If you like to specify each column and datatype in separate line, you can type CREATE TABLE mytable(, press enter and when you are done close the statement with );.

Create table


There are multiple ways of inserting data into a table. The easiest to read was the command below, however, it is required to specify all data within ascending order of the columns.

mysql> INSERT INTO mytable VALUES('1','John','Smith','password');

insertion 1

To change the order of columns or even to leave some columns blank use an argument after table name. This command will fill the id and password columns as specified.

mysql> INSERT INTO mytable(id, password) VALUES('2','another_password');

insertion 2

Example of Intercepted Traffic
intercepted comms

All intercepted traffic between the server and the client entering all commands can be found here.




$ sudo -i
# apt-get remove --purge mysql-server mysql-client mysql-common
# apt-get autoremove
# apt-get autoclean
# deluser mysql
# rm -rf /var/lib/mysql
# apt-get purge mysql-server-core-5.5
# apt-get purge mysql-client-core-5.5
# apt-get install mysql-server


mysql> SELECT user, password FROM mysql.user; —shows all users able to login the database and their hashed password.
mysql> DROP USER 'remote'@'localhost'; —removes user remotethat was able to connect locally.
mysql> DROP USER 'remote'@'%'; —removes user remote that was able to connect from anywhere.


mysql> show databases; —shows all databases on the server;
mysql> use <database>; —loads specified database.
mysql> show tables; —shows tables from loaded database.
mysql> DROP TABLE table1, table2, table3; —removes specified tables, the user deleting tables must have DROP privileges on all tables.

Learning MySQL (Part I)

Posted on Updated on

This post concentrates on setting up a very basic MySQL database and server as well as demonstrating few simple MySQL commands. The reason for conducting this research is to fully understand how SQL databases are controlled and programmed in order to fulfil my long term desire to correctly use and fully understand the syntax of SQL injections. The practical demonstration utilises Ubuntu Linux as a local MySQL server, installed in a virtual environment.


This website will automatically assemble tables full of random data depending on your specific requirements. For this particular database I’ll have 5 columns named first, last, mail, date and city as well as few other specifications. Select SQL export type, Prompt to Download and click Generate.

random table

The file will be downloaded to /home/<user>/Downloads/ directory, named like something this dataJun-26-2014.sql. I have renamed the file to random.sql for convenience sake.


$ sudo apt-get install mysql-server

During the installation you will be prompted for a password, which will be utilised to login to MySQL server.

$ sudo netstat -tap | grep mysql —checks if the server is running.

Server Running
check if server running

Server Not Running
not runningd

$ sudo service mysql restart —restarts mysql-server
not running



Locally login to MySQL server as root user.
$ mysql -u root -p

Enter the password entered during MySQL-server installation.

Create a database name.
mysql> create database mydatabase;

mydatabase —specifies the name of the database

Switch to the newly created database.
mysql> use mydatabase;

Load generated data table into random database located in /home/<user>/Downloads/<file>.sql
mysql> source /home/suprafortix/Downloads/random.sql

Rename imported table if required. random.sql will be named random by the server.
mysql> rename table <old_name> to <new_name>;


Now that the database is loaded, we can test out if it works. As mentioned previously the database consists of 5 columns each holding a different data type. The table looks like this in HTML.

database in html

SELECT retrieves selected columns (or data type) from the database. * as an argument retrieves all columns.

FROM is utilised to specify the table name that will be queried to retrieve the desired columns.

WHERE specifies which particular rows will be returned, based on the arguments described after WHERE.


WHERE conditions

= —equal

> —greater than

< —less than

>= —greater than or equal

<= —less than or equal

<> —Not equal to

LIKE —allows to select only rows that are “like” what is specified. The percent sign%, is used as a wildcard to match any possible pre-pending or appending characters in a sting.



mysql> SELECT first, last, date FROM random;
select from command

Returns first last and date columns from random.sql table.

mysql> SELECT mail FROM random;
select from command2

Returns mail column from random.sql table.

mysql> SELECT first, last, date FROM random WHERE date = '02.01.93';
where example

mysql> SELECT first, last, date FROM random WHERE first LIKE '%es';
like example

WHERE first LIKE '%es' —will select only rows in the first column with strings ending with es.

mysql> SELECT first, last, date FROM random WHERE last LIKE '%ar%';
like example 2

WHERE last LIKE '%ar%' —will select only rows in the last column with stings containing characters ar.

mysql> SELECT first, last, date FROM random WHERE last LIKE 'r%';
like example 3

WHERE last LIKE 'r%' —will select only rows in the last column with stings beginning with r.