Network Bandwidth Checker

Posted on Updated on

This post concentrates on development of an automated Bash Linux tool for checking Internet connection bandwidth provided by Internet Service Providers (ISPs), periodically. The tool outputs data in .csv format so that “spreadsheet” software such as Microsoft Excel or LibreOffice Calc is able to read data and construct charts. The tool was created primarily to conduct an assessment of the reliability of ISPs.

 
NOTE: The tool utilises directories that might not be present on your system. Directory adjustments are required in order to implement the tool onto your system.
 

 

REQUIRED SOFTWARE

 
speedtest-cli – provides Internet connection upload and download bandwidth data for the tool to format. To download speedtest-cli do:

wget -O speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py
 

 

HOW IT WORKS

The tool invokes speedtest-cli and stores its output into a temporary file.

 
(/root/programs/network-checker/speedtest-cli --secure) > /root/programs/network-checker/tmp/.tmp.txt
 

Then the tool utilises grep and awk to filter out necessary information, and stores those values into variables download_info and upload_info.

 
download_info=$(cat /root/programs/network-checker/tmp/.tmp.txt | grep 'Download' | awk '{print $2}')

upload_info=$(cat /root/programs/network-checker/tmp/.tmp.txt | grep 'Upload' | awk '{print $2}')
 

The tool then inputs variables download_info and upload_info as well as the current time in HH:MM format into a CSV file, in this order Time Download Upload.

These variables are inputted in a CSV file that is created utilising $(date +%d-%m-%y).csv. This means that the filename will contain date the tool was ran and the time entry in the file will contain the exact time the tool was ran.

 
echo $(date +%H:%M)","$download_info","$upload_info >> /root/programs/network-checker/status-files/$(date +%d-%m-%y).csv
 

The tool also contains an IF statement which decides whether directory that is supposed to contain CSV status files, contains one from the day the tool is ran.

If the file is not found the tool creates the file in this format "$(date +%d-%m-%y).csv" and adds a header “Time,Download,Upload” and proceeds with grabbing Download and Upload values and input them into the CSV file.

If the file is found the tool proceeds to grab Download and Upload values and input them into today’s CSV file.

The CSV file should look something like this. This is just a test file.

status file exasmple

 

THE SCRIPT

#!/bin/bash

bandwidth_checker(){

(/root/programs/network-checker/speedtest-cli --secure) > /root/programs/network-checker/tmp/.tmp.txt

download_info=$(cat /root/programs/network-checker/tmp/.tmp.txt | grep 'Download' | awk '{print $2}')

upload_info=$(cat /root/programs/network-checker/tmp/.tmp.txt | grep 'Upload' | awk '{print $2}')

echo $(date +%H:%M)","$download_info","$upload_info >> /root/programs/network-checker/status-files/$(date +%d-%m-%y).csv

}

if ls -al /root/programs/network-checker/status-files/ | grep -q $(date +%d-%m-%y); then

bandwidth_checker

else

touch "/root/programs/network-checker/status-files/$(date +%d-%m-%y).csv"

echo "Time,Download,Upload" > /root/programs/network-checker/status-files/$(date +%d-%m-%y).csv

bandwidth_checker

fi

 

EXTRA

For me personally, I have added the script into crontab for root user, to be ran every 30 minutes at 0 and 30 minutes of every hour.

crontab -e -u root

And added a line.
0,30 * * * * /root/programs/network-checker/network-checker.sh

 
The result is.

days

status file
 

I inputted the CSV file into LibreOffice Calc and I assembled a graph of my bandwidth readings during 29th of November.

Picture
 

FUTURE DEVELOPMENT

The tool will automatically assemble a graph in LibreOffice Calc and output a PNG file.

4000 Series Checkpoint Firewall RAM Upgrade

Posted on Updated on

INTRODUCTION

This short post concentrates on upgrading RAM memory on 4000 Series Checkpoint Firewall. The post will describe the technical process by which to upgrade this device.

 
The upgrade needs to be planned and consulted as the warranty will be terminated once the device is opened.
 

LOCATION

The device can be upgraded racked or not racked as screws that are necessary to take out during the upgrade are accessible with rails fitted. The position of the device is shown in the figure below.
IMAG0236

The back of the firewall. It’s the one fitted with rails.
IMAG0237
 

COVER REMOVAL

Power the device off with a switch in the back of it illustrated in figure above. Take out ear screws.
IMAG0238

Unplug all data cables and power cables and drag out the device. Don’t forget to label the cables or take notes where cables were initially plugged in. Labelling and note taking will prevent unnecessary mess and stress.
IMAG0241

The screws at the back of the device need to be taken out on both sides.
Side Screw Arr

Two screws at the back of the device need to be taken out also. Note that one is covered with a warranty label. If the label is damaged the warranty will be terminated, therefore it is necessary to consult this upgrade before opening the device.
Back Screw 1 ARR

Back Screw 2 ARR

Slide the top cover to the back after removing the screws and lift the cover to expose the internals of the firewall.
IMAG0243

IMAG0244
 

STATIC CHARGE

Attach yourself to the device which will level electricity levels of both yourself and the device to avoid static discharges that can damage the components of the device. This particular antistatic wrist strap was added to the RAM upgrade box provided by Check Point.
IMAG0240

IMAG0247
 

MEMORY UPGRADE

Upgrade box provided by Check Point containing 4GB of RAM, screw driver, antistatic wrist strap and few manuals.
box

Open the additional RAM slot on the device.
IMAG0263[1]

IMAG0264[1]

Push the RAM stick into the opened slot.until white brackets click into place. If the device is new, this will require some force.
IMAG0255[1]

IMAG0253[1]

Close the firewall, remove the antistatic wrist strap, rack the device again and power on the device. All done.
 

UPGRADE CHECK

I have connected to our network monitoring solution to find out whether the RAM was accepted and successfully installed. The statistics show that Physical Memory statistic has changed.

Statistics before the upgrade.
Physical memory Screenshot

Statistics after the upgrade.
10968189_1464348207140376_831719372558425083_n

Arch Linux as a Penetration Testing Platform

Posted on Updated on

INTRODUCTION

This post concentrates on addition of penetration testing tool repository provided by the BlackArch Linux team and other external parties to a basic Arch Linux distribution. By installing this repository, the distributions package management (Pacman by default) will gain access to over 1000 penetration testing tools, which are updated on daily bases. Because the repository is reinstalled on this Arch distribution previously, you might see different command outputs on your own Arch distro. The tutorial proposed in this post works every time, regardless of previous actions on the distribution. This post does not describe how to install Arch Linux, as that’s beyond the scope of this post.

 
REQUIRED SOFTWARE

pacman -S wget —installs wget.

pacman -S gnupg —installs gpg.

pacman -S nano —installs nano (nano should be installed by default).

pacman -S grep —installs grep (grep should be installed by default).

 

 

DEFAULT ARCH REPOSITORIES

By default, a standard install of Arch Linux provides a user with core, community, extra, multilib and other repositories described here. These repositories can be disabled by adding a hash in front of unwanted repository in /etc/pacman.conf as shown below.

dis repo arr

 
As illustrated below, penetration testing tools are missing from default Arch repositories.
0
 

 

BLACKARCH REPOSITORY INSTALL

As mentioned above, BlackArch repositories are reinstalled on this platform therefore some commands might output differently on distributions where this had not been done.

wget http://blackarch.org/keyring/blackarch-keyring.pkg.tar.xz{,.sig} —downloads necessary package.
1.1

gpg --keyserver hkp://pgp.mit.edu --recv 4345771566D76038C7FEB43863EC0ADBEA87E4E3 —exports specified fingerprint to a keyserver hkp://pgp.mit.edu
2

gpg --keyserver-o no-auto-key-retrieve --with-f blackarch-keyring.pkg.tar.xz.sig
3

pacman-key --init
4

rm blackarch-keyring.pkg.tar.xz.sig —cleans up unwanted package.
5

pacman --noc -U blackarch-keyring.pkg.tar.xz —installs a local package (blackarch-keyring.pkg.tar.xz) that doesn’t belong to any remote repository.
6

nano /etc/pacman.conf

 
At the end of the text file there should be disabled custom repository as illustrated below.
7

Change it to the following.
8
 

 

SYNCHRONISING BLACKARCH REPOSITORY

pacman -Syyu —synchronises repositories and updates the system and outdated packages based on the new repository and old ones. It is advisable to update all the packages therefore type Y and confirm.
9

 
The distribution has quite a few outdated system and software packages.
10
 

 

PENETRATION TESTING TOOLS INSTALL

As illustrated previously, pacman wasn’t able to install sqlmap and sqlninja as these were not included in default Arch repositories. However, with BlackArch repository penetration testing tools are available.

11

12
 

BLACKARCH REPOSITORY GROUPS

BlackArch repository comes with the option to install multiple tools that are assigned to a particular group, such as scanning, password cracking, and many other groups.

pacman -Sg | grep blackarch —displays all BlackArch categories.
13

pacman -S blackarch-<category> —installs all tools from specified category. The command will ask the user whether all tools can be installed, if you do not want all the tools belonging to specified category, write down the numbers corresponding to each desired tool and confirm.
14
 

REFERENCES

http://blackarch.org/guide.html

Automatic Nmap Script

Posted on Updated on

This short post concentrates on presenting a Bash script that I’ve written few months ago as I thought it’d be quite useful to test feasibility or real time impact of various attacks. This script will automatically try and scan a specified port. If the port is closed or filtered the script immediately restarts, if the port becomes opened e.g. during backdoor or trojan upload, the script will output a message with the time when it opened and terminates itself, giving penetration testers real time information about succession of their exploitation. Nmap flags can be changed based on preference of course.

HOW IT WORKS?

The script will prompt the user for the desired port number and IP address.
prompt

If the port is closed or filtered it will output message with a number of failed scans.
Unable

When the port finally becomes opened the script will output time when it became online and terminate.
able

THE SCRIPT ITSELF

#!/bin/bash
echo -e -n "\e[44m PORT: \e[0m " ; read portnum
p="-p "
port=$p$portnum
echo -e -n "\e[44m IP: \e[0m " ; read ip
temp="/root/.79a2520f22b9e1526ff93176029603b8
while :
do
    nmap -sV $port $ip | cat >> $temp
        if grep -q "open" $temp && ! grep "filtered" $temp; then
            time=$(date +"%T")
            echo -e "\e[41m PORT $portnum OPENED AT $time \e[0m"
            rm $temp
            break

        else
            scannum=$((scannum+1))
            echo "PORT $portnum CLOSED OR FILTERED. SCAN NUMBER: " $scannum
            rm $temp
fi
done
 

Cisco 3750 IOS Update

Posted on Updated on

This post demonstrates an Internetwork Operating System (IOS) replacement on a Cisco 3750 48-Port Layer 3 switch. The demonstration utilises various types of hardware and software all described further in the post.
 

THE HARDWARE

CISCO 3750 48-Port Switches
WP_20140801_001

The initial connections have to be established to the first switch to begin this test. Of course power on the right side and a console cable on the left.
Diagram551

The console cable has to be converted to a USB cable with a serial to USB converter.
WP_20140805_003
 

THE SOFTWARE

PUTTY.EXE is used to create a serial connection between the laptop and the switch. Putty is a simple to use tool, usually utilised to establish SSH or Telnet communication to remote systems.

To establish the connection open up Putty, choose a Serial connection, keep the speed default and write appropriate channel number of the serial connection and hit Open. That should open up an empty command-line type window.
putty session

To find the channel number visit Computer Manager or Device Manager on newer Windows machines.
com number

3CDAEMON is utilised to transfer the new IOS image into the switch via switch’s TFTP server. 3CDaemon is usually used by network admins for FTP and TFTP servers or clients. Its usage in this demonstration is described later on.
 

PASSWORD RECOVERY

The first PoE switch required some credentials to login.
access-denied-arr

The login credentials are located within conf.text file in flash memory of the switch, however without the credentials conf.text cannot be accessed. There’s a technique to prevent conf.text from booting at the start and prompting the user for credentials. By renaming the conf.text the switch will not rercognise it as a valid start-up configuration file.

The only way to have any access to the filesystem is to enter switch’s recovery mode. To access the recovery mode it is required to reboot the switch and hold the MODE button during the boot up until the Putty session returns command prompt switch: which means that the switch is in the recovery mode and the file system is marginally accessible.

MODE button can be located on different places depending on the model of the switch.
WP_20140806_010

Recovery mode.
1

switch: flash_init —initialises the flash memory in the recovery mode.
2

switch: dir —shows directories located on the switch
3

switch: dir flash: —shows contents of flash directory
4

switch: rename flash:conf.text flash:old.text —renames conf.text to old.text to avoid being detected as a valid configuration file at boot up.
5

switch: reset —reboots the switch with the renamed conf.text file.
6

The old.text has not been read by the switch as a valid configuration file, therefore doesn’t ask for credentials. The switch should prompt the user whether he wants to enter a configuration dialog. If answered NO the switch will return switch>. We are in!!!
7

 

INSTALLING THE NEW CISCO IOS

It is up to the user to decide whether to use FTP or TFTP for the file transfer, between the switch and the computer. Because this demonstration only utilises P2P network, no extra security is needed so I decided to use TFTP for the ease of use and no extra configuration. First, it is required to connect the switch and the computer with an Ethernet cable and set static IP addresses for the switch and the PC.

Because an Ethernet port is utilised for the data transfer it’s imperative to check what ports belong to what VLANs in the VLAN database. If a particular port does not belong to VLAN 1, the file transfer will not work, as the port requires extra configuration e.g. trunk link configuration. With this particular switch all ports were assigned to VLAN 1.

switch# show vlan —shows all VLAN and port assignment information
9

In a different scenario the ports might be taken by VLANs. If that’s the case, perform VLAN database clearing by removing vlan.dat from flash: directory, where VLAN entries are stored.

switch# delete flash: —deletes a particular file/files in flash: directory.
8

Because 3750 switches only have 16MB of flash memory, delete the old IOS image to free up some space as you won’t be able to fit both of the images in. I deleted renamed conf.text just to reduce the clutter.
12

 
DO NOT REBOOT ONCE YOU DELETED THE OLD IMAGE!!! You will have to access the switch via Hyper Terminal to upload and execute the binary, and it takes forever!!!
 

Next step is to assign static IP addresses for both PC and the switch to place them on the same network and connect the PC and the switch via an Ethernet cable.
WP_20140806_013

After a while the switch recognises the connection, outputs acknowledgement messages and changes the light to green.
10

switch# conf t
switch (config)# int vlan 1
switch (config-if)# ip address 10.20.30.40 255.255.255.0
13

Same for the PC.
14

 
IP: 10.20.30.40 MASK: 255.255.255.0 for the switch.
IP: 10.20.30.41 MASK: 255.255.255.0 for the PC.
 

Make sure you can ping the switch, otherwise the transfer will fail.
112arr

Open up 3CDaemon and check where the TFTP directory is located, by default it’s C:\TFTP\. Drag and drop the new image in C:\TFTP\.
11

switch# copy tftp flash: —opens up a TFTP client with flash: as the desired directory to transfer files in. This command will require IP address of the TFTP server as well as source and destination filenames.

 
Address or name of remote host []? 10.20.30.41

Source filename []? c3750-ipbasek9-mz.122-55.SE1.bin

Destination filename [c3750-ipbasek9-mz.122-55.SE1.bin]? <ENTER>
 

15

3CDaemon shows that 12MB have been successfully transferred.
16

If the switch is rebooted at this point it will load the new image successfully, however the boot-up process will display a small error regarding the naming of the IOS image. The error occurs because the switch cannot find a binary image named as the default image name specified by the boot configuration file, if the switch doesn’t find the filename, it’ll boot from next available binary located in flash:. The error does not mean that the switch will not boot, it’s just cosmetic and I need it perfect without the error!

switch# conf t
switch (config)# boot system c3750-ipbasek9-mz.122-55.SE1.bin —changes the name of the default boot-up binary.
17

 
I have made a mistake here, I didn’t specify the flash: directory that the image resides in. This command says to look for the image in the root directory of the switch.

switch (config)# boot system flash:c3750-ipbasek9-mz.122-55.SE1.bin —the correct command.

You can also notice that the last screenshot still contains the boot error. I’ll repair the screenshots as soon as I get a change to play around with the switches again.
 

switch# reload
18

The switch realises that the boot configuration changed and prompts the user to confirm and save the changes.
18

New image booting up.
19

Learning MySQL (Part II)

Posted on Updated on

This post concentrates on establishing a remote connection to the Ubuntu MySQL server created in Learning MySQL (Part I), where I have gone through installation and basic SQL commands as well as randomly generating and importing database table. The practical demonstration of this post shows how to configure the server to accept remote connections and how to establish a connection from a remote client. This post also shows how to create a simple table and fill the table with basic data remotely. This post also contains an Appendix at the end with some useful commands.
 

SERVER PREPARATION

First of all, we need to set MySQL server to listen to other connections other than local host 127.0.0.1.

$ sudo nano -c /etc/mysql/my.cnf

Line 47, change 127.0.0.1 bind-address to the MySQL server local IP address. If you don’t want to specify, or if your server’s IP address regularly changes, type 0.0.0.0. This will enable the server to accept remote connections.

Change local host

Restart MySQL with the new configuration entry.
$ sudo service mysql restart

 
If the my.cnf hasn’t been modified correctly the server will fail to start.
 

Find out if the server started to listen for other connections on SQL port 3306.
$ sudo lsof -P -i | grep mysql —finds the service by name
or
$ sudo lsof -P -i | grep :3306 —finds the service by port

The output should look this if you specify bind-address as 0.0.0.0.
mysqld  4183  mysql  10u  IPv4  18079  0t0  TCP *:3306 (LISTEN)

The output should look this if you specify bind-address as your server’s IP address.
mysqld  4183  mysql  10u  IPv4  18079  0t0  TCP <hostname>.local:3306 (LISTEN)

 
If server restart hasn’t been successful the server will listen only on localhost.
mysqld  4183  mysql  10u  IPv4  18079  0t0  TCP localhost:3306 (LISTEN)
 

Login to the server locally to create a new user with correct privileges that will access the server remotely.
$ mysql -u root -p

Create user named remote with password as the password.
mysql> CREATE USER 'remote'@'%' IDENTIFIED BY 'password';

Give remote all privileges.
mysql> GRANT ALL ON *.* TO 'remote'@'%';

Few online tutorials stated that the remote user requires to be set as a localhost also. However, I found that connections to the server work locally and remotely with only wildcard ‘%’ specified.
 

REMOTE LOGIN

Finally user remote is able to remotely connect to the server. Kali Linux is utilised for the remote connection.
# mysql --host=192.168.1.9 --user=remote --password=password

There’s more types of connections that you can establish with the server. This website includes all relevant information regarding remote connections.

If you don’t want your password to be seen on the terminal window use this code. You’ll be prompted for the password after executing this command.
# mysql --host=192.168.1.9 --user=remote --password

remote connection

Wireshark packet capture shows unencrypted communication between the server and the client. Username in plain text and the password hashed utilising a mix of SHA-1 and 20 bytes of salts, sent after a TCP channel is established. The packet containing the salts is called the Server Greeting illustrated below. Complete packet capture session can be downloaded here.

 
Although MySQL utilises a complex algorithm to hash the password, it’s insecure. If the attacker intercepts the login packets it’s only a matter of time before a successful crack. After the authentication, commands entered remotely are in plain text which will be illustrated later on in the report.

SHA1( password ) XOR SHA1( "20-bytes random data from server" SHA1( SHA1( password ) ) )
 

Login Detail Packet
wireshark capture

Server Greeting Packet
salts
 

CREATING TABLES

Assembling a new table in MySQL requires to specify the names of columns, their datatype, maximum length of entry and some optional information. In this example the table mytable will contain 4 columns id, first, last and password. The datatype for columns first, last and password are VARCHAR with the maximum lengths of 30 and 20. Column id will hold datatype int. The length is not required as int has a fixed maximum length programmed in. Column id is also a PRIMARY KEY column, which will assign a unique identifier to each row. Full list of datatypes and various other options here.

mysql> CREATE TABLE mytable(id int, first varchar(30), last varchar(30), password varchar(20), PRIMARY KEY (id));

Create table easier

If you like to specify each column and datatype in separate line, you can type CREATE TABLE mytable(, press enter and when you are done close the statement with );.

Create table
 

INSERTING DATA INTO TABLES

There are multiple ways of inserting data into a table. The easiest to read was the command below, however, it is required to specify all data within ascending order of the columns.

mysql> INSERT INTO mytable VALUES('1','John','Smith','password');

insertion 1

To change the order of columns or even to leave some columns blank use an argument after table name. This command will fill the id and password columns as specified.

mysql> INSERT INTO mytable(id, password) VALUES('2','another_password');

insertion 2

Example of Intercepted Traffic
intercepted comms

All intercepted traffic between the server and the client entering all commands can be found here.
 

APPENDIX

 

COMPLETE MYSQL REINSTALL

$ sudo -i
# apt-get remove --purge mysql-server mysql-client mysql-common
# apt-get autoremove
# apt-get autoclean
# deluser mysql
# rm -rf /var/lib/mysql
# apt-get purge mysql-server-core-5.5
# apt-get purge mysql-client-core-5.5
# apt-get install mysql-server
 

MYSQL USER MANAGEMENT CHEAT-SHEET

mysql> SELECT user, password FROM mysql.user; —shows all users able to login the database and their hashed password.
mysql> DROP USER 'remote'@'localhost'; —removes user remotethat was able to connect locally.
mysql> DROP USER 'remote'@'%'; —removes user remote that was able to connect from anywhere.
 

DATABASE AND TABLE MANAGEMENT

mysql> show databases; —shows all databases on the server;
mysql> use <database>; —loads specified database.
mysql> show tables; —shows tables from loaded database.
mysql> DROP TABLE table1, table2, table3; —removes specified tables, the user deleting tables must have DROP privileges on all tables.
 

Learning MySQL (Part I)

Posted on Updated on

This post concentrates on setting up a very basic MySQL database and server as well as demonstrating few simple MySQL commands. The reason for conducting this research is to fully understand how SQL databases are controlled and programmed in order to fulfil my long term desire to correctly use and fully understand the syntax of SQL injections. The practical demonstration utilises Ubuntu Linux as a local MySQL server, installed in a virtual environment.
 

CREATING A DATABASE

This website will automatically assemble tables full of random data depending on your specific requirements. For this particular database I’ll have 5 columns named first, last, mail, date and city as well as few other specifications. Select SQL export type, Prompt to Download and click Generate.

random table

The file will be downloaded to /home/<user>/Downloads/ directory, named like something this dataJun-26-2014.sql. I have renamed the file to random.sql for convenience sake.
 

MYSQL SERVER SETUP

$ sudo apt-get install mysql-server

 
During the installation you will be prompted for a password, which will be utilised to login to MySQL server.
 

$ sudo netstat -tap | grep mysql —checks if the server is running.

 
Server Running
check if server running
 

 
Server Not Running
not runningd

$ sudo service mysql restart —restarts mysql-server
not running
 

 

TABLE IMPORT

Locally login to MySQL server as root user.
$ mysql -u root -p

 
Enter the password entered during MySQL-server installation.
 

Create a database name.
mysql> create database mydatabase;

 
mydatabase —specifies the name of the database
 

Switch to the newly created database.
mysql> use mydatabase;

Load generated data table into random database located in /home/<user>/Downloads/<file>.sql
mysql> source /home/suprafortix/Downloads/random.sql

Rename imported table if required. random.sql will be named random by the server.
mysql> rename table <old_name> to <new_name>;
 

BASIC SQL COMMANDS

Now that the database is loaded, we can test out if it works. As mentioned previously the database consists of 5 columns each holding a different data type. The table looks like this in HTML.

database in html

SELECT retrieves selected columns (or data type) from the database. * as an argument retrieves all columns.

FROM is utilised to specify the table name that will be queried to retrieve the desired columns.

WHERE specifies which particular rows will be returned, based on the arguments described after WHERE.

 

WHERE conditions

= —equal

> —greater than

< —less than

>= —greater than or equal

<= —less than or equal

<> —Not equal to

LIKE —allows to select only rows that are “like” what is specified. The percent sign%, is used as a wildcard to match any possible pre-pending or appending characters in a sting.

 

EXAMPLES

mysql> SELECT first, last, date FROM random;
select from command

 
Returns first last and date columns from random.sql table.
 

 
mysql> SELECT mail FROM random;
select from command2

 
Returns mail column from random.sql table.
 

 
mysql> SELECT first, last, date FROM random WHERE date = '02.01.93';
where example
 

mysql> SELECT first, last, date FROM random WHERE first LIKE '%es';
like example

 
WHERE first LIKE '%es' —will select only rows in the first column with strings ending with es.
 

 
mysql> SELECT first, last, date FROM random WHERE last LIKE '%ar%';
like example 2

 
WHERE last LIKE '%ar%' —will select only rows in the last column with stings containing characters ar.
 

 
mysql> SELECT first, last, date FROM random WHERE last LIKE 'r%';
like example 3

 
WHERE last LIKE 'r%' —will select only rows in the last column with stings beginning with r.