Archive for the ‘Educational’ Category

How to find out who sniffs out about your Android mobile smart phone

Thursday, November 16th, 2017


Maybe little know about this embedded Android mobile smart phone features but there is a few mobile code cheats that can help you find out a little bit about your phone security, that's pretty handy for anyone who really wants to know whether mobile phone is being sniffed / tapped on Android software level and can give you an idea on how much your smart phone data is protected or are you being a target of someone's secret surveillance, of course this info is just on Android firmware embedded features level and if your mobile is somehow hacked or trojanned the information that can show could be not adequate, but still it is a good info to know. I'm sure you'll be surprised how much embedded Android features are there for the controllers (Google staff) 🙂


1. Information about telephone, battery status and statistics about telephone use


To get information about battery, usage statistics and device.

2. Are Smart Phone Voice / SMS Transfers on?


This combination of numbers and symbols allows you to understand where your mobile is Transferring Calls, SMS-es or other messages. If you type this code and click call the phone screen should show any numbers to which any data is being transferred, if your phone is okay and not tapped you will get a message the phone call transfers and sms transfer is disabled. Always keep in mind that there is a danger for your info / data or even billings to be tapped already as Android is non-free software, so even if that code returns no transfers you're still insecure at the hands of Google's mercy.

3. Where are calls and SMS-es transffered in case if Voice / SMS Transfers are on?


This codes shows where are your input Calls and SMS-es are being transferred once someone is calling you and he is unable to reach you. At best case the inbound calls will be redirected as voice mail format to voice mail box of the number of your mobile operator.

4. Deactivate all kind of Phone Voice / SMS Transfers (Redirects) for security


By inputting above code you can deactivate all kind of redirects, which were prior configured at your mobile phone. The code is universal one and should work not only in Android but across all smart phones including IPhones. It is a recommended one especially if you're planning to travel in foreign country or region due to the roaming phone expenses.

5. Get IMEI (International Mobile Equipment Identifier) phone info


Above code provides information about the ID number of the mobile phone th so called IMEI (International Mobile Equipment Identifier). Using the email a mobile phone that has been recently stolen can be easily found, because the device is emitting its IMEI number to the mobile phone operator, nomatter what kind of SIM Card is inserted in the phone.


6. How to protect yourself from criminals and spies?

You can use alternative Messanger  Chat / Voice Clients such as: Telegram, Wickr, Signal or Alternatively run your own Jabber server and use it to securily communicate with your friends and relatives

Do not install an unknown source program to mobile phone, abstain from charging the phone on airports and suspicious free "charging" points, abtain from using any free wifi networks whose owner you don't know personally. Beware while browsing as there are websites that could infect you with javascript viruses and terrible phone malware stuff, to be safe make sure you have some kind of Antivirus software installed on the phone just in case.
Be vigilant!


7. Bigger list of Codes working across some of Android versions providing various phone stats and info (not working on all mobiles but might be working on yours)


Here is a list also with a useful codes for some of Android version releases (this will not work on IPhones)


*4636#*#*Information about statistics of phone, battery, usage

*#*#7780#*#*Nullify phone settings.. Delete only applications.

*2767*3855# – Nullify all settings, reinstall firmware.

*34971539#*#* – Full information about phone camera vendor etc.

*#*#273283*255*663282***Quickly archive media files

*#*#197328640#*#Test mobile service

232339#*#* / *#*#526#*#*Test Wireless (Wi-Fi) netework

*#*#232338#*#*Show Wi-Fi card physical MAC Address

*#*#1472365#*#*Quick GPS test

*#*#1575#*#* Various GPS Tests

*#*#0283#*#* Test mobile Loopback interface

*#*#0*#*#* – Test of liquid-crystals mobile display

*#*#0673#*#* / *#*#0289#*#*An Audio test

*#*#0842#*#* Test vibrations of the background phone lid (lightning)

*2663#*#* Get version of sensor screen

*2664#*#*Test of the sensor screen

* * * *0588#*#*Test distance sensor

* * *3264#*#*Get Installed RAM Version

*#*#232331#*#*Bluetooth Test

*#*#7262626#*#*Test GSM signal

*#*#232337#*#*Show bluetooth address

*#*#8255#*#* – Test Mobile Google Talk service

*#*#1234#*#*Information about firmware

*#*#1111#*#*Version of installed Open Trading software version


Share this on

Email Linux alternative text console clients to Thunderbird, fetchmail, Mutt, fetchmail + Alpine how to

Saturday, November 4th, 2017


As a GNU / Linux user you might end up searching for the best email client to satisfy your needs, for those who used so far Outlook Express on M$ Windows first switch to GNU / Linux the most likely one to choose is either Mozilla Thunderbird or GNOME's Evolution default Mail Clientbut what more text / console programs are there that will allow you to easily check email via POP3 and IMAP on Linux?


1. Install Fetchmail and use to collect and copy your emails from remote server to your local machine

 SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
 fetchmail is a free, full-featured, robust, and well-documented remote mail
 retrieval and forwarding utility intended to be used over on-demand TCP/IP
 links (such as SLIP or PPP connections).  It retrieves mail from remote mail
 servers and forwards it to your local (client) machine's delivery system, so
 it can then be read by normal mail user agents such as mutt, elm, pine,
 (x)emacs/gnus, or mailx.  The fetchmailconf package includes an interactive
 GUI configurator suitable for end-users.

To install it, issue:

apt-get install –yes fetchmail procmail

To configure fetchmail to gather your mail from your POP3 / IMAP mailbox, create below
.fetchmailrc configuratoin and modify according to your account


# vim .fetchmailrc


#### .fetchmailrc
 set daemon 600
 set logfile fetchmail.log

 poll the_mail_server_hostname proto POP3

  user "Remote_Username" pass "PASSWORD=" is "local_username" preconnect "date >> fetchmail.log"
  #no keep
  no rewrite
  mda "/usr/bin/procmail -f %F -d %T";

Here is also few words on each of the .fetchmailrc config options

set daemon 600 The fetchmail binary with run in the background in daemon mod and fetch mail from the server every 600 seconds or 10 minutes.

set logfile fetchmail.log This will set the directory and file name of the fetchmail user log file. Eveytime fetchmail recieves an email, checks the pop3 server or errors out you will find an entry here.

poll the_isp_mail_server proto POP3 This line tells fetchmail what mail server to contact, in theis case "the_isp_mail_server" and to use the "POP3" protocol.

user "remote_user_name" pass "PASSWORD" is "local_username" preconnect "date >> fetchmail.log The user directive tells fetchmail what the name of the user on the remote mail server is for example "remote_user_name". The pass directive is simply the password you will use for the remote user on the mail server. The "is" directive is optional. It tells fetchmail to deliver mail to a diferent user name if the user on the remote mail server and the local machine are different. For example, I may be using the name "joe.doe" on the mail server, but my local user name is "jdoe". I would use a line like user "joe.doe" pass "PASSWORD" is "jdoe". The preconnect command simply adds the current time and date to the fetchmail log file every time fetchmail checks for new mail.

ssl The "ssl" directive tells fetchmail to use encryption when connecting to the pop3 mail server. Fetchmail will use port 995 instead of port 110 for un-encypted mail communication. In order to use ssl the remote mail server must be able to use ssl. Comment out this directive if you do _not_ use pop3s.

fetchall Fetchall just means to fetch all of the mail on the mail server no matter what the "read" flag is. It is possibly to read mail through many different processes. If you use another mail client from another location, for example you could have read you mail and kept it ont he server, but marked it with the "read" flag. At this point if you did _not_ use the "fetchall" flag then only mail marked as new would be downloaded.

no keep Once the mail is downloded from the mail server fetchmail is to tell the server to remove it from the server. You may choose to comment this option out if you want to leave all mail on the server.

no rewrite Do not rewrite headers. When fetchmail recieves the mail you do not want any of the headers mangled in any way. This directive tells fetchmail to leave the headers alone.

mda "/usr/bin/procmail -f %F -d %T"; The mda is your "mail delivery agent. Procmail is the program that fetchmail will hand the mail off to once it is downloaded. The argument "-f %F" logs who the mail if from and "-d %T" turns on explicit delivery mode, delivery will be to the local user recipient.

For configuring multiple mailboxes email to be gathered to local machine through fetchmail add to above configuration, some more config similar to this:

 poll protocol pop3:
       username "admin" password "your-plain-text-password" is "username" here;
       username "what-ever-user-name" password "Just-another-pass#" is "foreman" here;

  poll protocol pop3 with option sslproto '':
       user "whatever-user1" password "its-my-pass" mda "/usr/bin/procmail -d %T":   user "whatever-user1" password "its-my-pass" mda "/usr/bin/procmail -d %T


Because as you can see fetchmail keeps password in plaintext it is a best security practice to set some good file permissions on .fetchmailrc just to make sure some other local user on the same Linux / Unix machine will not be able to read your plaintext password, to do so issue below command.

chmod 600 ~/.fetchmailrc


For the purpose of logging as we have it into the config you will also need to create new blank file fetchmail.log

touch fetchmail.log

Once fetchmail all your emails you can use mail command to view your messages or further configure alpine or mutt to read the downloaded messages.


2. Use Alpine text based email client to check your downloaded email with fetchmail

Alpine is Text-based email client, friendly for novices but powerful
 Alpine is an upgrade of the well-known PINE email client.  Its name derives
 from the use of the Apache License and its ties to PINE.

In other words what Alpine is it is a rewritten and improved version of the good old PINE Unix email client (for those who remember it).

To give alpine a try on Debian / Ubuntu install it with:


apt-get install –yes alpine pilot




3. Use MuTT advanced and much more colorful text email client to view your emailbox


 Mutt is a sophisticated text-based Mail User Agent. Some highlights:
  * MIME support (including RFC1522 encoding/decoding of 8-bit message
    headers and UTF-8 support).
  * PGP/MIME support (RFC 2015).
  * Advanced IMAP client supporting SSL encryption and SASL authentication.
  * POP3 support.
  * ESMTP support.
  * Message threading (both strict and non-strict).
  * Keybindings are configurable, default keybindings are much like ELM;
    Mush and PINE-like ones are provided as examples.
  * Handles MMDF, MH and Maildir in addition to regular mbox format.
  * Messages may be (indefinitely) postponed.
  * Colour support.
  * Highly configurable through easy but powerful rc file.


To install MuTT:


linux:~# apt-get install –yes mutt

Configuring mutt if you don't have priorly set-up with fetchmail to collect your remote e-mails, you might want to try out .mutt's email fetch features to do so you will need a .muttrc configuration like that:

# Automatically log in to this mailbox at startup
set spoolfile="imaps://"
# Define the = shortcut, and the entry point for the folder browser (c?)
set folder="imaps://"
set record="=Sent"
set postponed="=Drafts"

You might also omit placing the password inside .muttrc configuration as storing the password in plaintext might be a big security hole if someone is able to read it at certain point, but the downside of that is you'll be asked by mutt to fill in your email password on every login which at a point becomes pretty annoying.

If you face problems with inability of mutt to connect to remote mail server due to TLS problems, you can also try to play with below configurations:

# activate TLS if available on the server
 set ssl_starttls=yes
 # always use SSL when connecting to a server
 set ssl_force_tls=yes
 # Don't wait to enter mailbox manually
 unset imap_passive        
 # Automatically poll subscribed mailboxes for new mail (new in 1.5.11)
 set imap_check_subscribed
 # Reduce polling frequency to a sane level
 set mail_check=60
 # And poll the current mailbox more often (not needed with IDLE in post 1.5.11)
 set timeout=10
 # keep a cache of headers for faster loading (1.5.9+?)
 set header_cache=~/.hcache
 # Display download progress every 5K
 set net_inc=5


Once you have the emails downloaded with fetchmail for your mailbox mutt should be showing your email stuff like in below screenshot

linux:~$ mutt




Of course a very handy thing to have is w3m-img text browser that displays images as it might be able to open your pictures attached to email if you're on a physical console tty.

I'll be curious to hear, if you know of better and easier solutions to check mail in console, so if you know such please drop a comment explaining how you check your mail text.


Share this on

What is this directory /run/user/1000 on Debian and Fedora GNU / Linux?

Monday, October 23rd, 2017


So what are these /run/user/1000, /run/user/0, /run/user109, /run/user/1000 showing in my df -h I'm I hacked or what?

root@noah:~# df -h|grep -i tmpfs
tmpfs 201M 22M 179M 11% /run
tmpfs 1001M 0 1001M 0% /dev/shm
tmpfs 5,0M 4,0K 5,0M 1% /run/lock
tmpfs 1001M 0 1001M 0% /sys/fs/cgroup
tmpfs 201M 0 201M 0% /run/user/0
tmpfs 201M 36K 201M 1% /run/user/1000
tmpfs 201M 16K 201M 1% /run/user/109


/run/user/$uid is created by pam_systemd and used for storing files used by running processes for that
user. These might be things such as your keyring daemon, pulseaudio, etc.

Prior to systemd, these applications typically stored their files in /tmp. They couldn't use a location in
/home/$user as home directories are often mounted over network filesystems, and these files should not be
shared among hosts. /tmp was the only location specified by the FHS which is local, and writable by all

However storing all these files in /tmp is problematic as /tmp is writable by everyone, and while you can
change the ownership & mode on the files being created, it's more difficult to work with.

However storing all these files in /tmp is problematic as /tmp is writable by everyone, and while you can
change the ownership & mode on the files being created, it's more difficult to work with.

So systemd came along and created /run/user/$uid.
This directory is local to the system and only
accessible by the target user. So applications looking to store their files locally no longer have to
worry about access control.

It also keeps things nice and organized. When a user logs out, and no active sessions remain, pam_systemd will wipe the /run/user/$uid directory out. With various files scattered around /tmp, you couldn't dothis.

Should mention that it is called $XDG_RUNTIME_DIR, documented at 8‌​tml.

What if: I have started a "background" computation process with nohup, and it saves its intermediate results/data in a temp file. Can I count on it not being wiped while the process is running, or it will be wiped, and the process started with nohup will loose its data? 

It's unlikely to be wiped, but /run/user is a tmpfs filesystem in debian, ubuntu and fedora, so it'll be limited.

What if the pidfile is a service running under root.
Should it's PID go under /var/run or /var/run/user/0 ?

If since there is no active sessions will it be removed? 

This directory contains system information data describing the system since it was booted.
Files under this directory must be cleared (removed or truncated as appropriate) at the beginning of the boot process.

The purposes of this directory were once served by /var/run. In general, programs may continue to use /var/run to fulfill the requirements set out for /run for the purposes of backwards

Programs which have migrated to use /run should cease their usage of /var/runexcept as noted in the section on /var/run.

Programs may have a subdirectory of /run; this is encouraged for programs that use more than one run-time file.

Users may also have a subdirectory of /run, although care must be taken to appropriately limit access rights to prevent unauthorized use of /run itself and other subdirectories.

In the case of the /run/user directory, is used by the different user services, like dconf, pulse,systemd, etc. that needs a place for their lock files and sockets. There are as many directories as
different users UID's are logged in the system.

Share this on

List of vulnerable wordpress plugins. Hacked, dangerous, vulnerable

Tuesday, October 17th, 2017



Have your wordpress has been hacked recently? Mine has Don't despair, below is a list of famous WordPress Plugins for its hackability.
Hope this helps you prevent your self on time and wipe out all the unnecessery plugins.
Double check the version number of Vulnerable plugins, and remove it only when you're sure its hackable. If you're sure you happen to run on your WordPress Blog or site one of the below plugins immediately deactivate and delete it.


Vulnerability types

A quick reminder of the most common security holes and issues WordPress plugins face. Please note that most problems are a combination of two or more types listed below.

Arbitrary file viewing
Instead of allowing only certain file source to be viewed (for example plugin templates) the lack of checks in the code allows the attacker to view the source of any file, including those with sensitive information such as wp-config.php

Arbitrary file upload
Lack of file type and content filtering allows for upload of arbitrary files that can contain executable code which, once run, can do pretty much anything on a site

Privilege escalation
Once the attacker has an account on the site, even if it’s only of the subscriber type, he can escalate his privileges to a higher level, including administrative ones.

SQL injection
By not escaping and filtering data that goes into SQL queries, malicious code can be injected into queries and data deleted, updated or inserted into the database. This is one of the most common vulnerabilities.

Remote code execution (RCE)
Instead of uploading and running malicious code, the attacker can run it from a remote location. The code can do anything, from hijacking the site to completely deleting it.

Plugin Name Vulnerability Type Min / Max Versions Affected
1 Flash Gallery arbitrary file upload 1.3.0 / 1.5.6
360 Product Rotation arbitrary file upload 1.1.3 / 1.2.0
Tevolution arbitrary file upload 2.0 / 2.2.9
Addblockblocker arbitrary file upload 0.0.1
Ads Widget remote code execution (RCE) 2.0 / n/a
Advanced Access Manager privilege escalation 3.0.4 / 3.2.1
Advanced Ajax Page Loader arbitrary file upload 2.5.7 / 2.7.6
Advanced Video Embed Embed Videos Or Playlists arbitrary file viewing n/a / 1.0
Analytic remote code execution (RCE) 1.8
Analytics Counter PHP object injection 1.0.0 / 3.4.1
Appointments PHP object injection 1.4.4 Beta / 2.2.0
Asgaros Forum settings change 1.0.0 / 1.5.7
Aspose Cloud Ebook Generator arbitrary file viewing 1.0
Aspose Doc Exporter arbitrary file viewing 1.0
Aspose Importer Exporter arbitrary file viewing 1.0
Aspose Pdf Exporter arbitrary file viewing 1.0
Attachment Manager arbitrary file upload 1.0.0 / 2.1.1
Auto Attachments arbitrary file upload 0.2.7 / 0.3
Bbpress Like Button SQL injection 1.0 / 1.5
Bepro Listings arbitrary file upload 2.0.54 / 2.2.0020
Blaze Slide Show For WordPress arbitrary file upload 2.0 / 2.7
Brandfolder local file inclusion (LFI) 2.3 / 3.0
Breadcrumbs Ez remote code execution (RCE) n/a
Candidate Application Form arbitrary file viewing 1.0
Category Grid View Gallery arbitrary file upload 0.1.0 / 0.1.1
Cherry Plugin arbitrary file upload 1.0 / 1.2.6
Chikuncount arbitrary file upload 1.3
Cip4 Folder Download Widget arbitrary file viewing 1.4 / 1.10
Cms Commander Client PHP object injection 2.02 / 2.21
Contus Video Gallery arbitrary file viewing 2.2 / 2.3
Cookie Eu remote code execution (RCE) 1.0
Cp Image Store arbitrary file viewing 1.0.1 / 1.0.5
Cross Rss arbitrary file viewing 0.5
Custom Content Type Manager remote code execution
Custom Lightbox possible remote code execution (RCE) 0.24
Cysteme Finder arbitrary file viewing 1.1 / 1.3
Db Backup arbitrary file viewing 1.0 / 4.5
Delete All Comments arbitrary file upload 2.0
Developer Tools arbitrary file upload 1.0.0 / 1.1.4
Disclosure Policy Plugin remote file inclusion (RFI) 1.0
Display Widgets remote code execution 2.6
Dop Slider arbitrary file upload 1.0
Download Zip Attachments arbitrary file viewing 1
Downloads Manager arbitrary file upload 1.0 Beta / 1.0 rc-1
Dp Thumbnail arbitrary file upload 1.0
Dropbox Backup PHP object injection 1.0 /
Dukapress arbitrary file viewing 2.3.7 / 2.5.3
Ebook Download arbitrary file viewing 1.1
Ecstatic arbitrary file upload 0.90 (x9) / 0.9933
Ecwid Shopping Cart PHP Object Injection 3.4.4 / 4.4.3
Enable Google Analytics remote code execution (RCE) n/a
Estatik arbitrary file upload 1.0.0 / 2.2.5
Event Commerce Wp Event Calendar persistent cross-site scripting (XSS) 1.0
Filedownload arbitrary file viewing 0.1
Flickr Gallery PHP object injection 1.2 / 1.5.2
Form Lightbox option update 1.1 / 2.1
Formidable information disclosure 1.07.5 / 2.0.07
Fresh Page arbitary file upload .11 / 1.1
Front End Upload arbitrary file upload 0.3.0 / 0.5.3
Front File Manager arbitrary file upload 0.1
Fs Real Estate Plugin SQL injection 1.1 / 2.06.03
G Translate remote code execution (RCE) 1.0 / 1.3
Gallery Objects SQL injection 0.2 / 0.4
Gallery Slider remote code execution (RCE) 2.0 / 2.1
Genesis Simple Defaults arbitrary file upload 1.0.0
Gi Media Library arbitrary file viewing 1.0.300 / 2.2.2
Google Analytics Analyze remote code execution (RCE) 1.0
Google Document Embedder SQL injection 2.5 / 2.5.16
Google Maps By Daniel Martyn remote code exection (RCE) 1.0
Google Mp3 Audio Player arbitrary file viewing 1.0.9 / 1.0.11
Grapefile arbitrary file upload 1.0 / 1.1
Gravityforms reflected cross-site scripting (XSS) 1.7 /
Hb Audio Gallery Lite arbitrary file viewing 1.0.0
History Collection arbitrary file viewing 1.1. / 1.1.1
Html5avmanager arbitrary file upload 0.1.0 / 0.2.7
I Dump Iphone To WordPress Photo Uploader arbitrary file upload 1.1.3 / 1.8
Ibs Mappro arbitrary file viewing 0.1 / 0.6
Image Export arbitrary file viewing 1.0.0 / 1.1.0
Image Symlinks arbitrary file upload 0.5 / 0.8.2
Imdb Widget arbitrary file viewing 1.0.1 / 1.0.8
Inboundio Marketing arbitrary file upload 1.0.0 / 2.0
Infusionsoft arbitrary file upload 1.5.3 / 1.5.10
Inpost Gallery local file inclusion (LFI) 2.0.9 / 2.1.2
Invit0r arbitrary file upload 0.2 / 0.22
Is Human remote code execution 1.3.3 / 1.4.2
Iwp Client PHP object injection 0.1.4 / 1.6.0
Jssor Slider arbitrary file upload 1.0 / 1.3
Like Dislike Counter For Posts Pages And Comments SQL injection 1.0 / 1.2.3
Mac Dock Gallery arbitrary file upload 1.0 / 2.7
Magic Fields arbitrary file upload 1.5 / 1.5.5
Mailchimp Integration remote code execution (RCE) 1.0.1 / 1.1
Mailpress local file inclusion (LFI) 5.2 / 5.4.6
Mdc Youtube Downloader arbitrary file viewing 2.1.0
Menu Image malicious JavaScript loading 2.6.5 / 2.6.9
Miwoftp arbitrary file viewing 1.0.0 / 1.0.4
Mm Forms Community arbitrary file upload 1.0 / 2.2.6
Mobile App Builder By Wappress arbitrary file upload n/a / 1.05
Mobile Friendly App Builder By Easytouch arbitrary file upload 3.0
Multi Plugin Installer arbitrary file viewing 1.0.0 / 1.1.0
Mypixs local file inclusion (LFI) 0.3
Nmedia User File Uploader arbitrary file upload 1.8
Option Seo remote code execution (RCE) 1.5
Page Google Maps remote code execution (RCE) 1.4
Party Hall Booking Management System SQL injection 1.0 / 1.1
Paypal Currency Converter Basic For Woocommerce arbitrary file viewing 1.0 / 1.3
Php Analytics arbitrary file upload n/a
Pica Photo Gallery arbitrary file viewing 1.0
Pitchprint arbitrary file upload 7.1 / 7.1.1
Plugin Newsletter arbitrary file viewing 1.3 / 1.5
Post Grid file deletion 2.0.6 / 2.0.12
Posts In Page authenticated local file inclusion (LFI) 1.0.0 / 1.2.4
Really Simple Guest Post local file inclusion (LFI) 1.0.1 / 1.0.6
Recent Backups arbitrary file viewing 0.1 / 0.7
Reflex Gallery arbitrary file upload 1.0 / 3.0
Resume Submissions Job Postings arbitrary file upload 2.0 / 2.5.3
Return To Top remote code execution (RCE) 1.8 / 5.0
Revslider arbitrary file viewing 1.0 / 4.1.4
S3bubble Amazon S3 Html 5 Video With Adverts arbitrary file viewing 0.5 / 0.7
Sam Pro Free local file inclusion (LFI) /
Se Html5 Album Audio Player arbitrary file viewing 1.0.8 / 1.1.0
Sell Downloads arbitrary file viewing 1.0.1
Seo Keyword Page remote code execution (RCE) 2.0.5
Seo Spy Google WordPress Plugin arbitrary file upload 2.0 / 2.6
Seo Watcher arbitrary file upload 1.3.2 / 1.3.3
Sexy Contact Form arbitrary file upload 0.9.1 / 0.9.8
Share Buttons Wp remote code execution (RCE) 1.0
Showbiz arbitrary file viewing 1.0 / 1.5.2
Simple Ads Manager information disclosure 2.0.73 / 2.7.101
Simple Download Button Shortcode arbitrary file viewing 1.0
Simple Dropbox Upload Form arbitrary file upload 1.8.6 / 1.8.8
Simple Image Manipulator arbitrary file viewing 1.0
Simplr Registration Form privilege escalation 2.2.0 / 2.4.3
Site Import remote page inclusion 1.0.0 / 1.2.0
Slide Show Pro arbitrary file upload 2.0 / 2.4
Smart Slide Show arbitrary file upload 2.0 / 2.4
Smart Videos remote code execution (RCE) 1.0
Social Networking E Commerce 1 arbitrary file upload 0.0.32
Social Sharing possible arbitrary file upload 1.0
Social Sticky Animated remote code execution (RCE) 1.0
Spamtask arbitrary file upload 1.3 / 1.3.6
Spicy Blogroll local file inclusion (LFI) 0.1 / 1.0.0
Spotlightyour arbitrary file upload 1.0 / 4.5
Stats Counter PHP object injection 1.0 /
Stats Wp remote code execution 1.8
Store Locator Le unrestricted email sending 2.6 / 4.2.56
Tera Charts reflected cross-site scripting (XSS) 0.1 / 1.0
The Viddler WordPress Plugin cross-site request forgery (CSRF)/cross-site scripting (XSS) 1.2.3 / 2.0.0
Thecartpress local file inclusion (LFI) 1.1.0 / 1.1.5
Tinymce Thumbnail Gallery arbitrary file viewing v1.0.4 / v1.0.7
Ultimate Product Catalogue arbitrary file upload 1.0 / 3.1.1
User Role Editor privilege escalation 4.19 / 4.24
Web Tripwire arbitrary file upload 0.1.2
Webapp Builder arbitrary file upload 2.0
Website Contact Form With File Upload arbitrary file upload 1.1 / 1.3.4
Weever Apps 20 Mobile Web Apps arbitrary file upload 3.0.25 / 3.1.6
Woocommerce Catalog Enquiry arbitrary file upload 2.3.3 / 3.0.0
Woocommerce Product Addon arbitrary file upload 1.0 / 1.1
Woocommerce Products Filter authenticated persistent cross-site scripting (XSS) 1.1.4 /
Woopra arbitrary file upload 1.4.1 /
WordPress File Monitor persistent cross-site scripting (XSS) 2.0 / 2.3.3
Wp Appointment Schedule Booking System persistent cross-site scripting (XSS) 1.0
Wp Business Intelligence Lite arbitrary file upload 1.0 / 1.0.7
Wp Crm arbitrary file upload 0.15 / 0.31.0
Wp Custom Page arbitrary file viewing 0.5 /
Wp Dreamworkgallery arbitrary file upload 2.0 / 2.3
Wp Easybooking reflected cross-site scripting (XSS) 1.0.0 / 1.0.3
Wp Easycart authenticated arbitrary file upload 1.1.27 / 3.0.8
Wp Ecommerce Shop Styling authenticated arbitrary file viewing 1.0 / 2.5
Wp Editor authenticated arbitrary file upload 1.0.2 /
Wp Filemanager arbitrary file viewing 1.2.8 / 1.3.0
Wp Flipslideshow persistent cross-site scripting (XSS) 2.0 / 2.2
Wp Front End Repository arbitrary file upload 1.0.0 / 1.1
Wp Handy Lightbox remote code execution (RCE) 1.4.5
Wp Homepage Slideshow arbitrary file upload 2.0 / 2.3
Wp Image News Slider arbitrary file upload 3.0 / 3.5
Wp Levoslideshow arbitrary file upload 2.0 / 2.3
Wp Miniaudioplayer arbitrary file viewing 0.5 / 1.2.7
Wp Mobile Detector authenticated persistent cross-site scripting (XSS) 3.0 / 3.2
Wp Mon arbitrary file viewing 0.5 / 0.5.1
Wp Online Store arbitrary file viewing 1.2.5 / 1.3.1
Wp Piwik persistent cross-site scripting (XSS) / 1.0.10
Wp Popup remote code execution (RCE) 2.0.0 / 2.1
Wp Post Frontend arbitrary file upload 1.0
Wp Property arbitrary file upload 1.20.0 / 1.35.0
Wp Quick Booking Manager persistent cross-site scripting (XSS) 1.0 / 1.1
Wp Royal Gallery persistent cross-site scripting (XSS) 2.0 / 2.3
Wp Seo Spy Google arbitrary file upload 3.0 / 3.1
Wp Simple Cart arbitrary file upload 0.9.0 / 1.0.15
Wp Slimstat Ex arbitrary file upload 2.1 / 2.1.2
Wp Superb Slideshow arbitrary file upload 2.0 / 2.4
Wp Swimteam arbitrary file viewing 1 / 1.44.1077
Wp Symposium arbitrary file upload 13.04 / 14.11
Wp Vertical Gallery arbitrary file upload 2.0 / 2.3
Wp Yasslideshow arbitrary file upload 3.0 / 3.4
Wp2android Turn Wp Site Into Android App arbitrary file upload 1.1.4
Wpeasystats local file inclusion (LFI) 1.8
Wpmarketplace arbitrary file viewing 2.2.0 / 2.4.0
Wpshop arbitrary file upload /
Wpstorecart arbitrary file upload 2.0.0 / 2.5.29
Wptf Image Gallery arbitrary file viewing 1.0.1 / 1.0.3
Wsecure remote code execution (RCE) 2.3
Wysija Newsletters arbitrary file upload 1.1 / 2.6.7
Xdata Toolkit arbitrary file upload 1.6 / 1.9
Zen Mobile App Native arbitrary file upload 3.0
Zingiri Web Shop arbitrary file upload 2.3.6 / 2.4.3
Zip Attachments arbitrary file viewing 1.0 / 1.4


Have your WordPress site been hacked?

Don’t despair; it happens to the best of us. It’s tough to give generic advice without having a look at your site.

Share this on

Gnome Appearance modify command in Linux / How to change theme using command line in GNOME

Friday, October 13th, 2017



1. Gnome Appearance modify command  in Linux instead – Intro

It is always handy to do stuff in console and as a GNU / Linux long time GNOME user I found it interesting to share here some nice tips on how Theme could be changed using command line.

Why would you ever want to change themes through console / Terminal? Well lets say you have to administrate remotely a bunch of GNU / Linux Desktop machines and you have to change themes simultaneously on a multiple hosts, changing theme using the command line then comes really handy.

Besides that in GNOME 3.X.X branch with Unity (yackes) if you have chosen to use GNOME (Flashback /Fallback) or Mate you might find it difficult to change some specifics of the default theme, that is especially true for GNOME (flashback) Fallback like me.

If you heard GNOME Flashback but you never used i and wonder what it is I think it is worthy to say few words about it:

GNOME Flashback is a session for GNOME 3 which was initially called "GNOME Fallback", and shipped as a stand-alone session in Debian and Ubuntu. It provides a similar user experience to the GNOME 2.x series sessions. The differences to the MATE project is that GNOME Flashback uses GTK+ 3 and tries to follow the current GNOME development by integrating recent changes of the GNOME libraries. The development currently lags behind a little but a lot of progress has been made in bug fixing lately. So in short GNOME Fallback is for anyone who wants to stick to GNOME 2.X interface but doesn't want to stick to Mate and wants still to use some more graphical goodies that comes with GNOME 3.

In MATE nowadays there is possibility to relatively Easy add / change appearance and add new themes, there is also the graphical tool called Appearance accessible via mate-control-center command or menus. Using Appearance you can modify themes and Window Decorations, however there is much more that can be done or tuned missing in the MATE GUI using a couple of GNOME desktop environment native commands.


2. List All Installed GNOME themes on Debian / Ubuntu Linux



$ ls -1 /usr/share/themes/|sed -e 's#/##g'


The All system installed theme location directory /usr/share/themes for RPM Linux-es Fedoras / CentOS etc. are identication



3. Change GTK Theme

Below commands are for GNOME 3 based desktop environments this includes also any other GNOME based Graphical Environments or components of GNOME 3 such as (Ubuntu Unity, GNOME 3 Shell/Classic, Cinnamon), and even the old GNOME 2 desktop.

In GNOME 2 it was possible to set various variables directly from gconf-editor including GTK Themes but in GNOME 3 somehow this is no more … so to do we need to use some cryptic commands or use gnome-tweak-tool or MyUnity (Ubuntu Linux users with Unity) but configuration that can be made with them is unfortunately partial so in any case knowing below commands is a necessity to be able to tune up nicely your Linux Gnome Desktop.

And yes it is crazy why on Earth gnome developers scaped out the configuration from gconf-editor and left us with this user unfriendly method. Could it be that someone (Like the big corporations) has the interest to ruin Free Software?? What do you think…

Unity, GNOME 3 Shell/Classic, Cinnamon

In Unity GNOME 3 Shell / Classic and Cinnamon (the default Debian graphical env).

Before we start I recommend you check out what is the current installed and enabled theme, you might want decide to keep it after checking the number of themes available. To check your current installed GNOME theme run:


gsettings get org.gnome.desktop.interface gtk-theme

You see I have 'Adwaita' theme as a default.
Next lets change the gnome GTK theme interface.

gsettings set org.gnome.desktop.interface gtk-theme "Menta"


MATE (In Linux Mate the current fork of GNOME 2 for hardcore GNOME 2 users)


mateconftool-2 –type=string –set /desktop/mate/interface/gtk_theme "Menta"


GNOME 2 (In native GNOME 2 if you still own some old machines with old Debian / Ubuntu / Fedoras etc.



gconftool-2 –type=string –set /desktop/gnome/interface/gtk_theme "Menta"


4. Change WINDOW THEME (Metacity)

Unity, GNOME 3 Classic (Metacity), GNOME 3 Shell (Metacity > Mutter)


gsettings set org.gnome.desktop.wm.preferences theme "Menta"

Cinnamon (Metacity -> Muffin)


gconftool –type=string –set /desktop/cinnamon/windows/theme "Menta"


Note: Cinnamon must be restarted for the change to take effect.

GNOME 2 (In Gnome 2 with Metacity)


gconftool-2 –type=string –set /apps/metacity/general/theme "Menta"


MATE (Metacity)


mateconftool-2 –type=string –set /apps/marco/general/theme "Menta"


Change SHELL THEME (In Gnome Shell and Cinnamon)

GNOME Shell (user-theme extension must be enabled)

gsettings set name "Menta"



gsettings set org.cinnamon.theme name "Menta"



Unity, GNOME 3 Shell/Classic, Cinnamon (Change GNOME3 Color scheme)



gsettings set org.gnome.desktop.interface gtk-color-scheme "bg_color:#e9efe9;fg_color:#444444;base_color:#ffffff;text_color:#333333;selected_bg_color:#6666cc;selected_fg_color:#eeeeee;tooltip_bg_color:#222222;tooltip_fg_color:#dfcfcf;link_color:#cc0099;"

Reset color (if you don't like it):

gsettings set org.gnome.desktop.interface gtk-color-scheme ""


MATE (Mate set color scheme)



mateconftool-2 –type=string –set /desktop/mate/interface/gtk_color_scheme "bg_color:#e9efe9;fg_color:#444444;base_color:#ffffff;text_color:#333333;selected_bg_color:#6666cc;selected_fg_color:#eeeeee;tooltip_bg_color:#222222;tooltip_fg_color:#dfcfcf;link_color:#cc0099;"



Reset color :


mateconftool-2 –type=string –set /desktop/mate/interface/gtk_color_scheme ""


6. GNOME 2 (Again for the old GNome 2 machines to change the GTK Color scheme)


gconftool-2 –type=string –set /desktop/gnome/interface/gtk_color_scheme "bg_color:#e9efe9;fg_color:#444444;base_color:#ffffff;text_color:#333333;selected_bg_color:#6666cc;selected_fg_color:#eeeeee;tooltip_bg_color:#222222;tooltip_fg_color:#dfcfcf;link_color:#cc0099;"


Reset color:


gconftool-2 –type=string –set /desktop/gnome/interface/gtk_color_scheme ""


What about colors, well the #444444 and #22222 and #eeeeee, #333333 seen as color codes in above examples can easily decrypted if you don't know them using a tiny tool called gcolor2
The tool is installable on most Linux distributions with a simple apt-get install gcolor2 or yum install gcolor the tool is convenient and a must have for anyone using Linux for basic design or graphic operations with some program as GIMP / Krita / Inkscape / Vectr / Karbon etc.

All gcolor2 does is to make easy for you to get HTML color codes and convert existing ones into colors for you, here is shot:



While talking about setting color another interesting Graphical tool related to article, that gives you abilities to change colors in GNOME is gnome-color-choose, the tool is really awesome and allows you to do many of the color tunings shown in above examples

# apt-get install –yes gnome-color-chooser

And finally for the gnome theme hungry people, here is a great bonus. If you need a ton of shiny new themes as possibility to set up on your GNOME download and install The Ultimate Edition Themes deb (Debian / Ubuntu Mint) etc. collection (mirrored):

Debian and other deb based distro users can easily download and install with:

linux:~# dpkg -i ultimate-edition-themes-.0.0.7_all.deb


Other Linux users such as Fedora ones and Slackware users (if anyone on Slack uses Gnome since KDE is default by default there), use alien tool to install it or directly open the file with Midnight Commander (mc) and copy the files to the /usr/share/themes dir.


This article is possible thanks to Change Theme Using Command Line in GNOME (Linux) command line examples are taken from there.

Share this on

Share SCREEN terminal session in Linux / Screen share between two or more users howto

Wednesday, October 11th, 2017



1. Short Intro to Screen command and what is Shared Screen Session

Do you have friends who want to learn some GNU / Linux or BSD basics remotely? Do you have people willing to share a terminal session together for educational purposes within a different network? Do you just want to have some fun and show off yourself between two or more users?

If the answer to the questions is yes, then continue on reading, otherwise if you're already aware how this is being done, just ignore this article and do something more joyful.

So let me start.

Some long time ago when I was starting to be a Free Software user and dedicated enthusiast, I've been given by a friend an interesting freeshell hosting access and I stumbled upon / observed an interesting phenomenon, multiple users like 5 or 10 were connected simultaneously to the same shell sharing their command line.

I can't remember what kind of shell I happen to be sharing with the other logged in users with the same account, was that bash / csh / zsh or another one but it doesn't matter, it was really cool to find out multiple users could be standing together on GNU / Linux and *BSD with the same account and use the regular shell for chatting or teaching each others  new Linux / Unix commands e.g. being able to type in shell simultaneously.

The multiple shared shell session was possible thanks to the screen command

For those who hear about screen for a first time, here is the package description:


# apt-cache show screen|grep -i desc -A 1
Description-en: terminal multiplexer with VT100/ANSI terminal emulation
 GNU Screen is a terminal multiplexer that runs several separate "screens" on

Description-md5: 2d86b86ed6058a04c540802e49312f40
root@jericho:/usr/local/src/pure-python-otr# apt-cache show screen|grep -i desc -A 2
Description-en: terminal multiplexer with VT100/ANSI terminal emulation
 GNU Screen is a terminal multiplexer that runs several separate "screens" on
 a single physical character-based terminal. Each virtual terminal emulates a

Description-md5: 2d86b86ed6058a04c540802e49312f40
Tag: hardware::input:keyboard, implemented-in::c, interface::text-mode,

There is plenty of things to use screen for as it provides you a way to open Virtual Terminals into a single ssh or physical console TTY login session and I've been in love with screen command since day 1 I found out about it.

To start using screen just invoke it into a shell and enter a screen command combinations that make various stuff for you.


2. Some of the most useful Daily Screen Key Combinations for the Sys Admin

To do use the various screen options, use the escape sequence (CTRL + Some Word), following by the command. For a full list of all of the available commands, run man screen, however
for the sake of interest below short listing shows some of most useful screen key combination invoked commands:



Ctrl-a a Passes a Ctrl-a through to the terminal session running within screen.
Ctrl-a c Create a new Virtual shell screen session within screen
Ctrl-a d Detaches from a screen session.
Ctrl-a f Toggle flow control mode (enable/disable Ctrl-Q and Ctrl-S pass through).
Ctrl-a k Detaches from and kills (terminates) the screen session.
Ctrl-a q Passes a Ctrl-q through to the terminal session running within screen (or use Ctrl-a f to toggle whether screen captures flow control characters).
Ctrl-a s Passes a Ctrl-s through to the terminal session running within screen (or use Ctrl-a f to toggle whether screen captures flow control characters).
Ctrl-a :kill Also detaches from and kills (terminates) the screen session.
Ctrl-a :multiuser on Make the screen session a multi-user session (so other users can attach).
Ctrl-a :acladd USER Allow the user specified (USER) to connect to a multi-user screen session.
Ctrl-a p Move around multiple opened Virtual terminals in screen (Move to previous)
Ctrl-a n Move backwards in multiple opened screen sessions under single shell connection

I have to underline strongly for me personally, I'm using the most


CTRL + A + D (to detach session),

CTRL + A + C to open new session within screen (I tend to open multiple sessions for multiple ssh connections with this),

CTRL + A + P, CTRL +  A + N – I use this twoto move around all my open screen Virtual sessions.


3.1 Configuring Shared Sessions so other users can connect

You need to  have a single user account on a Linux or Unix like server lets say that might be the /etc/passwd, /etc/shadow, /etc/group account screen and you have to give the password to all users to be participating into the shared screen shell session.

E.g. create new system account screen

root@jericho:~# adduser screen
Adding user `screen' …
Adding new group `screen' (1001) …
Adding new user `screen' (1001) with group `screen' …
The home directory `/home/screen' already exists.  Not copying from `/etc/skel'.
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for screen
Enter the new value, or press ENTER for the default
    Full Name []: Screen user to give users shared access to /bin/bash
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n] Y

Now distribute the user / pass pair around all users who are to be sharing the same virtual bash session via screen and instruct each of them to run:

hipo@jericho:~$  screen -d -m -S shared-session

hipo@jericho:~$ screen -list

There is a screen on:
    4095.shared-session    (10.10.2017 20:22:22)    (Detached)
1 Socket in /run/screen/S-hipo.

3.2. Attaching to just created session

Simply login with as many users you need with SSH to the remote server and instruct them to run the following command to re-attach to the just created new session by you:

hipo@jericho:~$ screeen -x

That's all folks now everyone can type in simultaneously and enjoy the joys of the screen shared session.

If for some reasons more than one session is created by the simultaneously logged in users either as an exercise or by mistake i.e.:

hipo@jericho:~$ screen -list

There are screens on:
    4880.screen-session    (10.10.2017 20:30:09)    (Detached)
    4865.another-session    (10.10.2017 20:29:58)    (Detached)
    4847.hey-man    (10.10.2017 20:29:49)    (Detached)
    4831.another-session1    (10.10.2017 20:29:45)    (Detached)
4 Sockets in /run/screen/S-hipo.

You have to instruct everyone to connect actually to the exact session we need, as screen -x will ask them to what session they like to connect.

In that case to connect to screen-session, each user has to run with their account:

hipo@jericho:~$ screen -x shared-session

If under some circumstances it happened that there is more than one opened shared screen virtual session, for example screen -list returns:


hipo@jericho:~$ screen -list
There are screens on:
    5065.screen-session    (10.10.2017 20:33:20)    (Detached)
    4095.screen-session    (10.10.2017 20:30:08)    (Detached)

All users have to connect to the exact screen-session created name and ID, like so:

hipo@jericho:~$ screen -x 4095.screen-session

Here is the meaning of used options


-d option instructs screen to detach,
-m makes it multiuser session so other users can attach
-S argument is just to give the screen session a name
-list Sesssion gives the screen-session ID

Once you're over with screen session (e.g. all users that are learning and you show them stuff and ask them to test by themselves and have completed, scheduled tasks), to kill it just press CTRL + A + K

4. Share screen /bin/bash shell session with another user

Sharing screen session between different users is even more useful to the shared session of one user as you might have a *nix server with many users who might attach to your opened session directly, instead of being beforehand instructed to connect with a single user.

That's perfect also for educational purposes if you want to learn some Linux to a class of people, as you can use their ordinary accounts and show them stuff on a Linux / BSD  machine.

Assuming that you follow and created already screen-session with screen cmd

hipo@jericho:~$ screen -list
There is a screen on:
        5560.screen-session      (10.10.2017 20:41:06)   (Multi, attached)
1 Socket in /run/screen/S-hipo.


Next attach to the session

bunny@jericho:~$ screen -r shared-session
bunny@jericho:~$ Ctrl-a :multiuser on
bunny@jericho:~$ Ctrl-a :acladd user2
bunny@jericho:~$ screen -x UserNameHere/shared-session

Here are 2 screenshots on what should happen if you had done above command combinations correctly:



In order to be able to share screen Virtual terminal ( VTY ) sessions between separate (different) logged in users, you have to have screen command be suid (SUID bit for screen is disabled in most Linux distributions for security reasons).

Without making SUID the screen binary file, you are to get the error:

hipo@jericho:/home/hipo$ screen -x hipo/shared

Must run suid root for multiuser support.

If you are absolutely sure you know what you're doing here is how to make screen command sticky bit:


root@jericho:/home/hipo# which screen
root@jericho:/home/hipo# /usr/bin/screen
root@jericho:/home/hipo# root@jericho:/home/hipo# root@jericho:/home/hipo# chmod u+s $(which screen)
chmod 755 /var/run/screen
root@jericho:/home/hipo# rm -fr /var/run/screen/*

Share this on

Things to install on newly installed GNU / Linux (My favourite must have Linux text and GUI programs missing in fresh Linux installs)

Thursday, September 7th, 2017


On every next computer I use as a Desktop or Laptop, I install with Debian GNU / Linux I install the following bunch of extra packages in order to turn the computer into a powerful Multimedia, User, Sys Admin army knife tools, A Programmer desktop and Hacker / Penetration Testing security auditting station.

The packages names might vary less or more across various Debian releases and should be similar or the same in Ubuntu / Linux Mint and the rest of Deb based distribtuions.

Also some of the package names might given in the article might change from time of writting this article just like some  already changed in time from a release to release, nomatter that the general list is a collection of packages I have enjoyed for the last 8 years. And I believe anyone who is new to GNU / Linux and  or even some experienced free software users in need of  full featured computer system for remote system administration purposes or general software development and even small entertainment such as Movie Watching or Playing some unsophisticated basic games to kill some time might benefit from the list of programs collected from my experience as a Free Software GNU / Linux users over the last 12 years or so.

So here we go as you might know, once you have a Debian GNU / Linux, first thing to do is to add some extra repositories in /etc/apt/sources.list

For example my debian 9 Stretch sources.list looks like this:

cp -rpf /etc/apt/sources.list /etc/apt/sources.list-bak

vim /etc/apt/sources.list

And delete / substitute everything within with something as following:

deb stretch main non-free
deb-src stretch main

deb stretch-updates main
deb-src stretch-updates main

deb stretch/updates main
deb-src stretch/updates main

deb stretch/updates main contrib
deb-src stretch/updates main contrib

deb stretch contrib

If you're using an older Debian release for example debian 7 or 8, the sources.list codename stretch word should be changed to wheezy for legacy debian 7 or jessie for debian 8, do it respectively for any future or older Deb releases.

Then proceed and update all current installed packages to their latest release with:

apt-get update && apt-get upgrade

If you're running on a very old Debian GNU / Linux release , you might encounter errors from above cmds, if that's your case just follow the online guides and update to a newer still supported Deb release.

Once all this is done assuming you have connected to the internet via LAN network or if on a laptop via Wireless, here are some useful stuff to install especially if you're planning to use your computer effectively in both console and graphics environment.


1. Install some basic packages necessery if you're planning to be using compilers on the freshly installed GNU / linux

apt-get install –yes gcc autoconf build-essential fakeroot devscripts equivs libncurses5-dev g++ make libc6-dev fontconfig gdc

The most notable package here is build-essential it provides the following collection of C / C++ programs on Deb package based distributions Debian / Ubuntu / Mint etc.

  1. libc6-dev – C standard library.
  2. gcc – C compiler.
  3. g++ – C++ compiler.
  4. make – GNU make utility to maintain groups of programs.
  5. dpkg-dev – Debian package development tools.

2. Install w3m lynx elinks text browsers

apt-get install –yes lynx elinks w3m-img w3m

3. Install wireless and networking tools

apt-get install  –yes tcpdump vnstat wpasupplicant wpagui dnsutils

4. Install Network sniffing, penetration testing and network evaluation tools

apt-get install  –yes wireshark nmap zenmap sniffit iptraf iptraf-ng tshark dsniff netsniff-ng netwox netwag sslsniff darkstat kismet netcat ngrep hashcat hydra hydra-gtk ophcrack ophcrack-cli


wiresharkGUI network traffic analyzer

nmapnmap port mapper and security audit tool

zenmapGUI frontend to nmap

sniffitconsole text based basic packet sniffer and monitoring tool very used tool to sniff servers authenticatoins in the past

iptraf-ngNext Generation interactive colorful IP Lan mointor

tsharkanother network traffic analyzer console version

dsniffVarious tools to sniff network traffic for cleartext insecurities

netsniff-ngLinux network packet sniffer toolkit

netwoxProvides more than 200 tools to solve network problems with DNS, FTP, HTTP, IRC, NNTP, SMTP, SNMP, SYSLOG, TELNET, TFTP

netwaggraphical frontend to netwox

sslsniff SSL/TLS man-in-the-middle attack tool

darkstatnetwork traffic analyzer

kismetwireless sniffer and monitor (very useful in the past for sniffing passwords on a Wi-Fi network)

netcatTCP / IP swiss army knife (good tool to listen and connect to local and remote ports)

ngrepgrep like tool for network traffic

hashcatClaims to be world's fastest and most advanced password recovery utility, capable of attacking more than 160 highly optimized hashing algorithms, supports CPU and GPU (using the video card CPU to enhance password cracking speed), also could be used for distributed password cracking

hydra Very fast network logon cracker, supports webforms works with dictionary attacks etc.

hydra-gtkGTK GUI version of Hydra

ophcrackMicrosoft Windows password cracker using rainbow tables GUI

ophcrack-cli Console version of Microsoft Windows password cracker using rainbow tables for speed



5. Install multimedia, entertainment few useful tools and other useful stuff

apt-get install –yes workrave xscreensaver xscreensaver-data xulrunner xutils zenity yelp zgv   tracker-utils alltray ant apt-utils bsdutils  aumix bwidget ca-certificates pulseaudio-module-jack aumix audacious ffmpeg bluefish bluefish-plugins blender blueman bluez cabextract bluez-firmware bsdmainutils dcraw dmidecode evtest file fonts-liberation fonts-stix fonts-uralic fonts-opensymbol fonts-lyx fonts-cantarell fuse gimp gimp-data-extras gimp-plugin-registry git gnupg gnupg2 imagemagick imwheel inkscape iw less 

bsdutils – Provides some nice old school programs such as :


wall – a program to write to every logged in user console, used in old times on time sharing servers to notify all users about sys admin planning for a reboot or for some other update activity

renice – allows to renice priority over already prioritized process with (nice command)

script – Allows you to do a recorder like saves of user activity on a console / terminal

logger – send logging output from programs to syslog 


alltray – A small program that allows you to bring to dock any program useful to make Thunderbird appear in Gnome / Mate / KDE Dock in a similar manner as Outlook does in m$ Windows

zgv – SVGAlib graphical (picture viewer) useful to view pictures from tty consoles

zenity – allows to display graphical dialog boxes by using shell scripts

aumix – Simple text based mixer control, useful to tune up sound values and mic recording volume from console

WorkRave – is a useful program to periodically remind you to stand out of the computer on a specified interval and shows you graphically some exercies to do to prevent your physical health to not deteriorate by standing all day immobilized

Bluefish – Is Advanced GTK+ HTML Editor useful if you're about to edit HTML / CSS and other Web files

dcraw – Decode raw digital images

dmidecode – Text program that reports your computer hardware

blueman, bluez – Programs to enable USB support on your Linux

evtest – evtest is a utility to monitor Linux input devices

file – little tool to determine file type based on "magic numbes"

fontsliberation – Fonts with same metrics as Times, Arial and Courier

6. Install Text based console Multimedia Mp3 / Mod / S3m players

apt-get install –yes mpg321 mpg123 cmus mp3blaster mplayer sox  ogg123 mikmod cplay cdcd cdck eject


mpg321, mpg123 Mp3 and Ogg Vorbis console player historically one of the earliest I used to play my music

cmus Another awesome ncurses menu based small music player

mp3blaster Full Screen ncurses text console mp3 and Ogg vorbis music player

mplayer An awesome old school (the defacto standard) and still one of the best Music and Video player for GNU / Linux

sox Swiss army knife of sound processing, contains (sox, play, rec and soxi commands), which could be used to play, rec and add effects to WAV and other popular old sound formats

ogg123 Play Ogg Vorbis .OGG Free encoding file format in console

mikmodThe most famous Tracker (S3M, MOD, IT) music player for *NIX, play the old soundtracker formats on your GNU / Linux

cplay – A really nice text front end to music players, the cool thing about it it shows how much is left for the song to over using ASCII

cdcd – play Audio CDs from console

eject – eject your CD Drive from console

cdck – tool to verify the quality of written CDs/DVDs


7. Install Games

apt-get install –yes xpenguins frozen-bubble alex4 bsdgames bb ninvaders blobwars btanks chromium-bsu criticalmass figlet freetennis njam swell-foop dreamchess extremetuxracer gltron gnuchess wesnoth njam wing nikwi dreamchess gltron gnome-games swell-foop aisleriot prboom


xpenguins – little penguins walk on your screen great to use as a screensaver

frozen-bubble – cool game with bubbles you have to pop out

blobwars – platform shooting game

njam – pacman like game with multiplayer support

extremetuxracer – 3D racing game featuring Tux the Linux penguin mascot

gltron – 3D remake of the good well known Tron Game

gnuchess – GNU remake of classic Chess game

wing – arcade Galaga like game for GNU / Linux

wesnoth – Fantasy turne based strategy game

dremachess – 3D chess game

swell-fool – Colored ball puzzle game

gnome-games – A collection of Games for the GNOME Desktop

nikwi – platform game with a goal to collect candies

aisleriot – GNOME solitaire card game 

prboom – PrBoom, a remake of the Doom 3d shooter classic game using SDL (supports OpenGL), to play it you will need WAD files if you don't have it install (doom-wad-shareware) package

figlet – Make large character ASCII banners out of ordinary provided text (just provide any text and get a nice ASCII picture out of it)


8. Install basic archivers such as rar, zip, arj etc.

apt-get install –yes zip unrar arj cpio p7zip unzip bzip2 file-roller


cpioGNU cpio, a program to manager archive files

bzip2BunZip2 block compressor decompressor utility (necessery to untar the .tar.bz2 tar balls)

unzipDe-archiver for .zip files console version

rar, unrarArchiver Unarchiver for .rar files in terminal / console (unfortunately non-free software)

file-rollerArchive manager for gnome


If you're looking for an advanced file archive, dearchive software GUI that be a substitute for Windows WinRar,  WinZip there is also the proprietary software PeaZip for Linux, as I stay as much as possible away from non-free software I don't use PeaZip though. For me file-roller's default GNOME archiver / unarchiver does a pretty good job and if it fails someties I use the console versions of above programs

9. Install text and speech synthesizer festival freetts

apt-get install –yes festival festival-cmu festvox-kallpc16k festvox-ru mbrola-en1 speech-dispatcher-festival freetts flite yasr


FestivalIs the general multi-lingual speech synthesis system

yasris a basic console screen reader program

flitea small run time speech synthesis engine alternative to festival, another free software synthesis tool based built using FestVox


Festival is great if you want to listen to text files and can easily be used to convert basic PDFs or DOC files to listen them if you're lazy to read I've explained on how you can use festival to read speak for you PDFs and DOCs, ODF (Open Document Format) here

10. Install linux-header files for latest installed Debian kernel

apt-get install –yes linux-headers-$(uname -r)

You will need that package if you need to compile external usually DRM (Digital Rights Management)  external modules that could be loaded to current Debian precompiled kernel, I recommend you abstain from it since most of the modules are DRMed and doesn't respect your freedom.

11. Install GUI programs and browsers

apt-get install –yes gnome-themes-standard gnome-themes-standard-data epiphany-browser dconf-tools gnome-tweak-tool

epiphany-browserIntuitive GNOME web browser (I love this browser, though sometimes Crashing I prefer to use it as it is really fast and lightweight I think Mac OS's Safari has been partially based on its programming code)

dconf-tools Dconf is a low-level key / value database designed for storing desktop environment variables (provides dconf-editor – which allows you to tune tons of gnome settings tunable only through this database it is something like Windows regedit registry editor tool but for GNOME)

gnome-themes-standard / gnome-themes-standard-data The name says it all it provides beautiful gnome standard themes

gnome-tweak-tool Graphic tool to adjust many advanced configuration settings in GNOME in GNOME 3.2, many of the old GNOME 3.0 and 2.X capabilities such as Desktop icons or Computer on the Desktop and many more useful gnome capabilities you might be used for historically can be enabled through that handy tool, it is a must for the GNOME user

12. Install text and GUI mail clients

apt-get install –yes mutt fetchmail bsd-mailx mailutils thunderbird aspell-bg aspell-en aspell-ru

I use primary 3 languages Russian, Bulgarian and English, so by installing the 3 packages aspell-bg, aspell-en, aspell-ru, that would add a possiility for Thunderbird and LibreOffice to have ability to spell check your mails and ODF documents, if your native language is different or you speak different languages do run:

apt-cache search aspell 

And install whatever languages spell check support you need


13. Install filesystem mount, check and repair tools

apt-get install –yes ntfs-3g sshfs dosfstools ext3grep  e2fsprogs e2fsck-static growisofs  e2undel extundelete recover bleachbit


ntfs-3g – read / write NTFS driver support for FUSE (Filesystem in UserSpace) or in other words install these to be able to mount in read/write mode NTFS filesystems

sshfs – filesystem client based on SSH File Transfer Protocol, that little nitty tool enables you to mount remotely SSH Filesystems to your local Linux Desktop, it is also useful to install across servers if you need to remotely mount SSH Filesystems

e2fsprogs ext2 / ext3 / ext4 filesystem utilities to check, fix, tune, defragment resize and create etc. new filesystems  (provides crucial commands such as fsck.ext2, fsck.ext3, fsck.ext4, e2label, lsattr, chattr, resize2fs, mkfs.ext2, mkfs.ext3, mkfs.ext4 …)

dosfstoolstool giving you ability to check, create and diagnose DOS and Windows FAT 32 Filesystems provides commands such as dosfsck, mkdosfs, dosfslabel, fsck.msdos, fsck.vfat, mkfs.msdos

growisofs DVD+ RW / Read Only Recorder

ext3greptool to help recover deleted files on ext3 filesystems

e2undel Undelete utility for ext2 filesystems

14. Install emulators for PC OS Emuation (Qemu), DOS and Wine to run native Windows programs on GNU / Linux

apt-get install –yes qemu qemu-utils aqemu dosbox mame mame-extra os8 simh wine nestopia dgen


QemuVirtual Machine emulator with support UEFI firmware

Aqemu – Qemu QT VM GUI Frotend

Dosbox – Dos Emulator, great to have to play the good old DOS games on your GNU / Linux

Mame – Multiple Arcade Machine Emulator, great if you want to play the old arcade games of your youth such as The Punisher, Cadillacs and Dinosaurs, Captain America, Robocop, Captain Commando, Wonderboy and so on the list goes on and on …

simh – PDP-1 PDP-4 PDP-7, PDP-9, PDP-10, PDP-11, PDP-15 HP 2100, IBM System 3, IBM 1620, Interdata, SDS, LGP-21, LGP-30, DEC VaX emulator

nestopia Nintendo Entertainment System / Famicom Emulator

dgen – Sega MegaDrive GNU / Linux Emulator


15. Install Network Time protocol daemon and ntpdate (time synchronizing text client)

apt-get install –yes ntpdate ntp

16. Install Djview and CHM books reader

apt-get install –yes djview djview4 djvulibre-bin xchm kchmviewer chm2pdf

Install this packages to be able read DjView and CHM book formats

17. Install other text stuff

# Install text calculator I always prefer and use this console tool instead of the GUI gnome-calculator

apt-get install –yes bc

18. Install printing CUPs and printing utilities

apt-get install –yes cups-client cups-daemon cups-server-common hplip hplip-data printer-driver-hpcups printer-driver-hpijs ghostscript 

A bunch of packages for your Linux Deskto po properly support printing, you might need to install some extra packages depending on the type of printer you need to use, perhaps you will have to take few minutes probably to configure CUPs.

19. Install text monitoring tools

apt-get install –yes htop atop  dnstop  iftop iotop  jnettop ntopng  pktstat  powertop  sntop mariadb-client  iotop  itop jnettop kerneltop logtop
pgtop powertop


htop – More interactive colorful process viewer similar to top

atop – Monitor for system resources and process activity

dnstop – Console tool for analyze DNS traffic

iftop displays bandwidth usage information on a chosen network interface

iotopsimple top-like I/O (I / O) information output by the Linux kernel

jnettopView hosts / ports taking up the most network traffic

ntopng High-Speed Web-based Traffic analysis and Flow Collection tool

pktstat top like utility for network connections usage

powertop tool to diagnose issues with power consumption and management (useful for Linux running laptops)

sntop A ncurses-based utility that polls hosts to determine connectivity

mariadb-clientthis is the new name for the old mytop / mtop MySQL top package

kerneltop shows Linux kernel usage in a style like top

pgtop Show PostgreSQL queries in a top like style

lograte real time log line rate analyzer


20. Install text command line tools for transferring data from Web sites and FTP

apt-get install –yes curl wget lftp filezilla gftp transmission linuxdcpp

curl command line tool for transferring data with URL syntax

wget tool to retrvie files and html from the web

lftp sophisticated command-line FTP/HTTP/BitTorrent client program

filezilla Full-featured graphical FTP/FTPS/SFTP client

gftp X/GTK+ and console FTP client

transmission lightweight Bittorrent client

linuxdcpp – Port of the Windows file-sharing program DC++


21. Install text based communication programs

apt-get install –yes irssi freetalk centerim finch


Irssi Great console IRC chat client with support for encryption

FreeTalk console based jabber client

centerim Console based ICQ client

finch – Multi protocol Text console client for AIM/ICQ, Yahoo!, MSN, IRC, Jabber / XMPP / Google Talk Sametime, MySpaceIM, Napster, Zephyr, Gadu-Gadu, Bonjour, GroupWise


22. Install Apache Webserver and MySQL

This two are necessery if you're about to use your computer as a PHP / MySQL develment station

apt-get install mysql-server phpmyadmin apache2 libapache2-mod-php5 php-pear php5 php5-mysql  ant ant-contrib apache2-dev apache2-ssl-dev


mysql-server MySQL community edition

ant Java based build tool like make (necessery for building many third party apache modules and code)

libapache2-mod-php5the php module loaded into apache

phpmyadminWebtool admin to manage your MySQL database


23. Install mouse support for consoles

apt-get install –yes gpm


gpm is the general purpose mouse interface, if you want to have support for your mouse in TTY consoles (the ones you go to with CTRL + ALT + F2, CTRL + ALT + F3 and so on install it).


24. Install various formats converter tools

apt-get install –yes html2text pdf2djvu unoconv oggconvert webkit2pdf img2pdf gsscan2pdf netpbm dir2ogg soundconverter


gsscan2pdfGUI program to produce PDF or DJVU from scanned documents

img2pdfLossless conversion of raster images to PDF

webkit2pdfexport web pages to PDF files or printer

html2textAdvanced HTML to text converter

oggcconvert – convert media files to free format 

netpbmGraphics conversion tools between image formats

dir2ogg – converts MP3, M4A, WMA, FLAC, WAV files and Audio CDs to the open-source OGG format.

soundconverter – GNOME application to convert audio files into other formats


There are probably a lot of more handy packages that other Free Software users like to install to make the GNU / Linux desktop notebook even more entertaining and fulfillful for daily work. If you can think of other useful packages not mentioned here you tend to use on a daily basis no matter where Debian based or other distro, please share that would help me too to learn a new thing and I'll be greateful.

Enjoy !

Share this on

The Hindenburg disaster took place on Thursday, May 6, 1937, as the German passenger airship LZ 129 Hindenburg caught fire and was destroyed during its attempt to dock with its mooring mast at Naval Air Station Lakehurst, which is located adjacent to the borough of Lakehurst, New Jersey, United States. Of the 97 people on board (36 passengers and 61 crewmen), there were 35 fatalities (13 passengers and 22 crewmen). One worker on the ground was also killed, making a total of 36 dead. The disaster was the subject of spectacular newsreel coverage, photographs, and Herbert Morrison’s recorded radio eyewitness reports from the landing field, which were broadcast the next day. A variety of hypotheses have been put forward for both the cause of ignition and the initial fuel for the ensuing fire. The incident shattered public confidence in the giant, passenger-carrying rigid airship and marked the end of the airship era.

Thursday, March 19th, 2015


The Hindenburg disaster took place on Thursday, May 6, 1937, as the German passenger airship LZ 129 Hindenburg caught fire and was destroyed during its attempt to dock with its mooring mast at Naval Air Station Lakehurst, which is located adjacent to the borough of Lakehurst, New Jersey, United States. Of the 97 people on board (36 passengers and 61 crewmen), there were 35 fatalities (13 passengers and 22 crewmen). One worker on the ground was also killed, making a total of 36 dead. The disaster was the subject of spectacular newsreel coverage, photographs, and Herbert Morrison's recorded radio eyewitness reports from the landing field, which were broadcast the next day. A variety of hypotheses have been put forward for both the cause of ignition and the initial fuel for the ensuing fire. The incident shattered public confidence in the giant, passenger-carrying rigid airship and marked the end of the airship era.


Share this on