Find all running hosts, used IPs and ports on your local wireless / ethernet network or how to do a basic network security audit with nmap

September 4th, 2017

Find all running hosts / used IPs on your local wireless or ethernet network


If you're using a Free Software OS such as GNU / Linux or some other proprietary OS such as Mac OS X or Windows and you need a quick way to check all running IPs hosts / nodes locally on your current connected Ethernet or Wireless network, here is how to do it with nmap (Network exploration and security tool port scanner).

So why would you do scan that? 

Well just for fun, out of curiousity or just because you want to inspect your local network whether someone unexpected cracker did not break and is not using your Wi-Fi or Ethernet local network and badly snoring your network listening for passwords.

Before you start you should have installed NMAP network scanner on your GNU / Linux, to do so on 

Redhat Based Linux (Fedora / CentOS / Redhat Enterprise RHEL):


yum -y install nmap


On Deb based GNU / Linux-es such as Ubuntu / Mint / Debian etc.


apt-get install –yes nmap


To install nmap on FreeBSD / NetBSD / OpenBSD OS issue from console or terminal:


cd /usr/ports/security/nmap
make install clean 


or if you prefer to install it from latest binary instead of compiling


pkg_add -vr nmap


On a proprietary Mac OS X (I don't recommend you to use this obnoxious OS which is designed as a proprpietary software to steal your freedom and control you, but anyways for Mac OS victims), you can do it to with Macs equivalent tool of apt-get / yum called homebrew:

Open Mac OS X terminal and to install homebrew run:


ruby -e "$(curl -fsSL"
brew install nmap
brew search nmap
brew info nmap


If you want to do it system wide become root (super user) from Mac terminal with


su root


and run above commands as administrator user.

Windows users might take a look at Nmap for Windows or use the M$ Windows native portqry command line port scanner

Test whether nmap is properly installed and ready to use with command:


nmap –help
Nmap 6.00 ( )
Usage: nmap [Scan Type(s)] [Options] {target specification}
  Can pass hostnames, IP addresses, networks, etc.
  Ex:,,; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  –exclude <host1[,host2][,host3],…>: Exclude hosts/networks
  –excludefile <exclude_file>: Exclude list from file
  -sL: List Scan – simply list targets to scan
  -sn: Ping Scan – disable port scan
  -Pn: Treat all hosts as online — skip host discovery
  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
  -PO[protocol list]: IP Protocol Ping
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
  –dns-servers <serv1[,serv2],…>: Specify custom DNS servers
  –system-dns: Use OS's DNS resolver
  –traceroute: Trace hop path to each host
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  –scanflags <flags>: Customize TCP scan flags
  -sI <zombie host[:probeport]>: Idle scan
  -sO: IP protocol scan
  -b <FTP relay host>: FTP bounce scan
  -p <port ranges>: Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
  -F: Fast mode – Scan fewer ports than the default scan
  -r: Scan ports consecutively – don't randomize
  –top-ports <number>: Scan <number> most common ports
  –port-ratio <ratio>: Scan ports more common than <ratio>
  -sV: Probe open ports to determine service/version info
  –version-intensity <level>: Set from 0 (light) to 9 (try all probes)
  –version-light: Limit to most likely probes (intensity 2)
  –version-all: Try every single probe (intensity 9)
  –version-trace: Show detailed version scan activity (for debugging)
  -sC: equivalent to –script=default
  –script=<Lua scripts>: <Lua scripts> is a comma separated list of 
           directories, script-files or script-categories
  –script-args=<n1=v1,[n2=v2,…]>: provide arguments to scripts
  –script-args-file=filename: provide NSE script args in a file
  –script-trace: Show all data sent and received
  –script-updatedb: Update the script database.
  –script-help=<Lua scripts>: Show help about scripts.
           <Lua scripts> is a comma separted list of script-files or
  -O: Enable OS detection
  –osscan-limit: Limit OS detection to promising targets
  –osscan-guess: Guess OS more aggressively
  Options which take <time> are in seconds, or append 'ms' (milliseconds),
  's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
  -T<0-5>: Set timing template (higher is faster)
  –min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
  –min-parallelism/max-parallelism <numprobes>: Probe parallelization
  –min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
      probe round trip time.
  –max-retries <tries>: Caps number of port scan probe retransmissions.
  –host-timeout <time>: Give up on target after this long
  –scan-delay/–max-scan-delay <time>: Adjust delay between probes
  –min-rate <number>: Send packets no slower than <number> per second
  –max-rate <number>: Send packets no faster than <number> per second
  -f; –mtu <val>: fragment packets (optionally w/given MTU)
  -D <decoy1,decoy2[,ME],…>: Cloak a scan with decoys
  -S <IP_Address>: Spoof source address
  -e <iface>: Use specified interface
  -g/–source-port <portnum>: Use given port number
  –data-length <num>: Append random data to sent packets
  –ip-options <options>: Send packets with specified ip options
  –ttl <val>: Set IP time-to-live field
  –spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
  –badsum: Send packets with a bogus TCP/UDP/SCTP checksum
  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
     and Grepable format, respectively, to the given filename.
  -oA <basename>: Output in the three major formats at once
  -v: Increase verbosity level (use -vv or more for greater effect)
  -d: Increase debugging level (use -dd or more for greater effect)
  –reason: Display the reason a port is in a particular state
  –open: Only show open (or possibly open) ports
  –packet-trace: Show all packets sent and received
  –iflist: Print host interfaces and routes (for debugging)
  –log-errors: Log errors/warnings to the normal-format output file
  –append-output: Append to rather than clobber specified output files
  –resume <filename>: Resume an aborted scan
  –stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
  –webxml: Reference stylesheet from Nmap.Org for more portable XML
  –no-stylesheet: Prevent associating of XSL stylesheet w/XML output
  -6: Enable IPv6 scanning
  -A: Enable OS detection, version detection, script scanning, and traceroute
  –datadir <dirname>: Specify custom Nmap data file location
  –send-eth/–send-ip: Send using raw ethernet frames or IP packets
  –privileged: Assume that the user is fully privileged
  –unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
  nmap -v -A
  nmap -v -sn
  nmap -v -iR 10000 -Pn -p 80


Most local router local networks are running under an IP range of ( or or at some weird occasions depending on how the router is configured it might be something like to be sure on what kind of network your computer is configured, you can check with ifconfig command, what kind of network IP has the router assigned to your computer, here is output from my Debian GNU / Linux /sbin/ifconfig


 hipo@noah:~$ /sbin/ifconfig 
lo        Link encap:Local Loopback  
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:336 errors:0 dropped:0 overruns:0 frame:0
          TX packets:336 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:26656 (26.0 KiB)  TX bytes:26656 (26.0 KiB)



wlan0     Link encap:Ethernet  HWaddr 00:1c:bf:bd:27:59  
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::21c:bfff:ffbd:2759/64 Scope:Link
          RX packets:112836 errors:0 dropped:0 overruns:0 frame:0
          TX packets:55363 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:141318655 (134.7 MiB)  TX bytes:7391330 (7.0 MiB)


As evident from above output my router assigns IPs via DHCP once authenticated into the Wi-Fi router under standard IP range of

So under this IP range case, to inspect my small local networkconnected computer I had to run from gnome-terminal or under a /dev/ttyX virtual console:


hipo@noah:~$ nmap -sn

Starting Nmap 6.00 ( ) at 2017-09-04 12:45 EEST
Nmap scan report for pcfreak (
Host is up (0.011s latency).
Nmap scan report for
Host is up (0.00011s latency).
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.53 seconds

-sn argument instructs nmap to do the so called ping scan, e.g. not to do a port s
can after host discovery but just print available hosts that are responding

Some bigger corporate networks are configured to run a couple of local networks simultaneously such as,, etc.

So if that's the case you can add more virtual IPs to your ifconfig after becoming root super user with:


hipo@noah:~$ su root 


And then run:


/sbin/ifconfig wlan0:0 netmask
/sbin/ifconfig wlan0:1 netmask



Note that here I purposefully choose .110 IP because often the is an IP assigned to the router and that might cause some IP conflicts and trigger alarms in the router security which I want to avoid.

To check just added extra Virtual IPs on wlan0 wireless interface (note that depending on your Wi-Fi card and your driver this interface might come under a different name on your computer):


root@noah# /sbin/ifconfig |grep -i wlan0 -A 1
wlan0     Link encap:Ethernet  HWaddr 00:1c:bf:bd:25:59  
          inet addr:  Bcast:  Mask:

wlan0:0   Link encap:Ethernet  HWaddr 00:1c:bf:bd:25:59  
          inet addr:  Bcast:  Mask:

wlan0:1   Link encap:Ethernet  HWaddr 00:1c:bf:bd:27:59  
          inet addr:  Bcast:  Mask:



If you're scanning not on your own network but on a public connected network you might prefer to not use the ping scan as this might identify you in router's firewall as possible intruder and could cause you headaches, besides that some network connected nodes are connected to not respond on a ping scan (some networks purposefully disable pings at all) to avoid possibility of the so called ping flood that might overload a router buffer or bring down hosts on the network beinf flooded.

If you have doubts that a network has ping disabled and it shows no result you can give a try to the so called SYN / FIN Stealth packet scan with added requirement to scan for UDP open ports (-sS) argument


root@noah:/~# nmap -sS -sU -sT

Starting Nmap 6.00 ( ) at 2017-09-04 13:31 EEST
Nmap scan report for pcfreak (
Host is up (0.012s latency).
Not shown: 998 closed ports
80/tcp   open  http
1900/tcp open  upnp
MAC Address: 10:FE:ED:43:CF:0E (Unknown)

Nmap scan report for
Host is up (0.0036s latency).
Not shown: 998 closed ports
625/tcp   open  apple-xsrvr-admin
49153/tcp open  unknown
MAC Address: 84:38:35:5F:28:75 (Unknown)

Nmap scan report for
Host is up (0.000012s latency).
Not shown: 999 closed ports
22/tcp open  ssh

You might also like to add some verbosy (that would generate a lot of output so be careful):

In case if above scan fails due to firewalls and you have a ping scan disabled on the network too you might also try out the so called nmap connect TCP connect scan (-sT), that would avoid the SYN scan. The -sT is useful also if you're not possessing root superprivileges on nmap running host.


nmap -sS -sU

Note that connect scan could take ages as nmap tries to connect every port from default port scanned ranged on remote found hosts that are reporting as up and running.

If the shown results lead you find some unknown computer / tablet / mobile / phone device connected to your network, then connect to your router and thoroughfully inspect the traffic flowing through it, if you find intruder cut him off and change immediately your router passwords and monitor your network periodically to make sure the unwanted guest did not go back in future.

There is much more you can do with nmap so if you have some extra time and interest into penetration testing I recommend you check out Nmap Book (The Official Nmap project guide to Network Discovery and Security Scanning)

Share this on

Howto configure Qmail Mail server to Listen on port 587 for SMTP with STARTTLS

September 2nd, 2017

If you followed Qmailrocks or the updated QmailThibs Qmailrocks tutorial you have configured Qmail Mail SMTP server to listen by default for encrypted SSL connections on port 465. However many Mail for POP3 Secure  / Imapd Secure Clients are doing auto configuration and many prefers to have the 587 port configured too to accept Secure SMTP connections with STARTTLS support and not 465 Secure Connections with SSL certificate. 

So the logical queston comes how to configure 587 port to listen for STARTTLS connections? 

In below article I'll show you how you can configure Qmail to also have a listener on TCP port 587.

Perhaps there are numerous ways to configure Qmail Mail to listen on 587 (assuming it is already configured to properly accept mail on SMTP port 25) and a properly configure IMAP Secure and POP Secure in order for Thunderbird and Outlook desktop mail clients to be able to communicate (Send / Receive) mails without obstacles to the custom confiured Mail server.

By the way having Qmail SMTP listener on 587 besides 25 has another reason for many as some Internet Service Providers (ISPs) have purposefully filtered access to unencrypted port 25 for the sake of reducing auto spam sent in their networks.

So here we go.

Howto setup Qmail Mail server to use have listener on Port 587

Here I assume you have already qmail-smtpd running as a service via Dan Bernstein's Daemontools (Supervice), e.g. the qmail-smtpd run script is stored in lets say /var/qmail/supervise/qmail-smtpd and linked properly to run  from /service/qmail-smtpd

ls -al /service/qmail-smtpd
lrwxrwxrwx 1 root root 32 сеп 18  2012 /service/qmail-smtpd -> /var/qmail/supervise/qmail-smtpd/


cd /var/qmail/supervise/
cp -rf qmail-smptd/ qmail-smptd587/

Once the script template is copied we need to change the default listener port from 25 to 587 for edit the /var/qmail/supervice/qmail-smtpd587/run respawn script

vim /var/qmail/supervise/qmail-smtpd587/run



If you're not familiar with vim use nano / pico / joe / emacs etc. or your favourite text editor if you're running Xserver environment with gnome on the server (hope you didn't) for simplicity you can use even gedit

Here we need to change













Also make sure the script value of







(if configured that way) is set to:







Value of







should also be equal to








Here I assume the run script is standard one from ex-QmailRocks  step by step qmail install (which up2date is the so called QmailRocks Qmail Thibs).

For some older or custom Qmail Installs /var/qmail/supervise/qmail-smtpd587/run might look slightly different e.g. could be something like:





exec /usr/local/bin/softlimit -m 50000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \


If you find your /var/qmail/supervise/qmail-smtpd587/run just copied script has a structure like that then you will have instead to change it look like so to enable 587 TLS port listener





exec /usr/local/bin/softlimit -m 50000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 587 \




Save the file now what is left is to also make the necessery changes for logging to work for /var/qmail/supervise/qmail-smtpd587/log/run

Before we do that we'll copy the log files from /var/log/qmail/qmail-smtpd to /var/log/qmail/qmail-smtpd587
(Note here if your qmail-smtpd log is configured on some other location just change the appropriate paths in below cp command)

cp -rpf /var/log/qmail/qmail-smtpd /var/log/qmail/qmail-smtpd587



Once copied edit the supervise script /var/qmail/supervise/qmail-smtpd587/log/run

Mine looks like so:





exec env – PATH="$VQ/bin:/usr/local/bin:/usr/bin:/bin" \
setuidgid qmaill multilog t n1024 s1048576 n20 /var/log/qmail/qmail-smtpd

Add the 587 to the end of qmail-smtpd directory so it looks like so:




exec env – PATH="$VQ/bin:/usr/local/bin:/usr/bin:/bin" \
setuidgid qmaill multilog t n1024 s1048576 n20 /var/log/qmail/qmail-smtpd587


If you're not runing QmailRocks based scripts Qmail but some custom one you might have here also something different for example:

exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-smtpd 2>&1


In that case also add the 587 to the end of qmail-smtpd so the file content is like so:

exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-smtpd587 2>&1

All left so far is to link the new copied created supervise scripts to be processed by daemontools service auto-respawn service




cd /service/
ln -s /var/qmail/supervise/qmail-smtpd587






Now restart qmail with qmailctl script or whatever script you're using to make the qmail server processes reload:


qmailctl restart

Restarting qmail: * Stopping qmail-smtpdssl. * Stopping qmail-smtpd. * Sending qmail-send SIGTERM and restarting. * Restarting qmail-smtpd. * Restarting qmail-smtpdssl. * Restarting qmail-pop3d.


Now as we should have everything setup, last step is to check the TCP Port 587 listener on server is listening / accepting connections on the GNU / Linux server:




netstat -lptn|grep -i 587 tcp 0 0* LISTEN 9396/tcpserver


As you see everything looks fine we're listening on 587, it is generally a good idea to check also all the running services on the server including rest of Qmail listeners to make sure something else did not broke, so I recommend you issue once again:





netstat -lptn



It is recommended to also check the readproctitle daemontools process to make sure no any kind of errors are reporting while runing the supervise scripts, to do so run:





ps axu|grep -i readproc root 6029 0.0 0.0 3756 356 ? S Aug31 0:00 readproctitle service errors: …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………. root 6542 0.0 0.0 112404 920 pts/0 S+ 13:25 0:00 grep -i readproc


Above many dots indicate no errors were encountered while runing the supervise scripts and everything is okay, if you instead get some errors, you have to debug what is crashing and fix it, but hopefully you should have gone without any errors just like me. Even if there errors expect something minor like a typo in the just modified run scripts or some missing log path or something.

In the mean time if you happen to have a Qmail, Postfix or other mail server with errors you can't solve and need for help or system administration services on a cheaper price please hire me to manage it it.

That's all, Enjoy now using your Mail client of choice to connect to 587 with TLS.



Share this on

Converting .crt .cer .der to PEM, converting .PEM to .DER and convert .PFX PKCS#12 (.P12) to .PEM file using OpenSSL

September 1st, 2017


These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, you can convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file and use it with Tomcat or IIS.

  • Convert a DER file (.crt .cer .der) to PEM


    openssl x509 -inform der -in certificate.cer -out certificate.pem
  • Convert a PEM file to DER


    openssl x509 -outform der -in certificate.pem -out certificate.der
  • Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM


    openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

    You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

  • Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)


    openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key \
    -in certificate.crt -certfile CACert.crt

Share this on

Install JBL Go Bluetooth Speaker on Debian GNU / Linux and Ubuntu

August 24th, 2017


Here is how to configure a JBL Go Bluetooth (Wireless) speaker and presumably other Bluetooth external speakers to Debian GNU / Linux Wheezy 7 and Ubuntu 14.04 . 1. Install following bunch of deb packages

debian:~# apt-get install pulseaudio pulseaudio-module-bluetooth pavucontrol bluez-firmware

Here it is notable to mention pavucontrol if you have previously played more extensively on GNU / Linux you should have already used if not it is really cozy volume control tool with a lot of tuning options regarding pulseaudio stream server. Considering that like me you're using a GNOME as a desktop environment you will also need gnome-bluetooth package, e.g.:

debian:~# apt-get install gnome-bluetooth

As Pulseaudio is used as a sound streaming server in GNU / Linux (assuming your Debian version is using it you'll also need to have installed pulseaudio-module-bluetooth)

debian:~# apt-get install pulseaudio-module

For Ubuntu 14.04 GNU / Linux users the list of necessery bluetooth packages is a bit longer, if you're on this OS go and install:

debian:~# apt-get install bluez bluez-alsa bluez-audio bluez-btsco bluez-compat bluez-cups bluez-dbg bluez-gstreamer bluez-hcidump bluez-pcmcia-support bluez-tools bluez-utils python-bluez bluewho indicator-bluetooth libbluetooth-dev libgnome-bluetooth11 libbluetooth3 python-gobject python-dbus

Moreover you will need pulseaudio-module-bluetooth deb package installed in order to be able to select the desired sound output.

Next it is time to restart Bluetooth service

debian:~# service bluetooth restart
[ ok ] Stopping bluetooth: rfcomm /usr/sbin/bluetoothd.
[ ok ] Starting bluetooth: bluetoothd rfcomm.

It is also a good idea to restart pulseaudio snd streaming server in order to load the newly installed pulseaudio bluetooth module settings, to do so issue:

debian:~# killall pulseaudio

And try to establish connection from Gnome-Bluetooth to the JBL Go (press the JBL Go bluetooth button) and search from the Linux bluetooth interface, once founded connect it.



Before JBL Go appears to list listable blootooth devices you will also need to run following command:

debian:~# pactl load-module module-bluetooth-discover

This command is to connect bluetooth discovered JBL Go device to the audio sink interface.

It is generally idea to add this line also to /etc/rc.local to make the setting permanently executed on every Linux boot.

Now you can launch pavucontrol and hopefully the JBL GO bluetooth speaker should be visible as an option, check out my below screenshot:


In case you further experience issues connecting the Bluetooth Speaker I would recommend to check out this Debian a2dp page at the end of the page are troubleshooting suggestions.

Though this article explains how to connect a bluetooth speaker connecting Bluetooth Speaker to GNU / Linux is done in analogous way


Share this on

Upgrade old crappy Windows 7 32 bit to Windows 10 32 bit, post install fixes and impressions / How to enter Safe Mode in Windows 10

June 28th, 2017


However as I've been upgrading my sister's computer previously running Windows 7 to Windows 10 (the process of upgrading is really simple you just download Windows-Media-Creation-tool from Microsoft website and the rest comes to few clicks (Accept Windows 10 User Agreement, Create current install  restore point (backup) etc.) and waiting some 30 minutes or so for the upgrade to complete.


Then it was up to downloading some other updates on a few times and restarting the computer, each time the upgrades were made and all the computer was ready. I've installed Avira (AntiVirus) as I usually do on new PCs and downloaded a bunch of anti-malware (MalwareBytes / Rfkill  / Zemanta)  to make sure that the old upgraded  WIndows was not already infected before the upgrade and I've found a bunch of malware, that got quickly cleared up.

Anyways I've tried also another tool called ReimagePlus – Online Computer Repair in order to check whether there are no some broken WIndows system files after the upgrade

(here I have to say I've done that besides running in an Administrator command prompt (cmd.exe) and running

sfc /scannow

command to check base system files integrity, which luckily showed no problems with the Win base system files.

ReimagePlus however showed some failed services and some failed programs that were previously installed from Windows 7 before the upgrade and even it showed indication for Trojan present on computer but since ReImagePlus is a payed software and I didn't have the money to spend on it, I just proceeded to clean up what was found manually.

After that the computer ran fine, with the only strange thing that some data was from hard drive was red a bit too frequently, after a short call with a close friend (Nomen) – thx man, he suggested that the frequenty hdd usage might be related to Windows Search Indexing service database rebuilt and he adviced me to disable it which I did following this article How to speed up Windows by disabling Search Index Service.

One issue worthy to mention  stumbled upon after the upgrade was problems with Windows Explorer which was frequently crashing and "restarting the Desktop", but once, I've enabled all upgrades from Microsoft and Applied them after some update failures and restarts, once all was up2date to all latest from Microsoft, Explorer started working normally.

In the mean time while Windows Explorer was crashing in order to browse my file system I used the good old Win Total Command or Norton Commander for Windows – WinNC (with its most cool bizzarre own File Explorer tool).


As I wanted to run a MalwareBytes scan and Antivirus under Windows Safe-Mode, I tried entering it by restarting the Computer and pressing F8 a number of times before the Windows boot screen but this didn't work as Safe-Mode boot was changed in Windows 10 to be callable in another way because of some extra Windows Boot speed up optimizations, in short the easiest way I found to enter Windows 10 Safe Mode was to Hit Start Button -> Choose Restart PC and keep pressed SHIFT button simultaneously
that calls a menu that gives you some restore options, along with safe mode options for those who want to read more on How to Enter Safe mode (Command Prompt) on Windows 10 – please read this article.


Once the upgrade was over and all below done unfortunately I've realized her previously installed WIndows 7 is x86 (32 bit) version and the Acer notebook 5736Z where it is being installed is actually X64 (64 bit), hence I've decided to upgrade my dear sis computer to a 64 Bit Windows 10 and researched online whether, there is some tool that is capable to upgrade WIndows 10 from 32 bit to Windows 10 64 bit just to find out the only option is to either use some program to creaty a backup of files on the PC or to manually copy files to external hard drive and reinstall with a Windows 10 64 bit bootable USB Flash or CD / DVD image, so I took my USB flash and used again Windows Media Creation Tool to burn Windows and re-install with the 64 bit iso.

If you're wonder about why I choose to re-install finally Win 10 32 bit with Win 64 bit, because you might think performance difference might be not really so dramatic, then I have to say the Acer notebook is equipped with 4 Gigabytes of RAM Memory and Windows 10 32bit  (Pro) could recognize a maximum of 3 Gigabytes (2.9 GB if I have to be precise) and 1 Gigabyte of memory stays totally unusued all the time with  Winblows 10 32 bit.


I've tried my best actually to not loose time to fully upgrade Windows 7 (32 bit) -> Windows 10 (64 bit) but to make Windows 7 32 bit Windows to use more than the default Limitation of 3GB of memory by using this thirt party PAE Externsion Kernel Patch
which is patching the Windows Kernel to extend the Windows support for PCs with up to 128 GB of memory however it turned out that this Patch file is not compatible with my Windows Kernel version once I followed readme instructions.

It seems the PAE (Physical Address Extension) is supported by default  by Microsoft only on 32 bit Windows Server 10 to read more on the PAE if interested give a look here.

Well that's all folks, the rest I did was to just boot from the USB drive just burned and re-install WIndows and copy my files from User profile / Downloads / Pictures / Music etc. to the same locations on the new installed Windows 10 professional 64 bit and enjoy the better performance.

Share this on

Disable Windows hibernate on a work notebook or Desktop Gamers PC – Save a lot of Space on Windows C Drive, delete hidefil.sys howto

May 18th, 2017


Some Windows  laptop / desktop users prefer not to shutdown computers (especially those coming back from Mac OS backgound) at the end of the day but  hibernate instead.

Hibernate is a great thing but historically we know well that in Windows hibernate is working much worser than on Macs and it is common that after multiple hibernates you will face problems with missing  C: drive space is it might be "misteriously" decreasing in a way that the PC performance degrades as the C:hibfile.sys hidden file occupies few 16Gigas or so (the occupied space by hibfile.sys does resemble the installed RAM Memory on the computer, so if your PC has 16Gigas the hibfile.sys will be lets say approximately 15 Gigabytes)

However most users never use hibernate and might never use it for a life time, especially those on a Desktop Windows PCs, I use Windows as a WorkStation as an employee of DXC (the ex Hewlett Packard or Hewlett Packard Enterprise that merged with CSC) but to be honest I've used hibernate function very raraly on the notebook, thus I find the hibernate more or less useless feature, especially because at many times I try to wake-up the PC after hibernate the computer boots but the display stays dark and I have to restart the Computer before I can go back to normal work operations. Of course my Windows 7 hibernation issues might be caused do to the corporate software installed on my PC or because the fact the hard drive is encrypted but nomatter that in my case and I guess in case of many the hibernate function on Windows 7 / 8 / 10 might be totally useless.

Few works is Hiberfil.sys File and Why you might want to complete disable / delete it

On Windows 7 / 8 / 10 the hiberfil.sys file is being used to store the PC current state at time of hibernation, so if you have to move from a place to place within an organization / university / office without a charger hibernation is a really nice way to save battery power without later wasting time for additional PC boot (where a lot of power is wasted for Operationg System to load and re-opening the opened Browser etc.

So in short sleeping the PC with Hibernate function does cause the Computer to write into C:hiberfil.sys all data at the moment stored in the PC RAM (Memory), which is being cleared up at time of Computer being in Sleep mode.
Once the computer receives a Wake-up call from the hibernation in order to present with the Desktop at the same state hiberfile.sys stored information is being red and transferred to PC flushable RAM so the RAM memory is again filled with same bits it used to have right before the hibernation was made.

Because hiberfil.sys is a system file it has the hidden attribute and it can only be write / read by a Administrator Win account and usually it is not a good idea to touch it

Some people haven't shutdown Windows for 20-30 days and especially if Windows has disabled updates it happens for some users to use the hibernate function for weeks (re-hibernating and waking up thousand times) for long periods so the effect is the hiberfile.sys might become gigantic and if you take the time to check what is file or directory is wasting all your C:> drive with leys say WinDirStat or SpaceSniffer you will notice the lets say 15Gigas being eaten by Hiberfil.sys.

Disable of hibfile.sys is also a great tip for Gamers desktop PCs as most gamers won't use hibernate function at all.

I. How to Disable Hibernate Mode in Windows 10, 8, 7, or Vista

In order to get rid of the file across Windows 7 / 8 / 10

Open command prompt (as an Administartor, right click on the Command Prompt cmd.exe and choose Run as Administartor) and issue below cmd:


C:> powercfg -h off

If later you decide you need the hibernate function again active on the PC or notebook do issue:

C:> powercfg -h on

You’re likely reading this because you noticed a gigantic hiberfil.sys file sitting on your system drive and you’re wondering if you can get rid of it to free up some space. Here’s what that file is and how you can delete it if you want to.


II. Disable Hibernate Mode in Windows XP

Hibernate function command is not present on Windows XP so in order to remove it on XP (hope you don't use XP any more and you're not a viction of the resent crypt catastrophic ransomware WannaCry 🙂


Control Panel -> Power Options

In the Power Options properties window, switch to the “Hibernate” tab and disable the “Enable hibernation” option.

After you disable hibernate mode, restart PC, and manually delete the hiberfil.sys file.

Now enjoy free-ing up few gigabytes of useless wasted C: hard drive space from your PC 🙂

Note: Removing hiberfil.sys is a precious thing to do on old Windows Computers which have been made with a little leys say 40Gigabyte partition drive C: whether with the time due to User profile use and Browsing caches the C: drive has left with leys say 1-2 Gigabyte of free space and the computers overall performance has fallen twice or so.

This post is in memoriam of Chriss Cornell (our generation used to grow with grunge and his music was one of the often listened by me and our generation)

R.I.P: Chriss Cornell (the head of SoundGarden and AudioSlave who passed away yesterday right on the day when we in Bulgarian Eastern Orthodox Church commemorate the memory of a great-martyr Nicolay Sofijski (Great Martyr Nicolas from Sofia martyred by Turkish Ottomans during year 1555).

I found surprising fact for me  that Chriss Cornell converted to Greek Eastern Orthodox faith under influence of his Greek Wife, below is paste from his Wikipedia page:


Chriss Cornell Personal life (Rest in Peace Chris)

Cornell was married to Susan Silver, the manager of Alice in Chains and Soundgarden.[123] They had a daughter, Lillian Jean, born in June 2000.[123] He and Silver divorced in 2004.[123] In December 2008, Cornell reported via his official website that he had finally won back his collection of 15 guitars after a four-year court battle with Silver.[124]

He was married to Vicky Karayiannis,[125] a Paris-based American publicist of Greek heritage. The union produced a daughter, Toni, born in September 2004, and a son, Christopher Nicholas, born in December 2005.[126] Cornell converted to the Greek Orthodox Church through her influence.[127]

When asked how Cornell beat all his addictions he stated, "It was a long period of coming to the realization that this way (sober) is better. Going through rehab, honestly, did help … it got me away from just the daily drudgery of depression and either trying to not drink or do drugs or doing them and you know, they give you such a simple message that any idiot can get and it's just over and over, but the bottom line is really, and this is the part that is scary for everyone, the individual kinda has to want it … not kinda, you have to want it and to not do that crap anymore or you will never stop and it will just kill you."[128]

In a 2011 interview,[129] Cornell said the major change with the reformed Soundgarden is a lack of alcohol: "The biggest difference I noticed … and we haven't even really talked about it: There are no bottles of Jack Daniel's around or beers. And we never talked about … it's just not there."



Share this on

Trip to Bakadjiiski ( Bakadji ) monastery Bulgaria near Yambol peak Bakadji and a Rocker Moto feast- A little known tourist Mountain virgin perl of Bulgaria

May 13th, 2017


Perhaps many of Bulgarian citizens and people in Europe who have heard about Bulgaria and its Capital Sofia or have been on a tourism trip to Bulgaria know Saint Alexander Nevski Cathedral in Bulgaria capital Sofia.

However perhaps few know or have heard that saint Alexander Nevskij's Cathedral is not the only Church dedicated to the Russian saint but earlier another small Christian church was build as a remembrance and honor of the Russian-Turkish War Bulgarian liberators who were consisting of (Russian, Belarusians, Ukrainian, Finish and Romanian) soldiers who have sacrificed there life (according to official sources about 70 000 – 100 000 deaths from Russian side) but unofficial sources says 200 000 – 300 000 as a real numbers of victims of Russians and about les say at least 80 000 victims of Bulgarian side.

The Russian-Turkish Liberation war of 1877 and liberation of Bulgarian from Ottoman slavery are among the most notable events for Bulgarian history.

With the coming of peaceful times, the warm feelings and high appreaciation of Bulgarian nation to Russian liberators have been demonstrated numerous times with the creation of innumerable number of Christian Churches and Chapel and other Christian monuments, the most notable along with saint Aleksander Nevski on the city center of Sofia is the monument of emperor Alexander Nikolaevich II-nd   the Liberator


The first monument in remembrance of the Russo-Turkish Bulgarian Liberation war was built nearby the city of Yambol after the victory of 23rd Donsk – Khazak regiment in Yambol is established 55th infantry (Podolski) regiment, 95th infantry regiment of Krasnoyarsk and some other Russian troop forces while finally in the end of year 1878 here is established 30th infantry regiment of the corups of General Skobelev-Junior.
In the beginning of next year the famous General discusses with Yambol citizens his idea to build a Church "for eternal remembrance of Russian soldiers on the battlefield during the liberation of Bulgarian of Ottoman slavery".



It is decided the idea to be implemented with joint forces between the North slope on the first peak of Bakadjika – also known as "Saint Spas", and on its ridge – on the same place of the Destroyed by Turkish soldiers Monastery "Sveti Spas / Holy Saviour) during the Bulgarian Uprising of April (Aprilsko Vozstanie).
Gen Skobelev and the local people decided to build a small chappel in honor of Russian saint Alexander Nevski who played key role for the rise of Russian nation and thanks to whome Russians managed to escape slavery from the surrounding Turkish khan rulers like Bhatai Khan etc.

With the success of preliminary plan, the place become a common visited (usually mostly during Summer months) by citizens of about 12 km far Yambol city.

With the withdrawal of last Russian soldiers of the region while departing from there general Skobelev gave a precious gift to the newly built Church – an Evangelion with an Engraved Cross.


Evangelion gift by general Skobelev


The Cross gift by General Skobelev to the new built memoriam Church saint Alexander Nevski


Icon of Alexander Nevski kept in the St. Aleksander Nevski Memorial Church in Bakadjika Holy Saviour Monastery.

After the depearture of Russian soldiers the consturctuion works of the temple are completed by Bulgarians with the material aids from Russia.
The iconostasis follows the Russian Orthodox Church tradition engraved by Russian monks and moved in parts to be mounted in the Church.


The gonfalons and most of the icons are brought by Kiev Pechersk Lavra (The biggest and one of oldest if not earliest monastery on Russian lands) nowdays in capital of Ukrain Kiev.

In 1884 with the presence of the Russian embassador for Eastern Romelia with many official guests and locals
the official sanctification of the Church-monumentum st. Alexander Nevski (nowadays Bakadjishki monastery) has beenmade.
The Church and monastery had gone through a really hard times during Communism (Socialism) in Bulgaria 1944-1989 and until 10-15 years ago it has been left in a very bad state.

However thanks to locals and a Hieromonk Sofronij (known by many locals as Stefan Bradata (Stefan The Beard), the monastery has been quickly starting to recover its material base.



Fr. Sofronij has been in process of building monastic corups where guests can stay for a night or few but is facing financial problems and he is kindly asking anyone who has the finances and love for Christ and the Eastern Orthodox Church to help with finances, material goods or even workforce and of course novice monks are always needed.


Nearby the monastery there is a famous Cave well (holy spring water), which according to the local tradition has been revealed in a dream to a monk and the monks has dug hardly the cave wall about 30 meters and then dug down exactly the the place where the monk had the Vision of the Blessed Mother Mary.
Just like in the dream the Miraculous Holy Spring water has emerged exactly on the place shown in the dream, because of the resemblance of the Well found with the Evangelion story of the Samaritan woman at the well – whose name btw in Christian Eastern Orthodox tradition is Photinia, the well later received a name The Well of Samaritan.


The entrance door leading to the Cave Samaritan Well



Fr. Sofronij with the Italian sculteres of the Lord Jesus Christ and the Samaritan


The Well with (Buklica – traditional water vessel in Bulgaria)


Italian statues of Christ and the Samaritan Woman at the Well (Holy Water / Agiasmo / Aiazmo Spring)

In case if you want to spend the night in Bakadjika Monastery for a really cheap – 5 euro please contact:

Yambol Bakadjicite
089 895 4611

Each on Bakadjika it has become a local tradition for Rockers / Metalheads and Moto fans all around Southern Bulgaria
to gather near Bakadji just 1 km away from Bakadjiski monastery.
Since ancient times the spiritual centers has always attracted people and perhaps this is also true for Bakadjika which earlier has been a place for a heroic battles for freedom and nowdays has become a rocker arena of a different understanding of wild life and human freedom.

This year 2017 it is the 20th anniversary for Rockers gathering on 12 of May on Bakadjika-Yambol Moto feast to meet other who are alike. The rocker event is about to last 3 days until 15 of May.
For the safety of Rockers this year the rockers has been granted a great honor as a Bishop of the Bulgarian Orthodox Church (Bishop of Agathopol – Ierotey Kosakov his whole biography is on Bg-Patriarchy website here) has personally come to the event to pray (with the so called Vodosvet – Or Blessing of Water) for the well being of the Rockers who are to ride and take participation of organized games and racing events of Bakadjika feast.


What is famous near the monastery and perhaps little known outside of Bulgaria and perhaps in Eastern Europe is the existence of Gigantic Monument (Soviet times / Communist) of Bronze build in year 1987 in honor of 110 years of the Liberation of Bulgarian from Ottoman Turkish Slavery. The monument is a kind of symbiosis between concrete plate with plastics and 32 tons of bronze.

The monument depicts events related to Bulgarian history divided on 3 parts.

1. A Russian Soldier and a Bulgarian (opalchenec = guerilla of the liberation war) – symbol of the heroic victory over Ottoman enslavers and the Victory of Christianity on Bulgarian lands over islam

2. Second comes plastics depicting a mother with a child – symbol of continuity between generations

3. A Cosmonaut (Spaceman) – a symbol for Bulgarian-Russian achievements in science and the mastering of cosmic space  and on the top with a plastic is a young-woman – a symbol for advance of resurrected Bulgarian nation






Share this on

How to set the preferred cipher suite on Apache 2.2.x and Apache 2.4.x Reverse Proxy

May 4th, 2017


1. Change default Apache (Reverse Proxy) SSL client cipher suite to end customer for Android Mobile applications to work

If you're a sys admin like me and you need  to support client environments with multiple Reverse Proxy Apache servers include old ones Apache version 2.2.x (with mod_ssl compiled in Apache or enabled as external module)
and for that reason a certain specific Apache Reverse Proxy certificate SSL encoding cipher default served suite change to be TLS_DHE_RSA_WITH_AES_128_CBC_SHA in order for the application to properly communicate with the server backend application then this article might help you.

There is an end user client application which is Live on a production servers some of which running on  backend WebSphere Application Servers (WAS) / SAP /  Tomcat servers and for security and logging purposes the traffic is being forwarded from the Apache Reverse Proxies (whose traffic is incoming from a roundup Load Balancers).

Here is a short background history of why cipher suite change is necessery?

The application worked fine and was used by a desktop PCs, however since recently there is an existent Android and Apple Store (iOS) mobile phone application and the Android Applications are unable to properly handle the default served Apache Reverse Proxy cipher suite and which forced the client to ask for change in the default SSL cipher suite to:


By default, the way the client lists the cipher suites within its Client Hello will influence on Apache the selection of the cipher suite used between the client and server.

The current httpd.conf in Apache is configured so the ciphers for RP client cipher suite Hello transferred between Reverse Proxy -> Client are being provided in the following order:


1.    TLS_RSA_WITH_RC4_128_MD5
2.    TLS_RSA_WITH_RC4_128_SHA

This has to be inverted so:

becomes on the place of

A very good reading that helped me achieve the task as usual was Apache's official documentation about mod_ssl see here

So to fix the SSL/TLS cipher suite default served order use SSLCipherSuite and SSLHonorCipherOrder directives.


SSLCipherSuite directive is used to specify the cipher suites enabled on the server.
To dictate also  preferred cipher suite order directive and that's why you need SSLHonorCipherOrder directive (note that this is not available for older  Apache 2.x branch), the original bug for this directive can be seen within

For Example:



SSLHonorCipherOrder On




So here is my fix for changing the Ciphersuite SSL Crypt order (notice the TLS_DHE_RSA_WITH_AES_128_CBC_SHA being given as first argument):


SSLHonorCipherOrder On

if you want also to enable TLSv1.2 certificate cipher support you can use also:

SSLProtocol -all +TLSv1.2

SSLHonorCipherOrder on


# Old Commented configuration from my httpd.conf – no RC4, 3DES allowed


Because there was also requirement for a multiple of SSL cipher encryption (to support large range of both mobile and desktop computers and operating systems the final) cipher suite configuration in httpd.conf that worked for the client looked like so:



Once this was done the customer requested HTTP cookie restriction to be added to the same virtual host.
There initial request was to:

2. Set HTTP cookie secure flag and HttpOnly on every cookie that is not being accessed from Internal website JavaScript code

To make Apache Reverse Proxy to behave that way here is the httpd.conf config added to httpd.conf

# vim httpd.conf


   #Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
   Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

Finally an Apache restart was necessery

Share this on

Linux: /var/log/wtmp – No such file or directory quick fix and why it might be missing on a server

May 4th, 2017


If you have to occasionally log  into some client old inherited (not installed by you) Linux servers on and just out of curiosity and for security sake dediced do a quick security (last user login) evaluation, e.g. issued the
last command just to find out you get the error:

last: /var/log/wtmp: No such file or directory

Perhaps this file was removed by the operator to prevent logging last info.

Then this might be a sure indicator that some malicious script kiddie (hax0r) activity has been run over the server or the ex-system administrator if fired recently decided to wipe out all his login tracks among with installing some other nasty rootkit or backdoor.

Under some circumstances the error might be caused also by badly written end user rotate script bugs (like shell or perl script) bugs or by a buggy deployment of Linux OS virtual machine.
The last: /var/log/wtmp: No such file or directory error is likely to happen on Ubuntu / Debian / Redhat / CentOS Linux distributions running on a Cloud PaaS service such as Amazon EC2, some of the Cloud services vendors do choose to explicitly remove /var/log/wtmp for the reason that many of end customers are using their Linux VM servers (Xen Virtualization / OpenVZ / LXC – Linux Containers) etc. irresponsibly and hence become a victim of script kiddie attacks and the failed logins attempts logged in /var/log/wtmp grow to many gigabytes.

Even some Linux distributions or system administrators of Linux server login hosts that has to keep tens of thousands of  login records monthly or are concentrating on simplicity and on an attempt to reduce size has purposefully deleted the last login entry file /var/log/wtmp file to save space.

But anyways if you happen to be missing this file always bear in mind that you might have been a victim of intrusion and you better run chkrootkit and rkhunter

Run below commands to fix the missing /var/log/wtmp

touch /var/log/wtmp
chmod 0664 /var/log/wtmp
chown root:utmp /var/log/wtmp

On some Linux distributions such as Ubuntu and Fedora you might also want to create /var/log/btmp (which is used to log failed login attempts to server)

touch /var/log/btmp
chmod 0664 /var/log/btmp
chown root:utmp /var/log/btmp

Once the files are created the last command will start logging server in logins and logouts as it is supposed to be again, e.g.:

linux:~# last -15
root pts/0 Fri May 5 16:41 still logged in

This article was inspired by a prior article found on the site is in Bulgarian so unfortunately you might not be able to read it, but as a content and concept it is pretty similar to, actually the site author Nikolay Nikolov (known in Internet Relay Chat IRC under the pseudonym Joni-B, happened to be an old friend from youth geek IT years 🙂


Share this on

Play the Dangerous Dave old arcade classic on iPhone, iPad and Android Smartphone – Dangerous Dave 1990’s computer arcade classic Mario like game phone Application

April 27th, 2017


I still remember the good old times with my 16 Bit Desktop Personal Computer Parvetz 8086 CPU where one of the most favourite games I used to play a computer substitute for Mario for DOS operation system was Dangerous Dave 2 (DDAVE.EXE) an arcade game classic game from the distant year 1990 authored by a whiz kid which later become world famous Computer game Programmer John Romero mostly known for being a cofounder of Game creation comppany ID Software  which authored the 3D Shooter genesis classics such as Wolfenstein 3D, Spear of Destiny, DOOM I and DOOM II HeXen I / II, QUAKE I,  QUAKE II, QUAKE II as well as some absolute arcade classics as Commander Keen 4 🙂

As John Romero shared himsef the game is actually inspired by Super Mario Bros so he decided to create a kinda of computer remake of the game in his teenage years and he did a great job yeah 🙂

There are similarities between Super Mario and Dangerous Dave as both have  the secret levels, the level design, the monsters, and the jump all around collecting cups with a final aim to end up in the level exit door.

The game was originally developed for Apple II and later reworked and ported to DOS and because of it is immerse popularity Dave 2, 3 and 4 come out short

The game is really awesome and worths all praise, I was nicely surprised to find out Dangerous Dave amazing game is available for Iphone 5, 5S and Iphone 6 right into Appstore

Here is the awesome Dangerous DAVE Iphone port description:

"Dave is a redneck on a rampage to reclaim his stolen trophies from the town bully, Clyde! Dangerous Dave is back in his classic adventure in the Deserted Pirate's Hideout. This recreation of the original 1990 DOS game is just as action-packed and difficult as the original! There are only 10 levels, but, wow, are they hard. "


I have to say the game controls are pretty much amazing and the game controls even though reimplemented on the Iphone touch screen device are truly amazing so gameplay resembles pretty much the Computer original game keyboard controls and in a sense the touch screen controls are a little bit more convenient.

The iOS Dave port is pretty nice and updated version is also available which is possible to be chosen on Game entry screen so you either play classic mode or you play the Dave in the Deserted pirated hideout updated version and sound Dave remake, below is a screenshot of the updated GUI version:


Dave in the deserted pirate hideout Updated GUI shot by Alfonso Romero – level 1


Dave in the deserted pirate hideout Updated GUI shot by Alfonso Romero – level 2


Actually Dangerous Dave is also available for Android Smartphone devices even though the controllers suck a lot compared to the Iphone version if you happen to own an Android OS phone check here 

For those who don't own an Iphone or Android SmartPhone (lucky you) you can also play Dangerous Dave online via DOSBox Web emulation from this URL


For those who prefer to play Dangerous Dave as a standalone desktop application as in the good old times on Windows 7 / 8, 8.1 and Windows 10 both on 32 and 64 bits platform you can download it (as of moment of writting article) from here

A mirrored version of Dangerous Dave for Windows 7/8/10 on in case if it disappears in future check here.

Our generation people born in 1983-1986 who are now about 33 years old has grown up with this game and I'm pretty sure if you happen to be one of those people will truly enjoy to replay the quick 10 game levels and remind the fuzzy computer arcade games age when every growing kid like me was obsessed with the idea to play and complete as much as games possible with countless nights in front of the Green and Black screen and later on SVGA screens geeking on and on loosing idea of time and space and being completely sunk by the game.


Happy gaming ! 🙂

Share this on