Archive for September, 2017

ipython – quick introduction

ipython tutorial and how to delete sensitive data from history

ipython is program which allows you to run python code in an interactive shell. Although Python itself when run from CLI opens an interactive shell as well, ipython is much more powerful and greatly improves your productivity. Some of the things you can do with ipython but not the default python shell is command or code and file name completion, view history, copy/paste a single or multiline code, nicely colored help with in the shell, run Linux commands such as ls or cat, scroll up/down to previous commands, automatically adds spaces after you press enter, etc.

Installation

pip install ipython

Quick demo
Start ipython by typing the

ipython

command in your CLI –

daniel@lindell:/tmp$ ipython
Python 2.7.12 (default, Nov 19 2016, 06:48:10) 
Type "copyright", "credits" or "license" for more information.

IPython 5.4.1 -- An enhanced Interactive Python.
?         -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help      -> Python's own help system.
object?   -> Details about 'object', use 'object??' for extra details.

In [1]: print('ipython')
ipython

In [2]: 

With in the ipython interactive shell you can run any python code, let us walk through some examples –


  In [1]: x=2

In [2]: x
Out[2]: 2

In [3]: mylist=[1,2,3,4,5]

In [4]: [i**3 for i in mylist]
Out[4]: [1, 8, 27, 64, 125]

In [5]: with open('/etc/hosts') as fp:
   ...:     for line in fp:
   ...:         if 'localhost' in line:
   ...:             print line
   ...:             
127.0.0.1	localhost

::1     ip6-localhost ip6-loopback


In [6]: ls /opt/
ansible/  google/  vagrant/

In [7]: 

Go back to previously typed commands / History
With ipython, you can either press the UP arrow key or type

 history 

command to view history. ipython keeps session history as well as all input and output lines in a SQLite file which is located in

~/.ipython/profile_default/history.sqlite 

You can view and modify this file using

sqlite3

tool –

daniel@lindell:/tmp$ sqlite3 ~/.ipython/profile_default/history.sqlite
SQLite version 3.11.0 2016-02-15 17:29:24
Enter ".help" for usage hints.
sqlite> .schema
CREATE TABLE sessions (session integer
                        primary key autoincrement, start timestamp,
                        end timestamp, num_cmds integer, remark text);
CREATE TABLE history
                (session integer, line integer, source text, source_raw text,
                PRIMARY KEY (session, line));
CREATE TABLE output_history
                        (session integer, line integer, output text,
                        PRIMARY KEY (session, line));
sqlite> 

Deleting sensitive data from history
You can delete any line from history by using SQL. First use SELECT statement to find the line number and then use DELETE statement to delete it. In this example, we are deleting line number 10 from the history table –

sqlite> select * from history;
sqlite> .schema history
CREATE TABLE history
                (session integer, line integer, source text, source_raw text,
                PRIMARY KEY (session, line));
sqlite> delete from history where line=10;

References –
https://ipython.org/
http://www.sqlitetutorial.net/sqlite-delete/

How to mount a raw disk image

Mount partition from a raw disk image

In this post, I will share how you can mount a raw disk image such as an image generated with dd. Raw disk image or RAW Image Format is a bit-for-bit copy of disk data, without any metadata information on files. In Linux, dd is a popular tool for data transfer by duplicating entire disk for instance. Let us create a disk image of a mount with an EXT3 file system –

[root@kauai src]# dd if=/dev/sdb of=disk.img 

7233761+0 records in
7233760+0 records out
3703685120 bytes (3.7 GB) copied, 236.166 s, 15.7 MB/s

[root@kauai src]# ls -alh disk.img 
-rw-r--r--. 1 root root 3.5G Jan 15 18:44 disk.img

We have copied a mount with multiple files into a single disk.img file which we can copy to another system. Now let us examine the raw disk layout, that we can use to mount as a file system –

[root@kauai src]# fdisk -lu disk.img 
You must set cylinders.
You can do this from the extra functions menu.

Disk disk.img: 0 MB, 0 bytes
124 heads, 62 sectors/track, 0 cylinders, total 0 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xdebbbd93

   Device Boot      Start         End      Blocks   Id  System
disk.img          630416      945623      157604   83  Linux

As we can see the raw disk has 512 byte size sectors and it starts at offset 630416, given this information we can use mount command to mount the disk image –

[root@kauai src]# mount -o loop,offset=$((630416*512)) disk.img /mnt/hdisk/
[root@kauai src]# ls -al /mnt/hdisk/
total 37
drwxr-xr-x. 3 root root  1024 Jan 15 18:39 .
drwxr-xr-x. 4 root root  4096 Nov 17 20:04 ..
-rw-r--r--. 1 root root    15 Jan 15 18:39 file21
-rw-r--r--. 1 root root    15 Jan 15 18:39 file22
-rw-r--r--. 1 root root    15 Jan 15 18:39 file23
-rw-r--r--. 1 root root    15 Jan 15 18:39 file24
-rw-r--r--. 1 root root    15 Jan 15 18:39 file25
-rw-r--r--. 1 root root    15 Jan 15 18:39 file26
-rw-r--r--. 1 root root    15 Jan 15 18:39 file27
-rw-r--r--. 1 root root    15 Jan 15 18:39 file28
-rw-r--r--. 1 root root    15 Jan 15 18:39 file29
-rw-r--r--. 1 root root    15 Jan 15 18:39 file30
drwx------. 2 root root 12288 Jan 15 18:37 lost+found

[root@kauai src]# cat /mnt/hdisk/file26 
File number 26

Here we were able to mount the disk image and be able to read the content of one of the text files.

References –

https://en.wikipedia.org/wiki/Dd_(Unix)

https://linux.die.net/man/8/mount