Tag Archives: MacOS X

MacOS X and split

Split, on Mac OS X, doesn’t have the -d option to number files. This is a right royal pain when you are splitting up a dd image as I couldn’t figure out how to get either XWays Forensics or EnCase to accept the split image when suffixed with aaa, aab, aac etc. First time out of the gate I just paid a child to sit and re-number the lot for me ( which cost me £5 – but saved my sanity ), but for future reference and to save my financial status here is a (albeit long) one liner for the command line that will take any three letter suffixed filename & change it to the corresponding numerical value. (There are probably cleaner ways of doing this – feel free to let me know and I’ll be happy to update them here).

ls test.dd.* | awk 'BEGIN {FS="\\."}{print $3 ":" $0}' | 
awk -v FS="" '{ convert="abcdefghijklmnopqrstuvwxyz" } { first=index(convert,$1); 
second=index(convert,$2); third=index(convert,$3); 
printf "test.dd.%03d:", (third + (26 * ( second - 1 )) + ( 676 * ( first - 1 ))); print $0 }' | 
awk -v FS=":" '{print$3 " " $1}' | xargs -n 2 mv

Note that this has the output filename hard coded (test.dd.000). 

So this takes all the files test.dd.aaa, test.dd.aab, test.dd.aac etc. and converts them to test.dd.001, test.dd.002, test.dd.003. So, this will work for any number of files up-to and including zzz which is 17,576 – but extending it further wouldn’t be a particularly challenging task…

Tagged , , , , , ,

SSh Tunnelling for fun and profit …

Firewalls are good – firewalls that are outside of your control, aren’t. I’ve been working with a client to install a network monitoring device within their network – unfortunately they have no sensible way of giving me access to it through the firewall – no available routable IPs, no port forwarding, nothing useful what so ever. This has somewhat cramped my style – making it a pain to get to the device in any way other than being in their offices. Well, I had to be there for a few days anyway – but I finally got round to implementing the solution to the problem today. I’ve used SSh tunnels for over 15 years now, originally between university Unix boxes and Linux servers at the ISP that I worked for part-time so that I could do things all round ( Uni work in the office, office work from Uni … both from home via dial-up to work … nothing from the student union because mobile computing hadn’t been invented & the beer was cheap … ) – and every so often I end up revisiting them to either (a) bypass other people’s security controls or (b) to tunnel unencrypted protocols over a secure channel. The really nice thing about SSh tunnelling is that it is actually pretty platform agnostic – PuTTY & Cygwin on Windows, MacOS X, Linux, UNIX and even Android – all have support for it one way or another.

I have always admired the programmers virtues, despite not being a programmer myself much – I feel that they should apply to all who work in IT – laziness, impatience and hubris. And in the spirit of the first, on this occasion, rather than reading the man pages and trying to recall how it all hangs together – I went to the ultimate lazy resource ( Google ) and found this script here:


# $REMOTE_HOST is the name of the remote system

# $REMOTE_PORT is the remote port number that will be used to tunnel
# back to this system

# $COMMAND is the command used to create the reverse ssh tunnel
COMMAND="ssh -q -N -R $REMOTE_PORT:localhost:22 $REMOTE_HOST"

# Is the tunnel up? Perform two tests:

# 1. Check for relevant process ($COMMAND)
pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND# 2. Test tunnel by looking at "netstat" output on $REMOTE_HOST
ssh $REMOTE_HOST netstat -an | egrep "tcp.*:$REMOTE_PORT.*LISTEN" \
   > /dev/null 2>&1
if [ $? -ne 0 ] ; then
   pkill -f -x "$COMMAND"

This, coupled with a cron job to run it every five minutes and shared keys mean that my tunnel now remains open on my server, allowing me to get in remotely, fiddle with things move files etc. etc. etc.

Ironically, though, rather than making my life easier this now means that I can worry about what it is doing at 3am _and find out_ !

Tagged , , , , , , , , ,