Wednesday, September 30, 2009

Install and Configure Cacti Network Graphing Tool on RedHat / CentOS

How do I install and configure common options to collect SNMP data and various other data (such as system load, network link status, hard disk space, logged in users etc) into an RRD?

From the official project site:
Cacti is a complete frontend to RRDTool, it stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering. There is also SNMP support for those used to creating traffic graphs with MRTG.
Cacti is a network graphing tool which uses MRTG.

Required software

You need to install the following software on RHEL / Fedora / CentOS Linux:
  1. MySQL Server : Store cacti data.
  2. NET-SNMP server - SNMP (Simple Network Management Protocol) is a protocol used for network management.
  3. PHP with net-snmp module - Access SNMP data using PHP.
  4. Apache / lighttpd / ngnix webserver : Web server to display graphs created with PHP and RRDTOOL.

Install the software

Login as root user and type the following command to install mysql, apache and php:
# yum install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd

Configure MySQL server

First, set root password:
# mysqladmin -u root password NEWPASSWORD

Create cacti MySQL database

Create a database called cacti, enter:
# mysql -u root -p -e 'create database cacti'

Create a user called cacti with a password called cactipass (or one of your choosing), enter:
# mysql -u root -p
mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'cactipass';
mysql> FLUSH privileges;
mysql> \q

Install snmpd

Type the following command to install net-snmpd
# yum install net-snmp-utils php-snmp net-snmp-libs

Configure snmpd, open /etc/snmp/snmpd.conf
# vi /etc/snmp/snmpd.conf

Append / modify it as follows (see snmpd.conf man page for details):
com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included  .1                               80
access MyRWGroup ""      any       noauth    exact  all    all    none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (configure /etc/snmp/snmp.local.conf)
pass . /usr/bin/ucd5820stat

Save and close the file. Turn on snmpd service:
# /etc/init.d/snmpd start
# chkconfig snmpd on

Make sure you are getting information from snmpd:
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

Sample ouptut:
IP-MIB::ipAdEntIfIndex. = INTEGER: 2
IP-MIB::ipAdEntIfIndex.67.yy.zz.eee = INTEGER: 3
IP-MIB::ipAdEntIfIndex. = INTEGER: 1

Install cacti

First, make sure EPEL repo is enabled. Type the following command to install cacti:
# yum install cacti

Install cacti tables

Type the following command to find out cacti.sql path:
# rpm -ql cacti | grep cacti.sql

Sample output:

Type the following command to install cacti tables (you need to type the cacti user password):
# mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.7d/cacti.sql

Configure cacti

Open /etc/cacti/db.php file, enter:
# vi /etc/cacti/db.php

Make the following changes:
/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "cactipass";
$database_port = "3306";
Save and close the file.

Configure httpd

Open /etc/httpd/conf.d/cacti.conf file, enter:
# vi /etc/httpd/conf.d/cacti.conf

You need to update allow from line. Either set to ALL or your LAN subnet to allow access to cacti:
# Cacti: An rrd based graphing tool
Alias /cacti    /usr/share/cacti

        Order Deny,Allow
        Deny from all
        Allow from

Another option is create /usr/share/cacti/.htaccess file and password protect the directory. Finally, restart httpd:
# service httpd restart

Setup cacti cronjob

Open /etc/cron.d/cacti file, enter:
# vi /etc/cron.d/cacti

Uncomment the line:
*/5 * * * *     cacti   /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Save and close the file.

Run cacti installer

Now cacti is ready to install. Fire a webbrowser and type the url:


Just follow on screen instructions. The default username and password for cacti is admin / admin. Upon first login, you will be force to change the default password.

How do I configure SNMP data collection?

SNMP can be used to monitor server traffic. Once installed login to cacti.
=> Click on Devices
=> Select Localhost
=> Make sure SNMP options are selected as follows:
Fig.01: SNMP configuration
Fig.01: SNMP configuration
Finally, click on Save button.

How do I create SNMP graphs?

Click on "Create Graphs for this Host" link on top right side.
Select SNMP - Interface Statistics
Select a graph type (such as In/Out bytes with total bandwidth)
Finally, click on Create button.

How do I view graphs?

To view graphs click on Graphs tab. Here is sample graph from one my own box:
Fig.02: Cacti in Action - Memory, CPU and Network Usage
Fig.02: Cacti in Action - Memory, CPU and Network Usage

(Fig.02: Cacti in action)
Fig.03: Cacti in Action Disk, Load average and User stats
Fig.03: Cacti in Action Disk, Load average and User stats

See also Multi-CPU Utilization Graphing in Cacti.

Backtrack 4 – USB/Nessus Boot with Persistent Changes

This how-to will show you a method for building a USB thumb drive with the following features:
  • Persistent Changes – Files saved and changes made will be kept across reboots.
  • Nessus and NessusClient installed – Everybody needs Nessus
  • Encryption configured (Note: This is not whole drive encryption)
Tools and Supplies
  1. A USB thumbdrive – minimum capacity 4GB
  2. A Backtrack 3 CDROM, Backtrack 4 DVD or an additional USB thumbdrive  (minimum 2GB) – Used to partition the thumbdrive.
  3. Optional: UNetbootin – A tool to transfer an iso image to a USB drive.
Download the Backtrack 4 Pre Release ISO here.

This tutorial is based on booting Backtrack 4 first. This means that you need some form of bootable Backtrack 4 media. This can be a virtual machine, DVD, or USB drive. Use your favorite method of creating a DVD or USB drive or you can use UNetBootin to create the thumb drive.  Below is a screenshot of using UnetBootin to install Backtrack 4 on a USB drive.

Installing Backtrack 4 with UnetBootin

It is as simple as selecting the image we want to write to the USB drive, the drive to write it to, and then clicking the ‘OK’ button. Warning: Make sure you pick the correct destination drive.

Partition the USB thumbdrive
The first step is to boot up Backtrack 4.  With the release of Backtrack 4 Final, a 4 GB drive is required if we are going to enable persistence.  For Backtrack 3 and Backtrack 4 Beta, we could get away with a 2GB drive.  We will also need to figure out which drive is our target drive. The following command will show the drives available and you can determine from that which is the new USB drive:
dmesg | egrep hd.\|sd.
We need to partition and format the drive as follows:
  1. The first partition needs to be a primary partition of at least 1.5 GB and set to type vfat. Also remember to make this partition active when you are creating it. Otherwise you might have some boot problems.
  2. The second Partition can be the rest of the thumb drive.
Below are the steps to take to get the drive partitioned and formatted. These steps are taken from this video on Offensive Security website. A ‘# blah blah‘ indicates a comment and is not part of the command and user typed commands are bolded. One note, we will need to delete any existing partitions on the drive.
fdisk /dev/sda # use the appropriate drive letter for your system
# delete existing partitions. There may be more than one.
Command (m for help): d
Partition number (1-4): 1
# create the first partition
Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
Partition number (1-4): 1
First cylinder (1-522, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-522, default 522): +1500M
#create the second partition
Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
Partition number (1-4): 2
First cylinder (193-522, default 193):
Using default value 193
Last cylinder, +cylinders or +size{K,M,G} (193-522, default 522):
Using default value 522
# Setting the partition type for the first partition to vfat/fat32
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): b
Changed system type of partition 1 to b (W95 FAT32)
# Setting the partition type for the second partition to Linux
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 83
# Setting the first partition active
Command (m for help): a
Partition number (1-4): 1
Command (m for help): w
# now it is time to format the partitions
mkfs.vfat /dev/sdb1
mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2

Two things to notice above in the format commands; 1) we are using ext3 instead of ext2 and 2) you must include the -L casper-rw portion of the command. Being able to use ext3 is great because of journaling. The -L casper-rw option helps us get around the problem we had where we had to enter the partition name in order to get persistence working. As you will see, that is no longer necessary.  So go ahead and partition and format the drive according the layout above.

Make it a bootable Backtrack 4 USB thumb drive
  1. Mount the first partition.
  2. Copy the Backtrack files to it.
  3. Install grub.
Following are the commands to execute. Again, ‘#’ denote comments and user typed commands are in bold.
# mount the first partition, sda1 in my case.
mkdir /mnt/sda1
mount /dev/sda1 /mnt/sda1

# copy the files, you will need to find where the ISO is mounted on your system.
cd /mnt/sda1
rsync -r /media/cdrom0/* .

# install grub
grub-install –no-floppy –root-directory=/mnt/sda1 /dev/sda
That’s it. We now have a bootable Backtrack 4 USB thumb drive.

Persistent Changes
This is done much differently and more easily than it was in Backtrack 4 Beta or Backtrack 3. First of all, for basic persistence, we don’t have to do anything at all. There is already a menu option that takes care of it for us. Unfortunately, it is only for console mode so we need to make a couple changes.  We want to do the following things:
  1. Change the default boot selection to persistent.
  2. Set the resolution for our gui.
To do so, do the following. Again, ‘#’ …comment….user typed…blah blah.
cd /mnt/sda1/boot/grub
vi menu.lst
# change the default line below to ‘default 4' and append ‘vga=0×317' (that’s a zero) to the kernel line to set the resolution to 1024×768
# By default, boot the first entry.
default 4
title                Start Persistent Live CD
kernel           /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0×317
initrd            /boot/initrd.gz
Here is my entire menu.lst file for reference.
# By default, boot the first entry.
default 4
# Boot automatically after 30 secs.
timeout 30
title                Start BackTrack FrameBuffer (1024×768)
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0×317
initrd                /boot/initrd.gz
title                Start BackTrack FrameBuffer (800×600)
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0×314
initrd                /boot/initrd800.gz
title                Start BackTrack Forensics (no swap)
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw vga=0×317
initrd                /boot/initrdfr.gz
title                Start BackTrack in Safe Graphical Mode
kernel                /boot/vmlinuz BOOT=casper boot=casper xforcevesa rw quiet
initrd                /boot/initrd.gz
title                Start Persistent Live CD
kernel                /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0×317
initrd                /boot/initrd.gz
title                Start BackTrack in Text Mode
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent textonly rw quiet
initrd                /boot/initrd.gz
title                Start BackTrack Graphical Mode from RAM
kernel                /boot/vmlinuz BOOT=casper boot=casper toram nopersistent rw quiet
initrd                /boot/initrd.gz
title                Memory Test
kernel                /boot/memtest86+.bin
title                Boot the First Hard Disk
root                (hd0)
chainloader +1
Reboot and either select “Start Persistent Live CD” or just wait since we set it to auto-boot to persistent mode. To test it, create a file and reboot again. If your file is still there, everything is golden.

Install Nessus
Download the Ubuntu Nessus and NessusClient packages from nessus.org. The 32-bit 8.10 version worked fine for me.  Again, with Backtrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.
dpkg install Nessus-4.0.2-ubuntu810_i386.deb
Things used to be a little bit more complicated for the client, but with the release of the pre-final version, it is just as easy as installing as the server.
dpkg install NessusClient-4.0.2-ubuntu810_i386.deb
Finally it’s time to configure Nessus. Execute each of the following and follow the prompts. My entries are below for fun.
#create server certificate
This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]:US
Your state or province name [none]:Confused
Your location (e.g. town) [Paris]:Somewhere In Time
Your organization [Nessus Users United]:
Congratulations. Your server certificate was properly created.
# add user
Login :Me
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus ‘admin’ user ? (can upload plugins, etc…) (y/n) [n]:y
User rules
nessusd has a rules system which allows you to restrict the hosts
that Me has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login             : Me
Password         : ***********
This user will have ‘admin’ privileges within the Nessus server
Rules             :
Is that ok ? (y/n) [y]y
User added
We want to disable Nessus starting at boot. We are going to do some things a little later than require that Nessus not be running at boot.
/usr/sbin/update-rc.d -f nessusd remove
This command does not remove the Nessus start scripts. It only removes the links that cause Nessus to start at boot time.
The next thing we need to do is register our installation so we can get the plugin feed. You need to go here and request a key. That is a link to the free feed for home use. Use appropriately.
Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.
/opt/nessus/bin/nessus-fetch register [your feed code here]
When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.0, while the command to start returns quickly, the actual starting of the service may take a minute or two. In many cases, I have actually had to reboot before Nessus started working. You can use netstat -na to check that the server is listening on port 1241.
/etc/init.d/nessusd start

Configure Encryption
Since we are using this tool to poke at peoples networks and systems, with permission of course, it is very important that the information we find be protected. To do this, we are going to setup an encrypted volume that will eventually become our home directory.

This can be done with the gui or via command line. We will be using the gui because we need to be able to format the volume with ext3 and, as yet, I have not been able to figure out how to do that via the command line on linux.
Truecrypt Configuration (Time 0_00_12;24)
Truecrypt Configuration (Time 0_00_16;18)
Truecrypt Configuration (Time 0_00_28;12)
Truecrypt Configuration (Time 0_00_28;12)
Truecrypt Configuration (Time 0_00_29;00)
Truecrypt Configuration (Time 0_00_41;18)
Truecrypt Configuration (Time 0_00_44;24)
Truecrypt Configuration (Time 0_00_50;18)

You will get a message that the volume was successful created. Click on the ‘OK’ button, then exit the Truecrypt gui, both the ‘Create Volume’ windows and the main windows. We want to be back at the command prompt at this point.

If you want to test the your filesystem, execute the following, note the -k ” is two single quotes, not a double quote:
truecrypt -t -k ” protect-hidden=no /my_secret_stuff /media/truecrypt1
cd /media/truecrypt1
df .

This will show that the volume is mounted and the amount of disk space you have left. Our next step is to have this volume mounted when we log in. We do this by editing the root user’s .profile file. Add the truecrypt command above to root’s .profile so it looks like this:
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc

truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1

mesg n
The next time you reboot you will be asked for the password for the volume and it will be mounted for you.

Now it is time to tweak a few tings

Tweak a few things
The first thing we are going to do is go ahead and configure networking to start at boot time. It’s convenient and easy to disable if we need to. All we have to do is execute the following command.
/usr/sbin/update-rc.d networking defaults
Next thing we want to do is make sure all our tools and the system itself is up-to-date. First execute the following:
apt-get update
This is update the software repository information. Next, execute the this command:
apt-get upgrade
The system will determine if there is anything that needs to be updated and then prompt you to continue. Individual packages can be updated by including the package name after upgrade.
This next bit is interesting and I was surprised it worked. We are going to reset the root user’s home directory during the login process to the mounted truecrypt volume. This will ensure that anything written to the home directory will be encrypted.  The following commands will set this up for us:
cd /media/truecrypt1
rsync -r –links /root/ .
# add the bold lines below
vi /root/.profile
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc

truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1

export HOME=/media/truecrypt1
export HISTFILE=/media/truecrypt1/.bash_history


mesg n
The next time you reboot, when you are finally in the system, your home directory will be /media/truecrypt1.
There is one last thing we want to do. We want to change nessus to log to the encrypted volume. This is very easy. The file that controls this is /opt/nessus/etc/nessus/nessusd.conf. We need to create a place for the log files to go. So execute the following
cd /media/truecrypt1
mkdir -p nessus/logs
Once you have done that, edit the /opt/nessus/etc/nessus/nessusd.conf file and change this:
# Log file :
logfile = /opt/nessus/var/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /opt/nessus/var/nessus/logs/nessusd.dump
to this:
# Log file :
logfile = /media/truecrypt1/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /media/truecrypt1/nessus/logs/nessusd.dump
That’s it. You are all done now.

BackTrack links

Tuesday, September 29, 2009

How to make Backtrack 4 boot from USB

In this article we will describe how we can make a USB Bootable drive for Backtrack 4 Linux distribution. The new release is based on Debian/Ubuntu and not on Slackware as it was used to be in earlier versions (Backtrack 3 and below).

In this article the UNetbootin Windows version tool has been used to demonstrate the above scenario.

Minimum USB Drive capacity 1 GB
Format the USB to FAT32


1. Download BT4 Beta ISO
2. Download UNetbootin to make our usb bootable
3. Run Unetbootin and select bt4-beta.iso for diskimage
4. Select USB Drive letter and click on OK to start making a bootable usb drive

After the creation process finishes restart your machine and boot from the new usb bootable drive created and enjoy Backtrack 4 Beta on your system.

Default Backtrack 4 username is root and password is toor.

Note: Be sure that your install the MBR on the USB drive by executing drive:\boot\bootinst.bat on your USB drive.


backtrack 4 usb thumb drive bootable
backtrack4 usb boot laptop
how to make bt4 bootable from usb

BackTrack links

Glossary of Amazon EC2 terms

Amazon machine image (AMI)
An Amazon Machine Image (AMI) is an encrypted machine image stored in Amazon S3. It contains all the information necessary to boot instances of your software.

Amazon EBS
A type of storage that enables you to create volumes that can be mounted as devices by Amazon EC2 instances. Amazon EBS volumes behave like raw unformatted external block devices. They have user supplied device names and provide a block device interface. You can load a file system on top of Amazon EBS volumes, or use them just as you would use a block device.

Availability Zone
A distinct location within a region that is engineered to be insulated from failures in other Availability Zones and provides inexpensive, low latency network connectivity to other Availability Zones in the same region.

compute unit
An Amazon-generated measure that enables you to evaluate the CPU capacity of different Amazon EC2 instance types.

See Amazon EBS.

Elastic Block Store
See Amazon EBS.

elastic IP address
A static public IP address designed for dynamic cloud computing. Elastic IP addresses are associated with your account, not specific instances. Any elastic IP addresses that you associate with your account remain associated with your account until you explicitly release them. Unlike traditional static IP addresses, however, elastic IP addresses allow you to mask instance or Availability Zone failures by rapidly remapping your public IP addresses to any instance in your account.

ephemeral store
See instance store.

explicit launch permission
Launch permission granted to a specific user.

See security group.

instance store
Every instance includes a fixed amount of storage space on which you can store data. This is not designed to be a permanent storage solution. If you need a permanent storage system, use Amazon EBS.

instance type
A specification that defines the memory, CPU, storage capacity, and hourly cost for an instance. Some instance types are designed for standard applications while others are designed for CPU-intensive applications.

gibibyte (GiB)
a contraction of giga binary byte, a gibibyte is 2^30 bytes or 1,073,741,824 bytes. A gigabyte is 10^9 or 1,000,000,000 bytes. So yes, Amazon has bigger bytes.

See Amazon machine image.

Once an AMI has been launched, the resulting running system is referred to as an instance. All instances based on the same AMI start out identical and any information on them is lost when the instances are terminated or fail.

instance store
The disk storage associated with an instance. In the event an instance fails or is terminated (not simply rebooted), all content on the instance store is deleted.

Also known as a security group, groups define firewall rules that can be shared among a group of instances that have similar security requirements. The group is specified at instance launch.

launch permission
AMI attribute allowing users to launch an AMI

Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

paid AMI
An AMI that you sell to other Amazon EC2 users. For more information, refer to the Amazon DevPay Developer Guide.

private IP address
All Amazon EC2 instances are assigned two IP addresses at launch: a private address (RFC 1918) and a public address that are directly mapped to each other through Network Address Translation (NAT).

public AMI
An AMI that all users have launch permissions for.

public data sets
Sets of large public data sets that can be seamlessly integrated into AWS cloud-based applications. Amazon stores the data sets at no charge to the community and, like all AWS services, users pay only for the compute and storage they use for their own applications. These data sets currently include data from the Human Genome Project, the U.S. Census, Wikipedia, and other sources.

public IP address
All Amazon EC2 instances are assigned two IP addresses at launch: a private address (RFC 1918) and a public address that are directly mapped to each other through Network Address Translation (NAT).

A geographical area in which you can launch instances (e.g., US, EU).

A collection of instances started as part of the same launch request.

Reserved Instance
An additional Amazon EC2 pricing option. With Reserved Instances, you can make a low one-time payment for each instance to reserve and receive a significant discount on the hourly usage charge for that instance.

security group
A security group is a named collection of access rules. These access rules specify which ingress (i.e., incoming) network traffic should be delivered to your instance. All other ingress traffic will be discarded.

shared AMI
AMIs that developers build and make available for other AWS developers to use.

Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

Amazon EBS provides the ability to create snapshots or backups of your Amazon EBS volumes and store them in Amazon S3. You can use these snapshots as the starting point for new Amazon EBS volumes and to protect your data for long term durability.

supported AMIs
These AMIs are similar to paid AMIs, except that you charge for software or a service that customers use with their own AMIs.

tebibyte (TiB)
a contraction of tera binary byte, a tebibyte is 2^40 bytes or 1,099,511,627,776 bytes. A terabyte is 10^12 or 1,000,000,000,000 bytes. So yes, Amazon has bigger bytes.

Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

Amazon Elastic Compute Cloud (EC2) Command Line Tools Reference

The Amazon Elastic Compute Cloud Command Line Tools Reference Guide provides the syntax, a description, options, and usage examples for each command line tool. This section describes who should read this guide, how the guide is organized, and other resources related to Amazon Elastic Compute Cloud.

The Amazon Elastic Compute Cloud is occasionally referred to within this guide as simply "Amazon EC2"; all copyrights and legal protections still apply.

View guide here.

Amazon Elastic Compute Cloud
Command Line Tools Reference (straight to the meat and potatoes)

Sunday, September 27, 2009

How to install Cacti on Debian or Ubuntu

Cacti is a web based PHP/MySql graphing solution using the RRDtool engine. Classically, it can graph network bandwidthes with SNMP. But in fact, a lot of different graphs can be done with snmp, shell or perl scripts.

Cacti’s strength lies in the fact that it can be installed and used incredibly easily. You don’t need to be a guru or spend tons of hours on the tool to configure it. Even a beginner can use it very quickly. On the very active Cacti forum, you can share “Cacti templates” with other users which can can save you a lot of time. You can very easily add plugins to the Cacti too enabling the possiblility to integrate other free tools like ntop or php weathermap. In our opinion, this is by far the best RRDtool frontend.

For details about how to use Cacti, see the very good Cacti Manual.
RRDtool is a program developed by the Swiss Tobi Oeticker who was already the creator of the famous MRTG. RRDtool is developed using the “C” programming language and it stores the collected data on “.rrd” files.

The number of records in a “.rrd” file never increases, meaning that old records are frequently removed. This implies that one obtains precise figures for recently logged data, whereas figures based on very old data are mean value approximations. By default, you can have daily, weekly, monthy and yearly graphs.
Some of the advantages of RRDtool over MRTG are the following:
  • it is much quicker
  • it can use negative values
  • it can use more than one data source in a graph
  • the generated graphes are very customizable
  • it can be used by a wide variety of front-ends such as Cacti
  • the RRDtool records stored in .rrd files keep the same size and do not increase.
The following programs are needed to run cacti:
  • apache2 for the web server
  • mysql-server for the database
  • php5 for the server-based script
  • php5-common
  • php5-cgi
  • php5-cli
  • php5-mysql
  • snmp – snmp tools used to collect data to the remote hosts
  • rrdtool – a perl script to format collected data to rrdtool files
  • php5-gd – the graphical library used by a Cacti plugin named php weathermap
Use apt-get to install the programs
#apt-get install apache2
#apt-get install mysql-server
#apt-get install php5
#apt-get install php5-common
#apt-get install php5-cgi
#apt-get install php5-cli
#apt-get install php5-mysql
#apt-get install snmp
#apt-get install rrdtool

#apt-get install cacti

You will have to configure the mysql settings through a little wizard.

At the end of the tutorial, a mysql database and user named cacti will be automatically created.

Now Cacti is ready to be used via: http://localhost/cacti The default login and password are admin.
Cacti will check if all the required tools are correctly installed.

Initial Cacti Configuration
Select "New Install"

Verify the required tools are correcty seen by cacti

Note that the poller.php script which send the requests to the remote hosts is lauched by the apache2 user, it means www-data.

To reconfigure cacti, use the following command:
#dpkg-reconfigure cacti

If you want to activate the poller manually run:
#/usr/share/cacti/site/php5 poller.php

Sometimes you need to activate it the first time, then it should run automatically every 5 minutes by default.

rrdtool install on debian

See also Multi-CPU Utilization Graphing in Cacti.

Friday, September 25, 2009

Where is ntbackup in Windows Server 2008?

Microsoft replaced the ntbackup.exe backup utility in 2008 and Vista with wbadmin.

Wbadmin enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.

To configure a backup schedule, you must be a member of the Administrators group. To perform all other tasks with this command, you must be a member of the Backup Operators or the Administrators group, or you must have been delegated the appropriate permissions.

You must run wbadmin from an elevated command prompt. (To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.)

For more information on wbadmin go to this Microsoft TechNet page.


The wbadmin command replaces the ntbackup command that was released with previous versions of Windows. You cannot recover backups that you created with ntbackup by using wbadmin. However, a version of ntbackup is available as a download for Windows Server 2008 and Windows Vista users who want to recover backups that they created using ntbackup. This downloadable version of ntbackup enables you to perform recoveries only of legacy backups, and it cannot be used on computers running Windows Server 2008 or Windows Vista to create new backups. To download this version of ntbackup, see http://go.microsoft.com/fwlink/?LinkId=82917.

Thursday, September 24, 2009

Amazon EBS Shared Snapshots

Today Amazon announced a new feature, "EBS Shared Snapshots":
Amazon EBS shared snapshots make it easy for you to share this data with your co-workers or others in the AWS community. With this feature, users that you have authorized can quickly use your Amazon EBS shared snapshots as the basis for creating their own Amazon EBS volumes. If you choose, you can also make your data available publicly to all AWS users. Because all the data is stored in the AWS cloud, users don’t have to wait for time consuming downloads, and can access it within minutes. You can quickly start sharing your data through the AWS Management Console by visiting the Snapshots section in the Amazon EC2 tab, or by leveraging the API Tools.
Please visit our Amazon EBS detail page for additional information on Amazon EBS shared snapshots and Amazon EBS and see our developer documentation for more information on the new API calls.

How to run Bucket Commander: A command line interface for Amazon S3

Bucket commander is a command line tool for Amazon S3.

Bucket Commander needs a configuration file, which can be created using Bucket Explorer's UI.

Bucket Commander takes three arguments. " -action " , " -authenticate ” and " -emailprofile ”

“ -emailprofile” is optional argument , you need to specify it only when you have configured the Email profile for getting report of Bucket Commander operations (Upload, Download and Copy) via Email.
Valid values for " -action " are:
  • upload
  • download
  • copy
To run Bucket Commander at least one credential should be saved.

In case of Single credential saved the authentication argument is optional.

For " -authenticate " specify the nick name that you see in "quick connect" drop down from Bucket Explorer's UI.
For Bucket Commander to work it needs config folder and .Lic file, i.e. bucketcommander.xml and bucketexplorer.xml . Upload /Download/Copy details are picked from the commander xml and authentication details are picked from bucketexplorer xml.

If BucketCommander.exe runs on different machines then it will not be able to decrypt credentials so it will prompt to update credentials, now you need to update credentials by giving Access Key and Secret Key .

For " -emailprofile " specify the profile name that you have saved in Email profile configuration from Bucket Explorer's UI.

How to send report with Bucket Commander

You can specify more than one Email Profile by comma separator for getting report of Bucket Commander operations via email to each specified profile.
An example of working command looks like:
Command on Windows
Bucketcommander.exe -action:upload/download/copy [-authenticate:nick-name][[-emailprofile:profilename1,profilename2]
Command on Linux
BucketExplorer.sh -action:upload/download/copy [-authenticate:nick-name][-emailprofile:profilename1,profilename2]
Note: On Linux you can open terminal from Applications->Accessories->Terminal in Finder
Command on Mac OSX
java -jar BucketExplorer.jar -action:upload/download/copy [-authenticate:nick-name][-emailprofile:profilename1,profilename2]
Note: On Mac OSX you can open terminal from Applications->Utilities->Terminal in Finder.

Download bucket explorer for windows, linux and mac osx

HTTP Redirection in IIS7 on Windows Server 2008 for Exchange 2007

I spent a couple hours over the past two days trying to figure out how to redirect requests from the root of my domain to the /owa directory. To boot I wanted to redirect HTTP to HTTPS. I needed to simplify the method of connecting to Outlook Web Access - basically make it ID10T-proof. This way users don't have to specify HTTPS or use the /owa directory. They can simply type mail.mydomain.com in their browser and voila, they are directed to the right location.

As with most things more than one way exists to skin this cat. The two most common ways I discovered (both of which have some limitations and problems) were to either use HTTP REDIRECT in IIS Manager, or to use a custom 403 error page.

The simplest and most elegant solution I found was to create a one-line default.asp file. Of course you have to have ASP installed/enabled on the server and default.asp needs to be in (preferably alone or at the top of) your default documents list.

Wait no longer - all you need in the default.asp file is:
<% Response.Redirect "https://mail.mydomain.com/owa" %>
That's it. It's that simple!

Now when your users access (http://)mail.mydomain.com they will magically and instantly be redirected to the secure and correct location of https://mail.mydomain.com/owa.

TreeSize Free - ever want to know how big various folders are?

Every hard disk is too small if you just wait long enough. TreeSize Free tells you where precious space has gone. TreeSize Free can be started from the context menu of a folder or drive and shows you the size of this folder, including its subfolders. You can expand this folder in Explorer-like style and you will see the size of every subfolder. Scanning is done in a thread, so you can already see results while TreeSize Free is working. The space, which is wasted by the file system, can be displayed and the results can be printed in a report. TreeSize Free is freeware for Windows 2000/XP/Vista.

Download TreeSize Free (here you can find the more powerful TreeSize Professional as well)

Sunday, September 20, 2009

Thursday, September 17, 2009

DenyHosts: Remove / Delete an IP address

How do I remove my own home IP address from DenyHosts?

Simply removing your IP from /etc/hosts.deny does not work since DenyHosts keeps track of the attempts in the /usr/share/denyhosts/data directory. In order to remove your IP address you will need to do the following.

Step # 1: Stop DenyHosts

# /etc/init.d/denyhosts stop

Step # 2: Remove Your IP From /etc/hosts.deny

# vi /etc/hosts.deny
Delete your IP address. Save and close the file.

Step # 3: Remove Your IP From /usr/share/denyhosts/data Directory

Cd to /usr/share/denyhosts/data
# cd /usr/share/denyhosts/data

You need to edit the following files using vi and remove the lines containing the IP address. Save the file.
  1. hosts
  2. hosts-restricted
  3. hosts-root
  4. hosts-valid
  5. users-hosts
If you've static IP address add to allowed-hosts file. Any IP address that appears in this file will not be blocked by default (consider this as a whilelist):
# echo '' >> allowed-hosts

Step # 4: Start DenyHosts

# /etc/init.d/denyhosts start

Wednesday, September 16, 2009

Hide your computer downloads in plain sight with this UPS Hack!

Pictures, movies, music, files, whatever! Nobody will even know it's there. Not your kids, your wife, a burglar - not even the... RIAA!

UPS Hack! Hide... - The best bloopers are here

Tuesday, September 15, 2009

List Of Stand Alone CDNs and Telcos/Carriers Offering CDN Services

The CDN space is growing tremendously, both in overall revenue and competition.

According to, "Video CDN Revenue Will Grow to Over $1.4 Billion by 2012:"
The preliminary data shows that the worldwide video CDN revenue will be a little more than $400 million in 2008, increasing at a Compound Annual Growth Rate [CAGR] of more than 30%. As the slide below shows, we expect the worldwide video CDN revenue to grow to more than $1.4 billion by 2012.

These numbers are very specific to revenue obtained for video delivery services by CDNs and does not include revenue from P2P based networks or any type of content outside of video. While the report, when released, will also break out P2P based revenue and include additional types of content like gaming, these numbers are for video delivery only. To obtain these numbers, we spoke to every major CDN provider in North America, Europe and Asia and obtained revenue numbers or guidance, from nearly every one, on what percentage of their revenue came from just video and from what region.
Here is a list of CDNs in the market, broken down between pure-play CDNs versus non pure-play vendors like carriers and telcos.

Pure-Play CDNs

Non Pure-Play CDNs

Monday, September 14, 2009

Uninstall the Annoying Windows Language Bar from the Windows Command Line

The lanuage bar can be uninstalled / removed / deleted / disabled completely by running the following command:
regsvr32.exe /u /s msutb.dll

Top 50 Text Terms Used in Business

AFAICAs Far As I'm Concerned
ASAPAs Soon As Possible
BHAGBig Hairy Audacious Goal
BOHICABend Over Here It Comes Again
CLMCareer Limiting Move
CYACover Your Ass -or- See Ya
DDDue Diligence
DQYDJDon't Quit Your Day Job
DRIBDon't Read If Busy
EODEnd Of Day -or- End Of Discussion
EOMEnd Of Message
EOTEnd Of Thread (meaning: end of discussion)
ESOEquipment Smarter than Operator
FREDF***ing Ridiculous Electronic Device
FUBARF***ed Up Beyond All Recognition
FYIFor Your Information
GMTAGreat Minds Think Alike
HIOOCHelp, I'm Out Of Coffee
IAITSIt's All In The Subject
IANALI Am Not A Lawyer
KISSKeep It Simple Stupid
LOPSODLong On Promises, Short On Delivery
MOTDMessage Of The Day
MTFBWYMay The Force Be With You
MYOBMind Your Own Business
NRNNo Reply Necessary
NSFWNot Safe For Work
NWRNot Work Related
OTPOn The Phone
P&CPrivate & Confidential
PDOMAPulled Directly Out Of My Ass
PEBCAKProblem Exists Between Chair And Keyboard
PITAPain In The Ass
QQQuick Question -or- Cry More
RFDRequest For Discussion
RFPRequest For Proposal
SBUGSmall Bald Unaudacious Goal
SMESubject Matter Expert
SNAFUSituation Normal, All F***ed Up
SSDDSame Sh** Different Day
STDSeal The Deal -or- Sexually Transmitted Disease
SWAGScientific Wild Ass Guess -and- SoftWare And Giveaways
TBATo Be Advised
TBDTo Be Determined
TWIMCTo Whom It May Concern
TIAThanks In Advance
WIIFMWhat's In It For Me
WOMBATWaste Of Money, Brains And Time
WTGWay To Go
YWYou're Welcome

View EC2 Instances via Command Line Using ec2-describe-instances

Running ec2-describe-instances from the command line where you have AWS developer tools installed will display information about running instances.

To view instances simply run ec2-describe-instances

To view detailed help information run ec2-describe-instances --help
     ec2din (ec2-describe-instances)
     Any command option/parameter may be passed a value of '-' to indicate
     that values for that option should be read from stdin.
     List and describe your instances
     The INSTANCE parameter is the instance ID(s) to describe.
     If unspecified all your instances will be returned.


     -K, --private-key KEY
          Specify KEY as the private key to use. Defaults to the value of the
          EC2_PRIVATE_KEY environment variable (if set). Overrides the default.

     -C, --cert CERT
          Specify CERT as the X509 certificate to use. Defaults to the value
          of the EC2_CERT environment variable (if set). Overrides the default.

     -U, --url URL
          Specify URL as the web service URL to use. Defaults to the value of
          'https://ec2.amazonaws.com' or to that of the EC2_URL environment
          variable (if set). Overrides the default.

     --region REGION
          Specify REGION as the web service region to use.
          This option will override the URL specified by the "-U URL" option and EC2_URL environment variable.

     -v, --verbose
          Verbose output.

     -?, --help
          Display this help.

     -H, --headers
          Display column headers.

          Display additional debugging information.

          Indicate empty fields.

     --connection-timeout TIMEOUT
          Specify a connection timeout TIMEOUT (in seconds).

     --request-timeout TIMEOUT
          Specify a request timeout TIMEOUT (in seconds).

Sunday, September 13, 2009

Linux: Force Users To Change Their Passwords Upon First Login

How can I force my Linux users to change their passwords upon the first login under CentOS / Debian Linux?

You can use any one of the following command to change user passwords upon the first login:
  • usermod command - Modify various user account properties including user password expiry information.
  • chage command - Change user password expiry information
Task: Use chage command to force users to chage their password upon first login

Use the following syntax: chage -d 0 <user-name>
chage -d 0 bubba
  • -d 0 : Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD. By setting it to zero, you are going to force user to change password upon first login.

Ntbackup command line parameters in Windows Server 2003

You can perform backup operations from the command prompt or from a batch file by using the ntbackup backup command followed by various parameters. You can access only the backup option from the command prompt. To restore files, use the Backup and Restore Wizard.

The ntbackup command uses the following syntax (see explanation of parameters below):

ntbackup backup [systemstate] "@FileName.bks" /J {"JobName"} [/P {"PoolName"}] [/G {"GUIDName"}] [/T { "TapeName"}] [/N {"MediaName"}] [/F {"FileName"}] [/D {"SetDescription"}] [/DS {"ServerName"}] [/IS {"ServerName"}] [/A] [/FU] [/V:{yes | no}] [/R:{yes | no}] [/L:{f | s | n}] [/M {BackupType}] [/RS:{yes | no}] [/HC:{on | off}] [/SNAP:{on | off}]

The following examples show how to use the ntbackup command to back up files and folders from the command line or by using a batch file. Note that if you do not specify an option, it applies the settings that you set in the graphical version of the backup program.

Example 1

ntbackup backup \\MyServer\c$ /m normal /j "Backup Job 1" /p "Backup" /n "Command Line Backup 1" /d "Command Line Functionality" /v:yes /r:no /l:s /rs:no /hc:on
This example creates a normal backup of the remote share \\MyServer\c$ and names it "Backup Job 1". It pulls a tape from the Backup media pool, and names the tape "Command Line Backup 1." You can substitute "Command Line Functionality" in the command with the actual description of your backup. This backup is verified after the backup job is complete. Access is not restricted to the owner or the administrator, and the logging level is set to "summary only." Remote Storage data is not backed up, and hardware compression is enabled.

Example 2

ntbackup backup d:\ /j "Backup Job 2" /a /t "Command Line Backup 1" /m copy
This example generates a copy backup of the local drive D:\ and names the backup "Backup Job 2". The backed up files and folders are added to the tape that is named "Command Line Backup 1."

Example 3

ntbackup backup "@C:\Program Files\Windows NT\ntbackup\data\commandline.bks" /j "Backup Job 3" /t "Command Line Backup 1" /n "Command Line Backup 2"
This example generates the type of backup that you specified in the graphical version of the Backup program. To specify the files that are backed up, this example uses the "Commandline.bks" backup selection file located in the C:\Program Files\Windows NT\Ntbackup\Data folder. The backup job is named "Backup Job 3". It overwrites the tape that is named "Command Line Backup 1" with the new name "Command Line Backup 2."

Example 4

The following three commands perform a backup to a file from the command line:
ntbackup backup \\MyServer\d$ /j "Command Line Backup 4" /f "D:\backup.bkf"
ntbackup backup \\MyServer\d$ /j "Command Line Backup 5" /f "D:\backup.bkf" /a
ntbackup backup \\MyServer\d$ /j "Command Line Backup 6" /f "D:\backup.bkf"
The first example shows how to backup \\MyServer\d$ to the file D:\Backup.bkf.  The second example shows how to append the same backup to the same file.  The third example shows how to overwrite the file with the same backup.

In all three examples, you can substitute a complete UNC name for the drive letter. For example, instead of d:\backup.bkf, you can use \\MyServer\d$\backup.bkf as the backup destination.

All three examples use the Backup program's default values for the backup type, verification setting, logging level, hardware compression, and any other restrictions.

To start the graphical version of the Backup program, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup.

Ntbackup Parameters
Switch: systemstate
Description: Specifies that you want to back up the System State data. When you select this option, the backup type will be forced to normal or copy.

Switch: @FileName.bks
Description: Specifies the name of the backup selection file (.bks file) to be used for this backup operation. The at (@) character must come before the name of the backup selection file. A backup selection file contains information about the files and folders you have selected for backup. You have to create the file using the graphical user interface (GUI) version of Backup.

Switch: /J {"JobName"}
Description: Specifies the Backup Job to be used in the backup report. The Backup Job generally describes the files and folders you are backing up in the current backup job.

Switch: /P {"PoolName"}
Description: Specifies the media pool where you want to use media. This is generally a subpool of the Backup media pool, such as 4mm DDS. If you select this you cannot use the /A, /G, /F, or /T command-line options.

Switch: /G {"GUIDName"}
Description: Overwrites or appends to this tape. Do not use this switch in conjunction with /P.

Switch: /T {"TapeName"}
Description: Overwrites or appends to this tape. Do not use this switch in conjunction with /P.

Switch: /N {"MediaName"}
Description: Specifies the new tape name. You must not use /A with this switch.

Switch: /F {"FileName"}
Description: Logical disk path and file name. You must not use the following switches with this

Switch: /P /G /T

Switch: /D {"SetDescription"}
Description: Specifies a label for each backup set.

Switch: /DS {"ServerName"}
Description: Backs up the directory service file for the specified Microsoft Exchange server.
Exchange version: The /DS switch works only with Microsoft Exchange Server 5.5. The /DS switch does not work with Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003.

Switch: /IS {"ServerName"}
Description: Backs up the Information Store file for the specified Microsoft Exchange server.
Exchange version: The /IS switch works only with Microsoft Exchange Server 5.5. The /IS switch does not work with Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003.

Switch: /A
Description: Performs an append operation. Either /G or /T must be used in conjunction with this switch. Do not use this switch in conjunction with /P.

Switch: /FU
Description: Enables a "file unbuffered" setting to bypass the cache manager. This change provides a number of benefits during the disk-to-disk backup process:
  • Sustainable throughput over time
  • Reduction in processor utilization: on average, peak utilization is reduced to 30 percent
  • Elimination of impacts to the system process during the backup job
Note The /FU switch is available only in the revised version of Ntbackup.exe that is included with Windows Server Service Pack 1. You can also obtain this revised version by downloading it as a hotfix. To do this, click the following article number to view the article in the Microsoft Knowledge Base:
839272  (http://support.microsoft.com/kb/839272/ ) System performance is negatively affected when Ntbackup.exe writes to a destination .bkf file

Switch: /V:{yes | no}
Description: Verifies the data after the backup is complete.

Switch: /R:{yes | no}
Description: Restricts access to this tape to the owner or members of the Administrators group.

Switch: /L:{f | s | n}
Description: Specifies the type of log file: f=full, s=summary, n=none (no log file is created).

Switch: /M {BackupType}
Description: Specifies the backup type. It must be one of the following: normal, copy, differential, incremental, or daily.

Switch: /RS:{yes | no}
Description: Backs up the migrated data files located in Remote Storage. You do not have to use the /RS command-line option to back up the local Removable Storage database (that contains the Remote Description: Storage placeholder files. When you back up the %Systemroot% folder, Backup automatically backs up the Removable Storage database also.

Switch: /HC:{on | off}
Description: Uses hardware compression, if available, on the tape drive.

Switch: /SNAP:{on | off}
Description: Specifies whether the backup must use a volume shadow copy.

Note The SNAP switch is ignored in Microsoft Windows Server 2003 Service Pack 1 (SP1) and in later versions.

Switch: /M {BackupType}
Description: Specifies the backup type. It must be one of the following: normal, copy, differential, incremental, or daily.

Switch: /?
Description: Displays help at the command prompt.

Keeping Backtrack up-to-date

Updating & Upgrading Backtrack
/usr/bin/apt-get -y update
/usr/bin/apt-get -y upgrade

To download and install all new updates, run
apt­-get dist-­upgrade
The first time you run the apt-get update, you may get an error “GPG error : http://ppa.launchpad.net intrpid Release: The following signatures couln’t be verified because the public key…”

Quick fix :
wget http://apt.pearsoncomputing.net/public.gpg
sudo apt-key add public.gpg
rm public.gpg

Run apt-get update again and it should work.

Upgrading the distro to the lastest version :
apt-get update && apt-get dist-upgrade -y

Warning : an “upgrade”  in BT4Beta will also upgrade KDE to 3.5.. If KDE is not working anymore after update/upgrade  ?  (a.k.a. ‘startx’ does not seem to work) :
root@bt:~# cd /etc/alternatives/
root@bt:/etc/alternatives# mv x-session-manager x-session-manager-broken
root@bt:/etc/alternatives# ln -s /opt/kde3/bin/startkde x-session-manager
root@bt:/etc/alternatives# startx

 Updating security components
/pentest/exploits/fast-track.py -i

First update fast-track, then update other individual components (Metasploit, Aircrack, nikto, etc; or choose ‘9’ to update all)
If updating nikto doesn’t work :
Updating Nikto...
cd: 1: can't cd to /pentest/scanners/nikto/
/bin/sh: ./nikto.pl: not found 

Fix :
root@bt:~# mkdir /pentest/scanners/nikto/
root@bt:~# ln -s /usr/bin/nikto /pentest/scanners/nikto/nikto.pl
root@bt:/pentest/exploits/~# ./fast-track -c 1 2

Tuesday, September 8, 2009

How to Convert a Flash Video File (.flv) to MP4 with FFMpeg

  1. Download Flash Video using something like Video DownloadHelper (plugin for FireFox) or KeepVid.
  2. Now you have the file you want; it's time to convert the .flv file to something a little easier to work with. 
  3. FFMpeg is very easy to use and can be downloaded here.
  4. Open a command prompt.
    • Note: It may be easiest to place the .flv file in the same folder as ffmpeg.exe.
  5. In the command line enter "ffmpeg -i FILE_NAME.flv -ar 22050 NEW_FILE_NAME.mp4".
    • This basically says "Using ffmpeg, take the file FILE_NAME.flv, change the sample rate (this is the -ar 22050 part, and it makes a world of difference to the audio quality), and output a file called NEW_FILE_NAME in the mp4 format."
Instead of mp4, you could output an avi, wmv, mpg, or almost any other video file, or eve audio file like mp3.

That's it. Now you have your converted video file.

Download ffmpeg.exe for Windows (direct link) (8.5MB)