|
Recovering a MySQL user password. |
|
Tuesday, 18 November 2008 |
|
Quick blurb on recovering a forgotten MySQL password. MySQL stores user passwords using the PASSWORD() function. Simple stuff: - Stop the MySql server (you may want to stop the webserver before this)
- mysqld_safe --skip-grant-tables &
- mysql
- use mysql;
- select Password from user where User = "USERNAME";
- quit
- Restart MySQL normally (/etc/init.d/mysql start , etc)
Now you want to perform the following to crack the hash: - wget http://www.sqlhack.com/poc.c
- gcc -o poc poc.c
- ./poc HASH
Voila! It's unfortunate that this is so easy! It should go without saying to NEVER use your MySQL password elsewhere. Surely I didn't need to say that..wait where you going?? To change your MySQL password??? ;) --------------------------------------------------------------------------- ADDENDUM: My friend Tony notes that if your goal is to reset a users password it's best to do so by specifying a SQL script on program startup. This way you aren't starting Mysql with a blank password! His words: Create a text file /var/tmp/resetrootpass.sql containing: SET PASSWORD FOR 'USERNAME'@'localhost' = PASSWORD('NEWPASS');
Save the file and start MySQL with:
mysqld_safe --init-file=/var/tmp/resetrootpass.sql
|
|
|
Tuesday, 11 November 2008 |
|
When growing logical volumes - on Redhat based systems - I usually create several partitions so that I can take advantage of additional mount options (noexec,nosuid,etc). The partitions I create usually include the following: /
/var
/usr
/tmp
/home
/boot
What I have found working with other peoples less secure servers is that the scripts that crackers employ usually get placed under /home. Having /home mounted noexec,nosuid,etc would've kept their tools from running. Let's let someone else be the low hanging fruit! When installing the OS it is difficult to predict how much space each logical volume will need! The best answer is to have the Volume Group be the full size of the Physical Volume (PV). Then allot an initial 10G or so to each Logical Volume. This allows you to grow the logical volumes as necessary. You can even create new logical volumes and spinoff directories. So three months later you see that /home is filling up and would like to grow it by 20G, easy! Just extend the logical volume and then extend the ext3 filesystem you created within that logical volume. lvextend -L +20G /dev/VolGroup01/LogVol00
resize2fs /dev/VolGroup01/LogVol00
For lvextend to work there has to be free space available within that LVs VG. If you didn't previously allot all of the PVs free space to the VG then you should do so first. Next we run resize2fs, note that the Logical Volume can be mounted and this command should work just fine. The default 2.6 kernel should include support for resizing a mounted partition. That is all! Grow as you need, because shrinking is a nightmare! |
|
|
Installing Tripwire on FC9 |
|
Friday, 07 November 2008 |
|
Tripwire Tutorial & A Personal Reference A tutorial on installing and configuring Tripwire on a Redhat based system. I made this tutorial as a reference for the next time I install Tripwire. I will have undoubtedly forgotten the specifics by then. |
|
Read more...
|
|
|
Tuesday, 14 October 2008 |
|
A tutorial on installing WINE under OS X and getting SuperScan V3 working correctly. SuperScan V3 by Foundstone is a fast synscan port scanner for Windows. It does not try to be stealthy and should not be used as a replacement to nmap. It's not as much a security tool as it is an indispesable diagnostic tool.
|
|
Read more...
|
|
|
Saturday, 27 September 2008 |
|
I haven't seen this good of a movie in way too long. Chiwetel Ejiofor I am dumbfounded. Well done sir, well done. |
|
|
|
<< Start < Prev 1 2 3 Next > End >>
|
| Results 1 - 6 of 16 |
