Joomla! site syndication http://ryanbowlby.com Fri, 21 Nov 2008 14:13:49 +0100 FeedCreator 1.7.2 http://ryanbowlby.com/images/M_images/joomla_rss.png http://ryanbowlby.com Joomla! site syndication http://ryanbowlby.com/content/view/31/27/ Quick blurb on recovering a forgotten MySQL password. MySQL stores user passwords using the PASSWORD() function. Simple stuff:Stop the MySql server (you may want to stop the webserver before this) mysqld_safe --skip-grant-tables mysqluse mysql;select Password from user where User = USERNAME ;quitRestart MySQL normally (/etc/init.d/mysql start , etc)Now you want to perform the following to crack the hash:wget http://www.sqlhack.com/poc.cgcc -o poc poc.c./poc HASHVoila! It's unfortunate that this is so easy! It should go without saying to NEVER use your MySQL password elsewhere. Surely I didn't need to say that..wait where you going?? To change your MySQL password??? ;)--------------------------------------------------------------------------- ADDENDUM: My friend Tony notes that if your goal is to reset a users password it's best to do so by specifying a SQL script on program startup. This way you aren't starting Mysql with a blank password! His words:Create a text file /var/tmp/resetrootpass.sql containing: SET PASSWORD FOR 'USERNAME'@'localhost' = PASSWORD('NEWPASS');Save the file and start MySQL with:mysqld_safe --init-file=/var/tmp/resetrootpass.sql InfoTech - Tutorials Tue, 18 Nov 2008 06:57:10 +0100 http://ryanbowlby.com/content/view/30/27/ When growing logical volumes - on Redhat based systems - I usually create several partitions so that I can take advantage of additional mount options (noexec,nosuid,etc). The partitions I create usually include the following://var/usr/tmp/home/boot What I have found working with other peoples less secure servers is that the scripts that crackers employ usually get placed under /home. Having /home mounted noexec,nosuid,etc would've kept their tools from running. Let's let someone else be the low hanging fruit! When installing the OS it is difficult to predict how much space each logical volume will need! The best answer is to have the Volume Group be the full size of the Physical Volume (PV). Then allot an initial 10G or so to each Logical Volume. This allows you to grow the logical volumes as necessary. You can even create new logical volumes and spinoff directories. So three months later you see that /home is filling up and would like to grow it by 20G, easy! Just extend the logical volume and then extend the ext3 filesystem you created within that logical volume. lvextend -L +20G /dev/VolGroup01/LogVol00resize2fs /dev/VolGroup01/LogVol00For lvextend to work there has to be free space available within that LVs VG. If you didn't previously allot all of the PVs free space to the VG then you should do so first. Next we run resize2fs, note that the Logical Volume can be mounted and this command should work just fine. The default 2.6 kernel should include support for resizing a mounted partition. That is all! Grow as you need, because shrinking is a nightmare! InfoTech - Tutorials Tue, 11 Nov 2008 00:34:10 +0100 http://ryanbowlby.com/content/view/29/27/ Tripwire Tutorial A Personal ReferenceA tutorial on installing and configuring Tripwire on a Redhat based system. I made this tutorial as a reference for the next time I install Tripwire. I will have undoubtedly forgotten the specifics by then. InfoTech - Tutorials Fri, 07 Nov 2008 05:49:44 +0100 http://ryanbowlby.com/content/view/28/27/ A tutorial on installing WINE under OS X and getting SuperScan V3 working correctly.SuperScan V3 (http://www.foundstone.com/us/resources/proddesc/superscan3.htm) by Foundstone is a fast synscan port scanner for Windows. It does not try to be stealthy and should not be used as a replacement to nmap. It's not as much a security tool as it is an indispesable diagnostic tool. InfoTech - Tutorials Tue, 14 Oct 2008 07:11:43 +0100 http://ryanbowlby.com/content/view/27/33/ I haven't seen this good of a movie in way too long. Chiwetel Ejiofor I am dumbfounded. Well done sir, well done. General - General Sat, 27 Sep 2008 04:34:15 +0100