Hack Admin » Security

How to Recover a Lost MySQL Password

admin — Sat, 20 Feb 2010 18:23:14 +0000

Article by Aashish

This article explains the process that will allow you to recover a lost MySQL password:

Stop the MySQL server process

Start the MySQL (mysqld) server/daemon process with the
–skip-grant-tables option so that it will not prompt for password.

Connect to mysql server as the root user.

Setup new mysql root account password.

Exit and restart the MySQL server.

Example:

# service mysqld stop

Output:

Stopping MySQL database server: mysqld.

Then start MySql in safe mode

# mysqld_safe –skip-grant-tables

Output

[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql

Then connect the mysql without any password

# mysql -u root

( Then setup password )

mysql> use mysql;

mysql> update user set password=PASSWORD(”NEW-ROOT-PASSWORD”) where User=’root’;

mysql> flush privileges;

mysql> quit

Then stop mysql

# service mysql stop

# service mysql start

Then Try your new password :

# mysql -u root -p

Good Luck!

Port Redirection through the iptables

admin — Sat, 20 Feb 2010 03:44:37 +0000

Article by Aashish

How do I redirect 80 port to 8123 using iptables?

You can easily redirect incoming traffic by inserting rules into PREROUTING chain of the nat table. You can set destination port using the REDIRECT target.

Syntax

The syntax is as follows to redirect tcp $srcPortNumber port to $dstPortNumber:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport $srcPortNumber -j REDIRECT –to-port $dstPortNumbe

The syntax is as follows to redirect udp $srcPortNumber port to $dstPortNumber:

iptables -t nat -A PREROUTING -i eth0 -p udp –dport $srcPortNumber -j REDIRECT –to-port $dstPortNumber

Replace eth0 with your actual interface name. The following syntax match for source and destination ips:

iptables -t nat -I PREROUTING –src $SRC_IP_MASK –dst $DST_IP -p tcp –dport $portNumber -j REDIRECT –to-ports $rediectPort

Examples:

In The following example redirects TCP port 25 to port 2525:

# iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 25 -j REDIRECT –to-port 2525

this example all incoming traffic on port 80 redirect to port 8123

# iptables -t nat -I PREROUTING –src 0/0 –dst 192.168.1.5 -p tcp –dport 80 -j REDIRECT –to-ports 8123

How Do I View NAT Rules?

Type the following command:

# iptables -t nat -L -n -v

How Do I Save NAT Redirect Rules?

Type the following command:

# iptables-save

How to Create Connection Limits with Iptables

admin — Thu, 18 Feb 2010 15:21:39 +0000

Article by Aashish

How do I restrict the number of connections used by a single IP address to my server for port 80 and 25 using iptables?

You need to use the connection limit modules which allows you to restrict the number of parallel TCP connections to a server per client IP address (or address block). This is useful to protect your server or vps box against flooding, spamming or content scraping.

Syntax
The syntax is as follows:

# /sbin/iptables -A INPUT -p tcp –syn –dport $port -m connlimit –connlimit-above N -j REJECT –reject-with tcp-reset

save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save

Example: Limit SSH Connections Per IP / Host

Only allow 3 ssh connections per client host:

# /sbin/iptables -A INPUT -p tcp –syn –dport 22 -m connlimit –connlimit-above 3 -j REJECT

save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save

Example: Limit HTTP Connections Per IP / Host

Only allow 20 http connections per IP (MaxClients is set to 60 in httpd.conf):

# /sbin/iptables -A INPUT -p tcp –syn –dport 80 -m connlimit –connlimit-above 20 -j REJECT –reject-with tcp-reset
save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save

Skip proxy server IP 1.2.3.4 from this kind of limitations:

# /sbin/iptables -A INPUT -p tcp –syn –dport 80 -d ! 1.2.3.4 -m connlimit-above 20 -j REJECT –reject-with tcp-reset

Enjoy it….

Test Your Site for Specific SSL Version Support

admin — Mon, 30 Jun 2008 21:08:06 +0000

Ok, so I had a hell of a time with some PCI compliance stuff. I was in somebody else’s config and it was a mess. Basically what I needed was a tool to test for what versions of SSL the server was allowing. Instead, I kept mucking with the config trying to get all the SSLv2 crap out of it… and it kept accepting SSLv2 requests. In order to verify I had failed again, I was waiting for the PCI reports to return (2 or 3 hours). Not very time efficient.

At any rate, here’s what I finally found:

For Windoze Whores:

http://support.microsoft.com/kb/284285

From the command line:

openssl s_client -host localhost -port 443 -ssl2

Of course you can rotate through your protocols and examine the output.

*Sigh*…

Chroot Jail for Untrusted Users

admin — Sat, 29 Mar 2008 10:55:38 +0000

So we’ve been buying some websites recently and I’ve needed to let people into the web server to upload content and such. I knew I needed to put these folks someplace where they couldn’t hurt anything else, or more importantly, see anything else on the server. So, I went digging around for an FAQ on how to most effectively get this done and I came across this script:

Chroot Jail

It’s quite nice.

Basically, you just pull that script down and get it on your machine. Then you feed it a username and let it go to work.

When it’s done, you’ll have a new user who is isolated to /home/jail. Their home dir will be in /home/jail/home and they can shell in and do whatever.