password

Some important notes to keep in mind next time you create a password

 in Cyprus Cyber Security Challenge  tagged attack / hacker / password by

It is imperative that you understand why it’s important to avoid using patterns in your passwords, even if you try to make them more complex by including system information or a small random password.

Hackers can use various methods to guess passwords, including brute-force attacks, dictionary attacks, and social engineering techniques. One standard technique hackers use is to try to guess passwords based on patterns or common information, such as system names or random passwords.

Even if you combine a static base with system information and a small random password, this can still be guessed by a determined hacker. This is because hackers can use tools to scan your system for information and use that information to build targeted attacks against your account.

Additionally, hackers can also use social engineering techniques to try and guess your password. This could involve sending you a phishing email or creating a fake login page to trick you into entering your password.

To keep your accounts secure, it’s crucial to use strong, unique passwords that are not based on patterns or easily guessable information. A good password should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and special characters.

By creating a strong, unique password, you can help protect your online accounts from potential security breaches and keep your personal information safe. Remember to update your password regularly and never share it with anyone else.

How to reset root password in XAMPP MySQL 1

 in Applications  tagged mysql / password / reset / root / skip-grant-tables / xampp by

Recently a client got locked out of a MySQL deployment managed by a XAMPP. They requested us to reset the password for the root account. To do so, we followed the following procedure:

Using a text editor, we opened the following file, which is the MySQL configuration file:

C:\xampp\mysql\bin\my.ini

We found the section for the MySQL daemon, which starts after the line that contains the following tag:

[mysqld]

Right below the tag, we added a new line and added the following directive:

skip-grant-tables

Example of a configuration file:

[mysqld]
skip-grant-tables
port= 3306
socket = "C:/xampp/mysql/mysql.sock"
basedir = "C:/xampp/mysql" 
tmpdir = "C:/xampp/tmp"
...

The skip-grant-tables directive causes the server not to read the grant tables in the MySQL system schema and, thus, start without using the privilege system. This option gives anyone unrestricted server access to all databases.

After saving the file, we restarted the MySQL server from the XAMPP interface. This action forced the new settings to be loaded and take effect.

Next, using the command line, we connected to the MySQL server using the CLI client for MySQL:

C:\xampp\mysql\bin\mysql.exe --user=root

In the above command, we issued the mysql.exe application with only one parameter, the --user=root, which instructs the client to ignore the default login username and use root instead.

Once we activated the MySQL command line, we switched the usage to the mysql database using the following command:

USE mysql;

Using the following command, you can set the password for the root:

UPDATE user SET password = 'newPassword' WHERE user = 'root';

Note: In case you want to leave the root password blank, then you can use the following:

UPDATE user SET password = '' WHERE user = 'root';

Please note that there might be more than one entry for root in the system, as it could contain different IPs etc. To see all available options, execute the following:

SELECT * FROM user \G;

After we finished messing with the MySQL internals, we executed the following command to exit the MySQL terminal:

exit;

Then, we edited the MySQL configuration file again:

C:\xampp\mysql\bin\my.ini

We found the section for the MySQL daemon again, which starts after the line that contains the following tag:

[mysqld]

We removed our skip-grant-tables directive and saved the file.

We restarted the MySQL server via the XAMPP interface after saving the file. The restart forced the updated settings to load and take effect due to this action.

Success!! The root user had the password we set for it and we could access the database as expected.

The same guide can be used for other installations of MySQL so long you know where the MySQL configuration file is.

How to Reset Password on an Ubuntu with LVM

 in GNU/Linux  tagged bash / chroot / GNU/Linux / howtos / Logical Volume Manager / lvm / lvscan / mount / passwd / password / pvscan / ubuntu / Ubuntu server 20.04LTS / ubuntu-vg / vgchange / vgscan by

A few days ago, a client tasked us to recover the password of an Ubuntu server 20.04LTS. The machine owner only knew the username but had no idea about the complexity of the password. We’ve asked the client if it was OK for us to reset the password instead of recovering it (meaning that we would not even try to crack the mystery of what the previous password was and just set a new one), and thankfully, the client accepted our request.

The client set up the server using Ubuntu server edition 20.04LTS, and the disk partitions were using LVM (Logical Volume Manager). To our good luck, they were not using encrypted partitions. The procedure we followed to reset the password of that server was like so:

First of all, we shut down the server and booted it with a Live USB of an Ubuntu desktop 20.04LTS. Then we started a terminal and executed the following to get root access on the live system:

sudo su;

Then, we executed pvscan to list all physical volumes and gain some intelligence on which disk we needed to work on:

pvscan;

root@ubuntu:/home/ubuntu# pvscan
  /dev/sdc: open failed: No medium found
  PV /dev/sda3   VG ubuntu-vg       lvm2 [<3.64 TiB / 3.44 TiB free]
  Total: 1 [<3.64 TiB] / in use: 1 [<3.64 TiB] / in no VG: 0 [0   ]

Following that, we used vgscan to search for all volume groups:

vgscan;

root@ubuntu:/home/ubuntu# vgscan
  /dev/sdc: open failed: No medium found
  Found volume group "ubuntu-vg" using metadata type lvm2

From these two commands, it was clear that the disk /dev/sda3 contained an LVM partition with the logical volume group name ubuntu-vg. That logical volume group held the server’s filesystem, and it was the place we needed to access to change the user’s password.

So, we used vgchange to change the attributes of the volume group and activate it like so:

vgchange -a y;

root@ubuntu:/home/ubuntu# vgchange -a y
  /dev/sdc: open failed: No medium found
  /dev/sdc: open failed: No medium found
  1 logical volume(s) in volume group "ubuntu-vg" now active

Using lvscan, we were able to list all logical volumes in all volume groups and verify that we activated the volume group of interest successfully.

lvscan;

root@ubuntu:/home/ubuntu# lvscan
  /dev/sdc: open failed: No medium found
  ACTIVE            '/dev/ubuntu-vg/ubuntu-lv' [200.00 GiB] inherit

After these steps, we were ready to reset the password of the user finally. We continued to mount the logical volume group like any other disk on the /mnt folder:

mount /dev/ubuntu-vg/ubuntu-lv /mnt/;

Then, we used chroot to change the apparent root directory for the currently running process (and its children). This command allowed our terminal to work inside the logical volume as if we had booted the server OS itself.

chroot /mnt/;

Finally, using the passwd command, we changed the user password as so:

passwd -S bob;

To clean up, we exited the chroot environment:

exit;

Then, we unmounted the logical volume group:

umount /mnt;

And finally, we set the active flag of the volume group to no.

vgchange -a n;

After the above steps, we had safely applied all changes, so we rebooted the machine using its hard drive.

The most useless piece of code that you will read today!

 in Bash / GNU/Linux  tagged bash / bruteforce / cracking / password / permutations by 
#!/bin/bash

charset=({a..z} {A..Z} {0..9});

permute(){
  (($1 == 0)) && { return; }
  for char in "${charset[@]}"; do
    if echo "$2$char" | sudo -S true; then
      echo "Correct password";
      echo "$2$char" >> "$USER".password.txt;
    fi;
    permute "$((${1} - 1 ))" "$2$char";
  done;
}

permute "$1";

The above code will generate all possible permutations of the alphanumeric characters ({a..z} {A..Z} {0..9}) and then using sudo it will test if the password is the password of the current user. When (and if ever) it finds the password, it will store it in a file in the same folder.

This script is useless because whenever sudo fails to authenticate, it creates some artificial delay. That delay makes testing to be less than one password per second. For this reason, cracking any good password with this method is pretty much pointless.

We posted this code

  1. for the fun it,
  2. to show the code that creates all permutations of a group of characters,
  3. to demostrate the use of the parameter -S in sudo that allows us to pass the password via a pipe ,
  4. to show a recursive function bash.

To execute this code, save it to a file and call it with one line parameter, which must be the length of the permutations you want to create.