If you have ever lost or forgotten your Mysql database password then MysqlPasswordAuditor can help in recovering it easily. It can also help you to audit Mysql database server setup in an corporate environment by discovering the weak password configurations. This makes it one of the must have tool for IT administrators & Penetration Testers.

MysqlPasswordAuditor is very easy to use with the simple dictionary based password recovery method. By default it includes small password list file, however you can find more password dictionary files at OpenWall collection. You can also use tools like Crunch, Cupp to generate custom password list files on your own and then use it with MysqlPasswordAuditor.

MysqlPasswordAuditor works on wide range of platforms starting from Windows XP to latest operating system Windows 7.

Features

• Free and Simple software to Recover/Audit Mysql Password.
• Very useful for IT administrators & Penetration Testers
• Dictionary based Password Recovery method
• Detailed statistics such as tested passwords, elapsed time, progress bar is displayed during Audit operation.
• Simple, easy to use GUI interface
• Integrated Installer for local Installation & Uninstallation.

You can download MysqlPasswordAuditor here:

MysqlPasswordAuditor.zip

Or read more here.

sqlsus focuses on speed and efficiency, optimising the available injection space, making the best use (I can think of) of MySQL functions. It uses stacked subqueries and an powerful blind injection algorithm to maximise the data gathered per web server hit. Using multithreading on top of that, sqlsus is an extremely fast database dumper, be it for inband or blind injection.If the privileges are high enough, sqlsus will be a great help for uploading a backdoor through the injection point, and takeover the web server.

It uses SQLite as a backend, for an easier use of what has been dumped, and integrates a lot of usual features (see below) such as cookie support, socks/http proxying, https..

What’s New

Starting with version 0.7, sqlsus now supports time-based blind injection and automatically detects web server / suhosin / etc.. length restrictions.

• Added time-based blind injection support (added option “blind_sleep”, and renamed “string_to_match” to “blind_string”).
• It is now possible to force sqlsus to exit when it’s hanging (i.e.: retrieving data), by hitting Ctrl-C more than twice.
• Rewrite of “autoconf max_sendable”, so that sqlsus will properly detect which length restriction applies (WEB server / layer above). (removed option “max_sendable”, added options “max_url_length” and “max_inj_length”)
• Uploading a file now sends it into chunks under the length restriction.
• sqlsus now saves variables after each command, so that forcing it to quit (or killing it) will not discard the changes that were made.
• Added a progress bar to inband mode, sqlsus now determines the number of rows to be returned prior to fetching them.
• get db (tables/columns) in inband mode now uses multithreading (like everything else).
• clone now uses count(*) if available (set by “get count” / “get db”), instead of using fetch-ahead.
• In blind mode, “start” will now test if things work the way they should, by injecting 2 queries : one true and one false.
• sqlsus now prints what configuration options are overridden (when a saved value differs from the configuration file).

You can download sqlsus 0.7.1 here:

sqlsus-0.7.1.tgz

Or read more here.

It appears to be in the clear now though and it’s accessible again via Google. It seems to be a similar case with that of the recent Linux.com and Kernel.org hacks – in which the sites were compromised via developers who had access.

In this case it seems MySQL.com was compromised by malware that spreads itself via FTP from client machines, it then uploads malicious JavaScript to any sites the client machine has access to and propagates malware using those sites.

Hackers recently compromised the website hosting the open-source MySQL database management system and caused it to infect the PCs of visitors who used unpatched browsers and plug-ins, security researchers said.

MySQL.com was infected with mwjs159, website malware that often spreads when compromised machines are used to access restricted FTP clients, a blog post from Sucuri Security reported. The hack caused people visiting the site to be redirected to a site that attempted to install malware on visitors’ computers using code from the Blackhole exploit kit, separate researchers from Armorize said.

“It exploits the visitor’s browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, …), and upon successful exploitation, permanently installs a piece of malware into the visitor’s machine, without the visitor’s knowledge,” Armorize researchers warned. “The visitor doesn’t need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.”

Officials with the Oracle-owned MySQL didn’t respond to email seeking comment for this post.

I would say MySQL.com is a fairly high traffic site so this attack may have triggered a fair amount of infections – especially if the people visiting were using outdated versions of Windows or old versions of Internet Explorer.

But then again, I’d find that fairly unlikely – people browsing to the site of the #1 Open Source RDBMS would most likely be using Linux, or fully updated Windows systems with Chrome or Firefox.

That’s what I’d like to think anyway…

The reported breach is the latest to affect the distribution system for a widely used piece of open-source software. The kernel.org and Linux.com websites used to develop and distribute the Linux operating system remain inaccessible four weeks after it was infected with malware that gained root access, modified system software, and logged passwords and transactions of the people who used them. Representatives haven’t said when they expect the sites to be operational again.

Besides sullying the reputation of open-source software as more secure alternative to competing applications from Microsoft and other for-profit companies, the compromises have sparked concerns about the purity of the code the sites host. If attackers were able to secretly alter the code with backdoors, they could potentially surveil or gain control over sensitive networks that rely on the applications.

In the MySQL.com hack, the attackers appear to have aimed for the less ambitious goal of infecting the desktop machines of those who visited the site. At time of writing, just five of the top 44 antivirus providers were detecting the threat, according to this analysis from VirusTotal.

Sucuri speculated the site was infected after a MySQL developer was compromised and had his password stolen.

It doesn’t seem to be as serious as the Linux.com/Kernel.org compromises as in this case it’s simply JavaScript uploaded via FTP from a developer account – the actual server hosting MySQL.com wasn’t really hacked and there was no root access gained.

It seems like they have cleared the infection up now, I wonder if they have any stats on how many people were effected by the malware?

Source: The Register

Vulnerabilities

• SQL Injection
• XSS (Cross Site Scripting)
• LFI (Local File Inclusion)
• RFI (Remote File Inclusion)
• Command Execution
• Upload Script
• Login Brute Force

Changes

• Added Acunetix scan report.
• All links use http://hiderefer.com to hide referrer header.
• Updated/added ‘more info’ links.
• Moved change log info to CHANGELOG.txt.
• Fixed the exec.php UTF-8 output.
• Moved Help/View source buttons to footer.
• Fixed phpInfo bug.
• Made DVWA IE friendly.
• Fixed html bugs.
• Improved README.txt and fixed typos.
• Made SQL injection possible in sqli_med.php.

WARNING

It should come as no shock..but this application is damn vulnerable! Do not upload it to your hosting provider’s public html folder or any working web server as it will be hacked. It’s recommend that you download and install XAMP onto a local machine inside your LAN which is used solely for testing.

You can download DVWA 1.0.4 here:

dvwa_v1.0.4.zip

Or read more here.

So, any way, who the hell am I? I have known Shaolin for years, he might have some idea how many, I am on that old darknet site he mentioned, but do me and favour, and don’t look there, please? I look terrible and I’m ashamed :-P

Like Shaolin I to started with the whole computer thing when I was little. The order is a little haszy, but I am fairly sure I had the TI 994A before the little old specy. Though my use of them was a little differant. True, I did for a while spend many hours typeing code to find out later it didn’t work…. but before long I was coding my own stuff. In basic on the TI, and z80 assembler on the specy, pascal and modual 2 to on the Amstrad CPC, 6800 assembler and C on the ST….

TI, Spectrum, Comador, Atari ST, 386 and beyond, I have always live with a computer, though shockingly never games. My first consol was a ps2 and that is only 4 years old.

After many years of bedroom activites I definatly should be ashamed of (all with a keyboard – and check this? no net connection) I emerged in the bright old world, a whole host of dead technology and languages no one has used since the romans under my belt, and windows gaining popularity.

Fast forward, past VB, pal, and various noddy little things and I’m in to Delphi, oh my, was I in to Delphi. For 7 years I lived, breathed and probably bathed in the windows API and OOP. Gone was Delphi’s native event handlers, to slow, give me the raw message cue…. mutli threaded servers, no problem, n-tier CORBA clients… you name it, I did it.

Then I got bored.

But thats ok, no one wants desk top or server applications any more. So, a bit late to the party I had a go at ASP, and damn that stuffs ugly. PHP how ever, now thats the nuts, and thus I entered web development.

Some one once said I’d never be a web developer, but my first ever professional site went live to 2.5 million unique IPs in the first 48 hours, truely one of my proudest hours.

I’ve been doing PHP ever since, MySQL for most part but if its SQL, its all the same. Date in and data out, its all fairly much simple. Introduce some AJAX just to spice it up a bit, and we’re all having fun.

Where I am going from here, nobody knows, but I code, there for I am so what ever happens, what ever changes… I am a programmer :-)