Quick blurb on recovering a MySQL password. Up to 4.1 MySQL stored user passwords using a 16 byte hash created via the PASSWORD() function. Recovering a MySQL password is a matter of retrieving the password hash from the user table of the MySQL database and attempting to crack the hash. Most alph-num-special passwords < 9 chars can be cracked given enough time. One program that was designed as a proof of concept is available at sqlhack.com. Stop the MySql server: /etc/init.d/mysqld stop or killall mysqld Start MySQL without the privilege system: mysqld_safe --skip-grant-tables & Login as...

Tripwire Tutorial & A Personal Reference A tutorial on installing and configuring Tripwire on a Redhat based system. I made this tutorial as a reference for the next time I install Tripwire. I will have undoubtedly forgotten the specifics by then.

When considering the possiblity of packet sniffing, the ubiquitous use of Layer 2 switches is nothing more than a low hurdle. GUI based tools like Cain & Abel (Windows) as well as traditional tools like Dsniff and Ettercap make the threat of packet sniffing through ARP Poisoning very real. A simple solution is to create static ARP entries for the hosts you communicate with. Here’s how on linux