Reset default MySQL root pass in Centos 7

This post is mainly for my own benefit since I lost track of the steps I followed to change the mysql default password in a Centos 7 environment.

I am going to assume that you can use yum to install the mysql-community sever just fine.

The default root password is actually stored in the mysql log.

Follow the steps below:

[abasu@localhost Documents]$ grep root@localhost /var/log/mysqld.log
2018-01-16T02:56:47.029538Z 1 [Note] A temporary password is generated for root@localhost: C9*=ntep#SPk
[abasu@localhost Documents]$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.7.21

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql> alter user ‘root’@’localhost’ identified by ‘Passw0rd!’;
Query OK, 0 rows affected (0.10 sec)

 

Cryptography Warm Up – CTF challenge

Here is a starter problem for everyone. Since you will be using computer to break my secret code, I am giving you the encrypted message in many forms:

  1. Hex: 0x540x680x65 0x730x650x630x720x650x74 0x690x73 0x6f0x750x74
  2. Decimal: 084104101 115101099114101116 105115 111117116
  3. Binary: 010101000110100001100101 011100110110010101100011011100100110010101110100 0110100101110011 011011110111010101110100
  4. Base64: VGhlIHNlY3JldCBpcyBvdXQ=

Have fun solving the secret message!

Steganography Example – CTF – Chicken Curry

OK, in this Steganography challenge today, I have used one of my favorite dishes – chicken curry. This image was taken in 2013 in Bluefield VA at my house. I have hidden another full image inside the chicken curry! See if you could solve and extract the image. You should try this dish for a blind date!

MD5 hash of the hidden image is : 99860294e16ee4444b8edc407e6dae1b

Good Luck.

Top 10 Wireshark Fileters

I found this youtube video very useful to learn some of the most common WireShark filters.

  • tcp,port == 443
  • dns or http
  • ip.addr
  • ip.src
  • ip.dest
  • tcp.analysis.flags
  • !(apr or dns or icmp)
  • tcp contains facebook
  • dns contains facebook
  • http.request
  • http.response
  • http.response.code == 200
  • tcp.flags.syn == 1 [ useful to identify SYN attack]
  • tcp.flags.reset == 1
  • sin && rtp

Hash Type in Linux Password

A reference table when you review /etc/shadow file:
$1$
md5
$2a$
Blowfish
$2y$
Blowfish, with correct handling of 8 bit characters
$5$
sha256
$6$
sha512

 

Just stick to sha512 please!

You can change the hash setting by the file: /etc/login.defs and then changing “ENCRYPT_METHOD SHA512” line.

You can also user the authconfig command to accomplish the same thing:

sudo authconfig –passalgo=sha512 –update

After implementing a strong hash setting we must also make users change/update their password in the next login using the following command:

sudo chage -d 0 username

we can also use:

sudo passwd –expire username

for more info:

https://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/

 

We can update default password policy in Linux as well:

vi /etc/security/pwquality.conf

# Configuration for systemwide password quality limits
# Defaults:
#
# Number of characters in the new password that must not be present in the
# old password.
# difok = 1
#
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
# minlen = 8
#
# The maximum credit for having digits in the new password. If less than 0
# it is the minimum number of digits in the new password.
# dcredit = 0
#
# The maximum credit for having uppercase characters in the new password.
# If less than 0 it is the minimum number of uppercase characters in the new
# password.
# ucredit = 0
#
# The maximum credit for having lowercase characters in the new password.
# If less than 0 it is the minimum number of lowercase characters in the new
# password.
# lcredit = 0
#
# The maximum credit for having other characters in the new password.
# If less than 0 it is the minimum number of other characters in the new
# password.
# ocredit = 0
#
# The minimum number of required classes of characters for the new
# password (digits, uppercase, lowercase, others).
# minclass = 0
#
# The maximum number of allowed consecutive same characters in the new password.
# The check is disabled if the value is 0.
# maxrepeat = 0
#

 

Using and Not using Shadow File in Linux

less /etc/passwd
# the command below will destroy shadow feature
# and you will be able to view the password with
# /etc/passwd file. NOT RECOMMENDED
sudo pwunconv

# we can also do the same thing for the group file
sudo grpunconv

 

# To convert the system to use shadow file again, use
# the following commands

sudo pwconv
sudo grpconv

Linux Run Level Reference

ID Name Description
0 Halt Shuts down the system.
1 Single-user mode Mode for administrative tasks.
2 Multi-user mode Does not configure network interfaces and does not export networks services.
3 Multi-user mode with networking Starts the system normally.
4 Not used/user-definable For special purposes.
5 Start the system normally with appropriate display manager (with GUI) Same as runlevel 3 
6 Reboot Reboots the system.

Visit https://en.wikipedia.org/wiki/Runlevel for more.

Adding users and groups in linux

Adding users:

# create a new user
sudo adduser wonderfulperson
sudo useradd wonderfulperson

# udpate password
sudo password wonderfulperson

# batch add users.
vi addmultipleusers

# add the test content below
# username:passwd:uid:gid:full name:home_dir:shell
user1:user1password:::User1:/home/user1:/bin/bash
user2:user2password:::User2:/home/user2:/bin/bash

 

# back to shell, type the newusers command with attribute
sudo newusers users.txt

#example output
?? $ less /etc/passwd | grep user
user1:x:1006:1006:User1:/home/user1:/bin/bash
user2:x:1007:1007:User2:/home/user2:/bin/bash

 

# look up all of the existing groups in Linux
cut -d: -f1 /etc/group

# To review which group a user belong to use:
groups <username>

 

# Add groups
sudo groupadd guestusers
sudo addgroup guestusers

# To add one user in multiple groups user the following code:
sudo usermod -a -G <group1>,<group2>,<group3> <username>
?? $ sudo usermod -a -G mysql,apache,sssd user2
?? $ groups user2
user2 : user2 sssd apache mysql