Test MySQL password strength

Newer versions of MySQL stores passwords using a double SHA-1 hash. Because of this, administrators can’t tell what someone’s password is. What if you want to make sure no users are using weak passwords?

This is a simple Python script that will connect to your local MySQL database, pull out the password hashes for all users, and either run a dictionary search or a brute force search on it. Either give it an argument for the dictionary file, or give it a number for the length of passwords you want to test. If you want to use a different character set (e.g. include special characters), change the characterSet variable near the top of the script.

On my system, I was able to test around 50,000 words per second. Note that this cannot be used to recover the root MySQL password, as it requires the root password to connect to the database in the first place.

import MySQLdb
import sha
import sys
import os
import getpass
alpha = "abcdefghijklmnopqrstuvwxyz"
numbers = "0123456789"
# Set this to a string with the character set you want to check
# Examples:
characterSet = alpha
#characterSet = alpha + alpha.upper()
#characterSet = numbers
#characterSet = alpha + alpha.upper() + numbers
def recurse(width, logins):
  for i in range(0, width + 1):
    print "Checking width %d" % i
    recurse2(i, logins, 0, "")
    print ""
def recurse2(width, logins, position, string):
  for char in characterSet:
    # Show progress
    if position == 0:
      print char,
    if (position < width - 1):
      recurse2(width, logins, position + 1, string + char)
      hash = sha.new(sha.new(string + char).digest())\
      for login in logins:
        if hash == login[2]:
          print "\n'%s'@'%s': '%s'\n" %\
              (login[0], login[1], string + char)
if len(sys.argv) > 1:
  password = getpass.getpass('Enter the root password: ')
  conn = MySQLdb.connect(host = "localhost",
    user = "root",
    passwd = password,
    db = "mysql")
  cursor = conn.cursor()
  cursor.execute("SELECT User, Host, Password from user;")
  logins = cursor.fetchall()
  # Preprocess the logins
  processed = []
  for login in logins:
    ignore = False
    # Ignore empty passwords
    if 0 == len(login[2]):
      print "'%s'@'%s' has empty password, ignoring" %\
          (login[0], login[1])
      ignore = True
    # Ignore duplicates
    for p in processed:
      if p[2] == login[2][1:].lower():
        print "'%s'@'%s' has same password as '%s'@'%s', ignoring" %\
            (login[0], login[1], p[0], p[1])
        ignore = True
    if not ignore:
      processed.append((login[0], login[1], login[2][1:].lower()))
  if os.path.isfile(sys.argv[1]):
    f = open(sys.argv[1])
    lines = f.readlines()
    for line in lines:
      hash = sha.new(sha.new(line[:-1]).digest()).hexdigest()
      for login in processed:
        if hash == login[2]:
          print "'%s'@'%s': '%s'" % (login[0], login[1], line[:-1])
      depth = int(sys.argv[1])
      print "Usage: %s [dictionary file | brute force depth]" % sys.argv[0]
    recurse(depth, processed)
  print "Usage: %s [dictionary file | brute force depth]" % sys.argv[0]
Posted in Uncategorized | Tagged | Leave a comment

Convert mkv files to xvid for Xbox 360

Ushare is an excellent media server that allows you to watch videos, listen to music and view pictures on your Xbox 360 that are stored on another computer. Unfortunately, the Xbox can be somewhat finicky about which formats it supports – and it doesn’t support mkv files. To convert it to a file that the Xbox does support, you can use mencoder as follows:

mencoder inputFile.mkv -ffourcc XVID -ovc lavc -lavcopts vcodec=mpeg4:threads=8:vbitrate=1000:cmp=2:subcmp=2:trell=yes:v4mv=yes:mbd=2 -oac lavc -lavcopts acodec=ac3:abitrate=128 -channels 2 -o outputFile.avi

If the original file is high quality, you’ll probably want to increase the vbitrate parameter to prevent the quality from degrading. If you have surround sound, you should set the number of channels to 6 and set the audio bitrate higher (384 is probably a good choice) as well.

Posted in Uncategorized | Tagged | Leave a comment

Using Javadoc with Eclipse in Ubuntu

When you’re using Eclipse to program in Java and you hover over a keyword (like a function name, a package, or a class), some Javadoc will be displayed, showing what the keyword does and how it is used. The default installation of Eclipse did not include Javadoc, so hovering over keywords only gave me a message that Javadoc wasn’t installed. Here’s how to get Javadoc installed and working.

First, enter
sudo apt-get install sun-java6-doc
The installer will prompt you to download a zip file containing the documentation from Sun. Bring up Firefox and head to Sun’s website. Click the Download link next to Java SE 6 Documentation, agree to the terms and click Continue. Click the zip file to download the documentation.

When the download finishes, in another terminal, enter
sudo mv /path/to/zip/file/documentation.zip /tmp/jdk-6-doc.zip
You need to rename the file to jdk-6-doc.zip for the installer to work. Enter
sudo chown root:root /tmp/jdk-6-doc.zip
to change the file permissions.

Back in the first terminal, hit enter, and the installer should continue. When it finishes, in Eclipse, click Window – Preferences – Java – Installed JREs, and click the JRE (mine was called java-sun- Click Edit, and use Shift+Click to select all the JRE system libraries. Click Javadoc Location, and enter file:/usr/lib/jvm/java-6-sun/docs/api/ in the box. Click Validate to test it (you can open it in your browser to double check), and click OK out of all the dialogs. Javadoc should now be working!

Posted in Uncategorized | Tagged , | Leave a comment

Booting multiple LiveCD’s from a single USB stick

I love LiveCD’s – they let you try out an operating system or Linux distro without messing with your current installation. Recently, I’ve become hooked on LiveUSB distro’s that allow you to boot off of a USB stick rather than a CD. I tried putting Backtrack on a 1 GB stick, and then DamnSmallLinux on a 64 MB stick. I started wondering if it would be possible to put several distributions on a larger stick, and then boot from one of your choice. It turns out that it is possible, and here’s how.

Things you will need

  • an i386 computer running Linux (other architectures won’t work with the bootloader)
  • ISO images of LiveCDs (or LiveUSBs) you want to run
  • a large USB stick that can hold all the images
  • Optional: QEmu can be installed to test the stick, or boot LiveCD’s from within your host OS.

I started off by downloading five ISO images: Belenix, Backtrack, Freesbie, Knoppix, and NimbleX.

Insert your USB stick. In a console, enter
dmesg | tail
You should see something similar to
sd 9:0:0:0: [sdc] Attached SCSI removable disk
My USB stick is therefore attached at /dev/sdc, although yours will probably be different. From here on out, I’ll refer to your drive as driveName. To make sure you have the right drive, as root, enter:
fdisk -l /dev/driveName
It should report the size of your USB stick.

We’re going to partition the USB stick for use with each LiveCD. This will destroy all data on the stick! Make sure you’re using the correct drive from above too, or you might accidentally wipe your hard drive!
As root, enter
fdisk /dev/driveName
You can enter p to show the current partitions. It should list a number of partitions. Delete each of them by entering d and entering each number.
When you’ve deleted them all, enter n for a new partition. Choose p for a primary partition, hit enter for the default, and enter +16M to make a 16 MB partition at the beginning of the drive. Enter a to make the partition bootable, and enter t to change the partition type. Enter 6 for the partition type.
Now you’re going to make an extended partition, and logical partitions for each of your ISO images. First, note the size in MB of all of your ISO images. Mine were 696, 784, 672, 697, and 200. You can find these in another terminal by running
ls -lh *.iso
in the directory containing your ISO images. When you use these numbers, you’ll want to add 5 MB to them to make sure they fit in the partition.
In fdisk, enter n for new partition, e for extended, and enter twice to fill the rest of the drive. Enter n, l for logical, enter for the default, and +sizeM, where size is the size of your first ISO image plus 5 MB. In my case, I ran +701M. Repeat this procedure for the remainder of your ISO files.
When you are done, enter p to make sure everything looks right. Your output should look similar to this:

Device Boot Start End Blocks Id System
/dev/sdc1 * 1 3 24066 6 FAT16
/dev/sdc2 4 488 3895762+ 5 Extended
/dev/sdc5 4 97 717824+ 83 Linux
/dev/sdc6 98 203 809984+ 83 Linux
/dev/sdc7 204 294 693248 83 Linux
/dev/sdc8 295 388 718848+ 83 Linux
/dev/sdc9 389 416 209920+ 83 Linux

If everything looks good, enter w to write the changes to the USB stick. If you messed up, you can enter q to quit and try again

Now we’re going to install the bootloader. Most Linux distributions use GRUB or LILO, which are great, but since we’re trying to boot ISO images off of a USB stick, we’re going to use something a little different. Gujin is an alternative bootloader that can boot all sorts of things, and will automatically scan your partitions to look for Linux kernels. It’s a handy piece of software, and if you find it useful, you should consider donating. (Disclaimer: I don’t know the author and make no money off of your donation)

First, format the first partition on your USB stick by entering
mkfs.msdos -F 16 /dev/driveName1
Then, download the
Gujin installer
and unzip it. Enter the gujin-install directory and run
./instboot boot.bin /dev/driveName1 --disk=BIOS:0x80 -w
This will install the bootloader to the first partition. The -w option prints out useful debugging information.

At this point, your USB stick should be bootable. You can test it in another terminal by running
qemu -usb /dev/diskDrive
Your output should look similar to this:

Now, you’re ready to copy the ISO images onto your disk. Enter
fdisk -l /dev/diskDrive
and find the number of the first partition under ‘extended’ block. For example, mine above was sdc5. This is where the first ISO image will go. Make sure you’re using the right ISO image for the partition size, and enter
cat nameOfImage1.iso > /dev/diskImage5
to copy the ISO image to partition 5. When that finishes, similarly copy the other ISO images onto the other partitions.
cat nameOfImage2.iso > /dev/diskImage6
cat nameOfImage3.iso > /dev/diskImage7

You can test your USB stick in another terminal again by running
qemu -usb /dev/diskDrive
The full Gujin menu should now be displayed!

At this point, I had to scroll down a page (using Page Down). The options you want are listed with the code 0x80 and the ‘El Torito‘ option:

Press the appropriate key (F1, F2, etc.) to boot and you should see that CD’s particular GRUB screen!

If everything works, you should be able to boot any of your LiveCDs from USB.

Posted in Uncategorized | Tagged | 5 Comments