DeutschEnglish

Submenu

- - - By CrazyStat - - -

30. January 2013

Nagios / Icinga: Monitor (local) memory usage

Filed under: Linux,Server Administration — Tags: , , , , , , , , , , , , , — Christopher Kramer @ 17:55

Nagios and its fork icinga are great monitoring tools. They come with a bundle of plugins to monitor standard services such as HTTP, SMTP, POP3, load and stuff like that. And there are lots of 3rd party plugins available for almost everything else you can think of.

But one standard thing that is missing in the official nagios-plugins package is a plugin to check memory usage (of the local machine).

So here is how to install one. I assume a Debian system with Icinga running – you might want to adjust paths for other distros or nagios.

  1. Download the plugin here
    e.g. from the shell:

    ?
    1
    wget https://exchange.icinga.com/exchange/check_memory/files/784/check_memory.pl
  2. Then move the file to the other plugins
    ?
    1
    mv check_memory.pl /usr/lib/nagios/plugins/check_memory.pl
  3. Make it executable
    ?
    1
    chmod +x /usr/lib/nagios/plugins/check_memory.pl
  4. Try to run it:
    ?
    1
    perl /usr/lib/nagios/plugins/check_memory.pl -w 50% -c 25%
  5. This should give something like “CHECK_MEMORY OK – […] free […]”. If an error occurs, you probably need to install the perl module Nagios::Plugin. On Debian, the easiest way is:
    ?
    1
    apt-get install libnagios-plugin-perl

    On other distros, you might use CPAN:

    ?
    1
    perl -MCPAN -e 'install Nagios::Plugin'

    This will ask you lots of questions and install lots of dependencies (where you should say “yes”).

  6. Configure the check_memory command. To do this, create a file /etc/nagios-plugins/config/memory.cfg with this content:
    ?
    1
    2
    3
    4
    5
    # 'check_memory' command definition
    define command{
            command_name    check_memory
            command_line    perl /usr/lib/nagios/plugins/check_memory.pl -w $ARG1$ -c $ARG2$
            }
  7. Now you can use the check_memory command to define a service. For example, add this to /etc/icinga/objects/localhost_icinga.cfg (assuming you define localhost-services there):
    ?
    1
    2
    3
    4
    5
    6
    define service{
            use                             generic-service
            host_name                       localhost
            service_description             Memory
            check_command                   check_memory!50%!25%
            }

    This will send you a warning when memory usage is 50% and critical when only 25% is free. You might want to adjust these values of course depending on what is normal on your system and how early you want to be notified.

  8. Check your configuration:
    ?
    1
    /usr/local/icinga/bin/icinga -v /etc/icinga/icinga.cfg
  9. Restart Icinga / Nagios if the preflight-check was okay:
    ?
    1
    /etc/init.d/icinga restart

This should be it.

I hope this helped somebody.

To monitor memory usage of a remote server, you’ll need SNMP for example. Maybe I’ll post another blog post on this soon.

Recommendation

Try my Open Source PHP visitor analytics script CrazyStat.

26. January 2013

Funny pseudo-exploit for phpLiteAdmin

Filed under: PHP,phpLiteAdmin,Security,Server Administration — Tags: , , , , , , , , — Christopher Kramer @ 16:57

It seems people really got interested in the security of phpLiteAdmin. That’s cool, lots of people searching for security issues will give us the opportunity to fix a lot of things in a short period of time. Go on searching. We’ll go on fixing.

But some of these exploiters only publish an “exploit” that contains no real issue at all. Probably only to get some publicity, or maybe because they don’t even realize that what they “found” is not an issue at all. Or meant as a joke?

I recently found a new “security exploit” listing several “vulnerabilities”, which in fact are no bugs of phpLiteAdmin at all but misconfiguration or even features. So here I want to have a look at an “exploit” released by “KedAns-Dz”:

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Okay yeah. We know exploiters love ASCII art. Kind of cool, agreed.
###
# Title : phpLiteAdmin v1.8.x->1.9.x (SQLi/FD) <= Multiple Vulnerabilities
# Author : KedAns-Dz
# E-mail : ked-h (@hotmail.com / @1337day.com)
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com .net .org
# FaCeb0ok : http://fb.me/Inj3ct0rK3d
# TwiTter : @kedans
# Friendly Sites : www.r00tw0rm.com * www.exploit-id.com
# Type : proof of concept - webapp 0day - remote - php
# Tested on : Windows7
###
# <3 <3 Greetings t0 Palestine <3 <3
# F-ck HaCking, Lov3 Explo8ting !
As I said. I like exploits as well. Even if they just make me laugh 😉
######## [ Proof / Exploit ] ################|=>
# Google Dork :
# allintext:"Powered by phpLiteAdmin | "
##################
# [!] Description:
------------------
phpLiteAdmin is suffer from multiple vulnerabilities / bugs in
v1.8.x to-> 1.9.x , the attacker can use some bug in the Script
to inject some remote SQL command/code , and Disclosure the Full Path.
Interesting to say 1.9.x when there are still 1.9.x versions to be released in the future. So you are sure we won’t fix your “bugs”? Probably you are right 😉
# Bugs :
#-------
# Authentication Bypass
# SQL Injection/Exec
# Full Path Disclosure
#######################
#### (1) Authentication Bypass :
--------------------------------
[!] php-code :
line 38->39 :::::::::::::::::
//password to gain access
$password = "admin";
:::::::::::::::::::::::::::::
- not affected on all targets, just change the password to fix it
LOL
[+] http://[target]/[path]/phpliteadmin.php
[*] password : admin
I didn’t know we call it an “Authentication Bypass” if we use the authentication system by entering the correct password. Yeah, phpLiteAdmin has a default password, which is “admin”. No secret here. I mean, anybody keeping the default password on a publicly accessible installation should know that other people could get access. Current version of phpLiteAdmin even shows you a warning if you still use the default pw.
No “bug” or “vulnerability” at all.
#### (2) Full Path Disclosure :
-------------------------------
[+] http://[target]/[path]/phpliteadmin.php?view=import
[!] & Import File with (NULL/Bad) Content =>
- you get some sql error msg with the full path of phpliteadmin.php
ex: '-------------
Warning: PDO::exec(): SQLSTATE[HY000]: General error:
trying to execute an empty query in C:\Program Files\EasyPHP-12.1\www\phpliteadmin.php on line 987
____________________________________
Warning: SQLiteDatabase::queryExec() [sqlitedatabase.queryexec]: Cannot execute empty query.
in /homepages/20/d421371141/htdocs/pauleschoen.com/cgi-bin/phpliteadmin.php on line 646
------------------'
proof image (http://i46.tinypic.com/ddmek5.png) # in local test
proof image (http://i49.tinypic.com/juepet.png) # in remote test
LOL. That’s one of the most difficult ways to make phpLiteAdmin produce a PHP error message 😉
Probably you should configure your webserver correctly. Everybody who enables php-ini directive “display_errors” on a public server effectively provokes a “full path disclosure” somewhere. Maybe you should better publish an exploit for php itself 😉
Okay, seriously: We could use ini_set to make sure phpLiteAdmin won’t show any php errors. We probably will. But nevertheless, on about any php-server, you’ll find another script where you can provoke a php-error.
I am not saying it is good that these errors can happen at all. Of course it’d be better to improve checking of input and catch errors properly. This would be a real issue. But not a “vulnerability”. If these errors get displayed, your webserver is configured in a vulnerable way, which is not the fault of phpLiteAdmin.
#### (3) SQL Injection :
------------------------
php-code ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
$query = "SELECT * FROM ".$db->quote_id($_GET['table'])." WHERE ROWID = ".$pks[$j];
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
[+] http://[target]/[path]/phpliteadmin.php?action=row_view&table='
[&] http://[target]/[path]/phpliteadmin.php?action=row_view&table=' [ SQLi ]
If you publish an SQL injection exploit, why don’t you insert some real SQL as a proof of concept? Maybe because what you “found” here in fact is no SQL injection at all?
The function quote_id() will make sure you cannot inject some other SQL command. Of course you can “inject” some invalid table-name, which will make phpLiteAdmin show up some errors, as your “proof image” shows. So another complicated way of producing an error message. Congratulations! But you cannot inject a “DROP Table” here or something like that.
Moreover, it is ridiculous to even search for an SQL injection in phpLiteAdmin. If you are logged into phpLiteAdmin, you can of course perform any SQL command. That is what phpLiteAdmin is made for. It even gives you a GUI to perform SQL queries in a comfortable way. No need to inject them via parameters.
As long as you cannot inject an SQL query without authenticating properly, any “SQL injection” in phpLiteAdmin is not a security vulnerability but a normal issue. If some table has a special name, e.g. containing quotes, we need to make sure the name is escaped properly so phpLiteAdmin works as expected. But this is not the case here: quote_id() will make sure every table-name will be escaped properly. No issue here at all.
#### (4) Exec SQL code :
------------------------
Go to :
[*] http://[target]/[path]/phpliteadmin.php?view=sql
-& put the SQL Code in the text-area (Run SQL query/queries :)
and click 'GO' to exec ;) .
LOL. That’s a really funny one. You might call this a vulnerability, I’d call it a feature.
Don’t you show yourself here that issue 3 is ridiculous?
So I am not sure if this exploit really was meant seriously or if it was meant as a joke. It made me laugh anyway.
I hope you enjoyed it as well. Keep on exploiting!

 

15. January 2013

phpLiteAdmin 1.9.3.3 released fixing an XSS vulnerability

Filed under: PHP,phpLiteAdmin,Security — Tags: , , , , , , — Christopher Kramer @ 11:53

It seems currently people have a very close look at security of phpLiteAdmin. This is really good. We immediately fix any security issue we get aware of. Therefore, we yesterday released another security patch with version 1.9.3.3. The security issue fixed in this version is an XSS vulnerability. The risk of this particular issue is considered medium. All users of phpLiteAdmin < 1.9.3.3 are advised to update to the new version. Users of the development version of 1.9.4 should please update to the latest revision from svn, at least revision 317 (2013-01-14).

We are really sorry for those users who needed to update phpLiteAdmin three times in the last days. But the only way to solve security issues is to patch, just ignoring them will not help.

Thanks a lot to Urd for making us aware of this issue. If anybody thinks he found a security issue, please do as Urd did and contact us.

To update phpLiteAdmin, just download the new version, adjust the configuration and replace the phpliteadmin.php with the new one.

Christopher Kramer,

member of the phpLiteAdmin team

12. January 2013

phpLiteAdmin: Another security release 1.9.3.2

Filed under: PHP,phpLiteAdmin,Security — Tags: , , , , , , — Christopher Kramer @ 01:27

Yesterdays security release for phpLiteAdmin unfortunately did not fix the security issues described by an exploit published by “l@usch” completely. Therefore, today a new release 1.9.3.2 was published to cover the remaining issues.

All users of phpLiteAdmin < 1.9.3.2 are advised to update their installation to 1.9.3.2. The fixed security issues can only be used by users with access to phpLiteAdmin, i.e. users that know the password. As a general recommendation, you should always use a secure password an keep it secret. Never use the default password on a publicly accessible installation.

I’d like to thank l@usch for reporting the issue and his cooperation to resolve it.

To update, just download the new version, adjust the configuration and replace your old phpliteadmin.php with the new one.

11. January 2013

phpLiteAdmin: Release 1.9.3.1 fixes a security issue

Filed under: PHP,phpLiteAdmin,Security — Tags: , , , , , — Christopher Kramer @ 00:07

Today, a security issue of phpLiteAdmin was discovered and published. The new version 1.9.3.1, which has just been released, fixes this issue. All users of phpLiteAdmin are recommended to update their installation to the current version 1.9.3.1.
The security issue can only be used by users with access to phpLiteAdmin, i.e. users that know the password, to gain more rights on the system. Therefore, the issue cannot be exploited if you use a strong password an keep it secret. For this reason, this is always recommended. Please never use the default password if phpLiteAdmin is publicly accessible over the internet.

To update phpLiteAdmin, just adjust the configuration in the new version and replace the phpliteadmin.php with the new one. Done in a minute or two.

You can download the new version here.

24. December 2012

Happy 7th birthday, CrazyStat! And merry christmas!

Filed under: CrazyStat,PHP,phpLiteAdmin — Tags: , , , — Christopher Kramer @ 17:02

Sorry CrazyStat, this time I am two days late. On Saturday, it was CrazyStat’s 7th birthday.

As every year, I want to give a look back at what happened this year, and a look forward on my plans on the future.

Most importantly, the development of CrazyStat got more open, as I had planned. I opened a Sourceforge project for CrazyStat, a forum for discussion and support, and made CrazyStat’s svn publicly available on Sourceforge. So a bugtracker and a FAQ script is still to be opened. I guess I’ll do so this year.

Another great thing that happened: CrazyStat got translated into two more languages: Russian  and Portuguese. Together with English, German, Dutch and Danish, CrazyStat is now available in 6 languages. Thanks a lot to all translators for their work! I hope a lot of more languages will come in the future. If you speak another language, please contact me, it is really not so much work to do.

With the release of 1.71 RC1 (which basically is a final version, I won’t release another 1.71), CrazyStat also made some good improvements, although it was mainly a maintenance release.

Looking at my plans I had last year, not every goal has been achieved yet, but some of them have: The release of 1.71, making CrazyStat development more open and blogging more. For version 1.80, I did not find much time this year. But CrazyStat development will continue this year, so stay tuned.

Thanks to all users of CrazyStat. Especially thanks to everybody who donated! If you like CrazyStat, please consider a small donation.  Thanks a lot also to those users who gave feedback, requested features and reported bugs. If you do so, please use the forum.

I also joined the development team of phpLiteAdmin, a web-GUI for SQLite-Databases. I think phpLiteAdmin is a very promising project and I will continue my participation in it.

Merry Christmas everybody and a happy new year!

11. December 2012

VIA VT6421 SATA RAID Controller: Hardware Initiate Failed (HDD)

Filed under: Uncategorized — Tags: , , , , , , , , , , , , , , — Christopher Kramer @ 21:24

My home-server’s motherboard is quite old and does not have onboard SATA. Therefore, when I bought a new hard drive for the server, I connected it to a PCI SATA controller card. Performance doesn’t matter much with this server (I am the only user, it mostly only runs cronjobs and the-like). The SATA card had a VIA VT6421 chip on it. From time to time, I had the problem that the computer wouldn’t boot failing with this error message:

Hardware Initiate failed. Please check Device.
The BIOS does not be installed. Press g to Continue.

Nice error message 😉
If you google this, you’ll find lots of people with this problem.

When I pressed CTRL+ALT+DEL to reboot the pc, it always detected the drive then. On the internet I found out that the problem is caused by SATA 300 (3Gbit/s) hard drives attached to the VT6421, which only supports SATA 150 (1,5Gbit/s). The Samsung drive I had at this time (a Samsung F2 EcoGreen 1500GB HD154UI 5400/m) didn’t have a jumper to change to SATA 150 (like some drives have), but Samsung provided a bootable tool to change the speed setting of the drive. (Samsung does not produce hard drives any longer, so I couldn’t find the software on the Samsung site anymore. I have it burnt on a CD, though. Contact me in case Samsung doesn’t publish it any longer and you really need it.)

Using the tool with the Samsung drive didn’t really solve the problem for me. But as it only occurred from time to time, I did not invest any more time to solve the problem.

Then one day the Samsung drive died 🙁 and I bought a new drive. This time it was a Seagate drive (Seagate 2000GB Barracuda Green ST2000DL003). With this drive, the problem occurred every time I booted the pc. As before, restarting the computer made it detect the drive, but it was very annoying. This drive has a jumper to set the speed to SATA 150. I inserted the jumper as described on the Seagate website (attention! look at the graphic twice because it is drawn upside-down!). The problem remained unchanged :(.

Finally, I found the solution to my problem while googling forums again. Somebody wrote that he could not make the SATA controller detect the drive since he disconnected the dvd drive (sorry I cannot give the link, I do not remember where I read it. Thanks a lot to the guy who wrote this nevertheless!). So I connected an unused dvd drive to the IDE port of the sata controller board (I did not use the IDE ports of the VT6421 card at all before, only the sata ports). And from now on, the controller detected the drive correctly! 🙂

So the short story is: Connect some additional device like a dvd drive to the IDE port of the controller card to solve the SATA problem!
At lest it worked for me. Maybe you additionally need the jumper as well (I did not remove it).

Kind of weird. I guess detecting the IDE device makes the controller busy for a moment so the drive is ready once the controller tries to detect it. But that’s only guessing.

I hope this helps somebody with the same problem. Please share your experience in the comments if it helped you.

26. November 2012

CrazyStat: Detect Windows 8

Filed under: CrazyStat,PHP,Windows — Tags: , , , , — Christopher Kramer @ 10:50

To make CrazyStat detect Windows 8, just replace stat/usr/keywords/os.txt with the one I just committed to svn.

Download it here

(If this link does not work, use this one and click “download this file” there.)

Just upload this file to stat/usr/keywords.

22. November 2012

Windows: How to find out the MAC address of your ethernet / wireless adapter?

Filed under: Windows — Christopher Kramer @ 15:25

Trying to find out the MAC-address of my ethernet adapter, I tried ipconfig and all the properties of the adpater in device manager but could not find it. Then I found out that ipconfig displays it, if the /all switch is added:

?
1
ipconfig /all

This will list all your network devices. Their MAC addresses are listed as the “Physical address”.

To run this, you need a command window. You can get it like this:

[Windows-Key] + [r]

Type in “cmd” and hit enter.

Then you get a black window with white text where you enter “ipconfig /all”.

(The windows-key is the one between the left CTRL and ALT. If you don’t have one (I heard this still exists ;-)), click Start/Run in Win XP or click Start, type “cmd” and then enter in Win7).

3. November 2012

phpLiteAdmin 1.9.3 released (security-update)

Filed under: DBMS,PHP,phpLiteAdmin,Security,Server Administration — Tags: , , , , , , , , , , — Christopher Kramer @ 00:45
Screenshot of phpLiteAdmin 1.9.3

Screenshot of phpLiteAdmin 1.9.3

Some minutes ago, I released the new version of phpLiteAdmin, a web management GUI for SQLite databases written in PHP. You can download it from our project site.

The new version addresses and mostly fixes lots of issues. Among these, one security issue has been fixed. Therefore, I’d recommend anybody using phpLiteAdmin to update.

A lot of work has gone into this release, fixing lots of bugs to make phpLiteAdmin more robust. For example, you can now have tables or columns containing special characters. The ALTER TABLE features have been partly rewritten so they now work a lot more reliable. And lots of other issues have been fixed. Thanks to anybody who reported bugs to the bug tracker.

If you still have any problems or suggestions, please let us know on our issue tracker.

« Newer PostsOlder Posts »