Is there a way to determine MySQL SSL connectivity without authentication? - mysql

I'd like to connect to a MySQL server (AWS RDS, if you must know) via SSL. I'm familiar with the basic mechanics involved.
All the methods I've seen so far involve running a SQL query to determine that the current connection uses SSL.
My concern is that this is a "chicken and egg" problem: I would need to send my credentials to the server potentially in plain text, so I can run a query on the server to determine that it was not plain text.
Is there a way to run the SHOW STATUS LIKE 'Ssl_cipher'; query without first authenticating?
This seems like a pretty basic requirement (I'd like to know that my password will be encrypted BEFORE sending it over the wire) but it seems difficult to find the required information.
I've read the following resources:
https://kb.berkeley.edu/page.php?id=23112
http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html
http://dev.mysql.com/doc/refman/5.0/en/creating-ssl-certs.html

MySQL native authentication was never sending password over network without regard of SSL usage (it always sends result of function of password and salt returned from Server instead).
In recent versions it may be beneficial to send clear text password - but that may happen only if you explicitly provide option (on client) --enable-cleartext-plugin (or similar).

Related

Send data to a MySQL server over an internet connection

I'm a total beginner to MySQL, I'm more of a firmware specialist. I'm working on an application where I will be getting GPS coordinates from a microcontroller + cellular device and I would like some way to store the coordinates and do processing on them. I figured a database hosted on a server made the most sense, which is what has brought me to MySQL.
Basically, I'm wondering what the basic protocol is for sending data to a MySQL server over an internet connection (my device has data). Like how do I connect to the server and publish data to it?
I'm experienced with MQTT and I think I could do TCP as well but I'm looking for a protocol that is not super power-intensive and I can't use anything that requires an operating system, like a python script.
To be clear, I am NOT asking you to tell me every step for how this is done, but basically what protocol and what tools could I use? Anything you can tell me would be appreciated.
I was thinking that I could use the MySQL client C code to help write a driver that could allow me to connect to the server. I'm experienced with writing drivers and the microcontroller I'm using uses C.
You need no direct connection to the DB at all. Your cellular device should be able to establish tcp connection to the ipaddress/port and to send the byte-stream through the connection. It can be the dumb unidirectional protocol with losses.
You need some service that can listen on the other side, that can parse your byte-stream, can fetch the correct packets from it and then send the data to the database. Speaking frankly that service can even be written in linux shell:
nc -lk 1234 | collector.sh
where collector.sh is a script like that:
#!/bin/sh
while read LINE
do
# $LINE parsing and all the staff
mysql -e "INSERT INTO mygps.nmea (lat,lon,dtime) VALUES ($LAT, $LON, $DTIME);"
done <<< /dev/stdin
####
Sure it isn't a best solution but it was really helpful for me at the very beginning. Then you can proceed the gathered data in any desired way.
Build a simple server that communicates with whatever gathered data and then use the server so send the data to MySQL with the help of MySQL connector. Building part of the protocol will quite time consuming. - nbk
If you "can't use anything that requires an operating system" you need some middleware that can run the MySQL client driver to talk to the database, you will then use MQTT to pass data between your sensor and the middleware. If you don't want to write this middleware yourself, something like Node-RED might come handy.
You certainly can reimplement the driver for your MC, though I personally would not want to waste the time on something like this when I can assemble a solution from existing components. Database protocols are typically chatty, synchronous, and sensitive to network quality, and I wouldn't want to waste my MC cycles on that when I can make middleware do that asynchronously. - mustaccio
Simply "reverse ssh port forwarding"? That can be done, I think, with a single ssh command at one (or both) end of the connection. MySQL, by default, needs the client to connect on port 3306 to the server. - rick-james

Getting gobbledegook from SQL server on mysql turns out its a old codepage.Why is it set up like this? How do I change the defaults?

I'm writing a new project that utilises MySQL , There is no problem with the app I'm working on, but when the app recives the output from my sql server it immediately rejects it as null. When accessing my SQL server on port 3306 I am getting strange garbled messages back as well as the short message 'packets out of order.' In my setup I have, MAMP, Docker, Apache server and PHP. I can access each service on its respective port just fine.
1) I have looked into this by running console in the browser which reports the text being incorrectly formatted to something that isn't utf-8
2) I have followed this guide
https://medium.com/#manish_demblani/breaking-out-from-the-mysql-character-set-hell-24c6a306e1e5 and the results that my sql server have churned out are as follows
enter image description here
My question is this. Why is MySQL set up in this strange fashion? Why is it presenting in CP850 /DOS/ Latin? Are there no defaults/config files to change or is it done through windows somewhere
It seems you somehow messed up the client configuration (connection string, [client]-section of your cnf file (on the system that you started the mysql console on), ...). It tells your server to send data in cp850. Not sure why you would get packets out of order, maybe you have an additional underlying problem (very old library maybe?), but I'd start there. It's unclear: did you follow the blog post and then had problems, or was that a solution attempt? In any case, try to focus your attention on the client. Try to undo changes you made. MySQL uses utf8 by default for a long time now. – Solarflare

Testing Script - Find open MySQL Ports and check Database

following Problem:
I want to Check all Open MySQL Ports in a network and give myself a list of them.
After this i want to check if i can get access to the MySQL database from the open ports.
It Would be just a security check script to avoid other people getting access to the databases.
Bash/perl/Powershell... maybe someone can give me a hint?
You can use NMAP for all port scanning tasks.
EDIT:
Lets asssume an example: mysql-vuln-cve2012-2122(This vulnerability tries to access the MySql server through open ports by bypassing authentication, if possible, also dumps the MySQL usernames and password hashes.)
Pre-requisite: You need the 'Vulns' library to be installed separately. Please read the documentation, to know more about how to install and other details, since it would be too tedious to explain it here.
mysql-vuln-cve2012-2122.pass
MySQL password. Default: nmapFTW.
mysql-vuln-cve2012-2122.user
MySQL username. Default: root.
mysql-vuln-cve2012-2122.iterations
Connection retries. Default: 1500.
mysql-vuln-cve2012-2122.socket_timeout
Socket timeout. Default: 5s.
Please leave the password blank to check for non-password vulnerabilities.
Command to run:
nmap -p3306 --script mysql-vuln-cve2012-2122 <target>
Here is your MySql instance
This will give an output, something like this:
PORT STATE SERVICE REASON
3306/tcp open mysql syn-ack
mysql-vuln-cve2012-2122:
VULNERABLE:
Authentication bypass in MySQL servers.
State: VULNERABLE
IDs: CVE:CVE-2012-2122
Description:
When a user connects to MariaDB/MySQL, a token (SHA
over a password and a random scramble string) is calculated and
compared
with the expected value. Because of incorrect casting, it might've
happened that the token and the expected value were considered
equal,
even if the memcmp() returned a non-zero value. In this case
MySQL/MariaDB would think that the password is correct, even while
it is
not. Because the protocol uses random strings, the probability of
hitting this bug is about 1/256.
Which means, if one knows a user name to connect (and "root"
almost
always exists), she can connect using *any* password by repeating
connection attempts. ~300 attempts takes only a fraction of
second, so
basically account password protection is as good as nonexistent.
Disclosure date: 2012-06-9
Extra information:
Server granted access at iteration #204
root:*9CFBBC772F3F6C106020035386DA5BBBF1249A11
debian-sys-maint:*BDA9386EE35F7F326239844C185B01E3912749BF
phpmyadmin:*9CFBBC772F3F6C106020035386DA5BBBF1249A11
For more and detailed info, please refer the above link.
The NMAP tools will not only help you in getting the list of port related vulnerabilities. It can also be used to search for other vulnerabilities like MySql injection,DDOS, brute force vulnerabilities and lot more. Though you need to download separate libraries for those.

Accessing mysql through URL

Can I Use My Browser to Access MySQL server by sending requests in URL?
I have Tried giving URL of my Server and port to which it is bound send the user name and password in URL as properties and value
http://127.0.0.1:3306/?user=root&password=password
But it gives error like (J���
5.5.28����/,-<&Hv;�ÿ÷�€����������ca>OR08fzTsi�mysql_native_password�!��ÿ„#08S01Got packets out of order)
Does using Any protocol Work?
You are attempting to access a server bound on a port that does not speak the protocol of http, but the socket open request is naturally granted.
Mysql responds in non-http and non-html output, and your browser displays the gobbly-gook. As your browser is naturally not a mysql client with baked in mysql library calls to deal with that handshake, the train just went off the tracks.
Instead of trying to craft an extension to mysql to perform this, it is best to redirect one's focus to the likes of PHP, asp.net, a java back-end middle-ware, etc.
As for passing values like you are in the URL, I suggest you read This Blog Here and jump down to the text showing:
Doesn’t look too bad? Let’s take a look at the URL:
A_URL?domain=&subdomain=sdjflsdhkfhds&name=asdasdf&email=aaaaa#letthemeatspam.com&pass1=ThisIsMyPassword&pass2=ThisIsMyPassword&aggree=yes&error_multiple=&error_domain=&error_subdomain=&error_name=&error_email=&error_pass=2&error_tos=&error_number=&error_js=&error_disposable=1&error_bad_gmail=
Not only is that information sitting in your users cache, it is visible along the way between the user and server (perhaps half a dozen hops) and is logged. If that doesn't raise an eyebrow of concern, I don't know what more to say.
You cannot use your browser to access MySQL without installing a browser-based tool such as phpMyAdmin. I do not recommend this.
Instead, just use the MySQL command line client. From a shell prompt:
mysql -h127.0.0.1 -uroot -p
You will be prompted for your password.

Classic ASP Remote SQL Connection String

I have a dilemma which is completely and utterly baffling me...
We have a Classic ASP site which has been running for about a year, its powered via a local Win2008 SQL database (The SQL Express engine is on the same server as IIS). This is the connection string we currently use
Provider=SQLNCLI10;Server=SERVERNAME\SQLEXPRESS;Database=dbname;user id=username;password=password;
We now have a need to move the database to a dedicated DB server, and connect to it remotely - We restored the DB on the server, and checked everything looked ok (All data is present in all tables)
So we changed the server name to the IP address and was unable to get it to connect, in the end the only way we could get it to connect was using this connection string.
driver={SQL Server Native Client 10.0};server=IPADDRESS\SQLEXPRESS,1433;uid=user;pwd=password;database=dbname;
HOWEVER... Now it's randomly missing product names and SKU's and prices in the front and back end, even though the data is present in the DB AND it is REALLY slow to display the webpages? If I use the same DB locally with the previous connection string its fine and all data is appearing?
I know this DB server is fine as it powers other ASP.NET sites with via a remote connection and they are very fast to connect?
Any hints... or help on why this new connection string is causing problems with reading data from the DB???
To update the native client on the web server to the most recent public version, go here:
http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2567714
Check the box for "2008R2_SP1_SNAC_CU2_2567714_10_50_2772_x86" if your web server is an X86 machine, and "2008R2_SP1_SNAC_CU2_2567714_10_50_2772_x64" if it is 64-bit. Enter your e-mail address, fill in the captcha, hit "Request hotfix" and the download link will be e-mailed to you. Download it to the web server, run the installer (using the password sent to you in the e-mail) and restart the web server. Now try your original connection string again.
EDIT
Adding some other sample connection strings that I have used in the past (I've been a classic ASP guy since the 90s, founding and writing 95% of the content on aspfaq.com, including this article on connection strings). As requested in a comment to the original question.
Note that "srv" could be IP address, or localhost, or servername, or . and it could be followed by \INSTANCE_NAME (e.g. \SQLEXPRESS). I would try them in this order, and pay attention to the parameter names as well as the values - you seem to mixing modern parameter names (e.g. Provider) with less modern ones (e.g. Database).
Provider=SQLNCLI10;Data Source=srv;Initial Catalog=db;User ID=user;Password=pwd;
Provider=SQLOLEDB.1;Data Source=srv;Initial Catalog=db;User ID=user;Password=pwd;
Provider=SQLOLEDB;Data Source=srv;Initial Catalog=db;User ID=user;Password=pwd;
Driver={SQL Server};Server=srv;Database=db;UID=user;PWD=pwd;
Sometimes if you are having issues with Named Pipes or Shared Memory it can help to enforce TCP/IP by adding the following parameter:
NETWORK=DBMSSOCN;
You can get a lot more information over at Carl Prothman's site or ConnectionStrings.com. They no longer cater to classic ASP specifically, for obvious reasons, but you can still glean a lot of information from the samples they provide for other languages.