This is very annoying! Every time you update your Android SDK Build-tools (for example 24.0.3 to 25), you need to edit your project configuration. It never happened on Eclipse before. Please bring back support to Eclipse to develop Android application.
Software:
Android SDK Manager 25.2.2 (Stand Alone)
Android Studio 2.2.2
Oracle JDK 1.8.0_102
Windows 10 x64
This is the error message:
Error:Failed to find Build Tools revision 24.0.2
<a href="/web/joomla/install.build.tools">Install Build Tools 24.0.2 and sync project</a>
To fix it, do these:
in 1: Project change view to Android
Go to [your_project]->app and open build.grandle
change buildToolsVersion "24.0.2" -> buildToolsVersion "25.0.0"
...
android {
compileSdkVersion 24
buildToolsVersion "25.0.0"
...
Save it and click Try Again or Sync your project
Monday, October 31, 2016
Friday, October 28, 2016
Debian Jessie: installing OpenJDK-8, Mysql JDBC and PostgreSQL JDBC
Install all packages:
# apt-get install openjdk-8-jdk libmysql-java libpostgresql-jdbc-java libpostgresql-jdbc-java-doc
Note: openjdk-8-jdk requires backports repository, add this into /etc/apt/sources.list
deb http://ftp.de.debian.org/debian jessie-backports main
To set Java Environment for all users, add/edit /etc/environment:
JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64"CLASSPATH=".:/usr/share/java/mysql.jar:/usr/share/java/postgresql-jdbc4.jar"
Note: if you prefered to use postgresql-jdbc3, replace /usr/share/java/postgresql-jdbc4.jar with /usr/share/java/postgresql.jar
Example Java code loading MySQL:
import java.sql.Connection;import java.sql.DriverManager;import java.sql.SQLException;import java.util.Properties;class TestDB { /* /usr/share/java http://dev.mysql.com/doc/connector-j/5.1/en/ https://jdbc.postgresql.org/documentation/documentation.html */ static Connection conn = null; public static void main(String[] args) { // MySQL try { System.out.println("Loading Class com.mysql.jdbc.Driver"); Class.forName("com.mysql.jdbc.Driver") ; System.out.println("Loading com.mysql.jdbc.Driver Successful"); conn = DriverManager.getConnection("jdbc:mysql://localhost/database?user=user&password=password"); // Do something with the Connection System.out.println("Test Connection Successful"); } catch (SQLException ex) { // handle any errors System.out.println("SQLException: " + ex.getMessage()); System.out.println("SQLState: " + ex.getSQLState()); System.out.println("VendorError: " + ex.getErrorCode()); } catch (ClassNotFoundException ex) { System.out.println("Class Not Found: " + ex.getMessage()); } // PostgreSQL try { System.out.println("Loading Class org.postgresql.Driver"); Class.forName("org.postgresql.Driver"); System.out.println("Loading org.postgresql.Driver Successful"); String url = "jdbc:postgresql://localhost/database"; Properties props = new Properties(); props.setProperty("user","user"); props.setProperty("password","password"); props.setProperty("ssl","true"); conn = DriverManager.getConnection(url, props); // or url = "jdbc:postgresql://localhost/database?user=user&password=password&ssl=true"; Connection conn = DriverManager.getConnection(url); // Do something with the Connection System.out.println("Test Connection Successful"); } catch (SQLException ex) { // handle any errors System.out.println("SQLException: " + ex.getMessage()); System.out.println("SQLState: " + ex.getSQLState()); System.out.println("VendorError: " + ex.getErrorCode()); } catch (ClassNotFoundException ex) { System.out.println("Class Not Found: " + ex.getMessage()); } }}- https://help.ubuntu.com/community/JDBCAndMySQL
- http://stackoverflow.com/questions/18631050/how-to-use-classpath-regarding-to-mysql-drivers-could-not-find-driver-with-cla
Thursday, October 27, 2016
Script Kiddies to use hydra
This is intended for Education purpose!
After researching how to defend our network, I want to share how to perform what they are doing. It is very easy to perform automatic password attack against various services. One of their tools is hydra. Chrome mark https://www.thc.org/ "The site ahead contains harmful programs" and Firefox mark it as "Reported Unwanted Software Page!". Who's care.... LOL
To install it
# apt-get install hydra
or
# yum install hydra
To create dictionary install British words
# apt-get install wbritish
or
# yum install words
You don't need to run this as root.
Create a directory (whatever you want). I use directory hydra.
$ mkdir hydra
$ cd hydra
Now create words file before running hydra.
$ cat /usr/share/dict/words > words.txt
You can perform ssh using
hydra -l root -P words.txt ssh://xxx.xxx.xxx.xxx
To get more option:
$ hydra -h
Hydra v8.0 (c) 2014 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes.
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvVd46] [service://server[:PORT][/OPT]]
Options:
-R restore a previous aborted/crashed session
-S perform an SSL connect
-s PORT if the service is on a different default port, define it here
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-x MIN:MAX:CHARSET password bruteforce generation, type "-x -h" to get help
-e nsr try "n" null password, "s" login as pass and/or "r" reversed login
-u loop around users, not passwords (effective! implied with -x)
-C FILE colon separated "login:pass" format, instead of -L/-P options
-M FILE list of servers to attack, one entry per line, ':' to specify port
-o FILE write found login/password pairs to FILE instead of stdout
-f / -F exit when a login/pass pair is found (-M: -f per host, -F global)
-t TASKS run TASKS number of connects in parallel (per host, default: 16)
-w / -W TIME waittime for responses (32s) / between connects per thread
-4 / -6 prefer IPv4 (default) or IPv6 addresses
-v / -V / -d verbose mode / show login+pass for each attempt / debug mode
-q do not print messages about connection erros
-U service module usage details
server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service the service to crack (see below for supported protocols)
OPT some service modules support additional input (-U for module help)
Supported services: asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL
v3.0. The newest version is always available at http://www.thc.org/thc-hydra
Don't use in military or secret service organizations, or for illegal purposes.
These services were not compiled in: sapr3 afp ncp oracle.
Use HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.
E.g.: % export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)
% export HYDRA_PROXY_HTTP=http://proxy:8080
% export HYDRA_PROXY_AUTH=user:pass
Examples:
hydra -l user -P passlist.txt ftp://192.168.0.1
hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN
hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
hydra -l admin -p password ftp://[192.168.0.0/24]/
hydra -L logins.txt -P pws.txt -M targets.txt ssh
WARNING: FOR EDUCATION PURPOSE! DO IT ON YOUR LOCAL NETWORK AND WITH YOUR OWN RISK. DOING THIS IS ON PUBLIC NETWORK IS BREAKING A LAW!
After researching how to defend our network, I want to share how to perform what they are doing. It is very easy to perform automatic password attack against various services. One of their tools is hydra. Chrome mark https://www.thc.org/ "The site ahead contains harmful programs" and Firefox mark it as "Reported Unwanted Software Page!". Who's care.... LOL
To install it
# apt-get install hydra
or
# yum install hydra
To create dictionary install British words
# apt-get install wbritish
or
# yum install words
You don't need to run this as root.
Create a directory (whatever you want). I use directory hydra.
$ mkdir hydra
$ cd hydra
Now create words file before running hydra.
$ cat /usr/share/dict/words > words.txt
You can perform ssh using
hydra -l root -P words.txt ssh://xxx.xxx.xxx.xxx
To get more option:
$ hydra -h
Hydra v8.0 (c) 2014 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes.
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvVd46] [service://server[:PORT][/OPT]]
Options:
-R restore a previous aborted/crashed session
-S perform an SSL connect
-s PORT if the service is on a different default port, define it here
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-x MIN:MAX:CHARSET password bruteforce generation, type "-x -h" to get help
-e nsr try "n" null password, "s" login as pass and/or "r" reversed login
-u loop around users, not passwords (effective! implied with -x)
-C FILE colon separated "login:pass" format, instead of -L/-P options
-M FILE list of servers to attack, one entry per line, ':' to specify port
-o FILE write found login/password pairs to FILE instead of stdout
-f / -F exit when a login/pass pair is found (-M: -f per host, -F global)
-t TASKS run TASKS number of connects in parallel (per host, default: 16)
-w / -W TIME waittime for responses (32s) / between connects per thread
-4 / -6 prefer IPv4 (default) or IPv6 addresses
-v / -V / -d verbose mode / show login+pass for each attempt / debug mode
-q do not print messages about connection erros
-U service module usage details
server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service the service to crack (see below for supported protocols)
OPT some service modules support additional input (-U for module help)
Supported services: asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL
v3.0. The newest version is always available at http://www.thc.org/thc-hydra
Don't use in military or secret service organizations, or for illegal purposes.
These services were not compiled in: sapr3 afp ncp oracle.
Use HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.
E.g.: % export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)
% export HYDRA_PROXY_HTTP=http://proxy:8080
% export HYDRA_PROXY_AUTH=user:pass
Examples:
hydra -l user -P passlist.txt ftp://192.168.0.1
hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN
hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
hydra -l admin -p password ftp://[192.168.0.0/24]/
hydra -L logins.txt -P pws.txt -M targets.txt ssh
WARNING: FOR EDUCATION PURPOSE! DO IT ON YOUR LOCAL NETWORK AND WITH YOUR OWN RISK. DOING THIS IS ON PUBLIC NETWORK IS BREAKING A LAW!
Tuesday, October 25, 2016
fail2ban: autoreporting attack to www.abuseipdb.com
Create file /etc/fail2ban/action.d/abuseipdb.conf
Edit /etc/fail2ban/jail.conf
To find available category, follow this rule.
Restart your fail2ban.
Tested on Fail2ban 0.9.x
# Fail2Ban configuration file## Author: IGAM Muliarsa### Action to report IP address to abuseipdb.com# you must sign up in https://www.abuseipdb.com# This action requires API_KEY# https://www.abuseipdb.com/report/json?key=[API_KEY]&category=[CATEGORIES]&comment=[COMMENT]&ip=[IP]## IMPORTANT:## Reporting an IP of abuse is a serious complaint. Make sure that it is# serious. Fail2ban developers and network owners recommend you only use this# action for:# * The recidive where the IP has been banned multiple times# * Where maxretry has been set quite high, beyond the normal user typing# password incorrectly.# * For filters that have a low likelyhood of receiving human errors#[Definition]# Option: actionstart# Notes.: command executed once at the start of Fail2Ban.# Values: CMD#actionstart =# Option: actionstop# Notes.: command executed once at the end of Fail2Ban# Values: CMD#actionstop =# Option: actioncheck# Notes.: command executed once before each actionban command# Values: CMD#actioncheck =# Option: actionban# Notes.: command executed when banning an IP. Take care that the# command is executed with Fail2Ban user rights.# Tags: See jail.conf(5) man page# Values: CMD#actionban
= curl --data 'key=<apikey>' --data 'category=<category>'
--data 'ip=<ip>' --data-urlencode 'comment=<matches>'
--user-agent 'fail2ban v0.8.12' 'https://www.abuseipdb.com/report/json'# Option: actionunban# Notes.: command executed when unbanning an IP. Take care that the# command is executed with Fail2Ban user rights.# Tags: See jail.conf(5) man page# Values: CMD#actionunban =[Init]# Option: apikey# Notes your user apikey from abuseipdb.com user account # Values: STRING Default: None#apikey = REPLACE_WITH_YOUR_API_KEY# Option: service# Notes service name you are reporting on, typically aligns with filter name# Values: STRING Default: None##service =Edit /etc/fail2ban/jail.conf
...[sshd]port = sshlogpath = %(sshd_log)sbackend = %(sshd_backend)senabled = truefilter = sshdaction = iptables-ipset-proto4[] mlocaldb[category=10] abuseipdb[category=4,18,22]...To find available category, follow this rule.
Restart your fail2ban.
Tested on Fail2ban 0.9.x
References:
- https://www.abuseipdb.com/api.html
Thursday, October 13, 2016
PHP >= 5.5: password hashing
To hash password (using default algorithm bcrypt)
$mypass = "password";$myhash = password_hash($mypass, PASSWORD_DEFAULT);To verify password
$brutepass = "test";
password_verify ($brutepass, $myhash); // true or falseStoring password in database
"Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice)." Maybe varchar(255)Reference:
- http://www.php.net/manual/en/faq.passwords.php
- http://id1.php.net/manual/en/book.password.php
Subscribe to:
Posts (Atom)