Author: 黄忠

Coreseek 4.1 beta MySQL sphinx 引擎更新

黄忠 数据库 , 0 Comment

编译 MySQL Sphinx 引擎时,出现以下错误: 

In file included from /root/mysql-5.6.9-rc/storage/sphinx/ha_sphinx.cc:62:
/root/mysql-5.6.9-rc/storage/sphinx/ha_sphinx.h:130: error: ISO C++ forbids declaration of 'COND' with no type
/root/mysql-5.6.9-rc/storage/sphinx/ha_sphinx.h:130: error: 'COND' declared as a 'virtual' field
/root/mysql-5.6.9-rc/storage/sphinx/ha_sphinx.h:130: error: expected ';' before '*' token

Coreseek (coreseek-4.1-beta) 自带的 Sphinx 引擎需要更新其中的一个文件: ha_sphinx.h

//
// $Id: ha_sphinx.h 3858 2013-05-15 16:51:49Z tomat $
//

#ifdef USE_PRAGMA_INTERFACE
#pragma interface // gcc class implementation
#endif


#if MYSQL_VERSION_ID>=50515
#define TABLE_ARG	TABLE_SHARE
#elif MYSQL_VERSION_ID>50100
#define TABLE_ARG	st_table_share
#else
#define TABLE_ARG	st_table
#endif


#if MYSQL_VERSION_ID>=50120
typedef uchar byte;
#endif


/// forward decls
class THD;
struct CSphReqQuery;
struct CSphSEShare;
struct CSphSEAttr;
struct CSphSEStats;
struct CSphSEThreadData;

/// Sphinx SE handler class
class ha_sphinx : public handler
{
protected:
	THR_LOCK_DATA	m_tLock;				///< MySQL lock

	CSphSEShare *	m_pShare;				///< shared lock info

	uint			m_iMatchesTotal;
	uint			m_iCurrentPos;
	const byte *	m_pCurrentKey;
	uint			m_iCurrentKeyLen;

	char *			m_pResponse;			///< searchd response storage
	char *			m_pResponseEnd;			///< searchd response storage end (points to wilderness!)
	char *			m_pCur;					///< current position into response
	bool			m_bUnpackError;			///< any errors while unpacking response

public:
#if MYSQL_VERSION_ID<50100
					ha_sphinx ( TABLE_ARG * table_arg ); // NOLINT
#else
					ha_sphinx ( handlerton * hton, TABLE_ARG * table_arg );
#endif
					~ha_sphinx () {}

	const char *	table_type () const		{ return "SPHINX"; }	///< SE name for display purposes
	const char *	index_type ( uint )		{ return "HASH"; }		///< index type name for display purposes
	const char **	bas_ext () const;								///< my file extensions

	#if MYSQL_VERSION_ID>50100
	ulonglong		table_flags () const	{ return HA_CAN_INDEX_BLOBS; }			///< bitmap of implemented flags (see handler.h for more info)
	#else
	ulong			table_flags () const	{ return HA_CAN_INDEX_BLOBS; }			///< bitmap of implemented flags (see handler.h for more info)
	#endif

	ulong			index_flags ( uint, uint, bool ) const	{ return 0; }	///< bitmap of flags that says how SE implements indexes
	uint			max_supported_record_length () const	{ return HA_MAX_REC_LENGTH; }
	uint			max_supported_keys () const				{ return 1; }
	uint			max_supported_key_parts () const		{ return 1; }
	uint			max_supported_key_length () const		{ return MAX_KEY_LENGTH; }
	uint			max_supported_key_part_length () const	{ return MAX_KEY_LENGTH; }

	#if MYSQL_VERSION_ID>50100
	virtual double	scan_time ()	{ return (double)( stats.records+stats.deleted )/20.0 + 10; }	///< called in test_quick_select to determine if indexes should be used
	#else
	virtual double	scan_time ()	{ return (double)( records+deleted )/20.0 + 10; }				///< called in test_quick_select to determine if indexes should be used
	#endif

	virtual double	read_time ( ha_rows rows )	{ return (double)rows/20.0 + 1; }					///< index read time estimate

public:
	int				open ( const char * name, int mode, uint test_if_locked );
	int				close ();

	int				write_row ( byte * buf );
	int				update_row ( const byte * old_data, byte * new_data );
	int				delete_row ( const byte * buf );
	int				extra ( enum ha_extra_function op );

	int				index_init ( uint keynr, bool sorted ); // 5.1.x
	int				index_init ( uint keynr ) { return index_init ( keynr, false ); } // 5.0.x

	int				index_end ();
	int				index_read ( byte * buf, const byte * key, uint key_len, enum ha_rkey_function find_flag );
	int				index_read_idx ( byte * buf, uint idx, const byte * key, uint key_len, enum ha_rkey_function find_flag );
	int				index_next ( byte * buf );
	int				index_next_same ( byte * buf, const byte * key, uint keylen );
	int				index_prev ( byte * buf );
	int				index_first ( byte * buf );
	int				index_last ( byte * buf );

	int				get_rec ( byte * buf, const byte * key, uint keylen );

	int				rnd_init ( bool scan );
	int				rnd_end ();
	int				rnd_next ( byte * buf );
	int				rnd_pos ( byte * buf, byte * pos );
	void			position ( const byte * record );

#if MYSQL_VERSION_ID>=50030
	int				info ( uint );
#else
	void			info ( uint );
#endif

	int				reset();
	int				external_lock ( THD * thd, int lock_type );
	int				delete_all_rows ();
	ha_rows			records_in_range ( uint inx, key_range * min_key, key_range * max_key );

	int				delete_table ( const char * from );
	int				rename_table ( const char * from, const char * to );
	int				create ( const char * name, TABLE * form, HA_CREATE_INFO * create_info );

	THR_LOCK_DATA **		store_lock ( THD * thd, THR_LOCK_DATA ** to, enum thr_lock_type lock_type );

public:
#if MYSQL_VERSION_ID<50610
	virtual const COND *	cond_push ( const COND *cond );
#else
	virtual const Item *		cond_push ( const Item *cond );
#endif	
	virtual void			cond_pop ();

private:
	uint32			m_iFields;
	char **			m_dFields;

	uint32			m_iAttrs;
	CSphSEAttr *	m_dAttrs;
	int				m_bId64;

	int *			m_dUnboundFields;

private:
	int				Connect ( const char * sQueryHost, ushort uPort );
	int				ConnectAPI ( const char * sQueryHost, int iQueryPort );
	int				HandleMysqlError ( struct st_mysql * pConn, int iErrCode );

	uint32			UnpackDword ();
	char *			UnpackString ();
	bool			UnpackSchema ();
	bool			UnpackStats ( CSphSEStats * pStats );
	bool			CheckResponcePtr ( int iLen );

	CSphSEThreadData *	GetTls ();
};


#if MYSQL_VERSION_ID < 50100
bool sphinx_show_status ( THD * thd );
#endif

int sphinx_showfunc_total_found ( THD *, SHOW_VAR *, char * );
int sphinx_showfunc_total ( THD *, SHOW_VAR *, char * );
int sphinx_showfunc_time ( THD *, SHOW_VAR *, char * );
int sphinx_showfunc_word_count ( THD *, SHOW_VAR *, char * );
int sphinx_showfunc_words ( THD *, SHOW_VAR *, char * );

//
// $Id: ha_sphinx.h 3858 2013-05-15 16:51:49Z tomat $
//

如何用 Telnet 测试 SMTP 邮件服务器密码验证的功能

黄忠 系统管理 , 0 Comment

1. 使用 Perl 对用户名和密码进行 base64 编码:

perl -MMIME::Base64 -e 'print encode_base64("username");'
perl -MMIME::Base64 -e 'print encode_base64("password");'

2. 通过 Telnet 连接到邮件服务器:

telnet mailserver.com 25

3. 对话邮件服务器:

EHLO mailserver.com

4. 告诉邮件服务器开始验证用户:

AUTH LOGIN

5. 输入 base64 编码的用户名:

dXNlcm5hbWU=

6. 输入 base64 编码的密码:

cGFzc3dvcmQ=

服务器响应 “Authentication succeeded”.

下面是一个通过 Telnet 进行 SMTP AUTH 密码验证的实例输出:

user@localhost [~]# telnet testsmtpdomain.com 25
Trying 1.1.1.1...
Connected to testsmtpdomain.com.
Escape character is '^]'.
220-mail.testsmtpdomain.com ESMTP service ready
EHLO testsmtpdomain.com
250-mail.testsmtpdomain.com says hello
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250-8BITMIME
250-AUTH CRAM-MD5 PLAIN LOGIN
250-AUTH=CRAM-MD5 PLAIN LOGIN
250-XACK
250-SIZE 0
250-VERP
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
dXNlcm5hbWU=
334 UGFzc3dvcmQ6
cGFzc3dvcmQ=
235 2.7.0 authentication succeeded

脑钱包破解工具实测

黄忠 比特币 , , 88 Comments

引言:
白帽黑客发布比特币脑钱包掠夺者,每秒可猜测13万个密码
http://www.8btc.com/new-cracking-tool

下面是基于上面这则新闻进行的脑钱包密码破解的实战测试。

先给出脑钱包暴力破解代码 brainflayer 下载地址: https://github.com/ryancdotorg/brainflayer

1. 暴力破解脑钱包,首先要有个强大的字典文件。
本测试使用CrackStation的密码字典,本字典文件为15G,包含了差不多15亿个密码。下载地址: https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

2. 安装好比特币服务 https://github.com/bitcoin/bitcoin
如果不知道怎么装,那下面的内容就别试了,看着玩吧。

3. 利用开源的区块链工具 Blockparser 获取所有的比特币地址。
Blockparser 下载地址: https://github.com/znort987/blockparser
运行Blockparser 获取目前所有的比特币地址

./parser allBalances > allBalances.txt

这是一个相当耗内存的操作,建议64G的内存。
由于 allBalances.txt 文件中包含了金额等其他信息,需要用 awk 命令行整理下 allBalances.txt 的内容,我们只需要比特币地址信息。

awk '{ print $2 }' allBalances.txt > btcaddress.hex

4. Brainflayer 破解程序要求输入的比特币地址格式为 Hash160,所以需要把上面获取的所有比特币地址转换为 Hash160 格式。
类似的工具很多,我用的是下面这个 Perl 代码: http://lenschulwitz.com/base58
稍加修改就能转换整个文件了。(后面的评论里有代码)

5. 用Brainflayer 文件包中的工具 hex2blf 把 Hash160 地址转换为布隆过滤文件。
Brainflayer 利用这个布隆过滤器,大大提高了密码破解速度。

hex2blf btcaddress.hex btcaddress.blf

6. 开始破解!

brainflayer -b btcaddress.blf -i password.txt

我还真没想到刚开始运行就输出了几十个破解结果,虽然全部运行完这15G的密码文件需要好几个小时,但是破解效率还是真不错。用CrackStation的密码字典查出了将近2万个比特币地址和相应的脑钱包密码!

7. 来分析下这些被破解的密码: (第一栏是比特币地址Hash160格式,最后一栏是密码)

简单的就不多说了。

6e24b1342852a8e4af3c63206f8b2266ba887ef6:u:str:1234
ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi

那些很长的数字密码都能被破解:

09b508bae503da42f05575891866d0072bcf65f6:u:str:011235813213455
32f6ace81715e0872e6db7ff4a280185205620a3:u:str:12345678901234567890
afe66e0314eb15a5cd01d95b94166ce995c3347d:u:str:000000000000000000000000000000

字母密码看起来15位以内的都没用,破解了太多了。

482bc0946efa74a5a3d005e693b2774e1aeb7dad:u:str:qwertyuiopasdfghjklzxcvbnm
4b1b231e9caa7f95d51ed7c99df68a5add5a1714:u:str:doandroidsdreamofelectricsheep
bf1f119153f6ecedb259f0043f9fbbc88687b22e:u:str:thepastisagrotesqueanimal

再看看有些很长的密码都能破解,有点心惊。

ac8dc3fcfa4e9e91dddfc0c3fe6d7e0021292036:u:str:may the force be with you
8b0a993126c3bf8f4b28c8264b553d6aa39f2956:u:str:Money is the root of all evil.
1622dc9d9e5423d7b84122f9ef7edfa1981d9960:u:str:nothing ventured nothing gained
0c7cdc2d447af8d422dd2b54cab2f274ca88131d:u:str:No one can make you feel inferior without your consent.
8ee2d47121c480c37f9dd0a88bddf2dc21b284da:u:str:The quick brown fox jumped over the lazy dog.
2029758fa9d81f9c36f4be2ab8696ad10fc602f8:u:str:The quick brown fox jumps over the lazy dog
838edc90c250d298fc115bf028164f105e228fb9:u:str:these aren't the droids you're looking for
8c4cfbd55dd01f6c221372eba1e57c7496d7239f:u:str:This is the way the world ends.
31ae15fc484cf5fd34ecd49e1afb51e3f2174a93:u:str:tomb-of-the-unknown-soldier-identification-badge

还有中文名做密码的

7afa3b687e58d3f16feccb8244b90a87a535b85c:u:str:试试看
73b1bebd338fc051dba7282d4f99846fac01df23:u:str:中国上海

8. Brainflayer 输出的地址是 Hash160格式,还是用上面第4步里的工具,转换回普通的比特币地址。
例如: ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi
转换为比特币地址是: 1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49
脑钱包密码是 1satoshi

9. 你们是不是很关心这些地址里还有没有币?
Blockchain.info 上可以查询余额。
也可以通过API查询

https://blockchain.info/q/addressbalance/1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49

我查了好多破解的地址,余额全部为0,应该是这些简单的字典破解的账号,早被人把余额转走了。

10. 最后就是,如果真的某个地址里有余额,那么对应的秘钥是什么?
开源代码 Addressgen 提供了根据脑钱包密码生成比特币地址和秘钥的功能。

https://github.com/sarchar/addressgen

以上面的 ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi 为例,第8步给出了比特币地址是:
1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49,下面通过 Addressgen 来验证。

运行

./genaddress.py -p 1satoshi

输出如下:

ECDSA private key (random number / secret exponent)
51b2156ca4b9d96c9e77938b1197b806a4a2822060da15d79f2f6f8f75655644
Bitcoin private key (Base58Check, uncompressed)
5JSGPQ2Jw1P5cVi2L8LeuWnMF5H8rLGrPPgVM2XE1cahG1BQDzY
Bitcoin extended private key (Base58Check)
xprv9s21ZrQH143K3TEjPXq1CkrNDMfYWYwVNKVWqSPeEthWqd4uJKWSRnM2GX2BYktMDQrGxa2FZrpDdt5Q1qeLk4T46974eh9Eo7iHCfGcY37
(embedded private key) -> L43jHnozmKE5TYNqMwsPgXNcTfRT7TNhzDkTgaKAgYcx99Qm5LhB
------
ECDSA public key (uncompressed)
04a3599acf74fc7b781207860e8753f182fc4b8c5febe6c5f2e09381893abb4e0b290a172aa6a7ba13c5a32de6d10a024d95cf786d72e650889a4a22f29a3b84df
Bitcoin Address (uncompressed, length=34):
1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49
Bitcoin extended public key
xpub661MyMwAqRbcFwKCVZN1Zto6mPW2v1fLjYR7dpoFoEEViRQ3qrpgyafW7nhb8fPtRaX2TJbCXQAfgAhMYGJ9DJeF1UVAMYu3Ucd3BqaeU9R
(embedded public key) -> 032131be64ba3f27e757c2f0f310038a8dfb768ff922448aff2841fa7954472880
(bitcoin address) -> 1Kvdg9jcdcdWGBb77Rovd8jkHjPd4eKB6t

从上面可以看到,比特币地址正是 1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49
而对应的秘钥为 5JSGPQ2Jw1P5cVi2L8LeuWnMF5H8rLGrPPgVM2XE1cahG1BQDzY

总结:
使用脑钱包的密码一定要非常强大,即使是好多个单词都不一定安全。这个测试只用了一台主机几个小时的运算时间,就检验了15亿的密码组合。
如果租个几十台云主机破解一个月,破解的密码组合可以到十万亿以上。大家可以算算自己的密码强度够不够!