SHOW SLAVE STATUS log files & positions explained

 SHOW SLAVE STATUS

True, GTID is upon us whether via MySQL 5.6 or Tungsten Replicator (and wasn't it in Google Patches since 2009?).
But some of us are still using standard replication with MySQL 5.5, and the "what's with all these binary log files and positions" question is ever erupting. The output of SHOW SLAVE STATUS confuses people new to it. It confuses me time and again.
So here's the semi visual guide to interpreting the SHOW SLAVE STATUS.

About binary logs and relay logs

A master writes binary logs. These are typically and conventionally called mysql-bin.##### or mysqld-bin.##### (replace ##### with digits).
A slave connects to its master, and reads entries from the master's binary logs. The slave writes those entries into its own relay logs. These are typically and conventionally called mysql-relay.##### or mysqld-relay.##### (replace ##### with digits).
There is nothing at all that connects the name or number of a slave's relay log with the master's binary log. There is nothing at all that connects the position within the relay log with the position within the master binary log. Files are flushed/rotated; have different size configuration; are re-created. However the slave does keep track on the current relay-log entry: it knows what's the matching entry on the master's binary logs. This is an important piece of information.
While the slave fetches entries and writes them into the relay log (via the IO_THREAD), it also reads the relay log to replay those entries (via the SQL_THREAD).
And so at each point in time we are interested in the following "coordinates":

• What are we fetching from the master? Which file are we fetching and from which position?
• Where are we writing this to? (This is implicitly the latest relay log file and its size)
• What's the position of currently executing slave query, in relay-log coordinates? As the slave lags these coordinates are farther (smaller) than the written-to position.
• What's the position of currently executing slave query, in master binary-log coordinates? This information really tells us how far apart we are from the master.

How do we interpret the above from SHOW SLAVE STATUS output? Take the following two images as guidelines. The first presents an up-to-date slave, the second presents a lagging slave.

 ---------------------------------------------------------------------------------------------------------------

 Hopefully that all I got for now.
Nice day.

Windows XP Registry hack enables continued updates

 How to do it

To apply the hack, create a text file with a .reg extension and the contents below:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001


Run it by double-clicking in Windows Explorer. After this is done, if you run Windows Update, it will find several updates, as illustrated in this screen capture:

The screen capture is from our own tests, which appear to work. Notice that two of the displayed updates are for WEPOS (Windows Embedded Point of Service) and Windows POSReady 2009. The others are for Windows Server 2003, which runs the same kernel and many other components as Windows XP.
This specific hack works only on 32-bit systems, but a 64-bit workaround is available at this page, which may have been Williams's source for the 32-bit hack.

[UPDATE:] Late Monday we received a statement from a Microsoft spokesperson:
We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers. The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP. The best way for Windows XP customers to protect their systems is to upgrade to a more modern operating system, like Windows 7 or Windows 8.1.

injecting-spyware-exe-code-injections

NB: THIS INFORMATION WAS SOURCED FROM ANOTHER SITE

HOW IT WORKS 

Implanting malicious code in the form of spyware to an existing running process is one of the more sophisticated tasks. Before the advent of disassembler or patching tools, the malevolent code is usually invoked from the hard-core programming code, which is a very exhaustive process in itself, because we had gone through with programming code written especially in C or VC++. This paper demonstrates exclusively the invoking of a covert code along with the foremost executable by using OllyDbg and IDA Pro disassemblers. Such covert malicious code is triggered without the having the assent of the user; more precisely, the moment when the specific methods are executed from the leading EXE, the spyware becomes automatically activated surreptitiously.

ESSENTIAL

The subsequent operation requires an exhaustive understanding of Hexadecimal Code and Assembly Programming. This operation lists the following tools of the trade as:

• The victim binary. 
• Spyware Executable.
• Ollydbg.
• IDA Pro Interactive Dissembler.

The Target Binary (Victim)

We shall deploy the spyware in a simple Game Registration executable to showcase the code injections mechanism. The Game Registration typically requires serial keys to validate the authentic copy of this product and register or enable the full version as shown below.

                                                                      Figure 1.1: Target GUI
This EXE is chosen to be a victim infected with a covert spyware. It doesn’t matter what is the actual name and serial keys of that program. We are in fact not provided with such sensitive information. The key matter of interest for the reverse engineer is the subsequent Error box which typically appears when a serial key is not validated.

                                                              Figure 1.2: Error Message in Target


This Error message box would become the entry point of the malicious covert code. The moment when the user is confronted with the aforesaid Error message box, the spyware becomes executed. That is what we are trying to achieve in this paper.

 Spyware Code

The following spyware program typically shows the machine name and IP address of the computer where it runs and sends back such critical information to the hacker server. We don’t need to go into details of the spyware code. It could be any EXE program which injects into a binary. After compiling that code, it will look like as the following figure. It is showing a fake value of the computer name and IP address because crucial values are not disclosed due to a security point view. 

                                                    Figure 1.3: The Spyware GUI

 Victim Binary Analysis

One question might bother you: why do we need IDA Pro, while we can perform code injection using OllyDbg itself? IDA Pro assists you to identify the entry point instruction code of the jump statement from where the message box assembly instruction starts to execute. As we have described earlier, the prime matter of interest is to get the details about the message box activation code. Here, we can easily identify the first message box occurrence after the 0040115E offset. Well, this code manipulates a couple of other message boxes indeed. But we have to recognize the very first message box.

                             Figure 1.4: Message Box invoking instruction in Target
So, we will search at 0040115E offset in the OllyDbg to find the message box assembly code in order to modify it to suit our need. We can duly confirm the message box occurrence by placing a breakpoint at 0040115E in IDA Pro and start debugging. If we entered a short name, then the graph view of the assembly code clearly indicates the execution flow toward the message box code as follows:

                                               Figure 1.5: Target Execution Flow

Spyware Injection

Now, it’s show time. Open the victim.exe binary in the OllyDbg to inject the spyware code. Here, the $ sign at offset 004015ED indicates the entry point of the executable as follows:

                                         Figure 1.6: Target Entry Point in OllyDbg
Every executable has some empty space referred to as Code Caves where we can place or inject any external binary code. So, if you scroll down a little bit, you will easily identify the blank area named as DB 00 or NOP in the assembly code. 
NOTE: Some time assembly code hides the form of DB 00 instructions code caves. So press CTRL+A to unhide them.

                                  Figure 1.7: Empty Regions (Code caves) in Target
As from the aforesaid figure 1.7, the DB 00 instruction starts from the 00405188 offset. So, we shall place our external spyware code in these code caves. Select a couple code caves instructions and right click, choose Binary and then edit as follows: 

                                            Figure 1.8: Binary Editing in Target
NOTE: place both victim.exe and spyware.exe into single directory folder
Now, label the spyware program executable as spyware.exe in the ASCII box, as we have selected code caves from 0040518A, which means start editing from this instruction. Its corresponding hex code is automatically generated and placed at the 0040518A offset. 

                                        Figure 1.9: Placing Spyware Name in Target
NOTE: Assembly is strict Case-Sensitive language. So be cautious while entering the names in ASCII box.
After pressing the OK button in figure 1.9, some raw uncomprehend-able code is generated at offset 0040518A in the RED COLOR as follows:

                                             Figure 1.10: Injected Spyware code in Target
Don’t worry, just analyze the code by pressing CTRL+ A now, and this time, we get the original entered code which virtually shows the spyware victim.exe name as follows: 

                                                      Figure 1.11: Analysis in Target
Now, we have to write the spyware offset address value into memory. However, move forward just one step and at offset 00405195, press space bar button. Here, we found assemble code box. Just enter PUSH 1 here and click on the Assemble button. 

                                            Figure 1.12: Injecting PUSH instruction Target
Again come to the 00405197 offset and press the space bar; here enter the PUSH 40518A code which pushes the spyware EXE instruction into memory. 

                                           Figure 1.13: Injecting Spyware name in PUSH
Here, notice that we are giving the reference of spyware.exe located at offset 0040518A to 00405198 as follows: 

                                           Figure 1.14: Giving Spyware name in PUSH
Our spyware program is having an *.exe format. So we have to instruct the Assembly code by calling the CALL WinExec instruction: we are injecting an external executable which has of course .exe extension. 

                                             Figure 1.15: Calling Exe in Assembly Language
After finishing with arbitrary code injection related to spyware, the modified assembly looks like the following: 

                                                  Figure 1.16: Injected Assembly Code

 Now we have to connect that new injected code with a message box occurrence instruction, otherwise it won’t be executed. As referenced in figure 1.4, press CTRL +G and enter the 0040115E offset.

                                            Figure 1.17: Jump to 0040115E via Expression
 This action directly lets us reach the entry point of the first message box as follows. Here, we have to perform some significant modifications.

                                                          Figure 1.18: Message Box code entry point
Now, select the 0040115E offset and press space bar, then copy the JNB 00401189 instruction into the clipboard as follows: 

                                                                   Figure 1.19: Copy the code
Thereafter, come back to inject code by pressing the “-”(minus) button, there select offset 004051A1 to assemble new code and press the space button and paste the JNB 00401189 instruction. We shall discuss shortly what we are doing. 

                                                           Figure 1.20: Paste instruction

 Ok, now copy the offset address 00405196 in the clipboard from the First PUSH 1 in the new injected code.

                                                      Figure 1.21: Copy offsets
 Again go to offset 0040115E where the message box code is located, select the instruction set at 0040115E, and press the space bar. Finally, replace the existing code with new. Assemble the JNB 00405196 instruction here.

                                                       Figure 1.22: Assemble instruction


So, what are we actually doing here? First we are giving the reference of the PUSH 1 instruction offset (00405196) to the jump instruction located at offset 0040115E. Secondly, pasting the JNB 00401189 instruction to the 004051A1 offset as follows:

                                               Figure 1.23: Graph diagram of offsets jumping 
Basically, the aforesaid figure indicates that after entering the user name and serial key in the victim.exe, first the error message box would display and then our spyware program would activate.
We have finished with the code injections tactics. Now make changes permanent and write the modified bytes into memory by right clicking on the ASM code and select the Copy to Executable option, where we choose All Modifications as follows:

                                                          Figure 1.24: Saving changes
Now, select the Copy all option in the forthcoming dialog box, which produces a separate dialog box as follows, where the final assemble code collectively resides. 

                                                          Figure 1.25: New Assemble code
Finally, close the dialog box in figure 1.25. The moment you close the dialog box, the Save as dialog box appears and it asks to get new name to the patched EXE file. We shall provide victim_Patched.exe as follows:

 

                                                             Figure 1.26: Save As binary

Now, run the victim_Patched.exe and enter any fake values as a user name and serial key. It is obvious that such entered credentials are invalidated and an Error message would display. 

                                                      Figure 1.27: Testing
The moment the Error message appears about invalid credentials and we move forward by clicking the OK button, the spyware program is automatically activated and shows the machine name and IP address on which it is running and later sends this information back to a remote server. 

                                             Figure 1.28: Spyware program

Final Note

This article presents a step by step tutorial of injecting a malicious spyware program into any executable by using IDA Pro and OllyDbg. The IDA Pro was basically employed in order to identify the entry point message box occurrence and OllyDbg implanted the existing EXE. Basically, this tutorial demonstrates how to place an EXE into another EXE. The idea behind code injection is to identify the occurrence of an entry point which is referred to as a triggering point to an injected EXE, and later modify the JUMP statements in order to divert the execution toward the injected code.
And I guess that should be all for today, stick around and learn more.
Good day!

All of our sites

NEW SITES UP & RUNNING

We are expanding !

Check out our new Blog & 101Xpoints the Blog mainly has an indepth analysis of Xploits.

While 101Xpoints offers an IP Spying engine which I made as a result of High demand of the IP spy services.

All of our sites :-

https://www.facebook.com/XtremeXploits
http://xtreme-xploits.blogspot.com/p/welcom.html
http://101xpoints.comyr.com/
http://xtreme-server.site40.net/




Please make sure you like us also on Facebok.

Develope a Facebook app in 20 minutes !

How to do IT.

Go to Facebook.com/developers/createapp.php.
Type in your ideal app name, accept the terms. Pass the kaptcha. You are not just a robot!

Create paths

On the developer page, select “Facebook Integration”.

Create:
Canvas page: The application’s location on Facebook
Canvas url: The applicaiton’s location on your server

Get keys

Facebook will display the application page, and when you select “facebook integration” again you will see the following keys. Keep this page open in a browser while we go to your local web directory and edit files there.

Create url

Above, when you created “Canvas URL” you should have entered a real directory on your server. We will now edit the index.php page, in that directory.
Add App ID to the index page, near the top, as a constant:

<?php define('FACEBOOK_APP_ID', '[your app id]'); ?>

We are constructing a url that will call Facebook’s authentication service. Include: our app ID, permissions, and the next landing page, or, the “redirect_uri”, in the querystring.

$redir_uri= FACEBOOK_URL."getPopularity.php";
$perms = "publish_stream";

$url = "https://graph.facebook.com/oauth/authorize?
         client_id=".FACEBOOK_APP_ID."&
         scope=".$perms."&redirect_uri=".$redir_uri;

Start the authentication with a redirect

Now, use the URL you created. It will first contact Facebook Oauth2, confirm that your app is official, get permissions from the user, then continue to your local app page. Include this html in the index.php page to start the redirect to Facebook.

<html>
<script>
 top.location.href = "<?=$url?>";
</script>
</html>

Asking Permission

This is what the user sees, accessing index.php:

Coding the app

Now that the user has authenticated us, open up the redir_uri page – getPopularity.php- and start coding.
Include the PHP SDK library, instantiate the $facebook object, and make your first call to the Facebook Open Graph.

<?php
include("/var/www/my_app/libraries/facebook.php");
define('FACEBOOK_APP_ID', '[your app id]');
define('FACEBOOK_SECRET', '[your secret]');

$facebook = new Facebook(array('appId' =>FACEBOOK_APP_ID,
               'secret'=>FACEBOOK_SECRET, 'cookie' =>true, ));

try{
  $me = $facebook->api('/me/');
  echo "My Facebook UID is: ".$me["id"];
} catch(FacebookAPIException $e){
  echo "Error using graph: $e<br>";
}
?>

More interesting calls…

Let’s use the graph to get some social info:

// make the content a bit dynamic
$adjArray = array('so many','quite a lot of','lots of','tons of',
              'a helluva lot of', 'many many many', 'an insane amount of',
              'beaucoup de', 'quite a grand amount of', 'a huge load of');
$i = rand(0,count($adjArray)-1);
$adj = $adjArray[$i];

try{
 $friends = $facebook->api('/me/friends');
 echo "You have ".count($friends["data"])." friends. Awesome.
                That's ".$adj." friends!";
} catch (FacebookAPIException $e){
 echo "Sadly, I'm unable to see your friends: $e";
}

Sharing

To share the information- include the following in the HTML portion of the page. Add a button click with “onClick=publish()”. This is the Javascript SDK, GUI element, which I like, from a user expeirence perspective, better than using the PHP server-side version.

<script type="text/javascript">
function publish(){

 var url = 'http://mysite';
 var media = [];
 var imgSrc = 'http://static.howstuffworks.com/gif/cannes-crowds.jpg';

 media.push({'type':'image', 'src':imgSrc, 'href':url});

 var name = "I am Super Popular";

 var description = 'I have <?=count($friends["data"])?> friends.';

 var actionLinks = [{ 'text': 'Popularity', 'href': '<?=FACEBOOK_URL?>' }];

 var attach= {'name':name, 'description':description,'href':url, 'media':media,'properties':''};
 FB.ui({
    'method': 'stream.publish',
    'attachment': attach,
 'action_links': actionLinks }, function(response) {
   }
 );
}
</script>

<a onclick="publish()">Publish</a>

<script src="http://connect.facebook.net/en_US/all.js" type="text/javascript" charset="utf-8"></script>
<div id="fb-root"></div>
<script type="text/javascript" charset="utf-8">
FB.init({
    appId: '<?= FACEBOOK_APP_ID ?>',
    status: true,
    cookie: true,
    xfbml: true
});

 $(window).load(function() {
  FB.Canvas.setSize();
 });
</script>
</body>
</html>

• Facebook Open Graph API Overview, and Reference
• PHP SDK

Dual boot linux Mint with Windows 8:

Dual boot linux Mint with Windows 8:

Before we proceed to see the procedure to dual boot Linux Mint 16 with Windows, let me give you some details. First, I had Windows 7 installed with 3 partitions on it. Later I installed Linux on it in dual boot mode. I changed the partition and kept around 100 GB of total 320 GB for Linux installation. In the course of time, I upgraded to Windows 8 and subsequently to Windows 8.1. I never had to face the problem of Windows 8′s secure boot thingy. It is just to clarify that this process does not show you how to deal with UEFI.

If your computer came with Windows 8 pre-installed, the process to install Linux in dual boot is slightly different. For Windows 8 pre-installed system with UEFI, follow this tutorial which is written to dual boot Ubuntu with Windows 8 UEFI. Though written for Ubuntu, it is applicable for Linux Mint as well.

Install Linux Mint 17 & 16 in dual boot with Windows 8:

Follow the steps below to install Linux Mint in dual boot with Windows:

Step 1: Create a live USB or disk

Download and create a live USB or DVD. If you are using Windows, you can use a live usb creator tool. In Ubuntu, you can use Startup Disk Creator (if it works). If you need more hints, here is a screenshot tutorial on how to create a live USB for Linux.

Step 2: Boot in to live USB

Plug the live USB or disk in to the computer and restart the computer. While booting the computer press F10 or F12 function key (defers from computer to computer) to go to the boot menu. Now, choose the option to boot from USB or Removable Media.

Step 3: Start the installation

It takes some time to boot from the live USB or disk. Have some patience. Once it boots in to live disk, you’ll be provided to Try Linux Mint or Install Linux Mint. Even if you choose to try it, you can find the install option on the desktop:

In next few screens, you’ll be asked to choose the language of the operating system. It will then do some checks on available space, battery and Internet connection.

Step 4: Prepare the partition

This is the most important part of the whole installation. Where to install Linux Mint? As mentioned before, I prefer separate partitions for Windows and Linux. Windows is already installed here, we’ll prepare a new partition for Linux Mint. In the Installation Type window, choose Something Else:

Now, I have 3 NTFS and some ext4 partitions. If you don’t have ext4 partition, don’t worry, we don’t need that. As you can see in the picture below, one of the NTFS partition consists of Windows installation. This should be untouched if you want to keep your Windows installation safe.

I hope you have more than one NTFS (or FAT 32) partitions (i.e. Drives in Windows term) on your hard disk, with one of them consisting of Windows installation (usually C drive). What you need to do here is to delete a NTFS or existing ext4 partition and create some free space. This will delete all the data in that partition and this is why I asked you to verify if you have Windows installed in a different partition.

Click on the desired partition and press the - to delete the partition.

Step 5: Create root, swap and home

Once you created free space on your hard drive, its time to install Linux Mint on it. Now, there are several ways to do it. But here, I’ll show you my favorite way and that is to have a Root, a Swap and a Home.

Create a root partition first. Choose the free space available and click on +.

Here, choose the size of root (10 GB is enough but I chose to have 20 here), choose ext4 file system, and mount point as / (i.e. root):

Now, next is to create swap partition. It is advised by many that Swap should be double of your RAM. You can choose the swap size accordingly.

The next step is to create Home. Try to allocate the maximum size to Home because this is where you’ll be downloading and keeping the files.

Once you have created Root, Swap and Home partitions, click on Install Now button.

Step 6: Follow the trivial instructions

Technically, you have crossed the main hurdle if you react till this point successfully. Now you will be taken through a number of screens to select options like keyboard layout, login credentials etc. You don’t need to be a genius to figure out what to do here afterwards. I have attached screenshots for reference purpose here.

Once the installation is over, you will be presented with the option to keep trying live version or to restart the system.

And that would be it. On next boot, you will see the option of Linux Mint on the grub screen. And thus you can enjoy the beautiful and beginner friendly Linux distribution. I hope you found this guide to Linux Mint 16 dual boot with Windows helpful. If you have questions, suggestions or a word of thanks, feel free to drop a comment. Stay tuned for more.