MySQL Server and MySQL WorkBench installation

Use- MySQL server setup

Solution :

Downlaod the commmunity server and workbench from below URL:

1)      Install MySQL Community Server - zip file
2)      Install MySQL workbench. - You can install the workbench using a zip file or an msi installer (recommended)
1. Installation of MySQL community Server
  1. Extarct the Zip file
  2. Navigate to the Bin folder of MySQL and Type cmd in explorer
  3. key in c:\\bin\mysqld --initialize --console and it will generate the temporary password and make a note of it.
  4. Start the Server : c:\\bin\mysqld  --console  and make a note of port number i.e 3306 (deafult port)
  5.  Install workBench and Open the database connection to connect the server , key in some name for connection, port number , password to connect.
  6. Once it's connect to server, ask for password change.
  7. That's it!.
Reference :

Start the "Server"

The MySQL is a client-server system. The database is run as a server application. Users access the database server via a client program, locally or remotely thru the network, as illustrated:
image
  1. The server program is called "mysqld" (with a suffix 'd', which stands for daemon - a daemon is a non-interactive process running in the background).
  2. The client program is called "mysql" (without the 'd').
The programs mysqld and mysql are kept in the "bin" sub-directory of the MySQL installed directory.

Start a "Client"


For Windows
Start Another NEW CMD shell to run the client (You need to keep the CMD that run the server):
-- Change the current directory to MySQL's binary directory.
-- Assume that the MySQL is installed in "c:\myWebProject\mysql".
c:
cd \myWebProject\mysql\bin
   
-- Start a client as superuser "root" (-u), and prompt for password (-p)
mysql -u root -p
Enter password:   // Enter the root's password set during installation.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 8.0.xx
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>
-- Client started. The prompt changes to "mysql>".
-- You can now issue SQL commands such as SELECT, INSERT and DELETE.

Startup Server
For Windows
To start the database server, launch a new CMD shell:
-- Change the current directory to MySQL's binary directory
-- Assume that the MySQL installed directory is "c:\myWebProject\mysql"
c:
cd \myWebProject\mysql\bin
 
-- Start the MySQL Database Server
mysqld --console
......
......
XXXXXX XX:XX:XX [Note] mysqld: ready for connections.
Version: '8.0.xx'  socket: ''  port: 3306  MySQL Community Server (GPL)
Note: The --console option directs the output messages to the console. Without this option, you will see a blank screen.
Shutdown Server
For Windows
The quickest way to shut down the database server is to press Ctrl-C to initiate a normal shutdown. DO NOT KILL the server via the window's CLOSE button.
Observe these messages from the MySQL server console:
XXXXXX XX:XX:XX [Note] mysqld: Normal shutdown
......
XXXXXX XX:XX:XX  InnoDB: Starting shutdown...
XXXXXX XX:XX:XX  InnoDB: Shutdown completed; log sequence number 0 44233
......
XXXXXX XX:XX:XX [Note] mysqld: Shutdown complete
(You may need to press ENTER to get the command prompt?!)

Changing the Password for "root"
Let's continue with our client session started earlier.
-- Change password for 'root'@'localhost'. Replace xxxx with your chosen password
-- (For macOS, there is no need to change the password, but there is no harm trying it out)
-- (For my students: use xxxx as the password. Otherwise, you will ask me what is your password next week.)
-- Take note that strings are to be enclosed by a pair of single-quotes in MySQL.
mysql> alter user 'root'@'localhost' identified by 'xxxx';
Query OK, 0 rows affected (0.00 sec)
 
-- logout and terminate the client program
mysql> quit
Bye
Re-Start a Client as "root" with the New Password
We have just changed the password for root and exited the client. Start a client and login as root again. Enter the password when prompted.
For Windows
-- Change directory to MySQL's binary directory
c:
cd \myWebProject\mysql\bin
-- Start a MySQL client
mysql -u root -p
Enter password:   // Enter the NEW password
Welcome to the MySQL monitor.
......  
mysql>
-- client started, ready to issue SQL command

Summary of Frequently-Used Commands

(For Windows) Starting MySQL Server and Client
-- Start the Server
cd path-to-mysql-bin
mysqld --console
 
-- Shutdown the Server
Ctrl-c
 
-- Start a Client
cd path-to-mysql-bin
mysql -u username -p
(For Mac OS X) Starting MySQL Server and Client
-- Start/shutdown the Server: 
-- Use Graphical Control
 
-- Start a Client
cd /usr/local/mysql/bin
./mysql -u username -p
Frequently-used MySQL Commands
MySQL commands are NOT case sensitive.
-- General
;           -- Sends command to server for processing (or \g)
\c          -- Cancels (aborts) the current command
 
-- Database-level
DROP DATABASE databaseName;                 -- Deletes the database
DROP DATABASE IF EXISTS databaseName;       -- Deletes only if it exists
CREATE DATABASE databaseName;               -- Creates a new database
CREATE DATABASE IF NOT EXISTS databaseName; -- Creates only if it does not exists
SHOW DATABASES;                             -- Shows all databases in this server
   
-- Set default database.
-- Otherwise you need to use the fully-qualified name, in the form 
--   of "databaseName.tableName", to refer to a table.
USE databaseName
   
-- Table-level
DROP TABLE tableName;
DROP TABLE IF EXISTS tableName;
CREATE TABLE tableName (column1Definition, column2Definition, ...);
CREATE TABLE IF NOT EXISTS tableName (column1Definition, column2Definition, ...);
SHOW TABLES;              -- Shows all the tables in the default database
DESCRIBE tableName;       -- Describes the columns for the table
DESC tableName;           -- Same as above
   
-- Record-level (CURD - create, update, read, delete)
INSERT INTO tableName VALUES (column1Value, column2Value,...);
INSERT INTO tableName (column1Name, ..., columnNName) 
   VALUES (column1Value, ..., columnNValue);
DELETE FROM tableName WHERE criteria;
UPDATE tableName SET columnName = expression WHERE criteria;
SELECT column1Name, column2Name, ... FROM tableName 
   WHERE criteria
   ORDER BY columnAName ASC|DESC, columnBName ASC|DESC, ...;
  
-- Running a script of MySQL statements
SOURCE full-Path-Filename

Reference URL:

187 comments:

Hardening and Securing Checklist For AEM forms on OSGi environment

No comments:

AEM 6.4 FORMS ADD ON PACKAGE INSTALLATION

Use case : Integration of AEM with AEM FORMS OSGI

 AEM version : AEM 6.4
Solution :
AEM Forms add-on package provides advanced features such as integration with Adobe Analytics, Adobe esign, document services, workflow engine, and many more.

1.       Download Latest AEM-Service pack 6.4.4.0  from Adobe package share and install on the instance.
2.       Download AEM-forms-6.2-win package from package share and install

Note: 
Do not restart the AEM server immediately post AEM forms add-on package installation,Before restart make sure all bundles are in active state in System/console/bundle


For reference AEM Form site , install the below latest package

  1.    Downlaod AEM-FROMS-GOV-REFS package and install 
  2. That's It!.
  3. Create Template using Adaptive Forms through - Tools-->Template-->create-->adapative Form Template-->key in the nam of template--->Create
  4.       Open the Created template to define the template structure and initial content 
  5.       Enable the create Template to make this template for Form authoring
  6.       Go to Navigation Panel --> Forms and document --> create --> select the already template in above point # 3 and create.
  7.       Open page in edit mode and add the form elements
  8.       That's it.


 Point to be Noted for the AEM Forms Add on Package installation:
  • Always install the latest available Service Pack/Feature Pack add-on. It is highly recommended as it includes security, performance, stability, and key customer fixes and enhancements released since the general availability of the base version. 
  • Whenever you install a Service Pack or upgrade from a previous version of AEM to a newer version, always install the corresponding AEM Forms add-on package. For example, if you upgrade from AEM 6.1 Forms add-on package version 2.2.4 to AEM 6.1 Service Pack 1, after installing AEM 6.1 Service Pack 1, install AEM forms add-on package version 2.4.50.
  • Uninstallation of the AEM Forms add-on package is not supported.


Reference URL:

   

2 comments:

XSS scan testing for any website



Use-case :

How to perform online - Website Vulnerability Scanner Report
Solution :
  1. Go to this URL: https://pentest-tools.com/home
  2. Input the website URL https://www.test.com/ under the  tools-->webapplication scanning--> XSS scan
  3. Click on scan , it will generate the report and it will have various scanning parameters.

This tool focus on below Areas :

Summary

Overall risk level:
Info
Risk ratings:
High:
0
Medium:
0
Low:
0
Info:
2
Scan information:
Start time:2019-04-01 04:07:56
Finish time:2019-04-01 04:09:30
Scan duration:1 min, 34 sec
Tests performed:2/2
Scan status:Finished

Findings

 Light spider results: 0 dynamic URLs of total 24 URLs crawled

 No Cross-Site Scripting vulnerabilities found.


Scan coverage information

List of tests performed (2/2)
  •  Spidering target
  •  Scanning for XSS vulnerabilities
No comments:

BitBucket and SourceTree - CICD tools

Use case- Sourcetree tool for GIT GUI

Solution : Use the Sourcetree GUI tool for GIT/Mercurial for local and remote repo management

Step 1: Create a Git repository

Step 2: Copy your repository and add files

Step 3: Pull changes from your repository

Step 4: Use Sourcetree branches to merge an update


https://www.sourcetreeapp.com/?utm_source=internal&utm_medium=link&utm_campaign=clone_repo_win


2 comments:

Online Security Scan tool for any website



Use-case :

How to perform online - Website Vulnerability Scanner Report
Solution :
  1. Go to this URL: https://pentest-tools.com/home
  2. Input the website URL https://www.test.com/ under the  webserver scan tab
  3. Click on scan , it will generate the report and it will have various scanning parameters.

This tool focus on below Areas :
Testing areasLight scanFull scan
Website fingerprinting
Version-based vulnerability detection
Common configuration issues
SQL injection
Cross-Site Scripting
Remote command execution
Discover sensitive files


Summary of sample scan report

Overall risk level:
Medium
Risk ratings:
High:
0
Medium:
1
Low:
3
Info:
6
Scan information:
Start time:2019-03-29 08:03:21
Finish time:2019-03-29 08:03:28
Scan duration:7 sec
Tests performed:10/10
Scan status:Finished







Scan coverage information

List of tests performed (10/10)
  1.         Fingerprinting the server software and technology...
  2.  Checking for vulnerabilities of server-side software...
  3.  Analyzing the security of HTTP cookies...
  4.  Analyzing HTTP security headers...
  5.  Checking for secure communication...
  6.  Checking robots.txt file...
  7.  Checking client access policies...
  8.  Checking for directory listing (quick scan)...
  9.  Checking for password auto-complete (quick scan)...
  10.  Checking for clear-text submission of passwords (quick scan)...
  11.        Server software and technology found
Software / VersionCategory
 ApacheWeb Servers
 Adobe Experience ManagerCMS
 ZURB FoundationWeb Frameworks
 Google MapsMaps
 Google Tag ManagerTag Managers
 jQueryJavaScript Frameworks

Insecure HTTP cookies

Cookie NameFlags missing
AWSELBSecure, HttpOnly
  Details
Risk description:
Since the Secure flag is not set on the cookie, the browser will send it over an unencrypted channel (plain HTTP) if such a request is made. Thus, the risk exists that an attacker will intercept the clear-text communication between the browser and the server and he will steal the cookie of the user. If this is a session cookie, the attacker could gain unauthorized access to the victim's web session.

Lack of the HttpOnly flag permits the browser to access the cookie from client-side scripts (ex. JavaScript, VBScript, etc). This can be exploited by an attacker in conjuction with a Cross-Site Scripting (XSS) attack in order to steal the affected cookie. If this is a session cookie, the attacker could gain unauthorized access to the victim's web session. 

Recommendation:
We recommend reconfiguring the web server in order to set the flag(s) SecureHttpOnly to all sensitive cookies. 

More information about this issue:
https://blog.dareboost.com/en/2016/12/secure-cookies-secure-httponly-flags/.
4. That's all!

4 comments:

How to find the technology stack used by for any website

Usecase :

How to Identify the unknown site Tools and Technology stack used.

 Solution :
  1. Go to this URL: https://pentest-tools.com/home
  2. Input the website URL https://www.test.com/ under the  webserver scan tab
  3. On the report look for - server software and Technology found section 
Example for one of the site analysed:

Server software and technology found

Software / VersionCategory
 ApacheWeb Servers
 Adobe Experience ManagerCMS
 ZURB FoundationWeb Frameworks
 Google MapsMaps
 Google Tag ManagerTag Managers
 jQueryJavaScript Frameworks
4. That's all!

No comments:
Subscribe to: Posts (Atom)