September 2015

MySQL: UPDATE query based on SELECT query

update tableA a
left join tableB b on
    a.name_a = b.name_b
set
    validation_check = if(start_dts > end_dts, 'VALID', '')

update tableA a

left join tableB b on

a.name_a = b.name_b

set

validation_check = if(start_dts > end_dts, 'VALID', '')

UPDATE payments p 
    INNER JOIN users u ON
    p.pay_id=u.user_id
SET 
    p.pay_email=u.user_email, 
    p.pay_firstname=u.user_firstname, 
    p.pay_lastname=u.user_lastname, 
    p.pay_date=u.user_date

UPDATE payments p

INNER JOIN users u ON

p.pay_id=u.user_id

SET

p.pay_email=u.user_email,

p.pay_firstname=u.user_firstname,

p.pay_lastname=u.user_lastname,

p.pay_date=u.user_date

Via: stackoverflow.com

Bypass blocked regedit, concatenate cmd commands & quotes in quotation marks

At a customer I had the problem that we had there a logon scrip, but we were given no access to the registry. Well, we had local administrave permissions. At first I tried runas, but we have to save the password – no chance. Not even echo password works. lsrunase seems to solve the problem, but the version that I found, had problems with quotes in quotation marks. At the end I used a simple AutoIt script.

AutoIt Script (runas.exe)

Local $sUserName = "Administrator"
Local $sPassword = "password"

;Run a command prompt as the other user.
if $CmdLine[0] > 0  Then
    RunAs($sUserName, @ComputerName, $sPassword, 0, $CmdLine[1])
endif

Local $sUserName = "Administrator"

Local $sPassword = "password"

;Run a command prompt as the other user.

if $CmdLine[0] > 0 Then

RunAs($sUserName, @ComputerName, $sPassword, 0, $CmdLine[1])

endif

Change reg entry for HKLM

\\server\scripte$\runas.exe "reg add ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\BootAnimation"" /f /v ""DisableStartupSound"" /t REG_DWORD /d ""0"" "

1	\\server\scripte$\runas.exe "reg add ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\BootAnimation"" /f /v ""DisableStartupSound"" /t REG_DWORD /d ""0"" "

Change reg entry for current user (HKCU don’t work because you run as local admin!)

for /f "delims= " %%a in ('"wmic path win32_useraccount where name='%UserName%' get sid"') do (
   if not "%%a"=="SID" (          
      set SID=%%a
      goto :loop_end
   )   
)
:loop_end
echo %sid%

\\server\scripte$\runas.exe "reg add ""HKU\%SID%\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects"" /f /v ""VisualFXSetting"" /t REG_SZ /d ""3"" "

for /f "delims= " %%a in ('"wmic path win32_useraccount where name='%UserName%' get sid"') do (

if not "%%a"=="SID" (

set SID=%%a

goto :loop_end

)

:loop_end

echo %sid%

\\server\scripte$\runas.exe "reg add ""HKU\%SID%\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects"" /f /v ""VisualFXSetting"" /t REG_SZ /d ""3"" "

Reg changes and file copy (also used quotes in quotation marks and concatenate cmd commands)

\\server\scripte$\runas.exe "reg add ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background"" /f /v ""OEMBackground"" /t REG_DWORD /d ""1"" "

\\server\scripte$\runas.exe "cmd /c mkdir C:\Windows\System32\oobe\info\backgrounds&net use \\server\scripte$ /user:contoso.local\admin password&echo d|xcopy ""\\server\scripte$\Wallpaper\backgroundDefault.jpg"" ""C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg"" /Y /R /E /S /C"

\\server\scripte$\runas.exe "reg add ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background"" /f /v ""OEMBackground"" /t REG_DWORD /d ""1"" "

\\server\scripte$\runas.exe "cmd /c mkdir C:\Windows\System32\oobe\info\backgrounds&net use \\server\scripte$ /user:contoso.local\admin password&echo d|xcopy ""\\server\scripte$\Wallpaper\backgroundDefault.jpg"" ""C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg"" /Y /R /E /S /C"

Passwords

Don’ts

Don’t limit what characters users can enter for passwords. Only idiots do this.
Don’t limit the length of a password. If your users want a sentence with supercalifragilisticexpialidocious in it, don’t prevent them from using it.
Never store your user’s password in plain-text.
Never email a password to your user except when they have lost theirs, and you sent a temporary one.
Never, ever log passwords in any manner.
Never hash passwords with SHA1 or MD5 or even SHA256! Modern crackers can exceed 60 and 180 billion hashes/second (respectively).
Don’t mix bcrypt and with the raw output of hash(), either use hex output or base64_encode it. (This applies to any input that may have a rogue \0 in it, which can seriously weaken security.)

Dos

Use scrypt when you can; bcrypt if you cannot.
Use PBKDF2 if you cannot use either bcrypt or scrypt, with SHA2 hashes.
Reset everyone’s passwords when the database is compromised.
Implement a reasonable 8-10 character minimum length, plus require at least 1 upper case letter, 1 lower case letter, a number, and a symbol. This will improve the entropy of the password, in turn making it harder to crack. (See the “What makes a good password?” section for some debate.)

PHP

// Generate or return salted passwords
function crypt2($password, $salt = "") {

    if($salt == "") {
        // A higher "cost" is more secure but consumes more processing power
        $cost = 10;
        
        // Create a random salt
        $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');

        // Prefix information about the hash so PHP knows how to verify it later.
        // "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
        $salt = sprintf("$2a$%02d$", $cost) . $salt;
    }
        
    // Hash the password with the salt
    $hash = crypt($password, $salt);

    return $hash;
    
}

// Generate or return salted passwords

function crypt2($password, $salt = "") {

if($salt == "") {

// A higher "cost" is more secure but consumes more processing power

$cost = 10;

// Create a random salt

$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');

// Prefix information about the hash so PHP knows how to verify it later.

// "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.

$salt = sprintf("$2a$%02d$", $cost) . $salt;

}

// Hash the password with the salt

$hash = crypt($password, $salt);

return $hash;

}

// Save password
$hash = crypt2($user_password); // hash the password with salt
dbquery("UPDATE users SET user_hash='".$hash."' WHERE user_id='1'");

// Save password

$hash = crypt2($user_password); // hash the password with salt

dbquery("UPDATE users SET user_hash='".$hash."' WHERE user_id='1'");

// Login
$sql = "SELECT user_hash FROM users WHERE user_loginname='Admin' LIMIT 1";
[...]
$data = dbarray($result);

if (hash_equals($data['user_hash'], crypt2($user_pass, $data['user_hash']))) {
    // Ok!
}

// Login

$sql = "SELECT user_hash FROM users WHERE user_loginname='Admin' LIMIT 1";

[...]

$data = dbarray($result);

if (hash_equals($data['user_hash'], crypt2($user_pass, $data['user_hash']))) {

// Ok!

}

Via: stackoverflow.com, alias.io