手工恢复OSSIM数据库密码

1,现象

今天需要远程连接ossim的mysql数据库读取些东西,于是登录ossim的终端,发现这个mysql客户端无法直接登录,使用自己安装时候那些口令都不行

alienvault:~# mysql -uroot -p

Enter password:

ERROR 1045 (28000): Access denied for user ‘root‘@‘localhost‘ (using password: YES)

alienvault:~# mysql -uroot -p

Enter password:

ERROR 1045 (28000): Access denied for user ‘root‘@‘localhost‘ (using password: NO)

?
?

2,后来查资料说ossim-db命令可以直接登录,果然!!

alienvault:~# ossim-db

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 40993

Server version: 5.6.23-72.1 Percona Server (GPL), Release 72.1, Revision 0503478

?
?

Copyright (c) 2009-2015 Percona LLC and/or its affiliates

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

?
?

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

?
?

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.

?
?

mysql>

3,修改密码

mysql> update user set password=password("123456") where user="root";

ERROR 1146 (42S02): Table ‘alienvault.user‘ doesn‘t exist

mysql> show tables

-> ;

+--------------------------------------+

| Tables_in_alienvault |

+--------------------------------------+

| acl_assets |

| acl_entities |

| acl_entities_assets |

| acl_entities_stats |

| acl_entities_users |

| acl_login_sensors |

| acl_perm |

| acl_sensors |

| acl_templates |

| acl_templates_perms |

| action |

| action_email |

| action_exec |

| action_risk |

| action_type |

| alarm |

| alarm_categories |

| alarm_ctxs |

| alarm_groups |

| alarm_hosts |

| alarm_kingdoms |

| alarm_nets |

| alarm_taxonomy |

| asset_filter_types |

| asset_filters |

| backlog |

| backlog_event |

| bp_asset_member |

| bp_member_status |

| category |

| category_changes |

| classification |

| component_tags |

| config |

| control_panel |

| corr_engine_contexts |

| credential_type |

| credentials |

| custom_report_profiles |

| custom_report_scheduler |

| custom_report_types |

| dashboard_custom_type |

| dashboard_tab_config |

| dashboard_tab_options |

| dashboard_widget_config |

| databases |

| device_types |

| event |

| extra_data |

| host |

| host_agentless |

| host_agentless_entries |

| host_group |

| host_group_history |

| host_group_reference |

| host_group_scan |

| host_ip |

| host_mac_vendors |

| host_net_reference |

| host_plugin_sid |

| host_properties |

| host_property_reference |

| host_qualification |

| host_scan |

| host_sensor_reference |

| host_services |

| host_software |

| host_source_reference |

| host_types |

| host_vulnerability |

| idm_data |

| incident |

| incident_alarm |

| incident_anomaly |

| incident_custom |

| incident_custom_types |

| incident_event |

| incident_file |

| incident_metric |

| incident_subscrip |

| incident_tag |

| incident_tag_descr |

| incident_tag_descr_seq |

| incident_ticket |

| incident_ticket_seq |

| incident_type |

| incident_vulns |

| incident_vulns_seq |

| location_sensor_reference |

| locations |

| log_action |

| log_config |

| map |

| map_element |

| map_element_seq |

| map_seq |

| net |

| net_cidrs |

| net_group |

| net_group_reference |

| net_group_scan |

| net_qualification |

| net_scan |

| net_sensor_reference |

| net_vulnerability |

| notes |

| pass_history |

| plugin |

| plugin_group |

| plugin_group_descr |

| plugin_reference |

| plugin_scheduler |

| plugin_scheduler_host_reference |

| plugin_scheduler_hostgroup_reference |

| plugin_scheduler_net_reference |

| plugin_scheduler_netgroup_reference |

| plugin_scheduler_sensor_reference |

| plugin_scheduler_seq |

| plugin_sid |

| plugin_sid_changes |

| plugin_sid_orig |

| policy |

| policy_actions |

| policy_extra_data_reference |

| policy_forward_reference |

| policy_group |

| policy_host_group_reference |

| policy_host_reference |

| policy_idm_reference |

| policy_net_group_reference |

| policy_net_reference |

| policy_plugin_group_reference |

| policy_port_reference |

| policy_reputation_reference |

| policy_risk_reference |

| policy_role_reference |

| policy_sensor_reference |

| policy_target_reference |

| policy_taxonomy_reference |

| policy_time_reference |

| port |

| port_group |

| port_group_reference |

| product_type |

| repository |

| repository_attachments |

| repository_relationships |

| reputation_activities |

| restoredb_log |

| risk_indicators |

| risk_maps |

| rrd_anomalies |

| rrd_anomalies_global |

| rrd_config |

| sem_stats_events |

| sensor |

| sensor_interfaces |

| sensor_properties |

| sensor_stats |

| server |

| server_forward_role |

| server_hierarchy |

| server_role |

| sessions |

| signature |

| signature_group |

| signature_group_reference |

| software_cpe |

| software_cpe_links |

| subcategory |

| subcategory_changes |

| system |

| tag |

| task_inventory |

| user_component_filter |

| user_config |

| user_ctx_perm |

| user_host_filter |

| user_host_perm |

| user_net_perm |

| user_sensor_perm |

| users |

| vuln_hosts |

| vuln_job_assets |

| vuln_job_schedule |

| vuln_jobs |

| vuln_nessus_category |

| vuln_nessus_category_feed |

| vuln_nessus_family |

| vuln_nessus_family_feed |

| vuln_nessus_latest_reports |

| vuln_nessus_latest_results |

| vuln_nessus_plugins |

| vuln_nessus_plugins_feed |

| vuln_nessus_preferences |

| vuln_nessus_preferences_defaults |

| vuln_nessus_report_stats |

| vuln_nessus_reports |

| vuln_nessus_results |

| vuln_nessus_servers |

| vuln_nessus_settings |

| vuln_nessus_settings_category |

| vuln_nessus_settings_family |

| vuln_nessus_settings_plugins |

| vuln_nessus_settings_preferences |

| vuln_settings |

| web_interfaces |

| webservice |

| webservice_default |

| webservice_operation |

| wireless_aps |

| wireless_clients |

| wireless_locations |

| wireless_networks |

| wireless_sensors |

+--------------------------------------+

215 rows in set (0.00 sec)

换种方法改密码

mysql> SET PASSWORD = PASSWORD(‘123456‘);

Query OK, 0 rows affected (0.03 sec)

?
?

mysql>

?
?

4,问题来了

这下客户端可以连进来了,但是发现页面无法显示了,这下麻烦了。怎么办?

分析前面命令ossim-db ,希望不是二进制的,结果运气不错,果然是个脚本

alienvault:~# whereis ossim-db

ossim-db: /usr/bin/ossim-db

alienvault:~# more /usr/bin/ossim-db

#!/bin/bash

?
?

if test -z "$1"; then

# DB="ossim"

DB="alienvault"

else

DB="$1"

fi

?
?

if [ ! -f "/etc/ossim/ossim_setup.conf" ];then

>&2 echo "ossim_setup.conf not found"

exit 0

fi

?
?

HOST=`grep ^db_ip= /etc/ossim/ossim_setup.conf | cut -f 2 -d "=" | sed ‘/^$/d‘`

USER=`grep ^user= /etc/ossim/ossim_setup.conf | cut -f 2 -d "=" | sed ‘/^$/d‘`

PASS=`grep ^pass= /etc/ossim/ossim_setup.conf | cut -f 2 -d "=" | sed ‘/^$/d‘`

?
?

if test -z "$HOST"; then

HOST=localhost

fi

?
?

sshpass -p $PASS mysql --default-character-set=utf8 -A -u $USER -h $HOST $DB -p -e "exit" &>/dev/null

?
?

if [ $? -ne 0 ]; then

>&2 echo "Access denied. Trying old settings..."

?
?

if [ ! -f /etc/ossim/ossim_setup.conf_last ]; then

>&2 echo "ossim_setup.conf_last not found"

exit 0

fi

?
?

HOST=`grep ^db_ip= /etc/ossim/ossim_setup.conf_last | cut -f 2 -d "=" | sed ‘/^$/d‘`

USER=`grep ^user= /etc/ossim/ossim_setup.conf_last | cut -f 2 -d "=" | sed ‘/^$/d‘`

PASS=`grep ^pass= /etc/ossim/ossim_setup.conf_last | cut -f 2 -d "=" | sed ‘/^$/d‘`

fi

?
?

sshpass -p $PASS mysql --default-character-set=utf8 -A -u $USER -h $HOST $DB -p

alienvault:~#

?
?

5,解决

看来有希望,取出PASS参数就可以了,好,看看

alienvault:~# grep ^pass= /etc/ossim/ossim_setup.conf | cut -f 2 -d "=" | sed ‘/^$/d‘

XDdTX6oRdV

alienvault:~#

?
?

再给改回去,反正知道密码就可以了

alienvault:~# mysql -uroot -p

Enter password:

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 43029

Server version: 5.6.23-72.1 Percona Server (GPL), Release 72.1, Revision 0503478

?
?

Copyright (c) 2009-2015 Percona LLC and/or its affiliates

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

?
?

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

?
?

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.

?
?

mysql> SET PASSWORD = PASSWORD(‘XDdTX6oRdV‘);

Query OK, 0 rows affected (0.00 sec)

?
?

mysql> exit

Bye

alienvault:~#

OK,客户端终于可以连入了。

时间: 2024-10-21 09:00:21

手工恢复OSSIM数据库密码的相关文章

手工备份恢复oracle数据库

 手工备份恢复oracle数据库: 虽然已经有了rman工具 但是手工恢复oracle能够让你对oracle数据库有更加深入的了解 数据库一致性开机条件: 数据文件 scn,控制文件 scn,redo scn一致 控制文件记录: 数据文件应该到达的scn 当前redo 数据的物理结构信息 归档信息 前提条件: 归档日志开启 数据文件有备份 控制文件有备份 备份数据: 数据文件备份: 数据文件进入备份模式: select 'alter tablespace '|| tablespace_name|

手工恢复

1.恢复过程查看的试图: 1)v$recovery_file:查看需要恢复的datafile 2)v$recovery_log:查看recover需要的redo日志 3)v$archived_log:查看已经归档的日志 2.手工完全恢复 实验一:所有数据文件和控制文件都丢失 1)先将控制文件dump到trace中 SQL> alter database backup controlfile to trace as '/u01/app/oracle/admin/EMREP/udump/haha.t

Mysql 一次性备份导出/导入恢复所有数据库

Mysql 一次性备份导出/导入恢复所有数据库 有木有遇到过这种情况?电脑或者服务器需要重装系统?可是你电脑上存着n多个网站的数据库,怎么办?把数据库文件夹拷贝出来,重装系统之后再拷回去?如果你使用了InnoDB引擎,恐怕那样做会出麻烦的,一个一个往外导数据库?天哪,那要搞到何年何月啊?今天合肥网站制作向阳互联就来介绍一下如何一口气导出全部数据库,再把数据库恢复回来,其实利用mysqldump的-all-databases参数可以一口气把你数据库root用户下的所有数据库一口气导出到一个sql文

firebird 数据库恢复 firebird数据库修复 interbase数据库恢复 firebird blob错误恢复

数 据 类 型 firebird 2.1 数 据 大 小 134 GB 故 障 检测 由于数据库大多数表含有blob数据,断电导致系统表及大字段表异常 数据库无法启动. 客 户 要 求 恢复整个数据库,直接能使用 修 复 结 果  数据库发来后 手工处理系统表,启动数据库后 做备份 提示not found blob,(cannot find BLOB page (201)) gds_$get_segmen 等等错误,使用极佳firebird数据库数据提取工具 测试发现 有5个含有blob字段的表

mongodb数据库恢复 mongo数据库无法启动恢复 mongodb数据库断电数据恢复

数据类型 mongodb 3.x 数据容量 140 GB 故障类型 服务器断电导致WiredTiger.wt文件损坏 启动报错 Detected data files in E:\DTLFolder\MongoDB\data created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'. 2018-05-08T16:10:09.755+0800 I STORAGE

创建RMAN备份 恢复目录数据库

这是前段时间给客户做的RMAN备份策略,今天有时间整理出来,希望对大家有些帮助,如有不对的地方欢迎大家给予指点,谢谢!   创建成恢复目录数据库 如果不是在本地配置RMAN 恢复目录, 在一台WINDOW2000电脑上安装ORACLE数据库,最好保证数据库版本与目标数据库的版本想同. 建立RMAN 数据库用户及表空间: RECOVER CATALOG 表空间(cattbs):1G系统表空间:       100MUNDO表空间:     100M临时表空间(TEMP):        100M 

修改linux系统里mysql数据库密码教程

知道原始密码的情况下:如何修改密码(需要使用root用户登录) 进入mysql数据库 [[email protected]系统名称~]#mysql -uroot -p原始密码 mysql>use mysql mysql>select * from mysql.user; 备注:左边一栏是host名称,中间是user名称,然后是密码栏: mysql>update user set password=password("新密码") where user='root'and

access数据库密码破解

根据C语言教学书上的示例编写,主要破解access的密码,通过异或算法,支持access2000和access2003,其他版本的没经过测试,下面是具体代码: #include <stdio.h> main() { FILE *fp; char mm0[40],mm1[40],mm2[40]; int i,k; clrscr(); fp=fopen("d:\mqmima.mdb","rb"); if(fp==NULL) { printf("\n

sqoop提供数据库密码的4种方式

背景 sqoop是一个用来将Hadoop和关系型数据库(RDBMS)中的数据进行相互转移的工具.在使用sqoop时,我们需要提供数据库的访问密码.目前sqoop共支持4种输入密码的方式: 明文模式. 交互模式. 文件模式. 别名模式. 笔者使用的是CDH5.10里的sqoop,版本是1.4.6.在待会的演示中,我们将以mysql作为我们的关系型数据库. 明文模式 明文模式是最为简单的方式.我们可以在执行sqoop命令时使用--password参数,这样我们就可以直接在命令行中输入密码来访问数据库