March 18th, 2012 § § permalink
Unimpressed that my CPU was merely idling through the attack process I gave it, I wrote a quick update to the SDF password cracker.
In the previous post, I posted the source for my SQL standalone database cracker. It was fine for some basic password auditing, but for those really big password lists… it needed to be faster.
So I added in some code to use threading.
A better coder would probably have included delegates, and time efficient locking mechanisms. Not me.
I’ve attached the source code for the SDF database password cracker, once again in C#.
August 22nd, 2011 § § permalink
I had a desire to convert my custom class to XML. When you do this, it will often want you to store it in a file. I want it as a string.
Here is one way of doing it.
using System.IO;
using System.Xml;
Using System.Xml.Serialization;
class Product
{
string pName;
}
class doit()
{
List<Product> p = new List<Product>();
//put in the string
XmlSerializer xms = new XmlSerializer(p.GetType());
StringWriter sw = new StringWriter();
xms.Serialize(sw, _aList);
string myString = sw.ToString();
//read from string back into class
StringReader sr = new StringReader(myString);
Product List<myClass> = xms.Deserialize(sr) as List<Product>; //there are a lot of ways to cast type, do this however you feel.
}
July 7th, 2011 § § permalink
In a previous post I discussed my testing of multi user access of MySQL and Microsoft Access database.
Its important that you DO NOT share connections. The database is designed to take multiple connections and pool them. Sharing a connection between users is only going to create conflict that will have to be controlled in your application with code.
I decided to actually test Microsoft Access and see how it stood up to the same treatment as I gave MySQL.
The function I used is below, you’ll be able to implement it almost perfectly into the earlier example. You’ll obviously need to duplicate the below function so that both threads have their own unique database function to run.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Data;
using System.Threading;
using System.Data.OleDb;
static class AccessClass
{
public static void access1()
{
OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=world.accdb");
OleDbCommand command = new OleDbCommand("INSERT INTO helloworld (pname) VALUES ('user1')", conn);
try
{
Console.WriteLine("Connecting to Access Database...");
int i = 0;
do
{
conn.Open();
command.ExecuteNonQuery();
conn.Close();
i++;
} while (i < 100);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
Console.WriteLine("Access1 Routine Done.");
}You’ll notice the conn.Open and conn.Close are now repeated everytime the loop runs… That leads me into my conclusion.
Running the connection timing the same as I did in the MySQL example always lead to locking problems. Ultimately, if the database connection attempted were properly managed I would end up with 200 new items in the database each time I run it. The reality is quite a bit more unpredictable than that. So make it throw less errors, I made it close the connection between each iteration. This slowed it down immensely. Still, the results were unpredictable, sometimes 212 new items would be added, other times 218.
Instead of investigating why this happens, for the simplicity of not having to worry about database locking, I’ll stick to using MySQL for multiuser environments.
July 5th, 2011 § § permalink
I’m working on a piece of software at the moment that will eventually require multiple users to access the database simultaneously. I’m a pretty basic coder, and I was wondering whether there was a way I could read/write to the database without using lock-in/lock-out controls. I was dreading have to do t.
I wanted the program to use a Microsoft Access 2007 Database, mostly because it would be very portable, rapid development that would be easy to backup when it went into operation. Performance isn’t so much an issue, seeing as there will 4 or 5 users maximum.
I had difficulty determining whether or not this could done. I don’t know why. I guess its obvious to most people.
The simple answer is it can be done. In both Microsoft Access and MySQL. Before I lept into development, I wanted to see how the database behaved in C#, so I thought I’d write a quick application to test whether or not I actually can write by multiple users.
(As it turns out, it can be done in Microsoft Access but I found it very problematic in my testing)
You’ll want an SQL database that is made to look like this:
CREATE TABLE helloworld(
id INT NOT NULL AUTO_INCREMENT,
PRIMARY KEY(id),
name VARCHAR(30));
And then compile this short c# program. Don’t forget to change the various settings that affect you.
You’ll need the MySQL .NET Connecter, and include a reference in your project.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
//the additional references you'll need
using System.Data;
using MySql.Data;
using MySql.Data.MySqlClient;
using System.Threading;
namespace mySQLTest
{
///
<summary> /// This program is written to prove that multiple threads or users can simulatenously access the MySQL data base and write. /// The MySQL connector handles the lockout or connection attempts automatically. /// </summary>
class Program
{
static void Main(string[] args)
{
//declare two threads to act like users
Thread thread1 = new Thread(new ThreadStart(DatabaseClass.doStuff));
Thread thread2 = new Thread(new ThreadStart(DatabaseClass.doOtherStuff));
//start the threads running
thread1.Start();
thread2.Start();
//the current 'main' thread, should run in a loop until the other two have finished.
while (thread1.ThreadState != ThreadState.Stopped && thread2.ThreadState != ThreadState.Stopped)
{
Thread.Sleep(200);
}
//once the threads are finished, notify us through the console.
Console.WriteLine("End");
Console.ReadLine();
}
}
static class DatabaseClass
{
///
<summary> /// this function is quite well documented in the MySQL manual, the section that talks about .NET connectors. /// </summary>
public static void doStuff()
{
string connStr = "server=192.168.3.11;user=root;database=world;port=3306;password=password;";
MySqlConnection conn = new MySqlConnection(connStr);
try
{
Console.WriteLine("Connecting to MySQL...");
conn.Open();
//i want to enter a thousand items
int i = 0;
do
{
string sql = "INSERT INTO helloworld (name) VALUES ('user1')";
MySqlCommand cmd = new MySqlCommand(sql, conn);
cmd.ExecuteNonQuery();
i++;
} while (i < 1000);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
conn.Close();
Console.WriteLine("Done.");
}
public static void doOtherStuff()
{
string connStr = "server=192.168.3.11;user=root;database=world;port=3306;password=password;";
MySqlConnection conn = new MySqlConnection(connStr);
try
{
Console.WriteLine("Connecting to MySQL...");
conn.Open();
int i = 0;
do
{
string sql = "INSERT INTO helloworld (name) VALUES ('user2')";
MySqlCommand cmd = new MySqlCommand(sql, conn);
cmd.ExecuteNonQuery();
i++;
} while (i < 1000);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
conn.Close();
Console.WriteLine("Done.");
}
}
}If you were to shoot into MySQL Console right now, and ran:
SELECT * FROM helloworld;
You’d be delighted (like I was), to find your two users have simultaneously written to the database.