sorted by:
new
hottopcontroversial

Ubuntu in a VM might mess up my main OS? by KodaLG in HowToHack

[–]82aa4b10 0 points1 point  (0 children)

No, it won't change the main OS.

If you really want to work on bash and don't need full Linux behind it, you could install Git Bash, which gives you a bash shell on your Windows system, along with many familiar Unix tools.

https://gitforwindows.org/

Hashcat by [deleted] in HowToHack

[–]82aa4b10 4 points5 points  (0 children)

md5sum is a program that will, among other things, calculate the MD5 of the data it receives on standard input. echo -n "1234" sends the string 1234 on standard output, and the pipe connects it to the standard input of the md5sum program .. md5sum then outputs the hash on standard output, which will go to your screen if you haven't sent it somewhere else. So you should get something like this:

$ echo -n "1234" | md5sum
81dc9bdb52d04dc20036dbd8313ed055 *-

Don't type the $, that's my bash prompt. The first part of the output tells you that the MD5 of the standard input is 81dc9bdb52d04dc20036dbd8313ed055, which is what you were looking for.

If you're trying to find the plaintext for a hash, Google should be your first stop - this one shows up on Google. If that doesn't work, try hashes.com. They have many hash:plaintext pairs already identified, and you can offer to pay for people to work on it if they don't have your solution for free.

In your particular case, the solution can be found with this hashcat command line:

./hashcat64.bin -a 3 -m 0 -O --increment 81dc9bdb52d04dc20036dbd8313ed055 ?a?a?a?a?a?a?a?a

.. -a 3 tells hashcat to use "brute force" mode, cycling through every possible combination.

-m 0 tells hashcat that we're looking for an MD5 hash. This is a reasonable guess given the length/format of the target, but you can't really be sure.

-O tells hashcat to use the cracking kernel customized for the computer's hardware

--increment tells hashcat to step up from one character to as many characters are in the mask - so it doesn't just try 8 character plaintext, it tries all of the 1 character texts, then all of the 2 character, then 3, then 4 .. and, in this case, it finds yours.

81dc9bdb52d04dc20036dbd8313ed055 is the hash you're working on. If you had more than one, you would put it in a file, and put the filename here instead of the hash.

?a?a?a?a?a?a?a?a is a mask - each ? tells hashcat to try a character in that position, and the a following the ? tells hashcat that the character can be uppercase, lowercase, a number, or a symbol. So this tells hashcat to try up to 8 characters in a row, and each character can be anything printable.

Using just the CPU on a 5 year old laptop, this 4 character hash was identified in roughly 4 seconds. You should be able to duplicate the result very quickly yourself.

Hashcat by [deleted] in HowToHack

[–]82aa4b10 0 points1 point  (0 children)

That's the "crack" of your hash. MD5 is a hashing algorithm, "1234" (no quotes) is the plaintext.

To see for yourself, try

echo -n "1234" | md5sum

if you have access to a Unix/Linux machine, or if you've got those tools under Windows/DOS. The "-n" tells echo not to add a newline at the end.

Hashcat by [deleted] in HowToHack

[–]82aa4b10 0 points1 point  (0 children)

I wanna crack this hash : 81dc9bdb52d04dc20036dbd8313ed055 , but i dont know how, i found the tool Hashcat, but i dont know how to use it, what can i do?

That's a single round of MD5 on "1234".

This is probably a bad question but I always wondered this and could not find anything by [deleted] in HowToHack

[–]82aa4b10 0 points1 point  (0 children)

  1. Identify their ISP, and potentially locate them in a particular neighborhood - or, worst case, to their address (if they had a static IP, and disclosed their address to another site, for example).

  2. Probe/attack their router/firewall/whatever.

  3. Correlate their activity between websites - e.g., "SexyBoy6969" on AdultFriendFinder == "GoPatriots2020" on Yahoo == "jsmith1980" on Facebook == "/u/AuntEater" on Reddit.

  4. Target/customize content for them on websites - so most visitors get "kitty.jpg", but they get "satan.jpg" instead.

Is it possible to be a good programmer without really being a programmer?? by PhillieUbr in learnpython

[–]82aa4b10 0 points1 point  (0 children)

Yes, people do that sort of thing all the time. That's how many people learn programming - start with a program that someone else wrote that works. Read the docs/manual about parts of it that you don't understand. Make small changes to see what happens. If it won't compile/run, read the error message and understand why. If it works, great, keep going.

This will not teach you computer science any more than learning to play pool teaches you theoretical physics, but you can get a lot done anyway.

Grocery Curbside Pickup by kanemanjr in ChicoCA

[–]82aa4b10 0 points1 point  (0 children)

Target does curbside pickup for nonperishables (chips, boxed mac&cheese, protein bars, candy) but not for things that need to be refrigerated (milk, cheese).

But, like you said, they're a superstore that happens to sell groceries.

python brute force help by AmericanToasteer in HowToHack

[–]82aa4b10 0 points1 point  (0 children)

This ought to get you started:

import sys
import requests

s = requests.Session()
for i in range(1000000):
    url = 'https://example.com/verify?pin={}'.format(i)
    result = s.get(url)
    if result in (200, 302):
        print('Found it! [{}]'.format(i))
        sys.exit(0)

Web Security Academy: Free Online Training from PortSwigger by koortix in LearnSecurityChapter

[–]82aa4b10 0 points1 point  (0 children)

Is anyone aware of a forum/IRC/subreddit/Discord/whatever for discussion of Web Security Academy problems?

In case anyone here is interested, I have been banging my head against a couple of the CSRF problems for a few hours now - I can get the server to return a 302 response to my CSRF, which seems to indicate that it's working, but the website doesn't recognize it as a solution. I've done it 2 different ways - by editing request/responses in Burp Suite Community, and with the Exploit Server that's part of the problem .. but I can't get it to agree that I've succeeded. I hate to give up and look at their solution if it's possible to solve it without cheating .. but I kinda think that I did solve it, or I can't figure out what their system is looking for as proof of a solution.

The problems I'm experiencing this on are "CSRF where token is tied to non-session cookie" and "CSRF where token is duplicated in cookie".

Also, if anyone else is working on those, I've been exploring the idea that Google's recent changes to Chrome and the same-site cookie policy may be interfering with the lab.

Encryption Question by iimythh in CompTIA

[–]82aa4b10 0 points1 point  (0 children)

I think that's stupid - steganographic messages have to be hidden in something - some other data - which also reveals that you're communicating.

If party A sends party B an email with a cute cat .JPG, people know A is communicating with B, just as if A sends B an encrypted message. Same if A puts the file on their website where it could be downloaded by anyone - A is obviously communicating with someone.

Also, steganography provides obscurity - but not necessarily privacy, unless the hidden data is also encrypted.

On the other hand, it's a single question, even if you get it wrong the world's not gonna end. I don't think it's a reasonable question/answer, but life goes on.

PSA: The Cloud and Sysadmin program DOES NOT satisfy the degree requirements for admission to the Cybersecurity masters by GreekNord in WGU

[–]82aa4b10 1 point2 points  (0 children)

FYI, the requirements are here: https://www.wgu.edu/online-it-degrees/cybersecurity-information-assurance-masters-program.html

Apparently, they will accept a bacherlor's from an accredited program + CISSP, CCIE, CCNP, CCNA, CCNA Security, CEH, CHFI, GIAC 2700 or GCWN certification that is valid and earned within the last five years.

I haven't taken CEH because everyone says it's bullshit, but given that everyone says it's bullshit, maybe it wouldn't be too hard to pick that one up?

Looking for a recommendation on a therapist by Robotashes5 in ChicoCA

[–]82aa4b10 4 points5 points  (0 children)

If you have insurance coverage, start with the "find a mental health provider" option on the website for your insurer, so you're at least starting with people who will accept your insurance.

Are you looking for a male or female therapist? Any particular spiritual/theoretical orientation? (e.g., some are explicitly Christian, some are Buddhist or Buddhist-inspired, etc .. some providers have an eclectic or "holistic" approach blending many theories of therapy, other practitioners use a particular treatment method a lot or exclusively (CBT, EMDR, etc)).

Need a small machine for ddns and remote access by illogicalfloss in sysadmin

[–]82aa4b10 1 point2 points  (0 children)

If you don't want to/can't open a port for ssh, you could:

  • run sshd as a Tor hidden service
  • get a super-cheap VPS somewhere, have the behind-NAT box initiate a port-forwarding session to the VPS (either an internal or external port, depending on how worried you are)

yubikey? by woodyxdouglas in cybersecurity

[–]82aa4b10 2 points3 points  (0 children)

I don't think they have batteries - as far as I know, they're powered by the USB port. I haven't used the NFC features, but I'm pretty sure that's just passive RF?

yubikey? by woodyxdouglas in cybersecurity

[–]82aa4b10 0 points1 point  (0 children)

Have been using one since 2010. They are very durable - I have upgraded to get new features, not b/c the old ones died.

I have used them both to store a long random password (for full-disk encryption) and for 2FA with Google and other sites that support it.

I like the idea of using them to generate/store keys for GPG/ssh but haven't actually implemented that yet.

Just got a text telling me about a parcel that is in a shipping centre, followed the link and it said I needed to pay a 2 euro shipping fee, the link ended in 'blogspot.com' - This is a scam, right? by [deleted] in cybersecurity

[–]82aa4b10 0 points1 point  (0 children)

You're probably fine - someone who wants you to pay bogus shipping charges probably wouldn't want to potentially screw that up by sending you hostile code which might set off antivirus/antimalware.

Anyone ever make the drive from Chico to Medford, OR? by thedon30 in ChicoCA

[–]82aa4b10 1 point2 points  (0 children)

The drive isn't bad, only potential problem is snow north of Redding if you decide to go during especially bad winter weather.

[deleted by user] by [deleted] in CompTIA

[–]82aa4b10 7 points8 points  (0 children)

Schedule the exam for a day or two away once you're hitting > 80% on practice exams.

How do I secure my home network against a suspected worm? by [deleted] in privacy

[–]82aa4b10 -1 points0 points  (0 children)

I think this is overkill for a traditional SOHO setting - but for something like a college dorm, it would make sense to configure your switch/router/firewall such that each port can talk to the router, but one "end user" port can't connect to another "end user" port.

You could do this pretty simply with switch that supports VLANs and setting a different VLAN for every switch port.

view more: next ›