Security

From neil.tappsville.com
Jump to navigationJump to search


Chrome untrusted SSL Certs

Click anywhere on the page and type a BYPASS_SEQUENCE

thisisunsafe is a BYPASS_SEQUENCE for Chrome version 65

badidea Chrome version 62 - 64.

danger used to work in earlier versions of Chrome

You don't need to look for input field, just type it. It feels strange but it is working.

Self Signed Certs

sudo openssl req -x509 -newkey rsa:4096 -keyout hostname.key.pem -nodes -out hostname.cert.pem -subj '/CN=hostname.domain.com' -days 182 -sha256

place in /etc/pki/tls/private then restart httpd. (nginx)

Password Hashes

If we take a look at the crypt.3 manpage, we can see:

   If salt is a character string starting with the characters "$id$" followed by
   a string terminated by "$":

          $id$salt$encrypted

   then instead of using the DES machine, id identifies the encryption method
   used and this then determines how the rest of the password string is
   interpreted.  The following values of id are supported:

          ID  | Method
          ---------------------------------------------------------
          1   | MD5
          2a  | Blowfish (not in mainline glibc; added in some
              | Linux distributions)
          5   | SHA-256 (since glibc 2.7)
          6   | SHA-512 (since glibc 2.7)

SHA-512 on MAC

pip3 install passlib
python3 -c "from passlib.hash import sha512_crypt; import getpass,string,random; print( sha512_crypt.using(salt=.join([random.choice(string.ascii_letters + string.digits) for _ in range(16)]),rounds=5000).hash(getpass.getpass()))"