▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Parsing the / etc / shadow file :

1.Username: This is your login name.

2. Password: This is your encrypted password. The password must be at least 8-12 characters long, including special characters, numbers, lowercase letters, etc.

Usually the password format is $ id $ salt $ hashed. $ Id is an algorithm used in GNU / Linux as follows:

$1$ this is MD5
$2a$ this is Blowfish
$2y$ this is Blowfish
$5$ it's SHA-256
$6$ this is SHA-512
3. Last change of password (last change): days since January 1, 1970, when the password was last changed.

4. Minimum: The minimum number of days required to change the password, that is, the number of days remaining before the user is allowed to change their password.
5. Maximum: The maximum number of days the password is valid (after this user is forced to change his password)
6. Warning: The number of days before the password expires that the user is warned to change the password.
7. Inactivity: the number of days after the password expires that the account has been disabled.
8. Expiration Date: Days from January 1, 1970, when this account is disabled, that is, an absolute date indicating when the login can no longer be used.

How do I change my password?
Use the following syntax to change your own password:

$ passwd

See the passwd command man page for more information.
How can I change the password for another user?
You must be root to change the password for other users:
# passwd userNameHere
or
$ sudo passwd userNameHere
How do I change or set password expiration information?
To change the password expiration information for a user, use the chage command on Linux.
The syntax is as follows (again, you must be root to set the password again):
chage username
chage [options] username
chage itsecforu
chage -l tom
The following options are possible:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
-R, --root CHROOT_DIR directory to chroot into
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵FasterXML jackson-databind code issue vulnerability:

https://dailycve.com/fasterxml-jackson-databind-code-issue-vulnerability

Protection in Artificial Intelligence: Extreme Fake and Post Reality.
#Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Go example code to modify the file name recursively:

package main

import (
"bufio"
"fmt"
"io/ioutil"
"log"
"os"
"strings"
)

var pathSeparator = string(os.PathSeparator)

/**
*/
func rename(path string, old string, new string) (err error) {
files, err := ioutil.ReadDir(path)
if err != nil {
return err
}
for _, fileInfo := range files {
if fileInfo.IsDir() {
err = rename(path+pathSeparator+fileInfo.Name(), old, new)
if err != nil {
return err
}
err = os.Rename(path+pathSeparator+fileInfo.Name(), path+pathSeparator+strings.Replace(fileInfo.Name(), old, new, -1))
if err != nil {
return err
}
} else {
err = os.Rename(path+pathSeparator+fileInfo.Name(), path+pathSeparator+strings.Replace(fileInfo.Name(), old, new, -1))
if err != nil {
return err
}
}
}
return err
}

func main() {


reader := bufio.NewReader(os.Stdin)
filePath, _ := reader.ReadString('\n')
filePath = strings.Replace(filePath, "\n", "", -1)

fmt.Print(：")
reader = bufio.NewReader(os.Stdin)
name, _ := reader.ReadString('\n')
name = strings.Replace(name, "\n", "", -1)

err := rename(filePath, name, "")
if err != nil {
log.Fatalf：%v\n", err)
}
err = os.Rename(filePath, strings.Replace(filePath, name, "", -1))
if err != nil {
log.Fatalf
}

fmt.Println("success")
}
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Hi all, https://Best.undercode.help :

In this blog we want to upload daily links about top rated apps/softwares and much more checkout the next message, and thanks.

Best 50 websites for watching movies for Free in 2021 :

https://best.undercode.help/best-50-websites-for-watch-movies-for-free-in-2021/

Valve officially released a Steam beta announcement, opened the remote fun function for domestic players.
#Updates

The Russian government has formed the final version of the list of Russian programs for installation on new mobile devices.
#International

🔵Linux outlook expose a new bug could crash the service and leak the password:

https://dailycve.com/linux-outlook-expose-new-bug-could-crash-service-and-leak-password

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is BuiltWith?

BuiltWith is a technology search or profiler.

It provides real-time target information to pentesters through the domain API and domain live API .

The domain API provides technical information such as analytics service, built-in plugins, frameworks, libraries, etc. to penetration testers.

The domain API relies on BuiltWith database to provide current and historical technology information about the target.

The Lookup pane retrieves the same information that the domain API provides.

On the other hand, the domain live API does extensive searches on a domain or URL.

It is possible to integrate both APIs into a security product to provide technical information to end users.

1) BuiltWith Domain API

The BuiltWith Domain API provides XML and JSON access to the technology information of a website which includes all technical information as found on detailed lookups at builtwith.com and additional meta data where available.

3) The general access method is as follows -
https://api.builtwith.com/v18/api.[xml|json]?KEY=[YOUR KEY]&LOOKUP=[DOMAIN]

4) Authentication
You must provide your API key in each lookup. See the examples for how this works.

Login or Create a Free Account to get your API key.

5) Client SDK
A Client SDK for C# is available at https://github.com/builtwith/BuiltWith-C-Client-API and can be installed via NuGet package 'BuiltWith'.

6) Get Domain Example
XML Get Single Domain
https://api.builtwith.com/v18/api.xml?KEY=[YOUR KEY]&LOOKUP=hotelscombined.com

7) JSON Get Single Domain
https://api.builtwith.com/v18/api.json?KEY=[YOUR KEY]&LOOKUP=builtwith.com

8)Get Multiple Domains Example
Provide multiple LOOKUP domains as a CSV (up to 16)
https://api.builtwith.com/v18/api.xml?KEY=[YOUR KEY]&LOOKUP=hotelscombined.com,builtwith.com

9) High Throughput Lookups
For ultra fast high performance API lookups use the following syntax.
https://api.builtwith.com/v18/api.json?KEY=[YOUR KEY]&HIDETEXT=yes&NOMETA=yes&NOPII=yes&NOLIVE=yes&NOATTR=yes&LOOKUP=site1.com,site2.com,site3.com,site4.com,site5.com,site6.com,site7.com,site8.com,site9.com,site10.com,site11.com,site12.com,site13.com,site14.com,site15.com,site16.com

10) 16 Root Domains or Subdomains Only Per Lookup - alphabetically random for performance improvements
Text, Meta, Attributes, Contacts all removed
Removes live lookup of results if not in our database
For even higher throughput contact us about dedicated endpoint solutions.

11) Get Specific Page Profile Example
Providing an internal URL or subdomain will get that specific page technology profile. Ensure you encode the LOOKUP parameter.
https://api.builtwith.com/v18/api.json?KEY=[YOUR KEY]&LOOKUP=hotelscombined.com%2FPlace%2FHawaii.htm


Reference: https://api.builtwith.com/domain-api
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Digisol Systems DG-HR3400 cross-site scripting vulnerability:

https://dailycve.com/digisol-systems-dg-hr3400-cross-site-scripting-vulnerability

After the day the "falls" of the US Congress, Trump's social media grew by almost 200,000 followers.
#International

Cryptocurrencies are set to record their biggest weekly gains since the Bitcoin bubble peaked about three years ago, but the market crashed that year.
#Analytiques

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A cheat sheet that contains common enumeration and attack methods for Windows Active Directory:

Get Domain Policy:

Get-DomainPolicy

#Will show us the policy configurations of the Domain about system access or kerberos
(Get-DomainPolicy)."system access"
(Get-DomainPolicy)."kerberos policy"
Get Domain Controllers:

Get-NetDomainController
Get-NetDomainController -Domain <DomainName>
Enumerate Domain Users:

Get-NetUser
Get-NetUser -SamAccountName <user>
Get-NetUser | select cn
Get-UserProperty

#Check last password change
Get-UserProperty -Properties pwdlastset

#Get a spesific "string" on a user's attribute
Find-UserField -SearchField Description -SearchTerm "wtver"

#Enumerate user logged on a machine
Get-NetLoggedon -ComputerName <ComputerName>

#Enumerate Session Information for a machine
Get-NetSession -ComputerName <ComputerName>

#Enumerate domain machines of the current/specified domain where specific users are logged into
Find-DomainUserLocation -Domain <DomainName> | Select-Object UserName, SessionFromName
Enum Domain Computers:

Get-NetComputer -FullData
Get-DomainGroup

#Enumerate Live machines
Get-NetComputer -Ping
Enum Groups and Group Members:

Get-NetGroupMember -GroupName "<GroupName>" -Domain <DomainName>

#Enumerate the members of a specified group of the domain
Get-DomainGroup -Identity <GroupName> | Select-Object -ExpandProperty Member

#Returns all GPOs in a domain that modify local group memberships through Restricted Groups or Group Policy Preferences
Get-DomainGPOLocalGroup | Select-Object GPODisplayName, GroupName


More & source:
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Hitachi ABB Power Grids FOX615 Multiservice-Multiplexer improper authentication vulnerability:

https://dailycve.com/hitachi-abb-power-grids-fox615-multiservice-multiplexer-improper-authentication-vulnerability

Unstoppable R&D, telecommunications manufacturing sector Disaster declaration again.
#Technologies

LG announces a new update: Bringing a deadly improuvements to Remote.
#Updates

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Linux security tips:

1) Beware of the emergence of Linux virus at the beginning of Linux. Because of its original excellent design, it seems to have innate virus immunity. At that time, many people believed that there would not be a virus against Linux, but Linux is no exception. In the fall of 1996, an organization called VLAD in Australia wrote Staog, which was said to be the first virus under the Linux system, in assembly language.

2) It specifically infected binary files and tried to obtain root permissions in three ways. Of course, the Staog virus is designed to demonstrate and prove that Linux is potentially dangerous to be infected by the virus. It does not perform any damage to the infected system.

3) In 2001, a Linux worm named Ramen appeared. Ramen virus can spread automatically without manual intervention. Although it does not cause any damage to the server, its scanning behavior while spreading will consume a lot of network bandwidth. Ramen virus is spread by exploiting two security vulnerabilities, rpc.statd and wu-ftp, in some versions of Linux (Redhat6.2 and 7.0).

4) In the same year, Lion, another worm against Linux, caused actual harm. At that time, Lion spread rapidly through the Internet and caused serious damage to the computer systems of some users. Lion virus can send some passwords and configuration files to a mailbox on the Internet via email. After collecting these files, the attacker may enter the entire system again through the gap in the first breakthrough, and further damage Activities, such as obtaining confidential information, installing backdoors, etc. When the user's Linux system is infected with this virus, it is very likely that they may choose to reformat the hard drive because they cannot determine how the intruder has changed the system. Moreover, after a Linux host is infected with the Lion virus, it will automatically start searching for other victims on the Internet. The feedback after the event showed that the Lion virus caused serious losses to many Linux users.

5) Other viruses on Linux platforms include OSF.8759, Slapper, Scalper, Unux.Svat, BoxPoison, etc. Of course, most ordinary Linux users have hardly encountered them. This is because until now, there are very few viruses on Linux and the scope of their impact is very small. However, with the increase of Linux users, more and more Linux systems are connected to the LAN and WAN, which naturally increases the possibility of being attacked. It is foreseeable that more and more Linux viruses will appear, so how to prevent Linux viruses Become something that every Linux user should start paying attention to now.

6) Grasp the weaknesses. Everyone who breaks
Linux may have heard of or even encountered some Linux viruses. The principles and symptoms of these Linux viruses are different, so the prevention methods they take are also different. In order to better prevent Linux viruses, we first classify some known Linux viruses.

7) From the current appearance of Linux viruses, it can be summarized into the following virus types:
1. Viruses that infect ELF format files
This type of virus uses files in the ELF format as the main target of infection. A virus that can infect ELF files can be written through compilation or C. Lindose virus is a virus that can infect ELF files. When it finds an ELF file, it will check whether the infected machine type is Intel80386. If it is, check whether there is a part of the file with a size greater than 2784 bytes (or hexadecimal AEO). If there is, the virus will overwrite it with its own code and add the code of the corresponding part of the host file, and the host The entry point of the file points to the virus code part.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵GitLab: Multiple vulnerabilities:

https://dailycve.com/gitlab-multiple-vulnerabilities

It is confirmed that an investigation into Google's "Privacy Sandbox" initiative was undertaken by the British antitrust regulator.
#International