β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Correct way to edit / etc / passwd and / etc / group files in Linux :
Correct way to edit / etc / passwd and / etc / group files with vipw and vigr commands
To safely edit the / etc / password file, simply run:
$ sudo vipw
To safely edit the / etc / group file, run:
$ sudo vigr
The vipw and vigr commands will now lock the / etc / passwd and / etc / group files and prevent other users from making any changes.
To verify this, open two terminal windows.
Run "sudo vipw" in one window and try changing the user's password in another window.
The password will not be updated until you close the vipw command.
Therefore, other users cannot accidentally or deliberately make any changes to the / etc / passwd file while you are editing them as root.
After closing / etc / passwd, the password will be updated successfully.
You can also log in as a normal user and try to change the user's password in another terminal window.
The password will not change until you close the vipw command.
You won't even be able to create new users when editing / etc / passwd with the vipw command.
$ sudo useradd itsecforu
useradd: cannot lock / etc / passwd; try again later.
Likewise, to edit the shadow versions of these files, i.e. / etc / shadow and / etc / gshadow, use the -s flag.
$ sudo vipw -s
$ sudo vigr -s
Other supported options for vipw and vipr commands:
-g , --group
Edit group database.
-h , --help
Display help message and exit.
-p , --passwd
Edit passwd database.
-q , --quiet
Quiet mode.
-R , --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the
CHROOT_DIR directory.
-s , --shadow
Edit shadow or gshadow database
For more details refer to the man pages.
$ man vipw
$ man vigr
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Correct way to edit / etc / passwd and / etc / group files in Linux :
Correct way to edit / etc / passwd and / etc / group files with vipw and vigr commands
To safely edit the / etc / password file, simply run:
$ sudo vipw
To safely edit the / etc / group file, run:
$ sudo vigr
The vipw and vigr commands will now lock the / etc / passwd and / etc / group files and prevent other users from making any changes.
To verify this, open two terminal windows.
Run "sudo vipw" in one window and try changing the user's password in another window.
The password will not be updated until you close the vipw command.
Therefore, other users cannot accidentally or deliberately make any changes to the / etc / passwd file while you are editing them as root.
After closing / etc / passwd, the password will be updated successfully.
You can also log in as a normal user and try to change the user's password in another terminal window.
The password will not change until you close the vipw command.
You won't even be able to create new users when editing / etc / passwd with the vipw command.
$ sudo useradd itsecforu
useradd: cannot lock / etc / passwd; try again later.
Likewise, to edit the shadow versions of these files, i.e. / etc / shadow and / etc / gshadow, use the -s flag.
$ sudo vipw -s
$ sudo vigr -s
Other supported options for vipw and vipr commands:
-g , --group
Edit group database.
-h , --help
Display help message and exit.
-p , --passwd
Edit passwd database.
-q , --quiet
Quiet mode.
-R , --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the
CHROOT_DIR directory.
-s , --shadow
Edit shadow or gshadow database
For more details refer to the man pages.
$ man vipw
$ man vigr
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Patch for date-and-time denial of service vulnerability:
https://dailycve.com/patch-date-and-time-denial-service-vulnerability
https://dailycve.com/patch-date-and-time-denial-service-vulnerability
Dailycve
Patch for date-and-time denial of service vulnerability | CVE
Details:
Date And Time is a Npm code library based on Javascript for JS date and time processing by a personal Date And Time developer. In date-and-time versions prior to 0.14.2, there is a safety vulnerability. The weakness derives from the treatmentβ¦
Forwarded from DailyCVE
π΅Patch for HedgeDoc file upload vulnerability:
https://dailycve.com/patch-hedgedoc-file-upload-vulnerability
https://dailycve.com/patch-hedgedoc-file-upload-vulnerability
Dailycve
Patch for HedgeDoc file upload vulnerability | CVE
Detail:
Hedgedoc is a real-time editing and collaboration platform built on Javascript for the Hedgedoc team's Markdown papers. Versions previous to 1.7.1 of HedgeDoc include a file upload vulnerability. Unauthenticated attackers can use this vulnerabilityβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Apple canceled accessories and became a lucrative business, gaining more than 1.7 billion a year.
#Analytiques
#Analytiques
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Basic bash β Bash if statements: if, elif, else, then, fi
We also have a special elif, which we will learn more about later.
Let's start with a simple example.
In this guide, you will learn:
How to implement an if statement on the Bash command line
How such if statements can also be used inside Bash scripts
Examples showing if, elif, else, then and fi work in Bash
Example 1: a simple if statement on the command line
$ if [ 1 -eq 1 ]; then echo "Matched!"; fi
Matched!
In this example, we are comparing one to one.
Note that -eq means equal.
To do the opposite, you can use -ne, which means not equal, as shown in the following example:
$ if [ 0 -ne 1 ]; then echo "Matched!"; fi
Matched!
In this case, we checked for inequality, and since 0 is not equal to 1, the if statement is correct and the commands after then will be executed.
Let's change this a bit:
$ if [ 1 -ne 1 ]; then echo "Matched!"; else echo "Not Matched!"; fi
Not Matched!
Here we have introduced the else statement; what commands to execute if the condition in the if statement turns out to be false (or incorrect).
When we try to ask if 1 (-ne) is 1 this time, and since 1 is indeed 1, the condition formulated in this if statement is false, and we encounter our else statement with the matching text printed out.
Example 2: Using an if statement in a Bash shell script
It's worth noting that you can easily copy and paste any if statement shown here or elsewhere and use it inside a Bash shell script.
For example:
$ echo '#!/bin/bash' > myscript.sh
$ echo 'if [ 1 -eq 1 ]; then echo "Matched!"; fi' >> myscript.sh
$ chmod +x myscript.sh
$ ./myscript.sh
Matched!
$
Here we just created a small shell script myscript.sh using echo and the redirector> to redirect the output from our echo to a file.
When you use> a new file will be created and any file with the same name will be overwritten, so use with caution.
We then add our if statement again using echo and the double redirector >>, which, unlike>, does not create a new file, but simply adds text to the specified file.
Then we chmod + x to the script to make it executable, and execute the script with the ./ prefix, which is required in bash (any valid pathname will do).
The first line of the script just makes sure that we will be using the bash interpreter for our script.
It is recommended to always install it in bash and other scripts (for other scripts, you can install any interpreter that will execute your script, for example #! / Usr / bin / python3 for Python 3 (.py3 for example), etc.).
When we execute the script, we see that the result is generated as expected (1 equals 1).
Matched!
Example 3: What is elif?
The elif operator provides additional abbreviation flexibility by minimizing the need for nested operators.
Consider the following script test.sh:
#!/bin/bash
if [ 0 -eq 1 ]; then
echo '0=1'
else
if [ 0 -eq 2 ]; then
echo '0=2'
else
echo '0!=2'
fi
fi
And the output from it:
$ ./test.sh
0!=2
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Basic bash β Bash if statements: if, elif, else, then, fi
We also have a special elif, which we will learn more about later.
Let's start with a simple example.
In this guide, you will learn:
How to implement an if statement on the Bash command line
How such if statements can also be used inside Bash scripts
Examples showing if, elif, else, then and fi work in Bash
Example 1: a simple if statement on the command line
$ if [ 1 -eq 1 ]; then echo "Matched!"; fi
Matched!
In this example, we are comparing one to one.
Note that -eq means equal.
To do the opposite, you can use -ne, which means not equal, as shown in the following example:
$ if [ 0 -ne 1 ]; then echo "Matched!"; fi
Matched!
In this case, we checked for inequality, and since 0 is not equal to 1, the if statement is correct and the commands after then will be executed.
Let's change this a bit:
$ if [ 1 -ne 1 ]; then echo "Matched!"; else echo "Not Matched!"; fi
Not Matched!
Here we have introduced the else statement; what commands to execute if the condition in the if statement turns out to be false (or incorrect).
When we try to ask if 1 (-ne) is 1 this time, and since 1 is indeed 1, the condition formulated in this if statement is false, and we encounter our else statement with the matching text printed out.
Example 2: Using an if statement in a Bash shell script
It's worth noting that you can easily copy and paste any if statement shown here or elsewhere and use it inside a Bash shell script.
For example:
$ echo '#!/bin/bash' > myscript.sh
$ echo 'if [ 1 -eq 1 ]; then echo "Matched!"; fi' >> myscript.sh
$ chmod +x myscript.sh
$ ./myscript.sh
Matched!
$
Here we just created a small shell script myscript.sh using echo and the redirector> to redirect the output from our echo to a file.
When you use> a new file will be created and any file with the same name will be overwritten, so use with caution.
We then add our if statement again using echo and the double redirector >>, which, unlike>, does not create a new file, but simply adds text to the specified file.
Then we chmod + x to the script to make it executable, and execute the script with the ./ prefix, which is required in bash (any valid pathname will do).
The first line of the script just makes sure that we will be using the bash interpreter for our script.
It is recommended to always install it in bash and other scripts (for other scripts, you can install any interpreter that will execute your script, for example #! / Usr / bin / python3 for Python 3 (.py3 for example), etc.).
When we execute the script, we see that the result is generated as expected (1 equals 1).
Matched!
Example 3: What is elif?
The elif operator provides additional abbreviation flexibility by minimizing the need for nested operators.
Consider the following script test.sh:
#!/bin/bash
if [ 0 -eq 1 ]; then
echo '0=1'
else
if [ 0 -eq 2 ]; then
echo '0=2'
else
echo '0!=2'
fi
fi
And the output from it:
$ ./test.sh
0!=2
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Vulnerability of the Sonicwall SonicWall NetExtender Windows client code problem:
https://dailycve.com/vulnerability-sonicwall-sonicwall-netextender-windows-client-code-problem
https://dailycve.com/vulnerability-sonicwall-sonicwall-netextender-windows-client-code-problem
Dailycve
Vulnerability of the Sonicwall SonicWall NetExtender Windows client code problem | CVE
Details:
The Sonicwall NetExtender Windows client is a client program for SSL VPN (Virtual Private Network) based on Sonicwall's Windows platform in the United States. There is a security flaw in the SonicWall NetExtender Windows client version 10.2.300β¦
Forwarded from DailyCVE
π΅Vulnerability of the Sonicwall SMA100 operating system order injection :
https://dailycve.com/vulnerability-sonicwall-sma100-operating-system-order-injection
https://dailycve.com/vulnerability-sonicwall-sma100-operating-system-order-injection
Dailycve
Vulnerability of the Sonicwall SMA100 operating system order injection | CVE
Details:
The Sonicwall SMA100 is a safe access gateway system developed in the United States by Sonicwall. The SonicWall SMA100 appliance has a command injection flaw that allows authenticated administrative users to perform an OS command injection usingβ¦
Forwarded from UNDERCODE TESTING
German Chancellor Merkel: The decision by Twitter to block the Trump account is "Not right"
#International
MORE DETAILS - https://undercodenews.com/german-chancellor-merkel-the-decision-by-twitter-to-block-the-trump-account-is-not-right/11/01/2021/
#International
MORE DETAILS - https://undercodenews.com/german-chancellor-merkel-the-decision-by-twitter-to-block-the-trump-account-is-not-right/11/01/2021/
Forwarded from UNDERCODE TESTING
Starting at $499, Dynabook launches Satellite Pro laptops.
#Technologies
MORE DETAILS - https://undercodenews.com/starting-at-499-dynabook-launches-satellite-pro-laptops/11/01/2021/
#Technologies
MORE DETAILS - https://undercodenews.com/starting-at-499-dynabook-launches-satellite-pro-laptops/11/01/2021/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to enable rc.local shell script in systemd on Linux boot ?
Enabling rc.local shell script in systemd at boot of Linux system
Compatibility with /etc/rc.local is achieved through systemd using a special service called rc-local.service.
This module is automatically called in multi-user.target by systemd-rc-local-generator if /etc/rc.local is executable.
Executing rc.local shell script at boot time using systemd
Naturally, create or update / edit a file called /etc/rc.local using your favorite text editor.
I'm going to use the vim command:
$ sudo vim /etc/rc.local
$ sudo vim /etc/rc.d/rc.local
Add the required commands or call the script.
Here is my file:
#!/bin/sh
# add your commands
# call your scripts here
# let us set stuff for my wifi
/sbin/iw phy0 wowlan enable magic-packet disconnect
# last line must be exit 0
exit 0
Save and close the file when using vim.
π§ How to save a file in Vi / Vim and exit
Make sure you set the executable permissions for the file with the chmod command:
$ sudo chmod -v +x /etc/rc.local
Setting up rc-local.service on Linux when systemd starts
All we need to do is enter the following systemctl command:
$ sudo systemctl enable rc-local.service
Reboot Linux:
$ sudo reboot
Check the status after reboot:
$ sudo systemctl status rc-local.service
Here's what we see on the screen:
β rc-local.service - /etc/rc.local Compatibility
Loaded: loaded (/etc/systemd/system/rc-local.service; enabled-runtime; ven>
Drop-In: /usr/lib/systemd/system/rc-local.service.d
ββdebian.conf
Docs: man:systemd-rc-local-generator(8)
Tasks: 0 (limit: 37939)
Memory: 0B
CGroup: /system.slice/rc-local.serviceHow to view service configuration
Open the terminal app and type:
$ sudo systemctl cat rc-local.service
We will see the systemd configuration as follows:
# /etc/systemd/system/rc-local.service
# SPDX-License-Identifier: LGPL-2.1+
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# This unit gets pulled automatically into multi-user.target by
# systemd-rc-local-generator if /etc/rc.local is executable.
[Unit]
Description=/etc/rc.local Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable=/etc/rc.local
After=network.target
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
RemainAfterExit=yes
GuessMainPID=no
# /usr/lib/systemd/system/rc-local.service.d/debian.conf
[Unit]
# not specified by LSB, but has been behaving that way in Debian under SysV
# init and upstart
After=network-online.target
# Often contains status messages which users expect to see on the console
# during boot
[Service]
StandardOutput=journal+console
StandardError=journal+console
@Undercoder
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to enable rc.local shell script in systemd on Linux boot ?
Enabling rc.local shell script in systemd at boot of Linux system
Compatibility with /etc/rc.local is achieved through systemd using a special service called rc-local.service.
This module is automatically called in multi-user.target by systemd-rc-local-generator if /etc/rc.local is executable.
Executing rc.local shell script at boot time using systemd
Naturally, create or update / edit a file called /etc/rc.local using your favorite text editor.
I'm going to use the vim command:
$ sudo vim /etc/rc.local
$ sudo vim /etc/rc.d/rc.local
Add the required commands or call the script.
Here is my file:
#!/bin/sh
# add your commands
# call your scripts here
# let us set stuff for my wifi
/sbin/iw phy0 wowlan enable magic-packet disconnect
# last line must be exit 0
exit 0
Save and close the file when using vim.
π§ How to save a file in Vi / Vim and exit
Make sure you set the executable permissions for the file with the chmod command:
$ sudo chmod -v +x /etc/rc.local
Setting up rc-local.service on Linux when systemd starts
All we need to do is enter the following systemctl command:
$ sudo systemctl enable rc-local.service
Reboot Linux:
$ sudo reboot
Check the status after reboot:
$ sudo systemctl status rc-local.service
Here's what we see on the screen:
β rc-local.service - /etc/rc.local Compatibility
Loaded: loaded (/etc/systemd/system/rc-local.service; enabled-runtime; ven>
Drop-In: /usr/lib/systemd/system/rc-local.service.d
ββdebian.conf
Docs: man:systemd-rc-local-generator(8)
Tasks: 0 (limit: 37939)
Memory: 0B
CGroup: /system.slice/rc-local.serviceHow to view service configuration
Open the terminal app and type:
$ sudo systemctl cat rc-local.service
We will see the systemd configuration as follows:
# /etc/systemd/system/rc-local.service
# SPDX-License-Identifier: LGPL-2.1+
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# This unit gets pulled automatically into multi-user.target by
# systemd-rc-local-generator if /etc/rc.local is executable.
[Unit]
Description=/etc/rc.local Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable=/etc/rc.local
After=network.target
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
RemainAfterExit=yes
GuessMainPID=no
# /usr/lib/systemd/system/rc-local.service.d/debian.conf
[Unit]
# not specified by LSB, but has been behaving that way in Debian under SysV
# init and upstart
After=network-online.target
# Often contains status messages which users expect to see on the console
# during boot
[Service]
StandardOutput=journal+console
StandardError=journal+console
@Undercoder
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
Dailycve
Dell BSAFE Micro Edition Suite
Details:
The Dell BSAFE Micro Version Suite is a Dell (Dell) software kit in the United States that can provide c/c++ programs, computers, and systems with encryption, certificates, and transport layer authentication.
Version 4.5 of the Dell BSAFE Microβ¦
Forwarded from DailyCVE
π΅Newgen eGov Correspondence Management System 12.0 :
https://dailycve.com/newgen-egov-correspondence-management-system-120
https://dailycve.com/newgen-egov-correspondence-management-system-120
Dailycve
Newgen eGov Correspondence Management System 12.0 | CVE
Newgen Egov Correspondence Management System is a letter management software used in office environment by Newgen Corporation. Newgen Egov Correspondence Management System version 12.0 has a direct reference vulnerability of unsafe objects. Attackers canβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ 2021 FREE & LEGIT :
Day 1 - A Christmas Crisis
Day 2 - The Elf Strikes Back
Day 3 - Christmas Chaos
Day 4 - Santa's watching
Day 5 - Someone stole Santa's gift list!
Day 6 - Be careful with what you wish on a Christmas night
Day 7 - The Grinch Really Did Steal Christmas
Day 8 - What's Under the Christmas Tree?
Day 9 - Anyone can be Santa!
Day 10 - Don't be Elfish!
Day 11 - The Rogue Gnome
Day 12 - Ready, set, elf.
Day 13 - Coal for Christmas
Day 14 - Where's Rudolph?
Day 15 - There's a Python in my stocking!
Day 16 - Help! Where is Santa?
Day 17 - ReverseELFneering
Day 18 - The Bits of the Christmas
Day 19 - The Naughty or Nice List
Day 20 - PowershELlF to the rescue
Day 21 - Time for some ELForensics
Day 22 - Elf McEager becomes CyberElf
Day 23 - The Grinch strikes again!
Day 24 - The Trial Before Christmas
https://github.com/flyme2bluemoon/thm-advent
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ 2021 FREE & LEGIT :
Day 1 - A Christmas Crisis
Day 2 - The Elf Strikes Back
Day 3 - Christmas Chaos
Day 4 - Santa's watching
Day 5 - Someone stole Santa's gift list!
Day 6 - Be careful with what you wish on a Christmas night
Day 7 - The Grinch Really Did Steal Christmas
Day 8 - What's Under the Christmas Tree?
Day 9 - Anyone can be Santa!
Day 10 - Don't be Elfish!
Day 11 - The Rogue Gnome
Day 12 - Ready, set, elf.
Day 13 - Coal for Christmas
Day 14 - Where's Rudolph?
Day 15 - There's a Python in my stocking!
Day 16 - Help! Where is Santa?
Day 17 - ReverseELFneering
Day 18 - The Bits of the Christmas
Day 19 - The Naughty or Nice List
Day 20 - PowershELlF to the rescue
Day 21 - Time for some ELForensics
Day 22 - Elf McEager becomes CyberElf
Day 23 - The Grinch strikes again!
Day 24 - The Trial Before Christmas
https://github.com/flyme2bluemoon/thm-advent
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - flyme2bluemoon/thm-advent: Try Hack Me Advent of Cyber 2020 event
Try Hack Me Advent of Cyber 2020 event. Contribute to flyme2bluemoon/thm-advent development by creating an account on GitHub.
Forwarded from DailyCVE
π΅Barco Transform NDN-210 security vulnerability:
https://dailycve.com/barco-transform-ndn-210-security-vulnerability
https://dailycve.com/barco-transform-ndn-210-security-vulnerability
Dailycve
Barco Transform NDN-210 security vulnerability | CVE
Details:
Barco Transform NDN-210 is a PC based network graphics processor from the Netherlands-based corporation Barco. The software supports H-264, MPEG-4, MPEG-2, MJPEG, V2D and ProServer formats and can view coded streams from Gbit Ethernet/IP networks.β¦
Barco Transform NDN-210 is a PC based network graphics processor from the Netherlands-based corporation Barco. The software supports H-264, MPEG-4, MPEG-2, MJPEG, V2D and ProServer formats and can view coded streams from Gbit Ethernet/IP networks.β¦
Forwarded from DailyCVE
π΅Input verification error weakness of the Nvidia vGPU manager:
https://dailycve.com/input-verification-error-weakness-nvidia-vgpu-manager
https://dailycve.com/input-verification-error-weakness-nvidia-vgpu-manager
Dailycve
Input verification error weakness of the Nvidia vGPU manager | CVE
Details:
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
The designer of "Gosoblak" acquired by VTB is searching for 2.5 billion Intel servers.
#International
#International
