Collaborate Disseminate
Question:
I am working on a password-based file encryption and decryption system in Python using the PBKDF2 key derivation function and Fernet encryption. I have a specific requirement: I want to verify a user’s password without storing th… Continue reading Verification of Password without Storing Hash – Security Considerations
When a user logs in with their email/password combo and gets authenticated to our website, the backend sends the web browser an encrypted cookie based off of their memberId with us. While this encrypted cookie has not expired, the web bro… Continue reading How to properly migrate authentication cookies to using a new encryption scheme on a website while being backwards compatible?
Please help to decrypt the below message:
þ =R „ù °@ |£zaBéÒpØP ø+äD˜Å¨ssgSP×”•ÉÚ†¢*ê>k?LŽÁð°§-®æ0øΦÃwîÀl±ÀûÒuÔŸFù¨z=<‘nA"¤¯–‰xÊÍ7¾Ñ`r•t¿æH#]ÜGa0+Â%DÏ6©3jí¬W^ñ ö :Ëi?vö²¨‘Ù¸³@U9×ÒÚν î
Lwþ [²Õ´ÿ&YˆcZ‡N¡pke„véXsª-ì—ž1@{R… Continue reading Need help to decrypt a text file & want to know the type used to encrypt [closed]
I have a problem. I’m using Wireshark 4.0.8. I created my ssl file to store my "(pre)-master-secrets". I can thus decrypt TLS from my browser or from different python libraries without problem. But I cannot decrypt the TLS when m… Continue reading Wireshark can’t decrypt TLS from a specific python library
#ΔΕ#ΘΣΘΕ6ΨΑΨΕFA
ΘΨΕ#ΨΩΕ3ΑΣΕ6Ψ==ΣWΔΨΒ#ΑΣ
#ΔΨΒMF%ΨE3AEGΩBAЕ
ΘΒCΨBΣΩM3AΣMΔΨB#AΣ
F%ΨΕΘΩMΣ1ΩΕ23ΣΑΘΕΘ3
%ΣΩΕΣ1Σ1ΘM1Ψ
with this code: 05A5N
i think thats the key, but idk which algorithm has been used.
The message should be in italian, a stranger … Continue reading i need to decrypt this messagge:
DPAPI: Windows Data Protection API
Say I would be able to read a Windows system file system, including all files.
Say there would be a DPAPI encrypted value somewhere in this system that I want to decrypt.
Can I decrypt this value only loo… Continue reading Is DPAPI usable when only being able to read the file directory?
I have stumbled across passwords on a MySQL database behind a PHP webapp. Here are some examples.
753a524d56b48d825328ce27
789e0ad30d15
7ba0868c23e0a2
d327e265ca2abcd7c
48276b3d5618850
bffaa9b3ba92ffc3
21614da133d56e72857c
44d2059e642f9733… Continue reading What are password encryption schemes that result in variable length common in MySQL and PHP?
So I am trying to write my own backdoor with python and it is something like Metaploit, where you can run a single command and it would do the work for you, so I am trying to implement a cookie decoder/decrypter, so I started doing it on m… Continue reading Decrypting Browser Cookies
Web Server : Oracle WebLogic 10.35
Machine : Oracle Linux Server 3.8
I was able to partially exploit this CVE. I can execute any command on server using HTTP request and redirecting its output to a file i.e
cat /etc/passwd > /tmp/succes… Continue reading Post Exploitation in Oracle web logic server 10.35 (Oracle Linux Server 3.8)
I am trying to setup SSL key logging with Apache 2.4 on Ubuntu 22.04.
I followed the very good Walkthrough provided by Lekensteyn in this post: Extracting openssl pre-master secret from apache2
What I have found is that the key logging do… Continue reading Problem Extracting SSL keys from Apache 2.4