A password was required when purchasing theater tickets

When purchasing theater tickets from biletru.co.il, I was required for the email address and password. Why ? Whether it is unsafe to enter the password in this case?

penetration test – wget output reveals administrator password?

A penetration testing tool revealed a hidden link related to my IP cam web interface:

The following is part of what I get when I use wget

"Group" : "admin",
         "Id" : 1,
         "Memo" : "admin 's account",
         "Name" : "admin",
         "Password" : "44D449B8699C219EB8A5DE30FD827911",
         "Reserved" : true,
         "Sharable" : true

Can someone tell me what the exit is all about?
Is the article "Password" : "44D449B8699C219EB8A5DE30FD827911", a hashed MD5 password?

If not, what does it mean?

I tried John the Ripper but to no avail

thank you so much

magento 1.9 – How to get a pre-hashed password after customer registration

Please note: I understand that this would be open to a potential security risk. However, due to the nature of my site, I wish to exhaust as many solutions as possible to prevent fraud from occurring. With the way Magento saves and hashes passwords, it is impossible to compare passwords. One way to catch abusers / fraudsters is to compare the password they use when signing up, as many use the same thing to speed up the process.

Intention: I want to recover the raw password upon successful registration, hash it (without salt) and save it in a table on a remote server which has no connection to the server of my site . It would simply save the customer ID and the new hashed password.

I thought I could do it 1 of 2 ways:

  1. Extend the base model with an additional function that will do this
  2. Create a new module that would use the customer_register_success ? event and enter it separately.

I do not know if it is possible to recover the password before hashing it with solution 2.

Anyway, after doing a little research in the main customer models, I really only found a few possibilities.

In /core/Mage/Customer/Model/Customer.php

$this->setData('password', $password);

I can't tell if this passes the pre-hashed password or not, although it precedes setPasswordHash().

Now, I tried to test them just to see what I get, but I just can't seem to catch anything. I tried to extend core/Mage/Customer/Model/Customer.php by doing the following:









class Customermodule_Password_Model_Export extends Mage_Customer_Model_Customer

public function getPassword($password) {
   $email = $this->getData('email');
   $pw = $this->getData('password');
   $customer = Mage::getModel("customer/customer")->loadByEmail($email);
   $customerId = $customer->getId();



I'm going to be honest, I'm not even entirely sure if this is the correct way to enter the client entity or if I am expanding the correct model class.

Any help, suggestion, tip is greatly appreciated.

python – Password Manager – Exchange code review stack

This is my first post here, so please forgive me if this is not the right place or the wrong way to proceed, and if so, an indication of the Place where I should post this would be greatly appreciated.
In short, I am new to coding and Python 3 was the first language I decided to learn. After taking a few free online courses and gathering all the information I could, I figured that the best way to learn for myself would be to immerse myself in a simple project and learn as I go. measured. This site has been extremely helpful, btw. So thank you to all the contributors. Sorry, I'm a scattered brain. One of the first projects I did was a simple password generator. I then became obsessed with the idea, so I decided that the next step would be to evolve the program to a password manager and develop a way to encrypt and store passwords. created, as well as the corresponding department and username / e-mail. In my mind, once this was done, the next logical step was to use this same password manager project to help me get started with object oriented programming. So I finished my program using OOP. I then decided that I wanted to go further and add the ability to change the user name or password for any of the entries, then encrypt and restore them. This is where I get stuck. I found some examples of password managers at home and abroad, but I can't find an example allowing the user to modify any of their entries, just creating and unique storage. Any help would be greatly appreciated.

If you're willing to pass on any information or links or anything, but need more information, I would provide whatever you require, whatever I can. I just thought posting on here might be a better alternative to driving myself crazy digging through the internet message boards for something that could be easier to just ask on her. 

Again, thank you. All help will be greatly appreciated. 

hash – Cracking less than 4 letters of linux password using john

I am trying to crack a Linux password of less than 4 characters using John. I have hidden my password in file.txt I am using the following command:

john -incremental file.txt

the output is:

0g 0:00:00:04  0g/s 1226p/s 1226c/s 1226C/s sonkys..michot
0g 0:00:00:05  0g/s 1259p/s 1259c/s 1259C/s 083078..115269
0g 0:00:00:06  0g/s 1275p/s 1275c/s 1275C/s samil..shite
0g 0:00:00:07  0g/s 1285p/s 1285c/s 1285C/s juaps..jight
0g 0:00:00:08  0g/s 1291p/s 1291c/s 1291C/s marali..morie1

it looks like it is using a list of passwords instead, i want to start with a password of 1 word, then 2 words and so on.

blockchain.info – I lost my password and my blockchain recovery phrase, how can I recover my wallet?

Please note that you are probably referring to the blockchain.info wallet service. Not the blockchain itself.

I do not think it is possible to recover your funds if you have lost your password and your recovery phrase.
You should have secured your recovery phrase somewhere where it cannot be lost or destroyed. A phone is not a good place for that.

Read more details here: https://blog.blockchain.com/2016/04/20/support-team-tips-why-your-wallet-recovery-phrase-is-so-important/

Next time, write it down on paper or store it encrypted on a cloud service where no one but you can access it.

You can try contacting support on blockchain.info, but I don't think they can help you because your private keys will likely be encrypted with your password and could be recovered with your recovery phrase. But since you have none, I think that the recovery of your funds is not possible.

For more information on this, read here: https://support.blockchain.com/hc/en-us/articles/211205343-I-forgot-my-password-What-can-you-do- to-help-

It can be a bit salty, but learn how to manage security and secure your passwords, use 2FA and save your recovery phrases and everything in a safe place. It should be done for everything, not just the blockchain.info service.

COMMENT: Yes, you can recover your funds without the password and wallet ID.
What you do is you ask for your wallet ID first using your email at this link https://login.blockchain.com/#/reminder the second step is to download the wallet.aes.json file, then its possible to brutally force the password.

linux – Error providing a sudo script / pair of users without password

I am creating a desktop application for Linux that interacts with certain ubuntu system files. So, when installing my software by the end user, I have to generate a file in /etc/sudoer.d/ giving a certain number of scripts access to the system files without knowing the password. The user will enter their password during installation, but after that they should not have to do so. During installation, they will run give-sudo.sh which contains the following bash lines:

echo '$USER ALL=(ALL) NOPASSWD: power_off.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: reboot.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: timeout_moss.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: timeout_default.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: set_next_os.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: boot_os_1.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: boot_os_2.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: give_sudo.sh' >> /etc/sudoers.d/moss-priv

It is supposed to create a file called moss-privand add the lines needed to run my scripts without a password. I have 8 scripts, so I add 8 lines of code. The echo controls work well, moss-priv is generated and its content read:

$USER ALL=(ALL) NOPASSWD: power_off.sh
$USER ALL=(ALL) NOPASSWD: timeout_moss.sh
$USER ALL=(ALL) NOPASSWD: timeout_default.sh
$USER ALL=(ALL) NOPASSWD: set_next_os.sh
$USER ALL=(ALL) NOPASSWD: boot_os_1.sh
$USER ALL=(ALL) NOPASSWD: boot_os_2.sh
$USER ALL=(ALL) NOPASSWD: give_sudo.sh

This is when the problem occurs. Instead of giving a scriptless sudo to the scripts, it prints a stack trace indicating that an error has occurred on each line (1-8). Not only that, but if I try to call sudo for some reason, it says "Authorization failed" and traces batteries. As such, I completely lost sudo access and I couldn't even go back to delete the file that was causing this problem. I ended up having to reinstall the entire operating system just to bring it back to normal.

Now that I have recovered sudo, I'm ready to try again as soon as I find out what's wrong with the moss-priv file. I can't understand it however, I think it looks good. Help me?

I would be happy with a solution to this problem or a good alternative method. Thanks in advance.

How to recover the password of the lost zip file?

I have a folder with very important files on my computer and I zipped it with a password for security reasons. Unfortunately, I cannot recover the password. Usually I always use the same type of password, but I have done dozens of tries and I can't remember the password anymore.
I usually use passwords from 10 to 20 letters with capital letters and possible numbers, which means that it is basically impossible to crack it by pure brute force. Since I have tried all the templates that I usually use, I think I may have used a different password than the usual one, so it is not not possible to break it using brute force models.

Basically, I don't think there are any AI techniques capable of recovering the password as it can be very long and I have no information about it. So my question is this: is there a way for me to recover the password from my file? Since I created it with my user session in Windows, maybe it is possible to deactivate the password for the same user? I'm not very good at IT, but I hope there is a way to get it back because the information in this file is really important.

8 – How to change the password via REST when validating the e-mail address (first connection link)

is there REST api way to allow user to set new password when confirming by email / first login?

I tried the same code as to change the password when you are already logged in and add the pass-reset-token as a GET parameter but without any luck. The server always returns the following message:

{"message":"Users can only update their own account, unless they have the u0027administer usersu0027 permission."}

So, is there a way to allow the user to configure a new password when logging in for the first time via REST?