Free tool that discovers security configuration errors in SSH and TLS servers and explains how to fix them. Supports STARTTLS and can also scan HTTPS, POP3, IMAP and SMTP servers.
It gives you a list of servers a target domain uses (for purposes like web, email, etc) that can have external encryption enabled, then allows you to test these.
The list by default has only servers within that target domain enabled, but you can optionally include other servers (for instance if a domain uses a third party for their SMTP handling).
This scheme is not considered to be a secure method of user
authentication unless used in conjunction with some external secure
system such as TLS (Transport Layer Security, [RFC5246]), as the
user-id and password are passed over the network as cleartext.
RFC2617:
"HTTP/1.0", includes the specification for a Basic Access
Authentication scheme. This scheme is not considered to be a secure
method of user authentication (unless used in conjunction with some
external secure system such as SSL [5]), as the user name and
password are passed over the network as cleartext.
Fiddling with those alarm devices, I wrote these two little bash functions (with a few notes) that work both on MacOS and in Linux:
# `base64 --decode` is platform neutral (as MacOS uses `-D` and Linux uses `-d`)
# `$1` is the encoded username:password
function decode_http_Basic_Authorization(){
echo $1 | base64 --decode
echo
}
# `base64` without parameters encodes
# `echo -n` does not output a new-line
# `$1` is the username; `$2` is the password
function encode_http_Basic_Authorization(){
echo $1:$2 | base64
}
The first decodes the <credentials> from a Authorization: Basic <credentials> header into a username:password clean text followed by a newline.
The second one encodes a pair of username and password parameters into such a <credentials> string.
They are based on these initial posts that were not cross platform or explanatory:
For quite some time now, Chrome (think years) refuses to prompt for saving passwords whereas Firefox and Safari do prompt and save them, even for site types that it used to save passwords for in the past.
It has been annoying enough for too long now that I tried to do better than the Google searches I used back when I saw this happen first.
IANA has reassigned anew service to this port, and it should no longer be used for SMTP communications.
However, because it was once recognized by IANA as valid, there may be legacy systems that are only capable of using this connection method. Typically, you will use this port only if your application demands it. A quick Google search, and you’ll find many consumer Inbox Service Providers’ (ISPs) articles that suggest port 465 as the recommended setup. However, we do not recommend it, as it is not RFC compliant.
Random user generator is a FREE API for generating placeholder user information. Get profile photos, names, and more. It’s like Lorem Ipsum, for people.
This was used when extracting Parler data to substantiate evidence around the 20210106 USA Capitol riots.
You can even use a simple HTTP GET like [Wayback] randomuser.me/api and get a JSON result like this.
If you enable File and Printer sharing on Windows, by default the firewall only enables it on private networks for the local subnet as remote address (for domain networks, it allows “Any”) as seen on the picture below.
When your network consists of multiple subnets, for instance when it is large, or multiple sites are connected via site-to-site VPN (often called LAN-to-LAN VPN) solutions, then these subnets cannot access each others files or printers.
I realize this is almost three years late, but I just spent today fighting with the same problem. I did get it working, so I figured I’d share. Note that I’m using a Windows 7 PC as the file server; other versions might need slightly different configuration.
In the “Windows Firewall with Advance Security”, there are several “File and Printer Sharing” rules:
File and Printer Sharing (NB-Datagram-In)
File and Printer Sharing (NB-Name-In)
File and Printer Sharing (NB-Session-In)
File and Printer Sharing (SMB-In)
(There are additional rules, but I didn’t care about printer sharing. The same changes would apply if you want those.)
File and Printer Sharing appears to default to “Local subnet” only. You’ll need to add the subnet of your VPN clients.
Modify each of those rules as follows:
Open the Properties dialog for the rule.
Navigate to the Scope tab.
In the Remote IP address section, the “These IP addresses” radio button should be selected.
Click “Add…” next to the list of addresses. By default, only “Local subnet” is in the list.
In the “This IP address or subnet:” field, enter the subnet assigned to your VPN clients (this is probably 192.168.1.0/24 in the OP, but if not, it’s the subnet assigned to the VPN adapter on the client side), then click OK.
If you’re also using IPv6, add the VPN client IPv6 subnet as well.
That was enough for me to access file shares over the VPN.
(If you want to do it manually, you need to open TCP ports 139 and 445, and UDP ports 137 and 138, in the file server’s firewall.)
Hopefully I will find some time in the future to automate this using PowerShell, as netsh names are localised do hard to make universal.
It’s a cool open source server written in Golang, that gets all your public ssh keys (ssh automatically transmits those) and tries to map them back to a GitHub account.
In addition it shows you some potential vulnerabilities of your ssh client.
iOS has forced Safari to be the only web browser since forever, so Google started to use the googlechrome:scheme to force Chrome as browser on it a while ago
The Wiert Corner - irregular stream of stuff 