Does anyone know what this encoding format for passwords is? I think it is a decimal array but I can’t seem to convert it

During a penetration test, I ran across a server that was storing passwords in its database in what seems to be a binary array of sorts:

password_table  1,10,11,21,21,11,21,13,00,00,00,000 11,61,19,11,46,108,09,100 110,118,100,107,108,117,123,62,108,108,62,62 

(slightly edited for confidentiality)

The server in question is a Tomcat server and the application is running a Java program. I considered that this might be a array of sorts but I can’t seem to convert these arrays into anything readable or usable. Does anyone have any ideas?

I can’t do the shortcut to roll a dice on beyond20

When I try to roll the dice from D&D beyond I can only roll it if I (as an example) click on my longsword and then go to the top right and click "beyond20", at first before I changed the settings if I hovered over "longsword" it would popup an icon in red, but now its grey and I can’t click it. Which setting do I have to enable/disable to fix this. I have tried looking over through the settings somewhere around five times.

Why can’t I connect to the wordpress install page with Nginx?

I’m a newbie of WordPress. My environment is Ubuntu 18 + Nginx + PHP 7.

Following the tutorial(https://www.myfreax.com/how-to-install-wordpress-with-nginx-on-ubuntu-18-04/), the wordpress directory was placed on /var/www/html/device1.com.

Then I config the nginx, here is my nginx config:

server {     listen 80;     server_name www.device1.com device1.com;      server_name device1.com;      root /var/www/html/device1.com;     index index.php;       # log files     access_log /var/log/nginx/device1.com.access.log;     error_log /var/log/nginx/device1.com.error.log;      location = /favicon.ico {         log_not_found off;         access_log off;     }      location = /robots.txt {         allow all;         log_not_found off;         access_log off;     }      location / {         try_files $  uri $  uri/ /index.php?$  args;     }      location ~ \.php$   {         include snippets/fastcgi-php.conf;         fastcgi_pass unix:/run/php/php7.2-fpm.sock;     }      location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$   {         expires max;         log_not_found off;     }  } 

But, when I tried to connect to http://device1.com/wp-admin/install.php the Nginx responses 404, instead of returning the wordpress install page.

I don’t have any idea of checking the issue. Thanks for your suggestion.

why can’t we protect the password file so that only the system can read it?

can’t we design an OS in such a way that it doesn’t allow anyone(not even root) to read the passwords file?. Then there will be no need for encrypting the passwords. Why can’t we hard-code a computer to hide it’s password file?

I was reading Cuckoo’s egg by Clifford Stoll on page 32, I didn’t understand why encrypting passwords is necessary why can’t we program the computer so that it ‘hides’ the password file from all users?

here is the excerpt:

When your computer has fifty or a hundred users, you might just store each person’s password in a file. When the user tries to log on, ask for her password and compare that to what’s in your file. In a friendly environment, no problem. But how do you keep someone from sneaking a peek at that password file? Well, protect the password file so that only the system can read it. Even if you protect the password file, every now and then all the files will be copied onto backup tapes. Even a novice programmer could read those tapes on another computer and list the contents of the password file. File protection alone isn’t enough. In 1975, Bob Morris and Fred Grampp of Bell Laboratories developed a way to protect passwords, even when files weren’t secure. They would rely on encryption, rather than file protection.

Can’t one reverse engineering Chrome source code to reveal Widevine and friends keys?

If I understand correctly, Widevine, FairPlay and PlayReady are all security through obscurity. Given the popularity of services using them, can’t someone just RE them and find exactly how their work? If so, was it done? If not, why? If this (can be) done, why people continue using these services?

Related: How does Widevine, FairPlay, and other DRM's work under the hood?

Why can’t Hash Suite see any username/hash pairs in my SAM file?

I recently started experimenting with Hash Suite 3.5.1 – a Windows program that tests the security of password hashes.

A problem I’m already running into is that Hash Suite is only able to see the username and hashes on my Windows 10 laptop but not my Windows 10 desktop. The main difference (that I can see) between the two PCs is that my laptop has BitLocker enabled! There must be something else that I’m missing here, related to the SAM file version and behaviour.

![enter image description here

Laptop:

I can see my usernames in Hash Suite when using the "Import: Local accounts" option.

I haven’t been able to test this against an offline copy of my laptop’s SAM file due to BitLocker making it more complicated to extract the SAM file (as Windows locks it when booted) but I will try to test this scenario soon.

Desktop:

An offline version of the SAM file reveals no username/hash pairs.

When attempting to import local accounts from within Windows (something that works on the laptop), I get the following error:

enter image description here

LM and NTLM are both greyed out when selecting the offline copy of my SAM file:

enter image description here

Does anyone have any ideas why these two different Windows 10 systems are behaving differently?

403 ERROR Can’t get into a link that I have saved in my favorites [closed]

This is what keeps popping up on my lap top when I click on a link saved in favorites that takes me to my login for my business. I can click the same link on my phone and i have no problem. Below is what is popping up. Please help!

403 ERROR The request could not be satisfied. The Amazon CloudFront distribution is configured to block access from your country. We can’t connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation. Generated by cloudfront (CloudFront) Request ID: 202HY_kS6UnG0Ubn1PfcN8ubp56kY-uaKsicFxnfWGi_k536SuaXQw==

A player got upset because he made a wrong move and now I can’t DM

So I’m running an Agents of SHIELD campaign per my group’s request because the other DMs in my group needed a break running during COVID. I gladly picked it up even though I’m not a super experienced DM and I gave everyone pretty powerful characters since they’re supposed to be heroes.

One of the players, we’ll call him Chris, is an extremely experienced DM and player and was very helpful in getting the custom mechanics running for the game. The first two sessions went great, they uncovered the story points they needed, there weren’t a ton of issues aside from everyone rolling pretty badly (which is a consistent issue since we were using roll20). Chris even rolled 5 nat 1s in just the first session. My NPCs weren’t designed to cause a lot of damage, but they were more of an obstacle with one pretty tough baddie that was supposed to be able to at least be a threat. Well it turned out that about 1 in every 5 hits NPCs made landed because of the rolling.

Cut to session 3, I let the players choose their mission and it lead them to a factory where they all had awful rolls and I had to help them out quite a bit and give them more opportunities to find the information they wanted, which lead them to an individual who was missing, which took them to his house. Inside the house was a robot that didn’t stand a chance against them. Cut to more botched NPC rolls and he’s dead. They find a bomb in the robot, roll high to disarm it, no longer an issue. Then they found a computer that was trapped to wipe the memory if someone tried hacking it. One character has something crazy like a +16 computer use check, so it shouldn’t have been a problem. He rolled a nat 1.

Chris said out of game, "Well if we unplug it, then it’ll stop the memory wipe." I allowed it because the computer had vital information. I let the character roll a Reflex save (which again should have been high) and even with an action due he rolled pretty low. After they found most of the information, I warned them that the police were coming (in this world, SHIELD isn’t an official government entity and is technically working illegally, but some places let them do their job while others will prosecute without questions).

Everyone but Chris wanted to take the evidence and run. Chris was adamant on talking to the police and for some reason the other players let it happen without arguing. So the police get there, I let Chris roll his crazy high Diplomacy and let them know that his roll is keeping them from being arrested. It was at that point that Chris tried playing the "I’m an agent of Shield" card. Before I could correct him, the other players told him that SHIELD doesn’t actually have authority. Apparently he was the only one who didn’t read the back story. OK, it happens. I wasn’t mad. Until he continued to try to pull rank on the police and antagonize them. I kept reminding him that he doesn’t have a rank. Then the police chief (who was corrupt and a major part of their story line) shows up. I made it VERY clear that this guy didn’t like them. I very heavily hinted through what he said that he didn’t want them anywhere near the case. Chris even pointed out the flaws in how the character was acting.

And this is where I messed up. Because he kept beating around the fact that the chief was acting weird, I let the scene go on too long when I probably should have forced a sense motive check. This caused Chris to start antagonizing more and more, and then he essentially asked him to hand over the evidence after being told that they weren’t allowed to be a part of the case. He was told no, flat out. Chris then blamed another character, which caused both of them to sign off immediately.

The next day Chris messaged me telling me that I was taking my frustrations out on the players because I was rolling badly and that’s why him and the other player quit early. I told him exactly what happened and why, that the police chief was corrupt and no matter how high he rolled on Diplomacy that he wasn’t just going to GIVE the evidence over. Then he tried to say that I was being insensitive because "even though it’s more realistic, having a cop in front of your character and not being able to do anything about the situation is too topical. That’s why me and (the other player) left".

Then I made my next mistake and told him that the other guy left because Chris was blaming him for everything when it was really Chris’ fault for antagonizing an NPC who already didn’t like him.

Now, my group is struggling to get a game going because all of the DM’s are pissed. I told everyone my game is on pause because if a corrupt cop is too much for someone then the rest of the storyline definitely won’t work. I spoke with everyone individually and everyone else agreed that Chris was the problem. But now I don’t know what to do to get everyone back on track.

The other players have defended him by saying he is under stress. That’s fine, we all are, I didn’t think anything of it. I’m not looking so much for advice on what happened, but where to go from here and how to get the group back into gaming. The other players also said they didn’t feel like anything was wrong with the campaign or story. But I’m also the newer person in the group, so I’m not sure if they want to game without Chris.

Requested TLDR: one of the experienced players is keeping the whole group from gaming, what can I do to get us back on track. Do I need to talk to him again before asking everyone if we should kick him out

We’re playing modified 3.5

Can’t reset tax query using ajax sorting plugin?

I have created an ajax sorting feature that filters a custom post type "Music" and its all separated by Genres and Tags.. the sorting works fine until.. I deselect all options. I’ve tried to add "all" as the default and added in the JS that if the genre is "all" to include all the posts. Every thing else works as desired but I need to be able to reset the tax query or include all.

Here is that javascript:

jQuery(document).ready(function($  ){                var bgenre = $  (":checkbox[name=bgenre]");     var btags = $  (":checkbox[name=btags]");          jQuery.merge( bgenre, btags ).on( "change", function() {              var genre;     var tags;            var genrearray = [];         var tagsarray = [];                           $  (":checkbox[name=bgenre]:checked").each(function() {              genrearray.push($  (this).val());                          //genre = genrearray.join();                 genre = genrearray;                  });                          $  (":checkbox[name=btags]:checked").each(function() {              tagsarray.push($  (this).val());              tags = tagsarray.join();                     });              //  var tags = tagsarray.join();          if (genrearray.length < 1) {         genre = 'all';     }          data = {             'action': 'filterlist',             'genre': genre,             'tags': tags                      };           $  .ajax({             url : ajaxurl,             data : data,             type : 'POST',             beforeSend : function ( xhr ) {                  $  ('.bplaylist').html( 'Loading...' );                 $  ('.js-Genre').attr( 'disabled', 'disabled' );                              },             success : function( data ) {                 if ( data ) {                                                        $  ('.bplaylist').html( data.posts );                       $  ('.js-Genre').removeAttr('disabled');                     $  ( '.js-Tags' ).removeAttr('disabled');                                      } else {                     $  ('.bplaylist').html( 'No posts found.' );                 }             }         });     })     }); 

and here is the php

function ajax_filterlist_handler() {                       //$  tags = esc_attr( $  _POST['tags'] );            $  genre = $  _POST['genre'];             $  tags = $  _POST['tags'];                                $  args = array(             'post_type' => 'download',             'post_status' => 'publish',             'posts_per_page' => -1,             'orderby' => 'date',             'order' => 'DESC',             'tax_query' => array(),             'relation' => IN         );                        if ( isset( $  _POST['genre']) && $  _POST['genre'] !== 'all'   ) {         $  args['tax_query'][] = array(             'taxonomy' => 'genre',             'field' => 'slug',             'terms' => $  genre          ); }           if ( isset( $  _POST['genre']) && $  _POST['genre'] === 'all'   ) {          $  args['tax_query'][] = array(             'taxonomy' => 'genre'                                         );                  }     if ( !isset( $  _POST['genre']) ) {          $  args['tax_query'][] = array(              );                  }                        if( isset( $  _POST['tags'] ) ) {         $  args['tax_query'][] = array(             'taxonomy' => 'download_tag',             'field' => 'slug',             'terms' => $  tags         );     }                 $  posts = 'No Posts Available';          $  the_query = new WP_Query( $  args );               if ( $  the_query->have_posts() ) :             ob_start();              while ( $  the_query->have_posts() ) : $  the_query->the_post();             get_template_part( '/custom/template-parts/trackitem' );             endwhile;              $  posts = ob_get_clean();         endif;          $  return = array(             'posts' => $  posts         );          wp_send_json($  return);     }     add_action( 'wp_ajax_filterlist', 'ajax_filterlist_handler' );     add_action( 'wp_ajax_nopriv_filterlist', 'ajax_filterlist_handler' );    

Sorry if the code is jumbled mess at this point. I was following a tutorial and after I got it working. I kinda went on my own to try to figure out the reset and/or all option.

I am seeing the error rpcinfo: can’t contact rpcbind: RPC: Remote system error – No such file or directory when running the rpcinfo command

So guys I am new to kali linux, sorry if this is a basic question but I am seeing this error message rpcinfo: can’t contact rpcbind: RPC: Remote system error – No such file or directory whenever I am running the command rpcinfo -p for NFS testing.