Convert private SSL certificate to PKCS12 format for JKS Keystore [migrated]

I got the following files from company certificate provider.

jenkins.int.XX.com.key XX_Inc_Private_Root_CA.base64.cer XX_Inc_Private_Root_CA.crt XX_Inc_Private_SSL_CA.509.cer XX_Inc_Private_SSL_CA.509.pem 

Here is the two commands I run to convert:

openssl pkcs12 -export -out jenkins_keystore.p12 -passout 'pass:changeit' -inkey jenkins.int.xx.com.key -in XX_Inc_Private_Root_CA.base64.cer  error message: No certificate matches private key    openssl pkcs12 -export -out jenkins_keystore.p12 -passout 'pass:changeit' -inkey jenkins.int.xx.com.key -in XX_Inc_Private_SSL_CA.509.cer  error message: unable to load certificates  

What is the right way to do it?

Why doesn’t my government, and governments in general, provide useful statistics in digital format? [closed]

I live in Sweden, but this applies to all other countries as well.

I have a general interest in, and fascinations of, statistics and working with data in databases. By far the biggest obstacle has nothing to do with technically dealing with the database software, writing SQL queries, or designing databases. Rather, the #1 problem is:

Nobody wants to provide useful data!

I have spent a significant part of the last 20 years searching for databases/data files of all kinds. Time and time again, I end up at a “contact us for pricing” webpage, or a “Buy now for only $ 4,799!” text. Oddly, this does not just apply to commercial entities, but also authorities.

Even though the Swedish government has been talking about “open data” and “free information for all” for a very long time, the actual reality is that virtually none of that juicy data is available for you and I to grab and use. Instead, they have multiple layers of “red tape”, requiring you to pay through the nose for any kind of access, and in many cases, you aren’t even allowed to pay for it unless you run a major corporation with special ties to the government. It’s really bizarre.

The data they do allow you to look at is meaningless/shallow statistics, rarely if ever provided in a format which can be reasonably parsed by a computer and fed into my database for further analysis. The so-called “open data for everyone” often consists of nothing more than a bunch of formatted PDFs, useless for my purposes.

I’m not interested in static columns showing how many new people were born in 2020. I want a list of those people, with their names, genders, race, blood type, etc.

I realize that all data cannot be open without heavy abuse inevitably resulting from it. However, at least the Swedish government has this idea of “public records”, where you are theoretically allowed to request all kinds of data. The problem is that they only allow you to do this in person, over phone or via e-mail, and you have to do it manually and only request at most three (3) “units” each time. In practice, this makes it useless unless.

If this information is allegedly “public”, why are they so unwilling to actually make it available? I could send an e-mail to a Swedish government entity right now, requesting all kinds of information (including their full social security number) for a given person, and they will respond within 24 hours with it, no questions asked. I’ve done it many times. However, if I ask them for a Swedish_people.csv file with every person registered in Sweden and the same information I requested manually for one or up to three persons, they will refuse.

Major corporations are able to pay a lot of money to get access to their government APIs, but it costs a fortune and they wouldn’t let me buy access to it even if I had the money (because I don’t run a major company).

It doesn’t make any sense to me. I wonder why they have these double standards, and how they can possibly charge money for “public” records.

A dream of mine would be to be able to do:

SELECT name, email_address, physical_address, passport_photo FROM people WHERE current_city = $  1 AND gender = $  2 AND age >= $  3 AND age <= $  4 AND civil_status = $  5 ORDER BY distance_from_me DESC; 

Of course, this is completely unrealistic, but you get the idea. I wish to have actual, curated records from (semi) trusted sources rather than having to play with the few, measly databases which are freely available to the public at no charge.

A perfect example of something very basic would be the telephone book. Back in the day, they sent out a complete book of every single person’s name, telephone number and address to every household in the entire country. This was standard practice all over the world, I believe. A digital version of that would be a .csv file which I could just download from a government website at a static URL, always kept updated. Nope. Nothing like that. I’m forced to use these third-party, commercial websites where I get to enter individual people’s names and send this information to the company in question. They are paying the government a lot of money to get this information, even though it could be made available for virtually no cost at all.

Why, since they used to provide this information in physical form, is it now unthinkable in the digital age?

Can’t solve format for Salted SHA1 hashes with Hashcat?

I am attempting to understand the format for this Salted SHA1 hash for an assignment. The line of text I was given was:


nameExample@email.com,nameExample,nameExample@email.com,nameExample,,,aadefeff82b5c1a2272079151dc489822aeaa6ca,7391178a855af48e59ced36447c6bc2b9ade2536,f0c06e699ca51d75d97225fdabf1f04e8d1cffe7,a52e60313972af51e0787d8c3eb20abaa33eb7e1,,,,2012-06-01 12:29:15,2014-11-08 20:38:14,1,0,38526305,6,,,,BAh7BzoSYWNjZXB0ZWRfZXVsYXsGbCsHgF37U2wrBzB/XlQ6G2dhbWVfY2VudGVyX2FjY291bnRfaWRpA2C0Lw==,33481266665,


I got numerous errors (Separator unmatched, Token length exception) when I tried running Hashcat on the string of text with the following arguments:

hashcat64.exe -a 0 -m 110 hashExample.txt dictionaryExample.txt -r rules/best64.rule

hashcat64.exe -a 0 -m 120 hashExample.txt dictionaryExample.txt -r rules/best64.rule

hashcat64.exe -a 0 -m 130 hashExample.txt dictionaryExample.txt -r rules/best64.rule

hashcat64.exe -a 0 -m 140 hashExample.txt dictionaryExample.txt -r rules/best64.rule


Any tips on how to sift through the jargon and find the format for the Salted SHA1 hash?

Need a code to convert some sample text to .vtt format

I need a python code to convert some sample text in notepad to .vtt format. After the conversion the code should look like the .vtt form given below. The sample is text I want to convert from to .vtt is also give bellow. Please I want the code to be written in python

After conversion the text should look like the .vtt form given below.

WEBVTT

00:00.210 –> 00:00.930 Hi there.

00:00.940 –> 00:06.110 So would you be willing to take a look at mathematical operation on me in my lab.

00:06.120 –> 00:10.700 So first thing we are going to do is to create fullest Ari.

00:11.010 –> 00:26.070 Let’s say one hour later he can dance on 3 4 and 6 AM we going to create another four or eight B that

00:26.070 –> 00:29.620 contains five six eight.

00:30.030 –> 00:39.490 Make sure that you can either use space or comma to separate your Each element in the key.

Example of the sample text(example before the conversion) that I want to convert from to .vtt format is ….

0:00I’ve got a transformation, m that’s a mapping from Rn 0:06Rn, and it can be represented by the matrix A. 0:10So the transformation of x is equal to A times x. 0:14We saw in the last video it’s interesting to find the 0:17vectors that only get scaled up or down by the 0:20transformation. 0:21So we’re interested in the vectors where I take the 0:23transformation of some special vector v. 0:27It equals of course, A times v. 0:29And we say it only gets scaled up by some factor, 0:32lambda times v. 0:34And these are interesting because they make for 0:35interesting basis vectors. 0:38You know, the transformation matrix in the alternate 0:40basis– this is one of the basis vectors.

How to resolve the Format String Error alert in OWASP ZAP for a web application (ASP.NET C#)?

I have a web application with a log in page. In the log in page, I’ve set maxlength for the username input and the password input, which looks like the code below.

@Html.TextBoxFor(m => m.Username, new { @maxlength="30"}) 

When I run OWASP ZAP, it gives me an alert with the following description.

A Format String error occurs when the submitted data of an input string is evaluated as a command by the application

Potential Format String Error. The script closed the connection on a /%s

But when I remove @maxlength="30", the alert goes away.

I’ve been trying to find the remediation for this alert, but I’ve read that Format String vulnerability doesn’t really exist in C#: Do format string vulnerabilities exist in C# or Java? .

Is it just a “potential” error and nothing to worry about because it’s in C#? Or.. if this is something that needs to be taken care of, what can be done to resolve this alert from OWASP ZAP? (I’d believe removing @maxlength is not a solution).

RPG format for one-shot large group campaign [closed]

Can anyone recomend an RPG format that would allow me to run:

  • a one-shot (~6h) campaign
  • with about 15 inexperienced players
  • that would allow me to add some “morality” to the journey

They’d only be playing this one time, so I’m trying to find something that requires little to no character building, so we can straight up play, and where the characters have few rules and actions, so they don’t get as lost and it’s easy to understand.

I thought about running a murder-mystery campaign (and just give them some sort of powers/actions to solve through the mystery) but the only RPG I’ve experimented with is D&D, and it’s a bit hard to skim throuhgh all the different formats and trying to understand what would work.

Does StackGuard prevent Format String Attacks

I am aware that Format String Attacks work by having a vulnerable function which allows the user to read values from the stack using %x and write by using %n.

Since one of the goals of a Format String Attack can be to overwrite the address of a function in the Global Offset Table, I was wondering does StackGuard prevent this?

I know that StackGuard protects save-return addresses of functions to be overwritten, however, will it help against a Format String Attack if that attack aims to change the GOT values?

Blog Comments – author name and format

Hi @Sven
I am wondering if I create custom blog comments, is it possible to add line breaks to comments?
And secondly, is there a way to refer to the FIRSTNAME or NAME of the post author? EG %First_name% or something like this?
It would be great to do both of these for Blog Comments.
Here’s an example comment that we could form if these were enabled/possible:
https://i.imgur.com/ujdOjJO.png

find rows with specific format using regular expressions in Oracle

I have a table as below:

  • Table1: col_number number

I need to find those records in this column which have the format like this:

[up to 23 digits].[up to 3 digits ] 

I mean 23 digits before the . and 3 digits after it. I’m using regular_expression like this:

select * from Table1 where REGEXP_LIKE(description, '[0-9]{23}-.[0-9]{3}')); 

I somehow need to set minimum / maximum for the count of digits.

but it does not give me the desired answer.