OK, in this Steganography challenge today, I have used one of my favorite dishes – chicken curry. This image was taken in 2013 in Bluefield VA at my house. I have hidden another full image inside the chicken curry! See if you could solve and extract the image. You should try this dish for a blind date!
MD5 hash of the hidden image is : 99860294e16ee4444b8edc407e6dae1b
CTF lovers, I have hidden a secret message with the image of a “tree turtle” I took almost a decade ago. See if you can solve the problem. The secret message starts with “Secret”. Now, just play some Hide and Seek!
We can update default password policy in Linux as well:
# Configuration for systemwide password quality limits
# Number of characters in the new password that must not be present in the
# old password.
# difok = 1
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
# minlen = 8
# The maximum credit for having digits in the new password. If less than 0
# it is the minimum number of digits in the new password.
# dcredit = 0
# The maximum credit for having uppercase characters in the new password.
# If less than 0 it is the minimum number of uppercase characters in the new
# ucredit = 0
# The maximum credit for having lowercase characters in the new password.
# If less than 0 it is the minimum number of lowercase characters in the new
# lcredit = 0
# The maximum credit for having other characters in the new password.
# If less than 0 it is the minimum number of other characters in the new
# ocredit = 0
# The minimum number of required classes of characters for the new
# password (digits, uppercase, lowercase, others).
# minclass = 0
# The maximum number of allowed consecutive same characters in the new password.
# The check is disabled if the value is 0.
# maxrepeat = 0
# create a new user
sudo adduser wonderfulperson
sudo useradd wonderfulperson
# udpate password
sudo password wonderfulperson
# batch add users.
# add the test content below
# username:passwd:uid:gid:full name:home_dir:shell
# back to shell, type the newusers command with attribute
sudo newusers users.txt
?? $ less /etc/passwd | grep user
# look up all of the existing groups in Linux
cut -d: -f1 /etc/group
# To review which group a user belong to use:
# Add groups
sudo groupadd guestusers
sudo addgroup guestusers
# To add one user in multiple groups user the following code:
sudo usermod -a -G <group1>,<group2>,<group3> <username>
?? $ sudo usermod -a -G mysql,apache,sssd user2
?? $ groups user2
user2 : user2 sssd apache mysql
Nessus is one of the most well known network vulnerability tool available on the market. If you are in the field of security, you should be familiar with the tool and know how to use it well. But how to get hands on experience with the tool when you are still in school or working in your first IT job that does not directly involve network security?
I recommend that you first try the Nessus Home, which is free for home use.
According to their official webpage, “Nessus® Home allows you to scan your personal home network with the same powerful scanner enjoyed by Nessus subscribers.”