black-hat-rust VS john

Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust, for free! Yes, you read it right, two books for less than the price of one!

Hey HN,

I'm so excited to finally share with you what I've been working on recently.

One month ago I asked my audience what they wanted to learn about Websites, APIs and Servers security [0].

From the feedback, I've identified a few recurring pain points that I've started to address (and many more) in this new book.

From theory to practice, you will learn how low-level network and security protocols work. How to configure Cloudflare to secure and scale your web applications. How to create serverless applications and which database to chose with serverless functions. How to optimize your caching policies. How to distribute videos globally. And a lot of other things, all of that while significantly reducing your cloud bill.

Today, the book is far from ready, but I still wanted to release it as "Early Access". First, to enable you to start learning today and, secondly, to garner feedback and refine the book's content.

Between writing, editing, and technical reviewing, it can take some time to complete a book. That's why I release my books before they are fully completed - so you can commence learning before the book is 100% ready, provide feedback, and help shape the content. Rest assured, all future updates are free of charge.

The final publication date is set for mid-January 2024.

Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust [1], for free! Yes, you read it right, two books for less than the price of one!

Furthermore, all early-access supporters will receive the checklist I use to quickly set up a new domain on Cloudflare, ensuring the right balance between security, performance, and user experience.

Lastly, the price is likely to increase once the book transitions out of Early Access, so don't postpone getting your copy.

Sylvain

[0] https://kerkour.com/what-do-you-want-to-learn-about-web-and-...

[1] https://kerkour.com/black-hat-rust

The best way I have found to prevent the piracy of my book (https://kerkour.com/black-hat-rust) is to inundate pirate platforms with only the first chapter and with a discount inside for those who can't afford the original price.

So far it worked really well.

Black Hat Rust

You mean like this? https://kerkour.com/black-hat-rust

As usual, you can find the code on GitHub: github.com/skerkour/black-hat-rust (please don't forget to star the repo 🙏).

This post is an excerpt from my book Black Hat Rust

This is why I dedicated the past months to write a book about the topic: Black Hat Rust - Applied offensive security with the Rust programming language.

Want to learn more Rust, Offensive Security and Applied Cryptography? Take a look at my book Black Hat Rust Get 42% off until Friday, November 12 with the coupon 1311B892

John The Ripper

🔗Kali Linux Wordlist: What you need to know 🔗crunch 🔗WordLists - Kali-Tools 🔗WordLists - GitLab - repository 🔗John - Kali-Tools . 🔗Openwall -github repository -John 🔗John-The-Ripper-Tutorial - Techy Rick 🔗Openwall -John - Offical Website . 🔗Hash Cat - Wiki 🔗Cap 2 Hashcat 🔗Markov - Chain 🔗Hash Cat - Forums 🔗Security Stack Exchange - Question 260773 🔗StationX - How to use Hashcat 🔗MSF/Wordlists - charlesreid 🔗MSFConsole 🔗How to use hashcat 🔗MSF/Wordlists - charlesreid1 🔗Where do the words in /usr/share/dict/words come from? 🔗SCOWL (Spell Checker Oriented Word Lists) 🔗The spell utility -spell - find spelling errors (LEGACY) - UNIX What are Different Types of Cryptography? sha1-vs-sha2-the-technical-difference-explained-by-ssl-experts/ 🔗password-encryption 🔗Secure-Programs SHA-1 🔗What-are-computer-algorithms 🔗What Are MD5, SHA-1, and SHA-256 Hashes, and How Do I Check Them? - howtogeek.com 🔗kali-linux-wordlist-what-you-need-to-know

Ok, both John the ripper, hashcat and other tools seem to support extracting the hash, or directly trying to discover the password.

With the root hash you can crack the root password using tools like John The Ripper[0]. More generally, I assume, this exploit can be used to read any arbitrary files on the system, bypassing regular access control, and plenty of other stuff you aren't supposed to be able to do as a non-privileged user.

0: https://www.openwall.com/john/

use (John the Ripper)[https://github.com/openwall/john] and (rockyou.txt)[https://github.com/rockyou.txt]

this actually seems to have been reported as a bug and fixed years ago but it is still affecting me on a version freshly downloaded from the AUR, is there a way around this or another program i can use?

John the Ripper

Since I used to work for the employer in question, I decide to crack my own password-protected pay statements. I downloaded and built John the Ripper jumbo and then all I had to do was run a few commands after looking at the documentation, and there was my SIN number almost instantly.

However, most credential brute forcing takes place offline against a leaked database from some site. A program like John the Ripper is used to try hashing each word in a dictionary until it matches the entries in the database. Because this all happens offline, there's no mechanism in place to delay the attempts or lock the user out.