--- tags: ccdc --- # Update website user passwords ## obtain a list of users find user table in database can run (mysql) query from terminal and write to file like: ```bash= mysql -u root -p database_name -e "use database_name; select username_field from user_table_name" > users ``` ## determine hashing algorithm and number of hash rounds used for user passwords common hash algos: 1. \$1$ | MD5 2. \$2$ | Blowfish/bcrypt 3. \$sha1$, \$5$, \$6$ | SHA-1, SHA-256, SHA-512 ## generate password update SQL commands for each user handy php script assumes use of the bcrypt (blowfish \$2y\$) hash algorithm ```php= <?php $names = array('user1', 'user2', ...); foreach ($names as $n) { echo "update table_with_users_and_passwords set password = '".password_hash("new_user_password", PASSWORD_BCRYPT)."' where username = '".$n."';\n"; } ?> ``` ## run commands from last step in DBMS ## verify that users still able to log in
Last changed by  
UAA CSC
UAA Cyber Security Club
65

Read more

Untitled

#include <stdio.h> int main() { int i; for (i = 0; i < 10; i++) { puts("Hello, World!"); } } Directories (not case-sensitive)

4/28/2021
Securing CyberPatriot Windows Hosts (Windows Vista/Server 2K8 and Above)

Note: It is recommended to solve the forensic Questions first! However, some answers may be not be easy to find without fixing some mis-configurations. Please use gpresult before you do anything. Checkout the Checklist! * Sections made after the wildcard event are denoted by "*". (Rayce) All of the machines from cyberpatriot (and cybersentinel) are in my possession. You will find unregistered copies of the Round 3 Cybersentinel machines on ccdcmoose. The Windows 10 image was the most problematic due to a user policy that disabled security settings in the Computer scope. Initial Overview Open command prompt as an administrator

4/2/2021
HTTPS migration

verify openssl installed openssl version generate certificate and key openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt allow https for firewall iptables iptables -I INPUT -p tcp --dport 443 -j ACCEPT

3/31/2021
Linux Database Migration

Note: most values/variables with _ (underscores) are not literal and will need to be changed to an appropriate literal value Determine relevent database in DBMS mysql: SHOW DATABASES; Dump database to file db.sql (example, use a meaningful name) For SQL databases:

3/31/2021
Read more from UAA CSC
Published on HackMD