Gushleviv
JF-Expert Member
- Mar 14, 2011
- 3,475
- 5,290
Nimefanya kazi Serikalini naelewa.. yaani huwa hawakai sababu mfumo wenyewe huwa unawatoa automatically. Yaani ni hadi watu wa aina flani watoke kwenye mfumo ndio mambo yatabadilika
Nimefanya kazi Serikalini naelewa.. yaani huwa hawakai sababu mfumo wenyewe huwa unawatoa automatically. Yaani ni hadi watu wa aina flani watoke kwenye mfumo ndio mambo yatabadilikaNdio Umeongea Ukweli huko hatuakiwi Wanataka vilaza
Toa link ya website tuka-proveLeo nilikua napitia baadhi ya website za taasisi zetu hapa nchini
moja ya taasisi kubwa tu ya IT juzi juzi hapa walifanya update ya system yao wakaongeza baadhi ya features na function mbalimbali
Kabla ya hayo maboresho, system yao ilikua moja ya website ngumu kupata loophole
Leo nimetest moja ya feature yao mpya walio add yani ni toooo easy to hack mtoto wa form 3 akipewa terminal ana hack, yani mtu una download database yote, kila kiku hadi taarifa confidential
Moja ya table ilikua ya users hii ndo imenishikitisha ya password zao zipo hashed na sha-1??, ya nii hi SHA-1 tool kama john au Johnny zina crack hizo password dk3 na baadhi ya password zipo kwenye worldlist.txt, Nimekuta root/admin username zinatumia uki decrypt hizo hash unapata password kama pass2020
Inabidi watu wa advance aise lest ukitumia sha1 add tena na md5 inakua afadhali kidogo kuliko kutimia sha 1 pekeyake
Nahofia kama una uelewa na unachoongelea, md 5 ni yale yale tu. Bcrypt ndo iko recommended na ndio default kwenye php password_verify.Inabidi watu wa advance aise lest ukitumia sha1 add tena na md5 inakua afadhali kidogo kuliko kutimia sha 1 pekeyake
Trust me bado nakufyatua vizr tu mkuu. Labda ufanyeNilikua namaanisha hivi sha1(md5($pass))
Ina maana mtu anaweza kuzivamia akabadilisha matokeo? Mfano kapata C akajiwekea AHa haha, tuwasamehe tu mkuu. ku ujumla hii loophole nimeikuta kwenye QR code
Nilikua namaanisha hivi sha1(md5($pass))
Mbona bongo kuta IT wazuri sana
Sema mkuu saivi tunaangalia possibility ya kupenya hadi kwenye servers
Nimesoma hizo hashing zipo vizuri personal hashing zangu output zake zipo hivi
Ruby:dZSPIEGoYv4D2BPc3CbRiA$8$1$cA2yxRHOj7rDPV81tnmrVjRO1BQf2af4X8tg3YGOEyJQSMIZPgiOosVQHapvNrm0/UvtUxfugtlxaxWJYDaP6A== msNpsGVZveMR2Ku75k4oDc$8$1$/8SBRH7b/XrQItDDnXwdQA/ICiyvG1JLRKHFMQ05H8H6Lmh/SbzgDl0jK9ZDt3ss2dVEB5DXEmZsGR28s0FLJw== HexZH5I8pOuMFvkkxIBWtH$8$1$3gm+ghrlVWpARqFuy6PZX1oV1vBC70+NEQkWf67DTmxq0cQRUFd73tpeJZIA4wWh/Tfl2h+5d3zilzAoYLe53A==
website za chuo ndo haman kitu kabisa
Ishakuwa ruled na kangaroo court of JF members kuwa IT wa Bongo ni ziro. Wewe ni nani hata kupingana na hukumu hii 😉Mbona bongo kuta IT wazuri sana
Hamna kitu sipendi kama uzembe kazini. Ningekua wewe wangesoma namba za kirumi mpaka wakome.Leo nilikua napitia baadhi ya website za taasisi zetu hapa nchini
moja ya taasisi kubwa tu ya IT juzi juzi hapa walifanya update ya system yao wakaongeza baadhi ya features na function mbalimbali
Kabla ya hayo maboresho, system yao ilikua moja ya website ngumu kupata loophole
Leo nimetest moja ya feature yao mpya walio add yani ni toooo easy to hack mtoto wa form 3 akipewa terminal ana hack, yani mtu una download database yote, kila kiku hadi taarifa confidential
Moja ya table ilikua ya users hii ndo imenishikitisha ya password zao zipo hashed na sha-1??, ya nii hi SHA-1 tool kama john au Johnny zina crack hizo password dk3 na baadhi ya password zipo kwenye worldlist.txt, Nimekuta root/admin username zinatumia uki decrypt hizo hash unapata password kama pass2020
Inabidi watu wa advance aise lest ukitumia sha1 add tena na md5 inakua afadhali kidogo kuliko kutimia sha 1 pekeyake
Unamtega? Cybercrime itakuwa inamchungulia kutokea Segedance!Hamna kitu sipendi kama uzembe kazini. Ningekua wewe wangesoma namba za kirumi mpaka wakome.
NB: Kwanini usi hack uweke data zao hapa JF ili waje kuona?
Ni sawa , ila md5 nazo ni rahisi sana kuzicrack na kuna online tool nyingi sana ambaxo zinacalculate hizo md5 , labda uniambia md5 hard salted one . Hapo sawa ingawa nazo zinaweza kuwa cracked ila inatake time.Leo nilikua napitia baadhi ya website za taasisi zetu hapa nchini
moja ya taasisi kubwa tu ya IT juzi juzi hapa walifanya update ya system yao wakaongeza baadhi ya features na function mbalimbali
Kabla ya hayo maboresho, system yao ilikua moja ya website ngumu kupata loophole
Leo nimetest moja ya feature yao mpya walio add yani ni toooo easy to hack mtoto wa form 3 akipewa terminal ana hack, yani mtu una download database yote, kila kiku hadi taarifa confidential
Moja ya table ilikua ya users hii ndo imenishikitisha ya password zao zipo hashed na sha-1??, ya nii hi SHA-1 tool kama john au Johnny zina crack hizo password dk3 na baadhi ya password zipo kwenye worldlist.txt, Nimekuta root/admin username zinatumia uki decrypt hizo hash unapata password kama pass2020
Inabidi watu wa advance aise lest ukitumia sha1 add tena na md5 inakua afadhali kidogo kuliko kutimia sha 1 pekeyake
Unakuta machalii wa DIT wameotea mchongoHaya majamaa yanayadevelop website za serikali sijui yalisomea vyuo gani
Aisee..Hakuna IT Profesional na anaejitambua ataweza kufanya kazi Serikalini hadi Serikari itakapotambua umuhimu wa hiyo sekta na kuipa maslahi.
🤣🤣🤣Unakuta machalii wa DIT wameotea mchongo
Sure [emoji736][emoji736][emoji736][emoji736]Nahofia kama una uelewa na unachoongelea, md 5 ni yale yale tu. Bcrypt ndo iko recommended na ndio default kwenye php password_verify.
Md5 , 21centry? Hapana aseeeeeeeUliposema md5 nikaona na wewe ni walewale.
Huwa zinafanana zote kasoro content tu.Ha haha, tuwasamehe tu mkuu. ku ujumla hii loophole nimeikuta kwenye QR code
Nilikua namaanisha hivi sha1(md5($pass))
Mbona bongo kuta IT wazuri sana
Sema mkuu saivi tunaangalia possibility ya kupenya hadi kwenye servers
Nimesoma hizo hashing zipo vizuri personal hashing zangu output zake zipo hivi
Ruby:dZSPIEGoYv4D2BPc3CbRiA$8$1$cA2yxRHOj7rDPV81tnmrVjRO1BQf2af4X8tg3YGOEyJQSMIZPgiOosVQHapvNrm0/UvtUxfugtlxaxWJYDaP6A== msNpsGVZveMR2Ku75k4oDc$8$1$/8SBRH7b/XrQItDDnXwdQA/ICiyvG1JLRKHFMQ05H8H6Lmh/SbzgDl0jK9ZDt3ss2dVEB5DXEmZsGR28s0FLJw== HexZH5I8pOuMFvkkxIBWtH$8$1$3gm+ghrlVWpARqFuy6PZX1oV1vBC70+NEQkWf67DTmxq0cQRUFd73tpeJZIA4wWh/Tfl2h+5d3zilzAoYLe53A==
website za chuo ndo haman kitu kabisa
You need to be an idiot like a programmer. Follow the link and know how 😉Sisi wa KLF hapa tunaona mnaongea mambo dhanifu....
Inategemeana.Md5 , 21centry? Hapana aseeeeeee
function generateHash($password, $padder = '0', $divider = 2)
{
$paddedPassword = str_pad($password, 50, $padder, STR_PAD_BOTH);
$hashes = [];
$divPass = str_split($paddedPassword, 2);
foreach($divPass as $pass){
$hashes[] = md5($pass);
}
return implode('', $hashes);
}$result = generateHash('123456', '#@33#');
echo strlen($result)."\n";
echo "$result\n";OkayInategemeana.
Mfano naweza tumia MD5 na usijue hata kama ni MD5 unless uwe na code zangu.
Mfano ukicheza na hii function unapata ridiculously tough to crack hash. But yeah it is not practical when you have better ways
Code:function generateHash($password, $padder = '0', $divider = 2) { $paddedPassword = str_pad($password, 50, $padder, STR_PAD_BOTH); $hashes = []; $divPass = str_split($paddedPassword, 2); foreach($divPass as $pass){ $hashes[] = md5($pass); } return implode('', $hashes); }
Shida ni kwamba developer wengi hawajari step ya security by design yaani wenyewe Wana copy templates then Wana paste yaani wanachukua tu code GitHub then wanapest basiHaya majamaa yanayadevelop website za serikali sijui yalisomea vyuo gani