i will explain you my problem...
Im explain...I want to download all a TOR website with a wget.
but the problem is when i go to the website i have a pop up tell me:
enter username: USER / password: PASSWORD
so i type the user and the password and now i can see the login page.
But on the index i need to enter my Username and my Password of my account. And after that, its done and im in.
Now, I want to wget the website so ive used:
torsocks wget --user=USER --password=PASSWORD (for the first authentification)--keep-session-cookies --save-cookies cookies.txt --post-data 'user=myusername&password=mypassword'(for login into the website)-r http://website.onion/
But when i start the command:
torsocks wget --user=USER --password=PASSWORD --keep-session-cookies --save-cookies cookies.txt --post-data user=myusername&password=mypassword' -r http://website.onion/
I've a error 403 : Forbidden.
i hope ive been clear and you've understand my problem, and find how can i use wget on onion website using 2 authentification, one when i go to the website(probably for verify if im human), and the second for login into my account and access to the website.
If anyone have an idea, or another method than wget he's welcome,
Thanks.
Related
I'm trying to get a simple ldapsearch query working against Google Secure LDAP without using client certificate. I'm using Ubuntu 22.04 ldap-utils.
Am I doing something obviously wrong with my query below? Assume username generated by Google is LDAPUser1 and password is RAND123 and my domain is example.com:
ldapsearch -D "LDAPUser1" -w RAND123 -b "ou=Users,dc=example,dc=com" -H ldaps://ldap.google.com:636
Whenever I run it, I get the following error:
ldap_bind: Invalid credentials (49)
additional info: Incorrect password
I've copied the username and password verbatum from the Google Secure LDAP "Access Credentials" section. It's directly below the "Certificates" section.
I tried to delete one of my Jelastic environments by means of the following API call:
curl -k \
-H "${CONTENT_TYPE}" \
-A "${USER_AGENT}" \
-X POST \
-fsS ${HOSTER_URL}/1.0/environment/control/rest/deleteenv -d "password=${password}&session=${session}&envName=${envName}
where I am sure that the session and envName are correct, as I have other commands running perfectly well with them. In particular, I get the session in the following way:
getSession() {
local login=$1
local password=$2
local hosterUrl=$3
echo "Signing in..." >&2
local cmd=$(curl -k -H "${CONTENT_TYPE}" -A "${USER_AGENT}" -X POST \
-fsS "$hosterUrl/1.0/users/authentication/rest/signin" -d "login=$login&password=$password");
exitOnFail $cmd
echo "Signed in" >&2
echo $(jq '.session' <<< $cmd | sed 's/\"//g')
}
In the call to deleteenv, I provide the very same password as that of my Jelastic provider account. Indeed, when I want to delete an environment through Jelastic's dashboard, this is the password I need to provide to make the deletion happen. However, I get the following error:
{"result":801,"source":"hx-core","error":"invalid password"}
Because the password field is documented as optional in Jelastic's API documentation, I tried not to set the password. This yields the following error:
{"result":3,"source":"JEL","error":"invalid parameter [password] for method [DeleteEnv] in service [ControlService]"}
I tried to use other secrets as that password, like the APPID, without any success.
Does anyone have a clue what password I need to put there?
We used the same oneliner based on API you used, your script to get a session and the same Jelastic version but were not able to reproduce this issue. Environment were successfully deleted.
Does anyone have a clue what password I need to put there?
This is the same password as you used to get session or to enter Dashboard. Make sure there are no additional symbols in your password variable.
Because the password field is documented as optional
Indeed, it's optional if use token instead of session. In case of session, password is an obligatory parameter.
I am using ssh to connect to remote server from local.
[siebel#local ~]$ ssh remote
siebel#remote password:
I dont want to input the password manually. I want to write a script in which I will give the password as an input. It will enable me to login without manual action.
I don't want to setup passwordless authentication by ssh-keygen. I tried to use expect but spawn is not working. I don't want to install any other utility also.
As I said its strongly discouraged to hardcode passwords for security reasons but what I will suggest, only if you just can't avoid doing it. is to use sshpass.
You can easily do a:
sudo apt install sshpass
following that the following simple command will do the trick for you.
sshpass -p "PASSWORD" ssh -o StrictHostKeyChecking=no USERNAME#REMOTE_HOST:Custom port number(default is 22)
I am providing -w "LDAP server password" in commandline but i am getting error . ldap_bind: Invalid credentials (49).
So basically I am trying to achieve this - A user can reset its password by running a small script but i don't want to expose LDAP password to him . so storing it in script only .
A very simple script -
uid="$USER"
echo "Welcome" $uid ;
ldappasswd -x -S -D "cn=xxx,dc=xxxxx,dc=xxx" -W -h 'IP address of LDap server' "uid=".$USER.",ou=xxxx,dc=xxx,dc=xxxx" -w "LDAP server password"
Please let me know if there is any other way to achieve this .
Thanks,
Use either -w <newpassword> to provide the password on the command line, or -W to get prompted, but not both. Also, you need to put options in front of arguments. Try ldappasswd -x -w "LDAP server password" -S -D "cn=xxx,dc=xxxxx,dc=xxx" -h 'IP address of LDap server' "uid=$USER,ou=xxxx,dc=xxx,dc=xxxx". Note i removed the dots from around $USER, you need them in perl but not in the shell.
But note that if you put this in a script, your users will need read permission on the script, or the shell won't execute it. Which means they will be able to cat the script and see the password. One workaround would be to make the script rx to the root user only, and allow sudo <yourscript> without password. Also, noone will prevent a user from changing his $USER variable, so your script is easy to hack - better parse the output of the id command, and make sure you don't use root if you do the sudo workaround.
I have an application (APP1) which can only be executed by a user with root privileges but not by root.
Hence I have created another user root1 :
adduser -u 0 -o -g 0 -G 0,1,2,3,4,6,10 -M root1
And then when I am trying to assign a password to this user I get an authentication failure.
[root]# passwd root1
Changing password for user root1.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: Authentication failure
I looked up a lot on google and tried lot of things suggested but none of them resolved this error.
Could you please help me in resolving the above error, so that I can login to the system using root1 to execute the application(APP1).
Thanks,
The problem is your password. You cannot change the super user password to something really easy and guessable like "qwerty".
Also, Red Hat has a nice article about password security.