Man in the Middle – What are the correct network settings for VirtualBox VMs to allow DNS spoofing attacks?

I need to implement a DNS spoofing attack on undeclared VMs. My host network is connected to a wireless network.

I created a Kali Linux machine (the attacker machine) and another Win10 machine (the victim machine).

I need the victim's computer to connect to the Internet and be accessible to the attacker.

Can someone help me choose the right network configurations to make this attack possible?

The attacker needs the default gateway and the IP of the victim. How do I get the DG address?

If I set up the network settings of the VMs as NAT, the ettercap can not see them when I'm snooping on the newtork.

If I set up my VMs with network settings for hosts only, they will see each other but they will be on a different subnet than the actual gateway, so they can not connect to the Internet.

Can you please deploy the correct network settings to implement DNS spoofing in the VM environment and on a host device connected to a wireless network?

Mysql – The order of the relations of three tables is correct, but the values ​​are wrong

I have these tables

                    Table 1
| id | name |
| 1 | Ax |
| 2 | Bow |
| 3 | Car |
| 4 | Darts |


table2 table3
| t1_id | number | | t1_id | Letter |
| 1 | 5 | | 1 | a |
| 1 | 6 | | 1 | b |
| 1 | 2 | | 1 | c |
| 2 | 2 | | 2 | a |
| 2 | 2 | | 2 | c |
| 2 | 3 | | 2 | r |
| 3 | 8 | | 3 | y |
| 3 | 3 | | 3 | I |
| 3 | 1 | | 3 | a |
| 4 | 8 | | 4 | a |
| 4 | 9 | | 4 | b |
| 4 | 10 | | 4 | c |

and table1 (id) is linked to table2 (t1_id), table3 (t1_id)

I let it run to order it highest letter_count then fit through the highest average number Game to get this right Result http://www.sqlfiddle.com/#!9/69086b/8/0

CHOOSE
t1.id,
t1.name

FROM
table1 t1

INNER JOIN
table2 t2
ON t2.t1_id = t1.id

CONNECT LINKS
table3 t3
ON t3.t1_id = t1.id
AND t3.letter IN (& # 39; a & # 39 ;, & # 39 ;, & # 39; c & # 39;

GROUP BY
t1.id

SORT BY
COUNT (t3.letter) DESC,
AVG (t2.number) DESC

| id | name |
| 4 | Darts |
| 1 | Ax |
| 2 | Bow |
| 3 | Car |

and everything works ok


but when I wanted to check if there were any problems with the query, I decided to check that out letter_count and avg_number So I used this query

CHOOSE
t1.id,
t1.name,
COUNT (t3.letter) ALS letter_count,
AVG (t2.number) AS avg_number

FROM
table1 t1

INNER JOIN
table2 t2
ON t2.t1_id = t1.id

CONNECT LINKS
table3 t3
ON t3.t1_id = t1.id
AND t3.letter IN (& # 39; a & # 39 ;, & # 39 ;, & # 39; c & # 39;

GROUP BY
t1.id

SORT BY
letter_count DESC,
avg_number DESC

What I expected was the result

| id | name | letter_count | avg_number |
| 4 | Darts | 3 | 9 |
| 1 | Ax | 3 | 4.3333333333 |
| 2 | Bow | 2 | 2.3333333333 |
| 3 | Car | 1 | 4 |

But the result I got was http://www.sqlfiddle.com/#!9/69086b/3/0

| id | name | letter_count | avg_number |
| 4 | Darts | 9 | 9 |
| 1 | Ax | 9 | 4.3333333333 |
| 2 | Bow | 6 | 2.3333333333 |
| 3 | Car | 3 | 4 |

should I worry how this works? letter_count will be multiplied three times in the future, or only happens if I want to select the values ​​and nothing bad will happen if I just kept it SORT BY?


I just want them to be ordered correctly, which I have, but the verification of the values ​​has shown me that letter_count is multiplied many times, so I'm confused about his performance or that letter_count can be ignored and performance is not affected?

Is this a correct way to build an application from the initial requirements?

I'm trying to train on how to create the right software specifications and documentation for a food ordering system that I set up for training purposes.

I've put my feet in the shoes of the client who wants the project and written initial requirements that I want to implement in the system (you can find them here on GitHub).

After that, I started to create use cases based on these initial functional requirements, but I'm not sure I'm on the right path or not.

So I was wondering if the following image is a correct way to create a simple use case for user registration. and should I continue to create all use cases with this template?

Enter image description here

Thank you in advance.

Windows Server 2008 r2: Correct the registry values

I ran this registry file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client]
"Enabled" = dword: 00000001
"DisabledByDefault" = dword: 00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server]
"Enabled" = dword: 00000001
"DisabledByDefault" = dword: 00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Client]
"Enabled" = dword: 00000001
"DisabledByDefault" = dword: 00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server]
"Enabled" = dword: 00000001
"DisabledByDefault" = dword: 00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server]
"Enabled" = dword: 00000001
"DisabledByDefault" = dword: 00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Server]
"Enabled" = dword: 00000001
"DisabledByDefault" = dword: 00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithmsDiffie-Hellman]
"ServerMinKeyBitLength" = dword: 00000800

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 128/128]
"Enabled" = dword: 00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 40/128]
"Enabled" = dword: 00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 56/128]
"Enabled" = dword: 00000000

Now I can not connect to my website. Can someone tell me what the default registry values ​​for these entries would be so that I can restore the registry with the correct settings? Many Thanks.

Cryptography – How do I identify the correct hash from a list of salts and a given password during authentication?

I apologize for being naive, but I've recently started working on cryptography and how to handle security on the Internet.

As I gathered, the safest and most efficient way to safely store a password is to add a pepper, generate a random salt, and then hash all three (password + pepper + salt).

When a user tries to log in, the program checks to see if the hash matches the hash in the database associated with the user name. Since you need a salt (and hard-coded pepper) to hack the password with any hope of success …

  1. Do you have to try to grab every single salt in your database?
  2. If you have one million salts, would not that be very slow?
  3. Is there a better way to do this?

magento2 – Email Sender of the standard Magento 2 order confirmation is not correct 2.2.7

After upgrading from 2.2.6 to 2.2.7. The sender of the order confirmation will be changed by sales@mydomain.com to myusername @@ c59619.sgvps.net

I checked the email addresses "config"> "sales" and "general"> "store". There, "sales@mydomain.com" is set correctly.

I have not set up SMTP, I use the default PHP mailer and my hosting is in the background.

Trigonometry – How can I get correct solutions to this trigonometric equation?

I try to solve the equation
$$ left ( sin (x) + cos (x) – sqrt {2} right) cdot sqrt {-11 x-x ^ 2-30} = 0 $$ in the real domain. I tried

First way

To solve[{(Sin[x] + Cos[x] - sqrt[2]) Sqrt[-11 x - x^2 - 30] == 0}]

I have

{{x -> -6}, {x -> -5}, {x -> [Pi]/ 4}}

Second way

            To solve[{(Sin[x] + Cos[x] - sqrt[2]) Sqrt[-11 x - x^2 - 30] == 0}, x,
real]// FullSimplify

I have

{{x -> -6}, {x -> -5}, {x -> – ((7 [Pi]) / 4)}, {x -> – ((7 [Pi]) / 4)}}

Third way

sol = (TrigExpand @
To reduce[(Sin[(Sin[(Sünde[(Sin[x] + Cos[x] - sqrt[2]) Sqrt[-11 x - x^2 - 30] == 0,
x, reals]// FullSimplify // Last) /. C[1] -> k

I have

x == – ((7 [Pi]) / 4)

How do I get the right solutions?

http – Correct load-balancing configuration for resuming the TLS session

Consider the following network topology:

Load Balancer topology

  1. There are exactly two HTTPS servers, S1 and S2.
  2. There are exactly two HTTPS clients, C1 and C2. Keep this in mind, as two servers often have many more clients. In this case, however, there are only two clients. (You may be wondering why? Because C1 and C2 are also servers and serve many clients, while they are also served by S1 and S2.)
  3. There is a load balancing between the clients and the server, LB. Here LB carries out a round robin load balancing on the transport layer (TCP). That's why LB does this Not Perform SSL offloading or anything related to the application layer.
  4. Customers demand something like https://example.com, The DNS is dissolved example.com to the IP address of LB, which forwards the packet to S1 or S2.
  5. LB is configured to forward packets to S1 or S2 in a TCP session (same source port, source address, destination port, destination address), not both. Therefore, S1 and S2 need not know the session information on the other server.
  6. For performance reasons, S1 and S2 can be configured to use TLS Session Recovery based on either session IDs or session tickets.

The following scenario shows the problem:

  1. C1 connects with https://example.comand LB sends its traffic to S1. With sessionID = 123456 a TLS session is established (complete handshake). After a while C1 ends the connection.
  2. Some time passes and C1 connects with https://example.com once again. This time, LB sends its traffic to S2. C1 offers to use sessionID = 123456, but S2 does not know this sessionID. So S2 asks if sessionID should be set to something else, for example sessionID = 789abc (full handshake). After a while C1 ends the connection.
  3. Some time passes and C1 connects with https://example.com another time. This time, LB sends its traffic to S1, which does not know sessionID = 789abc. You get the idea: Another complete handshake takes place.

When a client switches back and forth between servers, a full handshake occurs each time and performance is affected.

How do I handle this scenario correctly so that clients do not perform a full handshake every time I reconnect?

PS: If I had many clients, I would configure LB to bind a client to a server for some time. However, since there are only two clients, this would also affect performance.


To edit: The link I quoted above explains this, which I do not fully understand:

In practice, providing session tickets on a number of load-balanced servers requires some careful consideration and system architectures: all servers must be initialized with the same session key, and an additional mechanism is required to regularly and securely rotate the shared key across all servers Server.

Safety – How do I make sure my product is correct for the first time?

I am working on a product that can not be updated after the release. In addition, product malfunctions can result in death, serious injury, or severe financial setbacks. Hence my code Got to be correct the first time, because I do not get a second chance.

Which techniques are available? I am already planning extensive tests, but I know that tests can only prove the existence of errors, but not their absence.

r – How do I create a leaflet card with the correct marker?

I would like to make a card with leaflet and the marker should often show that the coordinate occurs.
For a mini-game, this one coordinate occurs 230 times.
Is there a way to make it look better?

Library (leaflet)
Library (dplyr)
Leaflet ()%>%
setView (174,764, -36,877, zoom = 16)%>%
addTiles ()%>%
addMarkers (174,764, -36,877, popup = "Maungawhau, 230") # occurs 230 times

The output looks like this:

[![enter image description here][1]][1]

[1]: https://i.stack.imgur.com/tKbwC.pngEnter image description here