From 6547bd7461a27d5006217cd37ba530611c7d9bd1 Mon Sep 17 00:00:00 2001
From: paul-ion <pentesq@gmail.com>
Date: Tue, 14 Jan 2025 14:51:18 -0500
Subject: [PATCH] Update online recommendations

---
 .../static/lessons/cryptoBreaker/crypto_caesar.md     | 11 +++--------
 .../static/lessons/cryptoBreaker/crypto_hash.md       |  2 +-
 trainingportal/static/lessons/greenBelt/cwe327.html   |  2 +-
 trainingportal/static/lessons/greenBelt/cwe327.sol.md |  4 ++--
 trainingportal/static/lessons/greenBelt/cwe759.html   |  2 +-
 trainingportal/static/lessons/greenBelt/cwe759.sol.md |  2 +-
 6 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/trainingportal/static/lessons/cryptoBreaker/crypto_caesar.md b/trainingportal/static/lessons/cryptoBreaker/crypto_caesar.md
index 5411f71..fa629a2 100644
--- a/trainingportal/static/lessons/cryptoBreaker/crypto_caesar.md
+++ b/trainingportal/static/lessons/cryptoBreaker/crypto_caesar.md
@@ -5,14 +5,9 @@ In this module you will learn about various ways in which information can be enc
 To solve challenges you will need to execute various transformations on a block of given data. 
 
 There are several online resources that can help you in your journey. 
-Here are a few recommendations:
-
-- `dCode.fr` : includes a large variety of encoding, hashing and encryption tools
-- `criptii.com` : similar to `dCode.fr`
-- `crackstation.net` : includes a large dictionary of words and numbers hashed with several different algorithms
-- `hashes.net`: similar to `crackstation.net`
-
-You may also use your programming/scripting language of choice.
+For example `dCode.fr` : includes a large variety of encoding, hashing and encryption tools.
+`hashes.com` includes a large collection of hashes. 
+There are many online resources that you can use besides these sites. You may also use your programming/scripting language of choice.
 
 **NOTE: If you decide to view the solution, open the solution as a new tab or window so you don't reset the cipher.**
 
diff --git a/trainingportal/static/lessons/cryptoBreaker/crypto_hash.md b/trainingportal/static/lessons/cryptoBreaker/crypto_hash.md
index 4c50478..669af4a 100644
--- a/trainingportal/static/lessons/cryptoBreaker/crypto_hash.md
+++ b/trainingportal/static/lessons/cryptoBreaker/crypto_hash.md
@@ -28,7 +28,7 @@ Most algorithms leverage the characteristics of the data to arrive at a unique v
 
 ##### Weaknesses
 
-Digests can be pre-calculated making them as easy to reverse as an ASCII code. Indeed websites like `dCode.fr`, `crackstation.net` or `hashes.com` contain large databases of pre-calculated digests also known as rainbow tables. The best way to prevent reversing hashed words is to concatenate a random string to the text. This is known as adding a salt. Another mitigation involves hashing the message several times (adding iterations). This increases the amount of computations necessary to calculate the hash.
+Digests can be pre-calculated making them as easy to reverse as an ASCII code. You can find public websites which contain large databases of pre-calculated digests also known as rainbow tables. The best way to prevent reversing hashed words is to concatenate a random string to the text. This is known as adding a salt. Another mitigation involves hashing the message several times (adding iterations). This increases the amount of computations necessary to calculate the hash.
 
 Hashing algorithms are also vulnerable to collision attacks. Such attacks involve altering the input to arrive at the same digest. This is particularly dangerous when using hashing functions to ensure the integrity of executable files. Both MD5 and SHA1 algorithms are vulnerable to collision attacks.
 
diff --git a/trainingportal/static/lessons/greenBelt/cwe327.html b/trainingportal/static/lessons/greenBelt/cwe327.html
index a6fda65..e58c361 100644
--- a/trainingportal/static/lessons/greenBelt/cwe327.html
+++ b/trainingportal/static/lessons/greenBelt/cwe327.html
@@ -15,7 +15,7 @@
 </p>
 <p>
     Did you know that there are online sites like  <a target="_blank" rel="noopener noreferrer" href="https://hashes.com/">Hashes.com</a> or 
-<a target="_blank" rel="noopener noreferrer" href="https://crackstation.net/">CrackStation.net</a> that maintain a list of known hashes for numbers and dictionary words, also known as a 
+<a target="_blank" rel="noopener noreferrer" href="https://dcode.fr/">dcode.fr</a> that maintain a list of known hashes for numbers and dictionary words, also known as a 
   <a target="_blank" rel="noopener noreferrer" href="https://en.wikipedia.org/wiki/Rainbow_table">'Rainbow Table'</a>?
 </p>
 <p>
diff --git a/trainingportal/static/lessons/greenBelt/cwe327.sol.md b/trainingportal/static/lessons/greenBelt/cwe327.sol.md
index 33d78f9..d844c2a 100644
--- a/trainingportal/static/lessons/greenBelt/cwe327.sol.md
+++ b/trainingportal/static/lessons/greenBelt/cwe327.sol.md
@@ -4,11 +4,11 @@ This challenge shows a case where security practices were employed, however they
 
 Did you know collisions to the MD5 hashing algorithm can be calculated within 1 day at modern computing power? This means that if an attacker knows the hash they could generate a string that will result in the same hash within 1 day. The SHA-1 algorithm has also been proven be prone to collisions, although it requires more computing power.
 
-However there's an even easier way to exploit these algorithms. Sites like **CrackStation.net** or **Hashes.com** maintain a large database of precalculated hashes. Because MD5 and SHA-1 require less computing power it is easier to pre-calculate hashes for such algorithms.
+However there's an even easier way to exploit these algorithms. There are online sites that maintain a large database of precalculated hashes. Because MD5 and SHA-1 require less computing power it is easier to pre-calculate hashes for such algorithms.
 
 To pass this challenge: 
 
 - List the user password by leveraging the Missing Authorization vulnerability just like in the previous case.
-- Search for the hash on **CrackStation.net** or on **Hashes.com**.
+- Search for the hash on your online hash look-up service of choice.
 - Logout and re-login as '**user**' with the cracked password to solve the challenge.
 
diff --git a/trainingportal/static/lessons/greenBelt/cwe759.html b/trainingportal/static/lessons/greenBelt/cwe759.html
index d8509a0..4b63306 100644
--- a/trainingportal/static/lessons/greenBelt/cwe759.html
+++ b/trainingportal/static/lessons/greenBelt/cwe759.html
@@ -14,7 +14,7 @@
 </p>
 <p>
     Did you know that there are online sites like  <a target="_blank" rel="noopener noreferrer" href="https://hashes.com/">Hashes.com</a> or 
-<a target="_blank" rel="noopener noreferrer" href="https://crackstation.net/">CrackStation.net</a> that maintain a list of known hashes for numbers and dictionary words, also known as a 
+<a target="_blank" rel="noopener noreferrer" href="https://dcode.fr/">dcode.fr</a> that maintain a list of known hashes for numbers and dictionary words, also known as a 
   <a target="_blank" rel="noopener noreferrer" href="https://en.wikipedia.org/wiki/Rainbow_table">'Rainbow Table'</a>?
 </p>
 <p>
diff --git a/trainingportal/static/lessons/greenBelt/cwe759.sol.md b/trainingportal/static/lessons/greenBelt/cwe759.sol.md
index 92c1040..e1b0158 100644
--- a/trainingportal/static/lessons/greenBelt/cwe759.sol.md
+++ b/trainingportal/static/lessons/greenBelt/cwe759.sol.md
@@ -8,6 +8,6 @@ In order to prevent such attacks, passwords are salted with a random value which
 To pass this challenge: 
 
 - List the user password by leveraging the Missing Authorization vulnerability just like in the previous case.
-- Search for the hash on **CrackStation.net** or on **Hashes.com**. Notice that the detected hashing algorithm is SHA256 but that the password was still found.
+- Search for the hash on your online hash look-up service of choice.
 - Logout and re-login as '**user**' with the cracked password to solve the challenge.