Tuesday, April 30, 2019
Monday, April 29, 2019
micro nuclear bombs, intel, pt
good morning. welcome back to war....another week...monday, 09.25 am
CIA safe house was compromised yesterday afternoon, while helding a russian secret agent; the safe house was hidden at hospital particular (old facility) at lisbon. the CIA moved the detaineed to the second spot, hidden at shopping the alvalade. the russian was resqued...and still possess the information. my guess is, classified information, within this company, which works with nuclear devices transportation, particulary, micro nuclear bombs
https://www.tuugo.pt/Companies/bechtel-lda/0240004197032#!
CIA safe house was compromised yesterday afternoon, while helding a russian secret agent; the safe house was hidden at hospital particular (old facility) at lisbon. the CIA moved the detaineed to the second spot, hidden at shopping the alvalade. the russian was resqued...and still possess the information. my guess is, classified information, within this company, which works with nuclear devices transportation, particulary, micro nuclear bombs
https://www.tuugo.pt/Companies/bechtel-lda/0240004197032#!
Sunday, April 28, 2019
snowden hipotesis my personal folder
Check it out Jimmy
If the Security Zones for Internet Explorer are managed by my system administrator, the list of Trusted Sites is disabled and I cannot scroll through the list. Is there a way I can view the full list of Trusted Sites?
came up with the following solution, I hope others will find it useful as well.
I have limited rights, only local, not enough to open and view GPEDIT on AD level.
So, what I did, and works, is to open a command prompt (as Admin) and run the command:
C:\WINDOWS\system32>GPResult /V /SCOPE Computer /H c:\temp\stuff.txt
Then perform a search e.g. for the "ZoneMapKey"
C:\WINDOWS\system32>find "ZoneMapKey" c:\temp\stuff.txt >> c:\temp\sites.txt
Keep in mind there are other keys that might require your attention, like the "approvedactivexinstalsites"...
You will have an output like:
KeyName: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey\https://www.wesayso.com
Clean it up (I use Excel, use the \ as seperator and be done with it) and you will have a great list.
https://superuser.com/…/how-to-view-all-ie-trusted-sites-wh…
If the Security Zones for Internet Explorer are managed by my system administrator, the list of Trusted Sites is disabled and I cannot scroll through the list. Is there a way I can view the full list of Trusted Sites?
came up with the following solution, I hope others will find it useful as well.
I have limited rights, only local, not enough to open and view GPEDIT on AD level.
So, what I did, and works, is to open a command prompt (as Admin) and run the command:
C:\WINDOWS\system32>GPResult /V /SCOPE Computer /H c:\temp\stuff.txt
Then perform a search e.g. for the "ZoneMapKey"
C:\WINDOWS\system32>find "ZoneMapKey" c:\temp\stuff.txt >> c:\temp\sites.txt
Keep in mind there are other keys that might require your attention, like the "approvedactivexinstalsites"...
You will have an output like:
KeyName: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey\https://www.wesayso.com
Clean it up (I use Excel, use the \ as seperator and be done with it) and you will have a great list.
https://superuser.com/…/how-to-view-all-ie-trusted-sites-wh…
hacking firefox kereberos
Suppose someone worked for a company that put up an HTTP proxy preventing internet access without password authentication (NTLM, I think). Also suppose that this password rotated on a daily basis, which added very little security, but mostly served to annoy the employees. How would one get started writing a Firefox add-on that automatically entered these rotating passwords?
To clarify: This add-on would not just submit the password; the add-on would programmatically generate it with some knowledge of the password rotation scheme.
This is built into Firefox. Open up about:config, search for 'ntlm'
The setting you're looking for is called network.automatic-ntlm-auth.trusted-uris and accepts a comma-space delimited list of your proxy server uris.
This will make FireFox automatically send hashed copies of your windows password to the proxy, which is disabled by default for obvious reasons. IE can do this automatically because it can use security zones to figure out whether a proxy server is trusted or not.
Saturday, April 27, 2019
snowden hipotesis my folder
if wireless clients and wireless distribution systems cache PMKs between clients and APs, the PMKID can be used when a client roams "back" to an AP that it had been authenticated to previously. This would speed up roaming "back" to an old AP, since the full EAP authentication would not need to take place; the PMK already exists. Just the 4-way handshake would be necessary to generate the PTK
http://giantsnerdwifi.blogspot.com/2016/
http://giantsnerdwifi.blogspot.com/2016/
robbering folder...hacking
Get-WinEvent with non-administrative user
This gives our support people instant access to the latest history without any elevated privileges....
$event = Get-WinEvent -FilterHashtable @{LogName='Security';Id=4740} -MaxEvents 1
$ns = @{'ns'='http://schemas.microsoft.com/win/2004/08/events/event'}
...you could see. the hashpi file offline..between a period of time...
Get-WinEvent -path "C:\temp\*Security*.evtx" -max 10 -FilterHashtable @{Providername="Microsoft-Windows-Security-Auditing"; id=4740; StartTime=1/7/2013; EndTime=1/8/2013}
But powershell return error:
Get-WinEvent : Parameter set cannot be resolved using the specified named parameters.
answer was :" put quotes around them or explicitly define them as DateTime."
Get-WinEvent -path "C:\temp\*Security*.evtx" -max 10 -FilterHashtable @{Providername="Microsoft-Windows-Security-Auditing"; id=4740; StartTime=1/7/2013; EndTime=1/8/2013}
But powershell return error:
Get-WinEvent : Parameter set cannot be resolved using the specified named parameters.
answer was :" put quotes around them or explicitly define them as DateTime."
robbering folder...ARP attack inside the network
talking about DMZ...and back to Snowden...
To display the contents of the ARP cache, enter the following command ----------at any-------- CLI level.
explanation for previouse understanding where do I want to go:
If Computer A wants to contact Computer B (((( INSIDE THE SAME NETWORK))))within the same network, it must first determine the appropriate MAC address for its IP address. This uses the Address Resolution Protocol (ARP), a network protocol that operates according to the request response scheme.
After searching for the appropriate MAC address, Computer A sends a broadcast request (or ARP request) to all devices on the network. This request contains the following information:
A computer with the MAC address xx-xx-xx-xx-xx-xx and the IP address yyy.yyy.yyy.yyy would like to get in contact with a computer with the IP address zzz.zzz.zzz.zzz and requires the appropriate MAC address.
The ARP request is received by all computers in the LAN. In order to prevent an ARP request from being submitted prior to the sending of each data packet, every computer in the network performs a local table, called the ARP cache. In these tables, all known MAC addresses are temporarily stored along with their matching IP addresses.
To display the contents of the ARP cache, enter the following command ----------at any-------- CLI level.
explanation for previouse understanding where do I want to go:
If Computer A wants to contact Computer B (((( INSIDE THE SAME NETWORK))))within the same network, it must first determine the appropriate MAC address for its IP address. This uses the Address Resolution Protocol (ARP), a network protocol that operates according to the request response scheme.
After searching for the appropriate MAC address, Computer A sends a broadcast request (or ARP request) to all devices on the network. This request contains the following information:
A computer with the MAC address xx-xx-xx-xx-xx-xx and the IP address yyy.yyy.yyy.yyy would like to get in contact with a computer with the IP address zzz.zzz.zzz.zzz and requires the appropriate MAC address.
The ARP request is received by all computers in the LAN. In order to prevent an ARP request from being submitted prior to the sending of each data packet, every computer in the network performs a local table, called the ARP cache. In these tables, all known MAC addresses are temporarily stored along with their matching IP addresses.
Friday, April 26, 2019
Start SSH Server without typing a password - Sudoers (NOPASSWD) - (robbering folder)
sudo -s /bin/launchctl load -w /System/Library/LaunchDaemons/ssh.plist
(remove -s argument)
(remove -s argument)
Thursday, April 25, 2019
ATM's (robbering folder)
let's digg here the KDIAG tool, on a USB GPRS modem...karpersky call its "black box" ...it looks so stupid access, that why don't "we" do it all the time?....well, you get this master ATM connectors...we are in...you don't ...and the cable plug is highly protected...
Wednesday, April 24, 2019
Subscribe to:
Posts (Atom)
