US CALIFORNIA ATM'S

Hack 66. Power Cisco Phones with Standard Inline Power   To avoid lock-in with Cisco-only phones and switches, learn how to power Cisco phones from non-Cisco switches. IP phones can be powered through their Ethernet connections. The standard for this inline power is called 802.3af, and many equipment manufacturers support itexcept for Cisco, which uses its own proprietary inline power method. Because of this, you can match Cisco IP phones only with Cisco-powered switches (unless you use Cisco's only phone model to support 802.3afthe 7970). This is an unfortunate form of vendor lock-in, but all is not lost. You can do a couple of things to get Cisco IP phones to draw power from non-Cisco switches. If your budget permits, the obvious (though proprietary) solution to this problem is to use Cisco PoE switches to power the phones. Some other switch makers, like Foundry Networks, also support Cisco's proprietary PoE standard. If you can't afford to forklift your switches, you might instead want to power your Cisco phones by way of a power injector, which is a patch panel that adds inline power to a CAT5/CAT6 cable connection. Consider Cisco PoE-compatible injectors like those made by PowerDsine (http://www.powerdsine.com/). But, if you can't do that either, do the next best thing: hack. Hacking inline power will almost certainly void your IP phone's warranty, and probably your switch's or power injector's, too. A short circuit could fry your switch and phone if you're not careful. Proceed with caution! By changing some wires on a standard UTP Ethernet patch cable, you can make a compatibility cable that lets you plug Cisco IP phones into any 802. 3af source, as shown in Figure 5-3. Essentially, you are flipping wires 4 and 7, and 5 and 8. Be advised, this technique could void the warranty of your phone and your switch. Figure 5-3. The wiring diagram for a hacked PoE cable Make sure your switch lets you program, port by port, which ports get power and which ones don't, because in a native Cisco PoE solution, Cisco IP phone power requirements are "auto-detected," so power can turn itself on and off as necessary on each port. There's no such provision when using a hacked cable to supply 802.3af power to a Cisco PoE-using phone. If this is a problem, and 802.3af won't work with the hacked cable, try using a device that does the two-pair flip but also works with auto-detection, such as 3Com's 48-volt IntelliJack switch converter, part number 3CNJVOIPCPOD. The Cisco 7970 IP phone does support 802.3af power sources, unlike the more popular (and less expensive) 7960 and 7940 phones.

Hack 67. Customize Your Cisco IP Phone's Boot Logo   Change the logo on your Cisco IP phone, and reflect your inner geek's refined sense of monochrome style. Have you ever wished you could change the boot-up logo on your cell phone? Have you ever wanted to use custom graphics on your appliances' LCD screens? Most Linux geeks love to plaster Tux the Penguin, the official mascot of Linux, all over the placeand what better place than a hackable display? If you're like me and you have a thing for the penguin, allow our underdressed friend to show himself on your Cisco VoIP phones. First, the facts: when most IP phones boot, they look for configuration files on a nearby TFTP server and download them to configure the phone further [Hack #80]. The configuration files allow the specification of a logo, along with other tweakable goodies. By editing or adding the logo_url setting in a phone's configuration file, you can dictate which logo the phone should use. The storage or location for this logo varies depending on the version of the firmware that's loaded on your phone, but you should be able to specify a standard HTTP URL to point the phone toward its logo. (This kind of hack is also possible on other phones, so look it up.) Here's the specific setting for a Cisco configuration file: logo_url: "http://domain/cisco/logo.bmp" As you can see, the URL points to a bitmap picture (logo.bmp). So far, this looks to be a simple hack, and with a few notes, it will stay that way. The image that the phone downloads is on a server, so it needs to find the server somehow. In other words, make sure the phone's DNS server setting is right so that it can resolve the hostname you provide in place of the domain place-holder in the URL. The image size and color are also important. If you use an image with the wrong size or aspect, it will come out looking a bit funky on your Cisco's LCD. The default size for the display on the Cisco 7960 is 133 x 65 pixels, so that would be a good place to start. The image should be monochrome, at least for the 7960. Color is supported on newer models, like the 7970G. (You can always specify a different URL in your color phone's config files that points to a color version of the same image if you need to support color and monochrome displays.) The older and current phones will alter an image to fit the screen and color if it does not match. This auto-correction might not be perfect, so you might want to run your image through Photoshop or the GNU Image Manipulation Program (GIMP) to meet the size and color requirements. When I did this hack, I used a PNG-format picture of Tux the Penguin. Tons of great images like this are available at http://images.google.com/. I opened my image in the GIMP to have a look. Then I resized the happy fellow so that his height matched the height of the LCD, 65 pixels. Finally, I converted to grayscale and saved. Figure 5-4 shows the finished product. Cute, isn't he? Figure 5-4. The Tux logo, as he appears on a Cisco 7960's display I then simply uploaded the file to my web server, at the URL specified in my 7960's TFTP configuration file. The next time I booted up my 7960, there was Tux, happy as usual. Andrew Latham http://flylib.com/books/en/3.439.1.89/1/

Diplomatic bag

DIPLOMATIC BAGS MI6 REMOTE SCANNER

Remote unlocking of the root (or other) partition

If you want to be able to reboot a fully LUKS-encrypted system remotely, or start it with a Wake-on-LAN service, you will need a way to enter a passphrase for the root partition/volume at startup. This can be achieved by running a mkinitcpio hook that configures a network interface. Some packages listed below contribute various mkinitcpio build hooks to ease with the configuration.

Note:

• Keep in mind to use kernel device names for the network interface (e.g. eth0) and not udev's ones (e.g. enp1s0), as those will not work.
• It could be necessary to add the module for your network card to the MODULES array.

Remote unlocking (hooks: systemd, systemd-tool)

AUR package mkinitcpio-systemd-tool^AUR provides a systemd-centric mkinitcpio hook named systemd-tool with the following set of features for systemd in initramfs:

Core features provided by the hook: unified systemd + mkinitcpio configuration automatic provisioning of binary and config resources on-demand invocation of mkinitcpio scripts and in-line functions

Features provided by the included service units: initrd debugging early network setup interactive user shell remote ssh access in initrd cryptsetup + custom password agent

The mkinitcpio-systemd-tool^AUR package requires the systemd hook. For more information be sure to read the project's README as well as the provided default systemd service unit files to get you started.

The recommended hooks are: base autodetect modconf block filesystems keyboard fsck systemd systemd-tool.

Remote unlocking (hooks: netconf, dropbear, tinyssh, ppp)

Another package combination providing remote logins to the initcpio is mkinitcpio-netconf^AUR and/or mkinitcpio-ppp^AUR (for remote unlocking using a PPP connection over the internet) along with an SSHserver. You have the option of using either mkinitcpio-dropbear^AUR or mkinitcpio-tinyssh^AUR. Those hooks do not install any shell, so you also need to install the mkinitcpio-utils^AUR package. The instructions below can be used in any combination of the packages above. When there are different paths, it will be noted.

1. If you do not have an SSH key pair yet, generate one on the client system (the one which will be used to unlock the remote machine). If your choose to use mkinitcpio-tinyssh^AUR, you have the option of using Ed25519 keys.
2. Insert your SSH public key (i.e. the one you usually put onto hosts so that you can ssh in without a password, or the one you just created and which ends with .pub) into the remote machine's /etc/dropbear/root_key or /etc/tinyssh/root_key file.
   Tip: This method can later be used to add other SSH public keys as needed; In the case of simply copying the content of the remote's ~/.ssh/authorized_keys, be sure to verify that it only contains keys you intend to be using to unlock the remote machine. When adding additional keys, regenerate your initrd as well using mkinitcpio. See also Secure Shell#Protection.
3. Add the  encryptssh hooks before filesystems within the "HOOKS" array in /etc/mkinitcpio.conf (the encryptssh replaces the encrypt hook). Then rebuild the initramfs image.
   Note: The net hook provided by mkinitcpio-nfs-utils is not needed.
4. Configure the required cryptdevice= parameter and add the ip= kernel command parameter to your bootloader configuration with the appropriate arguments. For example, if the DHCP server does not attribute a static IP to your remote system, making it difficult to access via SSH accross reboots, you can explicitly state the IP you want to be using:

   ip=192.168.1.1:::::eth0:none

   Note: As of version 0.0.4 of mkinitcpio-netconf^AUR, you can nest multiple ip= parameters in order to configure multiple interfaces. You cannot mix it with ip=dhcp (ip=:::::eth0:dhcp) alone. An interface needs to be specified.

   ip=ip=192.168.1.1:::::eth0:none:ip=172.16.1.1:::::eth1:none

   For a detailed description have a look at the according mkinitcpio section. When finished, update the configuration of your bootloader.
5. Finally, restart the remote system and try to ssh to it, explicitly stating the "root" username (even if the root account is disabled on the machine, this root user is used only in the initrd for the purpose of unlocking the remote system). If you are using the mkinitcpio-dropbear^AUR package and you also have the openssh package installed, then you most probably will not get any warnings before logging in, because it convert and use the same host keys openssh uses. (Except Ed25519 keys, dropbear does not support them). In case you are using mkinitcpio-tinyssh^AUR, you have the option of installing tinyssh-convert^AUR or tinyssh-convert-git^AUR so you can use the same keys as your openssh installation (currently only Ed25519 keys). In either case, you should have run the ssh daemon at least once, using the provided systemd units, so the keys can be generated first. After rebooting the machine, you should be prompted for the passphrase to unlock the root device. Afterwards, the system will complete its boot process and you can ssh to it as you normally would (with the remote user of your choice).

Tip: If you would simply like a nice solution to mount other encrypted partitions (such as /home) remotely, you may want to look at this forum thread.

Remote unlock via wifi (hooks: build your own)

The net hook is normally used with an ethernet connection. In case you want to setup a computer with wireless only, and unlock it via wifi, you can create a custom hook to connect to a wifi network before the net hook is run.

Below example shows a setup using a usb wifi adapter, connecting to a wifi network protected with WPA2-PSK. In case you use for example WEP or another boot loader, you might need to change some things.

1. Modify /etc/mkinitcpio.conf:
   • Add the needed kernel module for your specific wifi adatper.
   • Include the wpa_passphrase and wpa_supplicant binaries.
   • Add a hook wifi (or a name of your choice, this is the custom hook that will be created) before the net hook.

     MODULES="module"
     BINARIES="wpa_passphrase wpa_supplicant"
     HOOKS="base udev autodetect ... wifi net ... dropbear encryptssh ..."

2. Create the wifi hook in /etc/initcpio/hooks/wifi:

   run_hook ()
   {
    # sleep a couple of seconds so wlan0 is setup by kernel
    sleep 5
   
    # set wlan0 to up
    ip link set wlan0 up
   
    # assocciate with wifi network
    # 1. save temp config file
    wpa_passphrase "network ESSID" "pass phrase" > /tmp/wifi
   
    # 2. assocciate
    wpa_supplicant -B -D nl80211,wext -i wlan0 -c /tmp/wifi
   
    # sleep a couple of seconds so that wpa_supplicant finishes connecting
    sleep 5
   
    # wlan0 should now be connected and ready to be assigned an ip by the net hook
   }
   
   run_cleanuphook ()
   {
    # kill wpa_supplicant running in the background
    killall wpa_supplicant
   
    # set wlan0 link down
    ip link set wlan0 down
   
    # wlan0 should now be fully disconnected from the wifi network
   }

3. Create the hook installation file in /etc/initcpio/install/wifi:

   build ()
   {
    add_runscript
   }
   help ()
   {
   cat< Enables wifi on boot, for dropbear ssh unlocking of disk.
   HELPEOF
   }

4. Add ip=:::::wlan0:dhcp to the kernel parameters. Remove ip=:::::eth0:dhcp so it does not conflict.
5. Optionally create an additional boot entry with kernel parameter ip=:::::eth0:dhcp.
6. Regenerate the intiramfs image.
7. Update the configuration of your boot loader.

Remember to setup wifi, so you are able to login once the system is fully booted. In case you are unable to connect to the wifi network, try increasing the sleep times a bit.

https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_of_the_root_.28or_other.29_partition

AS&E - MINI Z

'm back...Snowden had litle level of access to information. couldn't plug in nothing, bring nothing inside...couldn't keystroke nothing...my wild guess...he sent a link trought the internal chatroom...OR

how to add http headers to a packet sniffed using scapy

....

f I understand correctly, the problem you're having is that you want to update an existing HTTP request with a new header. What you want is to update a string in place, which Python can't do directly (strings are immutable).

So what you should do is take the HTTP header:

old_hdr = pkt[Raw] or old_hdr = pkt[TCP].payload

and manipulate it like a string:

new_hdr = 'New Header: value'
hdr = old_hdr.split('\r\n') # This is a crappy hack. Parsing HTTP headers
hdr.insert(new_hdr, 2)      # is a [solved problem][1].
send_hdr = '\r\n'.join(hdr)
pkt[TCP].payload = send_hdr

If you find checksums are not updating, delete them before sending the packet:

del pkt[TCP].chksum

and Scapy will put them back for you, with the right values.

Edit: I just noticed that my link is fail. Here is how to parse HTTP headers.

https://stackoverflow.com/questions/13017797/how-to-add-http-headers-to-a-packet-sniffed-using-scapy?rq=1

THE GUARDIAN TOP SECRET

  the guardian top secret.docx by Elsa Cristina David on Scribd

Disclaimer: This piece of equipment may be used in potentially dangerous activities of which the seller carries no liability or responsibility of use, misuse, or accidents related to the use of this product.

Disclaimer: This piece of equipment may be used in potentially dangerous activities of which the seller carries no liability or responsibility of use, misuse, or accidents related to the use of this product.

...James Bond-like image - for instance, identification transmitters that can be hidden in an agent's shoes to enable the monitoring by satellite of their precise location....here it goes boys...you wear this little device (some how on your shoes..) because if you amplify the RF at junk on 1575.42MHz

Qinpu Q-2 Hybrid Audio Power Hi-end Ipod, CD Integrated Amplifier

Qinpu Q-2 Hybrid Audio Power Hi-end Ipod, CD Integrated Amplifier in Consumer Electronics, TV, Video & Home Audio, Home Audio Stereos, Components, Amplifiers & Preamps | eBay

EBAY.COM

Create artificial GPS RF Signals with SatGen GPS Simulation Software

SENSITIVE FIRMS LIST

Acquisition Domain:

• ACT-I
• AMDEX Corp.
• B3 Solutions
• BMK Consultants
• Bowhead Systems Management
• Culmen International
• Davis-Paige Management Systems
• Domain X Technologies
• ERP International
• Goldbelt Raven
• JRAD
• Markon Solutions
• Millennium Corporation
• MLT Systems
• Nexagen
• Patricio Enterprises
• SAMS
• Sentek Global
• SIM
• Syneren Technologies
• UCS
• USI

B&A Domain:

• BCF Solutions
• Celerity Government Solutions
• Deloitte Consulting
• ECS
• Engility Corp.
• Kalman & Co.
• Millennium Corp.
• SAIC
• SAMS
• TASC
• Tecolote Research;

E&T Domain:

• Alion Science and Technologies
• Booz Allen Hamilton
• CACI Technologies
• Camber Corp.
• Engility Corp.
• JRAD
• KASTLE
• SAIC
• Schafer Corp.

IT Domain:

• Alion Science and Technologies
• AMDEX Corporation
• Booz Allen Hamilton
• Camber Corp.
• Dovel Technologies
• DSA
• Engility Corp.
• ERP International
• Millennium Corp.
• Noblis
• SAIC
• Schafer Corp.
• TASC

Logistics Domain:

• Booz Allen Hamilton
• CACI Technologies
• Camber Corp.
• Engility Corp.
• ERP International
• MacB ESI
• Millennium Corp.
• Patricio Enterprises
• SAIC

Medical Domain:

• Booz Allen Hamilton
• ERP International
• Noblis
• SAIC
• TASC
• Tauri Group

https://washingtontechnology.com/articles/2013/02/06/biochemical-army-contract.aspx