Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Mmwwaaaa

Pages: [1] 2
1
Operating System / Re: [WARNING!] Win10
« on: February 23, 2016, 02:00:06 am »
Now for a smarter format:

Code: [Select]
127.0.0.1 vortex.data.microsoft.com
127.0.0.1 vortex-win.data.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com telecommand.telemetry.microsoft.com.nsatc.net
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 telemetry.microsoft.com
127.0.0.1 watson.ppe.telemetry.microsoft.com
127.0.0.1 telemetry.appex.bing.net
127.0.0.1 telemetry.urs.microsoft.com
127.0.0.1 telemetry.appex.bing.net:443
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 vortex-sandbox.data.microsoft.com
127.0.0.1 survey.watson.microsoft.com
127.0.0.1 watson.live.com
127.0.0.1 watson.microsoft.com
127.0.0.1 statsfe2.ws.microsoft.com
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 cs1.wpc.v0cdn.net
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 statsfe2.update.microsoft.com.akadns.net
127.0.0.1 sls.update.microsoft.com.akadns.net
127.0.0.1 fe2.update.microsoft.com.akadns.net
127.0.0.1 diagnostics.support.microsoft.com
127.0.0.1 fe2.update.microsoft.com.akadns.net
127.0.0.1 diagnostics.support.microsoft.com
127.0.0.1 corp.sts.microsoft.com
127.0.0.1 statsfe1.ws.microsoft.com
127.0.0.1 pre.footprintpredict.com
127.0.0.1 i1.services.social.microsoft.com
127.0.0.1 i1.services.social.microsoft.com.nsatc.net
127.0.0.1 feedback.windows.com
127.0.0.1 feedback.microsoft-hohm.com
127.0.0.1 feedback.search.microsoft.com
127.0.0.1 rad.msn.com preview.msn.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ads.msn.com
127.0.0.1 ads1.msads.net
127.0.0.1 ads1.msn.com
127.0.0.1 a.ads1.msn.com
127.0.0.1 a.ads2.msn.com
127.0.0.1 adnexus.net
127.0.0.1 adnxs.com
127.0.0.1 az361816.vo.msecnd.net
127.0.0.1 az512334.vo.msecnd.net

2
Hacking and Security / User PW Validity
« on: February 23, 2016, 01:21:22 am »
Hey all,


So you have 10<>10,000 employees:

Do you A: Enforce they have a complex pw & only issue a change notice when breached..

OR

Should you B: Enforce that they change their pw every x amount of days/weeks...

The average human cannot keep up to standards with cryptography as it is.. By forcing them to change their pw we risk the fact that most people use/re-use they favourite pw.

Are we safer to let them stick with their favourite or should we enforce change?

Regards,

3
Found it on the Webs / Yet another OSINT earl
« on: February 18, 2016, 06:06:32 am »
Holla fellow equals!

Fascinating little squiz you may find exciting found here

Regards,

4
Hacking and Security / Re: Preferred way to obfuscate passwords over HTTP?
« on: April 02, 2015, 02:13:06 am »
First rule, Never Assume.

5
Hacking and Security / Re: Preferred way to obfuscate passwords over HTTP?
« on: April 01, 2015, 04:26:01 am »
You have, Yes. SSL sounds great....To me. Not to all.

Say a multi national company was to HTTP. They care not for SSL.. Basically my situation.

Regards,

6
Hacking and Security / Preferred way to obfuscate passwords over HTTP?
« on: March 30, 2015, 03:49:41 pm »
How do you like to prevent the odd person from sniffing your HTTP passwds?

Regards,

7
General discussion / Re: Is the bay gone for good?
« on: December 10, 2014, 09:40:28 pm »
One of them.

A list of working Pirate Bay proxy sites found at https://proxybay.info
Updated on Tue Dec  9 10:55:01 UTC 2014

Code: [Select]
https://pirateproxy.sx/
https://labaia.me
http://mybay.pw
http://outlaw.is
https://ilikerainbows.co.uk/
http://tpb.lokun.is
http://www.the-pirate-bay.org
http://privatebay.club
http://thebay.me
http://torrentula.se
http://tpb.jeunespirates.fr
http://tpb-uk.info
http://bayproxy.ovh
https://thepairatebay.net/
http://rekt.club
http://www.thepiratebay.st
http://bayproxy.uk
https://yar.okhin.fr
http://tpb.fastshit.net
http://thepb.libfoobar.so
http://dc7800.mufthosting.net
http://ilikechristmas.twomini.com
http://shaunyeldhams.zz.vc
http://thepiratebay.siriane.org
http://baiedespirates.hunez.eu
http://tpb.website
http://tpb.proxy.pm
http://proxypirate.eu
http://pirproxy.com
http://tpb.cryptostorm.is
http://thepirateboat.eu
http://piratebay.helpamillionpeople.com
http://thepiratebay.website
http://iloverainbows.net84.net
http://tpb.proxie.us
http://baytorrent.nl
http://tpb-proxy.com
http://piratebayguru.com
https://tpbt.org
http://tpb.issavagegay.com
http://thepiratebay.mine.nu
http://bay.dragonflame.org
http://tpb.thevoidgroup.co.uk
http://www.thepiratebay.hk
http://proxybay.xyz/
http://tpb.webi.pw
http://piratebay.rocks
http://bay.piratenpartei.at
http://proxybay.eu
http://proxyduck.com/proxyid/browse.php?u=http://thepiratebay.se
http://bayproxy.li
http://fastpiratebay.com
http://tpb.exodica.com.ar
http://tpbproxy.cremoznik.si
http://pirateproxy.nl
http://thepiratebay.cr
https://tpb.jorritkleinbramel.nl
http://proxytpb.nl
http://tpbproxy.me
http://thebay.ws
http://www.thepiratebay2.se
http://tpb.par-anoia.net
http://kuiken.co/
http://baymirror.com
https://proxy.rickmartensen.nl/thepiratebay.se
http://pirbay.come.in/
http://tpb.genyaa.org/
http://www.dieroschtibay.org/
http://tpb.ninja.so
http://91.121.194.115:82/
http://www.bayproxy.com/
http://tpb.piraten.lu
https://piratebay.blackc.at
http://thepiratebay.se.websiteproxies.co.uk
http://tpb.madfedora.site40.net
http://pirateshore.org
http://freetpb.cf
http://piratebay1.com
http://onlinetpb.webs.pm
http://mobiletorrents.in
http://8la2.com

8
General discussion / Re: Is the bay gone for good?
« on: December 10, 2014, 09:04:35 pm »
http://thepiratebay.cr/

9
General discussion / Re: Is the bay gone for good?
« on: December 10, 2014, 10:03:36 am »
Demonoid has been back for quite some time friend..

10
General discussion / Re: Is the bay gone for good?
« on: December 09, 2014, 08:51:47 pm »
Not that many....


diffusethe.net
thehydrabay.net
thehydrabay.org
thepiratebay.ac
thepiratebay.pe
thepiratebay.se
tvshowbay.net

11
General discussion / Re: Is the bay gone for good?
« on: December 09, 2014, 06:33:40 pm »
There has been a crackdown on a server room in Greater Stockholm. This applies violation of copyright law, says Paul Pintér, police national coordinator for intellectual property law violations.

 The effort was initiated by Frederick Ingblad, one of Sweden's special prosecutors file sharing. He confirms that the raid took place in the Stockholm area, on Tuesday morning, without specifying the site further.

 - There were a number of police officers and Digital forensics there. This took place during the morning and until the afternoon. And there were several servers and computers seized, but I would not say exactly how many, says Fredrik Ingblad.

Ingblad would not say whether any detainees, or what exactly suspicions tube.
 
- I can not say exactly what it is for the type of crime yet.
 The raid should be according to data to TT have been directed to file-sharing site The Pirate Bay, the site stopped working at 12 o'clock on Tuesday.
 
 TT: Have the raid any connection to The Pirate Bay?

 - I can neither confirm nor deny it currently says Fredrik Ingblad.

12
General discussion / Is the bay gone for good?
« on: December 09, 2014, 06:12:19 pm »
As the title reads, What happened?

http://www.downforeveryoneorjustme.com/thepiratebay.se

13
General discussion / Re: Funny SMF stats.
« on: December 06, 2014, 08:39:30 am »
Also includes bots of all natures

14
Hacking and Security / Re: Cookies
« on: December 03, 2014, 10:10:34 am »
Said token looks like so;

##UUID EXAMPLES

6cd5ac27c88a8f9770f482bd6a81932e106c50de

33b0bba772f80c5d60b139557af685ee2166f402

cb837583db7617ead59c490ce6d9ba259dcc51f5

ce622d70bfa61718b29c58087240f25835c84306

16f0cc9ddb987c5eb706880c43f2b84ba700db7d

## Expiration Date = 2553462000 == 1/12/2050

## Complete "SMFCookie" in JSON
Code: [Select]
[
{
    "domain": "domain.com",
    "expirationDate": 2553462000,
    "hostOnly": true,
    "httpOnly": false,
    "name": "SMFCookie",
    "path": "/",
    "secure": false,
    "session": false,
    "storeId": "1",
    "value": "a3A43A7Bi3A03Bs3A43A228845223Bi3A13Bs3A403A2216f0cc9ddb987c5eb706880c43f2b84ba700db7d223Bi3A23Bi3A16066536963Bi3A33Bi3A03B7D",
    "id": 7
}
]
Now a script to generate tokens and run against domain of choice would be mighty fine.

Example/PoC

15
Hacking and Security / Re: Cookies
« on: December 01, 2014, 10:48:58 am »
As i suspected the first batch of [X] is indeed the 'UUID' for the domain (much smaller than i originally thought) where the cookie is needed and is NOT randomized, Well it cannot be, due to the browser needing to know where that cookie really came from among the millions of SMF users (catch my drift).. Now like a good WiFi device i will now shout creds until i'm heard...

THS 'UUID' = 3845

EZ   'UUID' = 22407

How these are distributed i don't know yet, One would think it's just numerical order or could well be randomly assigned.. This matters not, Just curious. Point is, Short numerical code.

Now it gets interesting, The second batch of [X] is all about the user & seems to consist of 40 chars, ONLY lower case and numbers. So that may sound safe too you right, gotta love RNG etc.. Well, It's not RNG(ed).... SMF assigns this cookie content based on the time you have chosen to stay logged in, No not like a random timestamp. i.e;

If you check the box, "always stay signed in" it will 'generate' the same cookie over and over, Same 40 chars etc.. Exactly the same if you choose X amount of minutes to stay logged in.. Basically it assigns you one of 2 cookies.. nothing is random, both 'static' cookies leaving room for many ways to exploit this.. Now i am looking at how to change the content of said cookie, See if this were password cracking and you knew you were compromised.. Change your pw & BAAM! HA, You can change all the creds you want, once you botain this 40 char 'master-key' you got persistence baby.. $Profit

Yours sincerely,

Gwyneth

EDIT: One solution/fix seems to be to delete you cookies completely and sign in with a new allocated time. Logging out and in does not seem to change the cookies value.
 
EDIT-2: Even this seems to be a flawed method. All has something to do with the logout buttons URL;

Code: [Select]
https://evilzone.org/logout/?d2d627p=4b613789a9ae67d9a5515878b4e1021oe3
So "d2d627p=4b613789a9ae67d9a5515878b4e1021oe3" somehow translates to "please reset/banish my cookie". If you say close the browser, uninstall said browser, use Ccleaner, DBAN then proceed to your storage medium with your weapon of choice, WITHOUT using the logout button.. Your cookie creds will remain the same and you can use them to log back in without a username or password. Thus leaving my first edit pretty false but i'm getting there.

Now my next assumtion is that "d2d627p=4b613789a9ae67d9a5515878b4e1021oe3" is a two part obfuscation of:

1, Domain 'UUID' = "d2d627p

2, PHPSESSID      = 4b613789a9ae67d9a5515878b4e1021oe3

Hence when you sign in next, SMF knows to allocate you a "new cookie". In saying all that, May i remind you that SMF cares not about the PHPSESSID or Timestamp at login, ONLY the 40 char string..

Pages: [1] 2