How to use Telnet

Most of you only know that TelNet is a Port ( Port 23 ) or that TelNet is a Remote Control Tool. Remote Control means in this aspect that you as Client can get a Connection to for example a TelNet Server and then you can write Commands in a derivative of a Shell and this commands are executed only on this server not on your machine. But I want to show all you guys how to use this simple Remote Control Tool in several ways, because this simpleness is brilliant.  Continue reading “How to use Telnet”

Advertisements

Hacking Servers: A beginner’s guide

This information is to be used for informational purposes only.

I am asked at least 5 or more times a day by young, beginning “hackers”, “How can I hack?” or “Is there a way to hack a web site?” Well there is. There are, in fact, literally hundreds of ways to do this. I will discuss a few in this text to get you started. Every hacker has to start somehow and hacking web servers and ftp servers is one of the easiest ways.

If you are reading this I am assuming that you already have a basic knowledge of how web servers work and how to use some form of UNIX. But I am going to explain that stuff anyway for those of you who don’t know. Continue reading “Hacking Servers: A beginner’s guide”

Barrister Tony Gani scam

Hiya all, it’s been a while since I had the opportunity to laugh at a scam so nicely done

Capture

Full Text:

STOP CONTACTING THEM !!!!
MW

Mrs. Rozella Wittmeyer. <it@fakhrimen.ir>
Thu 18/01/2018, 3:06 PM

Attention:

I am Mrs. Rozella Wittmeyer, I am a US citizen, 48 years Old. I reside here in Texas USA.My residential address is as follows, 1109 Lake Haven Drive Little Elm Texas 75068 United States,am thinking of relocating since I am now rich. I am one of those that took part in the compensation in United State of American many years ago and they refused to pay me, I had paid over $56,000 while in the US,trying to get my payment all to no avail.

So I decided to travel to Washington with all my compensation documents, And I was directed by the Federal Bureau of Investigation Director to contact Barrister Tony Gani, who is a representative of the Federal Bureau of Investigation and a member of the Compensation Award Committee, currently in USA and I contacted him and he explained everything to me. He said whoever is contacting us through emails are fake.

He took me to the paying bank for the claim of my compensation payment. Right now I am the most happiest woman on earth because I have received my compensation funds of $10.5 Million US Dollars,Moreover,Barrister Tony Gani showed me the full information of those that are yet to receive their payments and I saw your email as one of the beneficiaries on the list he showed me, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you. I will advise you to contact Barrister Tony Gani. Kinldy send your personal details to him to prove your identification.

Full Name:
Home Address:
Occupation:
Phone Number:
Age:
Gender:
country:

Listed below are the name of mafias and banks behind the non release of your funds that I managed to sneak out for your kind perusal.

1) Prof. Charles soludo
2) Senator David Mark
2) Micheal Edward
3) Chief Joseph Sanusi
3) Sanusi Lamido
4) Dr. R. Rasheed
5) Mr. David Koffi
6) Barrister Awele Ugorji
7) Mr. Roland Ngwa
8) Barrister Ucheuzo Williams
9) Mr. Ernest Chukwudi Obi
10) Dr. Patrick Aziza Deputy Governor - Policy / Board Member
11) Mr. Tunde Lemo Deputy Governor - Financial Sector
Surveillance/Board Member
12) Mrs. W. D. A. Mshelia Deputy Governor - Corporate Services / Board
Members
13) Mrs. Okonjo Iweala
14) Mrs. Rita Ekwesili
15) Barr Jacob Onyema
16) Dr. Godwin Oboh: Director Union Bank Of Nigeria.
17) Mr. John Collins: Global Diplomat Director.
18) Foreign fund diplomatic courier
19) Barr. Becky Owens
20) Rev. Steven Jones
21) Mr. Alfred james
22) Mrs. Sherry Williams
23) Mr. Scott Larry

You have to contact Barrister Tony Gani directly on this information below.

Compensation Award House
Name: Barrister Tony Gani
Email: barrtonygani4@gmail.com

You really have to stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing. The only money I paid after I met Barrister Tony Gani was just $450 USD for the paper works, take note of that.

Once again stop contacting those people, I will advise you to contact Barrister Tony Gani so that he can help you to deliver your fund instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction.

Thank you and be Blessed.

Mrs. Rozella Wittmeyer.
1109 Lake Haven Drive,
Little Elm Texas 75068 United States.

Now why would a middle aged woman from the “United States of American” having an email address made in IRAN contact me without actually knowing my name? 🙂
It seems the text has been copied from Google translate and what I found, the lady name might differ but the Barrister Tony Gani has been reported before:
The so-called “419” scam is a type of fraud dominated by criminals from Nigeria and other countries in Africa. Victims of the scam are promised a large amount of money, such as a lottery prize, inheritance, money sitting in some bank account, etc.

BARRISTER TONY GANI – LAWYERGANI@QQ.COM


This is obviously a scam but just a reminder:

  • Never disclose personal information in any email
  • any amounts that has millions and millions awaiting you are not yours
  • the names of people involved in the email might be real but might not actually be used with the people’s permissions
  • If the reply-to email is different than the sending email – that’s a spoof marker

BE SAFE

Content Security Policy (CSP) for ASP.NET MVC

This series of blog posts goes through the additions made to the default ASP.NET MVC template to build the ASP.NET MVC Boilerplate project template. You can create a new project using this template by installing the Visual Studio template extension or visit the GitHub site to view the source code.

What is CSP?

For a true in-depth look into CSP, I highly recommend reading Mozilla‘s documentation on the subject. It really is the best resource on the web. I will assume that you’ve read the documentation and will be going through a few examples below.

Content Security Policy or CSP is a great new HTTP header that controls where a web browser is allowed to load content from and the type of content it is allowed to load. It uses a white-list of allowed content and blocks anything not in the allowed list. It gives us very fine grained control and allows us to run our site in a sandbox in the users browser.

CSP is all about adding an extra layer of security to your site using a Defence in Depth strategy.

The idea behind the defense in depth approach is to defend a system against any particular attack using several independent methods

It helps detect and mitigate Cross Site Scripting (XSS) and various data injection attacks, such as SQL Injection. Continue reading “Content Security Policy (CSP) for ASP.NET MVC”

Where does Netflix store the offline downloads?

Netflix announced a few months back that subscribers will be able to download select movies and TV shows for offline playback. The feature had been requested by users for a long time, and it’s reportedly been in the works since June. Now, anyone with a Netflix subscription can download movies and TV shows to watch when they’re not connected to the internet.

How to start downloading movies

You can only download Netflix videos using the iOS or Android app. Netflix requires users to have the iOS 8.0 or later and Android 4.4.2 or later, in addition to having the latest version of the app. Downloading videos will consume about as much data as streaming, so if you plan on saving a bunch of videos, we’d recommend connecting to a reliable WiFi connection to prevent any unexpected mobile data charges.

Where are they stored?

C:\Users\UserName\AppData\Local\Packages\4DF9E0F8.Netflix_mcm4njqhnhss8\LocalState\offlineInfo\downloads

Where c: is your system drive and Username gets replaced with the user you are logged in with.

Once you navigate to the above directory, you will see all downloaded movies and TV shows. Netflix doesn’t use descriptive names for downloaded contents, so you cannot identify them. However, the size of the file might give you some clue. The biggest catch is that these contents cannot be opened with media players like VLC or GOM Player.

Black Mirror said it first: You aren’t anything if you aren’t online!

According to a Netflix spokesperson,

“The downloads can only be viewed within the Netflix mobile app; they aren’t like videos you download from the internet and store to your device.” It’s safe to say this is a digital rights management (DRM) scheme to protect the copyrights of videos being offered.

Please bear in mind that Netflix app will not recognize or play contents if you rename or change the files. So, don’t try to rename downloaded Netflix contents.

The whole reason this entire concept of the offline storage and playback took THIS long to implement is Netflix had to spend years finding out every possible way this kind of functionality could and more than likely would be exploited for people to steal the media content and then re-distribute it aka pirate it. The system they’ve created now that’s rolling out is pretty damned bulletproof from every research report I’ve read about it so far and they spent almost 8 months in a beta program asking people to hack the hell out of it and rip ’em off for that content and so far as I’m aware nobody was ever successful in their attempts and I’m pretty certain some very talented coders/developers and “hackers” went to work on that system with nothing positive for all their efforts.

Sure, it’s entirely possible someone might find a particular exploit that could potentially make it a snap or even a click or two to decrypt and break the DRM on the local content once it’s downloaded – we already know Netflix streams can be captured, so even with all the time and expense put into this new functionality it could eventually get itself cracked pretty fast, or never, that remains to be seen.

How to find the SSL Certificate in Chrome

If you ever wanted to know how to find the SSL certificate information in a browser like Chrome, look no further!
CertificateBefore and up to around Google Chrome version 55, I could view the details of the certificate a website was using by clicking on the green lock icon in the address bar.
Now, you can find this information by going to the Three Dots Menu on the Right of your Chrome Window -> More Tools -> Developer Tools, then click on the Security Tab. This will give you a Security Overview with a “View Certificate Button”.
View Cert
CertificateInfo

Using the Same-Site Cookie Attribute to Prevent CSRF Attacks

Thanks to a new cookie attribute, that Google Chrome started supporting on the 29th of March, and other the popular browsers followed, there is now a solution. It is called the Same-Site cookie attribute. Developers can now instruct browsers to control whether cookies are sent along with the request initiated by third party websites – by using the SameSite cookie attribute, which is a more practical solution than denying the sending of cookies.

Setting a Same-Site attribute to a cookie is quite simple. It consists of adding just one instruction to the cookie.  Simply adding ‘SameSite=Lax’ or ‘SameSite=Strict’ is enough!

Set-Cookie: CookieName=CookieValue; SameSite=Lax;
Set-Cookie: CookieName=CookieValue; SameSite=Strict;

Read more on the Netsparker website

Prerequisites:

IIS Server with URL Rewriter Module Installed.

.NET Code

<system.webServer>
<rewrite>
<outboundRules>
<rule name=”Add SameSite”>
<match serverVariable=”RESPONSE_Set_Cookie” pattern=”.*” />
<conditions>
<add input=”{R:0}” pattern=”; SameSite=strict” negate=”true” />
</conditions>
<action type=”Rewrite” value=”{R:0}; SameSite=strict” />
</rule>
</outboundRules>
</rewrite>