herrfeder

/*
Copyright 2024.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

herrfeder

Problem

• when upgrading a kolla-ansible powered OpenStack Environment from a single node mariadb to a Galera Cluster, the database gots somehow corrupted (I'm no database expert). All nodes were corrupted or not even running. (Yes, there wasn't a backup) This led finally to the challenge, to recover the database from the still existing ibd-Files
• modern MySQL/MariaDB distributions with InnoDB does allow import of Tables from ibd-Files. It's recommended to also import the associated cfg-File of each table which doesn't exist in my case
  • without these cfg-Files an error will be raised Internal error: Drop all secondary indexes before importing table <tablename> when .cfg file is missing and this leads to my approach to seperate the primary index statements from the secondary indexes and add them after the Tablespace gets imported successfully

Approach

1. Create SQL Dump of a working fresh opensstack mariadb and store it for later:

herrfeder

• I applied these rules according to https://github.com/opnsense/ports/blob/master/opnsense/filterlog/files/description.txt

input {
  tcp {
    port => 5000
    type => syslog
  }
  udp {

herrfeder

{"shortcuts": [
        {
            "command": "application:activate-next-tab",
            "keys": [
                "Ctrl Shift ArrowRight"
            ],
            "selector": "body"
        },
        {
            "command": "application:activate-previous-tab",

herrfeder

X = df_lr[["merc_x", "merc_y"]]
y = df_lr["price_cat"]

X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.33, random_state=42)
neigh = KNeighborsClassifier(n_neighbors=80)
neigh.fit(X_train, y_train)

y_pred=neigh.predict(X_test)
print("Accuracy: {:.2f}%".format(100*metrics.accuracy_score(y_test, y_pred)))

herrfeder

mqtt.rpi-cdc.conradconnect.de

they are stored in ~/.config/google-chrome/Default/Login\ Data to export to chrome-passwords.txt file: Code:

$ sqlite3 ~/.config/google-chrome/Default/Login\ Data
$ sqlite> .output chrome-passwords.txt
$ sqlite> select origin_url, username_value, password_value from logins;
$ sqlite> .exit

herrfeder

1. First Look

• app functions
• switch functions

2. Acess over Wireless Interfaces and Network

• use interfaces in intended manner and dump network exchange information
• scan network services on cam and servers

3. Reversing Android App

• finding firmware and keys for further access encryption
• vulnerabilities

herrfeder

Theoretical on DECT

General Terms

• Range: 1.88 - 1.9 GHz

• Channel Spacing: 1.728 MHz

• Number Carriers: 10

• Speech codec: ADPCM with 32kbps speech rate

• DMAP DECT Multimedia Access Profile

• DPRS DECT Packet Radio Service

herrfeder

Student ID: IoTE-775

This Blog/Gist will be very detailed with a lot of additional listings to see the process and methodology of Examination.

Sricam SP009 Hardware and Software Examination

In this gist I will try to examine and exploit the Sricam SP009. I purchased it from Attify with the IOT Exploitation Kit.

1. First Recon

• doing Research on Manufacturer Details