An attempt to whack a Russian Ministry of Interior Affairs’ HP Printer with PRET

I’ve been attempting to use PRET.py aka Printer Exploitation Toolkit to whack a Russian Ministry of Interior Affairs’ HP Printer by wearing out their NVRAM with the “destroy” command but there’s no luck as the VPS crashed in the process so therefore I’ve switched to a plan B wherein I just printed “PUTIN VOR PUTIN KHUILO” instead. Beforehand I briefly put up the #FreeAzovSeaSailors message.

azovmidputinvor

May the force be with you.

 

Edit: It turns out that my NVRAM-whacking attempt initiated before the VPS crash seems to be successful.

nvram

 

Edit of the edit: I neglected to capture the moment of the original NVRAM write cycle loop that reached well over 5 million cycles that might’ve brought down the printer’s NVRAM before being fucked up by the VPS crash. You have my apologies for that.

May the force be with you.

Advertisements

#Greyhatting: Exposed Greek astronomical observatory controls

As the inactivity of the observatory’s owner means that a normal meaningful contact for white or grey hat notifications might not be possible therefore I chose to disclose the exposed controls of his astronomical observatory here in a partially obfuscated manner.

observatory1observatory2observatory3observatory4observatory5

On the other hand yeah, that was me on these printers displaying “DELETEART13”.

6hz75l0ade221

May the force be with you.

#Greyhatting: GMV FTP’s arbitrary upload vulnerability

During Thanksgiving I came across an arbitrary upload vulnerability on space communication company GMV’s FTP system wherein anyone can upload any files they want.

The problem is with the impending likelihood of Article 13 getting passed these exposed FTP may inadvertently leaves them vulnerable to the clutches of liability. Not to mention that online predators will misuse that to surreptitiously transmit or store CP images.

Therefore I chose to inform GMV with both email and contact form about this issue and they acted beautifully swift to patch the hole by taking down the “Anonymous upload” and “Anonymous download” buttons and restricted those functions to authorized users only.

Unfortunately as it was a Thanksgiving time I was too lazy to take more screenshots but here they are.

BEFORE

Capture

capture1

AFTER

capture2capture3

capture4

Here is my email to the GMV staff pertinent to this hole.

messagemessage2

May the force be with you.

The Twitter two-week suspension ordeal

Earlier this month I’ve been changing the passwords of four of my Twitter accounts in a short span.

It’s not just quick, but too quick, and that’s what would unwittingly lead to the start of an ordeal on the very next day.

Twitter’s automated system may have caught the abnormal activity and promptly flagged and autosuspended accounts @cybanakinvader, @cyberahsokatano, @juche_school1, @omawiisecurity, @eu_court_press and @cour_ue_presse. Now if you’re quite familiar with me for a while you might notice that all of my prank accounts that ended up on BBC and ZDnet got affected.

I filed several appeal tickets to Twitter Support for those accounts respectively and even contacted some Twitter staffs directly with help from my followers, and few days later they replied that they found me in violation of “creating serial and/or multiple accounts with overlapping use cases”, “Cross-posting Tweets or links across accounts”, and “Aggressive following, particularly through automated means”. This may have to do as factors which led to their automated system suspending those in this case.

support

Before that I supposed that a certain young-aged individual from Canada who uses a script to mass report anybody with 400-500 accounts might be the culprit here and more often than not he would @ people being targeted to but luckily this isn’t what happened.

replied

After I chose my main account for restoration (see above), I would end up with a more grueling wait in which I would obsessively google terms like “how to appeal Twitter suspensions” however the best of it is I unwittingly came across tales of how many people across the world have their accounts permanently locked out after entering the “correct” birth date after registering a false one when they were younger.

If you think that bad EU laws won’t affect the whole world then please think again as the mass birthdate lockout is precisely due to the GDPR’s implementation. This is a serious issue pertinent to all of you.

As you can see here the automated system methodology currently used by Twitter to ostensibly detect and lock/suspend hacked accounts is very far from perfect when it caught up what it shouldn’t. This is precisely why Article 13 in its current form must be opposed. 

I have a backup account (@cyberanakin) to use in case of that but Twitter has tighten its rules regarding evasion of suspension so the appeal form is the only way to go for that moment and after continuous pressures by me and my followers (especially @loondale and @soronsen) to expedite the appeal process, the ordeal was finally put to an end when Twitter unsuspended my main account.

unsuspended.PNG

People like me might have the privilege to alleviate some aspects of the bureaucratic appealing process with the help of fans/followers but what about the rest of ordinary folks? This is going to get way lot worse if #Article13 passes next year as the internet will no longer be as vibrant as before.

On the other hand the #MAGABomber guy was left alone by Twitter staffs before the attempted mail-bombings despite numerous threats against numerous figures so I’m gonna tone down my Twitter activities a bit to protest their incompetence.

First I’ve set up a chat room on my subreddit for all of my followers and friends to stay in touch although you would need to switch to new reddit interface to do that.

Next the Jester has created his own Mastodon instance counter.social where you can join with me too.

Finally, I have made an account on Plurk. Before I end this I would like to inform you that instead of having to copy/remember a long cryptowallet address you can now click here to support me.

Bye bye @cyberahsokatano.

ahsokaleavesjeditemple

May the force be with you.

Cyber Anakin’s announcement on the success of #DeleteArticle13 of July 5

Dear all,

As we have learned today the EU parliement has killed Axel Voss’ Article 11 and 13 which would threaten the internet ecosystem with its controversial internet filters and mandatory link taxes by kicking those back to the drawing board. I would like to warmly congratulate all EU Citizens and MEPs who has managed to stand up and fight for the Internet for the past few weeks.

I sincerely hope that this would serve as a lesson for all and I’m looking forward to see any sensible alternatives that’ll guarantee both the rights of the copyright holders, internet platforms and the rest of you as a whole to be brought up in the EU committee.

The battle is not over yet as the pressure must be maintained for MEPs to introduce sensible amendments to the copyright law on September 10th.

May the force be with you.

Cyber Anakin’s announcement on the failure of #DeleteArticle13 of June 20

Dear all,

Despite all of our efforts Axel Voss’ Article 11 and 13 has been pushed through today’s EU committee vote. This is a bad sign for the whole internet as it’ll implicitly mandate every single internet platforms to install automated filters that’ll scan everything for copyright violations, not to say with the link tax you’ll be no longer able to share links and snippets as you wanted to.

The proposed filter is of course by today’s standards far from perfect. It’s going to let things which shouldn’t to pass through and block those that should be allowed and it can not discern between outright infringement and fair use.

There’s one more chance: the final vote in the larger parliament. We will face a very difficult battle as we need to convince a few hundreds of MEPs to vote against Axel’s blockheaded proposal instead of just ten in this committee vote.

The European Union is not going to make itself any more better than Russia or China if Article 13 becomes law.

No matter the challenges our determination will not be denied and the fight to keep the free internet from going into the night shall remain foremost in our minds and hearts. Others will surely follow and join our fight.

I’m neither a pro-copyright extremist nor an anti-copyright one. Ideally it must be on the balance between the two but Article 13 is way too far off the balance and this is the reason that I’m jumping in to oppose it.

This is like Ready Player One with Axel Voss as Nolan Sorrento, the Internet as the OASIS, and all of you as those players at planet Doom battling the IOI.

May the force be with you, and may the free internet lives to see another day.

Cyber Anakin