If I only had a brain

Just another WordPress site

KDE on Ubuntu – How do I prevent PolicyKit from asking for a password?

You can use the same technique Ubuntu’s Live CD uses by tricking PolicyKit and suppressing ALL password prompts by substituting the action with a wildcard.

DISCLAIMER: The following will suppress ALL password prompts globally for everyone belonging to the admin group, with the exception of the login screen. It is EXTREMELY dangerous and should NEVER be implemented because chances are YOU WILL END UP BREAKING YOUR SYSTEM!!

Don’t say you weren’t warned!

NOTE: If you are running 12.04 or later, substitute “admin” with “sudo”!

Replace “username” with your actual user name:

usermod -aG admin username

Switch to root:

sudo -i

Create a new policy:

gedit /var/lib/polkit-1/localauthority/50-local.d/disable-passwords.pkla

Add the following:

[Do anything you want]
Identity=unix-group:admin
Action=*
ResultActive=yes

Save and exit. Then go try something that usually requires a password. 🙂

NOTE: It doesn’t matter what you use as your .pkla file name. You can name it anything you want.

sudo – How do I prevent PolicyKit from asking for a password? – Ask Ubuntu

Oh BMW – what are you doing to me?

First the godawful maw, then charging subscriptions for basic functions… but now you do this.

I am confusion. I don’t know… How could the same company make both these… I need a drink!

Regardless, I’m glad to see that somewhere, deep in Germany, you are still the same.

Source: bmw-touring-coupe-inline-C.jpg (1920×1080)

Is this really progress?

File this one in the “Thanks, but couldn’t you find something better to do?” section:

OH JOY UPON JOY!! MY MOTOR OIL IS ON ITS WAY!

Detroit River Watch Webcam

Wish I knew about this when the races were happening. Still, it’s a nice cam and they have a user controlled cam as well.

Source: Detroit River Watch Webcam | Detroit Historical Society

Apple is a Chinese company | Financial Times

Apple is now as much a Chinese company as it is American.

Starting to see some traction in my one man war against China. Calling APL a Chinese company is some hard hitting truth, but it is truth.

Tim Cook has sold out America. He is the enemy.

Source: Apple is a Chinese company | Financial Times

PennDOT Driver and Vehicle Services – We give you the FULL SERVICE, you bastard!

Once again, it is that time of year. And with a fleet of vehicles, this time of year happens every other month or so. IT’S PENNDOT UP YOUR ASS TIME!

It seems every chance Pennsylviana gets to fsck it’s residents is happily taken by our dear government. Our motto should be “PA; GET THE FSCK OUT!”

How about the latest modification to the PennDOT Vehicle registration, lets see if you can notice it:

YELLOW PAPER LIVES MATTER YOU SONOFABITCH!

Source: PennDOT Driver and Vehicle Services – Online Vehicle Services Login Page

Aunt Susie’s LLC | Greencastle, PA

Just putting this out there…

Image 1 for Crown Jewel Vista

Source: Aunt Susie’s LLC | Greencastle, PA | Check Availability or Make a Reservation | ResNexus

Jet Engine Tachometer Turned Into Unique CPU Utilization Meter | Hackaday

I’ve got three boxes of flight instruments waiting for this treatment 🙂

Source: Jet Engine Tachometer Turned Into Unique CPU Utilization Meter | Hackaday

401 and 403 Bypass Cheat Sheet for Penetration Testers

If you can’t beat them…

Manual Techniques for 401 and 403 Bypass Change HTTP Method:

Experiment with different HTTP methods (GET, POST, PUT, DELETE) to bypass restrictions.
Alter URL Encoding: Manipulate URL encoding using double URL encoding, Unicode encoding, or mixed encoding to bypass access control.
Directory Traversal: Use “../” or “./” in the URL path to access restricted files and bypass directory restrictions.
Add Trailing Slash: Append a trailing slash (“/”) at the end of the URL path to bypass access control.
Case Manipulation: Modify the case of letters in the URL to bypass case-sensitive restrictions. HTTP
Headers Manipulation: Tweak headers like X-Forwarded-For, X-Originating-IP, or Referer to bypass IP or referrer restrictions.
URL Fragment: Attach a URL fragment (e.g., “#randomtext”) to bypass access control.

Automated Tools for 401 and 403 Bypass Bulk 403 Bypass:

A Python script to automate testing for common 403 bypass techniques. Access the tool at https://github.com/aardwolfsecurityltd/bulk_403_bypass.
byp4xx: A script that helps bypass 401 and 403 errors using various techniques. Find the tool at https://github.com/lobuhi/byp4xx.
bypass-403: A Python-based tool designed to bypass 403 Forbidden errors. Access the tool at https://github.com/iamj0ker/bypass-403.
ForbiddenPass: A tool focused on bypassing 403 Forbidden responses by testing different methods. Download the tool at https://github.com/gotr00t0day/forbiddenpass.
Burp Suite Extensions: Enhance Burp Suite with extensions, such as Autorize, to help bypass 401 and 403 errors. Access the extension at https://portswigger.net/bappstore/444407b96d9c4de0adb7aed89e826122.

Additional Resources for 401 and 403 Bypass OWASP:

The Open Web Application Security Project (OWASP) provides a wealth of information on web application security, including guidance on bypassing access controls. Visit https://www.owasp.org for more information.
HackTricks: An excellent resource for penetration testing techniques, including bypassing 401 and 403 errors. Access the guide at https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/403-and-401-bypasses.

Remember to always obtain proper authorization before conducting any penetration tests. This cheat sheet is intended for educational purposes and to enhance the security of web applications.

Source: 401 and 403 Bypass Cheat Sheet for Penetration Testers

Steve Kinzler

Steve is pretty epic in internet. Checkout his site.

Source: Steve Kinzler

99 of the Best Free HTML Templates to Make Your Website Sparkle

Source: 99 of the Best Free HTML Templates to Make Your Website Sparkle

China to probe Micron over cybersecurity | Computerworld

Honestly, I’m stunned that IDG allowed this to be published, as pro-China as they are.

Please let China’s fears be true and for years America has been sabotaging their equipment and infrastructure in equal proportions as they have been to America. How wonderful to think that we may have some form of detente to keep the peace. If they attack our networks, they attack their own.

But I hold no hope that our hapless government has the vision or desire to defend us in this new world.

*sigh*

Source: China to probe Micron over cybersecurity, in chip war’s latest battle | Computerworld

How to rebuild your BMW DISA

Sreten gives a full how-to on the DISA in this one. Need to do this.

(to crrraaig – you downloaded this, so if it’s not available, you got it!)

RE: Thoughts on Keith Emerson

Sent: Wednesday, March 16, 2016 11:01 AM
To: Kevin 
Subject: Re: Thoughts on Keith Emerson

Thanks for sharing that tribute Kevin.  Of course you were first in my
thoughts when I read the news.  I have been sharing bits and pieces of what
you wrote with co-workers all week and the praise for him is universal. 😄

I fear we are entering a time of great loss... As the baby-boomers age, and
that post-war fueled creative culture bomb looses more and more of it's
membership, it will become so very apparent as to the many contributions
they made. No doubt I am colored by bias, but it seems to me that the
generations since just don't burn with the intensity of those born in the
shadow of war.  The last guy who I asked "Do you play?" answered that he had
a full Reaktor rig at home that he had been taking lessons online to learn.

Not to say that EDM isn't creative or anything like that - I've been doing
that shit for decades and it is absolutely (or accidentally?) a creative
endeavor, but it's a far more solitary one.

But I do wonder what it will be like in 10-20 years... with the Stones doing
their "Century" Tour and all... at least nearly everyone involved in
politics will be dead by then!