as not very far as i understand, wishes that are sent (for example: by speaking them quietly, in Mind) are fulfilled in future, not neccessarily in the same life.
they form Karma, which 'chases' one through one life or through more of one's lives.
as not very far as i understand, Buddhism considers Miracles as possible, Supernatural powers are a fact.
when i've visited Stupas in Kuchary years ago, a few of times ... i wished for Enlightened Love as i walked around the Miracle Stupa.
i was advised to not go into details too much when sending a wish ... i did that, if i remember well enough.
there are tales of Great Yogis & Buddha performing Miracles as well, in past.
i think it is possible to learn Magicks & Miracle-works ... to use it as a tool for Enlightenment.
see also, if You wish or need, ... : Stupas.
Wednesday, December 30, 2015
Stupas.
Introduction.
A stupa (Sanskrit: m.,stūpa 'heap') is a mound-like or hemispherical structure containing relics (śarīra - typically the remains of Buddhist monks or nuns), and used as a place of meditation.
Tibetan stupas.
There are 8 different kinds of stupas in Tibetan Buddhism, each referring to major events in the Buddha's life:
A ninth kind of stupa exists,
> Source: [ Stupa ].
A stupa (Sanskrit: m.,stūpa 'heap') is a mound-like or hemispherical structure containing relics (śarīra - typically the remains of Buddhist monks or nuns), and used as a place of meditation.
Tibetan stupas.
There are 8 different kinds of stupas in Tibetan Buddhism, each referring to major events in the Buddha's life:
- Lotus Blossom Stupa.
- Enlightenment Stupa.
- Stupa of Many Doors.
- Stupa of Descent from the God Realm.
- Stupa of Great Miracles.
- Stupa of Reconciliation.
- Stupa of Complete Victory.
- Stupa of Nirvana.
A ninth kind of stupa exists,
- the Kalachakra stupa.
> Source: [ Stupa ].
Tuesday, December 29, 2015
Queen of Cups, The Card.
Richness of Feelings.
When we meet with richness of feelings, we often think that we had too much ... or that our soul was changing too often to enjoy, to form beneficial relationships with ourselves & with others.
Often this is not the truth, for generosity in feelings helps to see the natural limits of our empathy, where our individuity ends ... & where other people's territory is.
After seeing these limits, cup closes itself & we can start building relationships where both our personal distances, as well as shared thoughts & feelings can be experienced.
Need for spiritual wholeness.
On card we can see seemingly-contradiction: a closed cup & whole, solid throne representing both solid-wholeness & openess of the soul.
There's the message to not be too soft nor too hard, to be able to both open oneself & to see the limits of everyone involved.
If one succeeds in this, the one can feel as whole, is well tuned & solid ... can have good mood & can speak as one even when representing many.
See also, if You wish: Queen of Cups (Tarot card), my First Mandala TAROT Reading.
Data Mining against Terror?
'Data mining, also called knowledge discovery in databases, in computer sciences is the process of discovering interesting and useful patterns and relationships in large volumes of data.
The field combines tools from statistics and artificial intelligence with database management to analyze large digital collections, known as data sets.
Data mining is widely used in business (insurance, banking, retail), science research (astronomy, medicine), and government security (detection of criminals and terrorists).'
> Source: [ Data Mining ].
---
nm108's note: this can be combined with web crawling & nmap vulnerability search & hacking to find evidence against Terror.
The field combines tools from statistics and artificial intelligence with database management to analyze large digital collections, known as data sets.
Data mining is widely used in business (insurance, banking, retail), science research (astronomy, medicine), and government security (detection of criminals and terrorists).'
> Source: [ Data Mining ].
---
nm108's note: this can be combined with web crawling & nmap vulnerability search & hacking to find evidence against Terror.
Sunday, December 27, 2015
Dictionary SSH Hack.
Disclaimer.
this is technologically advanced article about hacking SSH password by writing SSH Client using Java Library for this.
to understand this article, one has to know a little about programming (preferably in Java), & a little about SSH.
Dangers.
this method can be used to obtain root password of vulnerable systems, thus taking over computers.
... process of obtaining root password & installing a rootkit can be automated as well.
potential vulnerable systems can be found using a web crawler software that scans for open ports, like nmap does, looking for port 22.
not every ssh server allows for root login, but there's still the danger of escalating access privileges with other hacks.
not every ssh server runs on port 22 as well.
C0de.
C0de.
(click to enlarge image).
... this time i did dictionary attack on SSH password.
... c0de is available for download here.
(it requires Jsch library & it's dependencies).
As another way, a standard SSH client can be used ... with a script that performs many hack attempts in a loop, by executing ssh client many times.
Why ip address spoofing does not work with SSH hacks?
... because SSH service requires two-way communication.
Client sends requests, and awaits responses from the server.
Without 'knowing' the source IP address, response can't be sent to a proper computer (ssh client).
It's possible however to attack from a 'proxy' server, or from a different machine with different IP address controlled by a hacker, to bypass IP block or to misdirect.
TOR Anonymity for a SSH Hack.
it's still possible to perform an 'Anonymous SSH Hack' using 'The Onion Router' for example.
Saturday, December 26, 2015
Dictionary Webapp Hack.
Disclaimer.
this is technologically advanced article about hacking 'the Internet Applications' & other Tools.
to understand this article, one has to know a little about programming (preferably in Java), a little about web applications, & a little about HTTP Protocol.
HTTP Request analysis.
i've used Google Chrome's tool called 'HTTP Trace' to look at HTTP Request sent to a sample webapp i was running at my computer.
i've looked at a failed login attempt.
Failed Login Data.
(click on image to enlarge it).
C0de.
then i've downloaded Apache's HTTP Client Library & wrote a little of the code that 'forged' HTTP Requests & tried to login into an app in a loop.
i've looked at results of both failed & succesful login attempts, then came up with a final version of the code as follows:
C0de for a Hack.
(click on image to enlarge it).
it doesn't matter much that a succesful login attempt is with 'bad request' status, we've got the information that the password is correct still.
... presented code is very simple & can be refined in many ways ... but this all would only obscure the main idea that a program can be used to perform a Dictionary or Brute Force attacks on a webapp.
C0de without a 'Bad Request'.
... slightly refined code, without 'Bad Request' status message is available on a screenshot below & can be downloaded here as well.
C0de, slightly refined.
(click on image to enlarge it).
i've 'printed' first server hit (HTTP GET Request) on monitor screen, analyzed it, noticed the 'jsessionid' part & formed code that extracted it.
... a proper use of HTTP POST parameters, including 'jsessionid' was the key for overcoming 'Bad Request' problem & message as well.
then i've did part of the code responsible for extracting & comparing page's title to determine if we succesfully logged in or not.
... further c0de refinements could include loading passwords dictionary from a file, or generating it somehow & an option of performing more or less refined brute force attacks.
Security Measures.
how to protect against attacks as these?
... with captcha & account locking functionality, but this opens webapp to 'Account Lockout' vulnerability - any user might be prevented from logging in to app.
Other Considerations.
this is brutus / hydra software equivalent (hacks done more or less manually instead of using someone's complete tools).
this method can be used to hack tomcat webapp server's password, web services, routers, ssh, ... & other tools.
just download client library for a given service or app & write code that attacks passwords via the given protocol.
captcha won't protect all the time, but delays after failed login as well as use of strong passwords that change with time should.
this is technologically advanced article about hacking 'the Internet Applications' & other Tools.
to understand this article, one has to know a little about programming (preferably in Java), a little about web applications, & a little about HTTP Protocol.
HTTP Request analysis.
i've used Google Chrome's tool called 'HTTP Trace' to look at HTTP Request sent to a sample webapp i was running at my computer.
i've looked at a failed login attempt.
Failed Login Data.
(click on image to enlarge it).
C0de.
then i've downloaded Apache's HTTP Client Library & wrote a little of the code that 'forged' HTTP Requests & tried to login into an app in a loop.
i've looked at results of both failed & succesful login attempts, then came up with a final version of the code as follows:
C0de for a Hack.
(click on image to enlarge it).
it doesn't matter much that a succesful login attempt is with 'bad request' status, we've got the information that the password is correct still.
... presented code is very simple & can be refined in many ways ... but this all would only obscure the main idea that a program can be used to perform a Dictionary or Brute Force attacks on a webapp.
C0de without a 'Bad Request'.
... slightly refined code, without 'Bad Request' status message is available on a screenshot below & can be downloaded here as well.
C0de, slightly refined.
(click on image to enlarge it).
i've 'printed' first server hit (HTTP GET Request) on monitor screen, analyzed it, noticed the 'jsessionid' part & formed code that extracted it.
... a proper use of HTTP POST parameters, including 'jsessionid' was the key for overcoming 'Bad Request' problem & message as well.
then i've did part of the code responsible for extracting & comparing page's title to determine if we succesfully logged in or not.
... further c0de refinements could include loading passwords dictionary from a file, or generating it somehow & an option of performing more or less refined brute force attacks.
Security Measures.
how to protect against attacks as these?
... with captcha & account locking functionality, but this opens webapp to 'Account Lockout' vulnerability - any user might be prevented from logging in to app.
Other Considerations.
this is brutus / hydra software equivalent (hacks done more or less manually instead of using someone's complete tools).
this method can be used to hack tomcat webapp server's password, web services, routers, ssh, ... & other tools.
just download client library for a given service or app & write code that attacks passwords via the given protocol.
captcha won't protect all the time, but delays after failed login as well as use of strong passwords that change with time should.
Friday, December 25, 2015
Parapsychology by W. W. Hewitt.
William W. Hewitt.
'Psychic Development for Beginners:
An Easy Guide to Developing and Releasing Your Psychic Abilities'.
... it's an easy to read book about Parapsychology - took me more or less 3 days to read about 220 pages of it.
What i remember most is 'Cosmic Awareness, Higher Mind', an Absolute that author refers to when describing Psychic Abilities, Creativity, Intuition, 6th sense.
... with my understanding, this absolute might be Buddha, if i am not wrong.
There are practices of synchronizing with proper (Theta) brain-wave frequencies, visualization practices as well.
There are many of exercises for the reader that help to develop 'Psychic Tools' ... as well as giving Mind the direction(s) in which it develops.
Many of exercises are performed from either of 'Basic Parapsychology' level or 'Beach of Time' level, reached with exercise after a proper preparation.
Psychic powers are slightly described, along with simple exercises that help to develop & check progress along these lines.
Psychic powers included are:
- Sharpening 5-senses to degree useful in Parapsychology,
- Psychic Shield,
- Psychic Healing,
- Clairvoyance,
- Telepathy,
- Psychometry,
- Astral Travels,
- Communication with Human Subconscious,
- Communication with Ghosts,
- Communication with Animals,
- Finding Problems' Solutions with 'Higher Mind',
- Warning System against Dangers with 'Higher Mind',
- Mind's Alarm-Clock,
- Preventing one's own Sleepiness for a Time,
- Psychic Aid in Learning.
There are many relations of author's experiences, case studies as he put in text.
... with amount of exercises & author's advice, this book alone is about to last for years - if i go that route, at all.
Friday, December 18, 2015
... for Wiccan Witches ?
... had insight telling me that Wiccan Witches would be glad to participate in Ola AH Programming Language & it's success.
i don't mind, on condition that owners agree.
(owners are, if they accept: a Buddhist woman i Love & Lama Ole Nydahl).
> [ 'Ola AH' Programming Language. ],
> [ When 'Ola AH' will be Practical ? ].
i don't mind, on condition that owners agree.
(owners are, if they accept: a Buddhist woman i Love & Lama Ole Nydahl).
> [ 'Ola AH' Programming Language. ],
> [ When 'Ola AH' will be Practical ? ].
Saturday, December 5, 2015
Saturday, November 28, 2015
Hacking Router & other Web Forms.
Brute Force Attack on Password.
we have a user name, for example: admin ... then we try each of character combinations as a password using automated script (program).
for example:
user: admin password: 1 -- login fail
user: admin password: 2 -- login fail
... (many login attempts) ...
user: admin password: Z -- login fail
user: admin password: Z1 -- login fail
user: admin password: Z2 -- login fail
... (many login attempts) ...
user: admin password: T3h_s3cr3t -- login success.
Dictionary Attack on Password.
we have a user name, we have a dictionary of 'words' (character combinations), then we try each of the 'words' alone or concatenated (joined, glued together) into a longer password. again we use automation tool as script for example.
opinions vary whether a dictionary attack helps to crack passwords truly, but it has uses nevertheless.
often it's better to start with a dictionary, before trying brute force or other methods later.
all information we have about an individual we are trying to compromise is useful here, for forming a proper dictionary.
for a simplified example:
username: admin,
dictionary: 007, bond, eye, gold, golden, pistol, gun, beach, surf, cat, icecream, shake, martini, lemon, stir, _.
after using script we'd have following dictionary attack:
user: admin, password: 007 -- login fail
user: admin, password: bond -- login fail
... (many login attempts) ...
user: admin, password: 007007 -- login fail
user: admin, password: 007bond -- login fail
user: admin, password: 007eye -- login fail
... (many login attempts) ...
user: admin, password: 007_007 -- login fail
user: admin, password: 007_bond -- login success.
Hacking Router.
... tried this with my router (TL WR740N), with a success.
Attack on Router's Password with Brutus Software.
Words List,
a 'Dictionary' file.
Attack on Router's Password with THC-Hydra Software.
Login Success.
Other Use Cases.
perhaps this can be used with web applications as well, didn't have time to check this properly as of yet - but my Computer Sciences knowledge tells me that this can be done, not sure if with this versions of software ... if protections such as 'Captcha' won't interfere.
i read that THC-Hydra at least can be used to attack other protocols/software as the SSH for example.
there are protections as well,
there are other similar tools as well.
Hacking Tools' writing urge.
... something tells me i should learn HTTP, Telnet, SSL/TLS & SSH protocols properly, then write a tool similar to Brutus & Hydra.
it's best to know Your hacking tools, to write them from scratch, i think.
Router Firmware Upgrade.
The Router's Firmware Upgrade is possible.
this can be done as is seen on a image above,
there's the danger of turning a router into a spy-tool.
... a lot of low-level programming knowledge & effort is neccessary, i think ...
... probably certain hackers did that already, however, i think.
The 'Ghost in the Shell' film,
The 'Ghost Hack / Puppet Master' scene.
... 'the Ghost Hack', is it possible with the Modern Science ?
... perhaps it is, for an Electromagnetic Field of the Brain & other parts of the Human Nervous System can interact with other Electromagnetic Fields, affecting each other.
in 'Mage: the Ascension' terms, this would be:
- Correspondence Sphere - for affecting Energy at a Distance,
- Mind Sphere - For affecting Mind via Electromagnetic Energy through Brain & Nervous System,
- Forces Sphere - for Electromagnetism,
- Life Sphere - for exact information about Neuroscience of the Human Brain & Nervous System.
is it possible to move a program into Cyborg's Body?
i think it is, for object can be loaded into computer memory, executed there without restarting whole application.
i read articles about 'the Mind / Machine Interface', of interactions between machine & human brain.
... a computer program however could be cloned, copied instead of being moved, i think.
see also, if You wish or need, ... : Hackers could get inside your BRAIN: Experts warn of growing threat from monitoring and controlling neural signals.
we have a user name, for example: admin ... then we try each of character combinations as a password using automated script (program).
for example:
user: admin password: 1 -- login fail
user: admin password: 2 -- login fail
... (many login attempts) ...
user: admin password: Z -- login fail
user: admin password: Z1 -- login fail
user: admin password: Z2 -- login fail
... (many login attempts) ...
user: admin password: T3h_s3cr3t -- login success.
Dictionary Attack on Password.
we have a user name, we have a dictionary of 'words' (character combinations), then we try each of the 'words' alone or concatenated (joined, glued together) into a longer password. again we use automation tool as script for example.
opinions vary whether a dictionary attack helps to crack passwords truly, but it has uses nevertheless.
often it's better to start with a dictionary, before trying brute force or other methods later.
all information we have about an individual we are trying to compromise is useful here, for forming a proper dictionary.
for a simplified example:
username: admin,
dictionary: 007, bond, eye, gold, golden, pistol, gun, beach, surf, cat, icecream, shake, martini, lemon, stir, _.
after using script we'd have following dictionary attack:
user: admin, password: 007 -- login fail
user: admin, password: bond -- login fail
... (many login attempts) ...
user: admin, password: 007007 -- login fail
user: admin, password: 007bond -- login fail
user: admin, password: 007eye -- login fail
... (many login attempts) ...
user: admin, password: 007_007 -- login fail
user: admin, password: 007_bond -- login success.
Hacking Router.
... tried this with my router (TL WR740N), with a success.
 |  |
Attack on Router's Password with Brutus Software.
Words List,
a 'Dictionary' file.
Attack on Router's Password with THC-Hydra Software.
 |  |
Login Success.
Other Use Cases.
perhaps this can be used with web applications as well, didn't have time to check this properly as of yet - but my Computer Sciences knowledge tells me that this can be done, not sure if with this versions of software ... if protections such as 'Captcha' won't interfere.
i read that THC-Hydra at least can be used to attack other protocols/software as the SSH for example.
there are protections as well,
there are other similar tools as well.
Hacking Tools' writing urge.
... something tells me i should learn HTTP, Telnet, SSL/TLS & SSH protocols properly, then write a tool similar to Brutus & Hydra.
it's best to know Your hacking tools, to write them from scratch, i think.
Router Firmware Upgrade.
The Router's Firmware Upgrade is possible.
this can be done as is seen on a image above,
there's the danger of turning a router into a spy-tool.
... a lot of low-level programming knowledge & effort is neccessary, i think ...
... probably certain hackers did that already, however, i think.
Tuesday, November 24, 2015
Denial of Service Hack.
Introduction: Infrastructure.
Web Pages & the Internet Applications are services generated by the Hardware-Software infrastructure.
There's a Computer connected to the Internet, that runs a web page server or an application server software, client browsers connect to it.
Hardware-software infrastructure 'serves' or in other words: 'sends' pages to users, where these are displayed in browser windows or tabs.
That's how users communicate with application in the other parts of the Internet.
What if there are too many users for an hardware-software infrastructure to handle the service efficiently ?
There are delays in a service, or even an application crash can occur disabling the service for longer.
In practice it's rare for an application service provider to face too many users challenge, more often delays & crashes are because of an attack, a Denial of Service Hack.
A Web Application Service.
A Web Application Server Software with a Sample Application it runs.
A Web Application Software in itself is not enough, there must be application that it can run,
That is ... a Web App Server + a Web Application + Computer Hardware & the Internet: it's what's needed to run a Internet Application Service.
Denial of Service Hack.
Let's examine a common attack route on the Internet Application, a Denial of Service Hack.
Tor's Hammer & it's usage.
(click on image to enlarge it).
TOR (The Onion Router) is a software tool that increases users' anonymity in the internet.
TOR's Hammer is a software script (a program) that attacks the software parts of the Internet Application Service, by creating a very many of the Internet Connections at once, delaying or preventing connections with legitimate users of the Internet Application Service.
TOR's Hammer can work with or without TOR infrastructure, with increased anonymity or without that an advantage.
... waiting,
... forever ?
an Internet Application Service during a DoS attack.
IP address spoofing.
Every IP datagram sent in the Internet contains a source and destination IP address in its header. The source is the original sender of the datagram and the destination is the intended recipient. So, ignoring the role of NAT, when your computer contacts a server on the Internet, that server knows your IP address as it is included in the source field of the IP datagram. In some cases you may want to change the source IP address included in the IP datagram (without changing your actual computer IP address). For example, this can be useful for network testing and diagnostics, security penetration testing and performing security attacks (for learning purposes only, of course). Setting the IP source address of datagrams to be a fake address is called address spoofing. In Linux it is very easy to do using iptables.
Address spoofing can be performed with a single command using iptables.
For example, to change the source address included in IP datagrams that one's computer sends to 1.1.1.1, one can use a following command:
$ sudo iptables -t nat -A POSTROUTING -j SNAT --to-source 1.1.1.1
Source: Address Spoofing with iptables in Linux.
(i've not tested this part of this hack as of yet).
Web Pages & the Internet Applications are services generated by the Hardware-Software infrastructure.
There's a Computer connected to the Internet, that runs a web page server or an application server software, client browsers connect to it.
Hardware-software infrastructure 'serves' or in other words: 'sends' pages to users, where these are displayed in browser windows or tabs.
That's how users communicate with application in the other parts of the Internet.
What if there are too many users for an hardware-software infrastructure to handle the service efficiently ?
There are delays in a service, or even an application crash can occur disabling the service for longer.
In practice it's rare for an application service provider to face too many users challenge, more often delays & crashes are because of an attack, a Denial of Service Hack.
A Web Application Service.
A Web Application Server Software with a Sample Application it runs.
A Web Application Software in itself is not enough, there must be application that it can run,
That is ... a Web App Server + a Web Application + Computer Hardware & the Internet: it's what's needed to run a Internet Application Service.
Denial of Service Hack.
Let's examine a common attack route on the Internet Application, a Denial of Service Hack.
 |
 |
Tor's Hammer & it's usage.
(click on image to enlarge it).
TOR (The Onion Router) is a software tool that increases users' anonymity in the internet.
TOR's Hammer is a software script (a program) that attacks the software parts of the Internet Application Service, by creating a very many of the Internet Connections at once, delaying or preventing connections with legitimate users of the Internet Application Service.
TOR's Hammer can work with or without TOR infrastructure, with increased anonymity or without that an advantage.
... waiting,
... forever ?
an Internet Application Service during a DoS attack.
IP address spoofing.
Every IP datagram sent in the Internet contains a source and destination IP address in its header. The source is the original sender of the datagram and the destination is the intended recipient. So, ignoring the role of NAT, when your computer contacts a server on the Internet, that server knows your IP address as it is included in the source field of the IP datagram. In some cases you may want to change the source IP address included in the IP datagram (without changing your actual computer IP address). For example, this can be useful for network testing and diagnostics, security penetration testing and performing security attacks (for learning purposes only, of course). Setting the IP source address of datagrams to be a fake address is called address spoofing. In Linux it is very easy to do using iptables.
Address spoofing can be performed with a single command using iptables.
For example, to change the source address included in IP datagrams that one's computer sends to 1.1.1.1, one can use a following command:
$ sudo iptables -t nat -A POSTROUTING -j SNAT --to-source 1.1.1.1
Source: Address Spoofing with iptables in Linux.
(i've not tested this part of this hack as of yet).
Thursday, November 19, 2015
The Ghost Hack.
The 'Ghost in the Shell' film,
The 'Ghost Hack / Puppet Master' scene.
... 'the Ghost Hack', is it possible with the Modern Science ?
... perhaps it is, for an Electromagnetic Field of the Brain & other parts of the Human Nervous System can interact with other Electromagnetic Fields, affecting each other.
in 'Mage: the Ascension' terms, this would be:
- Correspondence Sphere - for affecting Energy at a Distance,
- Mind Sphere - For affecting Mind via Electromagnetic Energy through Brain & Nervous System,
- Forces Sphere - for Electromagnetism,
- Life Sphere - for exact information about Neuroscience of the Human Brain & Nervous System.
is it possible to move a program into Cyborg's Body?
i think it is, for object can be loaded into computer memory, executed there without restarting whole application.
i read articles about 'the Mind / Machine Interface', of interactions between machine & human brain.
... a computer program however could be cloned, copied instead of being moved, i think.
see also, if You wish or need, ... : Hackers could get inside your BRAIN: Experts warn of growing threat from monitoring and controlling neural signals.
Subscribe to:
Posts (Atom)