Maia Arson Crimew's "No-Fly List" Leak - Images

Sorted By:

Maia Arson Crimew "how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way"

here is a sample of a departure ACARS message: ~/bounty/commutair 20:41:44 $ cat in-01012023-003509-1136486_DEP. RCV 6 7 File: in-01012023-003509-1136486_DEP. RCV from here on i started trying to find journalists interested in a probably pretty broad breach of US aviation. which unfortunately got peoples hopes up in thinking i was behind the TSA problems and groundings a day earlier, but unfortunately im not quite that cool. so while i was waiting for someone to respond to my call for journalists i just kept digging, and oh the things i found. ^AQU CLEADC5 .DDLXCXA 010035 ABDEP FI C54253/AN N13161/DA KDEN/DS KSGF/OT 0035/FB 60/BF DT DDL DEN 010035 M93A AC as i kept looking at more and more config files in more and more of the projects, it dawned on me just how heavily i had already owned them within just half an hour or so. hardcoded credentials there would allow me access to navblue apis for refueling, cancelling and updating flights, swapping out crew members and so on (assuming i was willing to ever interact with a SOAP api in my life which i sure as hell am not). i however kept looking back at the two projects named noflycomparison and noflycomparisonv2, which seemingly take the TSA nofly list and check if any of commuteair's crew members have ended up there. there are hardcoded credentials and s3 bucket names, however i just cant find the actual list itself anywhere. probably partially because it seemingly always gets deleted immediately after processing it, most likely specifically because of nosy kittens like me. amazon.dynamodb.endpoint-dynamodb.us-east-1.amazonaws.com amazon.s3.endpoint-https://s3.us-east-1.amazonaws.com amazon.dynamodb.region=com.amazonaws.regions. Regions. US_EAST 1 #UAT SERVER #amazon.aws.accesskey=AKIA #amazon.aws.secretkey= #PROD SERVER amazon.aws.accesskey=AKIA amazonaws.secretkey= bucketName=uat-fltplan-outbound-pdf-store #UAT downloadFilePath=C: /C5_SERVICES_TEMP/ComplyService/ flight DetailsTable=C5_FlightDetails #PROD :8080/job/ComplyService/ws/ComplyServices/ #complyUploadUrl=https://commutair-test-api.comply365.net/api/SYS/v1/Files/UploadFile?uid= #categoryUid== complyUploadUrl=https://commutair-api.comply365.net/api/SYS/v1/Files/UploadFile?uid= categoryUid- toMailList-C
here is a sample of a departure ACARS message: ~/bounty/commutair 20:41:44 $ cat in-01012023-003509-1136486_DEP. RCV 6 7 File: in-01012023-003509-1136486_DEP. RCV from here on i started trying to find journalists interested in a probably pretty broad breach of US aviation. which unfortunately got peoples hopes up in thinking i was behind the TSA problems and groundings a day earlier, but unfortunately im not quite that cool. so while i was waiting for someone to respond to my call for journalists i just kept digging, and oh the things i found. ^AQU CLEADC5 .DDLXCXA 010035 ABDEP FI C54253/AN N13161/DA KDEN/DS KSGF/OT 0035/FB 60/BF DT DDL DEN 010035 M93A AC as i kept looking at more and more config files in more and more of the projects, it dawned on me just how heavily i had already owned them within just half an hour or so. hardcoded credentials there would allow me access to navblue apis for refueling, cancelling and updating flights, swapping out crew members and so on (assuming i was willing to ever interact with a SOAP api in my life which i sure as hell am not). i however kept looking back at the two projects named noflycomparison and noflycomparisonv2, which seemingly take the TSA nofly list and check if any of commuteair's crew members have ended up there. there are hardcoded credentials and s3 bucket names, however i just cant find the actual list itself anywhere. probably partially because it seemingly always gets deleted immediately after processing it, most likely specifically because of nosy kittens like me. amazon.dynamodb.endpoint-dynamodb.us-east-1.amazonaws.com amazon.s3.endpoint-https://s3.us-east-1.amazonaws.com amazon.dynamodb.region=com.amazonaws.regions. Regions. US_EAST 1 #UAT SERVER #amazon.aws.accesskey=AKIA #amazon.aws.secretkey= #PROD SERVER amazon.aws.accesskey=AKIA amazonaws.secretkey= bucketName=uat-fltplan-outbound-pdf-store #UAT downloadFilePath=C: /C5_SERVICES_TEMP/ComplyService/ flight DetailsTable=C5_FlightDetails #PROD :8080/job/ComplyService/ws/ComplyServices/ #complyUploadUrl=https://commutair-test-api.comply365.net/api/SYS/v1/Files/UploadFile?uid= #categoryUid== complyUploadUrl=https://commutair-api.comply365.net/api/SYS/v1/Files/UploadFile?uid= categoryUid- toMailList-C

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew "how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way"

fast forward a few hours and im now talking to Mikael Thalen, a staff writer at dailydot. i give him a quick rundown of what i have found so far and how in the meantime, just half an hour before we started talking, i have ended up finding AWS credentials. i now seemingly have access to pretty much their entire aws infrastructure via aws-cli. numerous s3 buckets, dozens of dynamodb tables, as well as various servers and much more. commute really loves aws. ~/bounty/commutair $aws s3 1s 2022-12-15 02:11:14 2022-12-15 02:16:46 2018-07-12 19:46:01 aws-logs-353966347147-us-east-1 2022-12-14 23:36:03 aws logsalb 969 43e 7 2020-12-07 18:52:16 2019-10-22 07:56:51 ca-dynamodb-bkp 2017-09-29 17:37:34 ca-ip-dev-s3 2017-11-27 06:44:57 ca-ip-prod-s3 2017-12-01 09:10:35 2022-10-29 17:13:14 2017-06-30 20:42:09 elasticbeanstalk-us-east-1-35396634714 17:34:17 aws-cloudtrail-logs-353966347147-2b88e aws-cloudtrail-logs-353966347147-75a13 c5-integration-builds 2020-10-23 21:57:45 flightrelease 2020-10-28 20:42:16 fligtrelease-backup 2021-06-09 09:06:40 prod-amos-archive-bucket 2021-09-14 17:19:55 prod-blankgendec-pdf 2021-06-09 09:06:4, 2021-06-09 09:06:4 2021-09-14 17:20:2 2021-09-17 07:32:2 2022-09-13 18:24:3 2022-06-27 20:15:5 2022-09-13 18:24:3 2022-10-17 06:10:2 2022-09-13 18:24:3 2022-11-11 20:54:2 2022-07-27 03:48:1 2021-06-09 09:06:4 2021-06-09 09:06:4 2021-09-23 21:25:4 ore 2021-06-09 09:06:40 prod-company-document-bucket 2021-06-09 09:06:40 prod-crew-archive-bucket 2022-01-14 06:54:44 cf-templates-111lipqerp78m-us-east-1 cf-templates-111lipqerp78m-us-east-2 2021-06-09 09:06:4 2021-05-31 13:52:4 2021-09-14 17:27:30 2022-11-10 16:27:00 prod-ecs-container-logs 2021-06-09 09:06:40 prod-flifo-archive-bucket 2021-09-14 16:40:07 prod-fltplan-outbound-eff-store 2021-09-14 16:40:07 prod-fltplan-outbound-pdf-store 2022-05-23 19:02:18 prod-formurl 2021-06-09 09:06:4 prod-daily-fa-reads-pdf-store prod-daily-pilot-reads-pdf-store ~/bounty/commutair17:12:46 $aws dynamodb list-tables "TableNames": [ "AlertHistoryTest", "AlertHistoryTest1", "AlertTest", "C5GlobalTest", "C5_Activities", "C5_AirportCode_TimeZone", "C5_CASS_KCM_Requests", "C5_CREW_00S", "C5_Calendar_V1", "C5_Crew_Vacation", "C5_FlightPlanStore", "C5_FlightScheduleDiff", "C5_Flights", "C5 51+PlanRecord"
fast forward a few hours and im now talking to Mikael Thalen, a staff writer at dailydot. i give him a quick rundown of what i have found so far and how in the meantime, just half an hour before we started talking, i have ended up finding AWS credentials. i now seemingly have access to pretty much their entire aws infrastructure via aws-cli. numerous s3 buckets, dozens of dynamodb tables, as well as various servers and much more. commute really loves aws. ~/bounty/commutair $aws s3 1s 2022-12-15 02:11:14 2022-12-15 02:16:46 2018-07-12 19:46:01 aws-logs-353966347147-us-east-1 2022-12-14 23:36:03 aws logsalb 969 43e 7 2020-12-07 18:52:16 2019-10-22 07:56:51 ca-dynamodb-bkp 2017-09-29 17:37:34 ca-ip-dev-s3 2017-11-27 06:44:57 ca-ip-prod-s3 2017-12-01 09:10:35 2022-10-29 17:13:14 2017-06-30 20:42:09 elasticbeanstalk-us-east-1-35396634714 17:34:17 aws-cloudtrail-logs-353966347147-2b88e aws-cloudtrail-logs-353966347147-75a13 c5-integration-builds 2020-10-23 21:57:45 flightrelease 2020-10-28 20:42:16 fligtrelease-backup 2021-06-09 09:06:40 prod-amos-archive-bucket 2021-09-14 17:19:55 prod-blankgendec-pdf 2021-06-09 09:06:4, 2021-06-09 09:06:4 2021-09-14 17:20:2 2021-09-17 07:32:2 2022-09-13 18:24:3 2022-06-27 20:15:5 2022-09-13 18:24:3 2022-10-17 06:10:2 2022-09-13 18:24:3 2022-11-11 20:54:2 2022-07-27 03:48:1 2021-06-09 09:06:4 2021-06-09 09:06:4 2021-09-23 21:25:4 ore 2021-06-09 09:06:40 prod-company-document-bucket 2021-06-09 09:06:40 prod-crew-archive-bucket 2022-01-14 06:54:44 cf-templates-111lipqerp78m-us-east-1 cf-templates-111lipqerp78m-us-east-2 2021-06-09 09:06:4 2021-05-31 13:52:4 2021-09-14 17:27:30 2022-11-10 16:27:00 prod-ecs-container-logs 2021-06-09 09:06:40 prod-flifo-archive-bucket 2021-09-14 16:40:07 prod-fltplan-outbound-eff-store 2021-09-14 16:40:07 prod-fltplan-outbound-pdf-store 2022-05-23 19:02:18 prod-formurl 2021-06-09 09:06:4 prod-daily-fa-reads-pdf-store prod-daily-pilot-reads-pdf-store ~/bounty/commutair17:12:46 $aws dynamodb list-tables "TableNames": [ "AlertHistoryTest", "AlertHistoryTest1", "AlertTest", "C5GlobalTest", "C5_Activities", "C5_AirportCode_TimeZone", "C5_CASS_KCM_Requests", "C5_CREW_00S", "C5_Calendar_V1", "C5_Crew_Vacation", "C5_FlightPlanStore", "C5_FlightScheduleDiff", "C5_Flights", "C5 51+PlanRecord"

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew "how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way"

step 2: how much access do we have really? ok but let's not get too excited too quickly. just because we have found a funky jenkins server doesn't mean we'll have access to much more than build logs. it quickly turns out that while we don't have anonymous admin access (yes that's quite frequently the case [god i love jenkins]), we do have access to build workspaces. this means we get to see the repositories that were built for each one of the ~70 build jobs. step 3: let's dig in most of the projects here seem to be fairly small spring boot projects. the standardized project layout and extensive use of the resources directory for configuration files will be very useful in this whole endeavour. the very first project i decide to look at in more detail is something about "ACARS incoming", since ive heard the term acars before, and it sounds spicy. a quick look at the resource directory reveals a file called application-prod.properties (same also for -dev and -uat). it couldn't just be that easy now, could it? well, it sure is! two minutes after finding said file im staring at filezilla connected to a navtech sftp server filled with incoming and outgoing ACARS messages. this aviation s--- really do get serious. this aviation s--- get serious emote site: /ForNavtech/ACARS IN ETT VOY PDF OUT ForNavtech ACARS IN AIMS IN FUELIN Filename A Filesize Filetype in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-01... in-01012023-01... in-01012023-01... in-01012023-011... in-01012023-01... in-01012023-01... in 01012023-01... in-01012023-01.. in-01012023-01 -01012023-01... in-01012023-01 Last modified Permission Owner/Grou 01012023-01 in-01012023-01 01/06/2023. -rw-rr 658 500 01/06/2023. -rw-r--r- 658 500 -FW-E-F-- 658 500 01/06/2023 -rw-r- 658 500 01/06/2023 01/06/2023 -rw-r-- 01/06/2023 01/06/2023... -rw-t-r- -TW-4-1- 47-4-4 01/06/2023. ---- 01/06/2023. 01/06/2023... -TW-E-E 01/06/2023 01/06/2023 Wist -W----- 01/06/2023 01/06/2023 01/06/2023 01/06/2023 01/06/2023 01/30/2023 01/06/2023 01/06/2023 125 RCV-file 126 RCV-file 129 RCV-file 133 RCV-file 126 RCV-file 126 RCV-file 133 RCV-file 127 RCV-file 127 RCV-file 127 RCV-file 129 RCV-file 127 RCV-file 127 RCV-file 127 RCV-tile 127 RCV-file 127 RCV-le 126 RCV-186 127 RCV nic AZT WCV-te 01012023-91 in-01012023-01 01012023 01 28319 fos Total size 3.581.552 bytes 658 500 658 500 658 500 658 500 458 500 658 500 558 500 658.500 558 500 658500 658 500 658 500 658 500 658 500 458-300 442
step 2: how much access do we have really? ok but let's not get too excited too quickly. just because we have found a funky jenkins server doesn't mean we'll have access to much more than build logs. it quickly turns out that while we don't have anonymous admin access (yes that's quite frequently the case [god i love jenkins]), we do have access to build workspaces. this means we get to see the repositories that were built for each one of the ~70 build jobs. step 3: let's dig in most of the projects here seem to be fairly small spring boot projects. the standardized project layout and extensive use of the resources directory for configuration files will be very useful in this whole endeavour. the very first project i decide to look at in more detail is something about "ACARS incoming", since ive heard the term acars before, and it sounds spicy. a quick look at the resource directory reveals a file called application-prod.properties (same also for -dev and -uat). it couldn't just be that easy now, could it? well, it sure is! two minutes after finding said file im staring at filezilla connected to a navtech sftp server filled with incoming and outgoing ACARS messages. this aviation s--- really do get serious. this aviation s--- get serious emote site: /ForNavtech/ACARS IN ETT VOY PDF OUT ForNavtech ACARS IN AIMS IN FUELIN Filename A Filesize Filetype in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-01... in-01012023-01... in-01012023-01... in-01012023-011... in-01012023-01... in-01012023-01... in 01012023-01... in-01012023-01.. in-01012023-01 -01012023-01... in-01012023-01 Last modified Permission Owner/Grou 01012023-01 in-01012023-01 01/06/2023. -rw-rr 658 500 01/06/2023. -rw-r--r- 658 500 -FW-E-F-- 658 500 01/06/2023 -rw-r- 658 500 01/06/2023 01/06/2023 -rw-r-- 01/06/2023 01/06/2023... -rw-t-r- -TW-4-1- 47-4-4 01/06/2023. ---- 01/06/2023. 01/06/2023... -TW-E-E 01/06/2023 01/06/2023 Wist -W----- 01/06/2023 01/06/2023 01/06/2023 01/06/2023 01/06/2023 01/30/2023 01/06/2023 01/06/2023 125 RCV-file 126 RCV-file 129 RCV-file 133 RCV-file 126 RCV-file 126 RCV-file 133 RCV-file 127 RCV-file 127 RCV-file 127 RCV-file 129 RCV-file 127 RCV-file 127 RCV-file 127 RCV-tile 127 RCV-file 127 RCV-le 126 RCV-186 127 RCV nic AZT WCV-te 01012023-91 in-01012023-01 01012023 01 28319 fos Total size 3.581.552 bytes 658 500 658 500 658 500 658 500 458 500 658 500 558 500 658.500 558 500 658500 658 500 658 500 658 500 658 500 458-300 442

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew "how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way"


Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew Website Homepage

← → C maia. crimew.gay maia.crimew.gay 88 X 31 maia Don't Click Here arson crimew home | blog | sample packs hello i am maia arson crimew (it/she) and i am gay, mostly for girls, and i'm a tiny kitten :3 i know lot's of things about cyber security, programming and far too little about music but i still try to do all those things at once. if you like the things i do here or on social media you can support me on ko-fi. links to the various things i do can be found in the footer. if you're looking for some more serious info about me, there is wikipedia for that. rss feed birded site | fedded verse | sounded cloud | last dot federated states of micronesia | gitted hub gitted tea versary S ANARCHY Sleegy f A sleeqy fKitten's a oat.zone town Now! Zone A.C.A.B. archlinux radio Korner D slimes... "Now! L Slug ca
← → C maia. crimew.gay maia.crimew.gay 88 X 31 maia Don't Click Here arson crimew home | blog | sample packs hello i am maia arson crimew (it/she) and i am gay, mostly for girls, and i'm a tiny kitten :3 i know lot's of things about cyber security, programming and far too little about music but i still try to do all those things at once. if you like the things i do here or on social media you can support me on ko-fi. links to the various things i do can be found in the footer. if you're looking for some more serious info about me, there is wikipedia for that. rss feed birded site | fedded verse | sounded cloud | last dot federated states of micronesia | gitted hub gitted tea versary S ANARCHY Sleegy f A sleeqy fKitten's a oat.zone town Now! Zone A.C.A.B. archlinux radio Korner D slimes... "Now! L Slug ca

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak tsa homepage website blog