Maia Arson Crimew's "No-Fly List" Leak - Images

Sorted By:

Maia Arson Crimew "holy shit, we actually have the nofly list. holy fucking bingle. what?! :3"

h--------, we actually have the nofly list. holy f------ bingle. what?! :3 commute Visual Studio Codle 11:41 T & 6 HUAWEI - / 7 Z H BA 1 ( 8 U N 9170 O 1 9 1 M O O ; . L ? P 6 O : Alt Gr ė A Ctrl al L 51 A
h--------, we actually have the nofly list. holy f------ bingle. what?! :3 commute Visual Studio Codle 11:41 T & 6 HUAWEI - / 7 Z H BA 1 ( 8 U N 9170 O 1 9 1 M O O ; . L ? P 6 O : Alt Gr ė A Ctrl al L 51 A

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew "This Aviation Shit Getting Serious"

this aviation s--- get serious Remote site: /ForNavtech/ACARS IN STY DUT PDF OUT ForNavtech ACARS IN AIMS IN FUELIN Filename A Filesize Filetype in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-01.... in-01012023-01... in-01012023-01.. in-01012023-011... in-01012023-01 in-01012023-01... in01012023-01 in-01012023-01... in-01012023-01 in-01012023-01... in-01012023-01 01012023-01... in-01012023-0 125 RCV-file 126 RCV-file 129 RCV-file 133 RCV-nte 126 RCV-file 126 RCV-file 133 RCV-file 127 RCV-file 127 RCV-file. 127 RCV-file 129 RCV-file 127 RCV-file 127 RCV-file 127 RCV-file 127 RCV-ke 127 RCV-le 126 RCV-e 127 RCV nie 127 RCV-tie 127-BOY- 05012023-01 in-01012023-01 Last modified Permission Owner/Gro 658 500 658 500 658 500 658 500 658 500 658 500 658 500 658 500 658 500 658 500 01012023-01 01/06/2023. -rw-r 01/06/2023... ----- 01/06/2023... -rw-r---- 01/06/2023. -rw-r- 01/06/2023... -rw-r--- 01/06/2023... -rw-r--- 01/06/2023... -rw-t-- 01/06/2023 -rw-r--- 01/06/2023. -rw-r-- 01/06/2023 01/06/2023 01/06/2023. 01/06/2023 01/06/2023 01/06/2023 01/06/2023 QU06/2023 QU09/2023 01/06/2023 01/04/2023 28319 fos Total size 3.581552 bytes -ZW-7-7- -W-I--- -TW-1- 578 the 4-4- 658 500 658 500 558 500 658 500 658 500 658 500 658 500 658 500 458 900 658-500
this aviation s--- get serious Remote site: /ForNavtech/ACARS IN STY DUT PDF OUT ForNavtech ACARS IN AIMS IN FUELIN Filename A Filesize Filetype in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-01.... in-01012023-01... in-01012023-01.. in-01012023-011... in-01012023-01 in-01012023-01... in01012023-01 in-01012023-01... in-01012023-01 in-01012023-01... in-01012023-01 01012023-01... in-01012023-0 125 RCV-file 126 RCV-file 129 RCV-file 133 RCV-nte 126 RCV-file 126 RCV-file 133 RCV-file 127 RCV-file 127 RCV-file. 127 RCV-file 129 RCV-file 127 RCV-file 127 RCV-file 127 RCV-file 127 RCV-ke 127 RCV-le 126 RCV-e 127 RCV nie 127 RCV-tie 127-BOY- 05012023-01 in-01012023-01 Last modified Permission Owner/Gro 658 500 658 500 658 500 658 500 658 500 658 500 658 500 658 500 658 500 658 500 01012023-01 01/06/2023. -rw-r 01/06/2023... ----- 01/06/2023... -rw-r---- 01/06/2023. -rw-r- 01/06/2023... -rw-r--- 01/06/2023... -rw-r--- 01/06/2023... -rw-t-- 01/06/2023 -rw-r--- 01/06/2023. -rw-r-- 01/06/2023 01/06/2023 01/06/2023. 01/06/2023 01/06/2023 01/06/2023 01/06/2023 QU06/2023 QU09/2023 01/06/2023 01/04/2023 28319 fos Total size 3.581552 bytes -ZW-7-7- -W-I--- -TW-1- 578 the 4-4- 658 500 658 500 558 500 658 500 658 500 658 500 658 500 658 500 458 900 658-500

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew "how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way"

i also share with him how close we seemingly are to actually finding the TSA nofly list, which would obviously immediately make this an even bigger story than if it were "only" a super trivially ownable airline. i had even peeked at the nofly s3 bucket at this point which was seemingly empty. so we took one last look at the noflycomparison repositories to see if there is anything in there, and for the first time actually take a peek at the test data in the repository. and there it is. three csv files, employee_information.csv, NOFLY.Csv and SELECTEE.Csv. all commited to the repository in july 2022. the nofly csv is almost 80mb in size and contains over 1.56 million rows of data. this HAS to be the real deal (we later get confirmation that it is indeed a copy of the nofly list from 2019). h--------, we actually have the nofly list. holy f------ bingle. what?! :3 - comunale Visual Statio % 5 4 T 6 HUAWEI 12⁰ / Z 1 ST H ( 8 ប N O J 9 1 M 192.168.1.2 O O : L P 6 Alt Gr O é 0 Ctri at 51 A with the jackpot found and being looked into by my journalism friends i decided to dig a little further into aws. grabbing sample documents from various s3 buckets, going through flight plans and dumping some dynamodb tables. at this point i had found pretty much all PII imaginable for each of their crew members. full names, addresses, phone numbers, passport numbers, pilot's license numbers, when their next linecheck is due and much more. i had trip sheets for every flight, the potential to access every flight plan ever, a whole bunch of image attachments to bookings for reimbursement flights containing yet again more PII, airplane maintenance data, you name it.
i also share with him how close we seemingly are to actually finding the TSA nofly list, which would obviously immediately make this an even bigger story than if it were "only" a super trivially ownable airline. i had even peeked at the nofly s3 bucket at this point which was seemingly empty. so we took one last look at the noflycomparison repositories to see if there is anything in there, and for the first time actually take a peek at the test data in the repository. and there it is. three csv files, employee_information.csv, NOFLY.Csv and SELECTEE.Csv. all commited to the repository in july 2022. the nofly csv is almost 80mb in size and contains over 1.56 million rows of data. this HAS to be the real deal (we later get confirmation that it is indeed a copy of the nofly list from 2019). h--------, we actually have the nofly list. holy f------ bingle. what?! :3 - comunale Visual Statio % 5 4 T 6 HUAWEI 12⁰ / Z 1 ST H ( 8 ប N O J 9 1 M 192.168.1.2 O O : L P 6 Alt Gr O é 0 Ctri at 51 A with the jackpot found and being looked into by my journalism friends i decided to dig a little further into aws. grabbing sample documents from various s3 buckets, going through flight plans and dumping some dynamodb tables. at this point i had found pretty much all PII imaginable for each of their crew members. full names, addresses, phone numbers, passport numbers, pilot's license numbers, when their next linecheck is due and much more. i had trip sheets for every flight, the potential to access every flight plan ever, a whole bunch of image attachments to bookings for reimbursement flights containing yet again more PII, airplane maintenance data, you name it.

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew "how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way"

FE T & / Z H ( 1 8 U N O 1 1 M K Fo 0 O ; . siss L T P 6 : Alt Gr O FN A BULAN 9 1 à Ctrl Y -1 E 51 with the jackpot found and being looked into by my journalism friends i decided to dig a little further into aws. grabbing sample documents from various s3 buckets, going through flight plans and dumping some dynamodb tables. at this point i had found pretty much all PII imaginable for each of their crew members. full names, addresses, phone numbers, passport numbers, pilot's license numbers, when their next linecheck is due and much more. i had trip sheets for every flight, the potential to access every flight plan ever, a whole bunch of image attachments to bookings for reimbursement flights containing yet again more PII, airplane maintenance data, you name it. i had owned them completely in less than a day, with pretty much no skill required besides the patience to sift through hundreds of shodan/zoomeye results. so what happens next with the nofly data while the nature of this information is sensitive, i believe it is in the public interest for this list to be made available to journalists and human rights organizations. if you are a journalist, researcher, or other party with legitimate interest, please reach out at nofly@crimew.gay. i will only give this data to parties that i believe will do the right thing with it. alternatively the data is now also available for access (upon request) via DDoSecrets. note: if you email me there and i do not reply within a regular timeframe it is very likely my reply ended up in your spam folder or got lost. using email not hosted by google or msft is hell. feel free to dm me on twitter in that case. support me if you liked this or any of my other security research feel free to support me on my ko-fi. i am unemployed and in a rather precarious financial situation and do this research for free and for the fun of it, so anything goes a long way.
FE T & / Z H ( 1 8 U N O 1 1 M K Fo 0 O ; . siss L T P 6 : Alt Gr O FN A BULAN 9 1 à Ctrl Y -1 E 51 with the jackpot found and being looked into by my journalism friends i decided to dig a little further into aws. grabbing sample documents from various s3 buckets, going through flight plans and dumping some dynamodb tables. at this point i had found pretty much all PII imaginable for each of their crew members. full names, addresses, phone numbers, passport numbers, pilot's license numbers, when their next linecheck is due and much more. i had trip sheets for every flight, the potential to access every flight plan ever, a whole bunch of image attachments to bookings for reimbursement flights containing yet again more PII, airplane maintenance data, you name it. i had owned them completely in less than a day, with pretty much no skill required besides the patience to sift through hundreds of shodan/zoomeye results. so what happens next with the nofly data while the nature of this information is sensitive, i believe it is in the public interest for this list to be made available to journalists and human rights organizations. if you are a journalist, researcher, or other party with legitimate interest, please reach out at nofly@crimew.gay. i will only give this data to parties that i believe will do the right thing with it. alternatively the data is now also available for access (upon request) via DDoSecrets. note: if you email me there and i do not reply within a regular timeframe it is very likely my reply ended up in your spam folder or got lost. using email not hosted by google or msft is hell. feel free to dm me on twitter in that case. support me if you liked this or any of my other security research feel free to support me on my ko-fi. i am unemployed and in a rather precarious financial situation and do this research for free and for the fun of it, so anything goes a long way.

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew "how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way"

here is a sample of a departure ACARS message: ~/bounty/commutair 20:41:44 $ cat in-01012023-003509-1136486_DEP. RCV 6 7 File: in-01012023-003509-1136486_DEP. RCV from here on i started trying to find journalists interested in a probably pretty broad breach of US aviation. which unfortunately got peoples hopes up in thinking i was behind the TSA problems and groundings a day earlier, but unfortunately im not quite that cool. so while i was waiting for someone to respond to my call for journalists i just kept digging, and oh the things i found. ^AQU CLEADC5 .DDLXCXA 010035 ABDEP FI C54253/AN N13161/DA KDEN/DS KSGF/OT 0035/FB 60/BF DT DDL DEN 010035 M93A AC as i kept looking at more and more config files in more and more of the projects, it dawned on me just how heavily i had already owned them within just half an hour or so. hardcoded credentials there would allow me access to navblue apis for refueling, cancelling and updating flights, swapping out crew members and so on (assuming i was willing to ever interact with a SOAP api in my life which i sure as hell am not). i however kept looking back at the two projects named noflycomparison and noflycomparisonv2, which seemingly take the TSA nofly list and check if any of commuteair's crew members have ended up there. there are hardcoded credentials and s3 bucket names, however i just cant find the actual list itself anywhere. probably partially because it seemingly always gets deleted immediately after processing it, most likely specifically because of nosy kittens like me. amazon.dynamodb.endpoint-dynamodb.us-east-1.amazonaws.com amazon.s3.endpoint-https://s3.us-east-1.amazonaws.com amazon.dynamodb.region=com.amazonaws.regions. Regions. US_EAST 1 #UAT SERVER #amazon.aws.accesskey=AKIA #amazon.aws.secretkey= #PROD SERVER amazon.aws.accesskey=AKIA amazonaws.secretkey= bucketName=uat-fltplan-outbound-pdf-store #UAT downloadFilePath=C: /C5_SERVICES_TEMP/ComplyService/ flight DetailsTable=C5_FlightDetails #PROD :8080/job/ComplyService/ws/ComplyServices/ #complyUploadUrl=https://commutair-test-api.comply365.net/api/SYS/v1/Files/UploadFile?uid= #categoryUid== complyUploadUrl=https://commutair-api.comply365.net/api/SYS/v1/Files/UploadFile?uid= categoryUid- toMailList-C
here is a sample of a departure ACARS message: ~/bounty/commutair 20:41:44 $ cat in-01012023-003509-1136486_DEP. RCV 6 7 File: in-01012023-003509-1136486_DEP. RCV from here on i started trying to find journalists interested in a probably pretty broad breach of US aviation. which unfortunately got peoples hopes up in thinking i was behind the TSA problems and groundings a day earlier, but unfortunately im not quite that cool. so while i was waiting for someone to respond to my call for journalists i just kept digging, and oh the things i found. ^AQU CLEADC5 .DDLXCXA 010035 ABDEP FI C54253/AN N13161/DA KDEN/DS KSGF/OT 0035/FB 60/BF DT DDL DEN 010035 M93A AC as i kept looking at more and more config files in more and more of the projects, it dawned on me just how heavily i had already owned them within just half an hour or so. hardcoded credentials there would allow me access to navblue apis for refueling, cancelling and updating flights, swapping out crew members and so on (assuming i was willing to ever interact with a SOAP api in my life which i sure as hell am not). i however kept looking back at the two projects named noflycomparison and noflycomparisonv2, which seemingly take the TSA nofly list and check if any of commuteair's crew members have ended up there. there are hardcoded credentials and s3 bucket names, however i just cant find the actual list itself anywhere. probably partially because it seemingly always gets deleted immediately after processing it, most likely specifically because of nosy kittens like me. amazon.dynamodb.endpoint-dynamodb.us-east-1.amazonaws.com amazon.s3.endpoint-https://s3.us-east-1.amazonaws.com amazon.dynamodb.region=com.amazonaws.regions. Regions. US_EAST 1 #UAT SERVER #amazon.aws.accesskey=AKIA #amazon.aws.secretkey= #PROD SERVER amazon.aws.accesskey=AKIA amazonaws.secretkey= bucketName=uat-fltplan-outbound-pdf-store #UAT downloadFilePath=C: /C5_SERVICES_TEMP/ComplyService/ flight DetailsTable=C5_FlightDetails #PROD :8080/job/ComplyService/ws/ComplyServices/ #complyUploadUrl=https://commutair-test-api.comply365.net/api/SYS/v1/Files/UploadFile?uid= #categoryUid== complyUploadUrl=https://commutair-api.comply365.net/api/SYS/v1/Files/UploadFile?uid= categoryUid- toMailList-C

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew "how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way"

fast forward a few hours and im now talking to Mikael Thalen, a staff writer at dailydot. i give him a quick rundown of what i have found so far and how in the meantime, just half an hour before we started talking, i have ended up finding AWS credentials. i now seemingly have access to pretty much their entire aws infrastructure via aws-cli. numerous s3 buckets, dozens of dynamodb tables, as well as various servers and much more. commute really loves aws. ~/bounty/commutair $aws s3 1s 2022-12-15 02:11:14 2022-12-15 02:16:46 2018-07-12 19:46:01 aws-logs-353966347147-us-east-1 2022-12-14 23:36:03 aws logsalb 969 43e 7 2020-12-07 18:52:16 2019-10-22 07:56:51 ca-dynamodb-bkp 2017-09-29 17:37:34 ca-ip-dev-s3 2017-11-27 06:44:57 ca-ip-prod-s3 2017-12-01 09:10:35 2022-10-29 17:13:14 2017-06-30 20:42:09 elasticbeanstalk-us-east-1-35396634714 17:34:17 aws-cloudtrail-logs-353966347147-2b88e aws-cloudtrail-logs-353966347147-75a13 c5-integration-builds 2020-10-23 21:57:45 flightrelease 2020-10-28 20:42:16 fligtrelease-backup 2021-06-09 09:06:40 prod-amos-archive-bucket 2021-09-14 17:19:55 prod-blankgendec-pdf 2021-06-09 09:06:4, 2021-06-09 09:06:4 2021-09-14 17:20:2 2021-09-17 07:32:2 2022-09-13 18:24:3 2022-06-27 20:15:5 2022-09-13 18:24:3 2022-10-17 06:10:2 2022-09-13 18:24:3 2022-11-11 20:54:2 2022-07-27 03:48:1 2021-06-09 09:06:4 2021-06-09 09:06:4 2021-09-23 21:25:4 ore 2021-06-09 09:06:40 prod-company-document-bucket 2021-06-09 09:06:40 prod-crew-archive-bucket 2022-01-14 06:54:44 cf-templates-111lipqerp78m-us-east-1 cf-templates-111lipqerp78m-us-east-2 2021-06-09 09:06:4 2021-05-31 13:52:4 2021-09-14 17:27:30 2022-11-10 16:27:00 prod-ecs-container-logs 2021-06-09 09:06:40 prod-flifo-archive-bucket 2021-09-14 16:40:07 prod-fltplan-outbound-eff-store 2021-09-14 16:40:07 prod-fltplan-outbound-pdf-store 2022-05-23 19:02:18 prod-formurl 2021-06-09 09:06:4 prod-daily-fa-reads-pdf-store prod-daily-pilot-reads-pdf-store ~/bounty/commutair17:12:46 $aws dynamodb list-tables "TableNames": [ "AlertHistoryTest", "AlertHistoryTest1", "AlertTest", "C5GlobalTest", "C5_Activities", "C5_AirportCode_TimeZone", "C5_CASS_KCM_Requests", "C5_CREW_00S", "C5_Calendar_V1", "C5_Crew_Vacation", "C5_FlightPlanStore", "C5_FlightScheduleDiff", "C5_Flights", "C5 51+PlanRecord"
fast forward a few hours and im now talking to Mikael Thalen, a staff writer at dailydot. i give him a quick rundown of what i have found so far and how in the meantime, just half an hour before we started talking, i have ended up finding AWS credentials. i now seemingly have access to pretty much their entire aws infrastructure via aws-cli. numerous s3 buckets, dozens of dynamodb tables, as well as various servers and much more. commute really loves aws. ~/bounty/commutair $aws s3 1s 2022-12-15 02:11:14 2022-12-15 02:16:46 2018-07-12 19:46:01 aws-logs-353966347147-us-east-1 2022-12-14 23:36:03 aws logsalb 969 43e 7 2020-12-07 18:52:16 2019-10-22 07:56:51 ca-dynamodb-bkp 2017-09-29 17:37:34 ca-ip-dev-s3 2017-11-27 06:44:57 ca-ip-prod-s3 2017-12-01 09:10:35 2022-10-29 17:13:14 2017-06-30 20:42:09 elasticbeanstalk-us-east-1-35396634714 17:34:17 aws-cloudtrail-logs-353966347147-2b88e aws-cloudtrail-logs-353966347147-75a13 c5-integration-builds 2020-10-23 21:57:45 flightrelease 2020-10-28 20:42:16 fligtrelease-backup 2021-06-09 09:06:40 prod-amos-archive-bucket 2021-09-14 17:19:55 prod-blankgendec-pdf 2021-06-09 09:06:4, 2021-06-09 09:06:4 2021-09-14 17:20:2 2021-09-17 07:32:2 2022-09-13 18:24:3 2022-06-27 20:15:5 2022-09-13 18:24:3 2022-10-17 06:10:2 2022-09-13 18:24:3 2022-11-11 20:54:2 2022-07-27 03:48:1 2021-06-09 09:06:4 2021-06-09 09:06:4 2021-09-23 21:25:4 ore 2021-06-09 09:06:40 prod-company-document-bucket 2021-06-09 09:06:40 prod-crew-archive-bucket 2022-01-14 06:54:44 cf-templates-111lipqerp78m-us-east-1 cf-templates-111lipqerp78m-us-east-2 2021-06-09 09:06:4 2021-05-31 13:52:4 2021-09-14 17:27:30 2022-11-10 16:27:00 prod-ecs-container-logs 2021-06-09 09:06:40 prod-flifo-archive-bucket 2021-09-14 16:40:07 prod-fltplan-outbound-eff-store 2021-09-14 16:40:07 prod-fltplan-outbound-pdf-store 2022-05-23 19:02:18 prod-formurl 2021-06-09 09:06:4 prod-daily-fa-reads-pdf-store prod-daily-pilot-reads-pdf-store ~/bounty/commutair17:12:46 $aws dynamodb list-tables "TableNames": [ "AlertHistoryTest", "AlertHistoryTest1", "AlertTest", "C5GlobalTest", "C5_Activities", "C5_AirportCode_TimeZone", "C5_CASS_KCM_Requests", "C5_CREW_00S", "C5_Calendar_V1", "C5_Crew_Vacation", "C5_FlightPlanStore", "C5_FlightScheduleDiff", "C5_Flights", "C5 51+PlanRecord"

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew "how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way"

step 2: how much access do we have really? ok but let's not get too excited too quickly. just because we have found a funky jenkins server doesn't mean we'll have access to much more than build logs. it quickly turns out that while we don't have anonymous admin access (yes that's quite frequently the case [god i love jenkins]), we do have access to build workspaces. this means we get to see the repositories that were built for each one of the ~70 build jobs. step 3: let's dig in most of the projects here seem to be fairly small spring boot projects. the standardized project layout and extensive use of the resources directory for configuration files will be very useful in this whole endeavour. the very first project i decide to look at in more detail is something about "ACARS incoming", since ive heard the term acars before, and it sounds spicy. a quick look at the resource directory reveals a file called application-prod.properties (same also for -dev and -uat). it couldn't just be that easy now, could it? well, it sure is! two minutes after finding said file im staring at filezilla connected to a navtech sftp server filled with incoming and outgoing ACARS messages. this aviation s--- really do get serious. this aviation s--- get serious emote site: /ForNavtech/ACARS IN ETT VOY PDF OUT ForNavtech ACARS IN AIMS IN FUELIN Filename A Filesize Filetype in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-01... in-01012023-01... in-01012023-01... in-01012023-011... in-01012023-01... in-01012023-01... in 01012023-01... in-01012023-01.. in-01012023-01 -01012023-01... in-01012023-01 Last modified Permission Owner/Grou 01012023-01 in-01012023-01 01/06/2023. -rw-rr 658 500 01/06/2023. -rw-r--r- 658 500 -FW-E-F-- 658 500 01/06/2023 -rw-r- 658 500 01/06/2023 01/06/2023 -rw-r-- 01/06/2023 01/06/2023... -rw-t-r- -TW-4-1- 47-4-4 01/06/2023. ---- 01/06/2023. 01/06/2023... -TW-E-E 01/06/2023 01/06/2023 Wist -W----- 01/06/2023 01/06/2023 01/06/2023 01/06/2023 01/06/2023 01/30/2023 01/06/2023 01/06/2023 125 RCV-file 126 RCV-file 129 RCV-file 133 RCV-file 126 RCV-file 126 RCV-file 133 RCV-file 127 RCV-file 127 RCV-file 127 RCV-file 129 RCV-file 127 RCV-file 127 RCV-file 127 RCV-tile 127 RCV-file 127 RCV-le 126 RCV-186 127 RCV nic AZT WCV-te 01012023-91 in-01012023-01 01012023 01 28319 fos Total size 3.581.552 bytes 658 500 658 500 658 500 658 500 458 500 658 500 558 500 658.500 558 500 658500 658 500 658 500 658 500 658 500 458-300 442
step 2: how much access do we have really? ok but let's not get too excited too quickly. just because we have found a funky jenkins server doesn't mean we'll have access to much more than build logs. it quickly turns out that while we don't have anonymous admin access (yes that's quite frequently the case [god i love jenkins]), we do have access to build workspaces. this means we get to see the repositories that were built for each one of the ~70 build jobs. step 3: let's dig in most of the projects here seem to be fairly small spring boot projects. the standardized project layout and extensive use of the resources directory for configuration files will be very useful in this whole endeavour. the very first project i decide to look at in more detail is something about "ACARS incoming", since ive heard the term acars before, and it sounds spicy. a quick look at the resource directory reveals a file called application-prod.properties (same also for -dev and -uat). it couldn't just be that easy now, could it? well, it sure is! two minutes after finding said file im staring at filezilla connected to a navtech sftp server filled with incoming and outgoing ACARS messages. this aviation s--- really do get serious. this aviation s--- get serious emote site: /ForNavtech/ACARS IN ETT VOY PDF OUT ForNavtech ACARS IN AIMS IN FUELIN Filename A Filesize Filetype in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-01... in-01012023-01... in-01012023-01... in-01012023-011... in-01012023-01... in-01012023-01... in 01012023-01... in-01012023-01.. in-01012023-01 -01012023-01... in-01012023-01 Last modified Permission Owner/Grou 01012023-01 in-01012023-01 01/06/2023. -rw-rr 658 500 01/06/2023. -rw-r--r- 658 500 -FW-E-F-- 658 500 01/06/2023 -rw-r- 658 500 01/06/2023 01/06/2023 -rw-r-- 01/06/2023 01/06/2023... -rw-t-r- -TW-4-1- 47-4-4 01/06/2023. ---- 01/06/2023. 01/06/2023... -TW-E-E 01/06/2023 01/06/2023 Wist -W----- 01/06/2023 01/06/2023 01/06/2023 01/06/2023 01/06/2023 01/30/2023 01/06/2023 01/06/2023 125 RCV-file 126 RCV-file 129 RCV-file 133 RCV-file 126 RCV-file 126 RCV-file 133 RCV-file 127 RCV-file 127 RCV-file 127 RCV-file 129 RCV-file 127 RCV-file 127 RCV-file 127 RCV-tile 127 RCV-file 127 RCV-le 126 RCV-186 127 RCV nic AZT WCV-te 01012023-91 in-01012023-01 01012023 01 28319 fos Total size 3.581.552 bytes 658 500 658 500 658 500 658 500 458 500 658 500 558 500 658.500 558 500 658500 658 500 658 500 658 500 658 500 458-300 442

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew "how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way"


Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak no fly list leak tsa no fly list switzerland swiss leaked

Maia Arson Crimew Website Homepage

← → C maia. crimew.gay maia.crimew.gay 88 X 31 maia Don't Click Here arson crimew home | blog | sample packs hello i am maia arson crimew (it/she) and i am gay, mostly for girls, and i'm a tiny kitten :3 i know lot's of things about cyber security, programming and far too little about music but i still try to do all those things at once. if you like the things i do here or on social media you can support me on ko-fi. links to the various things i do can be found in the footer. if you're looking for some more serious info about me, there is wikipedia for that. rss feed birded site | fedded verse | sounded cloud | last dot federated states of micronesia | gitted hub gitted tea versary S ANARCHY Sleegy f A sleeqy fKitten's a oat.zone town Now! Zone A.C.A.B. archlinux radio Korner D slimes... "Now! L Slug ca
← → C maia. crimew.gay maia.crimew.gay 88 X 31 maia Don't Click Here arson crimew home | blog | sample packs hello i am maia arson crimew (it/she) and i am gay, mostly for girls, and i'm a tiny kitten :3 i know lot's of things about cyber security, programming and far too little about music but i still try to do all those things at once. if you like the things i do here or on social media you can support me on ko-fi. links to the various things i do can be found in the footer. if you're looking for some more serious info about me, there is wikipedia for that. rss feed birded site | fedded verse | sounded cloud | last dot federated states of micronesia | gitted hub gitted tea versary S ANARCHY Sleegy f A sleeqy fKitten's a oat.zone town Now! Zone A.C.A.B. archlinux radio Korner D slimes... "Now! L Slug ca

Maia Arson Crimew's "No-Fly List" Leak
maia arson crimew no fly list leak tsa homepage website blog