fsebugoutzone.org:9999

       Post AkDSruCE7dk29waOmW by lanodan@queer.hacktivis.me
 (DIR) More posts by lanodan@queer.hacktivis.me
 (DIR) Post #AkCVw286fmLGcyMJiy by i_lost_my_bagel@mastodon.lilysthings.org
       2024-04-07T05:45:55Z
       
       4 likes, 6 repeats
       
       fun fact: if you have a laptop or desktop that has an intel cpu with &quot;vPro&quot; on the sticker there&#39;s a chance the management engine in your CPU is just hosting a web server at all times.It&#39;s at port 16992
       
 (DIR) Post #AkCVw6S6bMiS29kLS4 by i_lost_my_bagel@mastodon.lilysthings.org
       2024-04-07T15:09:13Z
       
       1 likes, 0 repeats
       
       Intel Management Engine AMT KVM in action
       
 (DIR) Post #AkCWOU7OCpuFXZaeVk by Johann150@genau.qwertqwefsday.eu
       2024-04-07T06:53:21.411Z
       
       1 likes, 0 repeats
       
       @i_lost_my_bagel@mastodon.lilysthings.org fucking hell
       
 (DIR) Post #AkCWT6paDNC2lSSz6O by alinanorakari@broken.graphics
       2024-04-09T19:22:37Z
       
       0 likes, 0 repeats
       
       @i_lost_my_bagel does this require Windows? My localhost thankfully doesn&#39;t react to requests on that port but I&#39;m also running Linux
       
 (DIR) Post #AkCWT7xm0PL4H9J2VU by i_lost_my_bagel@mastodon.lilysthings.org
       2024-04-09T19:36:44Z
       
       1 likes, 0 repeats
       
       @alinanorakari if AMT is enabled it requires you to have the windows drivers ONLY TO SEE THE WEB INTERFACE ON THE LOCALHOST. If it&#39;s enabled you can still go to the web interface from any other machine by going to the IP.
       
 (DIR) Post #AkCWXzl7w2fMHNiCiu by veast@mstdn.social
       2024-04-07T16:57:23Z
       
       1 likes, 0 repeats
       
       @i_lost_my_bagel Oh yeah, AMT! This has a terrible exploit where you can logon with no password.I exploited it on my friend&#39;s server once.
       
 (DIR) Post #AkCWj98PPwryXgv3Ro by lanodan@queer.hacktivis.me
       2024-07-22T21:19:52.607108Z
       
       0 likes, 0 repeats
       
       @Johann150 @i_lost_my_bagel Now I have an awful question, can regular websites reach it via XHR/Fetch or heck iframes/forms?
       
 (DIR) Post #AkCX1ENOfRwA0nYLwW by Johann150@genau.qwertqwefsday.eu
       2024-07-22T21:22:34.184Z
       
       1 likes, 0 repeats
       
       @lanodan@queer.hacktivis.me @i_lost_my_bagel@mastodon.lilysthings.org iframe works
       
 (DIR) Post #AkCpAuLPnbXLxFOFPc by Hoss@shitpost.cloud
       2024-04-07T21:51:17.028611Z
       
       0 likes, 1 repeats
       
       This what the glowies use?
       
 (DIR) Post #AkCpAvRTiXytMLEbVA by djsumdog@djsumdog.com
       2024-04-07T22:07:45.843722Z
       
       0 likes, 0 repeats
       
       vPro has been around since the early 2000s. I didn&#39;t know it just keeps a web server running now though. I wonder if that&#39;s from the ME chip itself, or if it&#39;s from the chipset drivers ... it would almost certainly have to be the chipset drivers if connecting to localhost
       
 (DIR) Post #AkCpAwEklLOdpAHxJ2 by Suiseiseki@freesoftwareextremist.com
       2024-04-08T02:29:57.586814Z
       
       0 likes, 0 repeats
       
       @djsumdog &gt;I wonder if that&#39;s from the ME chip itself, or if it&#39;s from the chipset drivers ... it would almost certainly have to be the chipset drivers if connecting to localhostThe ME runs MINIX and contains a web server as well as remote control functionality and even the ability to rewrite the storage medium when the computer is meant to be &quot;off&quot; (definitely not a frontdoor).&quot;vPro&quot; requires an intel NIC chipset, which gives the ME its own MAC address and allows it to be accessed via the standard method, but otherwise doesn&#39;t require any chipset drivers to function.
       
 (DIR) Post #AkCpAwrORgIxl0MoXA by djsumdog@djsumdog.com
       2024-04-08T03:15:39.873610Z
       
       0 likes, 0 repeats
       
       So I knew about the Minix (and I think some newer boards have their own SoC chip just for ME). I was just wondering how it appeared as localhost in the video. The ME gets its own IP address (and on server boards, it often runs on a different physical Ethernet port), right?
       
 (DIR) Post #AkCpAxQULCNTVqmqEi by Suiseiseki@freesoftwareextremist.com
       2024-04-08T03:36:49.471553Z
       
       0 likes, 0 repeats
       
       @djsumdog &gt;I think some newer boards have their own SoC chip just for MENope.The ME in 2008 and before ran on an ARC processor built into the NIC chip, but later versions run on a dedicated x86 core built into the CPU substrate - so no SoC to speak of.&gt;The ME gets its own IP address right?Yes, otherwise it would conflict with the computer trying to listen on port 16992.&gt;and on server boards, it often runs on a different physical Ethernet portI can&#39;t find any details on this, but I guess?A different physical port probably won&#39;t make much difference security wise if one Ethernet chipset is handling the ports.
       
 (DIR) Post #AkCpAy3pytqxTtCGZM by lispi314@udongein.xyz
       2024-07-23T00:17:48.551259Z
       
       0 likes, 0 repeats
       
       @Suiseiseki @djsumdog On servers there&#39;s usually a dedicated management port, yes, and on mine I don&#39;t think it&#39;s handled by the same chipset either.In any case even if it were a single chipset, if it only listened to the network on the dedicated physical port and no other, abusing the built-in proprietary malware would be much more difficult.
       
 (DIR) Post #AkCpAyZk4HNF4q7kIa by djsumdog@djsumdog.com
       2024-07-23T00:48:59.344257Z
       
       1 likes, 0 repeats
       
       Yes, that sounds right. It&#39;s been a long time since I&#39;ve worked in a data centre, but if I remember correctly, we had a whole separate set of switches just for the management network (I think we put ME and HP iLO on that network. We didn&#39;t have any iDRAC/Dell). They had their own IP ranges and the networking guy used jump boxes (I think he had two for redundancy) if he needed to get to the management network. I want to say the ME adapters were red and the iLO ones were green? .. they&#39;re usually a different color than the primary NIC. We also had separate storage networks that weren&#39;t shared with anything either. The main network had vLAN tagging for data, VoIP and some other crap.
       
 (DIR) Post #AkDSruCE7dk29waOmW by lanodan@queer.hacktivis.me
       2024-07-23T08:13:34.892610Z
       
       0 likes, 0 repeats
       
       @domi @Johann150 @i_lost_my_bagel Yeah that said not everything respects CORS and a *ton* of things use HTTP these days.
       
 (DIR) Post #ArDBSDQ9vwgqWISTYG by ivesen@miniwa.moe
       2025-02-17T14:03:33.677538Z
       
       0 likes, 0 repeats
       
       @i_lost_my_bagel so it is...Can I make this thing do something funny?
       
 (DIR) Post #ArDDoiC2P5M0Emhx4q by kerosene
       2025-02-17T14:30:13.052413Z
       
       1 likes, 0 repeats
       
       @Hoss @i_lost_my_bagel This is why I&#39;m &quot;so bad at video games&quot;. My assigned glownigger just keeps randomly pressing keys and clicking on the screen so my skills appear to be much worse while in PvP matches.
       
 (DIR) Post #ArDF1VUp1QbUZq9vdI by m@martinh.net
       2024-04-07T13:59:13Z
       
       0 likes, 0 repeats
       
       @i_lost_my_bagel Surprise!
       
 (DIR) Post #ArDF1WZT1duhuXL9Vo by m@martinh.net
       2024-04-07T14:04:22Z
       
       1 likes, 0 repeats
       
       @i_lost_my_bagel As tradition demands...