blockchain – how to Recover Bitcoin lost to Investment scam

There are Lots Of Scammers Out there Scamming people with little knowledge about Bitcoin Mining or Bitcoin in General. taking advantage of their interest in Investing in Bitcoin. Well Any one who as Ever Fallen Victim can now Recover their Funds By ËMÄÏĻÏÑĞ [scrubbed scam email address]. he is a Professional Recovery Expert Who successfully Recovered 85K USD Worth Of BTC Stolen from My Wallet by Hackers and also Helped A Close Friend Recover 9.67 BTC She Lost to Fake Bitcoin Mining Website. As a Guaranty That he will Get the Job Done, He Takes Charges Only After The Job Is Done.

oauth 2.0 – Claims getting lost after authenticating using oauth2 with ASP.NET Identity using ASP.NET Core 5

I have 2 different C# Visual Studio 2019 16.9.4 solutions for ASP.NET Core MVC 5.0, one acting as identity provider and the other one as a client. So far, when I authenticate the client, the claims are persisted to the cookie but when token endpoint is called by oauth middleware in client application, claims get lost in HttpContext.User object. When I commented out code under Authorize/Token action, it throws an exception that JSON token cannot be extracted but upon refreshing the client app page, I’m able to retrieve claims in client app. Can you help where I’m missing for this oauth and asp.net identity. I don’t want to persist claims in access-token because it can grow big

The code for identity provider

public class AuthorizeController : Controller
{
private readonly IConfiguration _configuration;

    public AuthorizeController(IConfiguration configuration)
    {
        _configuration = configuration;
    }

    (HttpGet)
    public IActionResult Login(string response_type,
        string client_id,
        string redirect_uri,
        string scope,
        string state)
    {
        return View(new LoginDTO
        {
            ClientId = client_id,
            RedirectUri = redirect_uri,
            ResponseType = response_type,
            Scope = scope ?? string.Empty,
            State = state
        });
    }

    (HttpPost("Login"))
    public async Task<IActionResult> Login(LoginDTO login)
    {
        var claims = new List<Claim>
            {
                new Claim("username", login.Username),
                new Claim("usertype", "administrator"),
                new Claim(ClaimTypes.Email, "someuser@somedev.com"),
                new Claim(ClaimTypes.NameIdentifier, login.Username)
            };

        var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
        var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
        await HttpContext.SignInAsync(claimsPrincipal, new AuthenticationProperties
        {
            IsPersistent = true
        });

        var code = "random code here";

        //build query string
        var queryBuilder = new QueryBuilder();
        queryBuilder.Add("code", code);
        queryBuilder.Add("state", login.State);

        return Redirect($"{ login.RedirectUri }{ queryBuilder.ToString() }");
    }

    public IActionResult Token(string grant_type,
        string code,
        string redirect_uri,
        string client_id)
    {
        var user = HttpContext.User;

        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration("ClientKey")));

        var securityToken = new JwtSecurityToken(issuer: _configuration("IdentityIssuer"),
            audience: _configuration("IdentityAudience"),
            expires: DateTime.UtcNow.AddDays(1),
            signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha256)
            );

        var accessToken = new JwtSecurityTokenHandler().WriteToken(securityToken);

        return Ok(new
        {
            access_token = accessToken,
            token_type = "Bearer"
        });

        //var response = new
        //{
        //    access_token = accessToken,
        //    token_type = "Bearer"
        //};

        //Response.StatusCode = (int)HttpStatusCode.OK;
        //var responseJson = JsonConvert.SerializeObject(response);
        //var bytes = Encoding.UTF8.GetBytes(responseJson);
        //await Response.Body.WriteAsync(bytes, 0, bytes.Length);
        //return new EmptyResult();
    }

The following code is in client app

public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}

    public IConfiguration Configuration { get; }

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddControllersWithViews();
        services.AddDataProtection()
                .PersistKeysToFileSystem(new DirectoryInfo(Configuration("KeyFolder")))
                .SetApplicationName("SharedCookieApp");

        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = "oauth";
        })
        .AddCookie("Cookies", options =>
        {
            options.Cookie.HttpOnly = true;
            options.Cookie.SameSite = SameSiteMode.Lax;
            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
            options.Cookie.IsEssential = true;
        })
        .AddOAuth("oauth", config =>
        {
            config.SignInScheme = "Cookies";
            config.SaveTokens = true;
            config.ClientId = Configuration("ClientId");
            config.ClientSecret = Configuration("ClientKey");
            config.AccessDeniedPath = new PathString("/Home/AccessDenied");
            config.CallbackPath = new PathString("/oauth/callback");
            config.AuthorizationEndpoint = $"{Configuration("IdentityIssuer)}/authorize/login";
            config.TokenEndpoint = $"{Configuration("IdentityIssuer")}/authorize/token";

            config.CorrelationCookie.HttpOnly = true;
            config.CorrelationCookie.IsEssential = true;
            config.CorrelationCookie.SameSite = SameSiteMode.None;
            config.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
            config.CorrelationCookie.Name = "Oauth.Correlation.Cookie";
        });

        services.AddAuthorization(options =>
        {
            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
            options.AddPolicy("AuthenticatedUser", policy);
        });
    }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            app.UseHsts();
        }
        app.UseHttpsRedirection();
        app.UseStaticFiles();

        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");
        });
    }

powered by the apocalypse – Difficulty or penalty in KULT: Divinity Lost tests

Should the GM set a difficulty (a penalty) for player moves, in the form of Move(2d10) + Attribute - Penalty?

I’m asking because, despite for Endure Injury move, this is not clear in the book, but it seems reasonable to set a penalty when the situation is clearly disadvantageous for the player characters.

For example, when a PC Engage in Combat against a group of two or more people, without any backup, should the GM ask for a roll with a -1 (or even greater) penalty?

e.g. Attack when in a minor number

roll Engage in Combat + Violence - 1

The contrary also applies, to add a bonus when the players have the situation to their advantage.

e.g. Attack when the opponent is dizzy

roll Engage in Combat + Violence + 1

This would make a huge difference for Keep it Together move, where an extreme situation (e.g. seeing a being from another reality) would be much harder to succeed than from a more common one (e.g. looking at a corpse).

LowEndBoxTV: How to Find That File You Lost in Linux

I was editing it just a minute ago…

Ever lose something on a filesystem? It can be tricky to move around directories tryin to find it. In this video, we shown you two ways to quickly find any file on Linux, as well as ways to search for files by criteria such as size, age, and owner.


As we launch our channel, we would appreciate your likes, shares, and above all subscriptions.  We’re also interested to know what kind of content you’d like to see – please comment below!

raindog308

I’m Andrew, techno polymath and long-time LowEndTalk community Moderator. My technical interests include all things Unix, perl, python, shell scripting, and relational database systems. I enjoy writing technical articles here on LowEndBox to help people get more out of their VPSes.

recover private key – Lost my original Wallet.dat in which I gor the bitcoing

What do you mean by your “Bitcoin Key”? You then talk about “Private Key”. Are you talking about different things?

How can I get to know my Private Key?

That’s what your wallet.dat contained. Obviously you cannot magically get that back if you’ve lost your wallet.dat. Otherwise, Bitcoin would be with $0 as anyone could just “make up” private keys with any amount of Bitcoin. Please use logical thinking.

I have no idea why you seem to think that installing Bitcoin Core would somehow retrieve a long-deleted wallet.dat.

I have lost my wallet, what can I do?

I had an account on a website, but don’t remember which one

Search your email account for an account creation confirmation email. Helpful search terms may include “bitcoin”, “wallet”, “exchange”, “btc”, “blockchain”, or “cryptocurrency”. If you purchased bitcoins, you may want to look at your old bank statements as well. There is no global register of bitcoin users or services, so if you cannot find anything you may be out of luck—we cannot help you, because we don’t know either.

I had a web wallet, but the service shut down since

If the service had custody of your bitcoin balance, it is likely lost. Research the name of the service to determine what happened to the service, in case it just rebranded and is still around.

My wallet service still exists, but I lost access

We don’t have insight into your customer relationship with services, so we cannot help you. Contact the service and initiate an account recovery process.

I had a self-custodial wallet, have lost the wallet, and have no backup

Bitcoin balances are tracked via the blockchain, and a user’s bitcoin wallet primary purpose is to secure the private keys which are used to establish ownership and to track any transactions related to those keys. The key space is enormous. If you have lost your wallet, the same keys will likely never be regenerated and no one will ever be able to spend the associated funds.

I had a self-custodial wallet, and still have the device that it was installed on

Looking over this selection of wallets may help you remember which one you used. If you still have the wallet files, you may be able to recover your funds. The name of the relevant files depends on the software that you used, but one of the most common file names is wallet.dat. If you find a wallet file, create a backup first before trying to recover the wallet.

I have a 12 or 24 word backup, what do I do?

This is called a mnemonic seed phrase. It is a standardized way to backup a wallet’s private keys. Keep the words confidential, do not enter the words in a website or untrustworthy software. You should be able to recover your wallet from the phrase. You can find instructions how to recover the wallet from it on this site.

Lost identification documents and don’t know what to do

So I’m 19 and I have no identification at all I’m from Nigeria but I came over to the U.K. when I was 5 and lived here since I had a leave to remain and a biometrics card but lost that so literally I have no ID at all I’ve tried all different ways to get something but I can’t find any solutions I just need some advice and where to go because I have no passport or no birth certificate.

How can I obtain a lost copy of a UK Visa Refusal Letter from UKBA or concerned authority?

I am a Citizen from Nepal. I applied for a UK student visa (Tier 4 (General) Student) in November 2009 got refused on grounds of poor documentation. I have lost the hard copy of my visa refusal letter sent along with my application. It was the only copy I received. I also didn’t receive any emails or soft copy of it.

Now, I am applying to Australia. In which case, both the University and Australian DIBP will ask for past visa refusals and a copy of the refusal letter. However, I happen to have a photo of only the actual comment given by the Entry Clearance Officer stating the reasons of refusal but not of the whole document.

Is there any mean by which I can obtain a copy of the visa refusal letter from the UKBA or a relevant authority?

Note: Nepal only has a consulate (not an embassy) in Kathmandu. The visa applications are/were forwarded through VFS Nepal to the British High Commission, New Delhi, India. From this link (https://www.quora.com/I-have-lost-my-UK-visa-refusal-letter-Can-I-get-a-duplicate-copy-of-it) I found that the UKBA’s Authority, to whom the visa application is forwarded, can provide you with a copy of it. I have emailed the British High Commission, New Delhi, India with necessary details 15 days ago. No response yet.

I am pretty sure they handle this, as my passport has been stamped “UK/New Delhi” on refusal.

Or should I directly email the UKBA requesting for the Visa Refusal Letter?

Please suggest if anyone has any knowledge regarding this.

ubuntu – cookie is lost on refresh using nginx as proxy_reverse. I like the cookie and would like to keep it set in the browser

I’m new to Nginx and ubuntu – have been with windows server for over a decade and this is my first try to use ubuntu and Nginx so feel free to correct any wrong assumption I write here 🙂

my setup: I have an expressjs app (node app) running as an upstream server. I have front app – built in svelte- access the expressjs/node app through Nginx proxy_reverse. Both ends are using letsencrypt and cors are set as you will see shortly.

When I run front and back apps on localhost, I’m able to login, set two cookies to the browser and all endpoints perform as expected.

When I deployed the apps I ran into weird issue. The cookies are lost once I refresh the login page. Added few flags to my server block but no go.

I’m sure there is a way – I usually find a way – but this issue really beyond my limited knowledge about Nginx and proxy_reverse setup. I’m sure it is easy for some of you but not me. I hope one of you with enough knowledge point me in the right direction or have explanation to how to fix it.

Here is the issue:
my front is available at travelmoodonline.com. Click on login. Username : mongo@mongo.com and password is 123.
inspect dev tools network. Header and response are all set correctly. Check the cookies tab under network once you login and you will get two cookies, one accesstoken and one refreshtoken.

Refresh the page. Poof. Tokens are gone. I no longer know anything about the user. stateless.

In localhost, I refresh and the cookies still there once I set them. In Nginx as proxy, I’m not sure what happens.

So my question is : How to fix it so cookies are set and sent with every req? Why the cookies disappear? Is it still there in memory somewhere? Is the path wrong? Or the cockies are deleted once I leave the page so if I redirect the user after login to another page, the cookies are not showing in dev tools.

My code :
node/expressjs server route code to login user:

app.post('/login',  (req, res)=>{
   //get form data and create cookies
   res.cookie("accesstoken", accessToken, { sameSite: 'none', secure : true });  
   res.cookie("refreshtoken", refreshtoken, { sameSite: 'none', secure : true }).json({ 
   "loginStatus": true, "loginMessage": "vavoom : doc._id })      

 }

Frontend – svelte – fetch route with a form to collect username and password and submit it to server:

    function loginform(event){
  username = event.target.username.value;
  passwordvalue = event.target.password.value;

  console.log("event username: ", username);
  console.log("event password : ", passwordvalue);

  async function asyncit (){
   
  let response = await fetch('https://www.foodmoodonline.com/login',{
  method: 'POST',
  origin : 'https://www.travelmoodonline.com',
  credentials : 'include',
  headers: {
  'Accept': 'application/json',
  'Content-type' : 'application/json'
  },
  body: JSON.stringify({
  //username and password
  })

  }) //fetch

Now my Nginx server blocks :

# Default server configuration
#
server {
    
    listen 80 default_server;
    listen (::):80 default_server;  

    root /var/www/defaultdir;
    index index.html index.htm index.nginx-debian.html;

    server_name _; 
    location / {
        try_files $uri $uri/ /index.html;
    }

   }



#  port 80 with www

server {
    listen 80;
    listen (::):80;


    server_name www.travelmoodonline.com;

    root /var/www/travelmoodonline.com;

    index index.html;

    location / {
        try_files $uri $uri/ /index.html;
    }

    return 308 https://www.travelmoodonline.com$request_uri; 

}

#  port 80 without wwww
server {
    listen 80;
    listen (::):80;

    server_name travelmoodonline.com;

    root /var/www/travelmoodonline.com;
 
    index index.html;

    location / {
        try_files $uri $uri/ /index.html;
    }

    return 308 https://www.travelmoodonline.com$request_uri;
}



# HTTPS server (with www) port 443 with www

server {
    listen 443 ssl;
    listen (::):443 ssl;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
    server_name www.travelmoodonline.com;    
    root /var/www/travelmoodonline.com;
    index index.html;    
    
    
    
    ssl_certificate /etc/letsencrypt/live/travelmoodonline.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/travelmoodonline.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        try_files $uri $uri/ /index.html;       
    }
    

}


# HTTPS server (without www) 
server {
    listen 443 ssl;
    listen (::):443 ssl;
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
    server_name travelmoodonline.com;
    root /var/www/travelmoodonline.com;
    index index.html;
   

    location / {
        try_files $uri $uri/ /index.html;       
    }
    
    ssl_certificate /etc/letsencrypt/live/travelmoodonline.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/travelmoodonline.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    
   }






server {

    server_name foodmoodonline.com www.foodmoodonline.com;

#   localhost settings
    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

    
    #    proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
    #   proxy_pass_header  localhost;

    #    proxy_pass_header Set-Cookie;
    #    proxy_cookie_domain localhost $host;
    #   proxy_cookie_path /; 

    }

    listen (::):443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/foodmoodonline.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/foodmoodonline.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.foodmoodonline.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = foodmoodonline.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen (::):80;
    server_name foodmoodonline.com www.foodmoodonline.com;
    return 404; # managed by Certbot

}

I tried 301-302-307 and 308 after reading about some of them covers the GET and not POST but didn’t change the behavior I described above. Why the cookie doesn’t set/stay in the browser once it shows in the dev tools. Should I use rewrite instead of redirect???? I’m lost.

Not sure is it nginx proxy_reverse settings I’m not aware of or is it server block settings or the ssl redirect causing the browser to loose the cookies but once you set the cookie, the browser suppose to send it with each req. What is going on here?

Thank you for reading.