azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
claudetools/imported-conversations/general-work/claude-general/651b9822-25fa-426b-9723-899e780a997f/tool-results/toolu_01HxUGeQkYyH2eEGRUc1sh3Z.txt
Mike Swanson 75ce1c2fd5 feat: Add Sequential Thinking to Code Review + Frontend Validation 
Enhanced code review and frontend validation with intelligent triggers:

Code Review Agent Enhancement:
- Added Sequential Thinking MCP integration for complex issues
- Triggers on 2+ rejections or 3+ critical issues
- New escalation format with root cause analysis
- Comprehensive solution strategies with trade-off evaluation
- Educational feedback to break rejection cycles
- Files: .claude/agents/code-review.md (+308 lines)
- Docs: CODE_REVIEW_ST_ENHANCEMENT.md, CODE_REVIEW_ST_TESTING.md

Frontend Design Skill Enhancement:
- Automatic invocation for ANY UI change
- Comprehensive validation checklist (200+ checkpoints)
- 8 validation categories (visual, interactive, responsive, a11y, etc.)
- 3 validation levels (quick, standard, comprehensive)
- Integration with code review workflow
- Files: .claude/skills/frontend-design/SKILL.md (+120 lines)
- Docs: UI_VALIDATION_CHECKLIST.md (462 lines), AUTOMATIC_VALIDATION_ENHANCEMENT.md (587 lines)

Settings Optimization:
- Repaired .claude/settings.local.json (fixed m365 pattern)
- Reduced permissions from 49 to 33 (33% reduction)
- Removed duplicates, sorted alphabetically
- Created SETTINGS_PERMISSIONS.md documentation

Checkpoint Command Enhancement:
- Dual checkpoint system (git + database)
- Saves session context to API for cross-machine recall
- Includes git metadata in database context
- Files: .claude/commands/checkpoint.md (+139 lines)

Decision Rationale:
- Sequential Thinking MCP breaks rejection cycles by identifying root causes
- Automatic frontend validation catches UI issues before code review
- Dual checkpoints enable complete project memory across machines
- Settings optimization improves maintainability

Total: 1,200+ lines of documentation and enhancements

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-17 16:23:52 -07:00

557 lines
22 KiB
Plaintext
Raw Permalink Blame History

1→# Credentials & Authorization Reference
2→**Last Updated:** 2025-12-16
3→**Purpose:** Centralized credentials for Claude Code context recovery across all machines
4→
5→---
6→
7→## Infrastructure - SSH Access
8→
9→### Jupiter (Unraid Primary)
10→- **Host:** 172.16.3.20
11→- **User:** root
12→- **Port:** 22
13→- **Password:** Th1nk3r^99##
14→- **WebUI Password:** Th1nk3r^99##
15→- **Role:** Primary container host (Gitea, NPM, GuruRMM, media)
16→- **iDRAC IP:** 172.16.1.73 (DHCP)
17→- **iDRAC User:** root
18→- **iDRAC Password:** Window123!@#-idrac
19→- **iDRAC SSH:** Enabled (port 22)
20→- **IPMI Key:** All zeros
21→
22→### Saturn (Unraid Secondary)
23→- **Host:** 172.16.3.21
24→- **User:** root
25→- **Port:** 22
26→- **Password:** r3tr0gradE99
27→- **Role:** Migration source, being consolidated to Jupiter
28→
29→### pfSense (Firewall)
30→- **Host:** 172.16.0.1
31→- **User:** admin
32→- **Port:** 2248
33→- **Password:** r3tr0gradE99!!
34→- **Role:** Firewall, Tailscale gateway
35→- **Tailscale IP:** 100.79.69.82 (pfsense-1)
36→
37→### OwnCloud VM (on Jupiter)
38→- **Host:** 172.16.3.22
39→- **Hostname:** cloud.acghosting.com
40→- **User:** root
41→- **Port:** 22
42→- **Password:** Paper123!@#-unifi!
43→- **OS:** Rocky Linux 9.6
44→- **Role:** OwnCloud file sync server
45→- **Services:** Apache, MariaDB, PHP-FPM, Redis, Datto RMM agents
46→- **Storage:** SMB mount from Jupiter (/mnt/user/OwnCloud)
47→- **Note:** Jupiter has SSH key auth configured
48→
49→### GuruRMM Build Server
50→- **Host:** 172.16.3.30
51→- **Hostname:** gururmm
52→- **User:** guru
53→- **Port:** 22
54→- **Password:** Gptf*77ttb123!@#-rmm
55→- **Sudo Password:** Gptf*77ttb123!@#-rmm
56→- **OS:** Ubuntu 22.04
57→- **Role:** GuruRMM dedicated server (API, DB, Dashboard, Downloads)
58→- **Services:** nginx, PostgreSQL, gururmm-server, gururmm-agent
59→- **Note:** WSL has SSH key auth configured; sudo requires heredoc for password with special chars
60→
61→---
62→
63→## Services - Web Applications
64→
65→### Gitea (Git Server)
66→- **URL:** https://git.azcomputerguru.com/
67→- **Internal:** http://172.16.3.20:3000
68→- **SSH:** ssh://git@172.16.3.20:2222
69→- **User:** mike@azcomputerguru.com
70→- **Password:** Window123!@#-git
71→- **API Token:** 9b1da4b79a38ef782268341d25a4b6880572063f
72→
73→### NPM (Nginx Proxy Manager)
74→- **Admin URL:** http://172.16.3.20:7818
75→- **HTTP Port:** 1880
76→- **HTTPS Port:** 18443
77→- **User:** mike@azcomputerguru.com
78→- **Password:** Paper123!@#-unifi
79→
80→### Cloudflare
81→- **API Token (Full DNS):** DRRGkHS33pxAUjQfRDzDeVPtt6wwUU6FwtXqOzNj
82→- **API Token (Legacy/Limited):** U1UTbBOWA4a69eWEBiqIbYh0etCGzrpTU4XaKp7w
83→- **Permissions:** Zone:Read, Zone:Edit, DNS:Read, DNS:Edit
84→- **Used for:** DNS management, WHM plugin, cf-dns CLI
85→- **Domain:** azcomputerguru.com
86→- **Notes:** New full-access token added 2025-12-19
87→
88→---
89→
90→## Projects - GuruRMM
91→
92→### Dashboard/API Login
93→- **Email:** admin@azcomputerguru.com
94→- **Password:** GuruRMM2025
95→- **Role:** admin
96→
97→### Database (PostgreSQL)
98→- **Host:** gururmm-db container (172.16.3.20)
99→- **Database:** gururmm
100→- **User:** gururmm
101→- **Password:** 43617ebf7eb242e814ca9988cc4df5ad
102→
103→### API Server
104→- **External URL:** https://rmm-api.azcomputerguru.com
105→- **Internal URL:** http://172.16.3.20:3001
106→- **JWT Secret:** ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE=
107→
108→### Microsoft Entra ID (SSO)
109→- **App Name:** GuruRMM Dashboard
110→- **App ID (Client ID):** 18a15f5d-7ab8-46f4-8566-d7b5436b84b6
111→- **Object ID:** 34c80aa8-385a-4bea-af85-f8bf67decc8f
112→- **Client Secret:** gOz8Q~J.oz7KnUIEpzmHOyJ6GEzYNecGRl-Pbc9w
113→- **Secret Expires:** 2026-12-21
114→- **Sign-in Audience:** Multi-tenant (any Azure AD org)
115→- **Redirect URIs:** https://rmm.azcomputerguru.com/auth/callback, http://localhost:5173/auth/callback
116→- **API Permissions:** openid, email, profile
117→- **Notes:** Created 2025-12-21 for GuruRMM SSO
118→
119→### CI/CD (Build Automation)
120→- **Webhook URL:** http://172.16.3.30/webhook/build
121→- **Webhook Secret:** gururmm-build-secret
122→- **Build Script:** /opt/gururmm/build-agents.sh
123→- **Build Log:** /var/log/gururmm-build.log
124→- **Gitea Webhook ID:** 1
125→- **Trigger:** Push to main branch
126→- **Builds:** Linux (x86_64) and Windows (x86_64) agents
127→- **Deploy Path:** /var/www/gururmm/downloads/
128→
129→### Build Server SSH Key (for Gitea)
130→- **Key Name:** gururmm-build-server
131→- **Public Key:**
132→```
133→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSqf2/phEXUK8vd5GhMIDTEGSk0LvYk92sRdNiRrjKi guru@gururmm-build
134→```
135→- **Added to:** Gitea (azcomputerguru account)
136→
137→### Clients & Sites
138→#### Glaztech Industries (GLAZ)
139→- **Client ID:** d857708c-5713-4ee5-a314-679f86d2f9f9
140→- **Site:** SLC - Salt Lake City
141→- **Site ID:** 290bd2ea-4af5-49c6-8863-c6d58c5a55de
142→- **Site Code:** DARK-GROVE-7839
143→- **API Key:** grmm_Qw64eawPBjnMdwN5UmDGWoPlqwvjM7lI
144→- **Created:** 2025-12-18
145→
146→---
147→
148→## Client Sites - WHM/cPanel
149→
150→### IX Server (ix.azcomputerguru.com)
151→- **SSH Host:** ix.azcomputerguru.com
152→- **Internal IP:** 172.16.3.10 (VPN required)
153→- **SSH User:** root
154→- **SSH Password:** Gptf*77ttb!@#!@#
155→- **SSH Key:** guru@wsl key added to authorized_keys
156→- **Role:** cPanel/WHM server hosting client sites
157→
158→### WebSvr (websvr.acghosting.com)
159→- **Host:** websvr.acghosting.com
160→- **SSH User:** root
161→- **SSH Password:** r3tr0gradE99#
162→- **API Token:** 8ZPYVM6R0RGOHII7EFF533MX6EQ17M7O
163→- **Access Level:** Full access
164→- **Role:** Legacy cPanel/WHM server (migration source to IX)
165→
166→### data.grabbanddurando.com
167→- **Server:** IX (ix.azcomputerguru.com)
168→- **cPanel Account:** grabblaw
169→- **Site Path:** /home/grabblaw/public_html/data_grabbanddurando
170→- **Site Admin User:** admin
171→- **Site Admin Password:** GND-Paper123!@#-datasite
172→- **Database:** grabblaw_gdapp_data
173→- **DB User:** grabblaw_gddata
174→- **DB Password:** GrabbData2025
175→- **Config File:** /home/grabblaw/public_html/data_grabbanddurando/connection.php
176→- **Backups:** /home/grabblaw/public_html/data_grabbanddurando/backups_mariadb_fix/
177→
178→### GoDaddy VPS (Legacy)
179→- **IP:** 208.109.235.224
180→- **Hostname:** 224.235.109.208.host.secureserver.net
181→- **Auth:** SSH key
182→- **Database:** grabblaw_gdapp
183→- **Note:** Old server, data migrated to IX
184→
185→---
186→
187→## Seafile (on Jupiter - Migrated 2025-12-27)
188→
189→### Container
190→- **Host:** Jupiter (172.16.3.20)
191→- **URL:** https://sync.azcomputerguru.com
192→- **Port:** 8082 (internal), proxied via NPM
193→- **Containers:** seafile, seafile-mysql, seafile-memcached, seafile-elasticsearch
194→- **Docker Compose:** /mnt/user0/SeaFile/DockerCompose/docker-compose.yml
195→- **Data Path:** /mnt/user0/SeaFile/seafile-data/
196→
197→### Seafile Admin
198→- **Email:** mike@azcomputerguru.com
199→- **Password:** r3tr0gradE99#
200→
201→### Database (MariaDB)
202→- **Container:** seafile-mysql
203→- **Image:** mariadb:10.6
204→- **Root Password:** db_dev
205→- **Seafile User:** seafile
206→- **Seafile Password:** 64f2db5e-6831-48ed-a243-d4066fe428f9
207→- **Databases:** ccnet_db (users), seafile_db (data), seahub_db (web)
208→
209→### Elasticsearch
210→- **Container:** seafile-elasticsearch
211→- **Image:** elasticsearch:7.17.26
212→- **Note:** Upgraded from 7.16.2 for kernel 6.12 compatibility
213→
214→### Microsoft Graph API (Email)
215→- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d
216→- **Client ID:** 15b0fafb-ab51-4cc9-adc7-f6334c805c22
217→- **Client Secret:** rRN8Q~FPfSL8O24iZthi_LVJTjGOCZG.DnxGHaSk
218→- **Sender Email:** noreply@azcomputerguru.com
219→- **Used for:** Seafile email notifications via Graph API
220→
221→### Migration Notes
222→- **Migrated from:** Saturn (172.16.3.21) on 2025-12-27
223→- **Saturn Status:** Seafile stopped, data intact for rollback (keep 1 week)
224→
225→---
226→
227→## NPM Proxy Hosts Reference
228→
229→| ID | Domain | Backend | SSL Cert |
230→|----|--------|---------|----------|
231→| 1 | emby.azcomputerguru.com | 172.16.2.99:8096 | npm-1 |
232→| 2 | git.azcomputerguru.com | 172.16.3.20:3000 | npm-2 |
233→| 4 | plexrequest.azcomputerguru.com | 172.16.3.31:5055 | npm-4 |
234→| 5 | rmm-api.azcomputerguru.com | 172.16.3.20:3001 | npm-6 |
235→| - | unifi.azcomputerguru.com | 172.16.3.28:8443 | npm-5 |
236→| 8 | sync.azcomputerguru.com | 172.16.3.20:8082 | npm-8 |
237→
238→---
239→
240→## Tailscale Network
241→
242→| Tailscale IP | Hostname | Owner | OS |
243→|--------------|----------|-------|-----|
244→| 100.79.69.82 (pfsense-1) | pfsense | mike@ | freebsd |
245→| 100.125.36.6 | acg-m-l5090 | mike@ | windows |
246→| 100.92.230.111 | acg-tech-01l | mike@ | windows |
247→| 100.96.135.117 | acg-tech-02l | mike@ | windows |
248→| 100.113.45.7 | acg-tech03l | howard@ | windows |
249→| 100.77.166.22 | desktop-hjfjtep | mike@ | windows |
250→| 100.101.145.100 | guru-legion9 | mike@ | windows |
251→| 100.119.194.51 | guru-surface8 | howard@ | windows |
252→| 100.66.103.110 | magus-desktop | rob@ | windows |
253→| 100.66.167.120 | magus-pc | rob@ | windows |
254→
255→---
256→
257→## SSH Public Keys
258→
259→### guru@wsl (Windows/WSL)
260→- **User:** guru
261→- **Sudo Password:** Window123!@#-wsl
262→- **SSH Key:**
263→```
264→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWY+SdqMHJP5JOe3qpWENQZhXJA4tzI2d7ZVNAwA/1u guru@wsl
265→```
266→
267→### azcomputerguru@local (Mac)
268→- **User:** azcomputerguru
269→- **SSH Key:**
270→```
271→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrGbr4EwvQ4P3ZtyZW3ZKkuDQOMbqyAQUul2+JE4K4S azcomputerguru@local
272→```
273→
274→---
275→
276→## Quick Reference Commands
277→
278→### NPM API Auth
279→```bash
280→curl -s -X POST http://172.16.3.20:7818/api/tokens \
281→ -H "Content-Type: application/json" \
282→ -d '{"identity":"mike@azcomputerguru.com","secret":"Paper123!@#-unifi"}'
283→```
284→
285→### Gitea API
286→```bash
287→curl -H "Authorization: token 9b1da4b79a38ef782268341d25a4b6880572063f" \
288→ https://git.azcomputerguru.com/api/v1/repos/search
289→```
290→
291→### GuruRMM Health Check
292→```bash
293→curl http://172.16.3.20:3001/health
294→```
295→
296→---
297→
298→## MSP Tools
299→
300→### Syncro (PSA/RMM) - AZ Computer Guru
301→- **API Key:** T259810e5c9917386b-52c2aeea7cdb5ff41c6685a73cebbeb3
302→- **Subdomain:** computerguru
303→- **API Base URL:** https://computerguru.syncromsp.com/api/v1
304→- **API Docs:** https://api-docs.syncromsp.com/
305→- **Account:** AZ Computer Guru MSP
306→- **Notes:** Added 2025-12-18
307→
308→### Autotask (PSA) - AZ Computer Guru
309→- **API Username:** dguyqap2nucge6r@azcomputerguru.com
310→- **API Password:** z*6G4fT#oM~8@9Hxy$2Y7K$ma
311→- **API Integration Code:** HYTYYZ6LA5HB5XK7IGNA7OAHQLH
312→- **Integration Name:** ClaudeAPI
313→- **API Zone:** webservices5.autotask.net
314→- **API Docs:** https://autotask.net/help/developerhelp/Content/APIs/REST/REST_API_Home.htm
315→- **Account:** AZ Computer Guru MSP
316→- **Notes:** Added 2025-12-18, new API user "Claude API"
317→
318→### CIPP (CyberDrain Improved Partner Portal)
319→- **URL:** https://cippcanvb.azurewebsites.net
320→- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d
321→- **API Client Name:** ClaudeCipp2 (working)
322→- **App ID (Client ID):** 420cb849-542d-4374-9cb2-3d8ae0e1835b
323→- **Client Secret:** MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT
324→- **Scope:** api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default
325→- **CIPP-SAM App ID:** 91b9102d-bafd-43f8-b17a-f99479149b07
326→- **IP Range:** 0.0.0.0/0 (all IPs allowed)
327→- **Auth Method:** OAuth 2.0 Client Credentials
328→- **Notes:** Updated 2025-12-23, working API client
329→
330→#### CIPP API Usage (Bash)
331→```bash
332→# Get token
333→ACCESS_TOKEN=$(curl -s -X POST "https://login.microsoftonline.com/ce61461e-81a0-4c84-bb4a-7b354a9a356d/oauth2/v2.0/token" \
334→ -d "client_id=420cb849-542d-4374-9cb2-3d8ae0e1835b" \
335→ -d "client_secret=MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT" \
336→ -d "scope=api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default" \
337→ -d "grant_type=client_credentials" | python3 -c "import sys, json; print(json.load(sys.stdin).get('access_token', ''))")
338→
339→# Query endpoints (use tenant domain or tenant ID as TenantFilter)
340→curl -s "https://cippcanvb.azurewebsites.net/api/ListLicenses?TenantFilter=sonorangreenllc.com" \
341→ -H "Authorization: Bearer ${ACCESS_TOKEN}"
342→
343→# Other useful endpoints:
344→# ListTenants?AllTenants=true - List all managed tenants
345→# ListUsers?TenantFilter={tenant} - List users
346→# ListMailboxRules?TenantFilter={tenant} - Check mailbox rules
347→# BECCheck?TenantFilter={tenant}&UserID={userid} - BEC investigation
348→```
349→
350→#### Old API Client (403 errors - do not use)
351→- **App ID:** d545a836-7118-44f6-8852-d9dd64fb7bb9
352→- **Status:** Authenticated but all endpoints returned 403
353→
354→---
355→
356→## Client - MVAN Inc
357→
358→### Microsoft 365 Tenant 1
359→- **Tenant:** mvan.onmicrosoft.com
360→- **Admin User:** sysadmin@mvaninc.com
361→- **Password:** r3tr0gradE99#
362→- **Notes:** Global admin, project to merge/trust with T2
363→
364→---
365→
366→## Client - BG Builders LLC
367→
368→### Microsoft 365 Tenant
369→- **Tenant:** bgbuildersllc.com
370→- **CIPP Name:** sonorangreenllc.com
371→- **Tenant ID:** ededa4fb-f6eb-4398-851d-5eb3e11fab27
372→- **Admin User:** sysadmin@bgbuildersllc.com
373→- **Password:** Window123!@#-bgb
374→- **Notes:** Added 2025-12-19
375→
376→### Security Investigation (2025-12-22)
377→- **Compromised User:** Shelly@bgbuildersllc.com (Shelly Dooley)
378→- **Symptoms:** Suspicious sent items reported by user
379→- **Findings:**
380→ - Gmail OAuth app with EAS.AccessAsUser.All (REMOVED)
381→ - "P2P Server" app registration backdoor (DELETED by admin)
382→ - No malicious mailbox rules or forwarding
383→ - Sign-in logs unavailable (no Entra P1 license)
384→- **Remediation:**
385→ - Password reset: `5ecwyHv6&dP7` (must change on login)
386→ - All sessions revoked
387→ - Gmail OAuth consent removed
388→ - P2P Server backdoor deleted
389→- **Status:** RESOLVED
390→
391→---
392→
393→## Client - Dataforth
394→
395→### Network
396→- **Subnet:** 192.168.0.0/24
397→- **Domain:** INTRANET (intranet.dataforth.com)
398→
399→### UDM (Unifi Dream Machine)
400→- **IP:** 192.168.0.254
401→- **SSH User:** root
402→- **SSH Password:** Paper123!@#-unifi
403→- **Web User:** azcomputerguru
404→- **Web Password:** Paper123!@#-unifi
405→- **2FA:** Push notification enabled
406→- **Notes:** Gateway/firewall, OpenVPN server
407→
408→### AD1 (Domain Controller)
409→- **IP:** 192.168.0.27
410→- **Hostname:** AD1.intranet.dataforth.com
411→- **User:** INTRANET\sysadmin
412→- **Password:** Paper123!@#
413→- **Role:** Primary DC, NPS/RADIUS server
414→- **NPS Ports:** 1812/1813 (auth/accounting)
415→
416→### AD2 (Domain Controller)
417→- **IP:** 192.168.0.6
418→- **Hostname:** AD2.intranet.dataforth.com
419→- **User:** INTRANET\sysadmin
420→- **Password:** Paper123!@#
421→- **Role:** Secondary DC, file server
422→
423→### NPS RADIUS Configuration
424→- **Client Name:** unifi
425→- **Client IP:** 192.168.0.254
426→- **Shared Secret:** Gptf*77ttb!@#!@#
427→- **Policy:** "Unifi" - allows Domain Users
428→
429→### D2TESTNAS (SMB1 Proxy)
430→- **IP:** 192.168.0.9
431→- **Web/SSH User:** admin
432→- **Web/SSH Password:** Paper123!@#-nas
433→- **Role:** DOS machine SMB1 proxy
434→- **Notes:** Added 2025-12-14
435→
436→---
437→
438→## Client - Valley Wide Plastering
439→
440→### Network
441→- **Subnet:** 172.16.9.0/24
442→
443→### UDM (UniFi Dream Machine)
444→- **IP:** 172.16.9.1
445→- **SSH User:** root
446→- **SSH Password:** Gptf*77ttb123!@#-vwp
447→- **Notes:** Gateway/firewall, VPN server, RADIUS client
448→
449→### VWP-DC1 (Domain Controller)
450→- **IP:** 172.16.9.2
451→- **Hostname:** VWP-DC1
452→- **User:** sysadmin
453→- **Password:** r3tr0gradE99#
454→- **Role:** Primary DC, NPS/RADIUS server
455→- **Notes:** Added 2025-12-22
456→
457→### NPS RADIUS Configuration
458→- **RADIUS Server:** 172.16.9.2
459→- **RADIUS Ports:** 1812 (auth), 1813 (accounting)
460→- **Clients:** UDM (172.16.9.1), VWP-Subnet (172.16.9.0/24)
461→- **Shared Secret:** Gptf*77ttb123!@#-radius
462→- **Policy:** "VPN-Access" - allows all authenticated users (24/7)
463→- **Auth Methods:** All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP)
464→- **User Dial-in:** All VWP_Users set to Allow
465→- **AuthAttributeRequired:** Disabled on clients
466→- **Tested:** 2025-12-22, user cguerrero authenticated successfully
467→
468→### Dataforth - Entra App Registration (Claude-Code-M365)
469→- **Tenant ID:** 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584
470→- **App ID (Client ID):** 7a8c0b2e-57fb-4d79-9b5a-4b88d21b1f29
471→- **Client Secret:** tXo8Q~ZNG9zoBpbK9HwJTkzx.YEigZ9AynoSrca3
472→- **Permissions:** Calendars.ReadWrite, Contacts.ReadWrite, User.ReadWrite.All, Mail.ReadWrite, Directory.ReadWrite.All, Group.ReadWrite.All
473→- **Created:** 2025-12-22
474→- **Use:** Silent Graph API access to Dataforth tenant
475→
476→---
477→
478→## Client - CW Concrete LLC
479→
480→### Microsoft 365 Tenant
481→- **Tenant:** cwconcretellc.com
482→- **CIPP Name:** cwconcretellc.com
483→- **Tenant ID:** dfee2224-93cd-4291-9b09-6c6ce9bb8711
484→- **Default Domain:** NETORGFT11452752.onmicrosoft.com
485→- **Notes:** De-federated from GoDaddy 2025-12, domain needs re-verification
486→
487→### Security Investigation (2025-12-22)
488→- **Findings:**
489→ - Graph Command Line Tools OAuth consent with high privileges (REMOVED)
490→ - "test" backdoor app registration with multi-tenant access (DELETED)
491→ - Apple Internet Accounts OAuth (left - likely iOS device)
492→ - No malicious mailbox rules or forwarding
493→- **Remediation:**
494→ - All sessions revoked for all 4 users
495→ - Backdoor apps removed
496→- **Status:** RESOLVED
497→
498→---
499→
500→## Client - Khalsa
501→
502→### Network
503→- **Subnet:** 172.16.50.0/24
504→
505→### UCG (UniFi Cloud Gateway)
506→- **IP:** 172.16.50.1
507→- **SSH User:** azcomputerguru
508→- **SSH Password:** Paper123!@#-camden (reset 2025-12-22)
509→- **Notes:** Gateway/firewall, VPN server, SSH key added but not working
510→
511→### Switch
512→- **User:** 8WfY8
513→- **Password:** tI3evTNBZMlnngtBc
514→
515→### Accountant Machine
516→- **IP:** 172.16.50.168
517→- **User:** accountant
518→- **Password:** Paper123!@#-accountant
519→- **Notes:** Added 2025-12-22, VPN routing issue
520→
521→---
522→
523→## Client - Scileppi Law Firm
524→
525→### DS214se (Source NAS - being migrated)
526→- **IP:** 172.16.1.54
527→- **SSH User:** admin
528→- **Password:** Th1nk3r^99
529→- **Storage:** 1.8TB (1.6TB used)
530→- **Data:** User home folders (admin, Andrew Ross, Chris Scileppi, Samantha Nunez, etc.)
531→
532→### Unraid (Source - Migration)
533→- **IP:** 172.16.1.21
534→- **SSH User:** root
535→- **Password:** Th1nk3r^99
536→- **Role:** Data source for migration to RS2212+
537→
538→### RS2212+ (Destination NAS)
539→- **IP:** 172.16.1.59
540→- **Hostname:** SL-SERVER
541→- **SSH User:** sysadmin
542→- **Password:** Gptf*77ttb123!@#-sl-server
543→- **SSH Key:** claude-code@localadmin added to authorized_keys
544→- **Storage:** 25TB available
545→- **Notes:** User home service enabled, migration in progress 2025-12-23
546→
547→### Migration Status
548→- **Started:** 2025-12-23
549→- **Method:** rsync over SSH (RS2212+ pulling from DS214se)
550→- **Command:** `rsync -avz --progress -e 'ssh -i ~/.ssh/id_ed25519' admin@172.16.1.54:/volume1/homes/ /volume1/homes/`
551→- **Estimated time:** 10-20 hours for 1.6TB
552→
<system-reminder>
Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.
</system-reminder>
Reference in New Issue View Git Blame Copy Permalink