akamajoris

#!/usr/bin/python
# -*- coding: utf-8 -*-

import hashlib

hash = 'tlJwpbo6' # for example

def sofia_hash(msg):
    h = ""
    m = hashlib.md5()

akamajoris

POC YApi RCE:

Reference:

• YMFE/yapi#2229

POC

Requests:

POST /api/user/reg HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0

akamajoris

package main

import (
	"bufio"
	"fmt"
	"log"
	"net"
	"os"
	"regexp"
	"sort"

akamajoris

package main

import (
	"encoding/hex"
	"fmt"
	"log"
	"os"

	"github.com/ethereum/go-ethereum/crypto/sha3"
)

akamajoris

curl -s "https://crt.sh/?q=%.ya.ru&output=json" | grep -Po 'name_value":"([^"]+)"' | awk -F':' '{ print $2 }' | sed 's/"//g' | sort -u

akamajoris

#!/bin/bash
BOTID='' #change me
MYID='108474952' #change me
echo "Run command: " $*
#start=`date +%s`
res1=$(date +%s.%N)
$*
res2=$(date +%s.%N)
dt=$(echo "$res2 - $res1" | bc)
dd=$(echo "$dt/86400" | bc)

akamajoris

0xaa7790cdd931c6c378259feac4b8734c2eb0215c

akamajoris

How to setup Let's Encrypt for Nginx on Ubuntu 16.04 (including IPv6, HTTP/2 and A+ SLL rating)

There are two main modes to run the Let's Encrypt client (called Certbot):

• Standalone: replaces the webserver to respond to ACME challenges
• Webroot: needs your webserver to serve challenges from a known folder.

Webroot is better because it doesn't need to replace Nginx (to bind to port 80).

In the following, we're setting up mydomain.com. HTML is served from /var/www/mydomain, and challenges are served from /var/www/letsencrypt.

akamajoris

package main

import "fmt"

func HeapPermutation(a []string, size int) {
	if size == 1 {
		fmt.Println(a)
	}

akamajoris

package main

import (
	"fmt"
	"github.com/gorilla/mux"
	"github.com/gorilla/securecookie"
	"net/http"
)

// cookie handling