0xdade

Summary

Reverse proxy SSL connections and retain the originating IP address without terminating SSL at the mid-point. This makes use of the PROXY protocol.

Testing Configuration

This example setup uses nginx version: nginx/1.14.0 (Ubuntu) as it ships out of the box with ubuntu 18.04.4 LTS. It was last tested on 2020-02-12.

Example Configuration to log originating IP

DNS example.com points to 192.168.10.10 192.168.10.10 has nginx installed with this in /etc/nginx/nginx.conf OUTSIDE OF the http block

0xdade

#!/usr/bin/env python3
'''
Determine if this python is part of an executable or a standalone script and then delete the file accordingly.

If the script has been bundled into an executable using pyinstaller (such as pyinstaller --onefile <fname>.py) then the realpath of __file__ will be incorrect, thus the use of sys.executable.

Example of just relying on __file__:
$ pyinstaller --onefile test.py
[...]
$ ls dist/

0xdade

# First approach, just make a function manually for every tag
# Then feed them all back to the same core html_element function for rendering
import inspect
import sys

def html_element(*args, **kwargs):
    tag = inspect.stack()[1][3]
    attrs = [f"{kwarg}=\"{kwargs.get(kwarg)}\"" for kwarg in kwargs]
    children = "\n".join([f"{child}" for child in args])
    return f'<{tag}{" " if attrs else ""}{" ".join(attrs)}>{children}</{tag}>'

0xdade

User Experience:
    Workflow:
        (Optional) Click pre-authenticated upload url, if provided
        (Optional) Sign in, if required
        Drag and drop a file
        interface shows the file name (and maybe some additional metadata, not sure if we get any metadata at this point though)
        Set of checkboxes for the following (if they are not enforced to a specific value by the server operator):
            Save Encryption Key
            Burn After Reading
            Expiration Duration 

0xdade

# Built by Sephiroth on 2020-06-24 03:05:40.431464 (UTC)
# (aws) syncToken: 1592887752
# (aws) createDate: 2020-06-23-04-49-12
# (azure) changeNumber: 95
# (azure) cloud: Public
# (gcp) _cloud-netblocks count: 8
# (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671
# (asn) ASN Data collected from api.hackertarget.com

0xdade

name: Automatically limit
on: 
  schedule:
    - cron: "0 0 * * *"
jobs:
  limiter:
    runs-on: ubuntu-latest
    steps:
    - name: Remove existing limit
      run: |

0xdade

# A quick nginx config that does some shameless transparent proxying. 
# The sub_filter module is available on my ubuntu install out of the box, but may not always be available
# This demonstration of sub_filter is also extremely minimal. All requests that begin with `/` will load relatively anyways, this attempts to replace any fully qualified requests

server {
    listen 80;
    listen [::]:80;
    server_name exploit.party;
    return 301 https://$server_name$request_uri;
}

0xdade

Distributing the denial of secrets

Twitter made ddosecrets.com a forbidden place. I don't like being forbidden from going places or sharing links to said places.

It's dangerous to go alone, take these:

• Apache
• Nginx
• iptables

0xdade

# Built by Sephiroth on 2020-06-24 03:05:20.327355 (UTC)
# (aws) syncToken: 1592887752
# (aws) createDate: 2020-06-23-04-49-12
# (azure) changeNumber: 95
# (azure) cloud: Public
# (gcp) _cloud-netblocks count: 8
# (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671
# (asn) ASN Data collected from api.hackertarget.com

geo $block_ip {

0xdade

# Built by Sephiroth on 2020-06-24 03:04:16.607901 (UTC)
# (aws) syncToken: 1592887752
# (aws) createDate: 2020-06-23-04-49-12
# (azure) changeNumber: 95
# (azure) cloud: Public
# (gcp) _cloud-netblocks count: 8
# (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671
# (asn) ASN Data collected from api.hackertarget.com

*filter