Marshall Hallenbeck Marshall-Hallenbeck

## gist:6b03af2ff023c6b6227c48bd3d866dba
caller_name = inspect.stack()[1].function
file_name = inspect.stack()[1].filename
line_number = inspect.stack()[1].lineno
self.logger.debug(f"Called from function: {caller_name} in file {file_name} at line {line_number}")

## StopEvaluationShutdown.ps1
# Create PS folder on C: drive
New-Item -ItemType Directory -Force -Path "C:\PS"
# Set TLS versions for download (it will error otherwise)
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
# Download PsTools
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/PSTools.zip" -OutFile "C:\PS\PSTools.zip"
# Extract PsTools to the PS folder
Expand-Archive -Path "C:\PS\PSTools.zip" -DestinationPath "C:\PS"
# Auto Accept EULA, can also run psexec with -accepteula
#reg ADD HKCU\Software\Sysinternals\PSexec /v EulaAccepted /t REG_DWORD /d 1 /f

## config
[framework/core]
PROMPT=%whi[%T] %red(%L) %yel%J %grn%S%whi
TimestampOutput=true
ConsoleLogging=true
SessionLogging=true

[framework/features]

[framework/ui/console]

## capture_http_request.sh
#!/bin/bash
curl -m 0.1 -s -I localhost:1337 & nc -l -p 1337 > /tmp/http_request.txt && cat /tmp/http_request.txt

## install_sliver_service.sh
#!/bin/bash

FILE=/etc/systemd/system/sliver-server.service
if [ ! -f "$FILE" ];then
    sudo echo "[Unit]
Description=Sliver Server

[Service]
Type=simple
ExecStart=/usr/local/bin/sliver-server" > $FILE

## update_sliver.sh
#!/bin/bash

echo "Stopping sliver service (if it exists)"
sudo service sliver-server stop 2>/dev/null
echo "Removing old files (if they exist)"
[ ! -e file ] || rm sliver-client_linux.zip sliver-server_linux.zip
[ ! -e file ] || rm sliver-client sliver-server
echo "Downloading latest sliver linux releases"
wget -q "https://github.com/BishopFox/sliver/releases/latest/download/sliver-client_linux.zip"
wget -q "https://github.com/BishopFox/sliver/releases/latest/download/sliver-server_linux.zip"

## opentrade_0.2.0_domxss_disclosure_1-10-2020
[Vulnerability Description]
OpenTrade through version 0.2.0 has a Dom-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains Javascript.

[Application Description]
OpenTrade is an open source crypto currency exchange that can support over a dozen cryptocurrencies. Its live version can be found at https://trade.multicoins.org.

[Affected Versions]
The following commit introduced the vulnerability, but OpenTrade did not have a package.json with applicable versioning: https://github.com/3s3s/opentrade/commit/731459452c8e476cb30fcf84ef0d05d153aba0ed#diff-910e51c56f379da78d78892e221e692aR417
Officially version 0.2.0 of OpenTrade is the only "vulnerable" version, as it is the first committed version number in package.json
	caller_name = inspect.stack()[1].function
	file_name = inspect.stack()[1].filename
	line_number = inspect.stack()[1].lineno
	self.logger.debug(f"Called from function: {caller_name} in file {file_name} at line {line_number}")
	# Create PS folder on C: drive
	New-Item -ItemType Directory -Force -Path "C:\PS"
	# Set TLS versions for download (it will error otherwise)
	[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
	# Download PsTools
	Invoke-WebRequest -Uri "https://download.sysinternals.com/files/PSTools.zip" -OutFile "C:\PS\PSTools.zip"
	# Extract PsTools to the PS folder
	Expand-Archive -Path "C:\PS\PSTools.zip" -DestinationPath "C:\PS"
	# Auto Accept EULA, can also run psexec with -accepteula
	#reg ADD HKCU\Software\Sysinternals\PSexec /v EulaAccepted /t REG_DWORD /d 1 /f
	[framework/core]
	PROMPT=%whi[%T] %red(%L) %yel%J %grn%S%whi
	TimestampOutput=true
	ConsoleLogging=true
	SessionLogging=true

	[framework/features]

	[framework/ui/console]
	#!/bin/bash
	curl -m 0.1 -s -I localhost:1337 & nc -l -p 1337 > /tmp/http_request.txt && cat /tmp/http_request.txt
	#!/bin/bash

	FILE=/etc/systemd/system/sliver-server.service
	if [ ! -f "$FILE" ];then
	sudo echo "[Unit]
	Description=Sliver Server

	[Service]
	Type=simple
	ExecStart=/usr/local/bin/sliver-server" > $FILE
	#!/bin/bash

	echo "Stopping sliver service (if it exists)"
	sudo service sliver-server stop 2>/dev/null
	echo "Removing old files (if they exist)"
	[ ! -e file ] \|\| rm sliver-client_linux.zip sliver-server_linux.zip
	[ ! -e file ] \|\| rm sliver-client sliver-server
	echo "Downloading latest sliver linux releases"
	wget -q "https://github.com/BishopFox/sliver/releases/latest/download/sliver-client_linux.zip"
	wget -q "https://github.com/BishopFox/sliver/releases/latest/download/sliver-server_linux.zip"
	[Vulnerability Description]
	OpenTrade through version 0.2.0 has a Dom-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains Javascript.

	[Application Description]
	OpenTrade is an open source crypto currency exchange that can support over a dozen cryptocurrencies. Its live version can be found at https://trade.multicoins.org.

	[Affected Versions]
	The following commit introduced the vulnerability, but OpenTrade did not have a package.json with applicable versioning: https://github.com/3s3s/opentrade/commit/731459452c8e476cb30fcf84ef0d05d153aba0ed#diff-910e51c56f379da78d78892e221e692aR417
	Officially version 0.2.0 of OpenTrade is the only "vulnerable" version, as it is the first committed version number in package.json