RamadhanAmizudin

#!/usr/bin/env python3
#
#    Malaysian's Identification Number Generation Tool.
#    Copyright (C) 2022
#
#    MIT License
#
import argparse
from datetime import date, timedelta

RamadhanAmizudin

void main() {
  final whiteListURL = [
    "vxcert.moh.gov.my",
    "action.openattestation.com",
    "www.verify.gov.sg"
  ];
  final u = Uri.parse("http://127.1.1.1:127.2.2.2:80/");
  if(whiteListURL.contains(u.host)) {
   print("ada"); 
  } else {

RamadhanAmizudin

function getBase64FromImageUrl(url) {
    var img = new Image();
    img.crossOrigin = "anonymous";
    img.onload = function() {
        var canvas = document.createElement("canvas");
        canvas.width = this.width;
        canvas.height = this.height;
        var ctx = canvas.getContext("2d");
        ctx.drawImage(this, 0, 0);
        var dataURL = canvas.toDataURL("image/png");

RamadhanAmizudin

<?php

$d = Decode("ezL2hGG2gbMjQmEsJpQzZoTic2AveaVvfKQiPnwhfR==");
print($d . "\n");
$e = Encode($d);
print($e . "\n");

function Decode($str)
{
    $str = str_split($str);

RamadhanAmizudin

# Blogpost: https://blog.rz.my/2020/12/decrypting-monaca-encrypt-plugin.html
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives import padding
from cryptography.hazmat.backends import default_backend
from base64 import b64decode, b64encode
import argparse

def encrypt(key, iv, data):
    cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
    encryptor = cipher.encryptor()

RamadhanAmizudin

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'
require 'net/ssh'

class Metasploit3 < Msf::Exploit::Remote
	Rank = NormalRanking

RamadhanAmizudin

// Blogpost: http://blog.rz.my/2017/11/decrypting-cordova-crypt-file-plugin.html

var fs      =   require("fs"),
    path    =   require("path"),
    crypto  =   require("crypto");

var config = {
    key : 'CRYPT_KEY',
    iv  : 'CRYPT_IV'
}

RamadhanAmizudin

kalau tengok commit joomla 3.6.4, akan prasan ada method yang dibuang => https://github.com/joomla/joomla-cms/commit/2983d196840a7da2abf62c00ac2f3ee4864179b4

https://github.com/joomla/joomla-cms/blob/3.6.3/components/com_users/controllers/user.php#L293 Function Register yang dibuang dalam joomla 6.3.4
https://github.com/joomla/joomla-cms/blob/3.6.3/components/com_users/controllers/user.php#L346 basically semua dari post data dihantar ke user $model->regiser
https://github.com/joomla/joomla-cms/blob/3.6.3/components/com_users/models/registration.php#L381 $model->register method
https://github.com/joomla/joomla-cms/blob/3.6.3/components/com_users/models/registration.php#L390-L393 reassign variable $temp(which is data dari user.php#L346) ke $data[$key] = $value
https://github.com/joomla/joomla-cms/blob/3.6.3/components/com_users/models/registration.php#L409 dia bind semua $data ke $user object
https://github.com/joomla/joomla-cms/blob/3.6.3/libraries/joomla/user/user.php#L595 $user->bind() method
https://github

RamadhanAmizudin

unbindall
bind "0" "slot10"
bind "1" "slot1"
bind "2" "slot2"
bind "3" "slot3"
bind "4" "slot4"
bind "5" "slot5"
bind "6" "slot6"
bind "9" "slot9"
bind "a" "+moveleft"

RamadhanAmizudin

// launch option 
//  -noforcemparms -noforcemaccel -noforcemspd -novid -high -freq 120  -tickrate 128
// Common Stuff's

// Common Stuff's

rate "128000"
cl_cmdrate "128"
cl_updaterate "128"
cl_interp "0.0"