dogeared

- clone https://spring.io/guides/gs/handling-form-submission/
- you can skip right to gs-handling-form-submission/complete, no need to follow the tutorial
- modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy)
- install tomcat9 + java 11 (i did it on ubuntu 20.04)
- deploy the war file
- update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT
- run PoC (ignore the URL it gives you for the webshell): python3 exp.py --url http://your.ip.here:8080/handling-form-submission-complete/greeting
- you should see the "tomcatwar.jsp" file now in webapps/handling-form-submission
- hit http://your.ip.here:8080/handling-form-submission/tomcatwar.jsp?pwd=j&cmd=id to see the results

dogeared

@EnableOAuth2Sso
@RestController
@SpringBootApplication
public class OAuth2DemoApplication_1_5 {

    @Value("#{ @environment['security.oauth2.resource.server'] }")
    private String resourceServerUrl;

    private OAuth2ProtectedResourceDetails resource;

dogeared

To Run:

OKTA_OAUTH2_ISSUER=https://{yourOktaDomain}/oauth2/default \
OKTA_OAUTH2_CLIENT-ID={clientId} \
OKTA_OAUTH2_CLIENT-SECRET={clientSecret} \
spring run idtoken.groovy

dogeared

@RestController
@RequestMapping("/api/v1")
public class SlackController {

    private static final Logger log = LoggerFactory.getLogger(SlackController.class);

    @RequestMapping(
            value = "/slack", method = RequestMethod.POST,
            consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE, produces = MediaType.APPLICATION_JSON_VALUE
    )

dogeared

// workaround for customize x-www-form-urlencoded
public abstract class AbstractFormSlackSlashCommand {

    // eww - breaks java code convetion, but doesn't require any additional configuration
    public void setTeam_id(String teamId) {
        setTeamId(teamId);
    }

    public void setTeam_domain(String teamDomain) {
        setTeamDomain(teamDomain);

dogeared

@RestController
@RequestMapping("/api/v1")
public class SlackController {

    private static final Logger log = LoggerFactory.getLogger(SlackController.class);

    @RequestMapping(
        value = "/slack", method = RequestMethod.POST,
        consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE, produces = MediaType.APPLICATION_JSON_VALUE
    )

dogeared

#! /bin/bash

# Based on https://www.unknowncheats.me/forum/php/98463-speedtest-real-fake-results-photoshop.html

## httpie (httpie.org - a modern curl replacement) and md5 are required

DOWN="999925"
UP="999794"
PING=1
SERVER=3729

dogeared

This builds off the excellent work of @lmarkus.

The scripts below can be used in conjunction with the Slack Emoji Tools Google Chrome extension to export emojis from
one Slack team and import into another team. 

Original work here: https://gist.github.com/lmarkus/8722f56baf8c47045621

dogeared

Keybase proof

I hereby claim:

• I am dogeared on github.
• I am afitnerd (https://keybase.io/afitnerd) on keybase.
• I have a public key whose fingerprint is F1F1 6F30 807A 1D37 66CF 5771 2BCE AE15 9FAC E6B4

To claim this, I am signing this object:

dogeared

<!doctype html>
<html>
<head>
    <title></title>
    <style>
        body {
            background: white;
            text-align: center;
            padding: 20px;
            font-family: Georgia, serif;