Stage/bug-bounty-reports
4
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Added SSL verification bypass & port choice / Optimisation #4

Closed
Mateo wants to merge 0 commits from dev into script
pull from: dev
merge into: Stage:script
Conversation 1 Commits - Files Changed -
Mateo commented 2024-08-01 13:52:18 +00:00
Member
Copy Link

#2

#2
Mateo added 1 commit 2024-08-01 13:52:19 +00:00
Added SSL verification bypass & port choice fb4c53fe36
Mateo added 1 commit 2024-08-01 14:35:54 +00:00
Simplified Cesar rotation + Made a function for HTTP requests 7207b3dca1
Mateo added 1 commit 2024-08-02 07:02:20 +00:00
Asynchronous passwords parsing a757b08722
Mateo added 1 commit 2024-08-02 08:47:44 +00:00
Typo fixed e22dec88a5
Mateo added 1 commit 2024-08-02 08:57:39 +00:00
Simplified elapsed time calculating a1e1caff5d
papey requested changes 2024-08-02 09:24:12 +00:00
src/fr/motysten/usertwist/exploit/tools/Cesar.java Outdated
@@ -2,18 +2,17 @@ package fr.motysten.usertwist.exploit.tools;
public class Cesar {
public static final String LOWER_ALPHABET = "abcdefghijklmnopqrstuvwxyz";
papey commented 2024-08-02 09:23:33 +00:00
Member
Copy Link

For the Stream operations, here is what I have in mind

import java.util.stream.Collectors;

public class CaesarCipher {

    private static final int ALPHA_LEN = 26;

    public static String rotate(String input, int offset) {
        int normalizeKey = offset % ALPHA_LEN;

        return input.chars() // generates an intstream from the input string, this is an <IntStream>
                .mapToObj(c -> (char) c) // this int stream contains the numerical value of the char, so we convert here to have Stream<Char>
                .map(c -> {
                    // some logic here
                })
                // first option
                .map(String::valueOf)
                .collect(Collectors.joining());
                // other option
                .collect(StringBuilder::new, StringBuilder::append, StringBuilder::append)
                .toString();
    }
}

Do this hint unlock you ? If you need we can take some time to discuss streams in Java 21

For the Stream operations, here is what I have in mind ```java import java.util.stream.Collectors; public class CaesarCipher { private static final int ALPHA_LEN = 26; public static String rotate(String input, int offset) { int normalizeKey = offset % ALPHA_LEN; return input.chars() // generates an intstream from the input string, this is an <IntStream> .mapToObj(c -> (char) c) // this int stream contains the numerical value of the char, so we convert here to have Stream<Char> .map(c -> { // some logic here }) // first option .map(String::valueOf) .collect(Collectors.joining()); // other option .collect(StringBuilder::new, StringBuilder::append, StringBuilder::append) .toString(); } } ``` Do this hint unlock you ? If you need we can take some time to discuss streams in Java 21
Mateo marked this conversation as resolved
src/fr/motysten/usertwist/exploit/tools/Parser.java Outdated
@@ -0,0 +20,4 @@
for (int i = 0; i < usersArray.length(); i++) {
int finalI = i;
new Thread(() -> {
papey commented 2024-08-02 09:09:35 +00:00
Member
Copy Link

Suggestion 🤔

Since you are on Java 21, you could use virtual threads here, do you spot any differences in performance between threads and virtual threads ? Can you explain a bit the differences between the two ?

**Suggestion 🤔** Since you are on Java 21, you could use virtual threads here, do you spot any differences in performance between threads and virtual threads ? Can you explain a bit the differences between the two ?
Mateo commented 2024-08-06 08:08:21 +00:00
Author
Member
Copy Link

I'm sorry I can't get Virtual threads to work. They just won't start. And nothing happen with them. Here is what I tried :

Runnable r = () -> {
	JSONObject user = usersArray.getJSONObject(finalI);
	String login = user.getString("username");
	String password = Cesar.rotate(user.getString("data"), rotation);

	System.out.println((finalI + 1) + ". " + login + " => " + password);
};
Thread.ofVirtual().start(r);
I'm sorry I can't get Virtual threads to work. They just won't start. And nothing happen with them. Here is what I tried : ```java Runnable r = () -> { JSONObject user = usersArray.getJSONObject(finalI); String login = user.getString("username"); String password = Cesar.rotate(user.getString("data"), rotation); System.out.println((finalI + 1) + ". " + login + " => " + password); }; Thread.ofVirtual().start(r); ```
Mateo commented 2024-08-06 08:37:25 +00:00
Author
Member
Copy Link

Finally made it works (forgot Thread.join()).

The main difference between Threads and Virtual Threads is that the virtual ones are managed only by the JVM and don't need any call to the system kernel, which is more optimized. The also handle blocking operations more efficiently. When a virtual thread performs a blocking operation, it doesn't block the underlying OS thread. Instead, the runtime can efficiently manage the virtual threads, ensuring better CPU utilization.

As they are each not linked to a new OS thread, it is possible to create millions of virtual threads without significant performance degradation.

Feature Java Threads Java Virtual Threads
Mapping One-to-one with OS threads Many-to-one with OS threads
Resource Usage High (memory and CPU) Low (more lightweight)
Concurrency Limit Limited by OS thread availability Can scale to millions of threads
Blocking Operations Blocks OS thread Doesn't block OS thread
Creation Complexity Traditional API (Thread, Runnable) Simplified API (Project Loom)
Performance Dependent on OS thread management Improved efficiency and scalability
Finally made it works (forgot `Thread.join()`). The main difference between Threads and Virtual Threads is that the virtual ones are managed only by the JVM and don't need any call to the system kernel, which is more optimized. The also handle blocking operations more efficiently. When a virtual thread performs a blocking operation, it doesn't block the underlying OS thread. Instead, the runtime can efficiently manage the virtual threads, ensuring better CPU utilization. As they are each not linked to a new OS thread, it is possible to create millions of virtual threads without significant performance degradation. | Feature | Java Threads | Java Virtual Threads | |--------------------------|---------------------------------------|---------------------------------------| | **Mapping** | One-to-one with OS threads | Many-to-one with OS threads | | **Resource Usage** | High (memory and CPU) | Low (more lightweight) | | **Concurrency Limit** | Limited by OS thread availability | Can scale to millions of threads | | **Blocking Operations** | Blocks OS thread | Doesn't block OS thread | | **Creation Complexity** | Traditional API (`Thread`, `Runnable`)| Simplified API (Project Loom) | | **Performance** | Dependent on OS thread management | Improved efficiency and scalability |
Mateo marked this conversation as resolved
src/fr/motysten/usertwist/exploit/tools/Request.java Outdated
@@ -0,0 +15,4 @@
import java.util.Map;
public class Request {
papey commented 2024-08-02 09:04:16 +00:00
Member
Copy Link

Suggestion 🤔:

I think a better seperation of concerns can be applied here.

By using a constructor you could just build the client once (with or without SSL) and reuse it to make the get request.

**Suggestion 🤔:** I think a better seperation of concerns can be applied here. By using a constructor you could just build the client once (with or without SSL) and reuse it to make the get request.
Mateo marked this conversation as resolved
src/fr/motysten/usertwist/exploit/tools/Request.java Outdated
@@ -0,0 +19,4 @@
public static HttpResponse<String> get(String link, String port, String endpoint,JSONObject params, Map<String, String> headers, boolean insecure) throws NoSuchAlgorithmException, KeyManagementException, IOException, InterruptedException {
HttpClient client = HttpClient.newHttpClient();
if (insecure) {
papey commented 2024-08-02 09:05:53 +00:00
Member
Copy Link

Suggestion 🤔:

I think this is not needed since you use a builder pattern. If not secure, juste build without the SSL Context ?

**Suggestion 🤔:** I think this is not needed since you use a builder pattern. If not secure, juste build without the SSL Context ?
Mateo marked this conversation as resolved
src/fr/motysten/usertwist/exploit/tools/SSLBypass.java Outdated
@@ -0,0 +1,43 @@
package fr.motysten.usertwist.exploit.tools;
papey commented 2024-08-02 09:07:24 +00:00
Member
Copy Link

I think this can be removed

I think this can be removed
Mateo commented 2024-08-02 11:46:49 +00:00
Author
Member
Copy Link

Do you think it'll be better to juste create a new X509ExtendedTrustManager directly in the Request class ?

Do you think it'll be better to juste create a new X509ExtendedTrustManager directly in the Request class ?
Mateo marked this conversation as resolved
Mateo changed title from Added SSL verification bypass & port choice to Added SSL verification bypass & port choice / Optimisation 2024-08-02 09:38:33 +00:00
Mateo force-pushed dev from a1e1caff5d to 86495716e5 2024-08-02 12:51:16 +00:00 Compare
Mateo closed this pull request 2024-08-02 12:53:28 +00:00

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
papey
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Administrator Corwin Mateo papey
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Blocks
#2 Please make this works also if TLS is not activated on the webserver, and add a parameter for a custom port
Stage/bug-bounty-reports
Reference: Stage/bug-bounty-reports#4
No description provided.
Delete Branch "dev"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?