Imagine that you already have some valid SSL certificate (e.g. from Lets Encrypt with auto-renew, check https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04) and want to use it for your Pritun’s web panel.

Just open main app.py file

Find next strings (lines number 146-149)

And replace them (or just comment with #) with

And that is all.

March 19th, 2016

Posted In: tricks

Leave a Comment

Today I want to reborn my blog and share a little and very simple (and new?) trick – how to get RCE on the client side via jsonp in IE (any verison). This technique looks like on “reflected file download” from last BlackHat.

JSONP – a json data with «padding» – some callback function that allows to interact with received data on the client side. It usually needed in situation when we have 2 domains and due SOP we can’t read response from domain B while sending request from domain A.
 A typical example:
What we know about JSONP threats?
  1. JSONP leaks
  2. XSS via JSON / JSONP callbacks
  3. Advanced vector: “rosetta flash”
  4. ?

(more…)

January 24th, 2015

Posted In: tricks

5 Comments