{"uuid": "e39814ed-3970-4818-817d-c03bf88611dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9248", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/2688", "content": "Known Secret Found!\n\nDetecting Module: Generic_JWT\n\nSecret: 1234\nDetails: {'Issuer': 'Issuer', 'Username': 'BadSecrets', 'exp': 1593133483, 'iat': 1466903083, 'jwt_headers': {'alg': 'HS256'}}\n***********************  Blacklist3r.py  Bad secrets includes a fully functional CLI example (https://github.com/blacklanternsecurity/badsecrets/blob/dev/badsecrets/examples/blacklist3r.py) which replicates the functionality of blacklist3r (https://github.com/NotSoSecure/Blacklist3r) in python badsecrets/examples/blacklist3r.  python ./badsecrets/examples/blacklist3r.py --url http://vulnerablesite/vulnerablepage.aspx\npython ./badsecrets/examples/blacklist3r.py --viewstate /wEPDwUJODExMDE5NzY5ZGQMKS6jehX5HkJgXxrPh09vumNTKQ== --generator EDD8C9AE  Telerik_knownkey.py  Fully functional CLI example for identifying known Telerik Hash keys and Encryption (https://www.kitploit.com/search/label/Encryption) keys for Post-2017 versions (those patched for CVE-2017-9248), and brute-forcing version / generating exploitation (https://www.kitploit.com/search/label/Exploitation) DialogParameters values.  python ./badsecrets/examples/telerik_knownkey.py --url http://vulnerablesite/Telerik.Web.UI.DialogHandler.aspx  Optionally include ASP.NET MachineKeys with --machine-keys (Will SIGNIFICANTLY increase brute-forcing time)  Symfony_knownkey.py  Brute-force detection of Symfony known secret key when \"_fragment\" URLs are enabled, even when no example URL containing a hash can be located. Relevent Blog Post (https://www.ambionics.io/blog/symfony-secret-fragment).  python ./badsecrets/examples/symfony_knownkey.py --url https://localhost/  BBOT Module  One of the best ways to use Badsecrets, especially for the ASPNET_Viewstate and Jsf_viewstate modules is with the Badsecrets BBOT (https://github.com/blacklanternsecurity/bbot) module. This will allow you to easily check across thousands of systems in conjunction with subdomain enummeration.  bbot -f subdomain-enum -m badsecrets -t evil.corp", "creation_timestamp": "2023-07-07T13:30:58.000000Z"}