/i/ - invasions

skids n feds


New Reply
Sage
×
Subject
Message
Files Max 5 files1000MB total
Password
[New Reply]


✞
Psalm 94

aut/i/sm


f3029ca6f8775b7acbdd088d2cf6a50b4a8a3b8081c43b8db6d97601adedee2b.jpg
[Hide] (3.1KB, 128x128)
V2 Day of Insurgency
Alright we need to find a way to hack the jannies can someone look up the ports?
Replies: >>479 >>480 >>483
Welp the site runs Jschan its open source I might can find some holes 
>>478
Replies: >>480 >>483
They use cloudflare you cucks we need to bypass it

>>478
>>479
WildWestDomains lmfao
This is looking realistic
Replies: >>483
Response headers do not include the HTTP Strict-Transport-Security header

Not sure how this will come into play but here it is
Replies: >>483
https://94chan.org/examples/jsp/%

>>479
>>478
>>481
>>482
on('uncaughtException', console.error)
	.on('unhandledRejection', console.error);

const config = require(__dirname+'/lib/misc/config.js')
	, express = require('express')
	, path = require('path')
	, app = express()
	, server = require('http').createServer(app)
	, cookieParser = require('cookie-parser')
	, { port, cookieSecret, debugLogs, google, hcaptcha } = require(__dirname+'/configs/secrets.js')
	, Mongo = require(__dirname+'/db/db.js')
	, dynamicResponse = require(__dirname+'/lib/misc/dynamic.js')
	, commit = require(__dirname+'/lib/misc/commit.js')
	, { version } = require(__dirname+'/package.json')
	, formatSize = require(__dirname+'/lib/converter/formatsize.js')
	, CachePugTemplates = require('cache-pug-templates')
	, Permissions = require(__dirname+'/lib/permission/permissions.js');

(async () => {

	const env = process.env.NODE_ENV;
	const production = env === 'production';
	debugLogs && console.log('process.env.NODE_ENV =', env);

	// connect to mongodb
	debugLogs && console.log('CONNECTING TO MONGODB');
	await Mongo.connect();
	await Mongo.checkVersion();
	await config.load();

	// connect to redis
	debugLogs && console.log('CONNECTING TO REDIS');
	const redis = require(__dirname+'/lib/redis/redis.js');

	// load roles early
	const roleManager = require(__dirname+'/lib/permission/rolemanager.js');
	await roleManager.load();

	// disable useless express header
	app.disable('x-powered-by');
	//query strings
	app.set('query parser', 'simple');
	// parse forms
	app.use(express.urlencoded({extended: false}));
	// parse cookies
	app.use(cookieParser(cookieSecret));

	// session store
	const sessionMiddleware = require(__dirname+'/lib/middleware/permission/usesession.js');

	// connect socketio
	const Socketio = require(__dirname+'/lib/misc/socketio.js');
	debugLogs && console.log('STARTING WEBSOCKET');
	Socketio.connect(server, sessionMiddleware);

t is not inherently vulnerable, but it is important to ensure that the secrets and configurations used in the script (such as the port, cookieSecret, google, and hcaptcha variables imported from configs/secrets.js) 

Take that down fags
I'm pretty sure whoever made this chan fucked up with the post requests function we might be able to upload directly to the server itself
Replies: >>486
>>485
Like a file upload vuln?
This fucker used MangoDB lulz
TOOMANYKEKS
You can bypass the captcha
Just use a curl
Replies: >>490
Are you serious?
>>489
Oh fuck you're right AHAHBHAHAHAH
NO MORE CAPTCHA
Fuck
Jannies
TOO MANY FUCKING KEKES
ALRIGHT EVERYONE WE CRACKED THE SHITTY CAPTCHA STEP 1
IT FUCKING WORKS IT DOES TIME OUT THOUGH BUT THIS IS ONE MASSIVE LEAP NIGGERS

Using curl can literally break it but you can only do so many
Dangerously Based
500th post too
Alright let's call it a day we already found a hole let's all have a beer
I wish we can get our old thread unlocked these mods are so fucking lame
Replies: >>509 >>517
You all know what this means right? If someone wanted to raid us they can now because we literally showed them how to do it 

>>508 Same
Replies: >>510
>>509
Well its like......not my problem
How much drugs have you all done today what in the ever living fuck is happening today
>>508

I mean if it's to raid someone that isn't 94chan it'll be considered. The Jannie who locked the thread did so because it's what they thought was best at the time. You can always just do insurgency shit here
[New Reply]
28 replies | 1 file | 17 UIDs
Connecting...
Show Post Actions

Actions:

Captcha:

- news - rules - faq -
- irc - telegram -
jschan v.1.6.1