create account

Lightshot, un fail de conception - Hacking Screenshot by peneinc

View this thread on: hive.blogpeakd.comecency.com
fr · @peneinc · (edited)
$0.33
Lightshot, un fail de conception - Hacking Screenshot
Hello les Chicas & Chicos !

J'ai récemment vu sur le net, plusieurs articles qui parle d'une erreur de conception de la part de Lightshot. Si vous ne connaissez pas, c'est tout simplement un soft de screenshot assez cool, qui permet d'upload automatiquement ces screens..

Le problème viens de la façon dont Lightshot génère les url.

 Exemple : 
https://prnt.sc/abcdef
https://prnt.sc/abcdeg
https://prnt.sc/abcdeh
https://prnt.sc/abcdei
https://prnt.sc/abcdej [...]

Tu a trouvé ? 

Les url sont totalement prévisible, et du coup il est très simple de créer un programme qui génère ces url, parser le html de la page, télécharger l'image et jouer a l’espion.. 

C'est donc ce que j'ai fait ! 

https://image.prntscr.com/image/ytwArfMrT6Gk9T1WbWSwOg.png
https://image.prntscr.com/image/DVaDYEtJTR2FBgVFoH4Ozw.png


Apres quelque heures de parsing : 

https://image.prntscr.com/image/8_fvsye8SN20RsdZcuvgjQ.png

Tout ça pour quoi ? Pour vous dire de ne pas upload n'importe quoi sur lightspot et sur n'importe quel site du genre..
J'ai même trouvé une carte de crédit... WARNING !

A bientôt ! :p

ps : je ne donnerais pas le programme que j'ai fait, pour évité a des petit malin de fouiller la ou il faut pas :p
ps2 : ne faite pas ça ! c'est pas très légal et vous pouvez avoir des soucis.

Edit 1 :
Source : https://korben.info/attention-a-ne-pas-uploader-de-trucs-sensibles-sur-prnt-sc-lightshot.html

Edit 2 : Je n'ai pas utiliser le programme d'un autre. Mon script est fait en NODEJS contre du python (senges sur github). Preuve a l'appuis : http://prntscr.com/jtbivg

Edit 3 : Voila le code source de mon script : https://github.com/lucaspojo/lightshot-crawler
👍  , , , , , , ,
properties (23)
authorpeneinc
permlinklightshot-un-fail-de-conception-hacking-screenshot
categoryfr
json_metadata{"tags":["fr","dev","hack","screenshot","nodejs"],"image":["https://image.prntscr.com/image/ytwArfMrT6Gk9T1WbWSwOg.png","https://image.prntscr.com/image/DVaDYEtJTR2FBgVFoH4Ozw.png","https://image.prntscr.com/image/8_fvsye8SN20RsdZcuvgjQ.png"],"links":["https://prnt.sc/abcdef","https://prnt.sc/abcdeg","https://prnt.sc/abcdeh","https://prnt.sc/abcdei","https://prnt.sc/abcdej","https://korben.info/attention-a-ne-pas-uploader-de-trucs-sensibles-sur-prnt-sc-lightshot.html","http://prntscr.com/jtbivg","https://github.com/lucaspojo/lightshot-crawler"],"app":"steemit/0.1","format":"markdown"}
created2018-06-09 19:35:15
last_update2018-06-10 17:12:03
depth0
children9
last_payout2018-06-16 19:35:15
cashout_time1969-12-31 23:59:59
total_payout_value0.261 HBD
curator_payout_value0.067 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,668
author_reputation392,683,459,651
root_title"Lightshot, un fail de conception - Hacking Screenshot"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id60,038,225
net_rshares124,002,527,321
author_curate_reward""
vote details (8)
@hatuvera ·
$0.10
Il aurait été sympa de citer la source, en l'occurence [Korben](https://korben.info/attention-a-ne-pas-uploader-de-trucs-sensibles-sur-prnt-sc-lightshot.html)
👍  , , , ,
properties (23)
authorhatuvera
permlinkre-peneinc-lightshot-un-fail-de-conception-hacking-screenshot-20180610t155712118z
categoryfr
json_metadata{"tags":["fr"],"community":"busy","app":"busy/2.4.0"}
created2018-06-10 15:57:12
last_update2018-06-10 15:57:12
depth1
children3
last_payout2018-06-17 15:57:12
cashout_time1969-12-31 23:59:59
total_payout_value0.096 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length158
author_reputation150,121,468,291
root_title"Lightshot, un fail de conception - Hacking Screenshot"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id60,159,496
net_rshares36,791,682,474
author_curate_reward""
vote details (5)
@ijatz · 
Merci pour la précision, @hatuvera, et enchanté de faire ta connaissance ! Lucas s'était abstenu de le faire car l'essentiel de son article se nourrit d'un script qu'il a créé (il ne s'est pas servi du code proposé sur GitHub), ce qui, en sus de la rédaction elle-meme, place cette publication dans la catégorie des productions originales. Mais je t'accorde que mentionner Korben, Naïm Gallouj et/ou Charles Senges est aussi nécessaire :-) La bonne journée á toi !
properties (22)
authorijatz
permlinkre-hatuvera-re-peneinc-lightshot-un-fail-de-conception-hacking-screenshot-20180610t171130048z
categoryfr
json_metadata{"tags":["fr"],"community":"busy","app":"busy/2.4.0"}
created2018-06-10 17:11:30
last_update2018-06-10 17:11:30
depth2
children0
last_payout2018-06-17 17:11:30
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length465
author_reputation25,821,669,828,018
root_title"Lightshot, un fail de conception - Hacking Screenshot"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id60,168,808
net_rshares0
@peneinc · 
Voila, article modifié.
👍  
properties (23)
authorpeneinc
permlinkre-hatuvera-re-peneinc-lightshot-un-fail-de-conception-hacking-screenshot-20180610t164421930z
categoryfr
json_metadata{"tags":["fr"],"app":"steemit/0.1"}
created2018-06-10 16:44:21
last_update2018-06-10 16:44:21
depth2
children1
last_payout2018-06-17 16:44:21
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length23
author_reputation392,683,459,651
root_title"Lightshot, un fail de conception - Hacking Screenshot"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id60,165,510
net_rshares610,197,318
author_curate_reward""
vote details (1)
@hatuvera ·
$0.08
Parfait. C'est toujours plus fairplay de citer ses sources.
👍  , , , , ,
properties (23)
authorhatuvera
permlinkre-peneinc-re-hatuvera-re-peneinc-lightshot-un-fail-de-conception-hacking-screenshot-20180611t043527582z
categoryfr
json_metadata{"tags":["fr"],"community":"busy","app":"busy/2.4.0"}
created2018-06-11 04:35:27
last_update2018-06-11 04:35:27
depth3
children0
last_payout2018-06-18 04:35:27
cashout_time1969-12-31 23:59:59
total_payout_value0.080 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length59
author_reputation150,121,468,291
root_title"Lightshot, un fail de conception - Hacking Screenshot"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id60,238,853
net_rshares31,523,069,619
author_curate_reward""
vote details (6)
@ijatz · 
Intéressant, @peneinc ! Ca nous rappelle que la meilleure maniére de préserver la confidentialité de données sur Internet est... de ne pas les transmettre par Internet ;-) De la meme facon qu'en ce qui concerne les échanges monétaires, et contrairement á ce que prétendent les États, la sureté se trouve du coté de l'usage du bon vieux papier...

Ah, as-tu retravaillé le code du script fourni par Charles Senges ?
properties (22)
authorijatz
permlinkre-peneinc-lightshot-un-fail-de-conception-hacking-screenshot-20180610t165357009z
categoryfr
json_metadata{"tags":["fr"],"community":"busy","app":"busy/2.4.0"}
created2018-06-10 16:53:57
last_update2018-06-10 16:53:57
depth1
children0
last_payout2018-06-17 16:53:57
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length414
author_reputation25,821,669,828,018
root_title"Lightshot, un fail de conception - Hacking Screenshot"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id60,166,680
net_rshares0
@qurator-tier-0 · 
<div class="pull-left"><img src="![Qsmall.png](https://steemitimages.com/DQmcWoZUnPrRW1UdZeVPWhHpnXfkgWAdFHGxMrSgZoxSZw8/Qsmall.png)" /></div>
		
<center>You just received a Tier 0 upvote!  Looking for bigger rewards? Click [here](https://steemit.com/qurator/@qurator/qurator-tier-changes) and learn how to get them or visit us on [Discord](https://discord.gg/nhQehdv)</center><center><sup>If you would like to opt out of receiving comments reply with `STOP`</sup></center>
properties (22)
authorqurator-tier-0
permlinkre-lightshot-un-fail-de-conception-hacking-screenshot-20180609t200522z
categoryfr
json_metadata"{"app": "beem/0.19.37"}"
created2018-06-09 20:05:21
last_update2018-06-09 20:05:21
depth1
children0
last_payout2018-06-16 20:05:21
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length473
author_reputation59,310,010,441
root_title"Lightshot, un fail de conception - Hacking Screenshot"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id60,041,587
net_rshares0
@roxane · 
Euh... et tu as fait quoi de la carte de crédit ? LOL
properties (22)
authorroxane
permlinkre-peneinc-lightshot-un-fail-de-conception-hacking-screenshot-20180611t210421633z
categoryfr
json_metadata{"tags":["fr"],"app":"steemit/0.1"}
created2018-06-11 21:04:21
last_update2018-06-11 21:04:21
depth1
children2
last_payout2018-06-18 21:04:21
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length53
author_reputation158,657,914,198,763
root_title"Lightshot, un fail de conception - Hacking Screenshot"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id60,352,050
net_rshares0
@peneinc ·
$0.02
@roxane je me suis payer un pc a 9000$. Non elle était expiré depuis 2013.
👍  
properties (23)
authorpeneinc
permlinkre-roxane-re-peneinc-lightshot-un-fail-de-conception-hacking-screenshot-20180611t210816723z
categoryfr
json_metadata{"tags":["fr"],"users":["roxane"],"app":"steemit/0.1"}
created2018-06-11 21:08:15
last_update2018-06-11 21:08:15
depth2
children1
last_payout2018-06-18 21:08:15
cashout_time1969-12-31 23:59:59
total_payout_value0.018 HBD
curator_payout_value0.006 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length74
author_reputation392,683,459,651
root_title"Lightshot, un fail de conception - Hacking Screenshot"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id60,352,491
net_rshares10,459,249,560
author_curate_reward""
vote details (1)
@roxane · 
😆😆😆 😂😂😂 @peneinc <div class="pull-right"><sub><a href="https://steemit.com/@fast-reply">Sent with Fast-Reply</a></sub></div>
properties (22)
authorroxane
permlinkre-roxane-re-peneinc-lightshot-un-fail-de-conception-hacking-screenshot-20180611t210816723z-1528797703624
categoryfr
json_metadata{"app":"fast-reply","version":0.3}
created2018-06-12 10:03:15
last_update2018-06-12 10:03:15
depth3
children0
last_payout2018-06-19 10:03:15
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length124
author_reputation158,657,914,198,763
root_title"Lightshot, un fail de conception - Hacking Screenshot"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id60,424,471
net_rshares0
Help/Feedback