daily pastebin goal
24%
SHARE
TWEET

Untitled

a guest May 17th, 2018 100 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <html>
  2.  
  3.   <head>
  4.  
  5.     <script src="/rtl/jquery.js"></script>
  6.  
  7.     <script>
  8.  
  9.        $(function() {
  10.  
  11.            function print(txt) {
  12.  
  13.                $("#console").append(txt+"\n");
  14.  
  15.                window.scrollTo(0, document.body.scrollHeight);  
  16.  
  17.            };
  18.  
  19.            var host = "<?lsp=request:url():gsub("^http","ws")?>";
  20.  
  21.            var s;
  22.  
  23.            try { s = new WebSocket(host); } catch(e) {}
  24.  
  25.            if( ! s ) {
  26.  
  27.                print("WebSocket not supported");
  28.  
  29.                return;
  30.  
  31.            }
  32.  
  33.            s.onopen = function() {
  34.  
  35.                print("WebSocket connected. Waiting for response.");
  36.  
  37.            };
  38.  
  39.            s.onmessage = function (e) {
  40.  
  41.                if(e.data instanceof Blob) {
  42.  
  43.                    var f = new FileReader();
  44.  
  45.                    f.onload = function(e) { print(e.target.result) };
  46.  
  47.                    f.readAsText(e.data);                  
  48.  
  49.                }
  50.  
  51.                else {
  52.  
  53.                    print(e.data);
  54.  
  55.                }
  56.  
  57.            };
  58.  
  59.        });
  60.  
  61.     </script>
  62.  
  63.   </head>
  64.  
  65.   <body>
  66.  
  67.   <pre id="console"></pre>
  68.  
  69.   </body>
  70.  
  71. </html>
  72.  
  73. <?lsp
  74.  
  75. local url="http://btis.vn/mqtt.json"
  76.  
  77. local mqttT={} -- List of all MQTT clients
  78.  
  79. local ws -- WebSocket
  80.  
  81. local file -- file where we dump the output
  82.  
  83. local function onpub(info, msg) -- MQTT publish callback
  84.  
  85.    if file then
  86.  
  87.       file:write(info) file:write"\n" file:write(msg) file:write"\n"
  88.  
  89.    end
  90.  
  91.    local ok,err = ws:write(info, true)
  92.  
  93.    if not ws:write(info,true) or (#msg > 0 and not ws:write(msg)) then
  94.  
  95.       for _,mqtt in pairs(mqttT) do mqtt:disconnect() end
  96.  
  97.       if file then file:close() file=nil end
  98.  
  99.    end
  100.  
  101. end
  102.  
  103. local function startMQTT(ip, info) -- Create and connect one MQTT client
  104.  
  105.    ba.socket.event(function()
  106.  
  107.       local mqtt,err=require"mqttc".connect(ip, function(topic,msg)
  108.  
  109.          onpub(string.format("%s: %s: %s",info,ip,topic), msg) end)
  110.  
  111.       if mqtt then
  112.  
  113.          table.insert(mqttT, mqtt)
  114.  
  115.          mqtt:subscribe("#") -- Muahahaha
  116.  
  117.          mqtt:run()
  118.  
  119.       end
  120.  
  121.    end)
  122.  
  123. end
  124.  
  125. if request:header"Sec-WebSocket-Key" then -- If a WebSocket request
  126.  
  127.    ws = ba.socket.req2sock(request) -- Upgrade to a WebSocket connection
  128.  
  129.    if ws then
  130.  
  131.       -- Create an HTTP object and send an MQTT query to Shodan
  132.  
  133.       local http = require"httpm".create{shark=mako.sharkclient()}
  134.  
  135.       http:timeout(60*1000) -- Shodan can be slow
  136.  
  137.       local rsp,err = http:json(url)
  138.  
  139.       if true then -- If JSON response OK
  140.  
  141.          -- file = _G.io.open(string.format("/tmp/mqtt%d.txt",ba.rnd()),"w")
  142.  
  143.          ws:event(function() while ws:read() do end end, "s")
  144.  
  145.          -- for k,v in ipairs(rsp.matches) do
  146.  
  147.             startMQTT('test.mosquitto.org','com')
  148.  
  149.          -- end
  150.  
  151.          return -- OK
  152.  
  153.       end
  154.  
  155.       ws:write("response err: "..(err or "unknown"))
  156.  
  157.    end
  158.  
  159.    return -- Done
  160.  
  161. end
  162.  
  163. response:setheader("x-xss-protection","1; mode=block")
  164.  
  165. response:setheader("content-security-policy",
  166.  
  167. "default-src 'self'; connect-src http: https: ws: wss:; script-src 'self' 'unsafe-inline'")
  168.  
  169. response:setheader("x-frame-options","SAMEORIGIN")
  170.  
  171. response:setheader("x-content-type","nosniff")
  172.  
  173. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top