Google Cloud Platform, Mailgun, Shopify, and Slack API Tokens (Exclusive)

[whlx]

Here's a breakdown of the information we shared today for b1nd:

1. Google Cloud Platform API Key:
   • This key is used to access Google Cloud Platform services.
   • It appears in various files in the CakePHP test suite (ValidationTest.php).
2. Mailgun Private Key:
   • This key is used for authentication in the Mailgun API.
   • It is referenced in test files for PHPUnit tests (CacheIdTest.php).
3. Shopify Private App Access Token:
   • This token is used for authentication in Shopify private app API requests.
   • It appears in various files related to a development environment (test.js, module.srv.ts, seller-test.spec.ts).
4. Slack Webhook:
   • This URL is used to send messages to a specific Slack channel.
   • It is referenced in different files related to logging or deployment (SlackLogger.cs, deploy.sh, deploy.rb).

These keys and tokens are essential for authenticating and accessing various services and APIs, such as Google Cloud Platform, Mailgun, Shopify, and Slack. They should be kept secure and not exposed in public repositories or environments to prevent unauthorized access to sensitive data or services.



[+] Google Cloud Platfor API Key

| ./odwin/odwen_warehouse_invoicing--CG--899e0c01169b13251d02c8d04e8b780ce4985d56--CG--2095/lib/Cake/lib/Cake/Test/lib/Cake/Test/Case/lib/Cake/Test/Case/Utility/ValidationTest.php
| 1922: $this->assertFalse(Validation::uuid('550e8400-e29b11d4-a716-446655440000'));
|
| ./odwin/odwen_stock_audit--CG--e1f9e0cdaa727b65bc173a6bedb5901a328e219d--CG--2095/lib/Cake/lib/Cake/Test/lib/Cake/Test/Case/lib/Cake/Test/Case/Utility/ValidationTest.php
| 1922: $this->assertFalse(Validation::uuid('550e8400-e29b11d4-a716-446655440000'));
|
| ./odwin/odwen_master--CG--e5ce1c017bcf11e263b15b7ed7d69ffbde282fe9--CG--2095/lib/Cake/lib/Cake/Test/lib/Cake/Test/Case/lib/Cake/Test/Case/Utility/ValidationTest.php
| 1922: $this->assertFalse(Validation::uuid('550e8400-e29b11d4-a716-446655440000'));
|
| ./odwin/odwen_master--CG--da2a6b38c800cbb770f0a4099fb7cfc5876877d2--CG--2095/lib/Cake/lib/Cake/Test/lib/Cake/Test/Case/lib/Cake/Test/Case/Utility/ValidationTest.php
| 1922: $this->assertFalse(Validation::uuid('550e8400-e29b11d4-a716-446655440000'));

[+] Mailgun Private Key

| Use the command below to verify that private key is valid:
| $ curl --user 'api:key-PRIVATEKEYHERE' "https://api.mailgun.net/v3/domains"
| API Documentation: https://documentation.mailgun.com/en/latest/api_reference.html
|
| ./3_94_2_67-9000/Php1_globalscache--CG--6ebcba798b4a69cb6be210c63f530e29d37876c2--CG--912/tests/tests/PHPUnit/tests/PHPUnit/Integration/CacheIdTest.php
| 56: $this->assertEquals('key-f791852e88bb2a1f130f37b4a9e2c351', $result);
| 102: 'key-09c89807ba10937c5ced44af9d9d49e8-8bec4c3209c94166186190a26a2920cb',
|
| ./3_94_2_67-9000/Php1_profiles--CG--a0c0c03f3ca8e6b5f835f7c5771e49055733bd2f--CG--912/tests/tests/PHPUnit/tests/PHPUnit/Integration/CacheIdTest.php
| 56: $this->assertEquals('key-f791852e88bb2a1f130f37b4a9e2c351', $result);
| 102: 'key-09c89807ba10937c5ced44af9d9d49e8-8bec4c3209c94166186190a26a2920cb',

[+] Shopify Private App Access Token

| ./3_94_2_67-9000/hemsa-ms-seller_development--CG--1646633990914/test.js
| 7: password: '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',
|
| ./3_94_2_67-9000/hemsa-ms-seller_development--CG--1646633990914/src/src/services/module.srv.ts
| 25: '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',
|
| ./3_94_2_67-9000/hemsa-ms-seller_development--CG--1646633990914/test/test/specs/test/specs/seller-test/seller-test.spec.ts
| 24: password: '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',

[+] Slack Webhook
| If the command below returns 'missing_text_or_fallback_or_attachments', it means
| that the URL is valid, any other responses would mean that the URL is invalid.

| $ curl -s -X POST -H "Content-type: application/json" -d '{"text":""}' "SLACK_WEBOOK_URL_HERE"
|
| API Documentation: https://api.slack.com/messaging/webhooks
|
| ./86_236_114_171-9000/RCad.Base/vx/Work/Base/vx/Work/Base/Logs/SlackLogger.cs
| 46: this.WebHookUri = new Uri("https://hooks.slack.com/services/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");
|
| ./3_94_2_67-9000/mainapp_master--CG--1594238444935/deploy.sh
| 47:HOOK=https://hooks.slack.com/services/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
|
| ./3_94_2_67-9000/deployer_capistrano3-accounts--CG--00cf52758fb9a6407048e19031d93079ed3a9305--CG--1133/config/deploy.rb
| 64: webhook: 'https://hooks.slack.com/services/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'

Facebook, SendGrid, LinkedIn, AWS, and Slack API Tokens (Exclusive)

Hello, b1nd users. Here we provide data, it contains sensitive information such as secret keys for various services like Facebook, SendGrid, LinkedIn, AWS, and Slack API tokens. Here's a breakdown of the sensitive information we leaked: Facebook Secret Keys: Located in several settings files...

b1nd.net