jpginc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function getIgnoredChars(payload, insertionPoint) | |
| { | |
| var asciiMax = 65535; | |
| var ignoredChars = []; | |
| for(var i = 0; i < asciiMax; i++) { | |
| var test = String.fromCharCode(i); | |
| var urlStr = payload.slice(0, insertionPoint) + test + payload.slice(insertionPoint); | |
| try { | |
| var url = new URL(urlStr); | |
| if(url.protocol == "javascript:") { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System.Windows; | |
| using System.Windows.Controls; | |
| using System.Management.Automation; | |
| using System.Management.Automation.Runspaces; | |
| namespace powershell | |
| { | |
| public partial class Page1 : Page | |
| { |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 34.205.75.67 0bfa00e6f9e8460021636f6d6d616e64202869702d3137322d32302d3131.2d33352900.torrabot.enterprises | |
| 172.20.54.197 0bfa00e6f9e8460021636f6d6d616e64202869702d3137322d32302d3131.2d33352900.torrabot.enterprises | |
| 34.205.75.67 cfbd01e6f9e84655e6.torrabot.enterprises | |
| 172.20.54.197 cfbd01e6f9e84655e6.torrabot.enterprises | |
| 34.205.75.67 ac3b01e6f9e84655e6.torrabot.enterprises | |
| 172.20.54.197 ac3b01e6f9e84655e6.torrabot.enterprises | |
| 34.205.75.67 afe801e6f9e84655e6.torrabot.enterprises | |
| 172.20.54.197 afe801e6f9e84655e6.torrabot.enterprises | |
| 34.205.75.67 697a01e6f9e84655e6.torrabot.enterprises | |
| 172.20.54.197 697a01e6f9e84655e6.torrabot.enterprises |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FileRead, bin, properDecoded.txt | |
| StringMid, img, bin, 41416, 144842 - 41415 | |
| f := FileOpen("img2.jpeg", "w") | |
| f.write(img) | |
| f.close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FileRead, bin, properDecoded.txt | |
| StringMid, img, bin, 594, 41415 - 594 | |
| f := FileOpen("img.png", "w") | |
| f.write(img) | |
| f.close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| asciiHex := "" | |
| loop, Read, allDnsQuery.txt | |
| { | |
| IfInString, A_loopreadline, 34.205.75.67 | |
| continue ;there is an entry for the query and response, elminate one to remove duplicates | |
| query := StrSplit(A_LoopReadLine, " ")[2] ;get the query (remove the IP address) | |
| query := RegExReplace(query, "\.") ;remove the dot's as they aren't part of the ascii hex | |
| query := RegExReplace(query, "torrabotenterprises") ;not part of the ascii hex | |
| StringTrimLeft, query, query, 18 ; the first 18 characters appear to be nonsense | |
| if(query) ;if there is any data left |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| loop, Read, allDnsQuery.txt, decoded1.txt | |
| { | |
| FileAppend, % asciiHexToStr(A_LoopReadLine) "`n" | |
| } | |
| asciiHexToStr(str) | |
| { | |
| decoded := "", start := -1 | |
| while(start <= StrLen(str)) { | |
| decoded .= chr("0x" SubStr(str, (start := start + 2), 2)) | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| loop, Read, allDnsQuery.txt, interestingQueries.txt | |
| { | |
| IfInString, A_LoopReadLine, torrabot.enterprises, FileAppend, %A_LoopReadLine%`n | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Vis2> ; Equivalent to #include .\lib\Vis2.ahk | |
| loop, 10 | |
| { | |
| urlasdf := "http://70.37.63.30/Web/ThreeSeconds/image.php" | |
| WebRequest := ComObjCreate("WinHttp.WinHttpRequest.5.1") | |
| WebRequest.Open("GET", urlasdf) | |
| WebRequest.SetRequestHeader("Cookie", "PHPSESSID=g4p87ap7i1je6p807q9c5tlmgt; is_authorized=false") | |
| WebRequest.SetRequestHeader("Referer", "http://70.37.63.30/Web/ThreeSeconds/index.php") | |
| WebRequest.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| inc = 0 | |
| str = "adrgongera" | |
| setInterval(function() { | |
| checkPassword(string_nth_permutation(str, inc++)) | |
| }, 1) |
NewerOlder