This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function getIgnoredChars(payload, insertionPoint) | |
{ | |
var asciiMax = 65535; | |
var ignoredChars = []; | |
for(var i = 0; i < asciiMax; i++) { | |
var test = String.fromCharCode(i); | |
var urlStr = payload.slice(0, insertionPoint) + test + payload.slice(insertionPoint); | |
try { | |
var url = new URL(urlStr); | |
if(url.protocol == "javascript:") { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System.Windows; | |
using System.Windows.Controls; | |
using System.Management.Automation; | |
using System.Management.Automation.Runspaces; | |
namespace powershell | |
{ | |
public partial class Page1 : Page | |
{ |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34.205.75.67 0bfa00e6f9e8460021636f6d6d616e64202869702d3137322d32302d3131.2d33352900.torrabot.enterprises | |
172.20.54.197 0bfa00e6f9e8460021636f6d6d616e64202869702d3137322d32302d3131.2d33352900.torrabot.enterprises | |
34.205.75.67 cfbd01e6f9e84655e6.torrabot.enterprises | |
172.20.54.197 cfbd01e6f9e84655e6.torrabot.enterprises | |
34.205.75.67 ac3b01e6f9e84655e6.torrabot.enterprises | |
172.20.54.197 ac3b01e6f9e84655e6.torrabot.enterprises | |
34.205.75.67 afe801e6f9e84655e6.torrabot.enterprises | |
172.20.54.197 afe801e6f9e84655e6.torrabot.enterprises | |
34.205.75.67 697a01e6f9e84655e6.torrabot.enterprises | |
172.20.54.197 697a01e6f9e84655e6.torrabot.enterprises |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FileRead, bin, properDecoded.txt | |
StringMid, img, bin, 41416, 144842 - 41415 | |
f := FileOpen("img2.jpeg", "w") | |
f.write(img) | |
f.close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FileRead, bin, properDecoded.txt | |
StringMid, img, bin, 594, 41415 - 594 | |
f := FileOpen("img.png", "w") | |
f.write(img) | |
f.close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
asciiHex := "" | |
loop, Read, allDnsQuery.txt | |
{ | |
IfInString, A_loopreadline, 34.205.75.67 | |
continue ;there is an entry for the query and response, elminate one to remove duplicates | |
query := StrSplit(A_LoopReadLine, " ")[2] ;get the query (remove the IP address) | |
query := RegExReplace(query, "\.") ;remove the dot's as they aren't part of the ascii hex | |
query := RegExReplace(query, "torrabotenterprises") ;not part of the ascii hex | |
StringTrimLeft, query, query, 18 ; the first 18 characters appear to be nonsense | |
if(query) ;if there is any data left |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
loop, Read, allDnsQuery.txt, decoded1.txt | |
{ | |
FileAppend, % asciiHexToStr(A_LoopReadLine) "`n" | |
} | |
asciiHexToStr(str) | |
{ | |
decoded := "", start := -1 | |
while(start <= StrLen(str)) { | |
decoded .= chr("0x" SubStr(str, (start := start + 2), 2)) | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
loop, Read, allDnsQuery.txt, interestingQueries.txt | |
{ | |
IfInString, A_LoopReadLine, torrabot.enterprises, FileAppend, %A_LoopReadLine%`n | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Vis2> ; Equivalent to #include .\lib\Vis2.ahk | |
loop, 10 | |
{ | |
urlasdf := "http://70.37.63.30/Web/ThreeSeconds/image.php" | |
WebRequest := ComObjCreate("WinHttp.WinHttpRequest.5.1") | |
WebRequest.Open("GET", urlasdf) | |
WebRequest.SetRequestHeader("Cookie", "PHPSESSID=g4p87ap7i1je6p807q9c5tlmgt; is_authorized=false") | |
WebRequest.SetRequestHeader("Referer", "http://70.37.63.30/Web/ThreeSeconds/index.php") | |
WebRequest.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
inc = 0 | |
str = "adrgongera" | |
setInterval(function() { | |
checkPassword(string_nth_permutation(str, inc++)) | |
}, 1) |
NewerOlder