demiguise icon indicating copy to clipboard operation
demiguise copied to clipboard

Published 20 hours ago verified publisher icon nccgroup

hello nccgroup

Open aymenem opened this issue 5 years ago • 1 comments

i was wondering where i can find "encryption-key"

i have created an HTA file with metasploit i'll get into the file and send u a text tell me where's the key

aymenem avatar Sep 07 '19 20:09 aymenem

huh? If you mean you're trying to find the encryption key in the payload, you may want to do something like changing that last line to echo the contents of var687 into a file, which should be a base64 encoded powershell scriptblock. From there, get the base64 string and de-code it. So, change the last line to something like:

PnyyR.run('%windir%\System32\cmd.exe /c echo'+ var687 + ' > C:\temp\outfile.txt' , 0);window.close(); </script %00 >

From there use whatever tool you want to decode the base64 string in outfile.txt

On Sat, Sep 7, 2019 at 3:21 PM aymenem [email protected] wrote:

i was wondering where i can find "encryption-key"

i have created an HTA file with metasploit i'll get into the file and send u a text tell me where's the key

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub , or mute the thread .

picheljitsu avatar Sep 09 '19 16:09 picheljitsu